The company’s control environment
Describe the mechanisms entailed in the risks monitoring and management system in relation to the company’s financial reporting (System of Internal Control over Financial Reporting) process.
F.1 The control environment of the company
Report pointing out the main characteristics of, at least:
F.1.1. The bodies and/or functions in charge of: (i) the existence and maintenance of an appropriate and effective SICFR; (ii) its introduction; and (iii) its supervision.
The System of Internal Control over Financial Reporting, (hereinafter, SICFR), is part of Abengoa’s general system of internal control and is set up as a system prepared to provide reasonable assurance of the reliability of financial report published. The body in charge of it, pursuant to the Regulations of Abengoa’s Board of Directors, is the Board of Directors and, within it, the duty of supervision is conferred on the Audits Commission in accordance with the regulations thereof.
Thus, the Board of Directors is in charge of setting up and maintaining a compulsory Audits Commission as inferred from Article 27 of the Bylaws of the Board of Directors. Accordingly, the duties that the Board entrusts to the Audits Commission entail, in relation to the SICFR, “the supervision of the process of elaborating and integrating the financial report regarding the company and, as the case may be, the group, revising the compliance with regulatory requirements”. Also, according to said article, the duties of the Board and, by delegation, the Audits Commission, include “the regular revision of internal risks monitoring and management systems, to ensure appropriate identification, management and reporting of the main risks”.
F.1.2.The following elements, if existing, especially in relation to the process of elaborating the financial report
Departments and/or mechanisms in charge of: (i) designing and revising the organizational structure; (ii) clearly defining the lines of responsibility and authority, with an appropriate distribution of duties and tasks; and (iii) ensuring the existence of sufficient procedures for its correct announcement through out the entity.
As stipulated by the Board of Directors Regulations:
- It is in charge of defining the structure of the Group of companies, on the proposal of the company’s chief executive, the appointment and possible dismissal of senior executives of Abengoa and other companies making up the group.
- The core components of the board’s mission is to approve the company’s strategy and the organization required for its execution, and to ensure that management attains the objectives while pursuing the company’s interests and corporate purpose.
- Through the relevant departments, the board of directors will strive for the correct and integral announcement of the relevant information of the company including but not limited to that related to the call for the general shareholders’ meeting, its agenda and contents of the proposed agreements, relevant facts, agreements signed by the last shareholders’ general meeting held, the internal regulations of corporate governance and Annual Report. The media for announcing will be the most adequate for ensuring that unrestricted announcements are made and in a timely manner, including the Company’s webpage.
Code of conduct, body of approval, degree of publication and instruction, principles and values including (indicating whether there is specific mention of the recording of transactions and the elaboration of the financial report), body in charge of analysing breaches and of proposing the correct actions and sanctions.
At Abengoa there is a code of ethics and professional conduct approved by the board of directors and available on the Intranet in both Spanish and English, which outlines the ethical and responsible behaviour that must be assumed in the execution of company activities and in managing the businesses, by the management team and all the professionals of Abengoa and its subsidiaries. Abengoa runs a continuous on-the-job training programme in which courses are imparted on topics of Code of Conduct. It is compulsory for all employees to attend said courses and to show proof by signing attendance sheets, and the company ensures that all Abengoa employees have learned, received and understood said information.
In 2014, 2,376,860 hours of training was imparted in the whole Group; (35,878 hours in Abengoa, S.A.); 153 employees were in attendance.
Abengoa’s Code of Conduct::
- The highest standards of honesty and ethical behaviour, including appropriate and ethical procedures for dealing with actual or possible conflicts of interests between professional and personal relationships.
- The most complete, just, precise, timely and intelligible communication in all periodical reports that Abengoa must submit to the organs of Administration or in all reports that may be made.
- Compliance with the applicable laws, standards, rules and regulations.
- The tackling of actual or possible conflicts of interests and the provision of orientation to ensure that employees, managers and board members report such conflicts to Abengoa.
- The interruption of the poor use or poor application of Abengoa’s properties and business opportunities.
- The maximum level of confidentiality and fair trade in and outside Abengoa.
- The immediate internal reporting of any breach of said Code of Conduct and the appropriate reporting of all illegal behaviours.
All information made public and all media releases deemed to be affecting Abengoa must first be approved by the board of directors or by the manager who may have been previously entrusted with performing such duty.
Its appropriate follow-up is a source of profitability and security in the execution of the activities of Abengoa. Said regulations ensure the veracity and reliability of the financial report.
The Board of Directors is in charge of, and, by virtue thereof, its Chairman, Commissions set up, delegated commissions or, as the case may be, Managers entrusted therewith, the classification of the breaches of the Common Management Systems.
Whistleblowing channel, which enables reporting of irregularities of financial and accounting nature to the audits commission, in addition to possible breaches of the code of conduct and irregular activities in the organization. The reports may be filed in secrecy or anonymity.
An important aspect of responsibility and transparency is to provide a mechanism by which any interested party may safely and secretly report irregularities, unethical or illegal conducts that, in his/her opinion, occur in the execution of the Company’s activities.
In this manner and following the guidelines provided in section 301 of the Sarbanes-Oxley Act, the Audits Commission decided to establish specific procedures for:
- The reception, safeguard and treatment of complaints or reports that the company may receive in relation to the accounting, internal monitoring of the accounting or auditing matters.
- Employees of the company to be able to secretly or anonymously send information in good faith on the dubious or arguable policies of accounting and auditing.
Towards that end, Abengoa has a double mechanism for receiving complaints or reports:
- An internal channel, which is available to all employees, so that they can notify any alleged irregularity in accounting or audits or breaches of the code of conduct. The communication channel is by e-mail or ordinary mail.
- An external channel, available to anyone outside the company, so that they can notify any alleged irregularities, fraudulent actions or breaches of Abengoa’s Code of Conduct through the web page (www.abengoa.com).
Training programs and regular updates for the personnel involved in the preparation and revision of the financial report, as well as in the evaluation of the System of Internal Control over Financial Reporting, which should at least cover accounting regulations, auditing, internal risks monitoring and management.
The Human Resources Management works together with the Economic-Financial Management to impart regular training, both internally and externally, to the personnel involved in the preparation of the Financial Statements of the Group.
The training programs are fundamentally focused on the correct knowledge and update on the International Financial Reporting Standards (IFRS) and on the laws and other rules and regulations on the Internal Control over Financial Reporting (Common Management Systems).
Both the Internal Audits Management and the Global Risks Management keep themselves informed and up-to-date on the latest on Risks management and Internal Control, especially on Financial Reporting.
During the 2014 financial year, the Departments related with the preparation, revision and reporting of financial information received various publications as updates to the accounting and financial standards, internal control and tax, including courses by internal experts in relation to the updating of accounting standards.
F.2 Financial Reporting Risk Assessment
At least reporting the following:
F.2.1. Describe the main characteristics of the risks identification process, including those of error or fraud, with regards to:
If the process does exist and is documented.
Abengoa has introduced a process for identifying and evaluating risks: the Universal Risks Model which is updated on regular basis. Said model enumerates the risks identified by the organization, classified into categories and sub-categories, assign indicators to each to enable them to measure their probability and impact and to define the degree to which they may be tolerated.
And finally, the types of risks related with the accounting and the submission of the financial report, the management of debt and equity financing, planning and budgeting and the tax strategy of transactions:
Indicate whether the process covers the entire objectives of the financial reporting, (existence and occurrence; integrity; evaluation; presentation, breakdown and comparability; and rights and obligations), and whether it is updated and at what frequency.
The URM is designed to cover all risks that are identified. Among them, a series of them that refer to the preparation and submission of the financial report, accounting records, the management of debt and equity financing, planning and budgeting and the tax strategy of transactions:
Identified risks are covered and mitigated by Abengoa’s internal monitoring system. All risks previously linked with the process by which the financial information is prepared are under control such that it may be guaranteed that the financial information appropriately adheres to the requirements of existence, occurrence, integrity, evaluation, presentation, breakdown and comparability.
Indicate whether there is a process for identifying the consolidation perimeter, considering, among other things, the possible existence of complex corporate structures, instrumental or special purpose entities.
The consolidation perimeter of Abengoa is subjected to revisions during each quarterly closing. The Consolidation department is in charge of analysing companies that enter and those that exit said perimeter. Both the creation and acquisition of companies, as well as their sale or dissolution, are subject to internal authorization processes that permit the clear identification of all entries and exits to and from the consolidation perimeter.
Indicate whether the process considers the effects of other types of risks (operational, technological, financial, legal, reputation, environmental, etc.) in the manner in which they affect the financial statements.
As already mentioned, the URM is the methodology for the identification, comprehension and evaluation of the risks that may affect Abengoa. The purpose is to obtain an integral vision of them, designing an efficient system of response that is in line with the business goals and objectives of the company.
It s made up of 56 risks belonging to 20 categories. These are grouped into 4 large areas (financial risks, strategic risks, regulatory risks and operational risks).
All the risks of the model are evaluated based on two criteria:
- Occurrence Probability: Degree of frequency at which to be sure that a specific cause will expose Abengoa to an event with negative impact.
- mpact on Entity: Set of negative effects on the strategic goals and objectives of Abengoa.
Which corporate governance body supervises the process?
The financial information preparation process is paramount responsibility of the Board of Administration. Pursuant to the regulations of the organ of administration, prior to the presentation of the financial information, it must first be certified by the Chairman of the Board and of the Corporate Directors of the department of Consolidation and Internal Auditing.
Likewise, as set forth in section F.5 of this document, the Board of Directors entrusts the Audits Commission with the duties of supervising the system of internal control and monitoring which ensures that the preparation of the financial information strictly follows the required standards.
F.3 Control Activities
Give a report pointing out the main characteristics, and indicate whether the following is at least included:
F.3.1. Procedures for reviewing and authorizing the financial reporting and the description of the System of Internal Control over Financial Reporting, to be published at the stock market, indicating responsibilities, as well as the documents describing the cash flows of activities and controls (even in connection with fraud risks) of the various types of transactions that could materially affect the financial statements, including the accounting closure proceedings and the specific revision of the judgements, estimates, evaluations and relevant projections.
In accordance with the Board of Directors Regulations, the integrity and exactitude of the Annual Accounts presented to the Board of Directors for approval must first be certified by the Chairman of the Board of Directors and by the Director of the Department of Corporate Consolidation and Audits.
When the Board of Directors receives the reports issued by the Corporate General Directorate and obtains the necessary clarifications, it must clearly and precisely declare that the contents of the Annual Accounts and the Management Report can be easily understood.
The Board of Directors must ensure that that said documents depict the true state of the asset, the financial statement and the profit and loss outcome of the company, in conformity with the stipulations of the Law.
Thus, the Board of Directors will decide on and take as many actions and measures deemed necessary to ensure the Company’s transparency on financial markets, promoting correct information on the prices of the Company’s shares, supervising financial-related information regularly made public and performing as many duties as may be required of the company’s status as a listed company.
The process or structure effectively followed in certifying the financial report, done on quarterly basis, reflects the manner in which financial report is generated at Abengoa.
In said structure, the information to be reported is prepared by company heads, then revised by heads of the respective Business Units and by the respective Corporate areas heads who certify both the reliability of the financial report on the area under their charge –which is what they submit for consolidation at group level- as well as the effectiveness of the internal control system set up to reasonably ensure said reliability. Finally, the chairman and CEO, as the Topmost executive, and the directors of Internal Audits and Corporate Consolidation certify the reliability of the consolidated accounts to the Board of Directors in the quarterly Audits Commission. With the support of the Internal Audits management, said Commission supervises the entire certification process, and then submits its conclusions from said analysis to the Board of Directors in the sessions in which the accounts will be officially signed. The information will then be published at the National Securities Exchange Commission (CNMV) once submitted to the Commission.
The legal consultants department of Abengoa SA meet regularly in committees with the different legal consultants of the various subsidiaries of Abengoa to be informed of the legal situations of ongoing litigations and later report to the Chairman’s office where subsequent discussions are held during the Board of Directors meetings on the situations of the most significant conflicts.
F.3.2. Policies and procedures of internal control of information systems (especially on safety and security of access, monitoring of changes, operating them, operational continuity and separation of functions) that back the entity’s relevant processes with regards to the elaboration and publication of the financial report
Among the controls studied for mitigating or managing the risks of error in financial reporting are those related to the most relevant computer applications, like controls relating to user access permissions or to the integrity of information transfer between applications.
In addition, Abengoa follows guidelines or standards and procedures of internal control over information systems in relation to acquiring and developing software, acquiring systems infrastructure, installing and testing software, managing changes, managing service levels, managing services performed by third parties, systems security and access to them, managing incidents, managing operations, the continuity of operations and the segregation of functions. Said guidelines and procedures -which in some cases are different based on geographical scope and which are in the process of gradual homogenization- are applied to all information systems including those that house the relevant processes of the generation of financial report, and to the infrastructure necessary for its functioning.
In geographies where Abengoa operates, the entire internal network of computer infrastructure is controlled by a Department of internal professionals who are charged with defining and executing the group’s IT and telecommunications strategy, as well as user support, systems operation and IT security. Abengoa has an Internet Technology (IT) security system in place that envisages the recovery of relevant information in the event of a system crash. Said security system is managed through the aforementioned internal IT Department.
F.3.3. Policies and procedures of internal control aimed at supervising the management of activities sourced out to third parties, including the aspects of evaluation, calculation or assessment entrusted to independent experts, which could materially affect the financial statements.
In general terms, Abengoa does not retain third party subcontractors to perform significant tasks that directly affect financial reporting. Third-party assigned assessments, evaluations or calculations that could materially affect the financial statements are considered activities deemed relevant for generating financial report that may lead, as the case may be, to the identification of risks of priority errors, thus implying the designing of associated internal controls.
Abengoa has a method of approval through an authorization that grants Executive support which, among other things, must be acquired by the Department that needs to outsource a service. Such contracts are subject to reviews before being signed, including their analysis and internal approval of the fundamental hypothesis to be used.
F.4 Information and communication
Give a report pointing out the main characteristics, and indicate whether the following is at least included:
F.4.1. A specific function entrusted with defining, continuously updating accounting policies (area or department of accounting policies) and resolving doubts and conflicts derived from their interpretation, maintaining constant communication with those in charge of the transactions in the organization, continuously updating the manual of the accounting policies and reporting to the units through which the entity operates.
Abengoa operates with an Accounting Policies Manual. Said manual establishes the accounting policies criteria that must be observed when the company is preparing the financial report using the financial reporting framework established by the International Financial Reporting Standards adopted by the European Union.
The manual is available to all employees of Abengoa.
Said manual, is also subject to regular updates for the purpose of including all new applicable rules and regulations. The department of Consolidations and Accounting Policies is responsible for updating the manual which was last updated during the 2014 financial year.
F.4.2. Mecanismos de captura y preparación de la información financiera con formatos homogéneos, de aplicación y utilización por todas las unidades de la entidad o del grupo, que soporten los estados financieros principales y las notas, así como la información que se detalle sobre el SCII
All the entities that make up Abengoa’s consolidated group use the same financial information reporting tools and applications, regardless of the information system being used for the maintenance of the accounting records. Said tools, which are regularly supervised by the Consolidation Department, ensure that the financial information reported by companies is complete, reliable and consistent. Thus, the information reported during the closing of financial years includes all breakdowns deemed necessary for the preparation of consolidated financial statements and their explanatory notes.
F.5 Supervisión del funcionamiento del sistem
Give a report pointing out the main characteristics of at least:
F.5.1. the activities of supervising the System of Internal Control over Financial Reporting performed by the audits commission, and on whether the entity has an internal audits system that is empowered to support the commission in supervising the internal control system, including the SICFR. Also provide information on the scope of the assessment of the SICFR during the financial year and on the process by which the head of the assessment reports the results, whether the entity has an action plan that outlines the possible corrective measures, and whether its impact on the financial reporting has been considered.
The Board of Directors is in charge of ensuring the appropriate registration of the operations in the accounting records, of maintaining a structure of internal control and accounting for the purpose of preventing and detecting errors and irregularities. In accordance with the Board of Directors Regulations, the Audits Commission is entrusted with the following duties:
- To report on the Annual Accounts, as well as on the quarterly and half-yearly financial statements that must be issued to the regulatory or supervisory bodies of the securities markets, with express mention of the internal control systems, verification of compliance and monitoring through internal audits and, when applicable, on the accounting criteria applied.
- To supervise the preparation process and the integrity of the financial report on the company and, if applicable, the group, and to verify compliance with regulatory requirements, the appropriate boundaries of the scope of consolidation and the correct application of Accounting principles.
- Frequently review the systems for the internal monitoring and risks management, so that the main risks are identified, managed and properly disclosed.
- Supervise and ensure the independence and effectiveness of the duties of internal audits and supervising them, with full access to said audits, propose the selection, appointment, re-selection and dismissal of heads of internal audits, propose the budget for said unit, and set the salary scale of its Director; obtain regular information on the activities and the budget of the unit; and ensure that the senior management considers the conclusions and recommendations in its reports.
The Audits Commission’s functions include the supervision of the internal audits service and obtaining information on the financial reporting process, the internal control systems and on the risks for the company.
On the other hand, with regards to the supervision of the internal controls system, the goals of the duty of internal audits are as follows:
- To prevent the group companies, projects and activities from exposure to audits risks such as fraud, capital losses, operational inefficiencies and, in general, any risks that may affect the healthy running of the business.
- To ensure the continuous application of the standards, appropriate procedures and efficient management in accordance with the Common Management Systems.
The Internal Audits Department of Abengoa
The internal audits service originated as an independent global function, reporting to the Audits Commission of the board of directors, with the principal objective of supervising Abengoa’s internal monitoring and significant risk management systems.
Abengoa’s internal audit service is structured around seven functional areas:
- Internal control
- Financial Audit
- Project Audit
- Monitoring Audit of specific risks
- Fraud Prevention Audit
- Non-Financial Audit
- Systems Audit
The team of internal auditors comprises of 56 professionals. The following are the characteristics of the team:
- The average age of an internal auditor in Abengoa is currently at approximately 31 yrs
- The male and female percentage is 60% and 40% respectively.
- Professional experience averages around 7 years.
- Approximately 70% of the auditors have previous experiences from one of the Big4 external auditing firms.
The general goals of internal auditing are as follows:
- To prevent the group companies, projects and activities from exposure to audits risks such as fraud, capital losses, operational inefficiencies and, in general, any risks that may affect the healthy running of the business.
- To ensure the continuous application of the standards, appropriate procedures and efficient management in accordance with the Common Management Systems.
- To create value for Abengoa and its business units, promoting the construction and maintenance of synergies and the monitoring of optimal management practices.
- To coordinate work criteria and approach with the external auditors, seeking the most efficiency and profitability of both functions.
- Analysis and processing of the complaints received through whistle-blowing and reporting the conclusions of the work performed to the Audit Commission.
- To evaluate the companies’ audit risk following an objective procedure.
- To develop Work Plans using scopes that is convenient for each different situation.
Abengoa’s internal auditor services are in line with the international standards for the professional practice of internal auditing, of the Institute of Internal Audit (IIA).
Likewise, Abengoa is a member of ACFE Corporate Alliance as of fiscal year 2014. This association helps companies with tools and specific formation focused on the fight against fraud and corruption, as well as resources to obtain the CFE (Certified Fraud Examiner) certification for internal auditors assigned to this area.
F.5.2. Indicate whether there is a discussion procedure by which, (in accordance with the stipulations of the NTA), the accounts auditor, the internal audits’ office and all the other experts, may inform the entity’s senior management, its audits Commission and its directors, on the significant weaknesses identified in the internal control during the revision of the financial statements or of all other documents entrusted to them. Also report whether there is an action plan for correcting or mitigating the weaknesses uncovered.
The Internal Audits’ office regularly informs the senior management and audits Commission on the weaknesses identified in internal control in revisions performed on the processes during the financial year, and on the introduction of the action plans put in place to ensure the mitigation of said weaknesses.
On the other hand, the accounts auditor of the group retains direct access to the group’s senior management, holding regular meetings both to obtain the information necessary for the execution of its duties as well as to report on the weaknesses detected in (internal) control during the auditing. The external auditors will issue the economic-financial director and the audits Commission an annual report detailing the weaknesses it detected in the internal control while performing its duties.
F.6 Other information of interest
The external auditors issued five (7) reports during the 2014 financial year. They are integrated into the Annual Report:
- Audit report on the Group’s consolidated financial statements, as required by the Laws in vigour.
- Audit report on internal audit compliance under PCAOB (Public Company Accounting Oversight Board) standards, as required under section 404 of the Sarbanes-Oxley Act (SOX)
- Voluntary reasonable assurance audit report on the Corporate Governance Report, being the first Spanish listed company to obtain a report of this nature.
- Voluntary reasonable assurance audit report on the Corporate Social Responsibility Report.
- Voluntary audit report on the design of the Risk Management System following the ISO 31000 Standards and Specifications.
- Voluntary report on the verification of the design and application of the anticorruption compliance system
- Reasonable ensuring verification report on the assignment of funds of the Green Bond and its adequate assignment to the category of eligible green projects.
F.7. Report from the External Auditor
Issue report on:
F.7.1. whether the external auditor revised the SICFR information issued to the markets and, if so, the entity must include the corresponding report as annex but, if not, it must provide the reasons.
Abengoa applies all the rules and regulations dictated by the (CNMV) Stock Market Authorities. This fact implies that for the past five financial years Abengoa has been strictly complying with the reference indicators included in the document of the CNMV’s “Systems of Internal Control over Financial Reporting.
Since 2007 and mandatorily as of 2014, Abengoa has voluntarily submitted its Internal Control Systems to an external evaluation that concludes with the issuance of an audit opinion under the PCAOB standards, and to audits to ascertain compliance with section 404 of the Sarbanes-Oxley Act (SOX).
The auditor of the individual and consolidated annual financial statements of Abengoa, for the financial year ending December 31, 2014, is Deloitte S.L. which is also the Group’s main