124
III. Internal Control and Risk
Management
50. Individuals, bodies or committees
responsible for internal audit and/ or
implementation of internal control systems.
Ibersol does not have autonomous internal audit and
compliance services.
Risk management, as part of the company’s culture,
is present in all processes and is the responsibility of
all managers and employees at every level of the or-
ganization.
Internal control and the monitoring of internal control
systems are overseen by the Executive Committee.
Risk management is undertaken with the goal of cre-
ating value by managing and controlling uncertain-
ties and threats that may affect the Group companies,
with a view to the continuity of operations, to take ad-
vantage of business opportunities.
As part of strategic planning are identified and evaluat-
ed the risks of the existing businesses portfolio and the
development of new businesses and relevant projects
and defined those risks management strategies.
At the operational level, are identified and evaluated
the risks management objectives of each business
and planned actions to manage those risks that are
included and monitored in the plans of business and
functional units. With regard to security risks of tangible
assets and people are defined policies and standards,
and the self-control of its application is made, being
conducted external audits to all units and implement-
ed preventive and corrective actions for the identified
risks. In order to ensure compliance of the established
procedures is performed regularly assessing of the
main internal control systems of the group. For specific
business aspects there are risk areas whose manage-
ment has been assigned to functional departments.
The internal control and monitoring of internal control
systems are conducted by the Executive Committee.
51. Disclosure of the relationship to other
committees of the Society in hierarchical
dependence and/ or functional relation.
Not applicable as the Group does not have autono-
mous services
52. Existence of other functional areas
regarding competences in risk control.
There are central functions (the Quality, Human Re-
sources and Financial Units), reporting to the Execu-
tive Committee, that promote, coordinate and facili-
tate the development of risk management processes.
53. Main Risks to which the Company and
its Affiliates are exposed.
The Board of Directors considers that the Group is
exposed to the normal risks arising from its activity,
namely at the level of the restaurants.
Strategic and operational risks.
The business is exposed to changes in macroeco-
nomic factors and trends in consumer preferences.
The management of strategic risks involves the
monitoring of macroeconomic indicators, con-
sumer trend studies, market studies of restaurants
business, consumers consultation and monitoring
competition activity in the different markets where
the Group operates.
Operational risks are focused on the group’s value
chain processes and operational risks of the units,
relating to the supply management (supply chain
and logistics) inventory management, fund man-
agement and efficiency and security in the use of
resources and assets. The suitability and scope of
control procedures are monitored and revised when
necessary.
Given the nature of the business, there are certain
risk areas that are assigned to particular functional
departments, notably:
