CEPSA - 2021 INTEGRATED MANAGEMENT REPORT

2021 INTEGRATED MANAGEMENT REPORT

INTERNAL CONTROL OVER FINANCIAL REPORTING (ICFR) AND NON-FINANCIAL REPORTING (ICNFR) SYSTEM

CRIME PREVENTION MODEL (CPM)

ANTI-BRIBERY AND ANTI-CORRUPTION MODEL

OVERSIGHT APPROACH

CONTROL OBJECTIVES

MECHANISMS

ICFR: To provide reasonable assurance re- garding the reliability of financial information disclosed to the markets. ICNFR: To provide reasonable assurance regarding the completeness and accuracy of the non-financial information disclosed in the Integrated Management Report.

To prevent crime within the company.

To prevent risks related to bribery and corruption.

Certified Information Systems Auditor (CISA)(1 person) Certified Internal Auditor (CIA)(1 person) COSO Enterprise Risk Management (5 persons)

COSO Internal Control (13 persons) Internal Audit Evaluation Technician (1 person)

Internal control manual for identifying and asses- sing risks, control objectives, the control structure (general, process, information systems) and the segregation of duties.

Crime Prevention Policy, Crime Prevention Manual, set of rules and procedures for identifying and managing criminal risks using internal controls.

Anti-bribery and anti-corruption policies in the public and private domain, Crime Prevention Manual, general controls such as the segregation of duties and specific process controls.

CERTIFICATION FOR INTERNAL AUDIT, COMPLIANCE AND CORPORATE RISKS DEPARTMENT PROFESSIONALS

External audit of the system's design and effectiveness.

Certification of the control model by the N3, N2, N1 and CEO responsible for controls.

Review of key control effectiveness by Internal Audit.

Supervision of the ACER Committee and reporting of deficiencies.

Design and operation review by Internal Control and Compliance.