Close

This website uses third-party cookies to collect statistical information related to your navigation. If you continue to browse, we consider you accept this use. See more information on our cookies policy here.

Audit Committee Activity Report

 

Introduction

The Audit Committee was created by the Board of Directors of Abengoa, S.A. on December 2, 2002 in accordance with art. 44 of the Bylaws with a view to incorporating the provisions of Act 44/2002 on Reform of the Financial System (Ley 44/2002) relating to Audit Committees. Abengoa also has a corporate governance system in place that remains compliant at all times with applicable law and best practices.

According to good governance practices, the Board of Directors must have a number of specialized Committees in place so as to ensure that it performs its duties effectively. This structure helps to diversify the workload, while allowing motions and resolutions on certain material issues to be heard first by a specialized and independent body with specific professional expertise, which can therefore filter accordingly and report on its decisions, the aim being to guarantee the required objectivity and ensure that motions are discussed thoroughly before being passed by the Board.

As an independent body, the Audit Committee is able to oversee the affairs of Abengoa companies, thus ensuring that they conduct their business ethically and responsibly. This duty is undoubtedly its main role at present and will continue to be so in the future.

The Audit Committee is essentially the nucleus of this drive towards responsibility, and leads by example by publishing its Audit Committee Business Report every year. Its duties, structure and rules of internal functioning are set forth in the Regulations of the Board of Directors and in its own internal regulations. Generally speaking, the Committee has been heavily involved since its inception in those areas that fall within its remit, as has been explained in the company’s published annual reports and disclosures on corporate governance.

The 2011 Audit Committee Business Report details the activities and initiatives of the Committee in furtherance of the duties entrusted to it under its different fields of activity: review of economic and financial information subject to regulation, control of material risks, oversight of the management model, monitoring the independence of the financial auditor and appraising the business of the Internal Audit Division.

The Audit Committee business report for 2011 was approved at the Committee meeting held on January 17, 2012 and put before the Board of Directors on February 23, 2012. It will then be made available to the company’s shareholders on occasion of the publication of Abengoa’s annual report and, at the latest, by the time the General Shareholders Meeting is announced.

Internal Regulations of the Audit Committee

The Internal Regulations of the Audit Committee were approved by the Board of Directors on February 24, 2003 and contain the following provisions:

Composition and Appointment of Members

The Audit Committee will have a permanent and minimum membership of three directors. At least two of these must be non-executive directors, thus maintaining the majority of non-executive members envisaged under the aforementioned Act 44/2002.

Members will be appointed to office for a maximum term of four years, which may be renewed for further four-year maximum terms.

Chairman and Secretary

The Audit Committee shall initially elect one of its non-executive directors as Chairman.

The Secretary to the Board of Directors shall act as Secretary to the Audit Committee.

The powers and duties of the Audit Committee are as follows:

  • To report on the annual accounts and half-yearly and quarterly financial statements that must be submitted to regulatory bodies and market watchdogs, with mention made of the internal control systems, the control mechanisms to monitor implementation and compliance through internal audit procedures and, where appropriate, the accounting principles applied.
  • To report to the Board of Directors on any changes in accounting principles, balance sheet risk and off-balance sheet risk.
  • To report to the General Shareholders Meeting on those matters raised by shareholders that fall within its remit.
  • To propose the appointment of the external financial auditors to the Board of Directors, for subsequent referral on to the General Shareholders Meeting.
  • To oversee internal audit services. The Committee will enjoy full access to internal auditing and shall report on the process of selection, appointment, reappointment, removal and remuneration of the internal audit director and on the department’s budget.
  • To be fully aware of the company’s financial information reporting process and internal control systems.
  • To liaise with the external audit firm so as to receive information on any matters that could jeopardize the latter’s independence and any other matters relating to the financial auditing process.
  • To summon directors to Committee meetings, at its discretion, in order to report on any such matters the Audit Committee deems fit.
  • To draw up an annual report on the activities of the Audit Committee, which must be published along with the annual accounts for the fiscal year.

Meetings and Announcement

The Audit Committee shall meet as often as required and, in any event, at least once a quarter in order to exercise and discharge its duties, as detailed in the previous section. As a general rule, meetings will be held at the company’s headquarters, although members may decide to hold a particular meeting elsewhere.

The Audit Committee will also meet when a meeting is convened by the Chairman acting on his or her own initiative or at the request of any Committee members. Members may also ask the Chairman to include certain items on the agenda for the next meeting. Notice of the meeting must be given in writing, including the agenda, no less than three days prior to the scheduled date. However, business can also be transacted at a meeting of the Audit Committee when all the members are present and agree to hold a meeting.

Quorum

There will be a quorum present at meetings of the Audit Committee when the majority of its members are present. Members may only appoint a non-executive director as their proxy.

Resolutions will be carried by the majority vote of Committee members in attendance. In the event of a tie, the Chairman will have the casting vote.

Composition, Appointments and Member Profiles

The Audit Committee is formed by a majority of non-executive directors and its current composition, together with the date on which each member was appointed, is as follows:

 

Prof.Carlos Sebastián Gascón

Professor of the Fundamentals of Economic Analysis at the Universidad Complutense de Madrid since 1984. He studied at the Universities of Madrid and Essex (UK) and the London School of Economics. Apart from his academic career, he has been the Director General of Planning at the Spanish Ministry of the Treasury, director of the Applied Economics Studies Foundation (Fundación de Estudios de Economía Aplicada, or FEDEA), and an advisor and director of private companies. He is currently a director of Abengoa, S. A. and Gesif, S.A. He also was director of Abengoa Bioenergía, S.A. He is the author of a large number of articles and monographs on macroeconomics, the labor market, economic growth and institutional economics and has a regular column in the daily economic newspaper Cinco Días.

Prof. José B. Terceiro Lomba

Professor of Applied Economics at the Universidad Complutense de Madrid. He was director of the Prisa Group, Iberia Líneas Aéreas de España and Corporación Caixa Galicia. He was the Undersecretary to the Presidency of the Government (1981-1982) and has been awarded the CEOE Prize for Economics (Premio CEOE a las Ciencias Económicas) and the Rey Jaime I Prize for Economics.

Mr. José Joaquín Abaurre Llorente

Audiovisual technician.

Prof. Mercedes Gracia Díez

Professor of Econometrics at the Universidad Complutense de Madrid and the Centro Universitario de Estudios Financieros. She has published many scientific publications in the Journal of Business and Economic Statistics, Review of Labor Economics and Industrial Relations, Applied Economics and Journal of Systems and Information Technology. She was manager of the Balance-Sheet Management Department at Caja Madrid from 1996 to 1999 and responsible for the economics and law division of the National Evaluation and Foresight Agency (Agencia Nacional de Evaluación y Prospectiva) from 1993-1996.

Mrs. Alicia Velarde Valiente:

Earned her honors degree in law from the San Pablo Center for University Studies attached to Universidad Complutense. She has been a member of the Spanish notary association since April of 1991. Since then, Alicia has worked at various notary’s office and has been at her current post in Oropesa (Toledo) since 2001. During the 1994-1995 academic year, she started to give classes in civil law at Universidad Francisco de Vitoria and continued to do so until 1999. She maintains close ties with the university today, and has been a lecturer in canon law under the doctorate program since 1999.

Mr. Miguel Ángel Jiménez-Velasco Mazarío

Miguel Angel holds a degree in law from the Universidad Autónoma de Barcelona (1989) and earned his master in company management and finance from the International Company Institute of Deusto University (Instituto Internacional de Empresas de la Universidad de Deusto) (1990-1991). He has been the legal manager of Abengoa since 1996 and was appointed Secretary and Advisory Lawyer to the Board of Directors in 2003.

Meetings of the Audit Committee in 2011

The Audit Committee met on five occasions over the course of 2011, with all members in attendance at each meeting. These meetings, and the main issues discussed at them, are described below:

1. February 23, 2011 in Madrid

  • Economic information for fiscal year 2010.
  • Presentation of the external auditor on the conclusions of its audit engagement for fiscal year 2010.
  • Annual Corporate Governance Report for 2010.
  • Summary of the assessment performed by the company on internal control deficiencies relating to the Sarbanes-Oxley Act. S
  • Summary of audit and external consulting fees for 2010.2. 28 de marzo de 2011 en Madrid

2. March 28, 2011 in Madrid

  • Presentation and analysis of various investment operations.

3. May 9, 2011 in Madrid

  • In Economic information on the first quarter of 2011.
  • Fees for consulting services in 2011.

4. August 29, 2011 in Madrid

  • Economic information on the first half of 2011.
  • Main conclusions of the external auditors on the limited review as of June 30.
  • External auditor’s fees for 2011.
  • Fees for consulting services in 2011.

5. November 14, 2011 in Madrid

  • Economic information on the third quarter of 2011.
  • Announcement of the external auditor selection process for 2012.
  • Fees for consulting services in 2011.

In addition, a number of recurring issues were addressed at each of the Audit Committee meetings, including:

  • Monitoring of the Internal Audit Plan.
  • Reporting on related-party transactions.
  • Information on the Whistleblowing Policy / Code of Conduct compliance.
  • Universal Risk Model.

The following graph shows the subjects analyzed at the Audit Committee meetings during the year:

 

 

 

Activities Performed

Meeting its primary function of providing support to the Board of Directors, the main activities discussed and analyzed by the Audit Committee can be grouped into four different areas of competency:

 

a) Internal Audit

The Audit Committee’s functions include “supervision of the internal audit service” and “awareness and knowledge of the financial reporting process, internal control systems and the risks for the company”.

In order to oversee the sufficiency, suitability and efficient working of the internal control and risk management systems, the Committee received regular information in 2011 from the head of Corporate Internal Audit in relation to:

  • The Annual Internal Audit Plan and the degree to which it had been met: progress and conclusions on the internal audit work performed, which essentially comprises the tasks of auditing financial statements, internal control SOX audits, Common Management Systems audits, reviews of critical projects and construction work, and reviews of special areas, among others.
  • The degree of implementation of issued recommendations.
  • A description of the main areas reviewed and the most significant conclusions, which include audited and sufficiently mitigated risks.
  • Other more detailed explanations requested by the Audit Committee.

In 2011, the Audit Committee recorded and supervised the performance of 486 tasks by the Internal Audit Department. The tasks not included under the Plan related principally to general reviews of companies and projects that had not been envisaged in the initial planning.

As a result of the work performed, 231 recommendations were issued, most of which had been implemented by year end.

One factor that had a decisive impact on the number of recommendations issued was the performance of internal control compliance audits under PCAOB (Public Company Accounting Oversight Board) standards, in accordance with the requirements of section 404 of the Sarbanes-Oxley Act (SOX).

The following graph shows the different types of internal audit work conducted over the course of 2011.

 

The Internal Audit Function (IAF) at Abengoa

The Internal Audit Function originated as an independent global function, reporting to the Audit Committee of the Board of Directors, with the principal objective of supervising Abengoa’s internal control and material risk management systems.

Structure and Team

Abengoa’s Internal Audit Function is structured around the joint audit services, which act in coordination. To discharge its functions and carry on its activities, the service has a structure based on multidisciplinary teams, formally organized by geographical area, which work under a common annual work plan and share out the workload on the basis of their respective areas of expertise, all in accordance with best international practices.

The Internal Audit (IA) team is formed by 49 auditors, distributed among the different Business Groups.

  • The average age of Abengoa’s internal audit team is currently around 31.
  • Men and women have an equal weighting on the team.
  • Average length of professional experience is seven years.
  • Approximately 70 % of the auditors have prior experience in one of the “Big Four” external audit firms.

The profile of Abengoa’s internal auditors reflects the company’s commitment to employing personnel fully qualified to carry out the audit functions. Abengoa’s internal auditors seek at all times to provide excellent service when performing their work and become heavily involved in the business projects they are carrying out, with the overriding objective of creating value for the organization.

 

General Objectives

Objectives of the Internal Audit function:

 

Evaluation of the Internal Audit function

During 2011, Abengoa has finished a process of independent evaluation of the Internal Audit activity in accordance with the standards of the Institute of Internal Auditors.

The aim of evaluating the Internal Audit Function is to assess the organization, processes and performance in the internal audit field, in order to fix parameters to improve internal audit effectiveness and efficiency and thus deal with an increasingly demanding competitive and regulatory environment.

  • Mission of the Internal Audit Function in order to comply with the company’s requirements and expectations.
  • Professionals of the Internal Audit Function (IAF).
  • Infrastructures and operations used by the Internal Audit Function in furtherance of its work.

Following the work conducted by an independent expert, the report concluded that Abengoa’s Internal Audit Function is compliant with the International Standards for the Professional Practice of Internal Auditing of the Institute of Internal Auditors (IIA).

 

b) External audit

The auditor of the consolidated and non-consolidated annual accounts of Abengoa, S.A. is PricewaterhouseCoopers, which is also the group’s main auditor.

The Audit Committee proposed the appointment of this firm to the Board of Directors, which then passed it on to the General Shareholders Meeting, due to the firm’s extensive knowledge of the group and its history, an aspect valued very favorably by both the Committee and the management team.

In addition, other firms collaborate in performing the audit, especially in small companies both in Spain and abroad, although the scope of their work is not significant for the group overall.

In 2011 Abengoa’s Audit Committee, in accordance with its rules and regulations, agreed to begin the selection process for designating a financial auditor for Abengoa, S.A. and its consolidated Group for year 2012.

Final appointment is contingent upon approval by the Board of Directors and the General Shareholders’ Meeting of Abengoa, S.A. and, in each case, by the Audit Committees, Governing Bodies and Shareholders’ Meetings and Assemblies of the corresponding Group companies.

The Audit Committee’s functions include ensuring the independence of the external auditor, proposing the appointment or renewal thereof to the Board of Directors and approving its fees.

 

SOX (Sarbanes-Oxley Act) internal control audit work has been assigned to these same audit firms following the same criteria. This is because, according to PCAOB (Public Accounting Oversight Board) rules, the firm that issues the opinion on the financial statements must also be the firm that evaluates internal control processes over the preparation of the these same statements, given that this internal control is a key factor in “integrated audits”.

Abengoa follows a policy of having an external annual audit performed on all group companies, even if they are not obliged to do so because they do not meet the legal requirements.

A total of 37 new companies have been audited this year round, more than 62% of which are being audited by one of the four main international audit firms or “Big Four”.

The following table provides a breakdown of the global fees agreed upon with the external auditors for the 2011 audit, including reviews of periodic reporting and the SOX audit:

 

 

The following table reveals the fees payable to the Big Four audit firms for non-audit work performed in 2011:

 

4_T11

In 2011, a survey was conducted on the satisfaction with the service received from the main auditor during the 2010 audit. A series of conclusions have been drawn from this survey and will help to improve the work carried out jointly with the main auditor.

The Audit Committee is, furthermore, responsible for supervising the results of the work of the external auditors. Therefore, it is promptly informed of their conclusions and of any incidents noted in their audits.

When required to do so, the external auditor has attended Audit Committee meetings to report on its areas of competency, which are essentially the following:

  • Reviewing the financial statements of the consolidated group and its component companies and issuing an audit opinion thereon. Although the auditors must issue their opinion on the financial statements as of December 31 each year, the work they conduct within each of the companies includes a review up to an earlier date, which is typically the end of the third quarter (September), in order to anticipate any significant transactions or other matters that have arisen up to said date. Since 2008, Abengoa has been voluntarily submitting its half-yearly statements to a limited review issued by the corresponding auditor. The quarterly financial statements also undergo a review process so that the information required by official bodies can be duly disclosed. Likewise, the consolidated financial statements of each the five Business Groups are audited: Abeinsa, Befesa, Abengoa Bioenergy and Abengoa Solar.
  • Evaluation of the internal control system and issuance of an audit opinion under PCAOB (Public Company Accounting Oversight Board) standards, (SOX -Sarbanes-Oxley Act- compliance). The specific PCAOB rules require a number of additional audit procedures to be conducted. The SEC (Security Exchange Commission) delegates to the PCAOB the preparation and issuance of the standards to be met by external auditors when evaluating internal control processes as part of an integrated audit.

In 2011, the external auditors carried out an integrated audit under PCAOB standards.

As a result of this work, the external auditors likewise issued a report containing the conclusions of their internal control assessment. This opinion is additional to the one included in the audit report on the annual financial statements, although the PCAOB allows both opinions to be included in the same document.

 

  • Matters of special interest.
    For certain matters or specific or significant transactions, the external auditor is required to provide its opinion on the criteria adopted by the company so as to reach a consensus.
  • Independent verification reports prepared by external auditors.
  • One of the cornerstones of the company’s strategy is its commitment to transparency and rigor. To reinforce this commitment, some years ago the company fixed the objective that all information appearing in the Annual Report should be verified externally.
    Therefore, 2007 witnessed the first audit on the company’s Corporate Social Responsibility Report. In 2008, this was extended to the Greenhouse Gas Emissions Report and in 2009, the Corporate Governance Report underwent an external audit process.
    The company is not satisfied with a limited assurance verification report
    pursuant to ISAE 3000 standards, but intends to continue progressing towards a reasonable assurance verification report, which is the most demanding type of verification to which a company can aspire.

Thus, external auditors issued five reports in 2011, all forming an integral part of the Annual Report:

  • Audit report on the consolidated accounts of the group, in accordance with applicable law.
  • Voluntary audit report on internal control compliance under PCAOB (Public Company Accounting Oversight Board) standards, pursuant to the requirements imposed by section 404 of the Sarbanes-Oxley Act (SOX).
  • Voluntary reasonable assurance audit report on the Corporate Governance Report, with Abengoa being the first listed company in Spain to obtain a report of this nature.
  • Voluntary reasonable assurance audit report on the Corporate Social Responsibility Report.
  • Voluntary audit report on the design and application of the Risk Management System pursuant to ISO 31000 standards.

c) Internal control

The Audit Committee’s main objectives concerning internal control over the preparation of financial reporting are:

  • Determining the risks of a possible material error in the financial reporting caused by fraud or possible fraud risk factors.
  • Analyzing the procedures for assessing the efficiency of internal control in relation to financial reporting.
  • Capacity of internal controls over the processes that affect Abengoa and its Business Groups. Identifying material internal control deficiencies and weaknesses in relation to financial reporting and response capacity.
  • Supervising and coordinating any significant changes made to the internal controls related to the quarterly financial reporting.
  • Performing the quarterly processes of closing the financial statements and differences identified in relation to the processes performed at year end.
  • Rolling out plans and monitoring the actions implemented to correct the differences identified in the audits.
  • Measures to identify and correct possible internal control weaknesses in relation to the financial reporting.
  • Analyzing procedures, activities and controls that seek to guarantee the reliability of financial reporting and prevent fraud.

Internal Control Model

In February 2010, the Spanish National Stock Market Commission (CNMV) published a document titled “Internal Control over Financial Reporting in Listed Companies” (ISFR), which contains two new legal obligations that listed companies must meet from 2011 onwards:

  • Audit Committees will be responsible for supervising financial reporting and the efficiency of the company’s internal control and risk management systems.
  • Companies will have to report to the markets on their systems of internal control over financial reporting through the Annual Corporate Governance Report.

The CNMV document is based on COSO and incorporates 30 recommended practices divided into five components areas:

  • Internal control environment
  • Financial reporting risk assessment
  • Control activities
  • Information and communication, and
  • Supervision of system operation

Since 2007, Abengoa has been voluntarily submitting its Internal Control Systems to external evaluation, with the issuance of an audit opinion under PCAOB standards and a compliance audit under section 404 of the Sarbanes-Oxley Act (SOX).

This means that Abengoa has been complying strictly with the reference indicators included in the Spanish CNMV’s ICFR document for four straight years now.

Abengoa believes that a proper internal control system would ensure that all relevant financial information is reliable and known to the management. It therefore believes that the model developed and tailored to SOX provides the ideal partner for the Common Management Systems, the main aim of which is to control and mitigate business risks.

The COSO model has been used as the conceptual framework, since this model most closely mirrors the approach required by SOX, which has also been presented to the Audit Committee. In this model, internal control is defined as the process carried out in order to provide reasonable assurance of the attainment of certain objectives, such as compliance with laws and regulations, the reliability of financial reporting and the effectiveness and efficiency of operations.

 

 

d) Governance and Compliance

To carry out its responsibilities, the Audit Committee has the following supervision tools at different levels of the organization:

Company management has implemented a Code of Professional Conduct, the guiding philosophy of which is honesty, integrity and good judgment on the part of employees, managers and directors, as reflected in Abengoa’s Annual Corporate Governance Report, which provides details of the company’s governing structure, risk control systems, the degree to which recommendations on governance are followed and the reporting instruments; and in which the management’s commitment to maintaining an appropriate internal control and risk management system, good corporate governance and ethical conduct on the part of the organization and its employees can be seen.

The Code of Conduct is available to all employees through the Abengoa intranet and is regularly updated.

The Welcome Manual of Abengoa and the different Business Groups make express reference to the Code of Professional Conduct.

All departments, principally Human Resources and Internal Audit, strive to ensure compliance with the Code and notify management of any irregular conduct they may detect so that the appropriate measures can be adopted.

Whistleblowing Channel

Abengoa and its different Business Groups have a mechanism in place for forwarding complaints to the Audit Committee. The channel was formally implemented in 2007 under the requirements of the Sarbanes-Oxley Act.

Abengoa has two whistleblowing channels:

  • An internal channel, which is available to all employees, so that they can report any alleged accounting or audit irregularity or breaches of the Code of Conduct. Issues are reported by e-mail or post.
  • An external cannel, available to anyone outside the company, so that they can report any alleged irregularities, fraudulent actions or breaches of Abengoa’s Code of Conduct through the company’s website (www.abengoa.com).

 

Complaints may be sent on the basis of confidentiality for the complainant or anonymously.

The aim of Abengoa in creating these channels has been to provide a specific means of communicating with management and the governing bodies, which may be used as a tool to inform them of any possible irregularity, non-compliance, unethical or illegal conduct or breach of the rules that govern the group.

Every complaint received leads to investigations by the Internal Audit team in accordance with the following procedure:

 Foreign Corrupt Practices Act (FCPA)

The honesty, integrity and sound judgment of employees, executives and directors is essential to the company’s reputation and success.

In pursuit of these principles, Abengoa adhered to the United Nations Global Compact in 2002. It upholds each of the ten principles enshrined in the initiative and works to integrate them fully into the strategy and policies governing the day-to-day running of the company. In relation to principle nº 10: “Businesses should work against corruption in all its forms, including extortion and bribery”, Abengoa has various procedures in place to prevent any kind of corruption within the company.

In the fight against extortion, fraud and bribery, Abengoa upholds the provisions of the US Foreign Corrupt Practices Act (FCPA).

In particular, the FCPA criminalizes acts by companies and their executives, directors, employees and representatives to pay, promise, offer or authorize payment of anything of value to any foreign civil servant, foreign political party, heads of foreign political parties with the aim of achieving or maintaining business operations, or of obtaining any kind of improper gain.

The FCPA complements the requirements imposed by section 404 of the US Sarbanes Oxley Act (SOX).
 

Supervision and Control of the Risk Management Model at Abengoa

During 2011, Abengoa continued to grow, carrying on activities in more than 77 countries. To deal with this growth in a safe and controlled manner, Abengoa has a common business management system that allows it to work on an efficient, coordinated and consistent basis.

In forthcoming years, we will be faced with an environment characterized by greater regulatory requirements. In order to deal with this scenario, Abengoa considers risk management an indispensable activity and function for strategic decision making.

Abengoa is aware of the importance of managing its risks in order to carry out appropriate strategic planning and attain the defined business objectives. To do this, it applies a philosophy formed by a set of shared beliefs and attitudes, which define how risk is considered, starting with the development and implementation of the strategy and ending with the day-to-day activities.

 

Abengoa’s Risk Management System is shown in the following diagram:

 

Abengoa defines risk as any potential event that may prevent the company from reaching its business objectives. Abengoa considers that a risk arises as a loss of opportunities and/or strengths or the materialization of a threat and/or strengthening of a weakness.

Abengoa’s attitude in the face of risk is awareness, involvement and anticipation. The key principles of Risk Management at Abengoa are the following:

  • In order to attain the business objectives fixed, risks must be managed at all levels of the company without exception.
  • The Board will be responsible for supervising the efficiency of the entity’s internal control and risk management systems.
  • Decisions are always taken on the basis of a consensus, with shared responsibility.
  • Abengoa’s Risk Management System is fully integrated into:
    • The strategic planning process.
    • The definition of business objectives.
    • Day-to-day operations to attain said objectives.
  • Risk Management includes the identification and assessment of, response to, monitoring or follow-up of and reporting of risks in accordance with the procedures in place for these purposes.
  • Responses to risks must be consist and must be well adapted to the conditions of the business and the economic environment.
  • Management must regularly evaluate the assessment of its risks and the responses that have been designed.
  • Monitoring will be conducted regularly and the conformity of the activities of identification, assessment, response, monitoring and reporting included in Abengoa’s Risk Management System will be reported.

The Risk Management process at Abengoa is a continuous cycle based on five key phases, as shown in the following diagram:

 

In each phase, regular and consistent communication is necessary in order to achieve good results. Since it is a continuous cycle, permanent feedback is necessary in order to achieve a constant improvement in the Risk Management System. These processes are addressed to all the company’s risks.

Abengoa manages its risks using the following model, described in the company’s Risk Management Manual, which is intended to identify the potential risks of a business:

 

Risk treatment and response criteria are contained within the Common Management Systems and must be observed by all employees.

The responses designed and included within the different elements that make up the Abengoa Risk Management System pursue one of the following risk management scenarios:

  • Elimination: the risk is completely eliminated.
  • Reduction and control: the aim here is to reduce the risk as much as possible by using strategic or safety measures (diversification of supply, quality systems, maintenance, prevention, etc.).
  • Transfer to a third party: the risk is transferred to a third party, so that Abengoa holds no responsibility for the risk, whether through an insurance company or another third party (supplier, subcontractor).
  • Financial retention: if it has not been possible to otherwise control the risk, it is eventually accepted.

Abengoa’s Risk Management Model comprises two core elements:

Both elements combine to form an integrated system that enables the company to manage risks and controls suitably throughout all levels of the organization.

a) Common management systems

The functional heads of each division must verify and certify compliance with these procedures. This annual certification is issued by the Audit Committee in January of the following year.

Los SCG contemplan unos procedimientos específicos que cubren cualquier acción que pueda resultar un riesgo para la organización, tanto de carácter económico, como no económico. Además, están disponibles para todos los empleados en soporte informático con independencia de su ubicación geográfica y empleo.

Los responsables funcionales de cada área, deben verificar y certificar el cumplimiento de estos procedimientos. Esta certificación anual es emitida y presentada al Comité de Auditoría en enero del año siguiente.

Objectives

  • To identify possible risks which, although they are inherent to any business, must be identified, mitigated and monitored.
  • To optimize the day-to-day management by applying procedures leading to financial efficiency, expense reduction and the homogenization and compatibility of information and management systems.
  • To promote synergies and value creation throughout Abengoa’s different Business Groups.
  • To reinforce corporate identity.
  • To achieve growth through strategic development that seeks innovation and new options in the medium- and long-term.

The systems cover the whole organization at three levels:

  • All the Business Groups and areas of activity.
  • All levels of responsibility.
  • All kinds of operations.

Our Common Management Systems represent a common culture for Abengoa’s different businesses and are composed of eleven Rules defining how each of the potential risks included in Abengoa’s risk model should be managed. Through these systems, the risks and the appropriate way of hedging against them are identified and the control mechanisms defined.

Over recent years, the Common Management Systems have evolved to adapt to the new situations and environments in which Abengoa operates, with the overriding aim of reinforcing risk identification, covering risks and establishing control activities.

 

 

b) Compulsory procedures (SOX)

The Compulsory Procedures are used to mitigate risks relating to the reliability of the financial information, employing a combined system of procedures and control activities in key areas of the company, which are intended to ensure the reliability of the financial information and prevent fraud.

As a result of our commitment to transparency, and so as to continue to ensure the reliability of the financial information prepared by the company, we have continued to reinforce our internal control structure, adapting it to the requirements established under section 404 of the United States Sarbanes-Oxley Act (SOX). For a further year, we have voluntarily submitted the internal control system of the whole group to an independent evaluation process conducted by external auditors under PCAOB (Public Company Accounting Oversight Board) audit standards.

SOX is a compulsory law for all listed companies operating in the United States and is intended to ensure the reliability of the financial reporting of these companies and protect the interests of their shareholders and investors by establishing an appropriate internal control system. Thus, although none of the Business Groups is required to meet SOX requirements, Abengoa deems it necessary to comply with these requirements throughout all of its component companies, since these requirements complement the risk control model used by the company.

The company has implemented an appropriate internal control system that relies on three tools:

  • A description of the company’s relevant processes that could impact the financial information to be prepared.
  • In this regard, 41 Management Processes (MPs) have been defined and grouped into corporate cycles and common cycles used throughout all the Business Groups.
  • A series of flow charts that provide a visual description of the processes.
  • An inventory of the control activities in each process to ensure attainment of the control objectives.

Our work comprises the following aspects:

 

At Abengoa, we have viewed this legal requirement as an opportunity for improvement and, far from being satisfied with the rules included in the Act, we have tried to develop and improve our own internal control structures, control procedures and the evaluation procedures in place.

This initiative arose in response to the swift expansion experienced by the group
in recent years and projected future growth, the aim for us to continue preparing accurate, timely and complete financial reports for our investors.
In order to meet the requirements of section 404 of the SOX, Abengoa’s internal control structure has been redefined following a “Top-Down” approach based on risk analysis.

This risk analysis encompasses a preliminary identification of significant risk areas and an assessment of the company’s controls over them, starting with top-level executives - corporate and supervisory controls – then dropping to the operational controls present in each process.

Our approach is as follows:

 

c) The Universal Risk Model

In 2011, Abengoa finished integrating its Universal Risk Model, the company’s chosen methodology for quantifying the risks that compose the Risk Management System.

Abengoa’s Universal Risk Model is made up of four categories, 20 sub-categories and a total of 86 principal risks for the business. Each these risks has an associated series of indicators that allow its probability and impact to be measured and the degree of tolerance to the risk to be defined, thus allowing for subsequent risk assessment and monitoring.

The following diagram illustrates how Abengoa’s Universal Risk Model works. The model is periodically reviewed and updated jointly by the Internal Audit departments, the heads of each area involved and the heads of risk management at corporate-level and for the different Business Groups.
 

 

After applying both probability and impact indicators to all the risks that make up Abengoa’s Universal Risk Model, risks are grouped accordingly into four types, each with its own pre-determined risk management strategy:

 

  • Minor risk: risks that occur frequently but have little economic impact. These are managed accordingly to reduce the likelihood of them arising, but only if managing them proves economically viable.
  • Tolerable risk: risks that occur infrequently and have little economic impact. These risks and monitored to ensure that they remain at tolerable levels.
  • Severe risk: frequent risk with a heavy impact. These risks are managed immediately, although due to the risk management processes implemented by Abengoa, it is unlikely that Abengoa will have to tackle this type of risk.
  • Critical risk: risks that occur infrequently but have a very high economic impact. These risks have their own contingency plan, given the severity of their impact should they arise.

On a final note, Abengoa completed implementation in 2011 of Archer eGRC, a technological solution enabling the company to automate the process of identifying, assessing, responding to, monitoring and reporting the risks that make up its Universal Risk Model, thus helping to protect all the activities and sectors in which Abengoa is currently engaged.