The PZU Group has an internal control system, which, together with the risk management system, is an important component of the Group’s management system. The management system ensures effective supervision of PZU and its subsidiaries.

Risk management system

The objective of the PZU Group’s ris management system is to ensure early identification and adequate management of material risks associated with the activities of the PZU Group and its individual entities. Risk management is one of the key internal processes in the PZU Group.

Internal control system

Purpose and organization of the internal control system

PZU has an internal control system (ICS) in place, adjusted to the scale of its operations and its organizational structure. It is aimed at ensuring the effectiveness and efficiency of operations, reliable reporting, especially financial reporting, compliance of the company’s operations with laws, internal regulations and standards of conduct, and adherence to risk management rules.

The ICS comprises supervision, overall administrative and accounting procedures, organizational structures, reporting systems, solutions implemented in IT systems, the compliance function and other control mechanisms contributing to the security and stability of the company’s operations: The following elements are distinguished within the ICS:

  • the control function, which consists of all controls in the processes operating at the Company, independent monitoring of compliance with these controls, and reporting within the control function In particular, it includes positions or organizational units responsible for carrying out the tasks assigned to this function;
  • the compliance function carried out by an independent compliance unit (Compliance Department – BCM);
  • internal control unit, i.e., the Internal Control Department (BKO) tasked with implementing and supervising system solutions for the ICS;
  • independent internal audit unit (Internal Audit Department – BAW) responsible for carrying out independent and objective assessment and evaluation of adequacy and effectiveness of the internal control system and the system of governance.

The ICS is built on the basis of the said elements and is based on a model of three independent and complementary levels, where:

  • the first line is comprised of activities of business processes owners, encompassing the operational management of ris associated with the Company’s operations and processes carried out as part of those operations;
  • the second line is comprised of activities of the Compliance Department and risk management by other specialized business units specified in internal regulations on risk management and dealing with risk identification, measurement, monitoring and reporting and controlling the limits;
  • the third line is provided by activities of the Internal Audit Department.

Supervision over the internal control system is exercised by:

  • supervision and periodic evaluation of the internal control system by the Supervisory Board;
  • activities of the Management Board, including the establishment of an adequate and effective internal control system and periodic assessment of the functioning of the ICS;
  • supervision of PZU Group Directors and Managing Directors over the implementation of the control function in the areas reporting to them;
  • supervision by the head of the Internal Control Department on systemic solutions to improve the efficiency and effectiveness of the ICS;
  • supervision by the supervisor of the internal audit function in overseeing the tasks performed within the internal audit function;
  • supervision exercised by PZU units in relation to their subordinate units or areas in the introduction and maintenance of effective and efficient internal control, adequate to the tasks performed in a given area.

Heads of PZU organizational units are responsible for the organization and implementation of the control function in the supervised area of the Company’s operations, in particular, for the design, implementation and effective functioning of control mechanisms in the implemented processes, ensuring an appropriate response to the occurring risks, as well as the organization of monitoring of compliance with the implemented control mechanisms, in proportion to the level of ris associated with the Company’s operations and the processes subject to control;

The PZU Group’s internal control system has been developed at the level of the leading entity (i.e., PZU) and is applicable to all members of the PZU Group, in consideration of their distinct nature, proportionality and adequacy. With regard to regulated entities existing within banking groups, the internal control system has been designed at the level of each of these groups, taking into account the applicable sectoral regulations.

Organization of the internal control system chart

As part of its cooperation with PZU Group entities, PZU analyzes information that it receives regularly from these entities concerning the organization of the internal control system, internal control conducted and evaluation of the internal control system, in order to improve unified standards for the operation of an effective internal control system.

Compliance

One component of PZU’s internal control system is the compliance function, which is overseen by the Managing Director on Regulations, who reports to either the President of the Management Board of PZU or a person delegated to temporarily perform the function of the President of the Management Board.

Committee of the PZU Supervisory Board. The Managing Director on Regulations, supervising the Compliance Department, and Director of the Compliance Department have direct access to Management Board members and PZU’s Supervisory Board Members, and representatives of the Compliance Department participate in meetings of selected committees established within the company’s structure.

Reporting is done through monthly and annual reports for the Management Board members and quarterly risk reports to the Supervisory Board’s Audit Committee and the PZU Supervisory Board itself, as well as in the form of current information provided on an ad hoc basis to the members of the Company’s statutory bodies if the need arises.

Internal audit

The internal audit function is run in a manner ensuring its unbiased nature and independence from operational functions, and its purpose is to add value and enhance the PZU Group’s operational performance. The activity of the audit function involves a regular and orderly assessment of the adequacy and effectiveness of the internal control system and other components of the management system. The internal audit function supports the PZU Group in the pursuit of its objectives by providing – also through consulting – certainty as to the effectiveness of these processes.

The duties of the internal audit function comprise in particular:

  • development and implementation of an audit plan, which defines the scope of audit work to be undertaken in subsequent years, with regard to all types of activity and the Company’s overall system of management;
  • making recommendations based on the results of the work carried out;
  • checks of execution of the corrective measures following from the recommendations made

The audit plan is prepared on the basis of an annual risk identification and assessment conducted across all areas of PZU’s business. A draft plan is presented for evaluation by the Audit Committee and then approval by the Management Board.

The timely implementation of audit recommendations by the business units is overseen by the responsible member of the Management Board or PZU Group Director. The Internal Audit Department monitors the progress of implementing the recommendations based on information obtained from the respective business units. After an analysis, it decides whether to consider them completed.

The following adopted principles guarantee the independence and impartiality of internal audit:

  • The Managing Director of Audit, who heads the Internal Audit Department, reports functionally to the Audit Committee and organizationally to the President of the Management Board of PZU or to a person delegated to temporarily perform the duties of the the President of the Management Board of PZU;
  • the appointment and dismissal of a person to the position of the head of the internal audit unit requires the opinion of the Audit Committee of the PZU Supervisory Board;
  • The Managing Director on Audit participates in meetings of the Audit Committee of the PZU SA Supervisory Board and meetings of the Management Board, and representatives of the Internal Audit Department participate in meetings of selected committees operating within PZU’s structure;
  • PZU’s internal auditors demonstrate outstanding professional and ethical qualifications and possess the proper knowledge and skills, including the knowledge of issues necessary to conduct audits. They have access to the necessary information, explanations, documents and data, allowing for the timely and correct performance of their tasks;
  • the scope of audit activities performed during each audit and the resulting evaluations are autonomous decisions of internal audit. The tasks are allocated in such a manner so as to prevent potential and actual conflicts of interest. Each employee, before starting a task, is obliged to inform the supervisor in case of a potential conflict of interest – assigned tasks are rotated as necessary. In addition, no auditor may, before one year has elapsed, evaluate activities that they themselves previously performed or managed. They also cannot assume responsibility for operational activities that are subject to internal audit review.

PZU has implemented the Internal Auditor’s Code of Ethics, based on guidelines issued by the Institute of Internal Auditors (IIA). The purpose of the Code is to promote best practices and models for ethical behavior, and to motivate the need for continuous professional improvement and development of the proper image of internal auditors.

Audit tasks are carried out taking into account the Internal Audit Strategy. The status of the strategy’s implementation is monitored in terms of, among other things, performance indicators for the internal audit function.

The Internal Audit Department provides the company’s Management Board and Audit Committee with periodic management information from its subordinate area, including, in particular:

  • information on the progress in implementing the audit plan;
  • information on the findings of internal audits;
  • information on recommendation monitoring results.

In order to ensure the proper quality and continuous improvement of the internal audit function, internal (on an annual basis) and external (not less than once every five years) assessments of the Company’s internal audit activities are conducted. A third-party assessment of the internal audit function at PZU conducted by PwC Advisory and an analysis of coordination of the Group’s internal audit run by the Internal Audit Department demonstrated general compliance with the International Standards for the Professional Practice of Internal Auditing and the Code of Ethics developed by the IIA.

Financial statements control system

Control mechanisms applied during the preparation of the financial statements

The process of preparing financial statements is carried out by units within the Finance Division and other PZU units in accordance with their responsibilities. The Finance Division is supervised by a Management Board member, and the financial statements require approval by the Management Board.

The process is conducted in compliance with:

  • accounting principles (accounting policy) adopted by the Management Board;
  • chart of accounts with a commentary;
  • other detailed internal regulations approved by the PZU Management Board specifying key rules for recording business events in PZU, the valuation of assets and liabilities and the calculation of the financial result;
  • method of keeping the accounting ledgers;
  • reporting systems.

Data are prepared in the source systems using formal operating and acceptance procedures which specify the powers of specific persons.

The reporting process is carried out by qualified, skilled and experienced staff.

PZU monitors changes in external regulations concerning, without limitation, the accounting policy and reporting requirements applicable to insurers and carries out appropriate adaptation processes in these areas.

The accounting records are closed and financial statements are prepared in accordance with schedules, including the key activities and control points with assigned liability for timely and correct completion.

The key controls during preparation of the financial statements include:

  • controls and permanent monitoring of the quality of input data, supported by financial systems with defined rules of data correctness, in accordance with PZU’s internal regulations governing the control of accuracy of accounting data;
  • data mapping from the source systems to financial statements supporting the proper presentation of data;
  • analytical review of financial statements by specialists to compare them with the business knowledge and business transactions;
  • formal review of the financial statements to confirm compliance with the applicable legal regulations and market practice in terms of required disclosures.

Coordination of activities with regard to consolidated financial reporting processes at PZU and PZU Life is made possible by the Finance Divisions’ organizational model common to these companies, based on the principle of personal union. PZU controls all its consolidated subsidiaries through these companies’ management boards and supervisory boards.

The consolidated financial reporting process is governed by a number of internal acts defining the principles of accounting policy adopted by the PZU Group and accounting standards. Moreover, it is subject to detailed schedules including the key activities and control points with assigned liability for timely and correct completion.

Consolidation packages forwarded by subsidiaries are subjected to:

  • verification procedures by a statutory auditor scrutinizing the PZU Group’s consolidated financial statements;
  • analytical reviews by specialists.

Consolidation packages forwarded by banks are also reconciled with their published stock exchange disclosures.

The organization and the process of preparing the financial statements are regularly reviewed by the internal audit function.

Audit Committee of the Supervisory Board of PZU

The appointment of the Audit Committee has served the purpose of increasing the effectiveness of supervisory activities performed by the Supervisory Board with regard to the monitoring of financial reporting processes.

The scope of the Audit Committee’s activities, including activities related to monitoring the financial reporting process and advisory and opinion activities, is described in the Statement in Section 7.5.2. Supervisory Board / Audit Committee.

The Audit Committee, in particular:

  • conducts a preliminary assessment of the Management Board’s report on the Company’s activity and on the activity of the Company’s group and annual financial statements – the company’s individual and the consolidated financial statements of the Company’s group;
  • makes recommendations to the Supervisory Board on the selection of an audit firm to audit and review the financial statements and the annual solvency and financial condition report required by the Solvency II Directive (both the PZU and PZU Group reports).

Audit firm auditing the financial statements

On 24 August 2022, after reviewing the Audit Committee’s recommendation, the Supervisory Board passed a resolution on the selection of PricewaterhouseCoopers Pols a Spół a z ograniczoną odpowiedzialnością Audyt Sp. . PwC) as the audit firm to conduct audits of the annual and reviews of the interim individual and consolidated financial statements and audits of the annual individual and consolidated reports on the solvency and financial condition of PZU and the PZU Group for the five fiscal years 2024–2028, with an option to extend the contract for two more fiscal years 2029–2030.

The Audit Committee’s recommendation met the requirements of the law, in particular, it was free from third-party influence and no clause of any kind has been imposed on it, as referred to in Article 66(5a) of the Accounting Act and Article 16(6) of Regulation No. 537/2014. It was drawn up following a tender procedure conducted in 2022, in accordance with the Policy for the selection of the audit firm to conduct the audit and the Procedure for the selection of the audit firm adopted by the Supervisory Board.

The auditor for PZU’s individual and consolidated financial statements for 2023 was KPMG Audyt.

The cooperation with KPMG Audyt, pertaining to the reviews and audits of the standalone financial statements of PZU and consolidated financial statements of the PZU Group has continued without interruption since 2014.

The auditor for PZU’s individual and consolidated financial statements for 2024 was PwC.

The following are among the main assumptions underlying PZU’s policy for selecting the audit firm:

  • ensuring that the process of selecting the audit firm is done correctly and determining the responsibility and the duties of the participants in this process,
  • analyzing when selecting the audit firm the recommendations given by the Audit Committee,
  • giving consideration to the rule of rotating the audit firm and the key statutory auditor in the embraced time horizon.

The main objectives of the policy for the provision of permitted non-audit services by the audit firm conducting the statutory audit, its related entities and by a member of the audit firm’s networ were as follows:

  • ensuring correctness in the process of procuring permitted services;
  • determining the responsibility and the duties of the participants in this process,
  • defining the catalog of permitted services,
  • establishing the procedure for procuring permitted services.

In 2024, audit firms KPMG Audit and PwC provided permitted non-audit services to PZU

The Audit Committee granted approval for the provision of these services on a on a case-by-case basis after assessing the threats to and safeguards for the audit firm’s independence, in accordance with the Policy for the provision of permitted non-audit services by the audit firm conducting the statutory audit, by entities related to that audit firm, and by a member of the audit firm’s network, as adopted by the Supervisory Board.

In the scope of permitted non-audit services, KPMG Audyt in 2024 conducted an audit of the report on the solvency and financial condition of PZU SA for the financial year ending on 31 December 2023, as well as the report on the solvency and financial condition of PZU Group for the financial year ending on 31 December 2023.

Permitted non-audit services performed by PwC as part of the audit and review of the 2024 financial statements included:

  • review of the interim standalone financial statements of PZU SA and the interim consolidated financial statements of the PZU SA Group for the sixmonth period ended on 30 June 2024;
  • audit of the report on the solvency and financial condition of PZU SA and the consolidated report on the solvency and financial condition of PZU SA Group for the financial year ended on 31 December 2024.

The tables below present the amounts due to the PZU Group’s audit firm:

  • PWC and network firms – in 2024;
  • KPMG Audit and firms in the KPMG network – in 2023;

paid or payable for the period, plus VAT.

Fee payable to the audit firm auditing PZU’s financial statements (PLN 000s) 1 January – 31 December 2023 1 January – 31 December 2024
Mandatory audit of annual financial statements /consolidated financial statements 1,773 3,316
Other assurance services, including review of the financial statements/consolidated financial statements / sustainability report/insurance company solvency and financial condition report 1,421 2,989
Tax consulting services
Other services
Total 3,194 6,305

Fee payable to the audit firm auditing the financial statements of the PZU Group entities subject to consolidation (PLN 000s) 1 January – 31 December 2023 1 January – 31 December 2024
Audit of financial statements 12,582 15,259
Other assurance services 8,720 10,150
Total 21,302 25,409

Attestation of sustainability reporting

On 20 November 2024, after reviewing the Audit Committee's recommendation, the Supervisory Board passed a resolution to conclude an annex with PwC for the attestation of the PZU Group's Sustainability Reporting for 2024 to the contract for the audit and review of financial statements and the audit of solvency and financial condition reports.

The annex was negotiated by PZU's Management Board and signed in accordance with PZU's statutory representation.

The annex was concluded pursuant to Article 16(2) of the Act amending the Accounting Act, the Act on Statutory Auditors, Audit Firms, and Public Oversight, and certain other acts, which allowed the head of the entity (i.e., the Management Board) to enter into an agreement for the attestation of the PZU Group’s Sustainability Reporting for a financial year that began before 1 January 2025, with the audit firm selected to conduct the audit of the financial statements for that financial year.

On January 1, 2025, amendments to the Act of May 11, 2017 on Certified Public Accountants, Audit Firms and Public Supervision (i.e., Journal of Laws of 2024, item 1035, as amended), introduced by the Act of December 6, 2024 on amendments to the Accounting Act, the Act on Certified Public Accountants, Audit Firms and Public Supervision and certain other acts (Journal of Laws, item 1863), came into force. The law implemented the EU directive on corporate sustainability reporting (CSR Directive) into Polish law.

According to the new regulations, audit committees or separate committees established for this role play a key role in monitoring sustainability reporting. The amended regulations expanded the audit committee’s responsibilities from January 1, 2025 to include the duty to develop policies and procedures for attesting sustainability reporting, in particular:

  • development of a policy for the selection of an audit firm to conduct an audit of financial statements and a policy for the selection of an audit firm to conduct an attestation of sustainability reporting – in the case of a public interest entity required to prepare sustainability reporting or group sustainability reporting;
  • development of a policy for the provision by the audit firm performing the audit or attestation of sustainability reporting, by affiliates of the audit firm, and by a member of the network to which the audit firm belongs of permitted services that do not constitute an audit or attestation of sustainability reporting;
  • determining the procedure for the selection of an audit firm by a public interest entity.

Taking the above into account, the Audit Committee of the PZU Supervisory Board updated the content:

  • Policy for selection of the audit firm to perform the audit;
  • Policy on the provision of permitted non-audit services by the audit firm conducting the audit, by affiliates of the audit firm and by a member of the audit firm’s network;
  • Procedures for the selection of the audit firm

and aligned the titles of the policies and procedures with the current wording of the regulations.

The Supervisory Board amended the aforementioned documents with effect from January 1, 2025.

The amendments expanded the Audit Committee’s authority to monitor sustainability reporting.

According to the new provisions, the selection of the audit firm to carry out attestation of sustainability reporting is made by the body approving the entity’s financial statements until the Articles of Association of PZU are amended accordingly.

Previous topic
Management Board and Supervisory Board
Next topic
Shareholder Meeting and relations with shareholders