2. Corporate bodies responsible for drawing up and enforcing the Risks Management System
The main responsibilities of the governing bodies and areas involved in Enterprise Risks Management at the INDITEX Group are described below:
Board of Directors
- Approval of the Enterprise Risks Management Policy, on the proposal of the Management, wherein strategy in the area of risks management and the disclosure thereof to the organization is defined. Based upon such policy, the ERM System is implemented, as well as the mechanisms for the regular follow-up of internal information and control systems.
Audit and Control Committee
- Periodic review of the control policy and of the effectiveness of the ERM System, ensuring that the main risks are duly identified, managed and disclosed in an appropriate manner.
Financial Division (ERM Department)
- Setting in train the ERM System.
- Overseeing and coordinating the work of Risks Managers at each Business Unit or Area, both at corporate or format level, providing valid tools for risks assessment and management.
- Maintaining and updating knowledge, techniques, methodologies and tools allowing observance of the principles underlying the ERM system at maximum quality levels.
- Regularly reviewing the risks management policies and manuals and proposing the amendment and update thereof to the Board of Directors, where applicable.
- Coordinating and processing the information received by Risks Managers at each Business Unit or Area, reporting to the senior managers and the Board of Directors through the Audit and Control Committee.
- Monitoring the ERM System and encouraging its integration in the activities, process and decision-making.
- Promoting appropriate and effective communication channels between ERM Division and the remaining Divisions and areas involved.
Risks Managers
- Monitoring the risks under their remit, in accordance with the methodology and tools defined by the ERM Department
- Identification of events which may entail any likely risks and opportunities within the assigned scope of responsibility, reporting the necessary information to the ERM Department.
- Follow-up and notice of the risks management evolution, as well as the defined action plans.
Internal Audit
- Contributing to the improvement of risks management, control and governance processes, assuring to the Audit and Control Committee an effective and independent supervision of the internal control system and issuing recommendations for the Group which help reduce to reasonable levels the potential impact of risks which hamper the attainment of objectives of the Organization.
- Internal Audit function must always remain independent in respect of ERM System, and it shall not be responsible for making any key decisions regarding its operation.
Senior Managers
- Raising awareness regarding the weight of the ERM System and its value for all the stakeholders of the Company, encouraging the creation of an all encompassing risks management culture.
- Defining and validating functions, powers and responsibilities within the framework of the ERM System.
- Provision of appropriate and sufficient resources to implement risks management activities.
- Validation of action and work plans resulting from the risks management process itself.
- Follow-up of activities.
Additionally, certain specific Committees have been set up in respect of the follow-up of the major risks:
- Expansion Committee
- Logistics Committee
- Committee of Ethics
- Business Monitoring Committee
- Code Compliance Supervisory Board
- Committee for Information Security
- Investments Committee