Annual Corporate Governance Report 2017

46 - Protocol for filing financial reports with the CNMV - Protocol for producing online files containing Group companies’ financial statements and submitting them to the Mercantile Register The Finance Department reviews and checks each month-end accounting close before reporting it to Senior Management and the CEO, who review and approve the figures ahead of submission to the Executive Committee and/or the Audit and Control Committee. On a quarterly basis, with the assistance of the Finance Department and Internal Audit, the Audit and Control Committee oversees the process and sends its conclusions to the Board, which is the organ responsible for adoption of the financial statements before disclosure to the Comisión Nacional del Mercado de Valores (CNMV, Spain’s securities market regulator); this process is conducted through the Secretary to the Board. Control activities are mainly aimed at preventing, detecting, mitigating, compensating for, and correcting contingent errors or errors that have been discovered on time before the reporting and publication of the financial information. F.3.2. Internal control policies and procedures on reporting systems (among others, on access security, change control, the operation of the procedures, operational continuity and functional segregation) which support the entity’s relevant processes in relation to the preparation and publication of financial information. The Atresmedia Group applies some of the controls specified to mitigate ICFR risks via the officers responsible for them and/or semi-automated controls executed on IT systems. Many of the functions that support the relevant steps in the preparation of financial information are semi-automated in the management and reporting systems – mainly SAP R3 – implemented at the Group. A range of procedures are in place to control and review all transfers of information among the Group’s management systems so as to ensure suitable integration with the SAP transactional financial system. On a monthly basis, all the information transfers between systems are specifically reviewed and are specifically reconciled if any incident arises in the automatic transfer of information between systems. Controls have been designed and put in place regarding access and user profiles for the IT and communication systems that have an impact on financial reporting and accounting closes, which guarantee security of access to data and programs, control over changes, correct operation of changes and continuity. An IT security corporate policy exists which guarantees secure access to management and reporting systems and monitors any error and/or problem that may arise. A policy involving profiles and segregation of functions has been defined, which is periodically reviewed by the Systems Department, the Finance Department and Internal Audit. F.3.3. Internal control policies and procedures in place to supervise the management of activities subcontracted to third parties, and to monitor the evaluation, calculation and valuation activities of independent experts which may have a material effect on the financial statements. The Atresmedia Group has defined a procedure to acquire goods and services, and a Procurement Committee, which regulates the arrangement of services with third parties. These controls ensure that independence exists with regard to the supplier engaged and that the service is arranged at market prices. The Atresmedia Group has internal control policies and procedures in place to supervise the management of the activities subcontracted to third parties, and to monitor the evaluation, calculation and appraisal matters entrusted to independent experts, which may have a material effect on the financial statements. F.4 Reporting and communication Disclose the existence of at least the following procedures, and describe their main features.