45
ANNUAL CORPORATE GOVERNANCE REPORT
• Regular training and refresher courses on, at least, accounting standards, audits, internal control and risk management for staff involved in
preparing and reviewing financial reports and evaluating the reporting system.
Through the Internal Audit Department, the following training activities in relation to the Financial Reporting and Control system have been
carried out:
Workshops for a total of 20 employees belonging to the retained function in Holland, Belgium and Germany on the aims and features of the
Financial Information Control System and the risk and control matrix. The aim is to inform about the most significant aspects in relation to the
Financial Information generation process, specifically: the Group’s operating processes that make up the Control System, bodies responsible
for maintaining the defined controls within each process, reporting improvements or changes, understanding the established supervision
system, etc., and confirming that each body responsible for controls understands both the controls and the type of evidence they need to
provide.
Training sessions with Corporate employees on the control of UDAs (User Developed Applications). The aim is to inform the owners of any
Excel files which are important for Financial Information regarding the policy applicable to such UDAs and the procedure for their custody and
control.
Training sessions on this subject for the people involved in the SCIIF of the Internal Audit Department. Alongside this, the Financial Department
occasionally attends training courses or conferences on updated accounting standards, consolidation standards and the specific financial
reporting applicable to the sector, which are considered especially relevant to its work.
F.2 Financial reporting risk assessment.
Report at least:
F.2.1 Which are the main characteristics of the risk identification process, including error and fraud, regarding:
• Whether the process exists and is documented.
The goal of the process of assessing financial risks is to establish and maintain an effective process for identifying, analysing and managing the
risks relevant to the preparation of financial statements.
At NH the risk management process consists of three levels of participation:
• The Board of Directors reviews the Audit and Control Committee’s supervision of risk management policies, processes, personnel and control
systems.
• The Internal Audit Department regularly reviews the corporate risk model.
• The Chief Officers or acting managers of each area, including the Chief Executive Officer or Managing Director and other professionals
directly involved in the risk management process within their area of responsibility.
The types of risk are classified as follows:
Technological risks
Technological risks relate to the management of information systems to ensure the completeness, availability and reliability of financial
information and avoid exposure of the company’s significant assets to potential loss, damage or misuse.
These risks relate to the following areas:
• Access security
• Availability
• Completeness
• Supervision of
Accounting Risks
These are risks which affect the reliability of financial information in terms of accounting records and breaches of accounting principles, and
refer to the following three categories of assertions:
•Types of transactions:
- Occurrence
- Integrity
- Exactness
- Cut-off
- Classification
•Accounts’ balance:
- Existence
- Rights and obligations
- Integrity
- Valuation and allocation
•Presentation and breakdown:
- Occurrence and rights and obligations
- Integrity
- Classification and clarity
- Accuracy and valuation