The Supervisory Board is responsible for reviewing the effectiveness of the Group’s system of internal control and risk management designed and established by the Management Board, as well as the compliance system and the Internal Audit function. This system facilitates management of the risk of failure to achieve business objectives and provides reasonable assurance against material misstatement or loss. (Risk management does not mean the full elimination of risk, but provides for better risk identification and the implementation of adequate measures as needed.) The relevant processes are designed to give reasonable assurance that the risks significant to the Group are identified and addressed, but such assurances can never be absolute.
The Company continuously monitors the evolution of the control environment. It ensures that all significant changes are sufficiently controlled and any identified deficiencies in the internal control system are addressed with action plans. On a quarterly basis, the internal control system is monitored in a selfassessment tool implemented by the Company and, in addition, senior managers certify the effectiveness of the internal controls. On a yearly basis, the controls are subject to testing by the internal control team, internal and external auditors, and the results are reported to the Audit Committee.
The key elements of the system of internal control, including risk management, were presented in the Management Board’s Report on the Activity of the Group for 2020, published on 17 February 2021.
In 2020, the Company again completed a comprehensive assessment of its processes of internal control over financial reporting. Main deficiencies both in design and in effectiveness of internal control have been identified and corrected, or appropriate action points have been launched. As a result of the assessment, the management concluded that there were no weaknesses that would materially impact the internal controls and financial reporting at 31 December 2020.
Both the internal and external auditors report to the Management Board and also to the Audit Committee on control deficiencies which they identified during their audit. Their recommendations are being implemented.
The most important risks are updated annually by the Management Board and presented to the Supervisory Board.
Matters related to compliance are being reported to the Audit Committee of the Supervisory Board in the following areas: ethics, general compliance with laws and regulations, anti-fraud, security and anti-corruption measures related with Anti-Corruption Policy that puts forward zero-tolerance rule towards corruption. The Compliance function carries out activities ensuring adjustment of Company’s internal regulations and mechanisms to, among others, the Group’s requirements in the scope of current anti-corruption regulations.
Orange Polska’s anti-corruption policy, complemented with detailed internal regulations, defines the required standards for employees’ conduct. On the basis of relevant provisions of the policy, potential consequences are determined in cases of violation of anticorruption procedures. Under the due diligence process, verification of current and future business partners is conducted with regard to threats related to corruption, fraud, noncompliance with economic sanctions, money laundering and financing of terrorism. The Compliance Management function conducts cyclic reviews of corruption risks, also taking into account control mechanisms and appropriate preventive measures.
Orange Polska employees and stakeholders may use dedicated channels to report their concerns or to ask for advice if they suspect a conflict of interests, bribery or any infringement of internal regulations of the Group or of other regulations of the law. Persons reporting irregularities can do so without fear of negative consequences.
Thanks to comprehensive and continuous communication all of Orange Polska’s employees were informed about compliance rules. Additional training and meetings were also held with top-level management. Dedicated training sessions taking into account the exposure of individual areas of Orange Polska to the risk of corruption, and communication activities aim to constantly increase knowledge and build employee awareness. The Company also conducts regular reviews in this area, making all necessary improvements, and monitors the correctness of payments made.
Compliance management activities and the results of planned inspections, as well as the results of inspections initiated by notification of irregularities (whistleblowing), are monitored on the basis of reports submitted periodically. Applied actions and mechanisms ensure the effectiveness of compliance and maintenance of the Group’s anti-corruption standards.
The Supervisory Board is also presented with information on the implementation and effectiveness of the compliance programme on an annual basis. This includes information related to the fight against corruption including the risk map as well as the corresponding action plan for the coming year.
The Internal Audit function, which reports directly to the President of the Management Board, ensures objective and independent assessment of the adequacy, effectiveness and quality of the Group’s internal controls. The internal audit works in accordance with a charter approved by the Audit Committee, which also reviews the annual internal audit programme and analyses Orange Polska’s internal audit reports.