In order to ensure compliance with the regulations affecting the Group, the Audit Committee provides support to the Board of Directors in its oversight duties, ensuring compliance with all laws and internal rules related to Amadeus. The Committee monitors compliance with the applicable rules, at the national or international level and also supervises the preparation and integrity of the Company's financial information, reviewing compliance with regulatory requirements and proper application of accounting principles.
In this Compliance area, the Risk & Compliance Office has the duty to oversee compliance with the internal rules and policies of the group as well as with the laws and regulations. During 2011 it has developed and implemented policies and financial controls to prevent fraud within its organisation, as well as other internal rules such as the Code of Professional Behaviour.
The organisation renewed its certification of PCI-DSS, the credit card industry standard, as well as successfully passed external audits on SSAE 16 (formerly SAS70) for its systems.
The Company has also successfully worked on an Internal Control over Financial Reporting (ICFR), as required by the stock exchange regulations in Spain. The purpose of the regulators when defining this ICFR is to provide a comparable regulatory framework for internal control with respect to other countries, mainly in the USA, UK, France and Germany, as well as to provide transparency of information for listed companies reporting to stock markets. The framework of principles and best practices relating to ICFR, including running supervision, are based on the Committee of Sponsoring Organizations of the Treadway Commission report (COSO).
The ICFR comprises a list of 16 indicators grouped in five areas:
According to Spanish stock market regulations, the Audit Committee monitors the effectiveness of the company's internal control and risk management systems. The Group Internal Audit team supports the Audit Committee in its mandate by ongoing monitoring and testing internal controls. Even though at the end of the year 2011 it was not legally compulsory to report the efficiency of the ICFR to the Stock Market, Amadeus still decided to carry out an internal audit of its ICFR by the Group Internal Audit team, providing its conclusions to the Audit Committee. Additionally, Amadeus included the auditors' opinion over the ICFR in 2011 within its Corporate Governance Report to the Stock Market.