PZU has an internal control system (ICS) in place, adjusted to the scale of its operations and its organizational structure, the purpose of which is to ensure the effectiveness and efficiency of operations within the organization, reliability of financial reporting and compliance of the Company’s operations with the applicable laws and internal regulations.
The ICS comprises supervision, overall administrative and accounting procedures, organizational structures, reporting systems, solutions implemented in IT systems, the compliance function and other control mechanisms contributing to the security and stability of the Company’s operations by ensuring:
The following elements are distinguished within the ICS:
The ICS is built on the basis of the said elements and is based on a model of three independent and complementary levels, i.e. three lines of defense, where:
Supervision over the internal control system within the Company is exercised by:
The head of the respective organizational division/unit/cell is responsible for the deployment of an effective Internal Control System in the supervised area of the Companies’ activity, in particular for designing and ensuring efficient operation of control actions as integral components of operating processes.
An element of the ICS adopted by PZU is the compliance function supervised by the Director of the Compliance Department. The appointment and dismissal of the Director of the Compliance Department must be consulted with the Audit Committee. The Director of the Compliance Department has direct access to the Company’s Management Board Members and Supervisory Board Members, and representatives of the Compliance Department participate in meetings of selected committees established within the Company’s structure.
The PZU Group’s internal control system has been developed at the leading entity (i.e. PZU) level and is applicable to all members of the Group, in consideration of their distinct nature, proportionality and adequacy. With regard to regulated entities existing within banking groups, the internal control system has been designed at the level of each of these groups, taking into account the applicable sectoral regulations.
Within the framework of the exchange of information and cooperation with subsidiaries, uniform standards and key methodological solutions are implemented in such entities. In particular, the following areas of cooperation and information exchange exist in relationships with these companies:
Financial statements are prepared in the Finance Division and central units operating based on the applicable regulations. The Finance Division is supervised by a Management Board Member, and the financial statements require approval by the Management Board.
The process is conducted in compliance with:
Data are prepared in the source systems using formal operating and acceptance procedures which specify the powers of specific persons.
The reporting process is controlled by appropriately qualified, skilled and experienced staff.
PZU monitors changes in external regulations concerning, without limitation, the accounting policy and reporting requirements applicable to insurers and carries out appropriate adaptation processes in these areas.
The accounting records are closed and financial statements are prepared in accordance with schedules, including the key activities and control points with assigned liability for timely and correct completion.
The key controls during preparation of the financial statements include:
Activities within the consolidated financial reporting processes are coordinated through the organizational structure of the Finance Division in the PZU and PZU Życie Head Offices which is shared, i.e. organized based on a personal union. PZU controls all its consolidated subsidiaries through these companies’ management boards and supervisory boards.
The consolidated financial reporting process is governed by a number of internal acts defining the principles of accounting policy adopted by the PZU Group and accounting standards. Moreover, they are subject to detailed schedules including the key activities and control points with assigned liability for timely and correct completion.
Consolidation packages forwarded by subsidiaries are subjected to:
In the case of consolidation packages forwarded by banks, they are also reconciled with their published stock exchange disclosures.
PZU internal audit periodically reviews the organization and the process of preparing the financial statements.
The internal audit function is run in a manner ensuring its unbiased nature and independence from operational functions, and its purpose is to add value and enhance the PZU Group’s operational performance. The activity of the audit function involves a regular and orderly assessment of the adequacy and effectiveness of the internal control system and other components of the management system. The internal audit function supports the PZU Group in the pursuit of its objectives by providing – also through consulting – certainty as to the effectiveness of these processes.
The duties of the internal audit function comprise in particular:
The audit plan is prepared on the basis of an annual risk identification and assessment conducted across all areas of PZU’s business. A draft plan is presented for evaluation by the Audit Committee and then approval by the Management Board.
The timely implementation of audit recommendations by the business units is overseen by the responsible member of the Management Board or PZU Group Director. The Internal Audit Department monitors the progress of implementing the recommendations based on information obtained from the respective business units. After an analysis, it decides whether to consider them completed.
The following adopted principles guarantee the independence and impartiality of internal audit:
PZU has implemented the Internal Auditor’s Code of Ethics, based on guidelines issued by the Institute of Internal Auditors (IIA). The purpose of the Code is to promote best practices and models for ethical behavior, and to motivate the need for continuous professional improvement and development of the proper image of internal auditors.
The Internal Audit Department provides the Company’s Management Board and Audit Committee with periodic management information from its subordinate area, including, in particular:
In order to ensure the proper quality and continuous improvement of the internal audit function, internal (on an annual basis) and external (not less than once every five years) assessments of the Company’s internal audit activities are conducted. A third-party assessment of the internal audit function at PZU conducted by PwC Advisory in 2020 and an analysis of coordination of the Group’s internal audit run by the Internal Audit Department demonstrated general compliance with the International Standards for the Professional Practice of Internal Auditing and the Code of Ethics developed by the IIA.
The appointment of the Audit Committee has served the purpose of increasing the effectiveness of supervisory activities performed by the Supervisory Board with regard to the monitoring of financial reporting processes.
The Committee’s tasks associated with monitoring the financial reporting process and the provision of advisory and evaluation services include, in particular:
The Audit Committee presents recommendations regarding the selection of an audit firm to perform the audit and review of the financial statements to the Supervisory Board.
A statutory auditor appointed by the PZU Supervisory Board, based on a recommendation of the Audit Committee, reviews interim standalone and consolidated financial statements, audits annual standalone and consolidated financial statements and audits annual solvency and financial standing reports required by the Solvency II Directive (for PZU and the PZU Group).