BEFESA

Risk Control Systems

There are two bases to Befesa’s Risk Control structure: the Common Management Systems and the Internal Audit Services, the definitions, objectives, characteristics, and functions of which are given here-below.

• • Common Management Systems

    Definition

    The Common Management Systems develop the Company’s internal regulations and its methodology for assessing and controlling risks and represent a genuine guide for managing Befesa’s businesses, sharing the accumulated knowledge and setting criteria and operational standards.

    Objectives

    • To identify possible risks that, although associated with any business, must be minimized and attention must be paid to them.
    • To optimize day-to-day management, applying procedures designed for financial efficiency, cost reduction, and information and management systems homogenization and compatibility.
    • To foment the synergy and the creation of value for the different business units, working in a collaborative ambience.
    • To reinforce the corporate identity, respecting the shared values of all the companies within Befesa.
    • To grow through strategic development, pursuing innovation and new medium and long-term options.

    The systems cover the entire organization at three levels:

    • All Business Units and business lines;
    • All levels of responsibility;
    • All types of transactions.
  • Internal Audit

    Definition

    The function of the Internal Audit is structured around the Pooled Audit Services that encompass the audit teams of the Business Units and Corporate Services that act in a coordinated manner and which are responsible to the Audit Committee of the Board of Directors.

    General Objectives

    • To anticipate the audit risks of the Group’s Companies, Projects and Activities, such as frauds, financial damages, inefficient operations and, in general, risks that may affect the healthy operation of business.
    • To control the application of, and promote the development of adequate and efficient management regulations and procedures in accordance with the Common Corporate Management Systems.
    • To create value for Befesa, promoting the building up of synergies and the monitoring of optimal management practices.
    • To co-ordinate the criteria and focusing of the external auditors’ work, pursuing the best efficiency and profitability of both functions.

    Specific Objectives

    • To assess the Audit Risks of Befesa’s companies and projects in accordance with an objective procedure.
    • To define several types of standard Internal Audit and Control tasks in order to develop the corresponding Work Plans with the appropriate scope for each situation. This classification, which is linked to the Audit Risk Assessment, determines the Work Plans to be utilized and implies a type of appropriate Recommendation and Report and should therefore be used explicitly in these documents.
    • To steer and co-ordinate the planning process for audit work and internal control in the Companies and Business Units, to define a notification procedure for these tasks and communication with the affected parties, and to establish a coding system for these tasks for their adequate control and monitoring.
    • To define the communication process of each audit task’s results, the people that are affected and the format of the documents in which it materializes.
    • To review the application of the plans, the adequate execution and supervision of the tasks, the timely distribution of the results and the monitoring of the recommendations and their corresponding implementation.

    The Audit Committee

    Pursuant to Article 47 of Law 44/2002 of December 22, of the Financial System Reform Measures, Befesa’s Board of Directors appointed an Audit Committee on December 18, 2002, whose functions include the "supervision of the internal audit services" and the "understanding of the financial reporting process and the company’s internal control systems".

    The Corporate Internal Audit Officer reports systematically to this Committee in relation to his/her own responsibilities of:

    • the Annual Internal Audit Plan and the level of compliance therewith;
    • the level of implementation of the issued recommendations;
    • a sufficient description of the main areas reviewed and the most significant conclusions:
    • other more detailed explanations that the Audit Committee may require.