Annual And Corporate Responsibility Report 2017

The process of assessing risks and designing response plans go through the following stages: Determining the level of risk tolerance Risk tolerance is determined case by case on the basis of two criteria: the processes that could potentially be affected by the risk and level of results likely to be impacted Risk assessment Based on their impact (in view of the negative impact the risk would have were it to materialise) and probability (probability of occurrence is estimated independently of the controls). Assessing the level of risk exposure Depends on whether the risk is residual or inherent. Inherent risks are those that exist in the absence of actions to control their probability of occurrence and impact, while residual risks are those that remain even after the controls have been accounted for. Once the assessment has been completed, in the light of the results the system sets in motion an additional and exhaustive monitoring process for any risks that finally materialise or are more likely to do so. The response to risks that meet either of these two requirements is graduated on the basis of the stage at which they are identified: avoid, accept, reduce or share. Based on Atresmedia’s chosen approach to a risk, its extent of materialisation and the scenario that occurrence of the risk would affect, we implement appropriate action plans. Risks can arise in the following domains: regulation, competition, advertising market, technological, business, trends among communities and users, and general economic climate. The control tools for each risk on the risk map referred to above are: • Policies, Procedures and Protocols , adequately notified through the corporate communication channels to the affected areas and people. • IT Control Tools , such as: – GRC (Governance, Risks and Compliance) system – Procurement management system – Contractual engagement proposal management and authorisation system – Programme budget management and authorisation system – Quality system – IT application for compliance with the internal rules relating to securities markets | 98 |  6. GOVERNANCE AND DECISION-MAKING PROCESSES ATRESMEDIA  |  ANNUAL AND CORPORATE RESPONSIBILITY REPORT 2017