Internal audit
The Audit unit is a multidisciplinary team that helps the company meet its strategic goals by evaluating and proposing improvements that bring risk management, control, and governance processes into line with international standards.
To guarantee the independence of the audit function, it reports to the Audit and Control Committee of the Board of Directors of Repsol, S.A., and for the purposes of internal organization, it reports to the Executive Managing Division of Energy Transition, Technology, Institutional Affairs, & Deputy CEO.
Mission and principles
The Repsol Audit Division has a mission to protect and improve the value of the Organization by providing objective assurance, advice, and risk-based knowledge to support the Audit and Control Committee’s work.
In carrying out its role, the Audit area adheres to the following principles:
Code of Ethics and Business Conduct
To carry out our role, as well as complying with the Repsol Group's Code of Ethics and Business Conduct, we follow the Internal Audit Bylaws and Institute of Internal Auditor's International Standards for the Professional Practice of Internal Audit, which includes the Code of Ethics for the profession.
What we do
We independently assess the reasonableness and adequacy of the design and functioning of internal control systems, risk management, and Group governance processes, as well as the reasonableness of operations with third parties.
When carrying out the assessment, we ensure that the internal control guaranteed by the company covers the following objectives:
Audit activities
The planning activities and the work of the Audit Division cover the entire world, including all operated, non-operated, and co-operated assets.
Audit and Control Committee
The Audit and Control Committee provides the Board of Directors with support to perform its monitoring responsibilities by periodically reviewing the process for drafting financial reports, evaluating the effectiveness of its executive controls, monitoring internal audit and the independence of the external auditors, and reviewing compliance with all the legal provisions and internal norms that apply to the company.
The Audit and Control Committee is regulated by the provisions of the Corporate Bylaws and the Regulation of the Board of Directors, which establish its composition, operation, and responsibilities. This Regulation establishes the organizational principles and operation of the Board of Directors of Repsol, S.A. and the norms that govern its legal and statutory activity, in addition to its supervision and control system. The Regulation also complements the discipline applicable to the Board of Directors established in current commercial legislation and the Corporate Bylaws.
Internal Control & Risk Management
The Internal Control and Risk Management units are multidisciplinary teams that help the company meet its strategic goals by evaluating and proposing improvements that bring risk management, internal control and governance processes in accordance with the established polcies of the company.
To guarantee the independence of the their function, they report to the Audit and Control Committee of the Board of Directors of Repsol, S.A. and, for the purposes of internal organization, to the Executive Managing Division of Energy Transition, Technology, Institutional Affairs, & Deputy CEO.
Internal control
Repsol has an Integrated Internal Control model in place that follows the COSO (Committee of Sponsoring Organizations of the Treadway Commission) framework and includes the Group’s formally developed Internal Control and Compliance Systems, most notably the Systems of Internal Control over Financial and non-financial Reporting and the Crime Prevention Model, among other compliance models.
The System of Internal Control over Financial Reporting (ICFR) is aimed at reasonably ensuring the reliability of the Group’s financial reporting. The ICFR model is based on the methodological framework of COSO 2013 as set out in their report Internal Control‐Integrated Framework, which provides an integrated framework for internal control over financial reporting that is designed to ensure that transactions are recorded faithfully, in conformity with the applicable accounting framework, providing reasonable assurance in the prevention or detection of errors that might have a material impact on the information contained in Consolidated Financial Statements. The Audit, Control and Risks department annually evaluates the design and functioning of the Group ICFR and draws conclusions on its effectiveness.
Additionally, Repsol has in place a range of procedures, an overarching action framework and specialized teams dedicated solely to ensuring that its internal and external obligations are properly fulfilled. The internal control and the compliance functions reinforce compliance culture across the Group and improve our ability to identify and monitor ethics and compliance risks.
Enterprise risk management
As a global integrated energy company, Repsol is exposed to risks that can affect its future performance. Such risks must be managed effectively in accordance with the established Risk Management Policy.
The company has an organization, procedures and systems that allow it to reasonably manage the risks to which the group is exposed, such that risk management is an integral part of decision-making processes in both corporate governance bodies and business management. The Integrated Risk Management System (SGIR in Spanish) provides a comprehensive, reliable and advance view of all risks that might affect the company, in accordance with the recommendations of:
The company has the commiment to reasonably ensure compliance with the objectives of each organizational area, including operational, financial and non-financial objectives, communication of financial and non-financial information, andregulatory compliance, through information and internal control systems based on the principles of the COSO reference framework
This risk maps is regularly updated and report to the Audit and Control Committee.