35

Further information on the Group's Risk Management and Control System is provided in the

appendix to section H of this report.

E.2

Identify the company bodies responsible for the preparation and execution of the Risk

Management System.

The Risk Management and Control System is a corporate system in which the whole of the

Atresmedia Group participates with different levels of responsibility and participation therein. Via

control assessments, all organisational and business units are actively involved in the system.

Atresmedia's main responsibilities relating to the Risk Management and Control System are

summarised as follows:

BUSINESS UNITS AND CORPORATE UNITS:

−

Control, assessment and supervision heads

−

Bound to comply with regulations: external and internal (policies, regulations and

procedures).

FINANCIAL DEPARTMENT:

−

Head of most of the financial controls and of the Internal Control over Financial

Reporting (ICFR) System.

−

Compliance with policies and rules related with budgets, accounts, financial statements

and financial reporting.

LEGAL ADVISORY SERVICES/SECRETARY TO THE BOARD OF DIRECTORS:

−

Head of most of the regulatory compliance and Corporate Governance controls.

REGULATORY COMPLIANCE COMMITTEE

−

Body which monitors the regulatory compliance of the Group.

−

Head of monitoring of the Code of Conduct and the Whistleblower Channel.

INTERNAL AUDIT AND PROCESSES CONTROL:

−

Coordinates and administers the Risk Management and Control System.

−

Designs policies and procedures and identifies new controls.

−

Verifies the controls and reports to the Audit Committee.

The Audit and Control Committee is responsible for the supervision of the System's functioning, the

assessment of new risks and for the information to be included in the annual and half-yearly financial

statements.

The Audit and Control Committee is also responsible for informing the Board of Directors on the System

for which, where appropriate, it approves or modifies the action plans, new measures to be implemented

and the assessment of the new risks identified.

E.3

Indicate the main risks which may affect the attainment of the business objectives.

The content of this section has been filled in in the appendix to section H.

E.4

Identify whether the entity has a risk tolerance level.

Atresmedia has defined a risk tolerance level within the system in each business, based on two main

criteria:

−

Process or target potentially affected by the risk

−

Level of operations/results affected

Risk tolerance levels are identified for all the risks included in the Group's risk map.

The system periodically assesses the level of exposure to the identified risks of the defined processes and

organisations.

The inherent risk is understood to be the risk of not taking action to modify its probability and impact.

Residual risk is deemed to be the risk remaining once the responses to the risks have been adopted and

implemented.