Audit and Control Committee

Duties

Without prejudice to any other tasks that the Board of Directors may assign thereto, the primary duty of the Audit and Control Committee shall be to support the Board of Directors in its supervisory duties. Specifically, it shall have at least the following powers and duties:

1. To report to the shareholders at the General Shareholder’s Meeting on matters raised at the Meeting and within the purview of the Committee, and particularly regarding the results of the audit, explaining how it has contributed to the integrity of the financial information and the function performed by the Committee in such process.
2. To submit to the Board of Directors proposals for the selection, appointment, reelection or replacement of the external auditor, taking responsibility for the selection process in accordance with the provisions of law, as well as the terms for the hiring thereof, and regularly obtain information from the auditor regarding the audit plan and the implementation thereof, in addition to preserving the independence of the auditor in the performance of its duties.
3. To supervise internal audit, which shall endeavor to ensure the proper operation of the internal reporting and control systems function and which shall functionally report to the Chairman of the Audit and Control Committee, and particularly:

• To ensure the independence and efficiency of the internal audit function;
• To propose the selection, appointment and removal of the person responsible for internal audit;
• To propose the budget for such service;
• To approve the annual focus and work plan, ensuring that its activity is principally focused on material risks (including reputational risks);
• To review the annual activities report;
• To receive regular information about its activities, the implementation of the annual work plan, including any incidents or limitations in scope that arise during such implementation, the outcome and the follow-up on its recommendations; and
• To verify that the senior executive officers take into account the conclusions and recommendations of its reports.

4. To supervise and assess the process of preparing and submitting and the integrity of the mandatory financial and non-financial information relating to the Company and the Group and to submit recommendations or proposals to the Board of Directors intended to safeguard the integrity thereof. With respect thereto, it shall review compliance with legal requirements, the proper determination of the scope of consolidation and the correct application of accounting standards, informing the Board of Directors thereof.
5. To endeavor to ensure that the annual accounts submitted by the Board of Directors to the shareholders at the General Shareholder’s Meeting are prepared in accordance with the legal provisions on accounting. However, in cases where the statutory auditor has included a qualification in its audit report, the Chairman of the Committed shall clearly explain the content and scope thereof at the General Meeting. In addition, a summary of such explanation shall be made available to the shareholders at the time of publication of the call to the General Meeting.
6. To supervise the effectiveness of the Company’s internal control system, particularly endeavoring to ensure the effective implementation in practice of the policies and systems on internal control, as well as on internal audit, and the systems for the control and management of financial and non-financial risks relating to the Company and the Group (including operational, technological, legal, social, environmental, political and reputational risks and corruption-related risks), and to discuss with the Statutory Auditor any significant weaknesses in the internal control system detected during the audit, all without infringing the independence thereof. In such cases, and if applicable, it may submit recommendations or proposals to the Board of Directors and the corresponding period for follow-up thereon.

In that regard, it shall be responsible for proposing to the Board of Directors a risk control and management policy, which shall identify at least the following:

• the types of financial (including contingent liabilities and other off-balance sheet risks) and non-financial (operational, technological, legal, social, environmental, political and reputational, including corruption-related) risks to which the Company is exposed;
• a multi-level risk control and management model;
• the setting of the risk level that the Company deems acceptable; the measures contemplated to mitigate the impact of identified risks, should they materialize; and
• the internal control and information systems to be used to control and manage the above-mentioned risks.

7. To supervise the risk control and management unit, which shall perform the following duties:

• ensure the proper operation of the risk control and management systems, and particularly to ensure that all material risks affecting the Company are identified, managed and quantified;
• actively participate in preparing the risk strategy and in important decisions regarding the management thereof; and
• endeavor to ensure that the risk control and management systems properly mitigate risks within the framework of the policy determined by the Board of Directors.

8. To establish and supervise a mechanism that enables employees and other people connected with the Company, such as Directors, shareholders, suppliers, contractors and subcontractors, to confidentially and anonymously, with due regard for the rights of complainant and the subject of any complainant, report any significant improprieties, including financial, accounting or any other kind of improprieties regarding the Company, that they become aware of within the Company or its Group.
9. To establish and maintain appropriate relations with the Statutory Auditor in order to receive, for review by the Committee, information on all matters that could entail a threat to the independence thereof, as well as any other matters relating to the audit procedure, and when applicable, authorization of services other than those that are prohibited, upon the terms contemplated by applicable law, and such other communications as may be provided for in auditing legislation and auditing rules. In any event, the Audit and Control Committee must receive, on an annual basis, a declaration from the Statutory Auditor of its independence from the Company or entities directly or indirectly related thereto, as well as detailed and itemized information regarding additional services of any kind provided to and the corresponding fees received from such entities by the Auditor or by the persons or entities related thereto pursuant to the provisions of applicable law.
10. To issue on an annual basis, prior to the issuance of the audit report, a report stating an opinion on whether the independence of the Statutory Auditor has been compromised. This report must in all cases include a reasoned assessment of the provision of each and every one of the additional services referred to in point ix) above, both individually and as a whole, other than the legal audit, and regarding the rules on independence or regulations on the activity of auditing.
11. To preserve the independence of the auditor in the performance of its duties, and in this regard: (i) in the event of the resignation of the auditor, examine the circumstances giving rise to such resignation; (ii) endeavor to ensure that the compensation received by the statutory auditor for its work does not compromise the quality or independence thereof; (iii) ensure that the Company communicates through the CNMV any change in auditor and attaches a statement regarding any disagreements with the outgoing auditor and, if any, the substance thereof; (iv) ensure that the statutory auditor meets annually with the full Board of Directors to inform the Board of Directors of the work performed and on the accounting status and the risks of the Company; and (v) ensure that the Company and the statutory auditor comply with applicable legal provisions regarding the provision of non-audit services, limits on the concentration of the auditor’s business, and generally all other provisions regarding the independence of the auditors.
12. To analyze and report on the financial terms, accounting impact and, if applicable, the exchange ratio proposed for structural modifications and corporate transactions that the Company expects to carry out, prior to submission to the Board of Directors.
13. To report in advance to the Board of Directors on all matters provided by law and the By-Laws, and particularly regarding:

1. 1. Financial information and the management report, which shall include the required non-financial information that the Company must periodically make public; and
2. 2. The creation or acquisition of interests in special-purpose entities or entities domiciled in countries or territories considered to be tax havens.

14. To report on related-party transactions that must be approved by the shareholders at General Meeting or by the Board of Directors and to supervise the internal process established by the Company for those transactions for which approval has been delegated by the Board of Directors.
15. To supervise the application of the general policy on the disclosure of economic/financial, non-financial and corporate information and communication with shareholders and investors, proxy advisers and other stakeholders, and to monitor the manner in which the Company communicates and engages with small and medium-sized shareholders, all with respect to those aspects within the purview of the Committee.
16. As regards those companies of the Group that are deemed to be Public-Interest Entities (Entidades de Interés Público) (as defined by applicable law) and with respect to which it is so approved by the Board of Directors, to perform all those duties of the Audit Committee at any time contemplated by applicable law, provided that (a) such companies are directly or indirectly wholly-owned by the Company pursuant to the provisions of applicable law , or (b) the assumption of such duties has been unanimously approved by the shareholders of the subsidiary.

The Telefónica Group of companies with consideration of Public Interest Entities, for which the Audit and Control Committee of Telefónica, S.A. has assumed its own powers of its respective Audit Committees, are as follows: Telefónica de España, S.A.U., Telefónica Emisiones, S.A.U., and Telefónica Europe, B.V.

The provisions of sections ii), ix) and x) of this article are deemed to be without prejudice to the legal provisions governing auditing.

Composition of the Audit and Control Committee