xii. The Board of Directors should ensure the existence of a control environment consisting of internal controls developed by the management, the internal audit, risk management, regulatory compliance areas and external audit establishing the necessary defense lines to guarantee integrity in the Company’s operations and financial reports.
xiii. The Board should ensure the existence of a comprehensive risk management system allowing the management and the Board to efficiently direct the Company towards its strategic goals.
xiv. The Board should ensure the existence of a person or department (according to the size and complexity of the business, the nature of its operations and the risks it faces) responsible for the Company’s internal audit. This audit, conducted for the evaluation and auditing of the Company’s internal controls, corporate governance processes and risk management, should be independent and objective, and have clearly defined reporting lines.
xv. The Board’s Audit Committee will be made up by qualified and highly-experienced members and should exercise its functions in a transparent and independent manner.
xvi. The Board should establish appropriate procedures to ensure the external auditors’ independent and effective performance.
|17. The Board of Directors determines the Company’s appetite for risk and supervises and guarantees the existence of a comprehensive risk management system identifying, assessing and making decisions on the course of action, and monitoring the risks faced by the Company, including, but not limited to, environmental and social risks, as well as those inherent in the business in the short and long term.|
|Regarding risk management, Pampa implemented a risk management methodology as a useful working tool for the identification of the main risks affecting Pampa. To such effects, Pampa’s Board of Directors approved the ‘Risk Management Handbook’, which was later updated and restated as the ‘Business Risk Management Policy’.
The most relevant aspect of this policy is the establishment of responsibilities, functions and methodologies for the detection and assessment of risks arising from activities conducted by the Company which may affect its business or operations.
Based on these policies’ guidelines, the internal control management updates Pampa’s risk map in accordance with the administered businesses.
This policy sets out responsibilities and methodologies for the determination of business risks, with the assistance of the Audit Committee, which is responsible for supervising its application. The key business risk factors taken into consideration by Pampa include, among others:
The Policy also provides for the role of a ‘Risk Manager’, who is responsible for: (i) including in its annual programs all the necessary tests for detecting business risk indicators and signals; (ii) monitoring the effectiveness of the process as a whole, and safeguarding compliance with and oversight of this policy; (iii) informing the General Management and the Audit Committee of the risk management process; and (iv) following up on the implementation of action plans to ensure that corrective measures are taken once a risk is detected. Moreover, the management in charge of internal control helps the Board to keep the risk matrix updated, identifying and assessing risks, as well as following up with the derived action plan, if required, and keeping the General Management and Audit Committee informed of this process.
The Company discloses its financial risk management in its Financial Statements, making a distinction by type of risks and describing, for each of them, the plans or actions implemented to mitigate them. Moreover, in preparation of the 20-F Form to be submitted before the SEC, a description is made of the risk factors the Company is exposed to. In the way described, Pampa applies the practice.
|18. The Board monitors and reviews the effectiveness of the independent internal audit and guarantees the resources for the implementation of an annual risk-based audit plan and a direct reporting line to the Audit Committee.|
|Pampa applies the recommended practice since the Internal Audit Department reports functionally to the Audit Committee and administratively to the CEO.
At the beginning of each fiscal year, the Internal Audit area submits its proposed annual audit plan to the Audit Committee for its evaluation and approval, having the resources for its implementation. On a quarterly basis and to monitor its advancement, the Internal Audit Department submits a progress report to the Committee, which contains a summary of the completed tasks and main findings.
On an annual basis, the Audit Committee evaluates the independence level and performance of the Internal Audit in issues within its authority, and discloses its assessment in its annual report.
As a member of the Institute of Internal Auditors, the Company uses the standards it considers reasonable and/or applicable without expressly adhering to them.
|19. The internal auditor or the members of the Internal Audit department are independent and highly-qualified.|
|The Company applies the recommended practice since, as mentioned in Practice 18 in this Corporate Governance Report, the Internal Audit Department reports directly to the Audit Committee, which evaluates its independence on an annual basis.
The Internal Audit Department is made up of highly-skilled staff in this subject-matter, not only for their education and training, but also for their experience in the area.
Pampa’s Internal Audit Department has rules, approved by the Audit Committee, regulating its activities and aligned with the most relevant standards issued by The Institute of Internal Auditors.
|20. The Board of Directors has an Audit Committee in place which acts based on its rules. The Committee is mostly composed of and is chaired by independent directors and does not include the General Manager. Most of its members have professional experience in financial and accounting areas.|
|Pampa applies the recommended practice since it has an Audit Committee in place that acts based on its regulations, which establishes its functions and main operating rules. As mentioned in Practice 3 in this Corporate Governance Report, the Audit Committee consists exclusively of independent members, thus exceeding the local regulations’ requirements, providing that only most members should have such status. Its duties include, among others: (i) expressing its opinion on any proposal by the Board to designate external auditors and ensuring their independence, reviewing the plans submitted by external and internal auditors, assessing their performance, and issuing an opinion on the presentation and disclosure of the annual FS; (ii) supervising the operation of the internal control and risk management system; (iii) rendering its opinion on related-party transactions for a relevant amount pursuant to the legal regulations in force, disclosing such opinion to the market; (iv) expressing its opinion on the compensation proposals submitted by the Board; (v) rendering its opinion on the conditions for the issuance of shares or convertible securities in the case of a capital increase; and (vi) checking compliance with the applicable standards of conduct.
The Board of Directors seeks to ensure that most members of the Audit Committee have professional expertise in financial and/or accounting areas. This is one of the issues to assess when nominating new members to the Board of Directors and which should be taken into consideration by the Nomination Committee on issuing its prior opinion. Moreover, the Audit Committee should appoint one of its members as financial expert as required by Title 407 of the Sarbanes-Oxley Law.
|21. The Board of Directors, with the Audit Committee’s opinion, approves a policy for the selection and monitoring of external auditors establishing the indicators to consider when submitting to the Shareholders’ Meeting a recommendation on the re-election or substitution of the external auditor.|
|Upon the presentation and publication of Pampa’s annual FS, the Audit Committee conducts an annual assessment of the external auditors’ independency, planning and performance taking into consideration different objective indicators, and issues an informed opinion pursuant to Sect. 18, Title V, Chapter III of CNV Rules (restated in 2013) and the Audit Committee’s rules. Besides, throughout the fiscal year, it holds meetings with the external auditors, at least quarterly, for the review of the Company’s interim FS and when deemed necessary.
Moreover, Pampa has an external auditor services’ pre-approval policy, which standardizes an internal process allowing the Audit Committee to fulfill its obligation of granting its prior approval for the hiring of an external auditor to render any kind of authorized service to the Company or any of its subsidiaries.
In the way described, the Company applies this practice.