02. PRISA, a global group Annual Report 2013 35 of generated significant contingent liabilities resulting from transactions associated with your account and susceptibility to errors or fraud losses. In order to perform a full risk assessment, this analysis is performed on each business group, as they primarily generate financial information that serves as the basis for preparing consolidated financial statements of the Group. The risk profile of each business unit is determined by the contribution of it to the consolidated financial statements, and assessing the risks specific to what you consider, among other factors, the nature of their activities, centralization or decentralization of operations, their specific risks, the existence of errors or significant incidents reported in previous years, the risks specific to the industry or the environment in which it operates and the existence of significant judgments or estimates in accounting principles applied. For each of the business units considered significant, identify the most important accounts. After identifying significant accounts and disclosures at the consolidated level and in each business unit, we proceed to identify the relevant processes associated with them, and the main types of transactions within each process. The objective is to document how key relevant processes transactions are initiated, authorized, recorded, processed and reported. For each account are analyzed controls that cover the assertions to ensure the reliability of financial reporting, ie that recorded transactions have occurred and pertain to that account (existence and occurrence) of transactions and assets are registered in the correct amount (assessment / measurement), the assets, liabilities and transactions of the Group are properly broken down, categorized and described (presentation and disclosure) and there are no assets, liabilities, and significant transactions not recorded (completeness). Among the significant processes is included determining the scope of consolidation of the Group, which conducts monthly Consolidation department, set in the Corporate Finance Department. The system of identification and risk assessment of the internal control over financial reporting, formally documented with this structure for the first time in the fiscal year 2011, has been updated in the year 2012, and is expected to update at least annually. The system is monitored, as mentioned above, by the Audit Committee and, ultimately, by the Board of Directors. Control activities The Group has documentation describing the flows of activities and process’s controls identified as significant in each business unit and at corporate level. From this description identifies the key risks and associated controls. Documentation of control activities are performed on risk and control matrixes by each process. In these matrices the activities are classified by their nature as preventive or detective, and depending on the coverage of associated risk, as keys or standard. In each significant business unit there is a documented process about the closing as well as specific processes concerning relevant judgments and estimates, according to the nature of the activities and risks associated with each business unit. In relation to the review and approval process of financial reporting, a phased certification process is developed on the effectiveness of internal control model of financial reporting. At a first level, the CEOs and CFOs of the business units and companies that are considered significant, confirm in writing the effectiveness of defined controls for critical processes as well as the reliability of financial information. Following these confirmations, and based on the report on the testing of controls performed internally, the CEO and CFO issued the certification on the effectiveness of internal control model over the Group’s financial information in accordance with section 404 of the Sarbanes-Oxley. Also, in relation to this process, as mentioned above, there are procedures for review and approval by the governing bodies of the financial information disclosed to the securities markets, including specific oversight by the Audit Committee of significant risks. As for the controls on the processes of systems or applications that support critical processes of business, these are intended to maintain the integrity of systems and data and ensure its operation over time. The controls referred on information systems are essentially
PRISA Annual Report 2013
To see the actual publication please follow the link above