64
42.
Listed companies shouldhavean internal audit function, under the supervisionof theAudit Committee,
to ensure the sound functioningof the internal control and reporting systems.
Seeheading:
C.2.3
Complies
43.
The head of internal audit should present an annual work program to the Audit Committee;
inform it directly of any incidents arising during its implementation; and submit an activities report at
theendof eachyear.
Complies
44.
The riskmanagement and control policy should specifyat least:
a)
The different types of risk (operational, technological, financial, legal, reputational, etc.) to
which the Company is exposed, with the inclusion under financial or economic risks of contingent
liabilities andother off-balance-sheet risks;
b)
Setting the level of risk consideredacceptableby theCompany;
c)
Themeasures established tomitigate the impact of the risks identified, should theymaterialize;
d)
The internal control and reporting systems used to control and manage the aforesaid risks,
including contingent liabilities andoff-balance sheet risks.
Seeheading: E
Complies
45. TheAudit Committee’s role shouldbe:
1
With respect to internal control and reporting systems:
a)
Management andadequatenotificationof themain risks identifiedas a result of the supervisionof
theeffectivenessof theCompany's internal control and internal audit,whereappropriate.
b)
Oversight of the independence and effectiveness of the internal audit function; proposing the
selection, appointment, re-election and removal of the internal audit service head, and the
estimate for that service; receiving periodic information on its activities; and verifying whether
seniormanagement has taken intoaccount the conclusions and recommendationsof its reports.
c)
Establishment and supervision of a mechanism enabling the employees to confidentially and, if
deemed appropriate, anonymously, notify the irregularities of potential importance, especially
financial andaccounting irregularities, communicatedwithin theCompany.
2
With respect to theexternal auditor:
a)
b) To receive regular information from the external auditor on the audit plan and the
outcome of its execution, verifying that senior management takes due note of its
recommendations;
b)
Toensure the independenceof theexternal auditor, towhichend:
i)
The Company should notify any change of auditor to the CNMV as a significant event,
accompanied by a statement of any disagreements arising with the outgoing
auditor and, if any, from its content.
ii)
iii) Should the external auditor resign, examine the circumstances leading to the
resignation.
Seeheadings: C.1.36, C.2.3, C.2.4andE.2
Complies