In line with both a prudent risk governance structure and regulatory requirements, we utilize a system of internal control over financial reporting to identify and mitigate risks that could lead to material misstatements in the Allianz Group consolidated financial statements. These financial misstatement risks include the risk of errors occurring during the origination or processing of transactions and during the preparation of financial reports, as well as mis- statements resulting from fraudulent activities. The control framework developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) serves as the basis upon which our system of internal control is designed.
Governance
Responsibility for ensuring the completeness, accuracy and reliability of the Allianz Group’s consolidated financial statements rests with the Chief Executive Officer and Chief Financial Officer of Allianz SE, who are supported by the Group Financial Control department (Group Financial Control) and the Group Financial Reporting and Disclosure Committee (Disclosure Committee).
The primary role of Group Financial Control includes setting the internal control policy and determining the scope of our system of internal controls to ensure we minimize financial misstatement risk. It is also responsible for ensuring that any internal control weaknesses that are identified are remedied and for assessing the significance for the Group of the sum of weaknesses identified at the level of local operating entities.
The Disclosure Committee has been established to ensure that the Chief Executive Officer and Chief Financial Officer of Allianz SE are aware of all material information that could affect our disclosures and to ascertain the completeness and accuracy of the information provided in the financial
reports. The committee meets on a quarterly basis before the issuance of financial reports and is comprised of the heads of key departments, such as Group Risk and Group Accounting.
At the local level, operating entities within the scope of our system of internal control are individually responsible for adhering to the Group’s internal control policy and creating local Financial Reporting and Disclosure Committees that are similar to the Group level committee. The operating entities’ Chief Executive Officers and Chief Financial Officers provide periodic sign-offs to the management of Allianz SE certifying the effectiveness of their local system of internal control as well as the completeness, accuracy and reliability of financial data reported to the Group.
Internal control approach
A top-down, risk based approach is used to establish the scope of our system of internal control. On an annual basis we conduct a combined qualitative and quantitative analy- sis of the Allianz Group’s consolidated financial statements and disclosures to identify those accounts most susceptible to fraud or errors. Once these significantaccounts are deter- mined, further analysis identifies those operating entities with the highest contributions toward the consolidated account balances. These are required to implement, main- tain and assess a system of internal control (in-scope oper- ating entities).
At the local level, in-scope operating entities identify pro- cesses and risk scenarios for the significant accounts defined by the Group that could lead to material financial misstatements based on a combination of the likelihood of the risk scenario occurring and the potential magnitude of any resulting error. In general, risk scenarios which are reasonably likely to occur and with a potential magnitude of greater than 1 % of the Group’s consolidated pre-tax income are considered significant risks at the Group level. In addi- tion to this quantitative threshold, qualitative consider- ations such as account composition are an integral part of
83 Controls and Procedures Group Management Report Allianz Group Annual Report 2009
the risk identification process. For each significant risk identified within each process, controls are in place that mitigate the likelihood and potential magnitude of a finan- cial misstatement resulting from occurrence of the risk (process level controls).
In-scope operating entities are additionally required to maintain a certain standard of entity level controls. Entity level controls include those controls affecting an operating entity’s entire internal control structure and therefore do not correspond to specific accounts. In accordance with the COSO framework, these include controls relating to the control environment of an organization, the effectiveness of information and communication flows, the risk assessment process and the ongoing monitoring of the system of internal control.
Financial reporting processes are also heavily dependent upon and driven by IT systems. Such systems are integrated into the initiation, recording, processing and reporting of financial transactions and are therefore closely linked to the overall financial reporting process. Consequently, the role of IT and its corresponding controls (“IT controls”) is crucial to achieve our objective of establishing a strong system of internal control which is mandatory at all operating entities. On an annual basis we conduct an assessment of our sys- tem of internal control by testing the effectiveness of the most important process level, entity level and IT controls. Group Audit and local internal audit functions continu- ously assure the overall quality of our system of internal control through monitoring and assessing its effectiveness.
Expansion to other areas
We are currently following a strategy to establish enhanced internal control environments similar to our system of internal control over financial reporting to selected man- agement reporting processes and other areas. By the end of 2010, for example, enhanced controls should be applied to the computation of the Market Consistent Embedded Value (MCEV). The Allianz Group management views a strong internal control environment as a key factor for successful business development and establishing the trust of external parties.
Approach to internal control over financial reporting
Financial misstatement risk assessment
Scoping Risks Key controls Assessment
Determination of significant accounts and operating entities to be covered by systems of internal control
Identification of risk scenarios that could result in a material financial misstatement
Identification of key controls that prevent or detect errors or fraud resulting from risk scenarios
Assessment of the design and operating effectiveness of key controls
84
Allianz Group Annual Report 2009 Group Management Report Controls and Procedures