CONTROL, RISK MANAGEMENT AND COMPLIANCE SYSTEM
The Company’s system of internal control and risk management in the preparation of financial statements is implemented through:
- verification whether uniform accounting policies are applied by the ORLEN Group companies as regards recognition, measurement and disclosures in accordance with the International Financial Reporting Standards (IFRSs) as endorsed by the European Union,
- following the procedures for registering economic events in the financial and accounting system and monitoring compliance with the procedures,
- internal controls, including separation of duties, multi-stage data verification, accuracy reviews of data received and independent checks,
- providing ORLEN Group companies with uniform templates of separate and consolidated financial statements, and periodic reviews of the correctness of accounting policies and disclosures included in the financial statements prepared by the ORLEN Group companies,
- verification of the consistency of the ORLEN Group companies’ financial statements with data entered into the integrated IT system used to prepare the ORLEN Group’s consolidated financial statements,
- auditor’s review of Q1, H1 and Q3 financial statements and audit of full-year financial statements of PKN ORLEN and the ORLEN Group,
- procedures to authorise, approve and issue opinions on financial statements before they are issued,
- independent and objective evaluation of the risk management and internal control systems.
Economic events at PKN ORLEN are recorded in an integrated financial and accounting system. Security and availability of information contained in the financial and accounting system are controlled at all levels of the database, applications and presentations, as well as at the operating system level. System integration is ensured by data entry control systems (validation, authorisation, a list of values) and logs of changes. PKN ORLEN keeps its IT system up to date with the changing accounting policies and other legal requirements. PKN ORLEN’s solutions are implemented into systems of the ORLEN Group companies.
The ORLEN Group companies apply uniform accounting policies adopted at the ORLEN Group and approved by the PKN ORLEN Management Board for the purposes of preparing consolidated financial statements.
The Accounting Policy is periodically updated to ensure compliance with any new legislation. Consolidated financial statements are prepared based on the integrated IT system where the process of consolidating data sourced from reporting packages provided by each ORLEN Group company is performed. Designed for financial management and reporting purposes, the system enables the unification of financial information. Performance and budget-related data, forecasts and statistics are gathered in one place, which ensures direct control and data compatibility.
The data is reviewed for cohesion, completeness and consistency, which is achieved thanks to embedded controls checking the compatibility of data entered by ORLEN Group companies.
In order to keep mitigating risks associated with the preparation of financial statements, they are reviewed by an independent auditor quarterly, i.e. more often than required by applicable laws. Q1, H1 and Q3 financial statements are reviewed by the auditor, whereas full-year financial statements are subject to an audit.
As per the relevant procedure in place at PKN ORLEN (meeting all applicable requirements), the auditor of the Company’s financial statements is appointed by the Supervisory Board based on a recommendation from the Audit Committee and a report on the tender process held by the Audit Committee. Deloitte Audyt Spółka z ograniczoną odpowiedzialnością, Spółka komandytowa has been appointed as a qualified auditor of PKN ORLEN’s financial statements for 2019–2021. During audit work, the auditor makes an independent assessment of the reliability and accuracy of separate and consolidated financial statements and confirms that the internal control and risk management system is effective. The auditor presents the audit and review findings to the Management Board and the Audit Committee of the Supervisory Board.
The Audit Committee, appointed by the Supervisory Board in the exercise of its powers, is a supervisory body with some of its powers and responsibilities defined in the Act on Statutory Auditors, Audit Firms, and Public Oversight of May 11th 2017, including the following:
- monitoring the preparation of the ORLEN Group’s consolidate financial statements to ensure compliance with the Group’s Accounting Policy and applicable laws,
- monitoring the independence of the qualified auditor and auditing firm selected to audit financial statements,
- monitoring the effectiveness of the internal control, internal audit and risk management systems.
The Company has in place certain procedures to authorise financial statements, under which periodic reports are submitted to the Management Board and then to the Supervisory Board’s Audit Committee for its opinion. Once the Audit Committee’s opinion is received and the auditor completes its review or audit of the financial statements, they are authorised for issue by the PKN ORLEN Management Board by means of a qualified electronic signature and then released to the public by the Investor Relations Office.
Full-year financial statements are also presented to the Supervisory Board for final assessment and control of the financial reporting process. The Supervisory Board is an independent body ensuring the reliability and accuracy of information disclosed in the financial statements of PKN ORLEN and the ORLEN Group.
Financial Control, Risk Management and Compliance Office(Recommendation III.R.1 of the Code of Best Practice)
The Financial Control, Risk and Compliance Management Office operates within the Management Board Member for Corporate Affairs function, with a primary responsibility for the implementation of financial control, risk and compliance management processes. The performance of financial control tasks is supervised by the Chief Executive Officer, President of the Management Board. The Office is divided into:
- Financial Control Department, responsible for detecting any irregularities and business misconduct, verifying compliance of conduct of PKN ORLEN and ORLEN Group employees with applicable laws, internal organisational rules and professional standards, estimating the impact of any potential irregularities or misconduct, defining corrective measures and designating responsible persons, as well as assessing internal organisational documents. The audited area is scrutinised mainly against legal compliance, relevance, cost efficiency, reliability, efficiency and legitimacy criteria, with the interests of PKN ORLEN and ORLEN Group companies taken into consideration. The Department’s staff carry out inspections in accordance with an annual inspection schedule (scheduled financial inspections) as well as ad hoc and preliminary inspections. Reports on scheduled and ad hoc inspections provide post-inspection orders/recommendations designed to eliminate the identified irregularities and misconduct, streamline the operation of the inspected organisational units, and amend internal procedures and regulations, whereas preliminary inspections lead to the issuance of proposals of recommended actions based on the inspection findings to the extent necessary to identify any irregularities. Twice a year the Financial Control Department prepares a report for the Company’s Management Board and the Supervisory Board’s Audit Committee on the completed financial inspections and progress in the implementation of post-inspection orders/recommendations.
- The Management Systems and Enterprise Risk Department in which the Enterprise Risk Management Team and the Management Systems Team operate. Enterprise Risk Management Teams, which coordinates – in line with the applicable policy and procedure – the enterprise risk management process by providing tools and methodological support to participants of the risk self-assessment process and testing of controls deployed at PKN ORLEN and the ORLEN Group. Their tasks are to support business areas in risk management during the implementation of project objectives by carrying out regular training sessions in risk identification, description and assessment, as well as workshops and consultations for project managers and persons involved in project work, thus helping minimise the amount of work and optimise the project value. As part of corporate risk management, the Company regularly defines and measures risks related to the achievement of strategic objectives. The Enterprise Risk Management Team prepares regular reports on risk management at PKN ORLEN S.A. and the ORLEN Group companies, which are then presented to the relevant Management Boards.
Members of the Management Systems Team ensure maintenance and improvement of the Integrated Management System – compliance with ISO 9001, AQAP 2110, ISO 14001, ISO 45001, ISO/IEC 27001, ZKP, ISCC, KZR INiG, ISO 50001 and HACCP. The systemic activities include supervision of documentation (documented information), supervision of equipment, supervision of products (process outputs), and development of a process approach based on risk and opportunity analysis. As part of the Integrated Management System, management reviews are conducted and reported to the PKN ORLEN Management Board, which take into account, among other things, compliance assessment, and any recommendations regarding the implementation of further Management Systems. An internal audit system is in place to verify the correctness of operation of the Company’s organisational units, suppliers, contractors, etc.
- The Regulatory Risk Management Department is responsible for monitoring legal regulations that may have an impact on the ORLEN Group and for undertaking lawful lobbying activities. It is also responsible for dialogue with market regulators and managing fuel licences issued by the President of the Energy Regulatory Office under the Energy Law. The Department also participates in the implementation of measures aimed at ensuring compliance with regulatory requirements (legal and regulatory advice) at the ORLEN Group.
The Group’s Representative Office in Brussels is responsible for monitoring legal regulations developed at the EU level that may have an impact on the ORLEN Group and for undertaking lawful lobbying activities. The Representative Office is also tasked with engaging in dialogue with representatives of EU institutions and participating in the work of sectoral organisations of which the ORLEN Group is a member.
Compliance Management Department, which supervises compliance by the ORLEN Group companies with applicable laws, internal regulations, voluntary standards of conduct and ethical standards. The key objective of the ORLEN Group’s compliance system is to proactively monitor the regulatory environment of all corporate business processes and to ensure a uniform approach to implementing and reporting compliance requirements across the Group. At PKN ORLEN, the compliance system is a dispersed function, where compliance risk is managed by Directors reporting directly to a Management Board Member under the supervision of the Head of the Financial Control, Risk and Compliance Management Office. The compliance management process is regularly reported to the Company’s Management and Supervisory Boards.