5. Supervision of the system’s operation
Information on the main features of:
5.1. SCIIF supervision activities carried out by the Audit Committee and the existence of an internal audit function charged, inter alia, with supporting the Audit Committee in the monitoring of the internal system, including SCIIF. Likewise, the scope of SCIIF assessment carried out during the fiscal year, and the procedure by which the person in charge of performing the assessment communicates its results, existence of an action plan providing any potential corrective measures and whether the impact of such measures on the financial information has been considered
In particular, with regard to the monitoring activities about SCIIF carried out by the Audit and Control Committee during the year, it has performed, inter alia, the following:
- It has reviewed the annual accounts of the Group and the periodic financial information, this latter on a quarterly basis, to be provided by the Board of Directors to the markets and its supervisory bodies, overseeing compliance with the legal requirements and the appropriate application of the generally accepted accounting standards upon drafting such information.
- It has proposed to the Board of Directors, the terms of the agreement to be executed with auditors, the scope of their professional mandate and, where appropriate, their removal or renewal, overseeing performance of the agreement and regularly assessing their results.
- As part of its monitoring duties regarding the Internal Audit Department, the Committee has approved the annual activities report of such Department, as well as its budget and the annual audit plan.
- It has reviewed the annual audit plan of external auditors, including the audit goals based upon the assessment of financial information risks, and the main areas involved or significant transactions which shall be reviewed during the financial year.
- It has reviewed with the external auditors and with Internal Audit the internal control weaknesses detected, where appropriate, in the course of audit and review assignments. Likewise, both external auditors and Internal Audit regularly report to the Audit and Control Committee the degree of enforcement of recommendations resulting from such assignments.
It has kept regular meetings with other corporate departments of the INDITEX Group for the purposes of overseeing the effectiveness of internal control systems of the Group, including SCIIF, and verifying their suitability and integrity and the degree of implementation of action plans to meet audit recommendations.
Internal Audit is a corporate function included in the current organizational structure by means of a direct link to the Board of Directors, which ensures a full independence in the performance of its activities. Internal Audit reports to the Audit and Control Committee.
Management of the area is central from headquarters and it relies on representatives at such geographical areas where the presence of the Inditex Group justifies such existence. Additionally, the area is divided into specialized areas, which permits to gather deeper knowledge on risks and processes.
Internal Audit’s budget is approved on an annual basis by the Audit and Control Committee which provides for the human and material resources, both internal and external of the Internal Audit area.
Among the goals of the Internal Audit function are the assessment of risk exposure and the suitability and effectiveness of controls vis-à-vis risks identified and namely, those regarding reliability and integrity of financial and operational information.
Based upon the Scoping Matrix of SCIIF Risks, Internal Audit drafts a pluri- annual plan for the regular review of SCIIF of the Group which is submitted to the update and approval of the Audit and Control Committee on an annual basis.
Such pluri-annual plan envisages reviews of SCIIF for the main processes and geographical areas with a material impact on financial statements of the Group. Priority reviews are set in accordance with the risks identified. Suitability of such plan shall be reviewed every year, further to the update of the process to identify and assess financial information risks.
Namely, the design and effective operation of key transactional controls and of general controls on the main software tools involved in the preparation of the financial information, is subject to review, as well as the review of the general control environment.
Additionally, this review is complemented by the execution and review (KRI, key risk indicators) defined by Internal Audit on most critical risks areas, which have been designed to detect and reduce likelihood of risks and mistakes, including those of a financial nature and fraud. Execution of such key risk indicators is centralized for all business units and geographical areas, pursuant to the annual plan.
In the implementation of its proceedings, Internal Audit relies on different audit techniques, mainly interviews, analytical reviews, specific control tests, reviewing both the effectiveness of design and the effective operation thereof, review of the effectiveness of software tools and material tests.
Likewise, Internal Audit carries out certain limited procedures of analytical review on consolidated financial statements for the first and third quarter of the year on consolidated information.
Results of the assignments, together with the corrective measures proposed, where appropriate, are reported to the DGF and the Audit and Control Committee. The implementation of such measures has been subsequently monitored by Internal Audit and reported to the Audit and Control Committee.
5.2. Discussion procedure whereby the auditor, (in accordance with the provisions of the NTA), the internal audit function and other experts may disclose to the senior management and to the Audit Committee or the directors of the company any significant internal control weaknesses identified in the course of the review of the financial statements or any other assignment entrusted. Likewise, existence of an action plan to try and correct or reduce weaknesses observed
Internal Audit regularly reports to the DGF and the Audit and Control Committee the internal control weaknesses identified in the reviews of SCIIF of the Group, as well as the follow-up of the action plans set out to settle or reduce them.
Meanwhile the external asuditors regularly meet with the DGF and Internal Audit, both to gather information and to disclose any potential control weaknesses which they might detect, where appropriate, in the course of their work.
In the course of its meetings, the Audit and Control deals with the potential weaknesses in control which might have an impact on financial statements, requesting, where appropriate, from the affected areas the relevant information to assess any effects on the financial statements.
Section 43.4 of the Board of Directors’ Regulations provides that: “The Board of Directors shall endeavor to definitively prepare the accounts in such a manner that they do not give rise to qualifications on the part of the auditor. Nonetheless, when the Board considers that it must maintain its criterion, it shall publicly explain the content and scope of the discrepancy”.
To meet the provisions laid down in the above-referred section 43.4, any discussion or different view existing is anticipated in the meetings held between the Audit and Control Committee and the external auditors. Meanwhile, external auditors report, where appropriate, about the main improvement issues on internal control identified as a result of their work. Additionally, the Management reports on the degree of implementation of the relevant action plans set in train to correct or reduce the issues identified.
On the other hand, the Audit and Control Committee meets with the auditors of the individual and consolidated statements for the purposes of reviewing on the one hand the financial statements of the Group and on the other, certain half-yearly financial information that the Board of Directors must provide to the market and its supervisory bodies, overseeing compliance with legal requirements and the appropriate enforcement of generally accepted accounting standards upon preparing such information.
During FY2014, members from the Internal Audit Department have attended five meetings of the Audit and Control Committee and external auditors four meetings.