04. Corporate Responsability in the S&V Group

Risk management

Risk policy

Due to its strong international presence, the SyV Group carries out its activity in a number of sectors, socio-economic environments and regulatory frameworks. Consequently, the Company is exposed to various types of risks.

The SyV Group has established a sound policy to efficiently identify, evaluate and manage risks in order to reasonably guarantee the efficiency and effectiveness of its operations, reliability of information and compliance with legislation.

As established in the SyV risk control and management policy, the process begins with the identification and preliminary evaluation of risks. Due to the changing nature of the environments in which the group operates, this identification and evaluation should be updated regularly. This first stage results in risk maps and profiles identifying and grouping the main strategic and operating risks into different categories (business environment, regulation, image and reputation, human resources, operations, financial, information for decision making, technology and IT systems, and good governance), and an evaluation of the possible impact and probability that each risk could materialise.

After identifying the risks facing the Group, management’s knowledge of each risk is analysed, as are the suitability and effectiveness of decisions taken to mitigate the risk. Based on this information, each business unit’s management, under the oversight of the Internal Audit Department, establishes its risk priorities and determines the measures to be implemented, taking into account the operating viability, possible effects, and cost/benefit ratio of implementation.

Proceso de identificación de riesgos

Structure of responsibilities in risk control and management

The Board of Directors formally approves the SyV Group’s risk management and control policy and regularly reviews information and control systems. This guarantees the Board of Director’s direct involvement in overseeing the risk identification process and implementation and monitoring of adequate control and information systems.

The Internal Audit Department has obtained a Quality Certificate issued by the international Institute of Internal Auditors. Most of its auditors are Certified Internal Auditors, having passed the requisite entrance examination. Through this quality certificate and CIA qualifications, the Institute recognises the quality of the work of our internal auditors and certifies their commitment to the highest professional standards.

The Internal Audit Department, which reports directly to the SyV Group’s Chairman and is supervised by the Audit Committee, systematically evaluates the efficiency of risk identification, control and management procedures. The Department prepares an annual Internal Audit Plan which is subject to approval by the Audit Committee and which establishes the yearly priorities and the work plan required to achieve the department’s goals.

Reinforcing this structure, the different business areas of the SyV Group have assigned control and management personnel to monitor the achievement of the specific objectives identified by each business area or company as part of the overall strategic plan in force at all times.

Risk management and control activities in 2011

One of the main goals of the 2011 Internal Audit Plan was to continue moving forward in the development and updating of detailed risk maps by business area and in the framing and implementation of improvements in the SyV Group’s risk management and control policy. The Group has moved from a single global risk map to a more complex structure, in which each business line has its own risk map. When these individual risk maps are combined, the new overall Group risk map will be much more complete, detailed and up to date.

In 2011, as in 2009 and 2010, the global economic downturn brought about major changes in the magnitude and likelihood of various risks. In 2011, therefore, our efforts focused on updating existing risk maps at the Vallehermoso Group, the Testa Group, Valoriza Group and the Somague Group, paying special attention to the geographical regions where these sub-groups are particularly active (Portugal, Angola, Cape Verde, Madeira, France, the USA and Brazil).

Furthermore, we have completed the risk map for the Concessions Group and two high level risk maps, independently of the risk maps of the different businesses, which can be used as tools for managing risks associated with the two new regulatory frameworks: Supervision of internal control over financial reporting by the Audit Committee, and the impact on the company of Spain’s new Penal Code, under which corporations are held criminally liable for offences committed by their officers and employees.

The SyV Group Board of Directors formally approves the Group’s risk management and control policy and monitors its information and control systems. Therefore, following the Audit Committee’s analysis and supervision of risk control and management in the year the Board of Directors approved the risk control and management policy for 2011.

The 2011 Internal Audit Plan schedules its work in accordance with COSO risk control and management methodology. In 2011 no incidents having a significant impact were detected as a result of this work, which encompass all the Group’s areas and business lines.

The following sections provide an overview of the SyV Group’s management of the regulatory compliance risks that require a more detailed explanation due to their relevance or specific characteristics.

Regulatory compliance risks

According to the SyV Code of Conduct, compliance with legislation is one of the basic principles underlying the conduct of the SyV Group and its employees. The SyV Group is committed to reliable and respectful compliance with all legal obligations to which it is subject in any country in which it carries out activities.

Compliance with the different legal provisions is monitored primarily by the Legal Department and the Internal Audit Department, which, as of 2008, has a dedicated Regulatory Compliance Unit. Other organisational areas, including the Quality and Environmental Department and the Occupational Health and Safety Service, also help guarantee respect for prevailing legislation in the corresponding activity areas.

In view of the high volume of the Group’s activities and its diverse and complex nature, claims occasionally arise in respect of the supply and use of products and services or other causes derived from the different regulatory and sector regulation environments applicable to Sacyr Vallehermoso subsidiaries. These claims are promptly processed and either accepted or contested by the Group. The number of claims is not significant in respect of the Group’s overall activity.

Anti-corruption and anti-bribery measures

The Group’s Code of Conduct expressly prohibits any behaviour by its employees which could be considered indicative of corruption or bribery.

In 2011, the SyV Group set up the “Code of Conduct Control Unit” (OCCC), comprising members of its Senior Management. This unit processes all reports filed within the Group, and is also responsible for assuring strict compliance with the Code of Conduct.

Among other provisions, the Code expressly prohibits Group employees from offering any type of payment to illicitly obtain benefits, and from accepting gifts or any considerations that could compromise employees’ objectivity or influence in a commercial, professional or administrative relationship.

The Group’s Internal Audit Department is responsible for establishing the necessary mechanisms to prevent and detect corruption. The department has specific fraud-detection software and employs specialist personnel to carry out both the preventive and detective elements of this work.

Any signs of corruption are analysed in depth and, where there is either clear or circumstantial evidence, specific actions are taken for the particular case. In all cases the department reviews and analyses possible solutions for the specific business procedure which failed to preclude corruption practices and improvements are sought.