Internal Control and Risk Management System

Introduction

The designation "internal control system" refers to all processes designed by management and executed within the Bank to facilitate the monitoring and control of:

• The effectiveness and efficiency of its operating activities (including protecting assets against losses resulting from damages or misconduct);
• The reliability of the financial reports; and
• The Bank's compliance with material legal regulations to which it is subject.

The risk management system covers all processes that serve to identify, analyse and measure risks and that serve to determine and implement appropriate measures that will ensure that the Bank can still reach its objectives when risks are incurred.

According to the internationally recognised COSO framework for the design of risk management systems, the internal control system is one part of an organisation-wide risk management system. Other aspects include the management and monitoring of risks that can affect the correctness and reliability of the accounting records.

The Bank's management is responsible for the fundamental design, implementation and ongoing adaptation and refinement of the internal control and risk management system as well as for the alignment of these systems and processes with the existing requirements in a way that takes account of the Bank's strategy, the scope of its business and other relevant economic and organisational aspects.

Characteristics of the Internal Control and Risk Management System

Control Environment

The Code of Conduct that has been adopted by the Bank and the fundamental values described in it apply to every employee in the Group. The Code of Conduct creates a climate rooted in focus on the customer, achievement, mutual respect, teamwork and trust.

The Accounting division is responsible for maintaining the Bank's accounting records. Material subsidiaries also operate their own accounting departments, which work in close cooperation with the Accounting division. The primary responsibilities of the Accounting division are preparing the annual and interim financial statements of BAWAG P.S.K. AG, the Group and certain subsidiaries, maintaining the financial and consolidated accounts, managing taxes and regulatory reporting.

The Accounting division is responsible for setting directives on all matters of accounting and exercises the power to ensure the application of uniform standards across the entire Group. To support the operational implementation, corporate guidelines were drawn up partly in the form of manuals, such as the Group accounting manual. This policy applies to all consolidated subsidiaries. For all other holdings, the adherence to these principles and standards is realised as far as possible.

Risk Assessment and Control Measures

Our internal control and risk management systems contain instructions and processes for the accounting workflows:

• To ensure the correct and appropriate documentation of business activities, including the use of Group assets;
• To record all information required for the preparation of the period-end financial statements; and
• To prevent unauthorised purchases or sales that could have a material effect on the financial statements.

The Accounting division is integrated into the Bank's entire organisational, structural and operational workflows. Customer and transaction data is generally collected in the market and operating units, and supplementary information is entered by the risk units. The elements of this information that are needed for the accounting records are usually transferred automatically into the Bank's electronic accounting systems. In this, the Accounting division fulfils a control and monitoring function to ensure that this automatically transmitted data is handled properly in accordance with the applicable accounting rules, and also completes the various item entry and other steps needed to prepare the financial statements.

The accounting of BAWAG P.S.K. AG and the significant domestic subsidiaries of the corporation are contained in SAP New GL. The preparation of the consolidated financial statements under IFRS is done in SAP-ECCS, which receives the values of the individual financial statements of consolidated companies through interfaces. The accounting and all upstream systems are protected by access permissions, and automatic and obligatory manual control steps provided for in the process.

Information and Communication

A comprehensive report about the Statement of Financial Position, the Profit or Loss Statement and other controlling and risk data is submitted to the Supervisory Board at least every quarter. Highly detailed reports about this information are also submitted to the Managing Board on a regular (monthly or more frequent) basis. The Managing Board has also set up its own committees that collect, analyse and monitor this information.

Monitoring

In order to limit or eliminate operational risks and control deficiencies, risk identification through Risk Control Self Assessments (RCSA) is performed annually. Thus, the measures to minimise risk agreed upon with the Accounting division are tracked proactively by the Operational Risk department in regard to implementation. Damage incidents are documented separately, and are also used to identify necessary improvements in the systems and in the monitoring and control measures.

The Group's Internal Audit division conducts regular accounting system audits. The findings of these audits are also used to make ongoing improvements in the internal control and risk management systems as they pertain to the accounting process.

 

Vienna, 7 March 2011

 

Wolfgang Klein
Member of the Managing Board

 

Christoph Raninger
Member of the Managing Board

 

 

Top