Annual Corporate Governance Report 2017

36 iv. Processes: the main processes and sub-processes of the different businesses of the Atresmedia Group are specified to identify the risks having the greatest impact on each business process, the existing controls, and the improvement requirements for each of the processes and sub- processes. v. Organisation: risks and controls affecting the entire Group have been specified, as well as risks and controls that affect only certain organisational units. The heads of each organisational unit monitor the risks and controls specific to their organisation. Further information on the Company’s Risk Management and Control System is provided in the appendix to section H of this report. With regard to tax risks, aside from the controls inherent in the Risk Management and Control System, in 2015, a Corporate Tax Policy was approved by the Board of Directors, subject to review and approval of the Compliance Committee and of the Audit and Control Committee, which regulates the basic principles that govern Atresmedia’s corporate tax policy, as well as best practices applied to tax matters. These practices consist of compliance with all applicable regulations, collaboration with the tax authorities when required, and avoiding opaque structures and transactions or use of tax havens. Likewise, a Procedural Protocol regarding Particularly Significant Tax Transactions was approved by the Compliance Committee and duly notified to the Audit and Control Committee. This Protocol defines the specific procedure that must be followed with respect to the transactions that, due to their type and/or amount, require an additional, itemised analysis by the Tax Area. E.2. E.2 Identify the company organs responsible for framing and implementing the risk management system (including tax risks). The Risk Management and Control System is a corporate system in which the whole of the Atresmedia Group participates, with different levels of responsibility and participation. Through control assessments, all organisational and business units are actively involved in the System. Atresmedia’s key responsibilities relating to the risk management and control system are: − BUSINESS UNITS AND CORPORATE UNITS:  Responsible for controls, assessment and oversight.  Must comply with external and internal laws, regulations, codes and standards (policies, rules and procedures). − FINANCE DEPARTMENT:  Responsible for most financial controls and for the system of internal control over financial reporting (ICFR)  Compliance with policies and standards relating to budgets, financial statements, accounting and financial reporting  Responsible for controls over tax risks − LEGAL AFFAIRS/OFFICE OF THE SECRETARY TO THE BOARD:  Responsible for most of the compliance and corporate governance controls − COMPLIANCE COMMITTEE:  Collegial body that oversees the Group’s compliance with laws and regulations  Responsible for overseeing the Code of Conduct, the Whistleblower Channel and the Internal Code of Conduct on the Securities Market  Chaired by a qualified and independent professional − COMPLIANCE OFFICER FOR CRIME PREVENTION  Responsible for implementing and monitoring the Group’s crime prevention compliance system.  Advises senior executives and directors on all matters relating to criminal liability