The Audit Committee was created by the Board of Directors of Abengoa, S.A. on December 2, 2002 in accordance with art. 44 of the Bylaws with a view to incorporating the provisions of Act 44/2002 on Reform Measures of the Financial System (Ley 44/2002) relating to Audit Committees. Abengoa also has a corporate governance system in place that remains compliant at all times with applicable law and best practices.
According to good governance practices, the Board of Directors must have a number of specialized committees in place so as to ensure that it performs its duties effectively. This structure helps to diversify the workload, while allowing motions and resolutions on certain material issues to be heard first by a specialized and independent body with specific professional expertise, which can therefore filter accordingly and report on its decisions, the aim being to guarantee the required objectivity and ensure that motions are discussed thoroughly before being passed by the Board of Directors.
As an independent body, the Audit Committee is able to oversee the affairs of Abengoa companies, thus ensuring that they conduct their business ethically and responsibly. This duty is undoubtedly its main role at present and will continue to be so in the future.
The Audit Committee is essentially the nucleus of this drive towards responsibility, and leads by example by publishing its Audit Committee Activity Report every year. Its duties, structure and rules of internal functioning are set forth in the Regulations of the Board of Directors and in its own internal regulations. Generally speaking, the committee has been heavily involved since its inception in those areas that fall within its remit, as has been explained in the company’s published annual reports and disclosures on corporate governance.
The 2011 Audit Committee Activity Report details the activities and initiatives of the committee in furtherance of the duties entrusted to it under its different fields of activity: review of economic and financial information subject to regulation, control of material risks, oversight of the management model, monitoring the independence of the financial auditor and appraising the business of the Internal Audit Division.
The Audit Committee Activity Report for the year 2012 has been approved at the meeting held by the Audit Committee on February 20, 2013, and presented to the Board of Directors on February 21, 2013. It will then be made available to the company’s shareholders on occasion of the publication of Abengoa’s annual report and, at the latest, by the time the General Shareholders Meeting is announced.
The Internal Regulations of the Audit Committee were approved by the Board of Directors on February 24, 2003 and contain the following provisions:
The Audit Committee will have a permanent and minimum membership of three directors. At least two of these must be non-executive directors, thus maintaining the majority of non-executive members envisaged under the aforementioned Act 44/2002.
Members will be appointed to office for a maximum term of four years, which may be renewed for further four-year maximum terms.
The Audit Committee shall initially elect one of its non-executive directors as Chairman.
The Secretary to the Board of Directors shall act as Secretary to the Audit Committee.
To report on the annual accounts and half-yearly and quarterly financial statements that must be submitted to regulatory bodies and market watchdogs, with mention made of the internal control systems, the control mechanisms to monitor implementation and compliance through internal audit procedures and, where appropriate, the accounting principles applied.
The Audit Committee shall meet as often as required and, in any event, at least once a quarter in order to exercise and discharge its duties, as detailed in the previous section. As a general rule, meetings will be held at the company’s headquarters, although members may decide to hold a particular meeting elsewhere.
The Audit Committee will also meet when a meeting is convened by the Chairman acting on his or her own initiative or at the request of any committee members. Members may also ask the Chairman to include certain items on the agenda for the next meeting. Notice of the meeting must be given in writing, including the agenda, no less than three days prior to the scheduled date. However, business can also be transacted at a meeting of the Audit Committee when all the members are present and agree to hold a meeting.
There will be a quorum present at meetings of the Audit Committee when the majority of its members are present. Members may only appoint a non-executive director as their proxy.
Resolutions will be carried by the majority vote of Committee members in attendance. In the event of a tie, the Chairman will have the casting vote.
The Audit Committee is formed by a majority of non-executive directors and its current composition, together with the date on which each member was appointed, is as follows:
On february 23, 2012, and due to the intensification of their other professional duties, Professor Carlos Sebastián Gascón resigned as chairman and member of the Audit Committee, assuming the chairmanship of Professor Mercedes Gracia Diez. The Audit Committee wishes to express its appreciation for the work done during the past three years.
Prof. Mercedes Gracia Díez
Full Professor in Econometrics at CUNEF (University College for Financial Studies). BA in Economics at Universidad Autónoma de Madrid (1978) and Ph.D in Economics at New York University (1986). She has developed her academic carrier at Universidad Complutense de Madrid (on leave since 2011) and has scientific publications in international journals. She has been Chairperson of the Department of Balance Management in CajaMadrid (1996-1999) and Manager of the area of Economics and Law in the Spanish Commission of Science and Technology (1993-1996).
José Joaquín Abaurre Llorente
Audiovisual technician.
Prof. José B. Terceiro Lomba
Professor of Applied Economics at the Universidad Complutense de Madrid. He was the Undersecretary to the Presidency of the Government and has been awarded the CEOE Prize for Economics (Premio CEOE a las Ciencias Económicas) and the Rey Jaime I Prize for Economics.
Alicia Velarde Valiente:
Earned her honors degree in law from the San Pablo Center for University Studies attached to Universidad Complutense. She has been a member of the Spanish notary association since April of 1991. Since then, Alicia has worked at various notary’s office and has been at her current post in Tarancón (Madrid) since 2001. During the 1994-1995 academic year, she started to give classes in civil law at Universidad Francisco de Vitoria and continued to do so until 1999. She maintains close ties with the university today, and has been a lecturer in canon law under the doctorate program since 1999.
Ricardo Martinez Rico
Commercial Expert and State Economist. Degree in Business Administration from the University of Zaragoza, with honors. Has extended studies at the London School of Economics, Kennedy School of Harvard University and Wharton Business School. Founding partner and CEO of the Economic Team since 2008. Besides, member of the European Advisory Board created by President of American Employers (U.S. Chamber of Commerce of the United States) in Washington. In 2005-2006, he directed the Economic and Commercial Office of Spain in Washington and previously, in 2003, was appointed Secretary of State for Budget and Expenditure.
Miguel Ángel Jiménez-Velasco Mazarío
Miguel Angel holds a degree in law from the Universidad Autónoma de Barcelona (1989) and earned his master in company management and finance from the International Company Institute of Deusto University (Instituto Internacional de Empresas de la Universidad de Deusto) (1990-1991). He has been the legal manager of Abengoa since 1996 and was appointed Secretary and Advisory Lawyer to the Board of Directors in 2003.
The Audit Committee met on five occasions over the course of 2012, with all members in attendance at each meeting. These meetings, and the main issues discussed at them, are described below:
Madrid, February 14, 2012
Madrid, February 22, 2012
Madrid, February 27, 2012
Madrid, May 3, 2012
Madrid, July 30, 2012
Madrid, October 6, 2012
Madrid, November 6, 2012
Meeting its primary function of providing support to the Board of Directors, the main activities discussed and analyzed by the Audit Committee can be grouped into the following different areas of competency:
The Audit Committee’s functions include “supervision of the internal audit service” and “awareness and knowledge of the financial reporting process, internal control systems and the risks for the company”.
In order to oversee the sufficiency, suitability and efficient working of the internal control and risk management systems, the committee received regular information in 2012 from the head of internal audit in relation to:
During 2012, the Audit Committee recorded and supervised the performance of 572 tasks by the internal audit department. The tasks not included under the Plan related principally to general reviews of companies and projects that had not been envisaged in the initial planning.
As a result of the work performed, 388 recommendations were issued, most of which had been implemented by year end.
One factor that had a decisive impact on the number of recommendations issued was the performance of internal control compliance audits under PCAOB (Public Company Accounting Oversight Board) standards, in accordance with the requirements of section 404 of the Sarbanes-Oxley Act (SOX).
The following graph shows the different types of internal audit work conducted over the course of 2012:
Internal audit function at Abengoa
Internal audit function originated as an independent global function, reporting to the Audit Committee of the Board of Directors, with the principal objective of supervising Abengoa’s internal control and material risk management systems.
Structure and team
Abengoa’s internal audit function is structured around the joint audit services, which act in coordination. To discharge its functions and carry on its activities, the service has a structure based on multidisciplinary teams, formally organized by geographical area, which work under a common annual work plan and share out the workload on the basis of their respective areas of expertise, all in accordance with best international practices.
Internal audit team is formed by 41 auditors, distributed among the different business groups.
The profile of Abengoa’s internal auditors reflects the company’s commitment to employing personnel fully qualified to carry out the audit functions. Abengoa’s internal auditors seek at all times to provide excellent service when performing their work and become heavily involved in the business projects they are carrying out, with the overriding objective of creating value for the organization.
General objectives of the internal audit function are the following:
Evaluation of the internal audit function
During 2011, Abengoa finished a process of independent evaluation of the internal audit activity in accordance with the standards of the Institute of Internal Auditors.
The aim of evaluating the internal audit function was to assess the organization, processes and performance in the internal audit field, in order to fix parameters to improve internal audit effectiveness and efficiency and thus deal with an increasingly demanding competitive and regulatory environment. The task of assessing the internal audit function centers on three key elements:
Following the work conducted by an independent expert, the report concluded that Abengoa’s internal audit function is compliant with the international standards for the professional practice of Internal Auditing of the Institute of Internal Auditors (IIA).
The auditor of the consolidated and non-consolidated annual accounts of Abengoa, S.A. is Deloitte, S.L. which is also the group’s main auditor.
In late 2011, the Audit Committee of Abengoa agreed, in accordance with the provisions of its rules, opening a selection process for the appointment of auditor of annual accounts and consolidated Abengoa and its subsidiaries for 2012.
This process involved the four audit firms with greater visibility and recognition in the sector (Big4). However, two of them were unable to submit proposal for failing to meet the requirements of independence required by current regulations since some of their works performed are incompatible with the role of auditor. As a result, the Audit Committee proposed to the Board of Directors for submission to the General Meeting of Shareholders the appointment of Deloitte, S.L., in consideration of the financial offer very competitive and his career, which has been highly appreciated by the committee itself.
During 2012, the Board of Directors and the General Meeting of shareholders approved the permanent appointment of Deloitte as auditor of the financial statements of Abengoa and the consolidated financial statements of Abengoa and its subsidiaries for the year ended December 31, 2012 and the two following years. This appointment was also endorsed by the audit committees, boards of directors and general meetings or assemblies shareholders of the relevant group companies.
In addition, other firms collaborate in performing the audit, especially in small companies both in Spain and abroad, although the scope of their work is not significant for the group overall.
The Audit Committee’s functions include ensuring the independence of the external auditor, proposing the appointment or renewal thereof to the Board of Directors and approving its fees.
SOX (Sarbanes-Oxley Act) internal control audit work has been assigned to these same audit firms following the same criteria. This is because, according to PCAOB (Public Accounting Oversight Board) rules, the firm that issues the opinion on the financial statements must also be the firm that evaluates internal control processes over the preparation of the these same statements, given that this internal control is a key factor in “integrated audits”.
Abengoa follows a policy of having an external annual audit performed on all group companies, even if they are not obliged to do so because they do not meet the legal requirements.
A total of 49 new companies have been audited this year round, more than 85% of which are being audited by one of the four main international audit firms or “Big Four”. The following table provides a breakdown of the global fees
agreed upon with the external auditors for the 2012 audit, including reviews of periodic reporting and the SOX audit:
When assigning non-audit work to any of the “Big Four” audit firms, the company has a prior verification procedure in place so as to detect any possible incompatibilities that would prevent the firm from performing the work under the rules of the U.S. SEC (Securities Exchange Commission) or Spanish ICAC (Instituto de Contabilidad y Auditoría de Cuentas).
The following table reveals the fees payable to the Big Four audit firms for non-audit work performed in 2012:
The following table reveals the fees payable to the Big Four audit firms for non-audit work performed in 2012:
In 2012, a survey was conducted on the satisfaction with the service received from the main auditor during the 2011 audit. A series of conclusions have been drawn from this survey and will help to improve the work carried out jointly with the main auditor.
The Audit Committee is, furthermore, responsible for supervising the results of the work of the external auditors. Therefore, it is promptly informed of their conclusions and of any incidents noted in their audits.
When required to do so, the external auditor has attended Audit Committee meetings to report on its areas of competency, which are essentially the following:
Thus, external auditors issued five reports in 2012, all forming an integral part of the annual report:
The Audit Committee’s main objectives concerning internal control over the preparation of financial reporting are:
Internal Control Model
In February 2010, the Spanish National Stock Market Commission (CNMV) published a document titled “Internal Control over Financial Reporting in Listed Companies” (ICFR), which contains two new legal obligations that listed companies must meet from 2011 onwards:
CNMV document is based on COSO and incorporates 30 recommended practices divided into five components areas:
Since 2007, Abengoa has been voluntarily submitting its internal control systems to external evaluation, with the issuance of an audit opinion under PCAOB standards and a compliance audit under section 404 of the Sarbanes-Oxley Act (SOX).
This means that Abengoa has been complying strictly with the reference indicators included in the Spanish CNMV’s ISFR document for four straight years now.
Abengoa believes that a proper internal control system would ensure that all relevant financial information is reliable and known to the management. It therefore believes that the model developed and tailored to SOX provides the ideal partner for the common management systems, the main aim of which is to control and mitigate business risks.
The COSO model has been used as the conceptual framework, since this model most closely mirrors the approach required by SOX, which has also been presented to the Audit Committee. In this model, internal control is defined as the process carried out in order to provide reasonable assurance of the attainment of certain objectives, such as compliance with laws and regulations, the reliability of financial reporting and the effectiveness and efficiency of operations.
To carry out its responsibilities, the Audit Committee has the following supervision tools at different levels of the organization:
Company management implemented a code of professional conduct, the guiding philosophy of which is honesty, integrity and good judgment on the part of employees, managers and directors, as reflected in Abengoa’s Annual Corporate Governance Report, which provides details of the company’s governing structure, risk control systems, the degree to which recommendations on governance are followed and the reporting instruments; and in which the management’s commitment to maintaining an appropriate internal control and risk management system, good
corporate governance and ethical conduct on the part of the organization and its employees can be seen.
This code of conduct is available to all employees through the Abengoa intranet and is regularly updated. Besides, welcome manual of Abengoa and the different business groups make express reference to the code of professional conduct.
All departments, mainly human resources and internal audit, strive to ensure compliance with the code and notify management of any irregular conduct they may detect so that the appropriate measures can be adopted.
Whistleblowing channel
Following the guidelines set out in section 301 of the Sarbanes-Oxley Act (“The Act”), the audit committee of the board of directors of Abengoa S.A. (“the company”) has agreed to establish procedures to:
Therefore, Abengoa has two whistleblowing channels:
Whistleblowing policy guarantees no reprisals for whistleblowers, who may submit complaints on a confidential basis. However, both the channel internal and external complaints may be sent on the basis of confidentiality for the complainant or anonymously.
The aim of Abengoa in creating these channels has been to provide a specific means of communicating with management and the governing bodies, which may be used as a tool to inform them of any possible irregularity, non-compliance, unethical or illegal conduct or breach of the rules that govern the group.
For each complaint received, a specific work is performed by the internal audit team. Within the internal audit department, Abengoa has a specific unit dedicated to the investigation of complaints received through the various channels and the implementation of preventive nature works on fraud. Besides, in cases that involve highly technical matters, the company secures the assistance of independent experts, thus ensuring at all times that it has the sufficient means of conducting a thorough investigation and guaranteeing sufficient levels of objectivity when performing the work.
Foreign Corrupt Practices Act (FCPA)
The honesty, integrity and sound judgment of employees, executives and directors is essential to the company’s reputation and success.
In pursuit of these principles, Abengoa adhered to the United Nations Global Compact in 2002. It upholds each of the ten principles enshrined in the initiative and works to integrate them fully into the strategy and policies governing the day-to-day running of the company. In relation to principle nº 10: “Businesses should work against corruption in all its forms, including extortion and bribery”, Abengoa has various procedures in place to prevent any kind of corruption within the company.
In the fight against extortion, fraud and bribery, Abengoa upholds the provisions of the US Foreign Corrupt Practices Act (FCPA).
In particular, the FCPA criminalizes acts by companies and their executives, directors, employees and representatives to pay, promise, offer or authorize payment of anything of value to any foreign civil servant, foreign political party, heads of foreign political parties with the aim of achieving or maintaining business operations, or of obtaining any kind of improper gain.
The FCPA complements the requirements imposed by section 404 of the US Sarbanes Oxley Act (SOX).
During 2012, Abengoa continued to grow, carrying on activities in more than 70 countries. To deal with this growth in a safe and controlled manner, Abengoa has a common business management system that allows it to work on an efficient, coordinated and consistent basis.
In forthcoming years, we will be faced with an environment characterized by greater regulatory requirements. In order to deal with this scenario, Abengoa considers risk management an indispensable activity and function for strategic decision making.
Abengoa is aware of the importance of managing its risks in order to carry out appropriate strategic planning and attain the defined business objectives. To do this, it applies a philosophy formed by a set of shared beliefs and attitudes, which define how risk is considered, starting with the development and implementation of the strategy and ending with the day-to-day activities.
Abengoa’s risk management system is shown in the following diagram:
Abengoa defines risk as any potential event that may prevent the company from reaching its business objectives. Abengoa considers that a risk arises as a loss of opportunities and/or strengths or the materialization of a threat and/or strengthening of a weakness.
Abengoa’s attitude in the face of risk is awareness, involvement and anticipation. The key principles of risk management at Abengoa are the following:
The risk management process at Abengoa is a continuous cycle based on five key phases, as shown in the following diagram:
In each phase, regular and consistent communication is necessary in order to achieve good results. Since it is a continuous cycle, permanent feedback is necessary in order to achieve a constant improvement in the risk management system. These processes are addressed to all the company’s risks.
Abengoa manages its risks using the following model, described in the company’s risk management manual, which is intended to identify the potential risks of a business:
Risk treatment and response criteria are contained within the common management systems and must be observed by all employees.
The responses designed and included within the different elements that make up the Abengoa’s risk management system pursue one of the following risk management scenarios:
Abengoa’s risk management model comprises three core elements:
Those elements combine to form an integrated system that enables the company to manage risks and controls suitably throughout all levels of the organization.
The functional heads of each division must verify and certify compliance with these procedures. This annual certification is issued by the Audit Committee in January of the following year.
Objectives
The systems cover the whole organization at three levels:
Common management systems represent a common culture for Abengoa’s different businesses and are composed of eleven rules defining how each of the potential risks included in Abengoa’s risk model should be managed. Through these systems, the risks and the appropriate way of hedging against them are identified and the control mechanisms defined.
Over recent years, the common management systems have evolved to adapt to the new situations and environments in which Abengoa operates, with the overriding aim of reinforcing risk identification, covering risks and establishing control activities. The summary of annual updates is shown in the graph below:
Besides, the summary of updates split by category of rule is the following:
The compulsory procedures are used to mitigate risks relating to the reliability of the financial information, employing a combined system of procedures and control activities in key areas of the company, which are intended to ensure the reliability of the financial information and prevent fraud.
As a result of our commitment to transparency, and so as to continue to ensure the reliability of the financial information prepared by the company, we have continued to reinforce our internal control structure, adapting it to the requirements established under section 404 of the United States Sarbanes-Oxley Act (SOX). For a further year, we have voluntarily submitted the internal control system of the whole group to an independent evaluation process conducted by external auditors under PCAOB (Public Company Accounting Oversight Board) audit standards.
SOX is a compulsory law for all listed companies operating in the United States and is intended to ensure the reliability of the financial reporting of these companies and protect the interests of their shareholders and investors by establishing an appropriate internal control system. Thus, although none of the business groups is required to meet SOX requirements, Abengoa deems it necessary to comply with these requirements throughout all of its component companies, since these requirements complement the risk control model used by the company.
The company has implemented an appropriate internal control system that relies on three tools:
Our work comprises the following aspects:
At Abengoa, we have viewed this legal requirement as an opportunity for improvement and, far from being satisfied with the rules included in the Act, we have tried to develop and improve our own internal control structures, control procedures and the evaluation procedures in place.
This initiative arose in response to the swift expansion experienced by the group in recent years and projected future growth, the aim for us to continue preparing accurate, timely and complete financial reports for our investors.
In order to meet the requirements of section 404 of the SOX, Abengoa’s internal control structure has been redefined following a “Top-Down” approach based on risk analysis.
This risk analysis encompasses a preliminary identification of significant risk areas and an assessment of the company’s controls over them, starting with top-level executives - corporate and supervisory controls – then dropping to the operational controls present in each process.
Our approach is as follows:
A top-down approach to risk assessment, helping us to identify the areas of greater risk.
In 2011, Abengoa finished integrating its universal risk model, the company’s chosen methodology for quantifying the risks that compose the risk management system.
Abengoa’s universal risk model is made up of four categories, 20 sub-categories and a total of 56 principal risks for the business. Each these risks has an associated series of indicators that allow its probability and impact to be measured and the degree of tolerance to the risk to be defined, thus allowing for subsequent risk assessment and monitoring
The following diagram illustrates how Abengoa’s universal risk model works. The model is periodically reviewed and updated jointly by the internal audit departments, the heads of each area involved and the heads of risk management at corporate-level and for the different business groups.
After applying both probability and impact indicators to all the risks that make up Abengoa’s universal risk model, risks are grouped accordingly into four types, each with its own predetermined risk management strategy:
Abengoa completed implementation in 2011 of Archer eGRC, a technological solution enabling the company to automate the process of identifying, assessing, responding to, monitoring and reporting the risks that make up its universal risk model, thus helping to protect all the activities and sectors in which Abengoa is currently engaged.
During 2012, this application has been consolidated as a tool for calculation and reporting of identified risks. Since its introduction, Abengoa has been working on the application synchronization with other tools within the group with the aim of increasing process automation.
2013 presents new challenges and opportunities for Abengoa and the Audit Committee in the performance of their duties and responsibilities.
The internal audit team will continue to exercise their functions to prevent, detect and propose control mechanisms to ensure the reliability of financial information prepared by the company with the aim of providing an Abengoa adequate internal control system.
Moreover, the approach will remain focused on maintaining the three pillars that make up the risk management model in Abengoa:
The role of the internal audit team in meeting international standards on auditor independence in the provision of non-audit services, the limits on the concentration of business and other situations of incompatibility, will be enhanced.
In conclusion, the Audit Committee intends to continue maintaining the same level of demand suggests that allows improving security guarantee for the shareholders to the reliability of financial reporting and other responsibilities entrusted.
Meetings agenda
Attendance to Audit Committees
Non-audit work by nature