Internal control system
Internal control system
We organise our business activities in such a way that they are always in conformity with all legal requirements. The internal control system (ICS) is an important subsystem that serves, among other things, to secure and protect existing assets, prevent and reveal errors and irregularities and comply with laws and regulations. The core elements of Hannover Re’s ICS are documented in a Framework Guideline that establishes a common understanding of the differentiated execution of the necessary controls. In the final analysis, it is designed to systematically steer and monitor the implementation of our corporate strategy. The Framework Guideline defines concepts, stipulates responsibilities and provides a guide for the description of controls. In addition, it forms the basis for the accomplishment of internal objectives and the fulfilment of external requirements imposed on Hannover Re. The ICS consists of systematically structured organisational and technical measures and controls within the enterprise.
This includes, among other things:
- the principle of dual control,
- separation of functions,
- documentation of the controls within processes,
- and technical plausibility checks and access privileges in the IT systems.
The proper functioning of the ICS necessitates the involvement of management, executive staff and employees on all levels. Yet even with an optimally designed ICS it is not possible to avoid all errors. The system comes up against its limits, most notably with respect to fraud risks and imprecise or incomplete rules and responsibilities. The financial reporting of the parent company and the Group must satisfy international and national financial reporting standards as well as regulatory requirements. This is safeguarded in the area of accounting and reporting by processes with integrated controls which ensure the completeness and accuracy of the annual and consolidated financial statements. A structure made up of differentiated criteria, control points and materiality thresholds assures our ability to identify and minimise the risk of material errors in the annual and consolidated financial statements at an early stage. All components of the accountingrelated internal control system, the processes for the organisation and implementation of consolidation tasks and for the preparation of the consolidated financial statement as well as the accompanying controls are consistently documented. In order to safeguard and continuously improve the adequacy of the control system it is subject to regular review and evaluation. In this regard, the internal audit function ensures that the quality of the control system is constantly monitored. All relevant accounting principles are collated in a Group Accounting Manual that sets out uniform Group-wide rules for the recognition, measurement and reporting of items in the consolidated financial statement.
The process for updating and, if necessary, adjusting these rules is clearly regulated with respect to information channels, responsibilities and period of validity. Not only that, we provide prompt Group-wide notification of significant developments and modified requirements in Group financial reporting. Within the scope of our control system the Group companies are responsible for Group-wide adherence to the accounting policies and the internal control guidelines. The managing directors and chief financial officers of the Group companies defined as material in our control system affirm to the Executive Board of Hannover Rück SE at each closing date the completeness, correctness and reliability of the financial data that they pass on to Group Accounting. Data for the preparation of the consolidated financial statement is delivered using a Web-based IT application. The relevant data for Group financial reporting is collected in a database and processed via automatic interfaces in a consolidation system. Depending upon the results of our checks, these figures can be corrected if necessary. Given that our Group financial reporting is heavily dependent on IT systems, these systems also need to be subject to controls. Authorisation concepts regulate system access and for each step content-based as well as system-side checks have been implemented, by means of which errors are analysed and promptly eliminated.