1. Entity’s control environment
1.1. Responsible bodies
The description of the duties of the bodies responsible for (i) the existence and maintenance of an appropriate and effective SCIIF; (ii) its implementation, and (iii) its supervision, is provided below:
1. Board of Directors
Apart for the matters reserved for the competence of the General Meeting of controlling body of the Group, being ultimately responsible for the existence and update of an appropriate and effective SCIIF.
The Board of Directors is entrusted with the administration, management and representation of the Group, delegating in general the management of the day-to-day business of INDITEX to the executive bodies and the management team and focusing on the general supervisory function, which includes guiding the policy of the Group, monitoring the management activity, assessing the management by the officers, making the most relevant decisions for the company and liaising with the shareholders.
Pursuant to the provisions of the Articles of Association, the Board of Director’s Regulations and the Audit and Control Committee’s Regulations, it is incumbent on the Audit and Control Committee to oversee the process for preparing and releasing the regulated financial information, and to monitor the effectiveness of the SCIIF.
2. Audit and Control Committee
Among the financial and monitoring duties incumbent on the Audit and Control Committee, it is charged with overseeing the process of preparation and release of the financial information and the effectiveness of the internal control systems of the Group. In this respect, the Committee discharges, inter alia, the following functions:
- Overseeing the effectiveness of the internal control system of the Company, the internal audit, and the risks management system, including tax risks, and to discuss with the auditor the significant weaknesses of the internal control system revealed in the course of the audit.
- With regard to the powers regarding the process to prepare the regulated financial information:
- Overseeing the process of preparation and submission and the integrity of the regulated financial information relating to the Company and its Group, ensuring that the half-yearly financial reports and the quarterly management statements are drafted in accordance with the same accounting standards as the annual financial reports and to oversee the review of the interim financial statements requested from the financial auditor, with the scope and frequency that may be defined, as the case may be.
- Reviewing compliance with the legal requirements, the appropriate delimitation of the consolidation perimeter and the correct application of the generally accepted accounting principles and international financial reporting standards as may be applicable.
- Advising the Board of Directors on any significant change of accounting standard and of the significant risks on the balance sheet and off-balance sheet.
- With regard to the internal control and risk management policy:
- Overseeing the control and risk management function.
- Regularly reviewing the internal control and risks management policy, including tax risks. .
- Ensuring that the internal control and risks management policy contains at least:
- The different types of risk (including without limitation, operational, technological, financial, legal, reputational and tax related) that the Company is faced with, including among such financial or economic risk, contingent liabilities and other off-balance sheet risks;
- The determination of the level of risk that the Company deems acceptable;
- The measures planned to reduce the impact of the identified risks, should they materialize; and,
- The information and internal control systems that will be used to monitor and manage the aforementioned risks, including contingent liabilities and other off-balance sheet risks.
- Reviewing the information about the risks that the Group is faced with, and about the risk control systems, that must be included in the Annual Corporate Governance Report, the management report attached to the annual accounts and the interim financial statements and in any other information instruments of the Company;
- Evaluating any question regarding non-financial risks (including without limitation operational, technological, legal, social, environmental, political and reputational) that the control policy and the risks management systems must contain;
Most members of the Audit and Control Committee are independent directors. The Committee meets on a quarterly basis and each time it is called by its Chair. In FY2015, the Audit and Control Committee has met 5 times.
3. Financial Division.
The Dirección General de Finanzas [Financial Division] (hereinafter, DGF (Spanish acronym)) is responsible for the design, implementation and update of an appropriate SCIIF, as provided in the “Procedure for Enterprise Risk Management in respect of financial information”. Such procedure is part of the integral risks management system of the Group and it covers exclusively those risks which affect the financial information.
In this respect, DGF sets out and circulates the policies, guidelines and procedures, associated with financial information production and is charged with ensuring the appropriate enforcement thereof within the Group.
4. Internal Audit.
Internal Audit is overseen by the Audit and Control Committee to which it reports. It is charged, inter alia, with supporting such body in supervising the internal control of financial information systems, by performing specific audits about SCIIF, requesting action plans to correct or reduce any weaknesses detected and following-up the implementation of the proposed recommendations.
1.2. Elements of the process for drawing up the financial information
Additionally, with regard to the process for drawing up the financial information, a number of departments and/or mechanisms are charged with (i) designing and reviewing the organizational structure; (ii) clearly defining the lines of responsibility and authority with an appropriate allocation of duties and functions; and, (iii) ensuring the existence of the required procedures for the appropriate circulation within the company.
The design and review of the organizational structure and of the lines of responsibility and authority within the Group falls on the Board of Directors. The departments charged with drawing up the financial information are to be found within such structure.
The Nomination Committee, which is composed of a majority of independent directors is charged with providing and reviewing the criteria to be followed in the recruitment of the senior executives of the Group.
It is incumbent on such Committee, inter alia, to issue a report on any appointment and/or removal of senior executives of the Group proposed to the Board of Directors by the chief executive pursuant to the provisions of section 16.2. (g) of the Board of Directors’ Regulations.
Senior executives and the Human Resources Division (hereinafter DRRHH, (Spanish acronym)) are charged with describing duties and responsibilities of each area. Additionally, the Compensation Department, reporting to the DRRHH regularly assesses the classification, description and duties of each position. Such duties are disclosed to each of the affected areas.
For the purposes of preparing financial information, the Group has clearly defined authority and responsibility lines. The main responsibility in preparing financial information falls with the DGF.
The DGF is responsible for the existence and appropriate dissemination within the Group of the internal control policies and procedures required to ensure that the financial information is reliably prepared. Likewise, the DFG schedules the key dates and the reviews to be carried out by each responsible area.
The structure, size and definition of duties and tasks of each position within the financial area are defined by the DGF together with the DRRHH.
To carry out its activity, the DGF is organized in the following departments:
- Administration Department
- Planning and Management Control Department
- Financial Management Department
- Enterprise Risks Management Department
- Processes and Projects Department
- Tax Department
The Group relies on financial organization structures that meet local requirements in each country where it operates, headed by a Chief Financial Officer who is charged, among other things with the following:
- Designing and setting local organizational structures fit for the performance of the financial tasks allocated.
- Integrating into the local management the corporate financial policies defined by the Group.
- Adapting corporate accounting and management systems to local requirements.
- Enforcing the procedures which are part of the SCIIF of the Group and ensuring an appropriate segregation of functions at local level.
- Launching and maintaining standard controls through corporate technological tools.
Code of Conduct and Responsible Practices
The Board of Directors approved in the meeting held on 17 July 2012, following a favorable report of the Audit and Control Committee, the Code of Conduct and Responsible Practices of the Inditex Group (which replaces both the Internal Guidelines for Responsible Practices of the Inditex Group’s Personnel and the Code of Conduct) and the Code of Conduct for Manufacturers and Suppliers (which replaces the Code of Conduct for External Manufacturers and Workshops).
Therefore, the Group’s internal conduct policies are covered in the following codes:
- The Code of Conduct and Responsible Practices.
- The Code of Conduct for Manufacturers and Suppliers.
- The Internal Regulations of Conduct regarding Transactions in Securities (hereinafter, the IRC).
The Code of Conduct and Responsible Practices provides the action lines which must be followed by the Group in the performance of its professional duties.
Its goal consists of exacting an ethical and responsible professional conduct from INDITEX and its entire workforce in the conduct of their business anywhere in the world, as a gist of its corporate culture upon which the training and the personal and professional career of its employees is based. For such purposes, the principles and values which shall govern the relationship between the Group and its stakeholders (employees, customers, shareholders, business partners, suppliers and the societies where its business model is implemented) are defined.
The Code of Conduct and Responsible Practices is based upon a number of general principles, inter alia, that according to which the operations of the Inditex Group shall be developed under an ethical and responsible perspective; all persons, whether natural or legal, who maintain, directly or indirectly, any kind of professional, economic, social or industrial relationships with the Inditex Group shall be treated in a fair and honourable manner and that according to which, all the activities of Inditex shall be carried out in the manner that most respects the environment, promoting biodiversity preservation and sustainable management of natural resources.
One of the standards covered in the Code of Conduct and Responsible Practices is the “Obligation to Record Transactions”, addressed in section 4.13 thereof, according to which:
“Any and all transactions carried out by Inditex which may have an economic impact shall be clearly and accurately shown on the appropriate records of accounts, as a true representation of the transactions carried out, and they shall be made available to the internal and external auditors.
Inditex’s employees shall enter the financial information on the company’s systems in a full, clear and accurate manner, so that they would show, as at the relevant date, their rights and obligations in accordance with the applicable regulations. Additionally, the accuracy and integrity of the financial information which, under the prevailing regulations in force shall be disclosed to the market shall be ensured.
Inditex undertakes to implement and maintain an appropriate internal control system on financial reporting, ensuring the regular supervision of the effectiveness of such system.
Accounting records shall be at all times made available to the internal and external auditors. For such purposes, Inditex undertakes to provide its employees with the necessary training for them to understand and comply with the commitments undertaken by the company regarding the internal control on financial information.”
With regard to the dissemination of the above referred regulations, it is incumbent on the Human Resources Department of the Group to circulate a copy of the Code of Conduct and Responsible Practices to any new employees upon their joining the organization.
Likewise, such updated regulations are available on the corporate website (www.inditex.com) and on INET, and are subject to the appropriate measures regarding disclosure, training and awareness-raising, so that they may be understood and implemented within the whole organization. Additionally, the Code of Conduct and Responsible Practices is also available at the stores’ TGT in most countries.
In order to ensure compliance with the Code of Conduct and Responsible Practices, there is a Committee of Ethics, composed of:
- The General Counsel and Code Compliance Officer, who chairs it.
- The Chief Audit Officer.
- The Corporate Social Responsibility Director
- The Human Resources Director
The Committee of Ethics may act ex officio or at the behest of any of Inditex’s employees, manufacturers, suppliers or any third party involved in a direct relationship and with a lawful business or professional interest, further to a report made in good faith.
The Committee of Ethics reports to the Board of Directors through the Audit and Control Committee and has the following duties:
- To supervise compliance with the Code and the internal circulation thereof to the Group’s s personnel.
- To receive any manner of written instruments with regard to the enforcement of the Code and to send them, where appropriate, to the relevant body or Department which may be responsible for processing and issuing a resolution regarding such instrument.
- To monitor and supervise the management and settlement of any case.
- To solve any doubts which may arise, regarding the enforcement of the Code.
- To propose to the Board of Directors, after report from the Audit and Control Committee, any explanation or implementation rule which the enforcement of the Code may require, and at least, an annual report to review its enforcement.
- To oversee the Whistle Blowing Channel and compliance with the Procedure.
In the performance of its duties, the Committee of Ethics shall ensure:
- The confidentiality of all the information and background and of the acts and deeds performed, unless the disclosure of information is required by law or by any court order.
- The thorough review of any information or document that triggered its action.
- The commencement of such proceedings that adjust to the circumstances, where it shall always act with independence and full respect of the right of the affected person to be heard as well as of the presumption of innocence.
- The indemnity of any complainant as a result of bringing complaints in good faith to the Committee.
Decisions of the Committee of Ethics shall be binding for the Inditex Group and for its employees.
The Committee of Ethics submits a report to the Audit and Control Committee at least twice a year, reviewing its proceedings and the enforcement of the Code of Conduct and Responsible Practices.
Additionally, the Audit and Control Committee reports to the Board of Directors, on an annual basis as well as whenever this latter so requires, on the enforcement of the Code of Conduct and Responsible Practices and of the additional documents which comprise the regulatory compliance policy of the group from time to time in force.
Code of Conduct for Manufacturers and Suppliers
The Code of Conduct for Manufacturers and Suppliers defines minimum standards of ethical and responsible behaviour which must be met by the manufacturers and suppliers of the products rized by Inditex in the course of its business, in line with the corporate culture of the Inditex Group, firmly based on the respect for human and labour rights
The Code applies to all manufacturers and suppliers involved in the procurement, manufacturing and finishing processes of the products that the Group commercializes and it is based upon the general principles that define Inditex’s ethical behavior, i.e.: all its operations are developed under an ethical and responsible perspective; all persons, individuals or entities, who maintain, directly or indirectly, any kind of employment, economic, social and/or industrial relationship with Inditex, are treated fairly and with dignity; all its activities are carried out in a manner that most respects the environment; all manufacturers and suppliers (production centers that are not property of Inditex) fully adhere to these commitments and undertake to ensure that the standards which are set forth in the Code of Conduct for Manufacturers and Suppliers are met.
Manufacturers of goods commercialized by Inditex are bound to comply with this Code of Conduct for Manufacturers and Suppliers and with the Code of Conduct and Responsible Practices, to insomuch as they apply to them. Likewise, the remaining suppliers of goods and services of the Group shall enforce both Codes insomuch as they apply to them.
IRC
In turn, The Board of Directors approved on 20 July 2000, pursuant to the provisions of the then prevailing section 78 of Act 24/1988 of 28 July on the Stock Exchange and consistent rules, the “Internal Regulations of Conduct regarding Transactions in Securities of Inditex and its Corporate Group”.
The IRC governs such issues as confidentiality of relevant information, declarations of conflicts of interest, transactions in securities of Inditex and its corporate group by individuals within its scope (affected or related parties), treasury stock policy and communication of relevant facts.
Two revised texts of the Internal Regulations of Conduct regarding Transactions in Securities were approved by the Board of Directors held on 20 March and 11 December 2003, respectively, for the purposes of adjusting them first to the new obligations introduced by the Financial Act and also to the recommendations included in the Aldama Report. As a result of such review, certain concepts were redefined and control on transactions in securities which might be eventually carried out by Affected Persons was enhanced, among others.
Said revised text was lastly amended further to a resolution of the Board of Directors dated 13 June 2006, for the purposes of adjusting its contents to the provisions of Real Decreto 1333/2005 of 11 November, whereby the Stock Exchange Act was implemented in the matter of market abuse.
Finally, there is a Code Compliance Supervisory Board which reports directly to the Audit and Control Committee of the Board of Directors. Such Supervisory Board is composed of:
- The Executive Chairman
- The General Counsel
- The Director of the Capital Markets Department, and
- The Head of Human Resources.
Such Supervisory Board is responsible for developing procedures and implementing regulations to enforce the IRC. Likewise, within the Code Compliance Supervisory Board there is a Code Compliance Office. The General Counsel of the Inditex Group is the Code Compliance Officer. The Code Compliance Office is charged, inter alia, with enforcing the conduct policies of stock exchanges and the standards and procedures of the IRC on directors, officers, employees and any other person to which the IRC applies.
The proceedings of the companies which are part of the Group and of all the individuals with access to information which may be deemed to be relevant information, and namely to financial information, shall adjust to the following principles: regulatory compliance, transparency, collaboration, information, confidentiality and neutrality. Both the Code Compliance Supervisory Board and the Code Compliance Office shall ensure that the above referred principles are observed.
With regard to the IRC, the Code Compliance Office keeps a General Documentary Register of all Affected Persons (persons subject to the IRC) and is bound to inform them that they are subject to the provisions of the IRC and of any breaches and penalties which would arise, where appropriate, from an inappropriate use of Reserved Information.
Likewise, the Code Compliance Office shall inform the Affected Persons that they have been included in the General Documentary Register and about any other issues addressed by Ley Orgánica 15/1999, of 13 December on Personal Data Protection.
Whistle Blowing Channel
A Whistle Blowing Channel is available to all employees of the Group, manufacturers, suppliers or third parties with any direct relationship and a lawful business or professional interest, regardless of their tier or geographical or functional location, so that they may report through this Whistle Blowing Channel any breach of the Group’s internal conduct and regulatory compliance policies by any employees, manufacturers, suppliers or third parties with whom the Group has any direct employment, business or professional relationship and which affect Inditex or its Group.
Therefore, any breach and any manner of malpractice in respect of any codes may be reported, including those of a financial and accounting nature.
It is incumbent on the Committee of Ethics to oversee the Whistle Blowing Channel and the enforcement of the Whistle Blowing Channel Procedure.
The proceedings of such Whistle Blowing Channel are implemented in the Whistle Blowing Channel Procedure approved by the Board of Directors last 17 July 2012; such document is available on the INET.
Reports about any breach or any queries regarding the construction or application of internal conduct and regulatory compliance policies may be sent to the Company by post, for the attention of the Committee of Ethics (to Avenida de la Diputación, Edificio INDITEX, 15142 Arteixo, A Coruña (Spain)); by e-mail to: (comitedeetica@inditex.com), or by fax (+34 981186211). The confidentiality of such reports is ensured
Upon receiving the report, the Committee of Ethics verifies first whether it falls within the remit of the Whistle Blowing Channel. If so, the Committee of Ethics will refer such report to the relevant department so that it would make the appropriate investigation. Otherwise, the Committee of Ethics will order closure of proceedings.
In light of the findings reached further to the investigation, the relevant department or department shall, having heard first the interested party, propose any of the following measures to the Committee of Ethics which will have final say:
- Remedy of the breach, if appropriate,
- Proposal of penalties or relevant measures
- Closure of proceedings, where no breach has been
Training and refresher courses for personnel involved in preparing and reviewing financial information or evaluating SCIIF, which address, at least, accounting rules, auditing, internal control and risk management.
The Training and Career Development Department of the Group, which reports to the DRRHH, is charged with preparing, together with each of the areas reporting to the DGF and with Internal Audit, training and refresher schemes for the different staff members involved in the preparation and supervision of the financial information of each and every company comprising the Group. Such schemes include, both general courses focusing on business expertise and knowledge of the different departments which make up the company, and specific schemes aimed at training and refreshing employees in respect of new regulatory changes in the matter of preparation and supervision of financial information.
(a) General Induction
Aimed at gaining internal knowledge of each business unit, as well as of each department with their respective activities, functions and duties within the business.
Under this scheme, employees begin by working at the stores, getting acquainted with the whole process of running a store. Then, they spend time at the different corporate departments at headquarters and their training is competed at any of the subsidiaries of the Group abroad.
(b) Specific training
Group employees involved in procedures associated with the drafting of financial information receive regular training and refresher courses focusing mainly on learning about local and international standards governing financial information as well as the existing regulations and best practices in the area of internal control.
Within the financial environment, such training and refresher schemes are organized by the Training and Career Development Department which reports to the DRRHH.
At the beginning of each year, this Department prepares a “Training Scheme” encompassing the different courses, both external and internal, addressed to employees of the various departments comprising the DGF.
Training courses are provided on an annual basis for all new supervisors of financial areas in each country, in order to train them in respect of the management model of the INDITEX Group, and in the internal control system on financial information implemented by the Group.
Additionally, supplementary courses are taught by internal staff on the operation of financial software tools used in the preparation of financial information.
With regard to training proceedings of a technical nature carried out by professionals from the different departments of DGF during FY2015, the following stand out, among others:
- Tax and accounting update seminars
- Regulatory changes in the field of Risk Management
- Scorecards and Internal Audit Reporting
- Course on Internal Control of Tax function
- Seminar on Customs Training
- Training day on Financial Instruments
Additionally, training on International Financial Reporting Standards (IRFS) has been run to all the employees in charge of financial information of the Group present in more than 45 countries. The scheme covered the most relevant IRFS and a review of the policies issued by the Group on accounting topics.
The INET portal covers all the main courses taught, which are thus available to all the staff of the financial area.