P.

17

2018 Pillar 3 Disclosures

Risk Management

undertaking of its functions, for which it has unrestricted access to all the areas, departments

and employees, physical or computer activity records, and in general all repositories holding

physical or digital documentation that are necessary to carry out its activity.

The objectives of Internal Audit are as follows:

•

Assess internal control systems and procedures designed by the bank to adapt, measure,

monitor, and control risks deriving from activities and verify that they are adequate and

effective.

•

Assess accounting, data processing, and information systems.

•

Assess control systems and procedures for safeguarding assets.

•

Examine the systems and procedures established to ensure compliance with the applicable

regulations.

•

Examine the reporting of information.

•

Prove compliance with standards, policies, and established procedures.

•

Monitor second-level control units, including Standards Compliance, the Operational Risk Unit,

Internal Control, and the Risk Department.

•

Inform senior management, in good time and appropriately, of the results of the reviews and

activities undertaken.

•

Keep the Audit Committee constantly informed of any issues that could imply an increase in

risk with regard to that approved by the Board of Directors.

•

Verify compliance with the methodologies used according to that approved by the Board of

Directors.

•

Audit of the technological environment and risk applications.

Internal Audit publishes reports including an assessment of the work carried out in these fields,

as well as recommendations they consider necessary to resolve any identified incidents and

an expected resolution date. Similarly, Internal Audit carries out ongoing monitoring of the

recommendations, with the aim of checking that they have been properly implemented.

2 | 2.2