Internal audit
[GRI 103-1], [GRI 103-2], [GRI 103-3] The activity of Internal Audit is regulated by the „Audit charter – the principles pertaining to internal audit activity in Bank Millennium S.A.”. This is scheduled activity based on the annual audit plan. The planning process is based on the evaluation of risks in individual areas and processes of the Bank and of the Subsidiaries to identify the elevated risk and supporting the priorities and resources for implementing tasks. The planning process takes into account consultations with senior management and key process owners. The annual audit plan is approved by the Bank’s Supervisory Board and is implemented, on a quarterly basis, by experienced and qualified professionals.
In 2021, as part of the assurance activity, the Internal Audit Department performed audit tasks in the Bank, in the Bank’s subsidiaries, in third party companies to which, where permitted by law, the Bank outsourced the performance of banking and banking-related activities and within the BCP Group. The Department’s planned activity covered, among other things, the performance of audits of key business processes and support processes of branches and compliance with external regulatory requirements. Tasks performed by the Internal Audit Department also included clarification procedures and preventive audits. As part of its advisory activities, the Department performed tasks related to the coordination of the SREP process, inspections and supervisory / external audits carried out at the Bank.
The Internal Audit Department is an independent unit reporting to the Chairman of the Bank’s Management Board, which delivers results of its activities to the Audit Committee of the Supervisory Board and to the Bank’s Supervisory Board. The results of the operating review of the entire internal control system and of its selected elements are presented regularly and evaluated by the Audit Committee of the Bank’s Supervisory Board.