CHAPTER 2 A future-proof company

60

MAIN ASPECTS OF THE INTERNAL CONTROL SYSTEM

OVERSIGHT OF INTERNAL CONTROL AND THE 3-LINE MODEL

BOARD OF DIRECTORS

MANAGEMENT

KEYWORDS

INTERNAL AUDIT

EXTERN AL ASSU

RAN CE PROVID

ERS

OVERSIGHT OF INTERNAL CONTROL

3-LINE MODEL

AUDIT, COMPLIANCE, ETHICS AND RISK (ACER) COMMITTEE

Approves the risk control and manage- ment policy and oversees internal infor- mation and control systems. Ensures an internal control environment conducive to the generation of reliable, complete and timely financial information.

Front-line roles: provision of products or services to customers, risk manage- ment and implementation of the necessary risk control measures.

Second-line roles: experience, advice, mo- nitoring and questioning in risk-related matters.

Actions (including risk management) to achieve the organisation's objectives

COSO methodologies (2013) ISAE 3000 (International Standard on Assurance Engagements) UNE 19601 (Crime Prevention Model Certification) ISO 37001 (Anti-Bribery and Anti-Corruption Model Certification)

Independent assurance

Accountability, reporting.

Delegate, management, resources and oversee.

Alignment, communication, coordination and collaboration.

Performs the delegated function of supervising internal control systems and advising the Board of Directors on all matters relating to risk management, internal control, compliance and internal audit systems.

Third-line roles: independent and objective assurance on any subject relating to the achievement of objectives.

Roles of the governing body: integrity, leadership and transparency.

GOVERNING BODY Stakeholder accountability in organisational oversight

CERTIFICATIONS AND REFERENCE FRAMEWORKS