Download Complete PDF - Informe Anual 2012
Download Complete PDF - Informe Anual 2012
Download Complete PDF - Informe Anual 2012
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
1.2.4 Training and periodic skills-updating programmes on, at least, accounting standards, audit, internal control and risk management for staff<br />
involved in preparing and reviewing financial information and carrying out FICS evaluations.<br />
The Company has put in place two action channels relating to the Internal Financial Information Control System:<br />
- Initial training programmes on the objectives and characteristics of the financial information control system: these programmes are aimed<br />
at the individuals that make up the financial information control structure, process managers and business unit directors.<br />
The aim is to provide information about the most relevant matters related to the process of generating financial information, in particular<br />
on the operational processes of the company that make up the control system, the individuals responsible for maintaining the controls<br />
defined within each process, notifications regarding improvements or modifications, understanding the monitoring system in place, etc.<br />
These training programmes were carried out at the start of the assessment project and will be held once a year.<br />
- Continuity programmes: the aim of these programmes is to maintain the efficiency and efficacy of the control system through the periodic<br />
training of the whole control system implemented. They are programmes that will be defined on an ad hoc basis according to the needs<br />
of the areas involved.<br />
In parallel, the Finance Department, the personnel of which has the greatest involvement in preparing financial information, has a specific<br />
annual training plan delivered by external consultants that includes the chief areas of its activity: accounting rules, consolidation rules, specific<br />
financial information applicable to the sector and areas considered particularly important to its functions.<br />
2. Main characteristics of the risk identification process<br />
Risks relating to the Financial Information System are determined and evaluated within the general risk map produced by the Company, which is<br />
periodically reviewed and updated.<br />
The risks defined within the Company’s risk map are classified according to COSO criteria, including the following categories:<br />
- Strategic risks: those caused by the uncertainty associated with changes in the competitive, company or industry environment.<br />
- Financial risks: all risks caused by the uncertainty associated with fluctuations in interest rates, foreign exchange rates or difficulties and variations<br />
in the conditions for accessing financing.<br />
- Unforeseen risks: in general, these relate to damage to the company’s own assets and liabilities arising from damages caused to third parties and<br />
damages caused by natural hazards.<br />
- Operational risks: these include risks associated with uncertainty in processes, operations and staff or due to inadequate internal systems.<br />
The Company currently has a risk management process in place, which is properly documented and contained on a company IT application.<br />
In designing the risk management process associated with generating Financial Information the Company has focused on the following objectives:<br />
- Definition of the Financial Information Control System processes and subprocesses.<br />
- Determination of the relevant risk categories and types for each of the different Internal Financial Information Control System processes defined<br />
in the point above.<br />
Corresponding subcategories have been defined for each of these risk categories.<br />
The Accounting, Reporting and Internal Control subcategories are differentiated and defined within the section on the Group operational risks.<br />
- Definition and analysis of controls for each specific risk and establishment of their degree of effectiveness.<br />
A risk matrix has been established for each of the subprocesses detailed above, in which the most relevant risks for each process are defined, along<br />
with the operational controls and their effectiveness in mitigating the risks that affect them.<br />
- Determining and monitoring the scope of the internal financial information control system. Defining the scope involves establishing which business<br />
units within the Group are relevant and, therefore, if they should be covered by the financial information control system, along with identifying the<br />
operational and support processes that have to be analysed within each business unit. To determine the scope, quantitative and qualitative criteria<br />
for relevance have been taken into account.<br />
The determination and review of this scope, as previously described, are fully documented within the Financial Information Control System, and<br />
must be overseen by the Group Financial Department. It is approved annually by the Audit and Control Committee.<br />
The process thereby defined meets all the basic objectives of financial information: existence and occurrence; integrity; assessment; presentation,<br />
itemisation and comparability; rights and obligations.<br />
Aside from the previously-described process, the Financial Department carries out a monthly accounting consolidation process.<br />
This process starts with the consolidated accounts being received from the various Business Units each month. These are checked and approved to<br />
ensure they comply with the established principles of control, co-management and significant influence.<br />
The last phase of this process includes verification of the standardisation adjustments affecting the income statement (monthly) and the balance sheet<br />
(quarterly)<br />
This means all the Business Units share a documentation and consolidation system that is approved by the Financial Department, which reviews it<br />
once a year.<br />
It is important to stress that the Company has a single Accounts Plan for the entire Group, as well as shared management IT tools in all the Business<br />
Units.<br />
3. Main features of the Control Activities<br />
The internal financial information control system defined within the control structure of the group includes a detailed definition not only of the<br />
companies in the group to which it must be applied, but also of the map of the most significant processes within each of them. Among the most<br />
important processes are those relating to reporting, closing accounts, consolidation and judgements and estimates.<br />
60 ANNUAL CORPORATE GOVERNANCE REPORT