5. Supervision of the system’s operation
5.1. SCIIF supervision activities carried out by the Audit Committee
In particular, regarding the monitoring activities about SCIIF carried out by the Audit and Control Committee during the year, it has performed, inter alia, the following:
- It has reviewed the consolidated annual accounts of the Group and the periodic financial information, this latter on a quarterly and half-yearly basis, to be provided by the Board of Directors to the markets and its supervisory bodies, overseeing compliance with the legal requirements and the appropriate application of the generally accepted accounting standards upon drafting such information.
- It has proposed to the Board of Directors, the terms of the contractual relationship with auditors, the scope of their professional mandate and, where appropriate, their removal or renewal, overseeing performance of the agreement and regularly assessing their results.
- As part of its monitoring duties regarding the Internal Audit Department, the Audit and Control Committee has approved the annual activities report of such Department, as well as its budget and the annual audit plan.
- It has reviewed the annual audit plan of external auditors, including the audit goals based upon the assessment of financial information risks, and the main areas involved or significant transactions which shall be reviewed during the financial year.
- It has reviewed with the external auditors and with Internal Audit the internal control weaknesses detected, where appropriate, in the course of the different audit and review assignments. Meanwhile, both external auditors and Internal Audit have regularly advised the Audit and Control Committee on the degree of enforcement of recommendations resulting from such assignments.
- It has kept regular meetings with other corporate departments of the INDITEX Group for the purposes of overseeing the effectiveness of internal control systems of the Group, including SCIIF, and verifying their suitability and integrity, and the degree of implementation of action plans to meet audit recommendations.
Internal Audit is a corporate function included in the current organizational structure by means of a direct link to the Board of Directors, which ensures a full independence in the performance of its activities. Internal Audit reports to the Audit and Control Committee.
Management of the area is central from headquarters and it relies on representatives at such geographical areas where the presence of the Inditex Group justifies such existence. Additionally, the area is divided into specialized areas, which allows gathering deeper knowledge on risks and processes.
Internal Audit’s budget is approved on an annual basis by the Audit and Control Committee which provides for the human and material resources, both internal and external of the Internal Audit area.
Among the goals of the Internal Audit function are the assessment of risk exposure and the suitability and effectiveness of controls vis-à-vis risks identified and namely, those regarding reliability and integrity of financial and operational information.
Based upon the Scoping Matrix of SCIIF Risks, Internal Audit drafts a pluri- annual plan for the regular review of SCIIF of the Group which is submitted to the Audit and Control Committee for approval on an annual basis.
Such pluri-annual plan entails reviews of SCIIF for the main processes and significant elements regarding the financial statements of the Group. Review priority is set in accordance with the risks identified. Such plan is implemented through annual planning which determines the scope of the annual SCIIF reviews. The suitability of such plan is reviewed every year, further to the update of the process to identify and assess financial information risks.
Namely, the design and effective operation of key transactional controls and general controls on the main software tools involved in the preparation of the financial information, is subject to review, as well as the review of the general control environment.
Additionally, this review is supplemented by the execution and review of key risk indicators (KRI) defined by Internal Audit on most critical risks areas and which have been designed to detect and reduce likelihood of risks and mistakes, including those of financial nature and fraud. Execution of such key risk indicators is centralized for all business units and geographical areas, pursuant to the annual plan.
In the implementation of its proceedings, Internal Audit relies on different audit techniques, mainly interviews, analytical reviews, specific control tests, reviewing both the effectiveness of design and the effective operation thereof, review of the effectiveness of software tools and material tests.
Likewise, Internal Audit carries out certain limited procedures of analytical review on consolidated financial statements for the first and third quarter of the year on consolidated information.
Results of the assignments, together with the corrective measures recommended, where appropriate, are reported to the DGF and the Audit and Control Committee. The implementation of such measures is subsequently monitored by Internal Audit and reported to the Audit and Control Committee.
5.2. Discussion procedure between the financial auditor, the internal audit function and other experts to disclose significant internal control weaknesses identified and action plan
Internal Audit regularly discloses to the DGF and the Audit and Control Committee the internal control weaknesses identified in the reviews carried out, as well as the follow-up of the action plans set out to settle or reduce them.
Meanwhile, the External Auditors regularly meet with the DGF and Internal Audit, both to gather information and to disclose any potential control weaknesses which may have been detected, where appropriate, in the course of their work.
In the course of its meetings, the Audit and Control considers the potential weaknesses in control which might have an impact on financial statements, requesting, where appropriate, from the affected areas, the relevant information to assess any effects on the financial statements.
Section 45.5 of the Board of Directors’ Regulations provides that: “The Board of Directors shall endeavour to draft the final accounts in such a manner that they do not give rise to qualifications on the part of the auditor. Nonetheless, when the Board of Directors considers that it must maintain its criterion, it shall publicly explain the contents and scope of the discrepancy.”
To meet the provisions laid down in the above referred section 45.4, any discussion or different view existing is advanced in the meetings held between the Audit and Control Committee and the external auditors. Meanwhile, external auditors report, where appropriate, about the main improvement issues on internal control identified as a result of their work. Additionally, the Management reports on the degree of implementation of the relevant action plans set in train to correct or reduce the issues identified.
On the other hand, the Audit and Control Committee meets with the auditors of the individual and consolidated statements for the purposes of reviewing on the one hand the financial statements of the Group and on the other, certain half-yearly periodic financial information that the Board of Directors must provide to the market and its supervisory bodies, overseeing compliance with legal requirements and the appropriate enforcement of generally accepted accounting standards upon preparing such information.
During FY2015, members of the Internal Audit Department have attended five meetings of the Audit and Control Committee and the External Auditors four meetings.