D.1 General description of the Risk Policy of the Company and/or its Group, detailing and evaluating the risks covered by the system, together with an explanation of why these systems are appropriate for each type of risk.

The structure of the Abengoa Risk Management is based on three significant pillars:Los Sistemas Comunes de Gestión, que sirven para mitigar los riesgos del negocio

• The Common Management Systems, which serve to mitigate business risks
• Internal control procedures based on the SOX (Sarbanes-Oxley Act) requirements designed to mitigate risks linked with the reliability of financial information.
• Abengoa’s Universal Risks Model, a methodology that quantifies the risk in the internal control procedures in relation with the preparation of financial information . This tool is used to help us manage, identify, mitigate and monitor the risks involved in the business.These two elements form an integrated system that allows the appropriate risk management and control at all the levels of the organization.

This is a live system that is subject to continuous modifications and improvements to keep in line with the reality of business.

There are also internal auditing services in charge of ensuring the compliance with and the good functioning of these systems.

I) Business Risks:

Procedures geared towards eliminating business risks are engineered and set in motion through what is referred to as “Common Management Systems” (CMS).

The Common Management Systems of Abengoa develop the internal rules by which Abengoa is governed, and define the manner in which all risks are assessed and controlled. In addition to permitting the company to share its accumulated knowledge and to setting the criteria and patterns of action, said systems represent a common culture in the management of Abengoa’s business.

The CMSs serve to identify both the risks embedded in the current model as well as the activities of control put in place to mitigate such risks, thus drastically reducing any risks (business risks) inherent in the Company’s activity, at all possible levels.

The CMSs define certain specific procedures designed to cover any action that may entail a risk for the organization, whether economic or otherwise.

The Systems cover the whole organization at three levels:

• All Business Units and Areas of Activity
• All levels of responsibility
• All types of operations

Compliance with the regulations set forth in the Common Management Systems is compulsory for the whole organization, which is why all its members are bound to be familiar with them. Any exceptions to said compliance with said systems must be reported to the person in charge and must be conveniently authorized through the relevant authorization forms.

Besides, they are constantly undergoing updates that permit the incorporation of good practices to each of the fields of action. To facilitate their spreading, successive updates are immediately communicated to the organization through IT media.

II) Risks in relation to the reliability of financial information:

In 2004 Abengoa started a process of adjusting its internal control structure on financial information to fit the requirements set forth by Section 404 of the SOX Act. Said adjustment process ended in 2007, although it is still being implemented in the new company acquisitions which occur each year.

As a result of our commitment to transparency, in order to continue to ensure the reliability of the financial reporting prepared by the company, we have continued to reinforce our internal control structure, adapting it to the requirements established in section 404 of the United States Sarbanes-Oxley Act (SOX). For a further year, we have wished to voluntarily submit the internal control system of the whole group to an independent evaluation process conducted by external auditors under the PCAOB (Public Company Accounting Oversight Board) audit standards.

SOX is a compulsory law for all companies listed in the United States and is intended to ensure the reliability of the financial reporting of these companies and to protect the interests of their shareholders and investors by setting up an appropriate internal control system. This way, and even though none of the Business Units are under obligation to comply with the SOX Law, Abengoa believes it is best for all its companies to comply with said requirements, since said rules complete the risks control model that the company uses.

An appropriate internal control system can be put in place using three tools:

• A description of the company’s relevant processes that may bear a potential impact on the financial report being prepared. So far 41 Management Processes (MPs) have been identified and grouped into Corporate Cycles and Cycles Common to the Business Groups.
• A series of flow charts that provide a visual description of the processes.
• An inventory of the control activities (460 controls, 214 of them being automatic) in each process that ensures attainment of the control objectives.

The 2011 financial year saw the introduction of the SAP GRC Process Control module. GRC Process Control provides a technological solution that allows the automation of the continuous internal control and performance monitoring model, facilitating its performance and increasing security in the company’s operations.

Below are the benefits derived from the introduction of the GRC Process Control:

• Automation of the Continuous (Internal) Control Monitoring. Obtaining automatic reports and balanced scorecards on the internal control framework and regulations
• Integration of internal control into business processes.
• Level of automation of auditing for automatic controls.
• Centralization of documentation and internal control management processes. (Sole repository of information)
• Usage of standard workflows for the entire life-cycle of a control, bearing the regulation in mind, as in the case of SOX. Increase of the efficiency of internal control model, by reducing performance cost and increasing its effectiveness.
• Increasing confidence in the effectiveness of controls.
• Improving the performance follow-up.

III) Universal Risks Model

Abengoa manages its risks through a model aimed at identifying the potential risks of a business. This model considers 4 important areas that are subdivided into 20 categories of risks, which proposes more than 86 potential risks of a business.

Our model envisages the following areas and categories of risks:

• Strategic Risks: corporate governance, strategic and R+D+i projects, mergers, acquisitions and divestitures, planning and assignment of resources, market dynamics, communication and relation with investors
• Operational risks: human resources, information technologies, physical assets, sales, supply chain, threats or catastrophes.
• Financial Risks: cash flow and credit, markets, taxation, capital structure, accounting and reporting.
• Legal Risks: regulations, laws and codes of ethics and of conduct.Durante el ejercicio 2011 se ha culminado la implantación de Archer eGRC, solución tecnológica que permite automatizar el proceso de identificación, evaluación, respuesta, monitorización y reporte de los riesgos que componen el Modelo Universal de Riesgos para mantener todas las actividades y sectores en que opera Abengoa.

The 2011 financial year saw the culmination of the introduction of Archer eGRC, a technology solution that allows the automation of the process of identification, evaluation, response, monitoring and reporting of risks making up the Universal Risks Model for safeguarding all activities and sectors in which Abengoa operates. 

IV) Risks Factors

The Risks Factors of Abengoa are identified in Schedule 1 of the Securities Registration Document published in the CNMV on June 30, 2011

1. Specific risks factors of issuer or of its activity sector.

1.1. General Risks

• Abengoa operates in a sector of activity especially linked with the economic cycle.
• Risk derived from depending on the regulations in support of activities relating to renewable energy, bioethanol production and also research- and development-related activities.
• Solar power generation.
• Biofuel consumption.
• Risks derived from the sensitivity entailed in the supply of raw materials for biofuel production and the volatility of the price of the final product.
• Risks derived from the sensitivity entailed in the supply of raw materials for recycling activities and the volatility of the price of the final product.
• Risks derived from delays and cost overruns in activities of Engineering and Construction due to the technical difficulties of the projects and the lengthy duration of their execution.
• Risks linked to the activities of concession-type of Infrastructural projects operating under regulated tariffs or extremely long-term licences agreements.
• Incomes obtained from long-term agreements: risks derived from the existence of clauses and/or renewal of licence agreements processed by Abengoa, termination of pending Engineering and Construction projects and non-renewals of biofuel distribution agreements.I. Concesiones

I. Concessions

II. Biofuel distribution agreements

III. Backlog of projects in the activities of Engineering and Construction.Las variaciones en el coste de la energía pueden tener un impacto negativo en los resultados de la Compañía.

• The variations in the cost of energy may bear negative impact on the Company results.
• Risks derived from the development, construction and exploitation of new projects.
• Abengoa’s activities may be negatively affected in the event that public support for such activities diminishes.
• Construction projects regarding the Engineering and Construction activities and the facilities of Concession-type Infrastructural and Industrial Production activities are dangerous places of work.
• Risks derived from joining hands with third parties for the execution of certain projects.1.2. Riesgos específicos de Abengoa

1.2. Specific Risks of Abengoa

• Abengoa operates with enormous levels of indebtedness.
• Risks derived from the demand for capital intensive investments in fixed assets (CAPEX), which increases the need for external financing for the execution of pending projects.
• The renewable energy sector products and services are part of a market subject to intensive conditions of competition.
• The results of the Engineering and Construction activity depend significantly on the growth of the Company in the Concession-type Infrastructural and Industrial Production activities.
• Fluctuations in the interest rates and its coverage may affect the results of the Company Fluctuations in the currency exchange rates and its coverage may affect the results of the Company Country and Internationalization risks.
• Abengoa’s activities fall under multiple jurisdictions with various degrees of legal demands requiring the Company to undertake significant efforts to ensure its compliance with them.
• The activities of the Company may be negatively affected by natural catastrophes, extreme climate conditions, unexpected geological conditions or other physical kind1s of conditions, as well as by terrorist acts perpetrated in some of its locations.
• Insurance coverage underwritten by Abengoa may be insufficient to cover the risks entailed in the projects, and the costs of the insurance premiums may rise.
• Abengoa’s business may undergo deterioration if it is not able to retain its top management personnel and key employees, or attract and retain other highly qualified employees.
• Reduction of future incomes, benefits and debts from variations in the Company consolidation perimeter (Telvent GIT, S.A. and its affiliates and the Brazilian transmission lines: NTE, STE, ATE, ATE II and ATE III):
• The practices of tax evasion and product alteration on the Brazilian fuel distributions market may distort the market prices.
• The company has a controlling shareholder.

V) Other existing tools

The company has a Corporate Social Responsibility master plan that involves all the areas and is implemented in the five business units, adapting the CSR strategy to the social reality of the various communities in which Abengoa is present. Corporate Social Responsibility, understood as the integration of the Expectations of interest groups into the Company’s strategy, the respect for the Law and the consistency with international standards of action, is one of the pillars of the Abengoa culture. The company informs its interest groups on the performance in the various CSR matters through a report that is based on the GRI standard for preparing sustainability reports. This report will be externally verified as part of the company’s commitment to transparency and rigour.

In 2002 Abengoa signed the United Nations World Pact, an international initiative aimed at achieving the voluntary commitment of entities regarding social responsibility, by way of implementing ten principles based on human, labour and environmental rights and on the fight against corruption. Also, in 2008, the company signed the Caring for Climate initiative, also from the United Nations. Consequently, Abengoa put in motion a system of reporting on greenhouse gas (GHG) emissions which would permit it to register its greenhouse gas emissions, know the traceability of all its supplies and certify its products and services.

In 2009, the company developed a system of environmental sustainability indicators that would contribute to improving the management of the company’s business, thus permitting the sustainability of its activities to be measured and compared, and establishing improvement objectives for the future. The combination of both initiatives has situated Abengoa at the helm of world leadership in sustainability management.

VI) Criminal Liability Risks

The enactment of Organic Law 5/2010 forced Abengoa to develop a system for risks management and internal control, and a system for verifying compliance with the legal standards to ensure that possible criminal liability risks are minimized, putting in place measures aimed at prevention, detection and investigation.

D.2. Indicate whether some of the various kinds of risks (operational, technological, financial, legal, reputational, tax-related…) that may affect the company and/or its group emerged during the financial year.

No.

If so, indicate the circumstances that led to such risks and whether the established control system worked.

D.3 Indicate whether there is a committee or other governing body responsible for establishing and supervising these control devices.

If so, outline its functions.

Name of the committee or body

Audits Committee

Description of functions

To inform the Board of any changes in the accounting criteria and of any risks whether or not in the balance sheets.

The Audit Committee’s functions include the “supervision of the internal audit service” and “obtaining information on the financial reporting process, the internal control systems and on the risks for the company”.

Below are the Audit Committee’s main objectives regarding the internal control over the preparation of the financial reporting:

• To determine the risks of a possible material error in the financial reporting caused by fraud or possible fraud risk factors.
• To analyze the procedures for evaluating the efficiency of internal control in relation to financial reporting.
• To obtain information on the capacity of the internal controls over the processes affecting Abengoa and its Business Groups.
• To identify the material deficiencies and weaknesses in the internal control in relation to the financial reporting and the response capacity.
• To supervise and coordinate any significant changes made over the internal controls affecting the quarterly financial reporting.
• Performance of the quarterly processes of closing the financial statements and differences identified in relation to the processes performed at the year end.
• Implementing plans and monitoring for actions taken to correct the differences identified in the audits.
• Installing measures to identify and correct possible internal control weaknesses in relation to the financial reporting.
• Analyzing the procedures, activities and controls that seek to guarantee the reliability of the financial reporting and to prevent fraud.

D.4 Identification and description of the processes for complying with the different regulations that affect the company and/or its group.

Abengoa applies all the provisions decreed by the CNMV, which implies that Abengoa complies with the reference indicators included in the FIICS (Financial Information Internal Control System) document from the CNMV with maximum rigour from over five years.

Since 2007, Abengoa has voluntarily submitted its Internal Control Systems to external evaluation, with the issuance of an audit opinion under PCAOB standards and a compliance audit under section 404 of the Sarbanes-Oxley Act (SOX).

I) External Auditing

The auditor of the individual and consolidated annual financial statements of Abengoa, S.A. is PricewaterhouseCoopers, which is also the Group’s main auditor.

In the year 2011, 5 reports were issued by the external auditors and then integrated into the Annual Report:

Audit report on the Group’s consolidated financial statements, as required by the Laws in vigour.

Voluntary audit report on internal audit compliance under PCAOB (Public Company Accounting Oversight Board) standards, as required under section 404 of the Sarbanes-Oxley Act (SOX).

Voluntary reasonable assurance verification report on the Corporate Governance Report, being the first Spanish listed company to obtain a report of this kind.

Voluntary reasonable assurance verification report on the Corporate Social Responsibility Report.

And voluntary verification report on the design of the Risk Management System in accordance with the ISO 31000 Standards and Specifications.