The organizational structure of PZU’s risk management system risk is internally consistent across the Group and for its various insurance companies. It consists of four competence levels.
The risk management system of PZU Group is based on:
- organizational structure – including division of responsibilities and tasks performed by management bodies, committees as well as organizational units in the risk management process;
- risk management process, including the methods of identification, measurement and assessment, monitoring and control, reporting risk and taking management action.
The organizational structure of the risk management system, which is consistent within PZU Group and in individual insurance companies within PZU Group, includes four competence levels.
The first three are as follows:
- Supervisory Board, which oversees the risk management process and assesses its adequacy and effectiveness as part of its decision-making powers defined in the company’s By-laws and the Supervisory Board rules and regulations, as well as through the appointed Audit Committee;
- Management Board, which organizes the risk management system and ensures its functionality through approving the strategy and policies and defining the risk appetite, the risk profile and tolerance for individual kinds of risk;
- Committees which make decisions on reducing the level of individual risks in order to keep the overall risk within the limit determined by the risk appetite. The Committees implement the procedures and methodologies for mitigating individual risks and accept their limits.
Fourth level of competence relates to operational actions and is divided between the three lines of defense:
- first line of defense – ongoing risk management at the business unit and organizational unit level and decision- making as part of the risk management process;
- second line of defense – risk management by specialized units responsible for risk identification, monitoring and reporting, as well as controlling limits;
- third line of defense – comprises internal audit, which conducts independent audits of the elements of the risk management system, as well as control activities embedded in the business activities.
Organizational structure of risk management system