To this end, it has a risk management system covering both the risks of internal processes and those related to the environment in which the Company's activities are carried out. The system complies with the ISO 31000 Standard on the principles and guidelines regarding risk management. Additionally, Red Eléctrica has in place two specific systems, one for internal control over financial reporting (based on the US Sarbanes-Oxley) and another for internal control over operational activities (based on the SSAE 16 standard). These systems are subject to periodic internal and external audits.
The most relevant risks to which the Red Eléctrica Group is subject and that are integrated into the risk management system are the following:
In addition to the specific risks indicated above, the Red Eléctrica Group faces other risks that are commonly associated to carrying out economic and business activities, and which include:
The Board of Directors is responsible for the approval of the comprehensive risk management policy as well as for having full knowledge of the internal control, prevention and information systems and for the regular monitoring of these systems. Twice a year, the Board proceeds to review material risks and the risk control system, independent of the information that it regularly receives from the Audit Committee as part of the monitoring framework the Committee continually performs.