Book Three - Internal Audit, Risk and Compliance

As an essential element of the sustainable development strategy of the Company, its Governance and Sustainability System contains a robust regulatory framework relating to internal audit, the management of risks and corporate control, and compliance, which takes into account the highest standards in these areas.

Within Book Three - Internal Audit, Risk and Compliance, the General Risk Control and Management Foundations of the Iberdrola Group define a comprehensive system with the purpose to identify, prevent and mitigate those risks that affect the delivery of the broad and ambitious business objectives of the companies of the Iberdrola Group. The Basic Internal Audit Regulations regulate the nature, organisation and powers of the internal audit function, the basic activity of which consists of independently and proactively endeavouring to ensure the effectiveness of the governance, risk management and internal control processes.

For the preparation of the consolidated financial and non-financial information, Iberdrola, S.A. has approved certain basic principles, defined in a policy adopted by all companies of the Iberdrola Group that nevertheless takes into account the principles of subsidiarity and decentralised management.

The Company has a solid track record in compliance, in which area it continually develops of its policies and rules based on regulatory requirements and best practices. As part of its Governance and Sustainability System, it has approved the ScottishPower Compliance Policy that, together with the ScottishPower Policy on Anti-Bribery and Corruption and the ScottishPower Internal Reporting and Whistleblower Protection System, represents its firm commitment to transparency, and to the ongoing monitoring, management, and mitigate or prevention of improper conduct and acts that are illegal or contrary to law or to the Governance and Sustainability System.

The Company’s Compliance System is configured as an effective, autonomous, robust and independent system, which contributes to the full realisation of the Purpose and Values of the Iberdrola Group and of the Ethical and Basic Principles of Governance and Sustainability of the Iberdrola Group. In particular, the purpose of the ScottishPower Code of Conduct and Disciplinary Rules and the ScottishPower Code of Conduct for Suppliers is to ensure that the Company, its professionals and its value chain act in accordance with ethical principles, legality and the Governance and Sustainability System, as well as to prevent, manage and mitigate the risk of regulatory and ethical breaches.

Corporate Risks and Control

Compliance