Annual Corporate Governance Report 2017

35 Mechanisms in place to resolve conflicts of interest E RISK MANAGEMENT AND CONTROL SYSTEMS E.1 Describe and specify the scope of the company’s system for managing risk, including tax risk. The Atresmedia Group’s risk management and control system is reviewed and updated regularly in response to how the Group’s businesses perform and evolve, to risks that actually materialise, to changes in the law, and to how the organisation itself changes and evolves. Our risk management system helps the management team to make the right decisions and address risk effectively. We identify and implement controls and action plans targeting known risks; this enhances our ability to create value and minimises the impact of losses that actually materialise. Risk analysis and control touches on all the Group’s activities and involves all our organisational units. This means that risk management is a corporate system in which the entire organisation is on alert. The system is headed and overseen by the Board, yet some of its functions are delegated to the Audit and Control Committee. Risk management also brings into play the coordinating role of the Compliance Committee, and input from the Legal Affairs, Internal Audit and Finance and Process Control areas. The System’s main aim is to identify risks, perform frequent assessments and to define and apply specific control procedures to mitigate such risks. The key objectives of the Risk Management and Control System are: 1. System consistency and uniformity: ensuring uniformity when specifying, identifying and measuring risks in all the Group’s businesses. 2. Corporate internal control environment: controls are applied by the officers in charge in accordance with a testing schedule and their effectiveness is measured; the outcome is documented. 3. Ongoing assessment and improvement: improve the system by evaluating the design of controls and identifying new potential risks on a scheduled basis. The controls required for the new risks are then specified and implemented. 4. Define and communicate policies, protocols and procedures: the notification and management tool for the business areas of Group companies, offering the managers and users the internal guidelines and instructions on the Group’s control and governing bodies: Board of Directors, Audit and Control Committee, Compliance Committee and Internal Audit and Process Control Division. 5. Compliance: ensuring compliance with all prevailing laws, regulations and standards applicable to Group activities. Based on the general objectives defined for Atresmedia’s Risk Management and Control System, the key components are specified below: i. Setting targets: annually reviewing and setting new targets for the Group and for each of its business units, as well as an acceptable risk level, based on the Group’s overall strategy and on internal and external events. ii. Internal control environment: frequently performing a re-assessment of the system to verify, on the one hand, the manner in which Group employees perceive risks, and checking the efficiency and functioning of the controls reducing the risks and the implementation of action plans and, on the other hand, reviewing the procedural environment. An assessment is performed of the effectiveness and design of the controls implemented in order to put into place new controls or mitigate impacts. The risks are frequently re-assessed to verify that they are effectively controlled. iii. Compliance: the Atresmedia Group has created a Compliance System that ensures compliance with all laws, regulations and standards, both internal and external. The System supervises compliance with such regulations through specific controls.