44
financial statements, including the accounting close procedure and the specific review
of the significant opinions, estimates, assessments and projections.
The GRC (Governance, Risks and Compliance) System includes and fully identifies a
series of specific ICFR controls that have different heads charged with the preparation
and supervision of all financial information.
These controls ensure that each of the heads must perform a series of control actions
that ensure the global and integrated correction of all the information published at each
time.
The Atresmedia Group has established a series of procedures for the preparation and
review of the financial statements and the accounting close. The Financial Division has
established a series of steps and procedures that must be complied with by the different
department areas in order to perform the accounting close and prepare the financial
statements.
Likewise, a series of Procedures and Protocols have been defined at Group level, which
aim to minimise any risk related with the ICFR and ensure the published information. The
main related procedures and protocols are as follows:
Purchase management procedure for goods and services
Customer management procedure: objections, insolvencies, freezing and
unfreezing of customers
Purchase Committee and Investment Committee procedure
Delegation management procedure
IT security procedure
Approval and dispatch protocol regarding significant events to the CNMV
Presentation protocol of financial results to the CNMV
Preparation protocol of the telematic file and dispatch to the Mercantile
Register of the Group companies' financial statements.
The review of the financial information is carried out by both senior management and by
external and internal auditors and, in the last instance, by the Audit and Control
Committee.
In addition, the control activities are mainly aimed at preventing, detecting, mitigating,
compensating for, and correcting the potential errors or errors that have been
discovered in adequate time before the reporting and publication of the financial
information.
F.3.2.
Internal control policies and procedures on the information systems (among others, on
access security, change control, the operation thereof, operating continuity and
unbundling) which support the entity's relevant processes in relation to the preparation
and publication of financial information.
The Atresmedia Group implements part of the controls defined to mitigate the risks
related with the ICFR, either by people responsible therefor and/or by semi-automatic
controls performed by IT systems.
Many of the functions that support the relevant steps in the preparation of the financial
information are semi-automated in the management and reporting systems – mainly
SAP – implemented at the Group.
Likewise, a series of control and review procedures have been defined of all the
information transfers between different Group management systems, guaranteeing
correct integration in the transactional financial system-SAP.
On a monthly basis, all the information transfers between systems are specifically
reviewed and are particularly reconciled in the event any incident arises in the automatic
transfer of information between systems.
Controls have been designed and put in place regarding access and user profiles for the
IT and communication systems that have an impact on the financial information and the
accounting closes, which guarantee the security of access to data and programs, and
control over changes, the correct operation of the changes and their continuity. An IT