D. Risks Control System
D.1. General description of the risk policy of the company and/or its group, detailing and evaluating the risks covered by the system, together with an explanation of why these systems are adequate for each type of risk.
The Abengoa Risk Management is structured on three significant bases:
- The Common Management Systems, which serve to mitigate business risks.
- Internal control procedures on the elaboration of financial information designed following the SOX (Sarbanes-Oxley Act) to mitigate risks linked with the reliability of financial information.
- The Universal Risks Model of Abengoa is the methodology for the identification, comprehension and evaluation of the risks that may affect Abengoa. The purpose is to obtain an integral vision of them, designing an efficient system of response that is in line with the business goals and objectives of the company.
These two elements form an integrated system that allows an appropriate risk management and control at all the levels of the organization. This is a live system that undergoes continuous modifications to remain in line with the reality of business.
There are also internal auditing services aimed at ensuring the compliance with and the good functioning of these systems.
I) Business Risks:
Procedures geared towards eliminating business risks are instrumented through what is referred to as “Common Management Systems”. The Common Management Systems of Abengoa develop the internal rules that govern Abengoa and its chosen approach to assessing and controlling the risks. They represent a common culture in the business management of Abengoa, in that they permit the sharing of accumulated knowledge and they set the criteria and patterns of action.
The common management systems serve to identify both the risks embedded in the current model as well as the activities of control that mitigate them and drastically reduces the risks inherent in the activity of the Company (business risks), at all possible levels.
The common management systems include some specific procedures that cover any action that may entail a risk for the organization, whether economic or otherwise.
The functional managers must verify and certify compliance with these procedures. This certification is annual and submitted to the Audit Committee in January of the following year.
The goals and objectives of the common management systems can be summarised as follows:
- Identify possible risks, which, though inherent in any business, must be identified, mitigated and monitored
- Optimization of daily management, applying procedures geared towards financial efficiency, reduction of expenses, homogenization and compatibility of information and management systems.
- Promoting the synergy and creation of value of the various Business Units of Abengoa.
- Reinforce the corporate identity.
- Achieving growth through strategic development that seeks innovation and new options on short- and long-term bases.
The systems cover three levels of the whole organization:
- All business units and areas of activity
- All levels of responsibility
- All types of operations
Compliance with the regulations set forth in the common management systems is compulsory for the whole organization, which is why all its members are bound to be familiar with them. Any exceptions to said compliance with said systems must be reported to the person in charge and must be conveniently authorized through the relevant authorization forms.
Besides, they are constantly undergoing updates that permit the incorporation of good practices to each of the fields of action. To facilitate their spreading, successive updates are immediately communicated to the organization through IT media.
II) Risks in relation to the reliability of financial information:
In 2004 Abengoa started the process of adjusting its internal control structure on financial information to fit the requirements set forth by Section 404 of the SOX Act. Said adjustment process ended in 2007, although it is still being implemented in the new company acquisitions which occur each year.
As a result of our commitment to transparency, in order to continue to ensure the reliability of the financial reporting prepared by the company, we have continued to reinforce our internal control structure, adapting it to the requirements established in section 404 of the United States Sarbanes-Oxley Act (SOX). For another year, we are able to voluntarily submit the internal control system of the whole group to an independent evaluation process conducted by external auditors under the PCAOB (Public Company Accounting Oversight Board) audit standards.
This standard is a compulsory law for all companies listed in the United States and is intended to ensure the reliability of the financial reporting of these companies and protect the interests of their shareholders and investors by setting up an appropriate internal control system. This way, and even though none of the Business Units are under obligation to comply with the SOX Law, Abengoa believes it is best for all its companies to comply with said requirements, since said rules complete the risks control model that the company uses.
An appropriate internal control system can be put in place using three tools:
- A description of the company’s relevant processes that may bear a potential impact on the financial report being prepared. So far 41 management processes have been identified and grouped into corporate cycles and cycles that are common to the business units.
- A series of flow charts that provide a visual description of the processes.
- An inventory of the control activities (530 controls, 250 of them being automatic) in each process that ensures attainment of the control objectives.
At Abengoa, we have always viewed this legal requirement as an opportunity for improvement. Far from limiting ourselves to the bare minimum required by law, we have strived to optimize our internal control structures, control procedures and the assessment procedures we apply.
For the purpose of complying with the requirements of section 404 of the SOX Act, Abengoa’s internal control structure has been redefined following the “Top-Down” approach based on a risks analysis that entail the initial identification of the significant risks areas and the assessment of the controls that the company holds over them, beginning with those executed at the highest level then down to the operational controls put in place in each case.
Thus, in 2011 the initial stages of the introduction of the SAP GRC Process Control module were concluded. By December 31, 2012, the module had already been implemented in all the significant companies.
GRC Process Control provides a technological solution that allows the automation of the continuous internal control and performance monitoring model, facilitating its performance and increasing security in the company’s operations.
Below are the benefits derived from the introduction of the GRC Process Control:
- Automation of the Continuous (Internal) Control Monitoring. Obtaining automatic reports and balanced scorecards on the internal control framework and regulations
- Integration of internal control into business processes.
- Level of automation of auditing for automatic controls.
- Centralization of documentation and internal control management processes. (Sole repository of information)
- Usage of standard workflows for the entire life-cycle of a control, bearing the regulation in mind, as in the case of SOX.
- Increase of the efficiency of internal control model, by reducing performance cost and increasing its effectiveness.
- Increasing confidence in the effectiveness of controls.
- Improving the performance follow-up.
III) Universal Risks Model
The 2011 financial year saw the culmination of the implementation of the universal risks model of Abengoa, the methodology for the identification, comprehension and evaluation of risks that may affect Abengoa. The purpose is to maintain an integral vision of them, designing an efficient system of response that is in line with the business goals and objectives of the company.
Our model envisages the following areas and categories of risks:
- Strategic Risks: corporate governance, strategic and R+D+i projects, mergers, acquisitions and divestitures, planning and assignment of resources, market dynamics, communication and relation with investors
- Operational Risks: human resources, information technologies, physical assets, sales, supply chain, threats or catastrophes.
- Financial Risks: cash flow and credit, markets, taxation, capital structure, accounting and reporting.
- Regulatory Risks: regulations, laws and codes of ethics and of conduct.
The risks identified are assessed considering the probability of them actually occurring and their impact on the company.
The 2012 financial year saw the consolidation of Archer eGRC as the tool for calculating and reporting the risks of the various activities and sectors of the company. Since its introduction, effort has been made to ensure the synchronization of the application with other tools o the group for the purpose of getting the processes to become more automatic.
IV) Risks Factors
The Risks Factors of Abengoa are identified in Schedule 1 of the Securities Registration Document published in the CNMV on July 12, 2012
1. Specific risks factors of issuer or of its activity sector.
1.1. General Risks
- Abengoa operates in a sector of activity especially linked with the economic cycle.
- Risk derived from depending on the regulations in support of activities relating to renewable energy, bioethanol production and also research- and development-related activities.
- Solar power generation.
- Biofuel consumption.
- Risks derived from the sensitivity entailed in the supply of raw materials for biofuel production and the volatility of the price of the final product.
- Risks derived from the sensitivity entailed in the supply of raw materials for recycling activities and the volatility of the price of the final product.
- Risks derived from delays and cost overruns in activities of Engineering and construction due to the technical difficulties of the projects and the lengthy duration of their execution.
- Risks linked to the activities of concession-type Infrastructural projects operating under regulated tariffs or extremely long-term licences agreements.
- Incomes derived from long-term agreements: risks derived from the existence of clauses and/or renewal of licence agreements processed by Abengoa, termination of pending Engineering and Construction projects and non-renewals of biofuel distribution agreements.
I. Concessions.
II. Biofuel distribution agreements.
III. Backlog of projects in the activities of Engineering and construction.
- The variations in the cost of energy may bear negative impact on the Company results.
- Risks derived from the development, construction and exploitation of new projects.
- Abengoa’s activities may be negatively affected in the event that public support for such activities diminishes.
- Construction projects regarding the Engineering and Construction activities and the facilities of
- Concession-type Infrastructural and Industrial production activities are dangerous places of work.
- Risks derived from joining hands with third parties for the execution of certain projects.
1.2. Specific Risks of Abengoa
- Abengoa operates with enormous levels of indebtedness.
- Risks derived from the demand for capital intensive investments in fixed assets (CAPEX), which increases the need for external financing for the execution of pending projects.
- Risk of obtaining reduced net profit derived from assets rotation
- The company has a controlling shareholder.
- The renewable energy sector products and services are part of a market subject to intensive conditions of competition.
- The results of the Engineering and construction activity depend significantly on the growth of the Company in the Concession-type Infrastructural and Industrial Production activities.
- Fluctuations in the interest rates and its coverage may affect the results of the Company
- Fluctuations in the currency exchange rates and its coverage may affect the results of the Company
1.3. Risks derived from internationalization and from country risks:
- Abengoa’s activities fall under multiple jurisdictions with various degrees of legal demands requiring the Company to undertake significant efforts to ensure its compliance with them.
- Insurance coverage underwritten by Abengoa may be insufficient to cover the risks entailed in the projects, and the costs of the insurance premiums may rise.
- The activities of the Company may be negatively affected by natural catastrophes, extreme climate conditions, unexpected geological conditions or other physical kinds of conditions, as well as by terrorist acts perpetrated in some of its locations.
- The practices of tax evasion and product alteration on the Brazilian fuel distributions market may distort the market prices.
V) Other existing tools
The company has a Corporate Social Responsibility master plan that involves all the areas and is implemented in the five business units, adapting the strategy to the social reality of the various communities in which Abengoa is present. Corporate Social Responsibility, understood as the integration of the Expectations of interest groups into the Company’s strategy, the respect for the Law and the consistency with international standards of action, is one of the pillars of the Abengoa culture. The company informs its interest groups on the performance in the various Corporate Social Responsibility matters through a report that is based on the GRI standard for preparing sustainability reports.
This report will be externally verified as part of the company’s commitment to transparency and rigour.
In 2002 Abengoa signed the United Nations World Pact, an international initiative aimed at achieving the voluntary commitment of entities regarding social responsibility, by way of implementing ten principles based on human, labour and environmental rights and on the fight against corruption. Also, in 2008, the company signed the Caring for Climate initiative, also from the United Nations. Consequently, Abengoa put in motion a system of reporting on greenhouse gas (GHG) emissions which would permit it to register its greenhouse gas emissions, know the traceability of all its supplies and certify its products and services.
Likewise, from 2009 onwards, the company put in place a system of environmental sustainability indicators that contributes to improving the management of the company’s business, thus permitting the sustainability of its activities to be measured and compared, and establishing improvement objectives for the future. The combination of both initiatives has situated Abengoa at the helm of world leadership in sustainability management.
VI) Criminal Liability Risks
The enactment of Organic Law 5/2010 forced Abengoa to develop a system for risks management, internal control and for verifying compliance with the legal standards to ensure that possible criminal liability risks are minimized, putting in place measures aimed at prevention, detection and investigation.
D.2. Indicate whether some of the various kinds of risks (operational, technological, financial, legal, of reputation, tax-related…) that may affect the company and/or its group emerged during the financial year.
No.
If so, indicate the circumstances that led to such risks and whether the established control system worked.
Not applicable.
D.3. Indicate whether there is a committee or other governing body responsible for establishing and supervising these control devices.
Yes.
If so, outline its functions.
Name of the committee or body
Audits Committee.
Description of functions
The powers and duties of the Audit Committee include the following:
- Prepare the annual accounts and half-yearly and quarterly financial statements that must be submitted to regulatory bodies and market monitoring bodies, making reference to the internal control systems, the control mechanisms to monitor implementation and compliance through internal audit procedures and, where appropriate, the accounting principles applied.
- Inform the Board of Directors of any changes in accounting principles, balance sheet risk and off-balance sheet risk.
- Report to the General Meeting of Shareholders on questions that fall within its area of competence.
- Submit proposals to the Board of Directors for the appointment of external auditors to be approved by the General Meeting of Shareholders.
- Supervise internal audit procedures. The Committee shall have full access to internal auditing and shall report on the process of selection, appointment, reappointment, removal and remuneration of the internal audit director and on the department’s budget.
- Have full knowledge of the Company’s financial information process and internal control systems.
- Serve as a channel of communication with the external auditors for information on questions that could jeopardise the independence of the latter and any other matters relating to the audit process.
- Summon Directors to meetings of the Committee, at its discretion, to report on such matters as the Audit Committee may determine.
- Produce an annual report on the activities of the Audit Committee to be included in the Directors’ Report.
Below are the Audit Committee’s main objectives regarding the internal control over the preparation of the financial reporting:
- To determine the risks of a possible material error in the financial reporting caused by fraud or possible fraud risk factors.
- To analyse the procedures for evaluating the efficiency of internal control in relation to financial reporting.
- To obtain information on the capacity of the internal controls over the processes affecting Abengoa and its operating segments.
- To identify the material deficiencies and weaknesses in the internal control in relation to the financial reporting and the response capacity.
- To supervise and coordinate any significant changes made over the internal controls affecting the quarterly financial reporting.
- Performance of the quarterly processes of closing the financial statements and differences identified in relation to the processes performed at the year end.
- Implementing plans and monitoring for the actions taken to correct the differences identified in the audits.
- Installing measures to identify and correct possible internal control weaknesses in relation to the financial reporting.
- Analysing the procedures, activities and controls that seek to guarantee the reliability of the financial reporting and preventing fraud.
D.4 Identification and description of the processes for complying with the different regulations that affect the company and/or its group
Abengoa applies all the rules and regulations dictated by the (CNMV) Stock Market Authorities. This fact implies that for the past five financial years Abengoa has been strictly complying with the reference indicators included in the document of the CNMV’s “Systems of Internal Control over Financial Reporting.
Since 2007, Abengoa has voluntarily submitted its Internal Control Systems to an external evaluation that concludes with the issuance of an audit opinion under the PCAOB standards, and to audits to ascertain compliance with section 404 of the Sarbanes-Oxley Act (SOX).
External audit
The auditor of the individual and consolidated annual financial statements of Abengoa, S.A. for the financial year ending December 31, 2012, is Deloitte S.L. which is also the Group’s main auditor.
The external auditors issued five reports during the 2012 financial year. They are integrated into the Annual Report:
- Audit report on the Group’s consolidated financial statements, as required by the Laws in vigour.
- Voluntary audit report on internal audit compliance under PCAOB (Public Company Accounting Oversight Board) standards, as required under section 404 of the Sarbanes-Oxley Act (SOX).
- Voluntary reasonable assurance verification report on the Corporate Governance Report, being the first Spanish listed company to obtain a report of this kind.
- Voluntary reasonable assurance verification report on the Corporate Social Responsibility Report prepare by KPMG, Auditores, S.L.
- And voluntary verification report on the design of the Risk Management System in accordance with the ISO 31000 Standards and Specifications prepare by Ernst & Young Auditores, S.L.