PKO Bank Polski has an internal control system functioning as part of the Bank’s management system. Designing, implementing and ensuring the functioning of the adequate and effective internal control systems is the responsibility of the Bank’s Management Board. The Supervisory Board supervises the implementation and ensures the functioning of an adequate and effective internal control system, and performs an annual assessment of this system.
The objectives of the internal control system are as follows:
- ensuring the efficiency and effectiveness of the Bank’s operations;
- reliability of the financial statements;
- compliance with risk management principles in the Bank;
- compliance of the Bank’s activities with the generally binding legal regulations, internal regulations of the Bank, supervisory recommendations and market standards adopted in the Bank.
The following functions and units are separated within the internal control system of PKO Bank Polski SA:
- control function ensuring compliance with controls pertaining in particular to risk management at the Bank, covering all units of the Bank and the organisational positions in these units responsible for the performance of tasks allocated to this function;
- compliance unit, the objective of which is to develop compliance solutions and to manage compliance risk, as well as to identify, evaluate, control, monitor and report compliance risk;
- independent internal audit unit responsible for ensuring the assessment of the adequacy and effectiveness of the risk management system and internal control system as part of assurance activities, as well as for adding value and improving the effectiveness of processes at the Bank as part of advisory activities.
In order to reduce the probability of the materialisation of risk and the impact of its potential materialisation on achieving the objectives by PKO Bank Polski SA, its financial position, goals and internal processes, PKO Bank Polski SA uses controls adjusted to the objectives of the internal control system and the specifics of the activities of PKO Bank Polski SA.
The irregularities identified in individual elements of the Bank’s internal control system, assessment results and other material issues pertaining to the functioning of the internal control system elements are presented in the reports for the Management Board of PKO Bank Polski SA, the Audit Committee of the Supervisory Board and the Supervisory Board of PKO Bank Polski SA.
Controls in the process of the preparation of the financial statements
In order to ensure the reliability and correctness of the process of preparing the financial statements, the Bank designed and implemented a number of controls that are built into the functions of reporting systems and internal regulations concerning this process. These controls involve among others things the use of continuous verification and reconciliation of reporting data to the accounting records, sub-ledger accounts and other documents providing a basis for financial statements as well as with the applicable regulations pertaining to accounting principles and the preparation of financial statements.
The process of preparing financial statements is subjected to regular multi-level functional internal control, in particular with regard to the correctness of the account reconciliation, substantive analysis and reliability of the information. In accordance with the internal regulations, the financial statements are accepted by the Management Board of PKO Bank Polski SA and the Audit Committee of the Supervisory Board appointed by the Supervisory Board of PKO Bank Polski SA in 2006.
The tasks of the Audit Committee of the Supervisory Board include, among other things, monitoring the financial reporting process including the review of standalone and consolidated interim and annual financial statements, with particular emphasis on:
- information on substantial changes in the accounting and reporting policy and the method of making significant management estimates and judgements for the purposes of financial reporting, as well as compliance of the financial reporting process with the applicable law;
- significant adjustments resulting from the audit and the auditor’s opinion on the audit of the financial statements, discussion of any issues, qualifications and doubts resulting from the audit of financial statements and analysis of the external auditor’s recommendations addressed to the Management Board and responses of the Management Board in this regard.
The description of cooperation between the Audit Committee and the external auditor and its assessment is included in the report on activities of the Audit Committee drawn up on an annual basis and attached to the report on activities of the Supervisory Board.
The management system at both the Bank and the Group is subject to internal audit and the operation of the compliance services with respect to the compliance of the activities of individual subsidiaries with the provisions of the law and the applicable standards in force regarding conducting specific business activities.
The Bank operates an internal audit system that is part of the Bank’s management system. The Bank’s Management Board is responsible for the development, implementation and assurance of operation of an adequate and effective internal audit system. The Supervisory Board supervises the implementation and assurance of the functioning of an adequate and effective internal audit system and conducts an annual assessment of this system.
The objective of the internal audit system is to ensure:
- effectiveness and efficiency of the Bank’s activities;
- reliability of the financial reporting process;
- observance of the principles of risk management at the Bank;
- compliance of the Bank’s activities with the generally applicable provisions of the law, the Bank’s internal rules, supervisory recommendations and the market standards adopted at the Bank.
The Bank’s internal audit system distinguishes three levels:
- the first level consists of the Bank’s organization structures performing operational activities, in particular: sales of products and customers service, as well as the Bank’s other organizational structures performing operational tasks that generate risk, which operate under separate internal rules at the Bank;
- the second level encompasses the activities of cells regarding compliance and the identification, measurement or estimation, control, monitoring and reporting of significant types of risk and irregularities found – the tasks are performed by specialized organizational structures, the objective of which is to ensure that the first level activities are properly designed and do not generate excessive risk, while ensuring effectiveness of the Bank activities;
- the third level is an internal audit section involving the independent audit of the elements of the Bank’s management system, including the risk management system and the internal audit system.
In order to reduce the probability of occurrence of risks and the potential impact of their occurrence on the Bank’s objectives and its financial position, objectives and course of its internal processes, control mechanisms are applied at the Bank which are adapted to the objectives of the internal audit system and to the peculiarities of the Bank’s business.
Information on irregularities identified within the individual components of the Bank’s internal audit system, the results of evaluations and other important issues regarding the operation of elements of the internal audit are presented in the reports assigned for the Bank’s Management Board, the Audit Committee of the Supervisory Board or the Bank’s Supervisory Board.
The remaining Group’s entities have internal audit systems which encompass the individual processes and areas of activity. These systems are not structurally uniform. In most entities, they are separate organizational units or positions performing these functions, reporting directly to the Management Board of the given company or to the Supervisory Board. In situations justified by the profile of the company’s activities and its organizational structure (small entities with a limited spectrum of operation) the internal audit system is exercised by the management staff, without structurally separating this function. The lack of uniform practice in this area arises from the differentiated structure of the Group, the different sizes and business of the entities from the Group, justifying the structuring of the audit system in the given entity.
Within the Group, in the case of several entities, the quality management systems, internal audit systems and information security management are certified.