44
Outsourcing risks
Outsourcing risks arise as a result of the process of transferring part of the administration service to a third party, and are categorised as follows:
- Service Level Agreements.
- Availability
- Personnel Management
- Knowledge Management
- Legal
The risk identification and evaluation process is supervised by the Audit and Control Committee as part of its duties.
Risks relating to the Financial Reporting System are regularly determined and evaluated.
Whether the process covers all financial reporting assertions (existence and occurrence; completeness; evaluation; presentation, disclosure and
comparability; and rights and obligations), whether it is updated and how often.
In order to ensure the reliability of Financial Reporting, when identifying risks and controls, the accounting errors that may arise from the
following control objectives are always considered:
• Completeness: balances or transactions that should be recorded but are not.
• Transaction cut-off: those booked in a period other than when they were accrued.
• Accuracy: transactions recorded with errors (amounts, conditions).
• Occurrence/Existence: transactions that have taken place within the period.
• Valuation/Allocation: record of transactions involving incorrect sums due to inadequate valuation calculations.
• Presentation/Classification: classification errors in the various entries of the financial statements.
The existence of a process for identifying the consolidation perimeter, taking aspects such as the possible existence of complex company
structures, and instrumental entities or those with a specific purpose into account.
The Financial Department will consolidate the accounts every month.
This process starts with the consolidated accounts being received from the various Business Units each month. These are checked and approved
to ensure they comply with the established principles of control and significant influence.
The last phase of this process includes verification of the standardisation adjustments affecting the income statement (monthly) and the
balance sheet (quarterly)
This means all the Business Units share a documentation and consolidation system that is approved by the Financial Department, which reviews
it once a year. It is important to stress that the Company has a single Accounts Plan for the entire Group, as well as shared management IT tools
in all the Business Units.
Whether the process takes into account the effects of other types of risks (operational, technological, financial, legal, reputational, environmental,
etc.) insofar as these affect the financial accounts.
In designing the risk management process associated with generating Financial Reports, the Company has focused on the following objectives:
- Definition of the Financial Information Control System processes and subprocesses.
- Determination of the relevant risk categories and types for each of the different Internal Financial Information Control System processes
defined in the point above.
Corresponding subcategories have been defined for each of these risk categories. The Accounting, Reporting and Internal Control
subcategories are differentiated and defined within the section on the group’s operational risks.
- Definition and analysis of controls for each specific risk and establishment of their degree of effectiveness.
A risk matrix has been established for each of the subprocesses detailed above, in which the most relevant risks for each process are defined,
along with the operational controls and their effectiveness in mitigating the risks that affect them.
Which governing body of the company supervises the process.
The company’s Board of Directors is responsible for supervising this control structure. In order to carry out the aforementioned supervision
duties, the Board of Directors turns to the Audit and Control Committee, which performs this duty through the Internal Audit Department.
F.3 Control Activities.
Report, indicating the main characteristics, whether it has at least:
F.3.1 Procedures to review and authorise the financial report and description of the SCIIF, to be published on the securities market, indicating its
responsible bodies, and documentation describing the workflows and controls (including those regarding fraud risk) of the different types
of transactions which can have a tangible effect on the financial accounts, including the accounting close procedure and the specific review
of the relevant judgements, estimations, evaluations and projections
Every month, the Group’s Finance Department submits the management report to the Board of Directors for their consideration. This report
includes the most important financial and management information, the Profit and Loss account and the main financial indicators and ratios.
The Board of Directors reviews the intermediate financial statements every six months.
The Board of Directors periodically requests an analysis of specific issues, as well as the details of particular financial transactions which,
because of their importance, need to be studied in greater depth. The Chairman of the Audit and Control Committee periodically reviews this
financial reporting during its meetings, and when appropriate, requests the attendance of the external and/or internal auditors.
ANNUAL CORPORATE GOVERNANCE REPORT
