4.1 Corporate governance model [307-1, 419-1]

CIE Automotive has articulated a corporate governance model to effectively protect the corporate interest. It complies with the leading international standards and Spain’s Good Governance Code For Listed Companies. In 2017, the Group brought its risk management system to a new level and consolidated its role in Forética’s Transparency, Integrity and Good Governance Cluster.

This governance regime is articulated around a body of in-house rules and regulations, comprising the Bylaws, the rules governing its governance bodies (the Board of Directors and its committees and the Annual General Meeting), the corporate policies regulating stakeholder relations and a series of internal rules, most notable among which the internal codes of conduct:

The principles dictating how the system works are defined in the official Corporate Governance Policy. In addition, the process map, revised in 2017, assigns a body specifically to compliance with and development of this universe of procedures.

The Board of Directors defines and regularly reviews the Group’s organisational structure at the highest level; it delegates the duty of ensuring that the areas below this structure have the human and capital resources they need in the executive team.

In the pursuit of transparency, both the rules and regulations formulated by the Group and its Annual Corporate Governance Reports and Annual Director Remuneration Reports are available for consultation by stakeholders on the corporate website, www.cieautomotive.com, in keeping with the technical and legal formalities and specifications stipulated by Spain’s securities market regulator, the CNMV, in Circular 3/2015 (of 23 June 2015).

The Company did not receive any significant fines for non-compliance with laws or regulations in the social, economic or environmental arenas in 2017.

Member of Forética’s Transparency, Integrity and Good Governance Cluster

CIE Automotive has been a member of the Transparency, Integrity and Good Governance Cluster created by the business platform, Forética, since 2016. During its second year, this forum continued to attempt to set the standard in the areas of transparency, governance and business ethics and to have Spain embrace the key trends and debates taking place around the world in these fields from a business perspective, collaborating to this end with governments and opinion leaders.

During the first half, the forum addressed the growing concerns at businesses about how to prioritise and embed ethics models within their management, acknowledging that there is still much to be done among business leaders. During the second half, the cluster focused more on compliance matters and the creation of value driven by transparency.

Against this backdrop, in the wake of approval of Directive 2017/828 of the European Parliament and of the Council, of 17 May 2017, amending Directive 2007/36/EC as regards the encouragement of long-term shareholder engagement, CIE Automotive attended a seminar at which the requirements implied by the new legislation were outlined ahead of its transposition into Spanish law in June 2019. As a result, CIE Automotive is already working in-house on its adaptation to the new directive.

Elsewhere, it is worth recalling that CIE Automotive’s engagement with Forética also extends to membership of its Climate Change Cluster and participation in seminars of great interest to the Company such as the one that addressed supply chain sustainability.

4.2 Corporate governance bodies [102-18, 102-22]

4.2.1 Annual General Meeting

The shareholders’ meeting is CIE Automotive’s highest decision-making body. Its duties and powers are regulated in the Bylaws and AGM Regulations

In 2017, the Annual General Meeting took place on 4 May and was attended by 174 shareholders, in person or duly represented, which hold 80.56% of the company’s share capital.


  • Approval of the financial statements of CIE Automotive, S.A. and of its consolidated group and grant of discharge to the Board of Directors for 2016.
  • Approval of the proposed distribution of profit for 2016. Payment of a final dividend from 2016 profits of €0.21 per share (before withholdings), which was paid out on 5 July 2017, topping up the interim dividend of €0.20 per share paid out on 5 January 2017.
  • Grant of authorisation to the Board of Directors for the derivative acquisition of own shares, directly or through group companies, in accordance with articles 146 and 509 of the Spanish Corporate Enterprises Act, superseding the authorisation granted at the General Meeting of 26 April 2016, and reduction of share capital to cancel own shares, delegating powers for the execution thereof in the Board of Directors.
  • Appointment of PricewaterhouseCoopers as the auditor of the Company’s separate and consolidated financial statements.
  • Presentation of the Annual Report on Director Remuneration at CIE Automotive, S.A. by means of an advisory vote.
  • Delegation of powers to execute the aforementioned resolutions.

For further information about the AGM.

Shareholders of record within at least five days of the scheduled meeting date are entitled to attend the Annual General Meeting. The members of the Board of Directors are obliged to attend the Meeting under article 10 of the AGM Regulations. The quorum for calling the AGM to order is that stipulated in article 196 of the Spanish Corporate Enterprises Act.

4.2.2 Board of Directors [102-18, 102-23, 102-26, 102-27]

CIE Automotive’s Board of Directors is its highest governance body and is made up of 13 members. The directors’ duties and powers are regulated in the Bylaws and Board Regulations

In 2017, the Board of Directors met on six occasions and all the meetings were presided by its chairman.

Board of directors (as of 31 december 2017)

Position Class of director Executive Committee Apointments and Remuneration Committee Audit and Compliance Committee CSR Committee
Don Antonio María Pradera Jáuregui (*) Chairman Executive Chairman
ELIDOZA PROMOCION DE EMPRESAS, S.L., represented by Doña Goizalde Egaña Garitagoitia Vice Chairwoman Proprietary Member Chairwoman
Don Jesús María Herrera Barandiarán Chief Executive Officer Executive Member
Don Ángel Ochoa Crespo Member Independent Chairman Member
Don Carlos Solchaga Catalán Member Independent Member Chairman
Don Francisco José Riberas Mera Member Proprietary Member Member
Don Juan María Riberas Mera Member Proprietary
Don Fermín del Río Sanz de Acedo Member Executive Member
MAHINDRA & MAHINDRA, Ltd. represented by Don Shriprakash Shukla Member Proprietary
MAHINDRA & MAHINDRA, Ltd. represented by Don Vankipuram Parthasarathy Member Proprietary
ACEK DESARROLLO Y GESTIÓN INDUSTRIAL, S.L., represented by Don Francisco López Peña Member Proprietary Member
ADDVALIA CAPITAL, S.A., represented by Doña María Teresa Salegui Arbizu Member Proprietary Member Member
QMC DIRECTORSHIPS, S.L., represented by Don Jacobo Llanza Figueroa Member Proprietary

Secretary, non-member: Roberto José Alonso Ruiz.
Deputy Secretary, non-member: José Ramón Berecibar Mutiozabal
(*) Antonio María Pradera Jáuregui stepped down as executive chairman at the board meeting of 12 December 2017, switching to a proprietary director, with effect from 1 January 2018.

Board of Directors committees

Executive Committee

A permanent committee in which the Board has delegated all of its powers other than those that cannot be delegated pursuant to its Bylaws and those specifically reserved to the Board of Directors.

On 12 December 2017, the Board of Directors resolved to eliminate the Executive Committee, thus revoking the powers originally vested in it, and to create a new Board committee, the Strategy and Operations Committee, which began to operate in January 2018.

At the recommendation of the Appointments and Remuneration Committee, Antonio María Pradera Jáuregui, Jesús María Herrera Barandiarán, Francisco José Riberas Mera and Fermín del Río Sanz de Acedo have been appointed as members of the new Strategy and Operations Committee.

As a result of the above resolutions, the Board of Directors has amended article 15 of the Board Regulations and introduced a new article 19bis.

Antonio María Pradera Jáuregui Chairman Executive
Jesús María Herrera Barandiarán Member Executive
Fermín del Río Sanz de Acedo Member Executive
Francisco José Riberas Mera Member Proprietarity

Audit and Compliance Committee

Its purview is to oversee the financial reporting process and ensure the independence and effectiveness of the internal audit function. Its duties include revising the internal control and risk management systems, selecting, appointing and replacing the auditor and taking receipt of information from the auditor, whose independence it must safeguard. This committee met six times in 2017.

Carlos Solchaga Catalán Chairman Independent
ADDVALIA CAPITAL, S.A. Member Proprietary
Ángel Ochoa Crespo Member Independent

Appointments and Remuneration Committee

Among other duties, this committee is tasked with formulating and reviewing the criteria for selecting director candidates, proposing and monitoring the director remuneration system, in particular the amounts of their annual pay, and overseeing new director selection procedures. It met twice in 2017.

Ángel Ochoa Crespo Chairman Independent
Francisco José Riberas Mera Member Proprietary
Carlos Solchaga Catalán Member Independent

Corporate Social Responsibility Committee

Created in 2015, this Committee is made up of three members and its job is to promote the Company’s corporate governance and sustainability strategy, among other duties. It met on two occasions in 2017.

ADDVALIA CAPITAL, S.A Member Proprietary

Director profiles and diversity [405-1]

The members of the Board of Directors of CIE Automotive are prestigious professionals who have demonstrated their competence and credibility over the course of their careers.

Of the Company’s 13 directors, three are executive, two are independent and eight are proprietary. That means that 20% of the non-executive members are independent. Moreover, these independent directors sit on the Appointments and Remuneration Committee and the Audit and Compliance Committee. Female directors (two) account for 15.38% of the Board seats. By nationality, 11 of the directors are Spanish and two are Indian.

The roles of the Chairman and CEO are clearly defined in the Company’s Board Regulations and fall to different people, even though both sit on the Board of Directors. CIE Automotive reinforced its governance at the end of 2017 when the Chairman gave up his executive duties, staying on as a proprietary director.

Director CVs and qualifications

Antón Pradera

Antonio María Pradera Jáuregui

CHAIRMAN (EXECUTIVE, until December 2017)

A road engineering graduate from Madrid’s Polytechnic University, Mr. Pradera began his career in 1979 as a director at Banco Bilbao, where he worked until 1985. In 1988, he was named executive director of Nerisa, where he stayed until 1993, when he moved to SEAT as director of strategy. He played an important role in the creation of INSSEC in 1995, where he served as chief executive until 2010. Since 2002, he has been serving as the Executive Chairman of CIE Automotive, working in the strategy and financial design departments, and of Global Dominion Access, S.A. Since May 2015, he has been a director at Tubacex and since June 2015, a director at Corporación Financiera Alba.

Goizalde Egaña

Goizalde Egaña Garitagoitia


A graduate of economic and business science from Deusto University in San Sebastián, where she also completed post-graduate studies in Business Competitiveness and Regional Development and an executive financial management programme. She began her career in the finance department of Compañía Ibérica de Encuadernaciones S.A. (CINENSA) in 1989 and later joined the team of auditors at Attest Consulting (1990 – 1992). She served on the board of INSSEC and is currently a director at Global Dominion Access, S.A.

Jesús Herrera

Jesús María Herrera Barandiaran


A graduate of business studies and economics from the Basque University, Mr. Herrera also holds a Master of International Expansion (from Euroforum). He joined CIE Automotive as CFO in 1991, also heading up the HR function for CIE Orbelan. In 1995, he was named deputy manager and in 1998 he was promoted to general manager. In 2000, he took over management of CIE Brazil and in 2002, of CIE Plasfil. That same year he was named global director of CIE Plástico, a position he held until 2005, when he took up the general manager spot at CIE America. He has been the CEO of Autometal S.A. since 2010 and in 2011 he was named COO for the entire group, although just a year later he would be named general manager of CIE Automotive. Lastly, in 2013, the Board of Directors appointed Mr. Herrera as CEO of CIE Automotive. He is also a director at Global Dominion Access, S.A.

Ángel Ochoa Crespo

Ángel Ochoa Crespo


A graduate of business administration from the Basque University, Mr. Ochoa also holds a Master of International Business Administration (MIBA) from the United States International University of San Diego. He boasts 23 years’ experience in the financial sector, having held a number of positions, including that of manager of the Multinationals Department at Barclays Bank, deputy director of Corporate Banking at Lloyds Bank, deputy general manager at Banque Privée Edmond de Rothschild Europe in Spain and director for the Basque and Cantabria regions at Banco Sabadell Atlántico. He has also sat on the boards of several open-ended collective investment schemes (SICAVs). He is currently the financial advisor in the investment area and partner at the firm Angel Ochoa Crespo EAFI. He is also director and secretary of ISLOPAN, S.A.

Carlos Solchaga Catalán

Carlos Solchaga Catalán


A graduate of economic and business science from Madrid’s Complutense University, Mr. Solchaga has also completed post-graduate studies at the Alfred P. Sloan School at the Massachusetts Institute of Technology (MIT). In 1980, he was elected member of the Spanish Parliament as deputy for the PSOE and was subsequently re-elected in 1982, 1986, 1989 and 1993, ultimately presiding the Socialist Party’s Parliamentary Group in 1993-94. Other noteworthy appointments: member of the Basque regional government prior to approval of the Euskadi Autonomous Statute (1979-80); president of the IMF’s Interim Committee (1991-1993), Minister of Industry and Energy (1982-1985); and Minister of the Economy and Finance (1985-1993) in Spain. He is currently an international consultant and a president of the firm Solchaga & Recio Asociados. Other current appointments include: chairman of the Euroamerica Foundation; president of the Arquitectura y Sociedad Foundation, chairman of the Advisory Board of the Roca Junyent law firm, member of the Scientific Board of the Elcano Royal Institute and member of the board of Pharma Mar, S.A.

Francisco José Riberas Mera

Francisco José Riberas Mera


A law and business studies graduate (dual degree) from Universidad Pontificia de Comillas (ICADE | E-3) of Madrid. He began his career at Grupo Gonvarri in 1989 in the controller area, a group where he later assumed the roles of director of corporate development and CEO. He was one of the backers behind the creation of Gestamp in 1997, serving as this company’s chief executive from the outset and its chairman since 2010. Gestamp is the world-leading maker of metallic parts for the automotive industry. It listed its shares in an IPO on the Spanish stock exchange in April 2017. In 1998, he joined the board of Aceralia Corporación Siderúrgica, a position he held until this company was integrated within the Arcelor Group. Today, in addition to chairing Gestamp, he is co-chairman of the family holding company ACEK and sits on the boards of Telefónica, Global Dominion Access, Gonvarri Industrial and other ACEK group companies. Lastly, he is also a member of the management board of IIEF (acronym in Spanish for the Family Business Institute) and sits on the Spanish council of Endeavor, an NGO set up to help upcoming generations of entrepreneurs attain success by means of mentoring and access to investment programmes.

Juan María Riberas Mera

Juan María Riberas Mera


A law and business studies graduate (dual degree) from Universidad Pontificia de Comillas (ICADE | E-3) of Madrid. He began his career at Grupo Gonvarri in 1992 in the business development area, a group where he later assumed the role of CEO. In 2005, he was one of the backers behind the creation of ACEK Renewables, taking on the position of executive chairman in 2007. Since 2010 he has been serving as chairman of Gonvarri Steel Industries and co-chairman of ACEK, the family-owned holding company. He is also a trustee of the Juan XXIII Foundation.

Fermín del Río Sanz de Acedo

Fermín del Río Sanz de Acedo


Fermín del Rio Sanz de Acedo is a business administration graduate (San Sebastián). He began his career as tax advisor in 1975 and is the founder of Norgestión (a consultancy specialised in mergers & acquisitions, tax law and finance). He provided services to this firm until 2008. Mr. Fermín del Rio has also headed up ADEGI (the Guipuzcoa business association) and been a member of CONFEBASK, the Basque committee of business owner associations. Fermín del Rio has served as chairman of Autometal S.A.. He also sits on the boards of Fegemu S.A., Viveros San Antón, S.A. and Global Dominion Access, S.A.

Shriprakash Shukla

Shriprakash Shukla


A technology graduate from the Indian Institute of Technology at Banaras Hindu University, Mr. Shukla also holds an MBA from the Indian Institute of Management of Ahmedabad. He has built his career at multiple companies, including Dunlop India, Swisscom Essar (currently Vodafone Essar) and Reliance Infratel, where he served as executive chairman before joining the Mahindra group. He currently runs the latter group’s Aerospace & Defence subsidiary, chairs Mahindra Sanyo Special Steels and sits on the Executive Committee of Mahindra & Mahindra. Previous posts at this group included director of strategy and of brand management. Lastly, he is affiliated with prestigious industrial forms in several countries.

Vankipuram Parthasarathy

Vankipuram Parthasarathy


A commerce graduate from Gujarat University, Mr. Parthasarathy also holds an AMP from Harvard Business School. He began his career at Xerox, where he reached the position of associate director. In 2000, he joined the Mahindra group, where he held various executive positions. He is currently the CFO and CTO of Mahindra & Mahindra as well as sitting on the group’s Executive Committee and on the boards of 14 subsidiaries (four of which are listed). He has won a number of accolades in the areas of finance, M&A and IT.

Francisco López Peña

Francisco López Peña


A road, canal and port engineering graduate from Barcelona Polytechnic University, Mr. López also holds an MBA from IESE in Barcelona. He performed general management functions in mining sector companies between 1985 and 1990 and in the textile-retailing sector between 1990 and 1997. He joined Gestamp in 1998 as director of corporate development. In 2008 he took up the position of vice-chairman and CFO of that group and has also sat on Gestamp’s board since 2010. In December 2017, he was named CEO of Gestamp.

María Teresa Salegui Arbizu

María Teresa Salegui Arbizu


A graduate of economic and business science from Deusto University. Ms. Salegui began her career at the transport firm La Guipuzcoana (1988-2002), where she worked as general manager, a position she also held at DHL Express Iberia (2002-2004). She is currently the chairwoman of Addvalia Capital and Perth Espacio y Orden, as well as sitting on the boards of several companies, including One Facility Management and Baztango.

Jacobo Llanza Figueroa

Jacobo Llanza Figueroa


A graduate of economic and business science from the University of Paris. Jacobo built his career in investment banking, starting out in 1989 in a number of positions at Banque Indosuez and Bancapital, before going on to create and run AB Asesores Moneda in 1992, an AB Asesores group company. Following the sale of this firm to Morgan Stanley in 1999, he joined Dresdner Kleinwort Wasserstein, where he worked as managing director of equities & derivatives for Latam, Eastern Europe, Africa and the Middle East. In 2002, he joined Alantra (formerly N+1), where he is currently a Managing Partner, as well as CEO of Alantra Asset Management. He also sits on the board of Tubos Reunidos.

Director performance evaluation [102-28]

CIE Automotive is committed to applying the most stringent corporate governance principles in its capacity as a listed company. In 2017, it engaged Evaluación de Consejos, S.L. (hereinafter, EdC) for assistance evaluating its directors’ performance in 2017.

By virtue of an agreement entered into on 28 November 2017, EdC administered CIE Automotive’s board’s performance self-assessment process which it based on the feedback and opinions provided by its members.

The work performed by EdC, in keeping with the agreed-upon scope, consisted of:

  • Proposing the methodology for carrying out the engagement.
  • Assisting the Appointments and Remuneration Committee (hereinafter, A&RC) in identifying priority lines of initiative.
  • Drawing up the proposed questionnaire, which was approved by the A&RC.
  • Collecting the questionnaires filled out unanimously and tabulating the results.
  • Preparing a report for cross-checking with the A&RC.
  • Interacting with the A&RC until approval of the final report. The qualitative report will be presented to the Board of Directors in June 2018, at which time it will also be asked to ratify the action plan deriving from the assessment.

For the purposes of understanding the numerical significance of the results obtained it should be noted that each question has been quantified as follows:

  1. Narrow or marginal room for improvement.
  2. Average room for improvement.
  3. Significant room for improvement.
  4. Substantial improvement required.

With the information received, an average is calculated for each of the aspects evaluated to reflect the degree of room for improvement perceived by the directors of CIE Automotive, also factoring in standard deviations in the responses with the idea of drawing a picture of the consensus running through the individual perceptions.

The dimensions prioritised by the Board of Directors for its in-depth analysis in 2017 were the following:

  • Risk management.
  • Succession planning.
  • Ethics, CSR and communication.
  • Board functioning.
  • Board composition and director skills.
  • Bylaw-stipulated roles.
  • Composition and operational effectiveness of the committees.
  • Individual contributions.

In general terms, the aggregate quantitative results demonstrate a reasonable level of satisfaction with how the Board of Directors is functioning. The measure approximating the aggregate room for improvement across all areas is 1.54. This figure is reportedly better than the average at comparable companies, which ranges between 1.75 and 2.

Conflicts of interest [102-25]

The Company’s directors were not party to any conflicts of interest in 2017.

4.2.3 Management Board

The Management Board directly oversees management of the operational divisions and coordination with the corporate area with authority across all of CIE Automotive, including the Group’s Network Services.

  • The defined Corporate Areas are the Internal Audit, Compliance and CSR, Control, Finance, M&A, Investor Relations and R&D areas.
  • The mission of the Network Services is to support the Business Units and ensure the application of standard policies across the entire Group. These Services are coordinated directly by the CEO and are IR, IT Systems, Sales, Quality, Purchasing and Process Engineering.

The Management Board meets quarterly and is made up of the heads of the various operational divisions and corporate areas. The heads of the network services participate in the Management Board meetings twice yearly.

Remuneration policy[102-35]

Director remuneration seeks to reward the levels of commitment and responsibility assumed by the members of the Board of Directors with respect to the Company and is determined on the basis of the duties and dedication intrinsic to the positions each director holds.

Pursuant to article 24 of the Bylaws, director remuneration consists of a fixed annual sum paid in cash to all members of the board. In addition, certain members may also receive a bonus, in cash, tied to objective indicators related with individual director target delivery as well as the Company’s performance. They also receive meeting attendance fees, which include the opportune insurance cover. Article 15 of the Board Regulations empowers the Appointments and Remuneration Committee to make proposals regarding director remuneration.

For further information on director remuneration, refer to the Annual Report on Director Remuneration.

4.3 Business ethics [102-16, 102-17, 102-25, 102-33, 102-34, 103-1, 103-2, 103-3, 205-2, 205-3, 406-1]

Beyond stringent compliance with prevailing legislation, CIE Automotive builds ethical conduct and the effective implementation of its corporate values into all of its activities by means of a body of internal rules and regulations, most important among which its Internal Code of Professional Conduct.

The Code of Conduct, approved in December 2015, is intended to guide the actions of all the directors, executives and employees of all of its factories. Failure to comply with it is penalised.


  • Lawfulness.
  • Transparency, integrity and confidentiality with respect to information.
  • Compliance with tax obligations and the proper use of public funds.
  • Correct engagement with the various stakeholders.
  • Protection of workplace health and safety.
  • Repudiation of any form of corrupt or fraudulent behaviour.
  • Loyalty and transparency in the event of conflicts of interest.
  • Respect for intellectual and industrial property rights.
  • Protection of industrial rights.

Corporate policies

This Code of Conduct acts as an umbrella for a series of corporate policies, approved at the board level and binding upon all members of the organisation, including the Anti-Corruption and Anti-Fraud Policy and the Human Rights Policy.

More information about the Company’s corporate policies.

Responsibility for oversight of due compliance with the Code of Conduct and the various emanating corporate policies is vested in the Corporate Social Responsibility Committee, which reports to the Board of Directors.

This Committee in turn delegates the task of overseeing compliance with the law in all of the Group’s operating markets and with the body of ethics rules created by CIE Automotive in the Compliance Department.

Whistle-blowing channel

In order to guarantee compliance with the Code of Conduct, CIE Automotive grants all of the people forming part of the organisation the possibility of making enquiries regarding and notifying unusual activity or breaches of the Company's rules of ethics, integrity or conduct by means of a whistle-blowing channel which can be accessed by e-mail, post or internet:

  • Whistle-blowing channel e-mail inbox: whistleblowerchannel@cieautomotive.com
  • Postal correspondence addressed to the Compliance Department: Alameda de Mazarredo 69, 8º 48009 Bilbao (Bizkaia), Spain
  • Information and communication channel on the intranet and on the corporate website.

In 2017, CIE Automotive received 11 complaints through this channel. In all instances, the opportune actions were taken to analyse, monitor and remedy or close the cases. One of these cases was related with discrimination and another with corruption in the purchasing area. In the latter instance, the employee in question was fired.

4.4 Risk management [102-15, 102-29, 102-30]

CIE Automotive has an enterprise Risk Management System (RMS) in order to identify, assess, monitor and reduce to tolerable levels the risks that could jeopardise delivery of the Group’s objectives and create uncertainty in the market. The RMS is framed by the corporate Risk Management and Control Policy, which is the responsibility of the Board of Directors, which delegates oversight of its correct implementation and functioning in the Audit and Compliance Committee.

CIE Automotive’s RMS provides it with reasonable assurance that all significant risks – strategic, operational, financial/reporting (refer to the Internal Control over Financial Reporting (ICFR) Policy ) and ESG risks – are prevented, identified, evaluated, subjected to ongoing control. Those risks are approved at the board level and managed in keeping with defined risk appetite and tolerance thresholds.

Underpinned by strong and sustained commitment on the part of the Company’s senior executives and management team, coupled with robust strategic planning, the goal is to create a controlled risk environment in which risks are actively managed; the premise is that adequate risk will create value and give rise to new opportunities.

The RMS is based on the following main principles:

  • Creation of a constructive vision of the concept of risk.
  • Committed and competent risk management professionals.
  • Use of a shared language.
  • Transparent communication throughout the entire organisation.

4.4.1 Risk map

Each year, the Company’s senior executives and management team are responsible for drawing up the risk map, which derives from the RMS, and evaluating the risks identified:

  • From the standpoint of residual risk: considering the controls already in place at CIE Automotive in order to mitigate the potential impact of their materialisation;
  • Based on the probability of occurrence (past and future) and impact (along three dimensions: economic, organisational and reputational).

This process is coordinated by the Compliance Department which presents the results of this annual exercise to the Audit and Compliance Committee for validation and approval; the Audit and Compliance Committee in turn reports its approval to the Board of Directors.

The result of the risk assessment exercise undertaken in 2017 confirmed that the risk map is aligned with CIE Automotive’s strategy and evidences the effectiveness of the internal control system in the business arena as none of the key risks identified materialised during the year.

Response and monitoring plans for CIE Automotive’s key risk factors:

Risks with medium probability of occurrence and significant potential impact

Management of M&A-led growth:  This is a crucial consideration and is directly related to the Company’s strategy. The current pace of organisational growth implies far-reaching revision of the management model. In response to this reality, CIE Automotive has been going to lengths in recent years to embed its business model and corporate culture at its newly-acquired investees.

Human skills to enable growth: Directly related with the last risk factor, CIE Automotive faces the major challenge of managing its current pace of growth, which is why it is working hard on enhancing and developing its most important asset: its people. As a result it has improved the working conditions of its existing team, conditions that are in turn proving effective in attracting new talent to the organisation.

Succession plan for key management personnel & Training and promotion policy: The organisation believes it is necessary to increase the number of professionals familiar with CIE Autonotive’s culture in order to support the Group’s continuous growth, to which end it has been working decisively in recent years on identifying its stock of high-potential professionals with a view to ensuring generational renewal and ongoing business development.

Risks with medium probability of occurrence and low potential impact:

Concentration of decision-making power and managerial responsibility: The growth in the Group’s various businesses and markets, coupled with the existing management model, could lead to the concentration of responsibility and decision-making power in a reduced number of professionals, a development that could ultimately constrain the correct management of the business. Nevertheless, the results being delivered by the senior executives and management team demonstrate that the current decision-making model is working properly.

Tax risk: CIE Automotive promotes responsible tax practices, taking into consideration the interests and sustainable economic development of the communities it operates in, overseeing due application of best tax practices and in line with the objective laid down in its 2016-2020 Business Plan of increasing transparency. All of this is evident in the corporate tax policy approved by the Board of Directors in December 2015 and the revised Group tax strategy approved at the board level in December 2017.

Cybersecurity: A security failure in the IT systems would have immediate repercussions for the entire firm and affect its ability to function business as usual. Regulations are being tightened (with the new General Data Protection Regulation due to take effect in Europe in May 2018) and the penalties for potential breaches are significant enough to have a very material impact on the Company’s earnings. As a result, CIE Automotive is working hard to fine-tune its IT systems and provide continuous training to system users in order to prevent risks of this nature from materialising to the extent possible

Risks with low probability of occurrence and significant potential impact:

Compliance with the Code of Conduct: Responsibility for CIE Automotive’s whistle-blowing channel lies with the Corporate Social Responsibility Committee. It is jointly managed by the HR, Compliance and Legal Affairs Departments and permits any Group employee to present complaints about matters related to code of conduct breaches. The organisation completed the process of distributing the Code globally and having it acknowledged by all employees in 2016 and 2017.

Reputation risk: The Group’s relationship with its stakeholders may be affected by adverse comments about CIE Automotive in the media (whether the press, the social media, financial reports, etc.) with the potential to significantly impact the intangible asset that is none other than the image and credibility built up as a result of its track record and good corporate citizenship. Against this backdrop, CIE Automotive has reinforced its marketing and communication strategy and bolstered the channels for communicating openly with its stakeholders in order to mitigate and/or eliminate the risk associated with not being able to respond immediately and categorically to potential accusations.

Embedding the risk model at the factory level

In keeping with CIE Automotive’s RMS methodology and the outcome of the materiality assessment conducted with its stakeholders, CIE Automotive has defined a regime, which is global in scope, for systematically assessing and prioritising risks at the manufacturing plant level.

This exercise involves the full management team at each productive facility and will follow the recently modified process map, defining for each facility the types of risks to which they are exposed and evaluating them as a function of their probability of occurrence and impact were they to materialise; in short, establishing a risk priority schedule. Minimisation or even elimination, to the extent feasible, will become just another objective to be considered within each facility’s management plan.

It is also worth noting that CIE Automotive’s factories already undertake various risk analysis exercises using tools such as:

FMEA (Failure Modes and Effects Analysis) with respect to products and productive processes.

  • Identification and evaluation of environmental impacts.
  • Assessment of workplace health and safety risks.
  • Legal compliance assessments.
  • SWOT analysis.

Note that the latter has recently been made a mandatory requirement for ISO 9001, ISO 14001 and IATF 16949 certification.

4.4.2 Internal control systems

CIE Automotive’s internal control system is based on three lines of defence:


Operational management: the senior executives and management teams are responsible for assessing, controlling and mitigating risks and implementing effective controls across all of CIE Automotive’s productive facilities.


Internal control, risk management, compliance and CSR functions: mandated to the Compliance Department, this line of defence facilitates and supervises implementation of internal control and risk management practices by the operating management teams.

Below is a list of the CIE Automotive’s key processes, including those related to period-end closings, for which risk matrices and controls have been defined:

  1. Period-end closings, consolidation and reporting
  2. Property, plant and equipment
  3. Financial assets and liabilities
  4. Stock management
  5. Revenue | Trade receivables
  6. Treasury
  7. Provisions
  8. Procurement | Trade payables
  9. Human resources
  10. Tax

CSR-related initiatives are also coordinated at this level.

Supervision and compilation of the required information is performed by means of manual and automated controls using the Process Control module of the Group’s SAP GRC tool.


Internal audit: this function provides the governing bodies with assurance regarding the effectiveness of the internal control and risk management systems and the manner in which the first and second lines of defence are functioning. The internal audit function reports to the Compliance Department.

Audit coordination and compilation is performed using the Audit Management module of the Group’s SAP GRC tool.

Global internal control oversight tool

As of 31 December 2017, all CIE Automotive factories had an IT tool for ensuring performance of the internal controls designed to eliminate or at least mitigate the identified risks that could jeopardise the objectives laid down in the 2016-2020 Business Plan. This tool is the SAP GRC (Governance, Risk and Compliance) suite, which permits the automated and manual analysis of the level of performance of the controls conducted at the factory level and tracks incidents and any resulting action plans, enabling traceability.

SAP GRC comes with different modules:

  • Process Control: the integrated management of the control and compliance processes under the various regulatory frameworks (ICFR, ISO and white collar crime prevention).
  • Risk Management: risk management using benchmark models.
  • Audit Management: coordination of an annual internal audit plan covering all divisions and regions.
  • Fraud Management: early detection of fraud (this module is still at the pilot test phase at the organisation).

Thanks to this new integrated suite, CIE Automotive is capable of supervising delivery of over 60 controls for every automotive factory.


In 2017, CIE Automotive consolidated the corporate crime prevention model approved in 2015.

The project was executed in three stages between 2016 and 2017:

  • Stage 1: Preliminary identification of the corporate crime risk factors. Nineteen white collar crime risks intrinsic to CIE Automotive’s everyday activities were identified and analysed.
  • Stage 2: Identification of the existing controls over the various processes, detecting weaknesses for corporate crime risk prevention purposes. It was determined that the internal control system put in place by CIE Automotive, articulated around the SAP GRC suite (with around 150 existing controls), working correctly, is sufficient to reasonably mitigate the corporate crime risks identified.
  • Stage 3: Proposed actions for delivering a sufficient level of control and formulating the corporate crime prevention manual. To assess the importance and vulnerability of each of the corporate crime risks to which CIE Automotive is exposed, the following variables were considered:
    a) Importance: each corporate crime risk was evaluated as function of its impact and probability.
    b) Vulnerability: for each corporate crime risk, as a function of the existence of controls or otherwise, the sufficiency of the controls and the existence of historical events related with each risk were assessed.

The SAP GRC suite will be used to ensure the prevention model works as intended. Moreover, there is a Support Unit with independent intervention and control powers within the organisation whose mandate is to oversee compliance with the corporate Corporate Crime Prevention Model.


As established in its 2016-2020 Business Plan, CIE Automotive is working to specify risk identifiers. These indicators not only address financial reporting (ICFR) risks but also compliance risks related to criminal, tax and other legislation, strategic risks and ESG risks.

Supervision and control of these indicators is performed using the SAP GRC Risk Management module.