Internal Audit
A principled model that contributes to value creation and protection
This is the internal and independent unit that oversees the proper functioning of the Group's internal control, risk management systems and governance processes. In its role, we incorporate international best practices to ensure its proper functioning, work that demonstrates our commitment to quality and professional practice.
The Internal Audit Department, reporting to the Internal Audit and Risk Department, has as its main function the independent and objective provision of assurance and advisory services to add value and improve the Company's operations, providing a systematic and disciplined approach to assess and improve the effectiveness of the Group's risk management, internal control and governance processes.
Its activities are governed by the provisions of the Basic Internal Audit Regulations of Iberdrola, SA [PDF], which form part of the Company's Governance and Sustainability System. This standard regulates, among other aspects, the nature, organisation, competencies, resources, activities, powers, and duties of the members of the Internal Audit function, as well as the framework of their relationships within the Group.
Internal Audit Independence
The independence of the Internal Audit role from executive management responsibilities is fundamental to its objectivity, authority and credibility.
As a guarantee of independence, the director of the Internal Audit and Risk Area reports hierarchically to the chairman of the Board of Directors and functionally to Iberdrola's Audit and Risk Supervision Committee (ARSC).
With this same positioning, there are Audit and Compliance Committees (ACC) and Internal Audit departments in the various country-based subholdings, with which there are internal coordination mechanisms, working under the same methodological and quality framework defined in accordance with the International Framework for Professional Practice approved by the Institute of Internal Auditors.
In addition, the independence of the internal audit function at Iberdrola is established through:
Accountability to the Board of Directors
Unrestricted access to the people, resources and data needed to complete its work
The absence of conflicts of interests with the provision of audit services
Internal Audit Activities
The annual activity plans of Iberdrola's Internal Audit Division and of the Internal Audit divisions of the Group are prepared considering the Company’s most significant risks, from a perspective coordinated with other assurance functions, providing an independent view of the operation and effectiveness of the risk management, internal control systems and governance processes established in the Group.
All of this responds to the requirements set by the ARSC and the respective ACCs of the country subholdings, including the following lines of work:
Supervision of the comprehensive system and risk control established at the Group level, and its adequacy to ensure compliance with risk guidelines and limits.
Supervision of the effective functioning of the internal control over financial reporting (ICFR) and internal control over sustainability information (ICSI) systems to prepare and present the Group's financial and sustainability information, as well as other information that, as a listed company, it must periodically disclose.
Audits of the internal control systems of the Company's Compliance System, which aims to prevent, manage and mitigate the risk of regulatory and ethical breaches.
Supervision of mechanisms for the implementation of environmental, social and corporate governance policies, among others.
In addition, the Internal Audit Department assists the Committee in the development of its competencies, in particular about the supervision of the effectiveness of the internal control, risk management systems and governance processes, relations with the statutory auditor and the supervision of the process of preparing the related financial and non-financial information.
Commitment to professional and quality standards
The Internal Audit function aligns its performance globally with the International Professional Practices Framework for internal auditing approved by the Institute of Internal Auditors (IIA), which contains the global standards for internal auditing. This International Framework guides the professional practice of the internal audit profession throughout the Group, as a guarantee of our commitment to quality and professional practice.
The commitment to compliance with these International Standards is embodied in the maintenance of the most relevant international certification issued by the Institute of Internal Auditors, the Quality Assurance certification, which guarantees that Internal Audit applies the highest quality standards and works in accordance with the global internal auditing standards.
The members of Internal Audit have the most relevant professional certifications, which accredit the knowledge and experience of the teams and their continuous training, including Certified Internal Auditor (CIA), Certified Information System Auditor (CISA), Certified Fraud Examiner (CFE), Certified in Risk Management Assurance (CRMA).
As part of its commitment to continuous improvement and operational efficiency, the Internal Audit function has established a strategic plan designed to evolve its activities so that they contribute to achieving the Group’s objectives. This plan is built around three strategic lines:
Digitalization
Continuous innovation and the promotion of the use of tools and techniques based on data analytics and artificial intelligence.
Combined assurance
Collaborative and coordinated approach with other internal and external assurance functions.
Client focus
Focusing on relevant tasks and on-time, client-focused reviews.
Digitalization
Continuous innovation and the promotion of the use of tools and techniques based on data analytics and artificial intelligence.
Combined assurance
Collaborative and coordinated approach with other internal and external assurance functions.
Client focus
Focusing on relevant tasks and on-time, client-focused reviews.
Iberdrola, S.A. Board of Directors
As provided in the Regulations of the Board of Directors, the Board of Directors of Iberdrola, S.A. has the broadest powers and authority to manage and represent the company.
Learn more about the Board of Directors
Regulations of the Audit and Risk Supervision Committee
The purpose of these regulations is to ensure the independence of the Audit and Risk Supervision Committee and to determine the principles of action and the rules governing its internal functioning.
View PDF
Basic Internal Audit Regulations
This standard regulates the nature, organisation, competencies, powers and duties of the internal audit function corresponding to IBERDROLA, S.A.'s Internal Audit and Risk Department.
See PDF
Iberdrola, S.A. Board of Directors
As provided in the Regulations of the Board of Directors, the Board of Directors of Iberdrola, S.A. has the broadest powers and authority to manage and represent the company.
Learn more about the Board of Directors
Regulations of the Audit and Risk Supervision Committee
The purpose of these regulations is to ensure the independence of the Audit and Risk Supervision Committee and to determine the principles of action and the rules governing its internal functioning.
View PDF
Basic Internal Audit Regulations
This standard regulates the nature, organisation, competencies, powers and duties of the internal audit function corresponding to IBERDROLA, S.A.'s Internal Audit and Risk Department.
See PDF