8.3 Organisational structure

The risk management system organisational structure is consistent in PZU Group and in individual companies and includes four competence levels.

The first three are:

  • the Supervisory Board, which supervises the risk management process and assesses its adequacy and effectiveness as part of its decision-making powers defined in the given company’s Articles of Association and the Supervisory Board rules and regulations;
  • the Management Board, which organizes the risk management system and ensures its functionality through approving the strategy and policies and defining the appetite for risk, the risk profile and tolerance for individual categories of risk;
  • Committees which make decisions on reducing individual risks to a level determined by the risk appetite. The Committees implement the procedures and methodologies for mitigating the individual risks and accept individual risk limits.

The fourth competence level relates to operational actions and is divided between the three lines of defence:

  • the first line of defence – ongoing risk management at the business unit and organizational unit level and decision-making as part of the risk management process;
  • the second line of defence – denotes risk management by specialised units responsible for risk identification, monitoring and reporting as well as controlling limits;
  • the third line of defence – comprises internal audit, which conducts independent audits of the elements of the risk management system, as well as control activities embedded in the activity.