43
Events with a negative impact pose risks, and require assessment and response. Events with a
positive impact offer opportunities, which are redirected towards the strategy of the target setting
process.
TheGroup applies a combination of techniques to identify events, simultaneously using past events
(for example, historical series in the evolution of macroeconomic indicators) and future potential
events (for example, newmarket conditions andactionsof rivals).
Events are identified at process level, thus helping to focus risk evaluation on the main business
units or functions. Accordingly, theAtresmediaGrouphas a reference process chart inwhich all the
processes of the Group’s companies and businesses are identified, classified and described. The
mainprocesses identifiedareas follows:
- Knowledgeof theadvertisingmarket, its audienceand its trends.
-Development of the corporate strategy.
-Designingof aprogramminggrid.
-Marketingand saleof advertising slots.
- Contractingandproductionof programs and thebuyingof rights.
- Broadcastinganddistributionof programs.
-Human resourcesmanagement.
- Informationand technologymanagement.
- Administrationand finance.
-General infrastructuremanagement.
-Management of external relations and communication.
-Management of risks, transparencyand compliancewith regulations.
4). Assessment and classificationof risks
The systemassesses the level of exposure to risks assigned to strategic targets andprocesses.
Riskshavebeendivided into the following categories:
1. 1Risks associatedwith strategy
2. Risks associatedwith internal processes
2.1. Risks associatedwithoperations andprocesses:
2.1.1.-Operating risks
2.1.2.- Technological risks
2.1.3.- Integrity risks
2.1.4.- Financial risks
2.1.5.-Management risks
2.2. Information risks for decision-making:
2.2.1. -Operational
2.2.2. - Financial
2.2.3. - Strategic
2.2.4. - Risks associatedwith compliance.
3. Corporateand reputational risks
Risks areevaluated taking intoaccount both:
−
The inherent risk, understood to be the risk existing in the absence of actions tomodify its
probabilityand impact.
−
The residual risk, understood to be the risk which remains once the responses to the risks
havebeenadoptedand implemented.
Subsequently, they are prioritised in line with importance and probability following the identified
controls, inaccordancewith two criteria:
−
Importance: Classified in accordancewith the negative impact of the occurrence of the risk
on resultsor onbusiness continuity.
