F.3.2 Internal control policies and procedures regarding the information systems (including secure access, change monitoring and management, operational
continuity and separation of functions) which support the company’s processes relating to the generation and publication of financial reports. .
The controls and procedures defined within the Internal Financial Reporting Control System support the relevant processes to ensure the proper
functioning of the information systems, such as secure access, monitoring of changes in the systems, operational continuity and separation of functions.
F.3.3 Internal control policies and procedures to supervise the management of outsourced activities and those aspects of evaluation, calculation or appraisal
entrusted to independent experts, which may materially affect the financial accounts.
Supervision of the management of activities outsourced to third parties, as well as any possibly relevant evaluation, calculation or valuation tasks
commissioned from independent experts are also covered by this control structure.
F.4 Information and communication
Report, indicating the main characteristics, whether it has at least:
F.4.1. A specific area responsible for defining and updating accounting policies (accounting policies area or department) and resolving queries or conflicts
arising from their interpretation, maintaining constant communication with those responsible for operations in the organisation, and an updated manual
of accounting policies communicated to the units through which the company operates.
The Company’s Organisation Department is responsible for unifying, analysing and publishing all the rules and procedures applicable within it especially
thosedealingwithoperating,administrative(includingaccounting),qualityandregulatorymatters.Itistheresponsibilityofeacharea(finance,operations,
purchasing, sales, etc.) to issue and maintain the rules relevant to their area and that form an integral part of the company’s internal controls. The Internal
Audit Department is responsible for reviewing the previously defined processes and procedures regularly, ensuring the control tasks they include work and
are correctly applied.
The Financial Department is responsible for defining and applying accounting criteria, checking that they are updated and approved. To that end, the
Company currently has a common Accounting Plan, a Manual of Accounting Rules and a Consolidation Manual, applicable to all the countries in which
the Group operates, which are updated at least on a yearly basis. This body of regulations reflects the International Financial Reporting Standards (IFRS
requirements, which are the accounting standards by which the Group is governed. The Group’s Financial Department is responsible for interpreting and
applying regulations relating to Financial Reporting.
Every six months the Financial Department updates and verifies possible new laws affecting the generation of financial reports.
F.4.2 Mechanisms to capture and prepare financial reports with standardised formats, applicable and for use in all units of the company or the Group, supported
by the main financial statements and notes, and the information provided on the SCIIF.
The Financial Department will consolidate the accounts every month. This process starts with the consolidated accounts being received from the various
Business Units each month. These are checked and approved to ensure they comply with the established principles of control and significant influence.
The last phase of this process includes verification of the standardisation adjustments affecting the income statement (monthly) and the balance sheet
(
quarterly).
This means all the Business Units share a documentation and consolidation system that is approved by the Financial Department, which reviews it once a
year.
It is important to stress that the Company has a single Accounts Plan for the entire Group, as well as sharedmanagement IT tools in all the Business Units.
F.5 Supervision of the functioning of the system
Report, indicating the main characteristics of at least:
F.5.1 The supervision of the SCIIF by the Audit Committee and whether the company has an internal auditing area whose competency includes supporting
the committee in supervising the internal control system, including the SCIIF. It will also report the scope of the evaluation of the SCIIF during the year
and the procedure by which the body in charge of the evaluation will report its results, if the company has an action plan which details possible corrective
measures, and if its impact on financial reporting has been considered.
Internal Control supervision is the responsibility of the Audit and Control Committee, which implements this through the Internal Audit Department. We
must specify that, within the Company organisational chart, the Internal Audit department reports to the General Secretary and attends the sessions of the
Audit and Control Committee when the latter considers it desirable
The Audit and Control Committee regularly carries out the following functions, as specified in the Board of Directors Regulations:
-
Supervision of internal control and risk management: Evaluates and supervises the effectiveness of internal control and risk management systems,
including those affecting the financial reporting reliability.
-
Supervision of regulated financial reports: Overseeing the process of drawing up and submitting mandatory financial reporting.
-
Supervision of audit activities
ANNUAL CORPORATE GOVERNANCE REPORT
45
