The Company currently has a risk management process in place, which is properly documented and contained on a company IT application.
Whether the process covers all the objectives of financial reporting (existence and occurrence; integrity; assessment; presentation, itemisation
and comparability; rights and obligations), whether it is updated and how often.
In order to ensure the reliability of the Financial Reporting, accounting errors that may arise from the following control objectives are always borne in
mind:
•
Completeness: balances or transactions that should be recorded but are not
•
Transaction cut-off: those booked in a period other than when they were accrued
•
Accuracy: transactions recorded with errors (amounts, conditions).
•
Occurrence/ Existence: transactions that have taken place within the period.
•
Valuation/Allocation: record of transactions involving incorrect sums due to inadequate valuation calculations.
•
Presentation/ Classification: classification errors in the various entries of the financial statements.
The existence of a process for identifying the consolidation perimeter, taking aspects such as the possible existence of complex company structures, and
instrumental entities or those with a specific purpose into account.
Defining the scope involves establishing which companies, countries and business units within the Group are relevant and, therefore, if they should be
covered by the financial reporting control system, along with identifying the operating and support processes that have to be analysed within each business
unit. To determine the scope, quantitative and qualitative criteria for relevance have been taken into account. The determination and review of this scope,
as previously described, are fully documented within the Financial Reporting Control System, andmust be overseen by the Group’s Financial Department.
It is approved annually by the Audit and Control Committee.
Whether the process takes into account the effects of other types of risks (operational, technological, financial, legal, reputational,
environmental, etc.) insofar as these affect the financial accounts.
In designing the risk management process associated with generating Financial Reports, the Company has focused on the following objectives:
-
Definition of the Financial Reporting Control System processes and subprocesses.
-
Determination of the relevant risk categories and types for each of the different Internal Financial Reporting Control System processes defined in the
point above.
Corresponding subcategories have been defined for each of these risk categories. The Accounting, Reporting and Internal Control subcategories are
differentiated and defined within the section on the group’s operational risks.
-
Definition and analysis of controls for each specific risk and establishment of their degree of effectiveness. A risk matrix has been established for
each of the subprocesses detailed above, in which the most relevant risks for each process are defined, along with the operational controls and their
effectiveness in mitigating the risks that affect them.
Which governing body of the company supervises the process.
The company’s Board of Directors is responsible for supervising this control structure. In order to carry out the aforementioned supervision duties, the
Board of Directors is supported by the Audit and Control Committee, through Internal Audit.
F.3 Control Activities
Informe, señalando sus principales características, si dispone al menos de:
F.3.1. Procedures to review and authorise the financial report and description of the SCIIF, to be published on the securities market, indicating its responsible
bodies, and documentation describing the workflows and controls (including those regarding fraud risk) of the different types of transactions which can
have a tangible effect on the financial accounts, including the accounting close procedure and the specific review of the relevant judgements, estimations,
evaluations and projections.
Every month, the Group’s Finance Department submits the management report to the Board of Directors for their consideration. This report includes the
most relevant financial and management information; the Profit and Loss Account and the main economic indicators and ratios. A statement of financial
position is also submitted quarterly.
The Board of Directors periodically requests an analysis of specific issues, as well as the details of particular financial transactions which, because of their
importance, need to be studied in greater depth.
The Chairman of the Audit and Control Committee periodically reviews this financial reporting during its meetings and, as required, requests the
attendance of either external and/ or internal auditors..
The internal Financial Reporting Control Systemdefined within the control structure of the group includes a detailed definition not only of the companies
in the group to which it must be applied, but also of the map of the most significant processes within each of them. Among the most important processes are
those relating to reporting, closing accounts, consolidation and judgements and estimates.
F.3.1 The controls and procedures defined within the Internal Financial Reporting Control System support the relevant processes to ensure the proper
functioning of the information systems, such as secure access, monitoring of changes in the systems, operational continuity and separation of functions.
ANNUAL CORPORATE GOVERNANCE REPORT
44
