Microsoft Word - Informe de gobierno corporativo 2014

43.

The head of internal audit should present an annual work program to the Audit Committee;

inform it directly of any incidents arising during its implementation; and submit an activities report

at the end of each year.

Complies

44.

The risk management and control policy should specify at least:

The different types of risk (operational, technological, financial, legal, reputational, etc.) to

which the company is exposed, with the inclusion under financial or economic risks of

contingent liabilities and other off-balance-sheet risks;

Setting the level of risk considered acceptable by the company;

The measures established to mitigate the impact of the risks identified, should they

materialize;

The internal control and reporting systems used to control and manage the aforesaid risks,

including contingent liabilities and off-balance sheet risks.

See heading: E

Complies

45. The Audit Committee’s role should be:

With respect to internal control and reporting systems:

Management and adequate notification of the main risks identified as a result of the

supervision of the effectiveness of the Company's internal control and internal audit, where

appropriate.

Oversight of the independence and effectiveness of the internal audit function; proposing the

selection, appointment, re-election and removal of the internal audit service head, and the

estimate for that service; receiving periodic information on its activities; and verifying whether

senior management has taken into account the conclusions and recommendations of its

reports.

Establishment and supervision of a mechanism enabling the employees to confidentially and, if

deemed appropriate, anonymously, notify the irregularities of potential importance, especially

financial and accounting irregularities, communicated within the company.

With respect to the external auditor:

To receive regular information from the external auditor on the audit plan and the

outcome of its execution, verifying that senior management takes due note of its

recommendations;

To ensure the independence of the external auditor, to which end:

The Company should notify any change of auditor to the CNMV as a significant event,

accompanied by a statement of any disagreements arising with the outgoing

auditor and, if any, from its content.

ii)

Should the external auditor resign, examine the circumstances leading to the

resignation.

See headings: C.1.36, C.2.3, C.2.4 and E.2

Complies

46.

The Audit Committee should be empowered to meet with any company employee or manager,

even ordering their appearance without the presence of another senior officer.

Complies