F. Internal risks monitoring and management systems in relation to the process of financial reporting (System of Internal Control over Financial Reporting).

Describe the mechanisms entailed in the risks monitoring and management system in relation to the company’s financial reporting (System of Internal Control over Financial Reporting) process.

F.1 The Company’s control environment

Report, pointing out the main characteristics of at least:

F.1.1. The bodies and/or functions in charge of: (i) the existence and maintenance of an appropriate and effective System of Internal Control over Financial Reporting; (ii) its introduction; and (iii) its supervision.

The System of Internal Control over Financial Reporting, (hereinafter, SICFR), is part of Abengoa’s general system of internal control and is set up as a system prepared to provide reasonable assurance of the reliability of financial report published. The body in charge of it, pursuant to the Regulations of Abengoa’s Board of Directors, is the Board of Directors and, within it, the duty of supervision is conferred on the Audits Committee in accordance with the regulations thereof.

Thus, the Board of Directors is in charge of setting up and maintaining a compulsory Audits Committee as inferred from Article 27 of the Bylaws of the Board of Directors. Accordingly, the duties that the Board entrusts to the Audits Committee entail, in relation to the SICFR, “the supervision of the process of elaborating and integrating the financial report regarding the company and, as the case may be, the group, revising the compliance with regulatory requirements”. Also, according to said article, the duties of the Board include “the regular revision of internal risks monitoring and management systems, to ensure appropriate identification, management and reporting of the main risks”.

F.1.2. The following elements, if existing, especially in relation to the process of elaborating the financial report:

• Departments and/or mechanisms in charge of: (i) designing and revising the organizational structure; (ii) clearly defining the lines of responsibility and authority, with an appropriate distribution of duties and tasks; and (iii) ensuring the existence of sufficient procedures for its correct announcement through out the entity.
  
  As stipulated by the Board of Directors Regulations:
  
  • It is in charge of defining the structure of the Group of companies, on the proposal of the company’s chief executive, the appointment and possible dismissal of senior executives of Abengoa and other companies making up the group.
  • The core components of the board’s mission is to approve the company’s strategy and the organization required for its execution, and to ensure that management attains the objectives while pursuing the company’s interests and corporate purpose.
  • Through the relevant departments, the board of directors will strive for the correct and integral announcement of the relevant information of the company including but not limited to that related to the call for the general shareholders’ meeting, its agenda and contents of the proposed agreements, relevant facts, agreements signed by the last shareholders’ general meeting held, the internal regulations of corporate governance and Annual Report. The media for announcing will be the most adequate for ensuring that unrestricted announcements are made and in a timely manner, including the Company’s webpage.
• Code of conduct, body of approval, degree of publication and instruction, principles and values including (indicating whether there is specific mention of the recording of transactions and the elaboration of the financial report), body in charge of analysing breaches and of proposing the correct actions and sanctions.
  
  At Abengoa there is a code of ethics and professional conduct approved by the board of directors and available on the Intranet in both Spanish and English, which outlines the ethical and responsible behaviour that must be assumed in the execution of company activities and in managing the businesses, by the management team and all the professionals of Abengoa and its subsidiaries. Abengoa runs a continuous on-the-job training program in which courses are imparted on topics of Code of Conduct. It is compulsory for all employees to attend said courses and to show proof by signing attendance sheets, and the company ensures that all Abengoa employees have learned, received and understood said information.
  
  We are proud to mention that in 2013 we provided 1,864,251 hours of training in the whole Group (9,189 hours in Abengoa, SA), attended by 22,177 employees.
  
  Said Code of Conduct demands the following:
  
  • The highest standards of honesty and ethical behaviour, including appropriate and ethical procedures for dealing with actual or possible conflicts of interests between professional and personal relationships.
  • The most complete, just, precise, timely and intelligible communication in all periodical reports that Abengoa must submit to the organs of Administration or in all reports that may be made.
  • Compliance with the applicable laws, standards, rules and regulations.
  • The tackling of actual or possible conflicts of interests and the provision of orientation to ensure that employees, managers and board members report such conflicts to Abengoa.
  • The interruption of the poor use or poor application of Abengoa’s properties and business opportunities.
  • The maximum level of confidentiality and fair trade in and outside Abengoa.
  • The immediate internal reporting of any breach of said Code of Conduct and the appropriate reporting of all illegal behaviours.
    
    All information made public and all media releases deemed to be affecting Abengoa must first be approved by the board of directors or by the manager who may have been previously entrusted with performing such duty.
    
    Its appropriate follow-up is a source of profitability and security in the execution of the activities of Abengoa. Said regulations ensure the veracity and reliability of the financial report.
    
    The Board of Directors is in charge of, and, by virtue thereof, its Chairman, Committees set up, delegated committees or, as the case may be, Managers entrusted therewith, the classification of the breaches of the Common Management Systems.
• Whistleblowing channel, which enables reporting of irregularities of financial and accounting nature to the audits committee, in addition to possible breaches of the code of conduct and irregular activities in the organization. The reports may be filed in secrecy or anonymity.
  
  An important aspect of responsibility and transparency is to provide a mechanism by which any interested party may safely and secretly report irregularities, unethical or illegal conducts that, in his/her opinion, occur in the execution of the Company’s activities.
  
  In this manner and following the guidelines provided in section 301 of the Sarbanes-Oxley Act, the Audits Committee decided to establish specific procedures for:
  
  • The reception, safeguard and treatment of complaints or reports that the company may receive in relation to the accounting, internal monitoring of the accounting or auditing matters.
  • Employees of the company to be able to secretly or anonymously send information in good faith on the dubious or arguable policies of accounting and auditing.
  • Towards that end, Abengoa has a double mechanism for receiving complaints or reports:
  • An internal channel, which is available to all employees, so that they can notify any alleged irregularity in accounting or audits or breaches of the code of conduct. The communication channel is by e-mail or ordinary mail.
  • An external channel, available to anyone outside the company, so that they can notify any alleged irregularities, fraudulent actions or breaches of Abengoa’s Code of Conduct through the web page (www.abengoa.com).
• Training programs and regular updates for the personnel involved in the preparation and revision of the financial report, as well as in the evaluation of the System of Internal Control over Financial Reporting, which should at least cover accounting regulations, auditing, internal risks monitoring and management.
  
  The Human Resources Management works together with the Economic-Financial Management to impart regular training, both internally and externally, to the personnel involved in the preparation of the Financial Statements of the Group.
  
  The training programs are fundamentally focused on the correct knowledge and update on the International Financial Reporting Standards (IFRS) and on the laws and other rules and regulations on the Internal Control over Financial Reporting (Common Management Systems).
  
  Both the Internal Audits Management and Global Risks Management keep themselves informed and up-to-date on the latest on Risks management and Internal Control, especially on Financial Reporting.
  
  During the 2013 financial year, the Departments related with the preparation, revision and reporting of financial information received various publications as updates to the accounting and financial standards, internal control and tax, including courses by internal experts in relation to the updating of accounting standards.

F.2 Financial Reporting Risks Assessment

At least reporting the following:

F.2.1. What are the main characteristics of the process of identifying risks, including those of error or fraud, with regards to:

Whether the process does exist and is documented.

Abengoa has introduced a process for identifying and evaluating risks: the Universal Risks Model which is updated on regular basis. Said model enumerates the risks identified by the organization, classified into categories and sub-categories, assign indicators to each to enable them to measure their probability and impact and to define the degree to which they may be tolerated.

And finally, the types of risks related with the accounting and the submission of the financial report, the management of debt and equity financing, planning and budgeting and the tax strategy of transactions:

Whether the process covers the entire objectives of the financial reporting, (existence and occurrence; integrity; evaluation; presentation, breakdown and comparability; and rights and obligations), if updated and at what frequency.

The URM is designed to cover all risks that are identified. Among them are a lot that refer to the preparation and submission of the financial report, accounting records, debt management and equity financing, planning and budgeting and the tax strategy of transactions:

Identified risks are covered and mitigated by Abengoa’s internal monitoring system. All risks previously linked with the process by which the financial information is prepared are under control such that it may be guaranteed that the financial information appropriately adheres to the requirements of existence, occurrence, integrity, evaluation, presentation, breakdown and comparability.

The existence of a process for identifying the consolidation perimeter, considering, among other things, the possible existence of complex corporate structures, instrumental or special purpose entities.

The consolidation perimeter of Abengoa undergoes revisions during each quarterly closing. The Consolidation department is in charge of analysing companies that enter and exit said perimeter. Both the creation and acquisition of companies, as well as their sale or dissolution, are subject to internal authorization processes that permit the clear identification of all entries and exits to and from the consolidation perimeter.

Whether the process takes into account the effects of other types of risks (operational, technological, financial, legal, reputation, environmental, etc.) in the manner in which they affect the financial statements.

As already mentioned, the URM is the methodology for the identification, compression and evaluation of the risks that may affect Abengoa. The purpose is to obtain an integral vision of them, designing an efficient system of response that is in line with the business goals and objectives of the company.

It is made up of 56 risks classified into 20 categories that are grouped into 4 large areas (financial risks, strategic risks, regulatory risks and operational risks).

All risks of the model are evaluated based on two criteria:

• Probability of occurrence: Degree of frequency at which to be sure that a specific cause will expose Abengoa to an event with negative impact.
• Impact on Entity: Set of negative effects on the strategic goals and objectives of Abengoa.

Which corporate governance body supervises the process?

The financial information preparation process is the absolute responsibility of the Board of Administration. In accordance with the regulations of the administrative body, the financial information must first be certified by the Chairman of the Board and the Corporate Directors of the department of Consolidation and Internal Auditing before its presentation.

Likewise, as set forth in section F.5 of this document, the Board of Directors entrusts the Audits Committee with the duties of supervising the system of internal control and monitoring which ensures that the preparation of the financial information strictly abides by the required standards.

F.3 Control Activities

Report pointing out the main characteristics of the following, if any, is at least include:

F.3.1. Procedures for reviewing and authorizing the financial reporting and the description of the System of Internal Control over Financial Reporting, to be published at the stock market, indicating responsibilities, as well as the descriptive documents of cash flows and monitoring (even in connection with fraud risks) of the various types of transactions that could materially affect the financial statements, including the accounting closure proceedings and the specific revision of the judgements, estimates, evaluations and relevant projections.

In accordance with the Board of Directors Regulations, the integrity and exactitude of the Annual Accounts presented to the Board of Directors for approval must first be certified by the Chairman of the Board of Directors and by the Director of the Department of Corporate Consolidation and Audits.

When the Board of Directors receives the reports issued by the Corporate General Directorate and obtains the necessary clarifications, it must clearly and precisely declare that the contents of the Annual Accounts and the Management Report can be easily understood.

The Board of Directors must ensure that that said documents depict the true state of the asset, the financial statement and the profit and loss outcome of the company, in conformity with the stipulations of the Law.

Thus, the Board of Directors will decide on and take as many actions and measures deemed necessary to ensure the Company’s transparency on financial markets, promoting correct information on the prices of the Company’s shares, supervising financial-related information regularly made public and performing as many duties as may be required of the company’s status as a listed company.

The process or structure effectively followed in certifying financial report, done on quarterly basis, reflects the manner in which financial report is generated at Abengoa.

In said structure, the information to be reported is prepared by company heads, then revised by heads of the respective Business Units and by the respective Corporate areas heads who certify both the reliability of the financial report on the area under their charge –which is what they submit for consolidation at group level- as well as the effectiveness of the internal control system set up to reasonably ensure said reliability. Finally, the chairman and CEO, as the Topmost executive, and the directors of Internal Audits and Corporate Consolidation certify the reliability of the consolidated accounts to the Board of Directors in the quarterly Audits Committee. With the support of the Internal Audits management, said Committee supervises the entire certification process, and submits its conclusions from said analysis to the Board of Directors in the sessions in which the accounts will be officially signed. The information will then be published at the National Securities Exchange Commission (CNMV) once submitted to the Committee.

• At the close of the 2013 financial year there were ongoing claims and legal controversies filed by and against Abengoa and its group of companies, as a natural consequence of its business and of the economic and technical claims that parties to contracts often mutually file.
• Below is a summary of the most significant legal claims that, even though, in the opinion of the directors, it is not expected to jointly or severally bear any adverse material impacts on the consolidated financial statements, due to their nature, it is not easy to predict the final rulings:
  • In May 2000, Abengoa Puerto Rico SE, a subsidiary of Abengoa SA, filed a lawsuit against the Puerto Rican Electric Power Authorities (EPA) and liquidated the contract that both parties had signed in relation to an EPC Project for the construction of an Electricity Plant in Puerto Rico, in which the EPA was the Prime Contractor. Said lawsuit contained several claims like, among others, withholding of payments, unpaid invoices, loss of future benefits, damages and other costs, which reached approximately 40 million Dollars.
  • In reaction to the lawsuit filed by Abengoa Puerto Rico SE, the EPA filed an appeal, which it based on the contract, against Abengoa Puerto Rico SE and, at the same time, filed another lawsuit against and claiming the same amount from Abengoa and its insurer, American International Insurance Company of Puerto Rico. The EPA is claiming approximately 450 million Dollars.
  • On April 29, 2013, The European Commission initiated an inspection of the Parent Company Guarantee (PCG) and that of all the other companies that are directly or indirectly under its control, including that of Abengoa Bioenergy Trading Europe BV, with regards to the possibility of it participating in anti-competition agreements or in actions presumably aimed at the manipulation of the results of Platts’ equity appraisal value at the close of the day (CDD), as well as denying access to one or several companies to participate in the CDD value appraisal process. According to such European Commission decision, since 2002 there has been the suspicion that anti-competition behaviours may be occurring or that companies may have entered agreements and/or may be specifically coordinating their actions and that various markets that utilize the CDD method of reporting Platts’ price may be involved, including the biofuels market. Our understanding is that the investigation is still at the preliminary stages and that the European Commission has not yet instigated any formal legal proceedings. Abengoa SA believes that both the company itself as well as the members of the Group implicated (including Abengoa Bioenergy Trading Europe BV) have always acted in conformity with the applicable laws in matters of competition. Even though we are actively cooperating with the European Commission in said investigation, It is not possible for us to predict the final ruling of any legal proceedings that may be instigated in relation with the object of the investigation.
• The legal consultants department of Abengoa SA meet regularly in committees with the different legal consultants of the various subsidiaries of Abengoa to be informed of the legal situations of ongoing litigations and later they report to the Chairman’s office where subsequent discussions are held during the Board of Directors meetings on the situations of the most significant conflicts.

F.3.2. Policies and procedures of internal control of information systems (especially on safety and security of access, monitoring of changes, operating them, operational continuity and separation of functions) that back the entity’s relevant processes with regards to the elaboration and publication of the financial report.

Among the controls studied for mitigating or managing the risks of error in financial reporting are those related to the most relevant computer applications, like controls relating to user access permissions or to the integrity of information transfer between applications.

In addition, Abengoa follows guidelines or standards and procedures of internal control over information systems in relation to acquiring and developing software, acquiring systems infrastructure, installing and testing software, managing changes, managing service levels, managing services performed by third parties, systems security and access to them, managing incidents, managing operations, the continuity of operations and the segregation of functions. Said guidelines and procedures -which in some cases are different based on geographical scope and which are in the process of gradual homogenization- are applied to all information systems including those that house the relevant processes of the generation of financial report, and to the infrastructure necessary for its functioning.

In geographies where Abengoa operates, the entire internal network of computer infrastructure is controlled by a Department of internal professionals who are charged with defining and executing the group’s IT and telecommunications strategy, as well as user support, systems operation and IT security. Abengoa has an Internet Technology (IT) security system in place that envisages the recovery of relevant information in the event of a system crash. Said security system is managed through the aforementioned internal IT Department.

F.3.3. Policies and procedures of internal control aimed at supervising the management of activities sourced out to third parties, including the aspects of evaluation, calculation or assessment entrusted to independent experts, which could materially affect the financial statements.

In general terms, Abengoa does not retain third party subcontractors to perform significant tasks that directly affect financial reporting. Third-party assigned assessments, evaluations or calculations that could materially affect the financial statements are considered activities deemed relevant for generating financial report that may lead, as the case may be, to the identification of risks of priority errors, thus implying the designing of associated internal controls.

Abengoa has a method of approval through an authorization that grants Executive support which, among other things, must be acquired by the Department that needs to outsource a service. Such contracts are subject to reviews before being signed, including their analysis and internal approval of the fundamental hypothesis to be used.

F.4 Information and Reporting

Report pointing out the main characteristics of at least:

F.4.1. A specific function entrusted with defining, maintaining accounting policies updated (area or department of accounting policies) and resolving doubts and conflicts derived from their interpretation, maintaining constant communication with those in charge of the transactions in the organization, keeping the accounting policies manual updated and reporting to the units through which the entity operates.

Abengoa operates with an Accounting Policies Manual. Said manual establishes the accounting policies criteria that must be observed when the company is preparing the financial report using the financial reporting framework established by the International Financial Reporting Standards adopted by the European Union.

The manual is available to all employees of Abengoa.

Said manual, is also subject to regular updates for the purpose of including all new applicable rules and regulations. The department of Consolidations and Accounting Policies is responsible for updating the manual which was last updated during the 2012 financial year.

F.4.2 Mechanisms for gathering and preparation of financial information in standard format, application and use by all units of the entity or the group, supporting key financial statements and notes, as well as detailed information about the SCII.

All the entities that make up Abengoa’s consolidated group use the same tools and applications for financial reporting, regardless of whether the information system isused to keep the accounting records. Said tools, regularly supervised by the Consolidation Department, ensure that the financial information reported by companies is complete, reliable and consistent. Thus, the information reported during the closing of financial year includes all breakdowns deemed necessary for the preparation of consolidated financial statements and their explanatory notes.

F.5 System Operation Supervision

Report, pointing out the main characteristics of at least:

F.5.1. The activities of supervising the System of Internal Control over Financial Reporting performed by the audits committee, and of whether the entity has an internal audits system that is empowered to support the committee in supervising the internal monitoring system, including the SICFR. Also provide information on the scope of the assessment of the SICFR performed during the financial year and on the process by which the head of the assessment reports the results, whether the entity has an action plan that outlines the possible corrective measures, and whether its impact on the financial reporting has been considered.

The Board of Directors is in charge of ensuring the appropriate registration of the operations in the accounting records, of maintaining a structure of internal control and accounting for the purpose of preventing and detecting errors and irregularities. In accordance with the Board of Directors Regulations, the Audits Committee is entrusted with the following duties:

• To report on the Annual Accounts, as well as on the quarterly and half-yearly financial statements that must be issued to the regulatory or supervisory bodies of the securities markets, with express mention of the internal control systems, verification of compliance and monitoring through internal audits and, when applicable, on the accounting criteria applied.
• To supervise the preparation process and the integrity of the financial report on the company and, if applicable, the group, and to verify compliance with regulatory requirements, the appropriate boundaries of the scope of consolidation and the correct application of Accounting principles.
• Frequently review the systems for the internal monitoring and risks management, so that the main risks are identified, managed and properly disclosed.
• Supervise and ensure the independence and effectiveness of the duties of internal audits and supervising them, with full access to said audits, propose the selection, appointment, re-selection and dismissal of heads of internal audits, propose the budget for said unit, and set the salary scale of its Director; obtain regular information on the activities and the budget of the unit; and ensure that the senior management considers the conclusions and recommendations in its reports.

The Audits Committee’s functions include the supervision of the internal audits service and obtaining information on the financial reporting process, the internal control systems and on the risks for the company.

On the other hand, with regards to the supervision of the internal controls system, the goals of the duty of internal audits are as follows:

• To prevent the group companies, projects and activities from exposure to audits risks such as fraud, capital losses, operational inefficiencies and, in general, any risks that may affect the healthy running of the business.
• To ensure the continuous application of the standards, appropriate procedures and efficient management in accordance with the Common Management Systems.

The Internal Audits Department of Abengoa

The internal audits service originated as an independent global function, reporting to the audits committee of the board of directors, with the principal objective of supervising Abengoa’s internal monitoring and significant risk management systems.

Abengoa’s internal audit service is structured around the joint audit services, which act in coordination. To ensure the performance of its functions while executing its activities, its structure is based on multidisciplinary teams, formally organized by geographical areas, working under a single annual plan of activities and sharing the execution of their tasks and duties on the basis of qualifications, ensuring that their performance are in line with the best international practices.

The team of internal auditors is comprised of 49 professionals, scattered amongst the various business units. The following are the characteristics of the team:

• The average age an internal auditor in Abengoa is currently at approximately 31 yrs
• The male and female percentage is 60% and 40% respectively.
• Professional experience averages around 7 years.

Approximately 75% of the auditors have previous experience from one of the Big4 external auditing firms. The characteristics of the internal auditors of Abengoa shows the company’s commitment to only engaging qualified personnel to perform the auditing duties. Abengoa’s internal auditors are intimately tied to the culture of the service in the performance of their activities and to their involvement with the business project they execute with the main aim of creating value for the organization.

The general goals of internal auditing are as follows:

• To prevent the group companies, projects and activities from exposure to audits risks such as fraud, capital losses, operational inefficiencies and, in general, any risks that may affect the healthy running of the business.
• To ensure the continuous application of the standards, appropriate procedures and efficient management in accordance with the Common Management Systems.
• To create value for Abengoa and its business units, promoting the construction and maintenance of synergies and the monitoring of optimal management practices.
• To coordinate work criteria and approach with the external auditors, seeking the most efficiency and profitability of both functions.
• Analysis and processing of the complaints received through whistle-blowing and reporting the conclusions of the work performed to the Audit Committee.
• To evaluate the companies’ audit risk following an objective procedure.
• To develop Work Plans using scopes that are convenient for each different situation.

Evaluation of the Internal Audit Service

During the 2011 financial year, Abengoa terminated an independent evaluation procedure for auditing based on the standards of the Institute of Internal Auditors.

The purpose of the evaluation was to analyse the organization, the processes and performance in the field of internal audits, in order to set the parameters for improving the effectiveness and efficiency of auditing so as to be able to deal with an increasingly competitive and regulatory environment. The assessment of internal auditing is structured around three key elements:

• Mission of the internal auditors to comply with Abengoa’s expectations and requirements.
• Professionals of the Internal Audit Service
• Infrastructures and operations used by the internal auditors to perform their work.

Following the work performed by an independent expert the report concluded that Abengoa’s internal auditors is in line with the international standards for the professional practice of internal auditing, of the Institute of Internal Audit (IIA).

F.5.2. Whether there is a discussion procedure by which the accounts auditor (pursuant to the stipulations of the NTA), the function of the internal audits and other experts may report the significant weaknesses identified in the internal monitoring during the revision of the financial statements or all the others entrusted to them to the top management and to the audits committee or to the directors of the entity. Also report whether there is an action plan for correcting or mitigating the weaknesses uncovered.

The Internal Audits’ office regularly informs the senior management and audits committee on the weaknesses identified in internal control in revisions performed on the processes during the financial year, and on the introduction of the action plans put in place to ensure the mitigation of said weaknesses.

On the other hand, the accounts auditor of the group retains direct access to the group’s senior management, holding regular meetings both to obtain the information necessary for the execution of its duties as well as to report on the weaknesses detected in (internal) control during the auditing. The external auditors will issue the economic and financial director and the audits committee an annual report detailing the weaknesses it detected in the internal control while performing its duties.

F.6 Other Information of Interest

The external auditors issued five (5) reports during the 2013 financial year. They are integrated into the Annual Report:

• Audit report on the Group’s consolidated financial statements, as required by the Laws in vigour.
• Voluntary audit report on internal audit compliance under PCAOB (Public Company Accounting Oversight Board) standards, as required under section 404 of the Sarbanes-Oxley Act (SOX)
• Voluntary reasonable assurance audit report on the Corporate Governance Report, being the first Spanish listed company to obtain a report of this nature.
• Voluntary reasonable assurance audit report on the Corporate Social Responsibility Report Issued by KPMG, Auditores, SL.
• And voluntary audit report on the design of the Risk Management System following the ISO 31000 Standards and Specifications.

F.7 Report from the External Auditor

Report:

F.7.1. Whether the external auditor revised the SICFR information issued to the markets and, if so, the entity must include the corresponding report as annex. Otherwise, if that is not the case, the entity must provide its reasons.

Abengoa applies all the rules and regulations dictated by the (CNMV) Stock Market Authorities. This fact implies that for the past five financial years Abengoa has been strictly complying with the reference indicators included in the document of the CNMV’s “Systems of Internal Control over Financial Reporting.

Since 2007, Abengoa has voluntarily submitted its Internal Control Systems to an external evaluation that concludes with the issuance of an audit opinion under the PCAOB standards, and to audits to ascertain compliance with section 404 of the Sarbanes-Oxley Act (SOX).

The auditor of the individual and consolidated annual financial statements of Abengoa, for the financial year ending December 31, 2013, is Deloitte S.L. which is also the Group’s main auditor.