Introduction

Abengoa’s Audit Committee was set up by the Board of Directors of Abengoa, S.A. on December 2, 2002 under article 4 of the company Bylaws, in order to meet the provisions on the Audit Committee contained in Law 44/2002 on the Reform of the Financial System. Furthermore, Abengoa has a corporate governance system that is constantly kept in line with current legislation and the best practices.
 

Pursuant to good governance practices, in order to reinforce the functions of the Board of Directors and ensure they are carried out efficiently, the creation of specialized committees is required. Thus, the work is diversified and it is ensured that, in certain relevant areas, any proposals and/or decisions are previously vetted by a specialized independent body with specific professional qualifications that enable it to filter and inform on its decisions, thus reinforcing the guarantees that the resolutions adopted by the Board are objective and have been given due consideration.

The Audit Committee ensures, from its independent position, that the companies are responsible for their actions and behave ethically. This responsibility is, without any doubt, the principal activity at present and will continue to be so in the future.

The Audit Committee forms the core of this responsibility objective and puts it into practice, in its essence, by publishing the Report on the Activities of the Audit Committee for each year. Its competencies, composition and rules of operation are regulated in the Board of Directors Regulations and in its own Internal Regulations and, in general terms, since it was created, this Committee has carried on intensive activity in the areas in which it is competent, as set out in the annual public information on the company’s Corporate Governance.

The Audit Committee Activities Report for the year 2010 was approved at the meeting held by this Committee on February 23, 2011 and presented to the Board of Directors at its meeting held on the same date. It will be made available to company shareholders upon publication of Abengoa’s Annual Report, which will be no later than when notice of the General Meeting of Shareholders is given.

Internal Regulations of the Audit Committee
 

The Internal Regulations of the Audit Committee were approved by the Board of Directors on February 24, 2003 and state:

Composition and Appointment

It shall permanently be formed by at least three directors. At least two of them shall be non-executive directors, thus maintaining the majority of non-executive members required in the aforementioned Law 44/2003.
 

They will be appointed for a maximum term of four years, renewable for maximum terms of the same length.

Chairman and Secretary

The Audit Committee shall initially elect its Chairman from among its non-executive director members.

The Secretary of the Board of Directors will act as the Secretary of the Committee.

Functions and Competencies

The following are the functions and competencies of the Audit Committee:

• Report on the annual accounts and half-yearly and quarterly financial statements that must be submitted to regulatory bodies and market monitoring bodies, making reference to the internal control systems, the control mechanisms to monitor implementation and compliance through internal audit procedures and, where appropriate, the accounting principles applied.
• To inform the Board of any change in accounting policies and the risks on and off the statement of financial position.
• To inform the General Meeting of Shareholders on any questions that the shareholders may raise thereat concerning matters that fall within the Committee’s competencies.
• To propose the appointment of the external account auditors to the Board of Directors, for subsequent submission to the General Meeting of Shareholders.
• To supervise the internal audit service. The Committee shall have full access to the internal audit department and will report on the process of selecting, appointing, renewing, removing and/or remuneration of the department’s manager, also informing on the budget of said department.
• To obtain information on the financing reporting process and the company’s internal control systems.
• To maintain relations with the external auditors in order to receive information on those issues that may jeopardize the latter’s independence and any other matters relating to the process of performing the account audit.
• To invite the directors considered appropriate to the Committee’s meetings, so that they can report on the matters that the Audit Committee itself decides.
• To draw up an annual report on the Audit Committee’s activities, which must be published together with the Annual Financial Statements for the year.

 

Meetings and Notice of Meetings

The Audit Committee shall meet on the occasions required to meet the functions set forth in the preceding article, which shall be at least once a quarter. The meetings will, in general, be held at the company’s registered office, although the members may, notwithstanding, designate a different location for a specific meeting.
 

The Audit Committee shall also meet whenever a meeting is called by the Chairman, either on his own initiative or at the request of any of the members, who may also suggest to the Chairman the convenience of including a certain item on the Agenda for the next meeting. Notice must be given sufficient time in advance, not less than three days, in writing and must include the Agenda. However, a meeting of the Audit Committee will be valid when all its members are present and agree to hold the meeting.

Quorum:

A meeting of the Audit Committee shall be deemed valid when a majority of its members are present. Attendance may only be delegated to a non-executive director.

A resolution shall be valid when a majority of the Committee members present vote in favor. In the event of a tie, the Chairman will have the casting vote.

Composition, Appointments and Member Profiles

The Audit Committee is formed by a majority of non-executive directors and its current composition, together with the date on which each member was appointed, is as follows:

 

Carlos Sebastián Gascón:
Professor of the Fundaments of Economic Analysis at the Universidad Complutense de Madrid since 1984. He studied at the Universities of Madrid and Essex (UK) and the London School of Economics. Apart from his academic career, he has also been the Director General of Planning at the Ministry of Economics, Director of the Fundación de Estudios de Economía Aplicada (FEDEA) (Applied Economics Studies Foundation) and an advisor and administrator of private companies. Currently, he is a director of Abengoa, S.A., Abengoa Bioenergía, S.A. and Gesif, S.A. He is the author a large number of articles and monographs on macroeconomics, the labor market, economic growth and institutional economics and has a regular column in the daily economic newspaper Cinco Días.

Daniel Villalba Vilá
Professor of Business Economics at the Universidad Autónoma de Madrid, PhD in Economics by the Universidad Autónoma de Madrid and Master of Science in Operations Research by the Stanford University. He has been CEO of Inverban (a broker and investment bank), member of the Board of Directors at the Madrid Stock Exchange (actually BME) and CEO or member of the board of directors of several non public companies and member of the Board of Directors of Vueling S.A. He also has written more than fifty academic papers and books.

José B. Terceiro Lomba
Professor of Applied Economics at the Universidad Complutense de Madrid and a director of the Prisa Group, Iberia Líneas Aéreas de España and Corporación Caixa Galicia. He was the Undersecretary of the Presidency of the Government (1981-1982) and has been awarded the “Premio CEOE a las Ciencias Económicas” (CEOE Prize for Economics) and the “Rey Jaime I” Prize for Economics.

José Joaquín Abaurre Llorente
Carries on activities in the audiovisual industry.

Mercedes Gracia Díez
Professor of Econometrics at the Universidad Complutense de Madrid and the Centro Universitario de Estudios Financieros. She has published many scientific publications in the Journal of Business and Economic Statistics, Review of Labor Economics and Industrial Relations, Applied Economics and Journal of Systems and Information Technology. She was the Manager of the Balance-Sheet Management Department at Caja Madrid from 1996 to 1999 and responsible for the Economics and Law area of the Agencia Nacional de Evaluación y Prospectiva (National Evaluation and Foresight Agency) from 1993-1996.

Miguel Ángel Jiménez-Velasco Mazarío
A Law graduate from the Universidad Autónoma de Barcelona (1989), Master in Company Management and Finance from the Instituto Internacional de Empresas de la Universidad de Deusto (International Company Institute of Deusto University) (1990-1991). He has been the Legal manager of Abengoa since 1996 and was appointed Secretary and Advisory Lawyer to the Board of Directors in 2003.

 

Meetings of the Audit Committee in 2010

In the year 2010, the Audit Committee met nine times, with all its members in attendance. The meetings and the principal matters discussed thereat are described below:

1. January 26, 2010 in Madrid

• Risk Analysis of the solar plant construction project in the U.S.A.
• Training session for the Audit Committee.

2. February 24, 2010 in Madrid

• Economic information on F.Y. 2009.
• Presentation by the external auditor of the conclusions of the audit of F.Y. 2009.
• Summary of the evaluation of internal control deficiencies performed by the company in relation to the Sarbanes-Oxley Act.
• Summary of audit and external consulting fees for 2009.

3. March 1, 2010 in Madrid

• Presentation and analysis of several investment and disinvestment operations.

4. May 12, 2010 in Madrid

• Economic information on the first quarter of 2010.

5. May 20, 2010 in Madrid

• Presentation of hedging mechanisms applicable to the convertible bonds issues of Abengoa, S.A.

6. August 25, 2010 in Madrid

• Economic information on the first half of 2010.
• Main conclusions of the external auditor of the limited review as of June 30.
• External auditor’s fees 2010.
• Consulting services fees 2010.
• Presentation on the degree of progress of the quantification project in Abengoa’s Universal Risk Model.

7. November 10, 2010 in Madrid

• Economic information on the third quarter of 2010.
• New external complaints channel procedure.
• Presentation on the degree of progress of the quantification project in Abengoa’s Universal Risk Model.
• Preliminary presentation of the Project for self-evaluation of the Audit Committee.
• Proposal for framework agreement between Abengoa and Befesa for related transactions between listed companies.

8. December 15, 2010 in Madrid

• Presentation of several corporate transactions.

9. December 28, 2010 in Madrid

• Presentation of several corporate transactions.

 

In addition, at each of the Audit Committee meetings, recurring subjects were discussed, such as:

• Monitoring of Internal Audit Plan.
• Reporting on related transactions.
• Code of Conduct compliance / Information on Complaint Channeling Policy.

The subjects analyzed at the Audit Committee meetings during the year are shown in the following graph:

 

The following attended the Committee meetings in 2010:

 

Activities Performed

Meeting its primary function of providing support to the Board of Directors, the principal activities discussed and analyzed by the Audit Committee may be grouped into three different areas of competency:

 

a) Internal Audit

The Audit Committee’s functions include the “supervision of the internal audit service” and “obtaining information on the financial reporting process and internal control systems and on the risks for the company”.

In order to supervise the sufficiency, suitability and efficient working of the internal control and risk management systems, the Committee received regular information in 2010 from the person responsible for Corporate Internal Audit in relation to:

• The Annual Internal Audit Plan and the degree to which it had been met: progress and conclusions on the internal audit work performed, which basically comprises the tasks of auditing financial statements, internal control SOX audits, Common Management Systems audits, reviews of critical projects and works, reviews of special areas and other.
• The degree of implementation of the recommendations issued.
• A description of the main areas reviewed and the most significant conclusions, which include the risks audited and sufficiently mitigated.
• Other more detailed explanations which the Audit Committee had requested.

 

In the year 2010, the Audit Committee worked consistently and supervised the performance of 660 tasks by the Internal Audit Department –the Annual Audit Plan for the year contained 627 tasks-. The tasks not included in the Plan related principally to general reviews of companies and projects that had not been considered in the initial planning.

As a result of the work performed, 317 recommendations were issued, most of which had been implemented by the year end.

One factor that had a decisive effect on the number of recommendations issued was the performance of internal control compliance audits under PCAOB (Public Accounting Oversight Board) standards, in accordance with the requirements of section 404 of the Sarbanes-Oxley Act (SOX).

The following graph shows the types of internal audit work carried out during the year 2010:

The Internal Audit service in Abengoa

The Internal Audit service originated as an independent global function, reporting to the Audit Committee of the Board of Directors, with the principal objective of supervising Abengoa’s internal control and significant risk management systems.

Structure and Team

Abengoa’s Internal Audit service is structured around the joint audit services, which act in coordination. To meet its functions and carry on its activities, it has a structure based on multidisciplinary teams, formally organized by geographical area, which work under a sole Annual Plan of activities and share execution of the tasks on the basis of their qualifications, applying the best international practices.

The Internal Audit team is formed by 53 auditors, distributed among the different Business Groups.

• The average age of Abengoa’s internal auditor team is currently around 31.
• 50% are men and 50% are women.
• The average length of professional experience is 7 years.
• Approximately 70% of the auditors have previous experience in one of the “Big Four” external audit firms.

The characteristics of Abengoa’s internal auditors show the company’s commitment to employing personnel qualified to carry out the audit functions. Abengoa’s internal auditors closely reflect the desire to provide a good service in the activity and involvement with the business project they are carrying out, with the main objective of creating value for the organization.

 

General Objectives

Objectives of the Internal Audit Service:

• Forestalling the audit risks to which group companies, projects and activities are exposed, such as fraud, capital losses, operational inefficiencies and, in general, any risks that may affect the healthy running of the business.
• Controlling the manner in which the corporate Common Management Systems are applied.
• To create value for Abengoa and its Business Groups, promoting the creation of synergies and the monitoring of optimal management practices.
• To coordinate the criteria and focuses for the work with the external auditors, seeking the greatest efficiency and profitability of the two functions.
• Analysis and processing of the complaints received and notification of the work performed to the Audit Committee.
• To evaluate the companies’ audit risk following an objective procedure.
• To develop the Work Plans with the appropriate scopes for each different situation.

Evaluation of the Internal Audit Service

In 2010, Abengoa commenced a process for the independent evaluation of the Audit service in accordance with the standards of the Institute of Internal Auditors.
 

The objective of the evaluation of the Internal Audit Service is to assess organization, processes and performance in the internal audit field, in order to fix the parameters to improve the Audit Service’s effectiveness and efficiency and thus deal with an increasingly demanding competitive and regulatory environment.

b) External Audit

The auditor of the individual and consolidated annual financial statements of Abengoa, S.A. is PricewaterhouseCoopers, which is also the Group’s main auditor.

The Audit Committee proposed the appointment of this firm to the Board of Directors, in order for the latter to subsequently submit it to the General Meeting of Shareholders, due to said firm’s extensive knowledge of the Group and its history, which were valued very favorably by both the Committee itself and Management.

Notwithstanding, a significant part of the Group, basically the Information Technologies Business Group (Telvent), is audited by Deloitte.

In addition, other firms collaborate in performing the audit, especially in small companies, both in Spain and abroad, although their scope is not significant in the Group overall.

The Audit Committee’s functions include ensuring the independence of the external auditor, proposing the appointment or renewal thereof to the Board of Directors and approving its fees.

SOX (Sarbanes-Oxley Act) internal control audit work is assigned to the same firms following the same criterion, since, according to PCAOB (Public Accounting Oversight Board) rules, the firm that issues the opinion on the financial statements must also be the firm that evaluates the internal control over the preparation of these statements, since this internal control is a key factor in “integrated audits”.

Abengoa follows the policy of having an external audit performed on all group companies, even if they are not obliged to do so because they do not meet the legal requirements.

A total of 46 new companies have been audited this year, more than 85% of which are being audited by one of the four main international audit firms or “Big Four.

The global fees agreed with the external auditors for the 2010 audit, including the review of regular reporting, the audit of the company listed in the USA under US GAAP and the SOX audit, together with the distribution thereof, is shown below:

When assigning work other than the financial audit to any of the “Big Four” audit firms, the company has a prior verification procedure, in order to detect the existence of possible incompatibilities that would prevent the firm from performing the work under the rules of the SEC (Securities Exchange Commission) or ICAC (Instituto de Contabilidad y Auditoría de Cuentas).

The amount of the fees incurred with the four main audit firms for work other than the financial audit in the year 2010 is shown in the following chart:

 

In 2010, a survey was conducted on the satisfaction with the service received from the main auditor during the 2009 audit. A series of conclusions have been drawn from this survey and will help to improve the work carried out jointly with the main auditor.

The Audit Committee is, furthermore, responsible for supervising the results of the tasks of the external auditors. Therefore, it is promptly informed of their conclusions and of any incidents noted in their reviews.

When thus required, the external auditor has attended Audit Committee meetings to report on its areas of competency, which are basically the following:

• Review of the financial statements of the consolidated group and its companies and issuing an audit opinion thereon.
  Although the auditors must issue their opinion on the financial statements as of December 31 each year, the work they conduct in each of the companies includes a review as of an earlier date, which is usually the end of the third quarter (September), in order to anticipate any significant transactions or other matters that have arisen up to said date.
  Since the year 2008, Abengoa and its listed subsidiaries voluntarily submit their six-monthly statements to a limited review, issued by the relevant auditor.
  Furthermore, reviews are conducted of the quarterly statements prepared in order to provide the financial reporting required by official bodies.
  Likewise, the consolidated financial statements of each one of the five Business Groups: Abeinsa, Befesa, Telvent GIT, Abengoa Bioenergía and Abengoa Solar, are audited.
• Evaluation of the internal control system and issuance of an audit opinion under PCAOB (Public Company Accounting Oversight Board) standards, (SOX -Sarbanes-Oxley Act- compliance).

The specific PCAOB rules involve the performance of a series of additional audit procedures. The SEC (Securities Exchange Commission) delegates to the PCAOB the preparation and issuance of the standards to be met by the external auditors in the course of their evaluation of internal control in an integrated audit.

In 2010, the external auditors carried out an integrated audit under PCAOB standards.
As a result of this work, the external auditors likewise issued a report with the conclusions of the internal control evaluation. This opinion is additional to the opinion included in the audit report on the annual financial statements, although the PCAOB allows both opinions to be included in the same document.

• Matters of special interest. For certain matters or specific or significant transactions, the external auditor is required to provide its opinion on the criteria adopted by the company, in order to reach a consensus.
• Independent Verification Reports prepared by external auditors. One of the axes of the company’s strategy is its commitment to transparency and meticulousness. To reinforce this commitment, some years ago, the company fixed the objective that all the information that appears in the Annual Report should be verified externally.
  Thus, in the year 2007, the company submitted the Corporate Social Responsibility Report to verification for the first time. In the year 2008, it was the Report on Greenhouse Gas Emissions and, in 2009 the Corporate Governance Report was verified externally.
  The company is not, however, satisfied with a limited assurance verification report, but intends to continue progressing towards a reasonable assurance verification report, which is the most demanding type of verification to which a company can aspire.

Thus, in the year 2010, 6 reports were issued by the external auditors and form an integral part of the Annual Report:

• Audit report on the Group’s consolidated financial statements, as required by current legislation.
• Voluntary audit report on internal audit compliance under PCAOB (Public Company Accounting Oversight Board) standards, as required under section 404 of the Sarbanes-Oxley Act (SOX).
• Voluntary reasonable assurance verification report on the Corporate Governance Report, being the first Spanish listed company to obtain a report of this kind.
• Voluntary reasonable assurance verification report on the Corporate Social Responsibility Report.
• Voluntary verification report on the inventory of greenhouse gas emissions.
• Voluntary verification report on the design of the Risk Management System in accordance with the specifications of ISO 31000.

c) Internal Control

The Audit Committee’s main objectives concerning internal control over the preparation of the financial reporting are:

• To determine the risks of a possible material error in the financial reporting caused by fraud or possible fraud risk factors.
• Analysis of the procedures to assess the efficiency of internal control in relation to the financial reporting.
• Capacity of the internal controls over the processes that affect Abengoa and its Business Groups.
• To identify the material deficiencies and weaknesses in the internal control in relation to the financial reporting and the response capacity.
• To supervise and coordinate any significant changes made over the internal controls related to the quarterly financial reporting.
• Performance of the quarterly processes of closing the financial statements and differences identified in relation to the processes performed at the year end.
• Putting in place plans and monitoring for the actions implemented to correct the differences identified in the audits.
• Measures to identify and correct possible internal control weaknesses in relation to the financial reporting.
• Analysis of procedures, activities and controls that seek to guarantee the reliability of the financial reporting and prevent fraud.

Internal Control Model

In February 2010, the National Stock Market Commission published the document “Internal Control over Financial Reporting in Listed Entities”, which contains two new legal obligations that listed companies must meet from 2011 onwards:

• The audit committees will be responsible for supervising the financial reporting and the efficiency of the company’s internal control and risk management systems.
• Companies will have to inform the markets of their systems of internal control over financial reporting through the Annual Corporate Governance Report.

The National Stock Market Commission’s document is based on COSO and includes 30 recommended practices divided into five components:

• Internal Control Environment
• Financial Reporting Risk Assessment
• Control Activities
• Information and Communication, and
• System Operation Supervision

Since 2007, Abengoa has voluntarily submitted its Internal Control Systems to external evaluation, with the issuance of an audit opinion under PCAOB standards and a compliance audit under section 404 of the Sarbanes-Oxley Act (SOX).

This fact implies that Abengoa has been complying strictly with the reference indicators included in the National Stock Market Commission’s “Systems of Internal Control over Financial Reporting” document for four financial years.

Abengoa believes that an appropriate internal control system must ensure that all relevant financial reporting is reliable and known to Management. Thus, it considers the model developed and adapted to SOX to complement and complete the Common Management Systems, the principal objective of which is to control and mitigate business risks.

The conceptual framework used as a reference is the COSO model, since it is the model that is closest to the approach required by SOX, which has also been presented to the Audit Committee. In this model, internal control is defined as the process carried out in order to provide reasonable assurance of the attainment of certain objectives, such as compliance with laws and regulations, the reliability of financial reporting and the effectiveness and efficiency of operations.

d) Governance and Compliance

To carry out its responsibilities, the Audit Committee has the following supervision tools at different levels of the organization:

Company Management has implemented a Code of Professional Conduct, the philosophy of which is honesty, integrity and good judgment on the part of employees, managers and directors, as reflected in Abengoa’s Annual Corporate Governance Report, which provides details of the Company Administration Structure, the Risk Control Systems, the degree to which recommendations on governance are followed and the Reporting Instruments and where Management’s commitment to maintaining an appropriate internal control and risk management system, good corporate governance and ethical conduct on the part of the organization and its employees can be seen.

The Code of Conduct is available to all employees through the Abengoa intranet and is updated from time to time.

In the Welcome Manuals of Abengoa and the different Business Groups, express reference is made to the Code of Professional Conduct.

All departments, principally Human Resources and Internal Audit, look to ensure compliance with the Code and notify Management of any irregular conduct noted so that the appropriate measures can be adopted.

Complaints Channel
Abengoa and its different Business Groups employ a mechanism for complaints to the Audit Committee, which was formally put in place in the year 2007 under the requirements of the Sarbanes-Oxley Act.

Abengoa has two complaint channels:

An internal channel, which is available to all employees, so that they can notify any alleged irregularity in accounting or audit or breaches of the Code of Conduct. The communication channel is by e-mail or ordinary mail.

An external cannel, available to anyone outside the company, so that they can notify any alleged irregularities, fraudulent actions or breaches of Abengoa’s Code of Conduct through the web page (www.abengoa.com).

Complaints may be sent on the basis of confidentiality for the complainant or anonymously.

With the creation of these channels, Abengoa has wished to provide a specific method of communication with Management and the governing bodies, which may be used as a tool to inform them of any possible irregularity, non-compliance, unethical or illegal conduct or breach of the rules that govern the Group.

Each complaint received leads to investigations by the Internal Audit team in accordance with the following phases:

Supervision and Control of the Risk Management Model at Abengoa
 

During the year 2010, Abengoa continued its growth, carrying on activities in more than 77 countries. To deal with this growth in a safe and controlled manner, Abengoa has a common business management system that allows it to work on an efficient, coordinated and consistent basis.

In forthcoming years, we will be faced with an environment the principal characteristic of which will be greater regulatory requirements. In order to deal with this scenario, Abengoa considers risk management to be an indispensable activity and function for strategic decision making.

Abengoa manages its risks using the following model, described in the company’s Risk Management Manual, which is intended to identify the potential risks of a business:

Abengoa’s Risk Management Model comprises two basic elements:

These two elements form an integrated system that allows appropriate risk management and control at all levels of the organization.

a) Common Management Systems
The Common Management Systems represent the internal rules of Abengoa and all its Business Groups and their method of assessing and controlling risks. They represent a common culture in the management of Abengoa’s businesses, sharing the knowledge accumulated and fixing criteria and guidelines for action.

The Common Management Systems include specific procedures that cover any action that may result in either an economic or non-economic risk for the organization. Furthermore, they are available to all employees en electronic format, irrespective of their geographical location or job.

The CMS must verify and certify compliance with these procedures. This annual certification is issued by the Audit Committee in January of the following year.

Objectives:

• To identify possible risks which, although they are inherent to any business, must be identified, mitigated and monitored.
• To optimize the day-to-day management by applying procedures leading to financial efficiency, expense reduction and the homogenization and compatibility of information and management systems.
• Promote synergies and value creation throughout Abengoa’s different business units.
• To reinforce the corporate identity.
• To achieve growth through strategic development that seeks innovation and new options in the medium- and long-term.
•  

The Systems cover the whole organization at three levels:

• All the Business Groups and areas of activity;
• All levels of responsibility;
• All kinds of operations.

Our Common Management Systems represent a common culture for Abengoa’s different businesses and are composed of eleven Rules defining how each one of the potential risks included in Abengoa’s risk model should be managed. Through these systems, the risks and the appropriate way to cover them are identified and the control mechanisms are defined.

Over recent years, the Common Management Systems have evolved to adapt to the new situations and environments in which Abengoa operates, with the principal intention of reinforcing risk identification, covering the risks and fixing control activities.

b) Compulsory Procedures (SOX)
The Compulsory Procedures are used to mitigate the risks relating to the reliability of the financial reporting, by means of a combined system of procedures and control activities in key areas of the company, which are intended to ensure the reliability of the financial reporting and avoid fraud.
 

As a result of our commitment to transparency, in order to continue to ensure the reliability of the financial reporting prepared by the company, we have continued to reinforce our internal control structure, adapting it to the requirements established in section 404 of the United States Sarbanes-Oxley Act (SOX). For a further year, we have wished to voluntarily submit the internal control system of the whole group to an independent evaluation process conducted by external auditors under the PCAOB (Public Company Accounting Oversight Board) audit standards.

SOX is a compulsory law for all companies listed in the United States and is intended to ensure the reliability of the financial reporting of these companies and protect the interests of their shareholders and investors by setting up an appropriate internal control system. Thus, although only one of the Business Groups –Information Technologies (Telvent)- is obliged to meet SOX requirements, Abengoa deems it necessary to meet these requirements both in the subsidiary that is listed in the United States and in the rest of the companies, since these requirements complete the risk control model used by the company.

An appropriate internal control system is in place and uses three tools:

•  A description of the company’s relevant processes that have a potential impact on the financial reporting that is prepared.

In this respect, 41 Management Processes (MPs) have been identified and grouped into Corporate Cycles and Cycles Common to the Business Groups.

• A series of flow charts that provide a visual description of the processes.
• An inventory of the control activities in each process that ensures attainment of the control objectives.

Our work comprises the following aspects:

At Abengoa, we have seen this legal requirement as an opportunity for improvement and, far from being satisfied with the rules included in the Act, have tried to develop our internal control structures, the control procedures and the evaluation procedures applied to a maximum.

This initiative arose in response to the swift expansion undergone by the Group in recent years and future growth expectations, in order to enable us to continue to guarantee the preparation of accurate, timely and complete financial reports to our investors.

In order to meet the requirements of section 404 of the SOX, Abengoa’s internal control structure has been redefined following a “Top-Down” approach based on risk analysis.

Said risk analysis covers the initial identification of significant risk areas and the evaluation of the controls that the company has in place over them, starting with those executed at the highest level –corporate and supervisory controls-, then dropping to the operational controls present in each process.

Our approach is as follows:

XXX

Risk Management
Abengoa is aware of the importance of managing its risks in order to carry out appropriate strategic planning and attain the defined business objectives. To do this, it applies a philosophy formed by a set of shared beliefs and attitudes, which define how risk is considered, starting with the development and implementation of the strategy and ending with the day-to-day activities.

The risk management philosophy is set out and applied through Abengoa’s Risk Management System, completed with the methodology of the Universal Risk Model. Abengoa’s Risk Management System is shown in the following diagram:

Abengoa defines risk as any potential event that may prevent the company from reaching its business objectives. Abengoa considers that a risk arises as a loss of opportunities and/or strengths or the materialization of a threat and/or strengthening of a weakness.
 

Abengoa’s attitude in the face of risk is awareness, involvement and anticipation. The key principles of Risk Management at Abengoa are the following:

• In order to attain the business objectives fixed, risks must be managed at all levels of the company without exception.
• The Board will be responsible for supervising the efficiency of the entity’s internal control and risk management systems.
• Decisions are always taken on the basis of a consensus, with shared responsibility.
• Abengoa’s Risk Management System is fully integrated into:
  - The strategic planning process.
  - The definition of business objectives.
  - Day-to-day operations to attain said objectives.
• Risk Management includes the identification and assessment of, response to, monitoring or follow-up of and reporting of risks in accordance with the procedures in place for these purposes.
• Responses to risks must be consist and must be well adapted to the conditions of the business and the economic environment.
• Management must regularly evaluate the assessment of its risks and the responses that have been designed.
• Monitoring will be conducted regularly and the conformity of the activities of identification, assessment, response, monitoring and reporting included in Abengoa’s Risk Management System will be reported.

Risk Management work processes:
The Risk Management process at Abengoa is a continuous cycle based on five key phases, as shown in the following diagram:

In each phase, regular and consistent communication is necessary in order to achieve good results. Since it is a continuous cycle, permanent feedback is necessary in order to achieve a constant improvement in the Risk Management System. These processes are addressed to all the company’s risks.
 

The Universal Risk Model
During 2010Abengoa has continued the development of the Universal Risk Model which is the methodology used by Abengoa to quantify the risks that compose the Risk Management System.

Abengoa’s Universal Risk Model is made up of four categories, twenty subcategories and a total of 94 principal risks for the business. Each one of these risks has an associated series of indicators that allow its probability and impact to be measured and the degree of tolerance of the risk to be defined.

For each risk, at least one probability indicator and an impact indicator have been established. These may be quantitative and/or semi-quantitative indicators, while, at the same time, they allow tolerance levels to be fixed for subsequent evaluation and monitoring.

The following diagram shows how Abengoa’s Universal Risk Model operates. The regular review and updating of this Model is the combined responsibility of Internal Audit, those responsible for each Area and the Risk Management Department, both at corporate level and in the different Business Groups.

As a result of the assignation of probability and impact indicators to all the risks that form Abengoa’s Universal Risk Model, the risks are classified into four types, each of which has a predetermined risk strategy:

1. Minor Risk: risks that occur frequently but have little economic impact. These risks are managed to reduce their frequency only if managing them is economically viable.
 

2. Tolerable Risk: risks that occur infrequently and have little economic impact. These risks are monitored to check that they are still tolerable.
 

3. Severe Risk: frequent risk with a very strong impact. These risks are managed immediately, although, due to the Risk Management processes implemented by Abengoa, it is unlikely that Abengoa needs to tackle this type of risk.

4. Critical or Emerging Risk: risks that occur infrequently but have a very high economic impact. These risks have a contingency plan since, when they arise, their impact is extremely high. In the event of Critical Risks or Emerging Risks, the Corporate Risk Management Department is directly involved in assessing them. To do this, the following is done:

- Emerging Risks are related to the strategic lines of activity.
- Information is sought and analyzed using an adequate assignation of resources.
- The traditional risk indicators and the controls are reviewed n relation to the changing market conditions.
- It is necessary to know how to listen to the “weak” signals (however weak they may be) by investing in technology to control Emerging Risks.
- It is necessary to learn from management experience with risks based on past events.
- Information is provided for Risk Management strategies through relevant data and an appropriate analysis.

Response
The risk response tools are included in the NOC and POC, which all employees must comply with. Responses to risk must always be made in terms of efficiency and effectiveness.

The responses designed and included in the NOC and POC are intended for one of the following risk management scenarios:

• Elimination: the risk is completely eliminated
• Reduction and Control: it is attempted to reduce the risk as much as possible by using strategic or safety measures (diversification of supply, quality systems, maintenance, prevention, etc.).
• Transfer to a third party: the risk is transferred to a third party, so that Abengoa holds no responsibility for the risk, either through an insurance company or another third party (supplier, subcontractor).
• Financial Retention: if it has not been possible to otherwise control the risk, it is finally accepted.