IBERSOL • 2023 Integrated Management Report

CORPORATE GOVERNANCE REPORT Recommendation / Content Degree of compliance Governance Report VII.1.(1) The management body discusses and approves the strategic plan. adopted 21 and 24 VII.1.(2) The management body discusses and approves the risk policy of the company, which includes setting limits in matters of risk-taking. adopted 21, 24, 53 and 54 VII.2. The company has a specialised committee or a committee composed of specialists in risk mat- ters, which reports regularly to the management body. not adopted 21 and 24 VII.3. The supervisory body is organised internally, implementing periodic control mechanisms and procedures, in order to ensure that the risks ef- fectively incurred by the company are consist- ent with the objectives set by the admnistration body. adopted 15 and 27 v.d. explanation below at the end of this table VII.4. The internal control system, comprising the risk management, compliance and internal audit functions, is structured in terms that are adequate to the size of the company and the complexity of the risks inherent to its activity, whereby the supervisory body shall assess it and, within the ambit of its duty to monitor the effectiveness of this system, propose any adjust- ments that may be deemed necessary. adopted 38 and 51 VII.5. The company establishes procedures for the su- pervision, periodic assessment and adjustment of the internal control system, including an an- nual assessment of the degree of internal com- pliance and performance of such system, as well as the prospects for changing the previously de- fined risk framework. adopted 24, 38 and 50 to 55. VII.6.(1) Based on its risk policy, the company sets up a risk management function, identifying (i) the main risks to which it is subject in the operation of its business, adopted 24, 38 and 50 to 55. 360