Annual Corporate Governance Report 2017

62 existing controls and the needs for improvement or redefinition thereof, to the extent that the processes are evolving on an operational and technological basis. The key processes identified within the Risk Management and Control System are: Framing and specifying the corporate strategy Acquiring content and buying rights Producing content Designing the programming schedule and strategy Buying goods, services and technology Marketing and selling advertising Marketing other services Information systems and technology Managing technical infrastructure Operational management of general assets and infrastructure Human resources and occupational risk prevention Legal and regulatory affairs and litigation Administration and finance 4. Risks The System includes all the risks of the Atresmedia Group, classified by different categories and assigned to different regulations, organisations and processes. A complete map of risks has been defined, which enables all risks to be identified, both from the surroundings, and those relating to the activity and business performed and others specific to the Company. These risks are assessed periodically with regard to their impact and probability. Each of the risks identified has established controls and procedures that help prevent their ever materialising. If any risk materialises, it is mitigated through defined control mechanisms and risk responses established in each case. 5. Controls and control tools The System includes a full identification and description of all the controls. All the controls are associated with the risks previously identified in order to be mitigated; accordingly, the satisfactory application thereof enables the potential impact of risks materialising to be reduced. The Atresmedia Risk Management and Control System has different tools that reinforce internal control and reduce the potential impact of existing risks: a. Policies, Procedures and Protocols, adequately notified through the corporate communication channels to the affected areas and people. b. Other IT tools for control (additional to the GRC system), the highlights being: Procurement management system Contractuaal engagement proposal management and authorisation system Programme budget management and authorisation system Quality system IT application for compliance with the internal rules relating to securities markets c. Whistleblowing channel: Enables all employees to notify, in a readily usable and confidential manner, any inappropriate conduct or behaviour as specified under the Code of Conduct or any other applicable laws, regulations or standards, and especially those that do not comply with the Internal Control over Financial Reporting (ICFR) System. d. Control procedures relating to the Internal Control over Financial Reporting (ICFR) system: Atresmedia, in its commitment to provide reliable, complete, true and standardised information to investors and to the market, has implemented an Internal Control over Financial Reporting (ICFR) System that guarantees the accuracy of the financial information issued. e. Compliance Committee