The Board focuses on risk management and internal control, and this is an integral part of the Board’s systematic work. The Board has adopted a group policy for risk management and internal control. Among other things, the document describes the main principles for risk management and internal control, in addition to describing the division of responsibility. The document is available at https://www.gjensidige.no/group/
The main purpose of risk management and internal control is to provide reasonable assurance of goal attainment through the following methods:
- Targeted, efficient operations.
- Reliable, available management information and correct external reporting.
- Compliance with internal and external regulations.
- Loss limitation and safeguarding of assets
Gjensidige’s internal control system includes the Company’s core values, guidelines for ethics and social responsibility and other governing docu- ments.
The Board carries out an annual review of the Group’s most important risk areas and its internal control. The Board also receives quarterly reports on the risk situation in the Group. The division of responsibility between the Board and the CEO is as follows:
The Board’s responsibilities:
- The Board has overall responsibility for ensuring that Gjensidige has established expedient, effective processes for risk management and internal control in accordance with recognised frameworks.
- The Board shall ensure that such processes are satisfactorily established, implemented and followed up, among other things by considering reports prepared by the Risk Management and Compliance function that are submitted tothe Board by the CEO and the internal audit function as direct reports to the Board.
- The Board shall ensure that risk management and internal control are integrated in the Group’s strategy and business processes.
The CEO’s responsibilities:
- The CEO shall ensure that Gjensidige’s risk management and internal control are imple- mented, documented, monitored and followed up in a satisfactory manner. The CEO shall issue instructions and guidelines for how the Group’s risk management and internal control shall be carried out in practice and establish expedient control processes and functions.
Centralised control functions have been established that are independent of business operations: the Risk Management-, the Compliance- and the Actuary function. In addition, the internal audit function serves as an additional, independent control level that reports directly to the Board.
The Compliance function is independent in relation to operations, and it identifies, assesses, monitors, advises and reports on the Group’s compliance risk. Assessing compliance risk is part of the Group’s annual risk assessment process.
The Risk and Compliance function is responsible for monitoring the overall risk situation and the framework for risk management, including internal control and the quantification and aggregation of risk.
The internal audit function is an independent, obje- ctive confirmatory and advisory function that shall contribute to the organisation achieving its goals. The head of the internal audit function is appointed and dismissed by the Board and submits reports on the Group’s risk management and internal control to the Board and the CEO at least once a year. The Board approves resources and plans for the internal audit function annually. The Group Audit Director reports quarterly to the Board and the CEO on the results of the audit work. The audit work is carried out in accordance with international internal auditing standards (IIA).
The Group’s control functions are organised on the basis of the principle of three lines of defence.
b) Financial reporting and financial management
Among other things, the CFO is responsible for asset management, risk and capital management, the Actuary function, the planning process and financial performance. Among other things, the Executive Vice President of Group Staff and General Services is responsible for financial reporting and follow-up of limits on the investment activities. This organisation is intended to ensure independence between the leading premise setter for profit performance and those who report the results.
The Gjensidige Group publishes four interim reports in addition to the ordinary annual accounts The accounts shall meet the requirements in laws and regulations and be prepared in accordance with adopted accounting principles.
Publishing deadlines are stipulated by the Board. The tasks that are carried out in the concluding phase are set out in a schedule that specifies the person responsible and the deadline for ensuring timely reporting. The schedule is reviewed prior to each quarter to ensure that any new circumstances are identified and that the schedule continues to be expedient.
As part of Gjensidige’s governing documents, an overall description has been prepared of the process relating to the closing of the accounts. Reporting instructions have also been prepared, including accounting principles that subsidiaries and branch offices must use in their reporting. The internal control is based on the principle of division of labour and dualism, and it is documented through descriptions of processes and procedures in material areas. Authorisation structures, recon- ciliations and management reviews have been established.
As part of the Board’s above-mentioned annual review of the Group’s risk areas and internal control, an evaluation is also carried out of risk and control in the financial reporting process, and of whether measures are necessary.
Consolidated accounts are prepared every month and reported to the Board on a monthly basis, with comments on and explanations of each business segment. In this connection, Group Accounts cooperates with the Actuary function, Group Performance Management, Reinsurance and the controllers in the business areas on quality assurance of figures and comments. The insurance provisions are assessed monthly by the Actuary function and reviewed annually by an external actuary. Accounting items that entail a varying degree of discretionary judgement and assessment are reviewed and documented in advance of the quarterly closing of accounts. Discretionary accounting items are reviewed by the Board’s audit committee at quarterly meetings. The audit committee also considers the interim reports, company accounts and consolidated accounts.
The processes are identical for the Group and the parent company. The annual accounts are adopted by the respective general meetings.
The Group has established a planning process for financial management whereby the CEO, the CFO and the Chief Performance Officer meet with business and support areas at least every quarter and review financial performance and goal attainment as well as events that affect future development. Among other things, they assess risks relating to financial reporting, in both the short and long term. The Senior Group Management reviews monthly financial reporting, including developments in profit/loss and balance sheet items, goal attain- ment, the forecast for the year, risk assessment and analysis of and comments on results in business and support areas.
In connection with the outsourcing of material work processes, such as payroll and ICT services,the Group obtains statements in accordance with ISA3402 in order to assess the contracting party’s internal control. The purpose of this is to ensure that the contracting party has satisfactory internal control. Gjensidige’s own security department
also performs independent security checks of the contracting party relating to ICT systems, including access control and the protection of sensitive data.
The Group is concerned with ensuring that processes relating to financial reporting and financial management are carried out by personnel with the right expertise for the different tasks.
Professional updating in the form of self-studies, courses and continuing education takes place on the basis of the needs and complexity of the position in question. The goal is that the Group shall have sufficient expertise and resources at all times to be able to carry out timely closing of the accounts without there being material errors in the consolidated and company accounts. This involves fields such as IFRS, NGAAP and the Annual Accounts Regulations for Insurance Companies etc. Gjensidige participates actively in various industry organisations for banks and life and general insurance companies where topical issues are discussed.
Deviations from the Code of Practice: None