Annual Corporate Governance Report 2017

61 APPENDIX SECTION H E.1 The Atresmedia Group has in place an application that supports and manages its whole Risk Management and Control System, known as SAP “GRC” (Governance, Risks and Compliance). It is a Corporate System developed alongside its SAP transactional system which enables the monitoring of all the Group’s risks to be systematised, ordered and documented, together with the existing controls to mitigate the risks identified and to establish work flows that speed up and order the information flows of the risk and control system. The tool also evaluates the effectiveness and design of the System on an ongoing basis, both with respect to the risks identified and to the controls implemented to mitigate such risks. In this regard, the dimensions of the Atresmedia Risk Management and Control System are as follows: 1. Compliance The Atresmedia Group has defined a regulatory compliance system, which enables all regulations to be complied with, both in relation to the sectors in which it operates and in respect of the generic manner in which they affect the Company in view of its status as a listed company or the legislation to which it is submitted (labour, tax, environmental, etc.). The supervision of regulatory compliance, via specific controls, is one of the principles on which the Atresmedia Group’s Risk Management and Control System is based. Additionally, a series of Internal Procedures and Protocols have been adequately defined and notified, which have been included within the Group’s Risk Management and Control System, representing additional control mechanisms to ensure compliance in order to mitigate the appearance of various associated risks. These Procedures and Protocols are supervised and approved by the Regulatory Compliance Committee and are adequately notified to the Audit and Control Committee on a frequent basis to oversee that they are effectively complied with. 2. Organisational structure All the risks and controls of the Atresmedia Group are assigned to an organisational unit, enabling the risks and controls to be adapted by organisation/business and responsibilities to be identified in the System both at corporate level and in each of the organisational units and business units. Risks and controls exist that are assigned to the whole Group, but the System also covers other risks that are solely assigned to certain units of the organisation, insofar as they are specific to the related business or organisation. The heads of each organisation may monitor the risks and controls specific to their organisation. The organisations within the Atresmedia Risk Management and Control System are: Television division Radio division Advertising division Multimedia division Diversification division Film division Corporate Department (Systems and Human Resources) Finance Department Legal and Regulatory Affairs Department Audit, Processes and Quality Department Foundation These organisational units have in turn defined their internal organisation (lower organisational units) for the purposes of assigning responsibilities for the implementation and design of controls and subsequent oversight. 3. Processes Via a detailed processes map, the Group’s risks and controls are associated so that at any time it is possible to identify which risks have the greatest impact on one or another business or corporate process; together with the