No notes
Empty basket
Print version
Delete
2018 Financial and Social Report

Internal Control System and external Auditor

The Bank has an internal control system covering all organizational units of the Bank and its subsidiaries. It is organized in the framework of three independent levels – the so-called three lines of defence.

On the first line of defence risk is managed within the Bank’s operational units. The second line of defence consists of units responsible for risk management in the Bank and the Compliance Department in the scope of non-compliance risk management. The third line of defence includes, in turn, the Internal Audit Department. In all three lines of defence, employees  (as part of their assigned duties) respectively use controls or independently monitor their functioning.

The Bank’s internal control system operates in a manner that ensures the achievement of objectives that include: effectiveness and efficiency of the Bank’s operations, credibility of financial reporting, observance of the Bank’s risk management principles and compliance of the Bank’s operations with law, internal regulations and market standards.

The Bank has controls adjusted to the above-mentioned objectives of the internal control system, complexity degree of processes, risk of irregularities, specificity of the Bank’s activity, implemented organizational solutions, employed system solutions and available resources. For identified significant processes there was introduced the documenting of the relationship between key controls and the objectives of the internal control system and the estimated risk of non-achieving them in the form of so-called internal control matrices. Control matrices describe also the way of monitoring key controls. During the annual review of the Bank’s internal control system, on the basis of updated internal control matrices for significant processes, the Bank’s Internal Control System Matrix is created to be presented to the Audit Committee of the Supervisory Board and the Supervisory Board of the Bank.

Supervision and annual assessment of the implementation and ensuring of the functioning of an adequate and effective internal control system is exercised by the Supervisory Board of the Bank.

The Internal Audit Department is within the internal control system a specialized unit of the third line of defence which carries out an independent review of processes and internal control in the Bank and the BM Group, verifying the implementation of tasks assigned to the first and second line of defence.

The aim of the activities is to provide the Bank’s Management with an assessment of the effectiveness and adequacy of the risk management system and the internal control system, as well as adding value and streamlining processes in the Bank and the BM Group. When implementing its mission Internal Audit takes into account the strategic objectives and tasks of the organization, as laid down by the Management Board and Supervisory Board of the Bank. The audit process is performed according to the Audit Charter and Internal Audit Methodology, fostering international standards of internal audit and good banking practices.

The Internal Audit Department is an independent unit, reporting to the Chairman of the Management Board of the Bank and the results of its activities are reported to the Audit Committee of the Supervisory Board and the Supervisory Board of the Bank.

The activity of Internal Audit is a planned and continuous activity, resulting from the implementation of the mission and objectives, as well as the adopted Department Strategy and based on an annual audit plan. The basis of the planning process is the assessment of the risk of particular areas and processes of the Bank in order to identify increased risk and support the specification of priorities and resources for the implementation of tasks. The planning process takes into account consultations with senior management and owners of key processes. The annual audit plan is approved by the Bank’s Supervisory Board and implemented on a quarterly basis by experienced and highly qualified professionals.

Internal Audit performs independent and objective assurance and consulting activities. Assurance activity is carried out as part of process audits, independent review function, branch audits, preventive audits and investigations. Assurance activity includes assessment of the adequacy and effectiveness of the risk management system and internal control system in all areas of banking activity. Advisory services are aimed at supporting the organization in achieving its goals and are provided, as far as their nature does not put under threat the independence, effectiveness and objectivity of Internal Audit’s assurance activity, nor is related to the designing of control mechanisms and risk management system.

In 2018 Internal Audit Department performed audit tasks in the Bank, its subsidiaries, external entities to which the Bank, to the extent permitted by regulations, outsourced banking and bank-related operations, as well as within the BCP Group. The planned activity of the Department covered among others audits of key business and support processes and also financial audits, branch audits and those of compliance with external regulatory requirements. The tasks performed by the Internal Audit Department also included investigations and prevention audits.

The results of the review of the functioning of the entire internal control system as well as its selected components, carried out by the Internal Audit Department in cooperation with the External Auditor of the BCP Group, are presented cyclically and are subject to evaluation by the Audit Committee of the Bank’s Supervisory Board and once a year to the Bank’s Supervisory Board.

Implemented solutions regarding the internal control system protect to a significant extent the Bank from financial reporting errors and provide the Bank’s Management with information which helps evaluate the correctness, efficiency and security of the process of preparing financial reports, also in order to ensure the highest possible effectiveness in managing identified types of risks accompanying the process.

The internal control system, introduced by the Management Board of the Bank and incorporating the financial report preparation process, has been designed to facilitate the control of process risk while maintaining appropriate supervision over the correctness of gathering, processing and presentation of data necessary for the preparation of financial reports in keeping with effective laws.

An important element of the internal control system in the process of preparing financial reports is the cooperation of the Audit Committee of the Bank’s Supervisory Board with an audit firm providing financial audit services. The Bank prepared the policy of selecting an audit firm for carrying out an audit and policy for providing by an audit firm carrying out an audit, by entities connected with such audit firm and by a member of an audit firm network – permitted services not being an audit. The above-mentioned scope of information is captured in the document „Policy of Selecting and Cooperation with Audit Firms”, which was approved by the Audit Committee on 26 October 2017. The policy specifies:

1. The principles of selecting the audit firm to conduct:

a. statutory audit, i.e. annual audit of the consolidated financial report of the Bank’s Capital Group or annual audit of the Bank’s financial report whose duty to conduct results from art. 64 of the Accounting Act of 29 September 1994 (Dz. U. of 2016, i.e. item 1047 and 2255 and of 2017, item 61, 245, 791 and 1089) (hereinafter „the Accounting Act”), provisions of other acts or provisions of the EU law,

b. voluntary audit, i.e. annual audit of the financial report which is conducted pursuant to the Bank’s decision, and not on the basis of art. 64 of the Accounting Act of 29 September 1994, provisions of other acts or provisions of the European Union law, conducted in accordance with national or other audit standards, as well as auditing the consolidated annual financial report of the Bank’s Capital Group conducted in accordance with standards other than national audit standards;

2. Principles of providing permitted services not being a statutory or voluntary audit by:

c. audit firm conducting a statutory audit or voluntary audit at the Bank or at Millennium BCP,

d. entities connected with the audit company conducting a statutory or voluntary audit at the Bank or at Millennium BCP, and

e. member of an audit firm network conducting a statutory or voluntary audit at the Bank or at Millennium BCP.

3. Principles of the Bank’s communication with audit firms, entities connected with an audit firm or members of an audit firm network with respect to conducting statutory or voluntary audits and providing permitted services.

The External Auditor is selected by the Supervisory Board on the basis of a recommendation issued by the Audit Committee of the Supervisory Board. In addition, in the interest of the quality of financial data presented in the remaining published quarterly reports, the Bank, together with the External Auditor, has implemented cooperation procedures ensuring – on an on-going basis – the consultation of important issues connected with the recognition of economic events in the Bank accounts and financial reports. At the meetings of the Audit Committee of the Supervisory Board the External Auditor presents key findings relative to financial reporting, consults with the Audit Committee draft reports and proposes an approach to the audit of the annual financial statement.

Pursuant to the Supervisory Board decision of October 2017 PricewaterhouseCoopers Sp. z o.o. was the audit firm auditing the financial report of the Bank and the Bank’s Group for 2018. The audit was carried out on the basis of the agreement extended for the last fifth year of cooperation. Bearing in mind the mandatory rotation of audit firms resulting from legal regulations and the five-year period of cooperation with PwC, coming to an end, in 2018 the Bank conducted the process of selecting a new audit firm. The process was conducted in accordance with the „Policy of Selecting and Cooperation with Audit Firms” adopted by the Audit Committee on 26 October 2017. At the meeting of 25 October 2018, the Audit Committee  familiarised itself with the report of the Task Force running for the Bank the process of selecting the audit firm containing the conclusions from the selection procedure and indicating the audit firm recommended for conducting the statutory audit. Based on the Report the Audit Committee recommended to the Supervisory Board the selection of Deloitte Sp. Z o.o. Sp. k. as the Statutory Auditor of Bank Millennium S.A. and the Bank Millennium Group for the years 2019-20. This recommendation was formulated on the basis of the selection procedure organised by the Bank meeting the binding criteria. The Supervisory Board on 26 October 2018 approved the selection of Deloitte Sp. Z o.o. Sp. k. as the Statutory Auditor of Bank Millennium S.A. and the Bank Millennium Group for the years 2019-20.

The Bank is covered by the consolidated financial statement of the BCP Group. Therefore, the annual review of the Bank’s internal control system supporting the process of preparing and disclosure of financial information is also subject to the terms and requirements of consolidated supervision, which is performed by the Bank of Portugal and the European Central Bank. The BCP Group External Auditor participated in 2018 in the review of adequacy and effectiveness of the part of the Bank’s internal control system supporting the process of preparing and disclosure of financial information (financial reporting) and issued an appropriate opinion in this respect.

In 2018 the audit of Bank’s financial statements was performed by PricewaterhouseCoopers sp. z o.o. On 27 October 2017 the Supervisory Board of the Bank adopted a resolution on selection of PricewaterhouseCoopers sp. z o.o. to perform audits of annual financial statements of Bank Millennium and Bank Millennium Group for 2018. The audit agreement was concluded on 5 April 2018.

 

Remuneration received by auditor on account of services provided to the Capital Group of Bank Millennium S.A under concluded agreements:

Auditor’s Remuneration
(in PLN ‘000)
2018 2017
Bank Subsidiaries Bank Subsidiaries
Statutory audit within the meaning of art. 2 point 1 of the Act on Certified Auditors 745 321 744 321
Other assurance services 402 113 406 113
Tax advisory services 0 0 0 0
Other services 0 0 100 0

 

Services other than statutory audit:

  • a review of the stand-alone and consolidated interim condensed financial statements of Bank Millennium S.A. drawn up as at June 30, 2018.
  • review of the interim condensed financial statements of Millennium TFI SA investment funds prepared as at June 30, 2018.
  • audit of the consolidation package prepared as at December 31, 2018, related to the audit of the consolidated financial statements of BCP Group.
  • review of the consolidation package as at June 30, 2018 and September 30, 2018, related to the review of the consolidated financial statements of BCP Group.
  • verification of the consolidation package prepared as at 31 March 2018.
  • attestation service regarding requirements for customer asset retention for 2018 for Bank Millennium S.A. and Dom Maklerski Banku Millennium S.A.
  • an assurance service regarding the assessment of the adequacy of the risk management system in 2018 at Millennium TFI S.A.
  • consultancy service on regulatory requirements regarding the recovery plan