The Audit Committee was created by the Board of Directors of Abengoa, S.A. on December 2, 2002 in accordance with art. 44 of the Bylaws with a view to incorporating the provisions of Act 44/2002 on Reform of the Financial System (Ley 44/2002) relating to Audit Committees. Abengoa also has a corporate governance system in place that remains compliant at all times with applicable law and best practices.
According to good governance practices, the Board of Directors must have a number of specialized Committees in place so as to ensure that it performs its duties effectively. This structure helps to diversify the workload, while allowing motions and resolutions on certain material issues to be heard first by a specialized and independent body with specific professional expertise, which can therefore filter accordingly and report on its decisions, the aim being to guarantee the required objectivity and ensure that motions are discussed thoroughly before being passed by the Board.
As an independent body, the Audit Committee is able to oversee the affairs of Abengoa companies, thus ensuring that they conduct their business ethically and responsibly. This duty is undoubtedly its main role at present and will continue to be so in the future.
The Audit Committee is essentially the nucleus of this drive towards responsibility, and leads by example by publishing its Audit Committee Business Report every year. Its duties, structure and rules of internal functioning are set forth in the Regulations of the Board of Directors and in its own internal regulations. Generally speaking, the Committee has been heavily involved since its inception in those areas that fall within its remit, as has been explained in the company’s published annual reports and disclosures on corporate governance.
The 2011 Audit Committee Business Report details the activities and initiatives of the Committee in furtherance of the duties entrusted to it under its different fields of activity: review of economic and financial information subject to regulation, control of material risks, oversight of the management model, monitoring the independence of the financial auditor and appraising the business of the Internal Audit Division.
The Audit Committee business report for 2011 was approved at the Committee meeting held on January 17, 2012 and put before the Board of Directors on February 23, 2012. It will then be made available to the company’s shareholders on occasion of the publication of Abengoa’s annual report and, at the latest, by the time the General Shareholders Meeting is announced.
The Internal Regulations of the Audit Committee were approved by the Board of Directors on February 24, 2003 and contain the following provisions:
The Audit Committee will have a permanent and minimum membership of three directors. At least two of these must be non-executive directors, thus maintaining the majority of non-executive members envisaged under the aforementioned Act 44/2002.
Members will be appointed to office for a maximum term of four years, which may be renewed for further four-year maximum terms.
The Audit Committee shall initially elect one of its non-executive directors as Chairman.
The Secretary to the Board of Directors shall act as Secretary to the Audit Committee.
The Audit Committee shall meet as often as required and, in any event, at least once a quarter in order to exercise and discharge its duties, as detailed in the previous section. As a general rule, meetings will be held at the company’s headquarters, although members may decide to hold a particular meeting elsewhere.
The Audit Committee will also meet when a meeting is convened by the Chairman acting on his or her own initiative or at the request of any Committee members. Members may also ask the Chairman to include certain items on the agenda for the next meeting. Notice of the meeting must be given in writing, including the agenda, no less than three days prior to the scheduled date. However, business can also be transacted at a meeting of the Audit Committee when all the members are present and agree to hold a meeting.
There will be a quorum present at meetings of the Audit Committee when the majority of its members are present. Members may only appoint a non-executive director as their proxy.
Resolutions will be carried by the majority vote of Committee members in attendance. In the event of a tie, the Chairman will have the casting vote.
The Audit Committee is formed by a majority of non-executive directors and its current composition, together with the date on which each member was appointed, is as follows:
Prof.Carlos Sebastián Gascón
Professor of the Fundamentals of Economic Analysis at the Universidad Complutense de Madrid since 1984. He studied at the Universities of Madrid and Essex (UK) and the London School of Economics. Apart from his academic career, he has been the Director General of Planning at the Spanish Ministry of the Treasury, director of the Applied Economics Studies Foundation (Fundación de Estudios de Economía Aplicada, or FEDEA), and an advisor and director of private companies. He is currently a director of Abengoa, S. A. and Gesif, S.A. He also was director of Abengoa Bioenergía, S.A. He is the author of a large number of articles and monographs on macroeconomics, the labor market, economic growth and institutional economics and has a regular column in the daily economic newspaper Cinco Días.
Prof. José B. Terceiro Lomba
Professor of Applied Economics at the Universidad Complutense de Madrid. He was director of the Prisa Group, Iberia Líneas Aéreas de España and Corporación Caixa Galicia. He was the Undersecretary to the Presidency of the Government (1981-1982) and has been awarded the CEOE Prize for Economics (Premio CEOE a las Ciencias Económicas) and the Rey Jaime I Prize for Economics.
Mr. José Joaquín Abaurre Llorente
Audiovisual technician.
Prof. Mercedes Gracia Díez
Professor of Econometrics at the Universidad Complutense de Madrid and the Centro Universitario de Estudios Financieros. She has published many scientific publications in the Journal of Business and Economic Statistics, Review of Labor Economics and Industrial Relations, Applied Economics and Journal of Systems and Information Technology. She was manager of the Balance-Sheet Management Department at Caja Madrid from 1996 to 1999 and responsible for the economics and law division of the National Evaluation and Foresight Agency (Agencia Nacional de Evaluación y Prospectiva) from 1993-1996.
Mrs. Alicia Velarde Valiente:
Earned her honors degree in law from the San Pablo Center for University Studies attached to Universidad Complutense. She has been a member of the Spanish notary association since April of 1991. Since then, Alicia has worked at various notary’s office and has been at her current post in Oropesa (Toledo) since 2001. During the 1994-1995 academic year, she started to give classes in civil law at Universidad Francisco de Vitoria and continued to do so until 1999. She maintains close ties with the university today, and has been a lecturer in canon law under the doctorate program since 1999.
Mr. Miguel Ángel Jiménez-Velasco Mazarío
Miguel Angel holds a degree in law from the Universidad Autónoma de Barcelona (1989) and earned his master in company management and finance from the International Company Institute of Deusto University (Instituto Internacional de Empresas de la Universidad de Deusto) (1990-1991). He has been the legal manager of Abengoa since 1996 and was appointed Secretary and Advisory Lawyer to the Board of Directors in 2003.
The Audit Committee met on five occasions over the course of 2011, with all members in attendance at each meeting. These meetings, and the main issues discussed at them, are described below:
1. February 23, 2011 in Madrid
2. March 28, 2011 in Madrid
3. May 9, 2011 in Madrid
4. August 29, 2011 in Madrid
5. November 14, 2011 in Madrid
In addition, a number of recurring issues were addressed at each of the Audit Committee meetings, including:
The following graph shows the subjects analyzed at the Audit Committee meetings during the year:
Meeting its primary function of providing support to the Board of Directors, the main activities discussed and analyzed by the Audit Committee can be grouped into four different areas of competency:
The Audit Committee’s functions include “supervision of the internal audit service” and “awareness and knowledge of the financial reporting process, internal control systems and the risks for the company”.
In order to oversee the sufficiency, suitability and efficient working of the internal control and risk management systems, the Committee received regular information in 2011 from the head of Corporate Internal Audit in relation to:
In 2011, the Audit Committee recorded and supervised the performance of 486 tasks by the Internal Audit Department. The tasks not included under the Plan related principally to general reviews of companies and projects that had not been envisaged in the initial planning.
As a result of the work performed, 231 recommendations were issued, most of which had been implemented by year end.
One factor that had a decisive impact on the number of recommendations issued was the performance of internal control compliance audits under PCAOB (Public Company Accounting Oversight Board) standards, in accordance with the requirements of section 404 of the Sarbanes-Oxley Act (SOX).
The following graph shows the different types of internal audit work conducted over the course of 2011.
The Internal Audit Function (IAF) at Abengoa
The Internal Audit Function originated as an independent global function, reporting to the Audit Committee of the Board of Directors, with the principal objective of supervising Abengoa’s internal control and material risk management systems.
Structure and Team
Abengoa’s Internal Audit Function is structured around the joint audit services, which act in coordination. To discharge its functions and carry on its activities, the service has a structure based on multidisciplinary teams, formally organized by geographical area, which work under a common annual work plan and share out the workload on the basis of their respective areas of expertise, all in accordance with best international practices.
The Internal Audit (IA) team is formed by 49 auditors, distributed among the different Business Groups.
The profile of Abengoa’s internal auditors reflects the company’s commitment to employing personnel fully qualified to carry out the audit functions. Abengoa’s internal auditors seek at all times to provide excellent service when performing their work and become heavily involved in the business projects they are carrying out, with the overriding objective of creating value for the organization.
General Objectives
Objectives of the Internal Audit function:
Evaluation of the Internal Audit function
During 2011, Abengoa has finished a process of independent evaluation of the Internal Audit activity in accordance with the standards of the Institute of Internal Auditors.
The aim of evaluating the Internal Audit Function is to assess the organization, processes and performance in the internal audit field, in order to fix parameters to improve internal audit effectiveness and efficiency and thus deal with an increasingly demanding competitive and regulatory environment.
Following the work conducted by an independent expert, the report concluded that Abengoa’s Internal Audit Function is compliant with the International Standards for the Professional Practice of Internal Auditing of the Institute of Internal Auditors (IIA).
The auditor of the consolidated and non-consolidated annual accounts of Abengoa, S.A. is PricewaterhouseCoopers, which is also the group’s main auditor.
The Audit Committee proposed the appointment of this firm to the Board of Directors, which then passed it on to the General Shareholders Meeting, due to the firm’s extensive knowledge of the group and its history, an aspect valued very favorably by both the Committee and the management team.
In addition, other firms collaborate in performing the audit, especially in small companies both in Spain and abroad, although the scope of their work is not significant for the group overall.
In 2011 Abengoa’s Audit Committee, in accordance with its rules and regulations, agreed to begin the selection process for designating a financial auditor for Abengoa, S.A. and its consolidated Group for year 2012.
Final appointment is contingent upon approval by the Board of Directors and the General Shareholders’ Meeting of Abengoa, S.A. and, in each case, by the Audit Committees, Governing Bodies and Shareholders’ Meetings and Assemblies of the corresponding Group companies.
The Audit Committee’s functions include ensuring the independence of the external auditor, proposing the appointment or renewal thereof to the Board of Directors and approving its fees.
SOX (Sarbanes-Oxley Act) internal control audit work has been assigned to these same audit firms following the same criteria. This is because, according to PCAOB (Public Accounting Oversight Board) rules, the firm that issues the opinion on the financial statements must also be the firm that evaluates internal control processes over the preparation of the these same statements, given that this internal control is a key factor in “integrated audits”.
Abengoa follows a policy of having an external annual audit performed on all group companies, even if they are not obliged to do so because they do not meet the legal requirements.
A total of 37 new companies have been audited this year round, more than 62% of which are being audited by one of the four main international audit firms or “Big Four”.
The following table provides a breakdown of the global fees agreed upon with the external auditors for the 2011 audit, including reviews of periodic reporting and the SOX audit:
The following table reveals the fees payable to the Big Four audit firms for non-audit work performed in 2011:
In 2011, a survey was conducted on the satisfaction with the service received from the main auditor during the 2010 audit. A series of conclusions have been drawn from this survey and will help to improve the work carried out jointly with the main auditor.
The Audit Committee is, furthermore, responsible for supervising the results of the work of the external auditors. Therefore, it is promptly informed of their conclusions and of any incidents noted in their audits.
When required to do so, the external auditor has attended Audit Committee meetings to report on its areas of competency, which are essentially the following:
In 2011, the external auditors carried out an integrated audit under PCAOB standards.
As a result of this work, the external auditors likewise issued a report containing the conclusions of their internal control assessment. This opinion is additional to the one included in the audit report on the annual financial statements, although the PCAOB allows both opinions to be included in the same document.
Thus, external auditors issued five reports in 2011, all forming an integral part of the Annual Report:
The Audit Committee’s main objectives concerning internal control over the preparation of financial reporting are:
Internal Control Model
In February 2010, the Spanish National Stock Market Commission (CNMV) published a document titled “Internal Control over Financial Reporting in Listed Companies” (ISFR), which contains two new legal obligations that listed companies must meet from 2011 onwards:
The CNMV document is based on COSO and incorporates 30 recommended practices divided into five components areas:
Since 2007, Abengoa has been voluntarily submitting its Internal Control Systems to external evaluation, with the issuance of an audit opinion under PCAOB standards and a compliance audit under section 404 of the Sarbanes-Oxley Act (SOX).
This means that Abengoa has been complying strictly with the reference indicators included in the Spanish CNMV’s ICFR document for four straight years now.
Abengoa believes that a proper internal control system would ensure that all relevant financial information is reliable and known to the management. It therefore believes that the model developed and tailored to SOX provides the ideal partner for the Common Management Systems, the main aim of which is to control and mitigate business risks.
The COSO model has been used as the conceptual framework, since this model most closely mirrors the approach required by SOX, which has also been presented to the Audit Committee. In this model, internal control is defined as the process carried out in order to provide reasonable assurance of the attainment of certain objectives, such as compliance with laws and regulations, the reliability of financial reporting and the effectiveness and efficiency of operations.
To carry out its responsibilities, the Audit Committee has the following supervision tools at different levels of the organization:
Company management has implemented a Code of Professional Conduct, the guiding philosophy of which is honesty, integrity and good judgment on the part of employees, managers and directors, as reflected in Abengoa’s Annual Corporate Governance Report, which provides details of the company’s governing structure, risk control systems, the degree to which recommendations on governance are followed and the reporting instruments; and in which the management’s commitment to maintaining an appropriate internal control and risk management system, good corporate governance and ethical conduct on the part of the organization and its employees can be seen.
The Code of Conduct is available to all employees through the Abengoa intranet and is regularly updated.
The Welcome Manual of Abengoa and the different Business Groups make express reference to the Code of Professional Conduct.
All departments, principally Human Resources and Internal Audit, strive to ensure compliance with the Code and notify management of any irregular conduct they may detect so that the appropriate measures can be adopted.
Whistleblowing Channel
Abengoa and its different Business Groups have a mechanism in place for forwarding complaints to the Audit Committee. The channel was formally implemented in 2007 under the requirements of the Sarbanes-Oxley Act.
Abengoa has two whistleblowing channels:
Complaints may be sent on the basis of confidentiality for the complainant or anonymously.
The aim of Abengoa in creating these channels has been to provide a specific means of communicating with management and the governing bodies, which may be used as a tool to inform them of any possible irregularity, non-compliance, unethical or illegal conduct or breach of the rules that govern the group.
Every complaint received leads to investigations by the Internal Audit team in accordance with the following procedure:
Foreign Corrupt Practices Act (FCPA)
The honesty, integrity and sound judgment of employees, executives and directors is essential to the company’s reputation and success.
In pursuit of these principles, Abengoa adhered to the United Nations Global Compact in 2002. It upholds each of the ten principles enshrined in the initiative and works to integrate them fully into the strategy and policies governing the day-to-day running of the company. In relation to principle nº 10: “Businesses should work against corruption in all its forms, including extortion and bribery”, Abengoa has various procedures in place to prevent any kind of corruption within the company.
In the fight against extortion, fraud and bribery, Abengoa upholds the provisions of the US Foreign Corrupt Practices Act (FCPA).
In particular, the FCPA criminalizes acts by companies and their executives, directors, employees and representatives to pay, promise, offer or authorize payment of anything of value to any foreign civil servant, foreign political party, heads of foreign political parties with the aim of achieving or maintaining business operations, or of obtaining any kind of improper gain.
The FCPA complements the requirements imposed by section 404 of the US Sarbanes Oxley Act (SOX).
During 2011, Abengoa continued to grow, carrying on activities in more than 77 countries. To deal with this growth in a safe and controlled manner, Abengoa has a common business management system that allows it to work on an efficient, coordinated and consistent basis.
In forthcoming years, we will be faced with an environment characterized by greater regulatory requirements. In order to deal with this scenario, Abengoa considers risk management an indispensable activity and function for strategic decision making.
Abengoa is aware of the importance of managing its risks in order to carry out appropriate strategic planning and attain the defined business objectives. To do this, it applies a philosophy formed by a set of shared beliefs and attitudes, which define how risk is considered, starting with the development and implementation of the strategy and ending with the day-to-day activities.
Abengoa’s Risk Management System is shown in the following diagram:
Abengoa defines risk as any potential event that may prevent the company from reaching its business objectives. Abengoa considers that a risk arises as a loss of opportunities and/or strengths or the materialization of a threat and/or strengthening of a weakness.
Abengoa’s attitude in the face of risk is awareness, involvement and anticipation. The key principles of Risk Management at Abengoa are the following:
The Risk Management process at Abengoa is a continuous cycle based on five key phases, as shown in the following diagram:
In each phase, regular and consistent communication is necessary in order to achieve good results. Since it is a continuous cycle, permanent feedback is necessary in order to achieve a constant improvement in the Risk Management System. These processes are addressed to all the company’s risks.
Abengoa manages its risks using the following model, described in the company’s Risk Management Manual, which is intended to identify the potential risks of a business:
Risk treatment and response criteria are contained within the Common Management Systems and must be observed by all employees.
The responses designed and included within the different elements that make up the Abengoa Risk Management System pursue one of the following risk management scenarios:
Abengoa’s Risk Management Model comprises two core elements:
Both elements combine to form an integrated system that enables the company to manage risks and controls suitably throughout all levels of the organization.
The functional heads of each division must verify and certify compliance with these procedures. This annual certification is issued by the Audit Committee in January of the following year.
Los SCG contemplan unos procedimientos específicos que cubren cualquier acción que pueda resultar un riesgo para la organización, tanto de carácter económico, como no económico. Además, están disponibles para todos los empleados en soporte informático con independencia de su ubicación geográfica y empleo.
Los responsables funcionales de cada área, deben verificar y certificar el cumplimiento de estos procedimientos. Esta certificación anual es emitida y presentada al Comité de Auditoría en enero del año siguiente.
Objectives
The systems cover the whole organization at three levels:
Our Common Management Systems represent a common culture for Abengoa’s different businesses and are composed of eleven Rules defining how each of the potential risks included in Abengoa’s risk model should be managed. Through these systems, the risks and the appropriate way of hedging against them are identified and the control mechanisms defined.
Over recent years, the Common Management Systems have evolved to adapt to the new situations and environments in which Abengoa operates, with the overriding aim of reinforcing risk identification, covering risks and establishing control activities.
The Compulsory Procedures are used to mitigate risks relating to the reliability of the financial information, employing a combined system of procedures and control activities in key areas of the company, which are intended to ensure the reliability of the financial information and prevent fraud.
As a result of our commitment to transparency, and so as to continue to ensure the reliability of the financial information prepared by the company, we have continued to reinforce our internal control structure, adapting it to the requirements established under section 404 of the United States Sarbanes-Oxley Act (SOX). For a further year, we have voluntarily submitted the internal control system of the whole group to an independent evaluation process conducted by external auditors under PCAOB (Public Company Accounting Oversight Board) audit standards.
SOX is a compulsory law for all listed companies operating in the United States and is intended to ensure the reliability of the financial reporting of these companies and protect the interests of their shareholders and investors by establishing an appropriate internal control system. Thus, although none of the Business Groups is required to meet SOX requirements, Abengoa deems it necessary to comply with these requirements throughout all of its component companies, since these requirements complement the risk control model used by the company.
The company has implemented an appropriate internal control system that relies on three tools:
Our work comprises the following aspects:
At Abengoa, we have viewed this legal requirement as an opportunity for improvement and, far from being satisfied with the rules included in the Act, we have tried to develop and improve our own internal control structures, control procedures and the evaluation procedures in place.
This initiative arose in response to the swift expansion experienced by the group
in recent years and projected future growth, the aim for us to continue preparing accurate, timely and complete financial reports for our investors.
In order to meet the requirements of section 404 of the SOX, Abengoa’s internal control structure has been redefined following a “Top-Down” approach based on risk analysis.
This risk analysis encompasses a preliminary identification of significant risk areas and an assessment of the company’s controls over them, starting with top-level executives - corporate and supervisory controls – then dropping to the operational controls present in each process.
Our approach is as follows:
In 2011, Abengoa finished integrating its Universal Risk Model, the company’s chosen methodology for quantifying the risks that compose the Risk Management System.
Abengoa’s Universal Risk Model is made up of four categories, 20 sub-categories and a total of 86 principal risks for the business. Each these risks has an associated series of indicators that allow its probability and impact to be measured and the degree of tolerance to the risk to be defined, thus allowing for subsequent risk assessment and monitoring.
The following diagram illustrates how Abengoa’s Universal Risk Model works. The model is periodically reviewed and updated jointly by the Internal Audit departments, the heads of each area involved and the heads of risk management at corporate-level and for the different Business Groups.
After applying both probability and impact indicators to all the risks that make up Abengoa’s Universal Risk Model, risks are grouped accordingly into four types, each with its own pre-determined risk management strategy:
On a final note, Abengoa completed implementation in 2011 of Archer eGRC, a technological solution enabling the company to automate the process of identifying, assessing, responding to, monitoring and reporting the risks that make up its Universal Risk Model, thus helping to protect all the activities and sectors in which Abengoa is currently engaged.