Control systems in the process of financial statements development
Financial statements are developed by the Finance Division; the process is one of the key elements of compliance. The basic elements enabling execution of the process comprise: the Accounting Policy adopted by the Bank Management Board and the accounting framework within the Bank, which defines the main principles of recording business events at the Bank. Recording of events leads to formation of the banking books, which, in turn, are used to develop the financial statements.
The following risks were identified in financial statements development process:
- risk of incorrect input data,
- risk of inappropriate presentation of data in financial statements,
- risk of use of incorrect estimates, and
- risk of lack of integration of IT systems and operating and reporting applications.
To mitigate the aforementioned risk, the process of financial statements development was structured in two layers: application- and content-related.
The application part of the process comprises the flow of data from the Bank core operating systems via various interfaces to the reporting database, which hosts reporting applications. The application layer is controlled in line with the IT systems security policy adopted by the Bank. The following elements are controlled in particular: user management, development environment management and integrity of data transmission systems, including correct operation of interfaces in terms of completeness of data transfer from operating systems to the reporting environment.
To ensure adequate management of the process of financial statements development, it was described in line with the principles binding at the Bank. The description covers the workflow, its actors and the “if… then…” situations. It also indicates the key controls embedded in the process of financial statements development which include but are not limited to:
- quality control of input data for the financial statements, supported by the data control applications; a variety of principles concerning data correctness, error correction track and close monitoring of data quality were defined in the applications,
- control of data mapping from source systems to the financial statements ensuring correct data presentation,
- analytic review based on the experts’ knowledge, the main objective of which is to confront business know-how with financial data and identify potential indications of incorrect data presentation or incorrect input data, if any.
The estimates adopted by the Bank and compliant with IAS/ IFRS were detailed in the Accounting Policy. To avoid the risk of incorrect estimates, the following solutions were adopted, among others:
- to estimate loan impairment – specific models and applications as well as internal regulations for credit risk assessment were implemented,
- to measure debt financial instruments quoted in active markets or in case of which the valuation is based on those quotations – the required functionality of core systems was implemented; furthermore, the control exercised by the market risk management units was instituted,
- to measure financial instruments not quoted in active markets – valuation models were implemented, which had been subject to an independent validation before application,
- to estimate the pension and disability provisions – an independent actuary was commissioned to make an estimate,
- to estimate the provisions for employees and executive staff bonuses – the calculations used are in line with the General Terms and Conditions of Bonus Award adopted at the Bank, considering the forecasts regarding Bank’s results,
- to appraise investment properties and own properties – the following rule was adopted: the appraisal is obtained from independent experts on an annual basis – for investment properties of significant value, and every three to five years for other properties.
The accounting principles have been detailed in the Annual Consolidated Financial Statements in the section called Accounting policies and additional explanatory notes and Material principles of accounting.
The Bank organisational structure makes it possible to retain the segregation of duties between the Front Office, Back Office, Risk and Finance. In addition, institution of an adequate internal control system enforces the implementation of control of transactions and financial data in the Back Office and Support units. The area is subject to an independent and objective assessment performed by the Internal Audit Department in terms of adequacy of the internal control system and risk management as well as in terms of corporate governance.