The structure of the Abengoa Risk Management is based on three significant pillars:Los Sistemas Comunes de Gestión, que sirven para mitigar los riesgos del negocio
This is a live system that is subject to continuous modifications and improvements to keep in line with the reality of business.
There are also internal auditing services in charge of ensuring the compliance with and the good functioning of these systems.
I) Business Risks:
Procedures geared towards eliminating business risks are engineered and set in motion through what is referred to as “Common Management Systems” (CMS).
The Common Management Systems of Abengoa develop the internal rules by which Abengoa is governed, and define the manner in which all risks are assessed and controlled. In addition to permitting the company to share its accumulated knowledge and to setting the criteria and patterns of action, said systems represent a common culture in the management of Abengoa’s business.
The CMSs serve to identify both the risks embedded in the current model as well as the activities of control put in place to mitigate such risks, thus drastically reducing any risks (business risks) inherent in the Company’s activity, at all possible levels.
The CMSs define certain specific procedures designed to cover any action that may entail a risk for the organization, whether economic or otherwise.
The Systems cover the whole organization at three levels:
Compliance with the regulations set forth in the Common Management Systems is compulsory for the whole organization, which is why all its members are bound to be familiar with them. Any exceptions to said compliance with said systems must be reported to the person in charge and must be conveniently authorized through the relevant authorization forms.
Besides, they are constantly undergoing updates that permit the incorporation of good practices to each of the fields of action. To facilitate their spreading, successive updates are immediately communicated to the organization through IT media.
II) Risks in relation to the reliability of financial information:
In 2004 Abengoa started a process of adjusting its internal control structure on financial information to fit the requirements set forth by Section 404 of the SOX Act. Said adjustment process ended in 2007, although it is still being implemented in the new company acquisitions which occur each year.
As a result of our commitment to transparency, in order to continue to ensure the reliability of the financial reporting prepared by the company, we have continued to reinforce our internal control structure, adapting it to the requirements established in section 404 of the United States Sarbanes-Oxley Act (SOX). For a further year, we have wished to voluntarily submit the internal control system of the whole group to an independent evaluation process conducted by external auditors under the PCAOB (Public Company Accounting Oversight Board) audit standards.
SOX is a compulsory law for all companies listed in the United States and is intended to ensure the reliability of the financial reporting of these companies and to protect the interests of their shareholders and investors by setting up an appropriate internal control system. This way, and even though none of the Business Units are under obligation to comply with the SOX Law, Abengoa believes it is best for all its companies to comply with said requirements, since said rules complete the risks control model that the company uses.
An appropriate internal control system can be put in place using three tools:
The 2011 financial year saw the introduction of the SAP GRC Process Control module. GRC Process Control provides a technological solution that allows the automation of the continuous internal control and performance monitoring model, facilitating its performance and increasing security in the company’s operations.
Below are the benefits derived from the introduction of the GRC Process Control:
III) Universal Risks Model
Abengoa manages its risks through a model aimed at identifying the potential risks of a business. This model considers 4 important areas that are subdivided into 20 categories of risks, which proposes more than 86 potential risks of a business.
Our model envisages the following areas and categories of risks:
The 2011 financial year saw the culmination of the introduction of Archer eGRC, a technology solution that allows the automation of the process of identification, evaluation, response, monitoring and reporting of risks making up the Universal Risks Model for safeguarding all activities and sectors in which Abengoa operates.
IV) Risks Factors
The Risks Factors of Abengoa are identified in Schedule 1 of the Securities Registration Document published in the CNMV on June 30, 2011
I. Concessions
II. Biofuel distribution agreements
III. Backlog of projects in the activities of Engineering and Construction.Las variaciones en el coste de la energía pueden tener un impacto negativo en los resultados de la Compañía.
1.2. Specific Risks of Abengoa
V) Other existing tools
The company has a Corporate Social Responsibility master plan that involves all the areas and is implemented in the five business units, adapting the CSR strategy to the social reality of the various communities in which Abengoa is present. Corporate Social Responsibility, understood as the integration of the Expectations of interest groups into the Company’s strategy, the respect for the Law and the consistency with international standards of action, is one of the pillars of the Abengoa culture. The company informs its interest groups on the performance in the various CSR matters through a report that is based on the GRI standard for preparing sustainability reports. This report will be externally verified as part of the company’s commitment to transparency and rigour.
In 2002 Abengoa signed the United Nations World Pact, an international initiative aimed at achieving the voluntary commitment of entities regarding social responsibility, by way of implementing ten principles based on human, labour and environmental rights and on the fight against corruption. Also, in 2008, the company signed the Caring for Climate initiative, also from the United Nations. Consequently, Abengoa put in motion a system of reporting on greenhouse gas (GHG) emissions which would permit it to register its greenhouse gas emissions, know the traceability of all its supplies and certify its products and services.
In 2009, the company developed a system of environmental sustainability indicators that would contribute to improving the management of the company’s business, thus permitting the sustainability of its activities to be measured and compared, and establishing improvement objectives for the future. The combination of both initiatives has situated Abengoa at the helm of world leadership in sustainability management.
VI) Criminal Liability Risks
The enactment of Organic Law 5/2010 forced Abengoa to develop a system for risks management and internal control, and a system for verifying compliance with the legal standards to ensure that possible criminal liability risks are minimized, putting in place measures aimed at prevention, detection and investigation.
No.
If so, indicate the circumstances that led to such risks and whether the established control system worked.
If so, outline its functions.
Name of the committee or body
Audits Committee
Description of functions
To inform the Board of any changes in the accounting criteria and of any risks whether or not in the balance sheets.
The Audit Committee’s functions include the “supervision of the internal audit service” and “obtaining information on the financial reporting process, the internal control systems and on the risks for the company”.
Below are the Audit Committee’s main objectives regarding the internal control over the preparation of the financial reporting:
Abengoa applies all the provisions decreed by the CNMV, which implies that Abengoa complies with the reference indicators included in the FIICS (Financial Information Internal Control System) document from the CNMV with maximum rigour from over five years.
Since 2007, Abengoa has voluntarily submitted its Internal Control Systems to external evaluation, with the issuance of an audit opinion under PCAOB standards and a compliance audit under section 404 of the Sarbanes-Oxley Act (SOX).
I) External Auditing
The auditor of the individual and consolidated annual financial statements of Abengoa, S.A. is PricewaterhouseCoopers, which is also the Group’s main auditor.
In the year 2011, 5 reports were issued by the external auditors and then integrated into the Annual Report:
Audit report on the Group’s consolidated financial statements, as required by the Laws in vigour.
Voluntary audit report on internal audit compliance under PCAOB (Public Company Accounting Oversight Board) standards, as required under section 404 of the Sarbanes-Oxley Act (SOX).
Voluntary reasonable assurance verification report on the Corporate Governance Report, being the first Spanish listed company to obtain a report of this kind.
Voluntary reasonable assurance verification report on the Corporate Social Responsibility Report.
And voluntary verification report on the design of the Risk Management System in accordance with the ISO 31000 Standards and Specifications.