The risk management system of PZU Group is based on:
- organisational structure – containing division of responsibilities and tasks performed by management bodies, committees as well as organisational units in the risk management;
- the risk management process, including the methods of identification, measurement and assessment, monitoring and control, reporting risk and taking management action.
The risk management organisational structure is coherent in PZU Group and in individual companies includes four competence levels.
The first three are as follows:
- the Supervisory Board, which oversees the risk management and assesses its adequacy and effectiveness as part of its decision-making powers defined in the company’s Articles of Association and the Supervisory Board rules and regulations;
- the Management Board, which organizes the risk management system and ensures its functionality through approving the strategy and policies and defining the risk appetite, the risk profile and tolerance for individual kinds of risk;
- the Committees which make decisions to reduce individual risks to a levels determined by the risk appetite. The Committees implement the procedures and methodologies for mitigating and accept the individual risks and their limits.
The fourth level of competence relates to operational actions and is divided between the three lines of defence:
- the first line of defence – ongoing risk management at the business unit and organizational unit level and decisionmaking as part of the risk management process;
- the second line of defence –risk management by specialised units responsible for risk identification, monitoring and reporting as well as controlling limits;
- the third line of defence – comprises internal audit, which conducts independent audits of the elements of the risk management system, as well as control activities embedded in the activity.
Structure of the risk management system