Internal control and risk management system in the accounting process

Preparation of the consolidated financial statements includes all activities required for presentation and disclosure of the net assets, financial position and results of operations of the Group in accordance with the provisions of the law and the IFRS. The consolidated financial statements consist of the balance sheet, income statement, statement of comprehensive income, statement of changes in equity, cash flow statement, segment report and all necessary disclosures in the notes. The financial statement process includes the aggregation of all data from accounting and upstream processes for the annual financial statements.

Risk management is implemented in the Vienna Insurance Group accounting process in accordance with the five elementary components of the COSO (Committee of Sponsoring Organisations of the Treadway Commission) framework model for internal risk management.

Control environment

The organisational structure consists of the local accounting departments of the individual Group companies and the Group accounting department at the VIG headquarters in Vienna. The accounting departments of the Group companies prepare both local GAAP and IFRS financial statements and then send the IFRS figures to the Group accounting department.

The IFRS financial statements are prepared in accordance with uniform Group accounting policies. The Group fully applies the rules of IFRS 4 with respect to the valuation of insurance policies. Accordingly, the values recognised under applicable national law are carried over to the IFRS consolidated financial statements.

Standardised software is used to prepare the consolidated financial reports. The Group companies mostly use this software to send their data, which is entered locally. The Austrian insurance companies and some international insurance companies upload their balance sheets and income statements into the system. The Group accounting department consolidates the data and prepares the consolidated financial statements.

Risk assessment

The annual financial statement process has been documented in order to identify risks in the accounting process and eliminate them as far as possible. The documentation covers the entire process all the way from data entry by the employees of Group companies and automatic and manual controls and analyses during the consolidation process, to publication of the final annual report.

Control measures

The newest version of the IFRS manual and detailed information on Group-wide reporting requirements are sent to the responsible persons in the local accounting departments before each set of financial statements are prepared in order to ensure uniform reporting across the Group. Both automatic (using validations) and manual checks (performance analyses and plausibility checks by employees in the Group accounting department) are performed for the financial statement data that is received. Additional checks in the form of control calculations and reconciliation of, in particular, reinsurance and financing balances are performed to identify and eliminate potential errors.

In addition, an earnings reconciliation statement is prepared, the accuracy of individual parts of the consolidated financial statements is checked, and a plausibility check is performed for the consolidated financial statements as a whole to ensure that the presentation is complete and correct.

The accounting employees also work together closely with the Controlling department (e.g. variance analyses) when the financial statements are prepared. The data are also regularly provided to the Managing Board for review and checking.

In order to ensure that the annual report is completed correctly and on time by the publication deadline, strict deadlines are set for the quarterly and annual financial statements and the Group companies are already informed of these deadlines at the beginning of the 4th quarter for the coming reporting year.

The employees of the VIG accounting department ensure in advance that the Group companies can send their data on time.

Information and communication

The intensive collaboration with other areas of the Company, in particular Controlling, generates a lively exchange of information and communications.

In addition to the annual report at the end of each financial year, quarterly and half-year reports are published in accordance with IAS 34 and statutory provisions.

The Investor Relations department is responsible for reporting to Vienna Insurance Group shareholders. This takes place both in personal meetings and via the Company website. Shareholders and other interested parties are provided access to annual, quarterly and half-year financial reports, and to regularly updated information on key figures, share prices, the financial calendar, ad hoc news and other relevant topics.

Monitoring

The Group accounting department is responsible for preparing the Group annual report. Quarterly reports are provided to the Managing Board and Supervisory Board to ensure regular monitoring of the internal control system.

Risks are continuously monitored by internal cross-departmental Group controls (e.g. Group accounting department, Controlling).

The internal audit department also performs quality assurance. It performs independent, objective audit procedures to examine the structure and effectiveness of internal control systems and the value and optimisation potential of operational processes. The activities of the internal audit department are therefore aimed at helping the Company both reduce risks and strengthen processes and structures.

Group-wide guidelines exist in order to standardise the handling of significant risks throughout the Group, and also provide a tool for risk monitoring. Local management is responsible for implementing these guidelines in the individual Group companies.

The auditor takes the internal control system into account during the financial statement audit to the extent that it is relevant to preparation of the consolidated financial statements.

The auditor also assesses the effectiveness of the risk management system in accordance with Rule 83 of the Austrian Corporate Governance Code.