Consolidated Financial Statements and Consolidated Management ...
Consolidated Financial Statements and Consolidated Management ...
Consolidated Financial Statements and Consolidated Management ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
- to keep records of transactions recorded on media other than normal accounting records that are not entered into official books;<br />
- to record non-existent expenditure, income, assets or liabilities;<br />
- to make entries in accounting books, incorrectly indicating their object;<br />
- to use false documents;<br />
- to deliberately destroy documents before the end of the legally-required time limit for retaining them “.<br />
1.2.3. Defined complaints channel<br />
A procedure has been established for lodging complaints about breaches of the principles enshrined in the Code of Conduct, <strong>and</strong> this<br />
enables employees to provide confidential information about any non-compliance with the principles set out in the Code of Conduct.<br />
The procedure for reporting <strong>and</strong> dealing with possible non-compliance <strong>and</strong> reports relating to the Code of Conduct is administered by the<br />
manager of the Group’s Internal Audit Department, who acts independently, giving an account of the most significant incidents over the<br />
course the year to the Company’s Audit <strong>and</strong> Control Committee.<br />
Complaints should preferably be submitted electronically, using the channel expressly provided for this purpose on the NH Hoteles intranet<br />
(codeofconduct@nh-hotels.com). Complaints sent in this way will reach the manager of the Internal Audit Department, thereby guaranteeing<br />
their confidentiality. Complaints can also be sent by post, addressed to the Internal Audit Manager of NH Hoteles, S.A., at the following<br />
address: Santa Engracia 120, 28003 Madrid, Spain.<br />
The Manager of the Internal Audit Department is responsible for analysing the information provided, requesting the corresponding<br />
evidence <strong>and</strong> reports <strong>and</strong>, where relevant, presenting the files with all the information available to the Chairman of the Board of Directors of<br />
NH Hoteles, S.A. All relevant complaints are presented to the Chairman of the Audit <strong>and</strong> Control Committee.<br />
Since the new Code of Conduct came into force, no relevant complaint of any kind that could lead to any measures being taken has been<br />
received.<br />
1.2.4. Training <strong>and</strong> periodic skills-updating programmes on, at least, accounting st<strong>and</strong>ards, audit, internal control <strong>and</strong> risk management for<br />
staff involved in preparing <strong>and</strong> reviewing financial information <strong>and</strong> carrying out FICS evaluations.<br />
The Company has put in place two action channels relating to the Internal <strong>Financial</strong> Information Control System:<br />
- Initial training programmes on the objectives <strong>and</strong> characteristics of the Internal <strong>Financial</strong> Information Control System: these programmes<br />
are aimed at members of the financial information control structure, process managers <strong>and</strong> business unit managers.<br />
The objective is to report on the most relevant aspects of the financial information generation process, specifically, the Company’s operating<br />
systems, comprising the control system, the people responsible for overseeing the controls defined for each process, notification of<br />
improvements or modifications, underst<strong>and</strong>ing of the supervision system in place, etc. These training programmes were carried out at the<br />
start of the evaluation project <strong>and</strong> will take place once a year.<br />
- Continuity programmes: the objective of these programmes is to maintain the efficiency <strong>and</strong> efficacy of the control system through<br />
periodic training throughout the entire control structure. These programmes will be decided on a one-off basis according to the needs<br />
reported by the departments involved<br />
Meanwhile, the <strong>Financial</strong> Department, the staff of which are the most heavily involved in producing the <strong>Financial</strong> Information, have an<br />
annual training plan that is outsourced to external consultants, covering significant areas within their area of activity considered to be<br />
of particular relevance to them in carrying out their functions: accounting regulations, consolidation regulations <strong>and</strong> specific financial<br />
information applicable to the sector.<br />
2. Main characteristics of the risk identification process<br />
Risks relating to the <strong>Financial</strong> Information System are determined <strong>and</strong> evaluated within the general risk map produced by the Company, which is<br />
periodically reviewed <strong>and</strong> updated.<br />
The risks defined within the Company’s risk map are classified according to COSO criteria, including the following categories:<br />
- Strategic risks: those caused by the uncertainty associated with changes in the competitive, company or industry environment.<br />
- <strong>Financial</strong> risks: all risks caused by the uncertainty associated with fluctuations in interest rates, foreign exchange rates or difficulties <strong>and</strong> variations in<br />
the conditions for accessing financing.<br />
- Unforeseen risks: in general, these relate to damage to the company’s own assets <strong>and</strong> liabilities arising from damages caused to third parties <strong>and</strong><br />
damages caused by natural hazards.<br />
- Operational risks: these include risks associated with uncertainty in processes, operations <strong>and</strong> staff or due to inadequate internal systems.<br />
The Company currently has a risk management process in place, which is properly documented <strong>and</strong> contained on a company IT application.<br />
In designing the risk management process associated with generating <strong>Financial</strong> Information the Company has focused on the following objectives:<br />
- Definition of the <strong>Financial</strong> Information Control System processes <strong>and</strong> subprocesses.<br />
- Determination of the relevant risk categories <strong>and</strong> types for each of the different Internal <strong>Financial</strong> Information Control System processes defined in<br />
the point above.<br />
Corresponding subcategories have been defined for each of these risk categories.<br />
The Accounting, Reporting <strong>and</strong> Internal Control subcategories are differentiated <strong>and</strong> defined within the section on the group’s operational risks.<br />
- Definition <strong>and</strong> analysis of controls for each specific risk <strong>and</strong> establishment of their degree of effectiveness.<br />
A risk matrix has been established for each of the subprocesses detailed above, in which the most relevant risks for each process are defined, along<br />
with the operational controls <strong>and</strong> their effectiveness in mitigating the risks that affect them.<br />
ANNUAL CORPORATE GOVERNANCE REPORT 57