C _ Group Management Report INTEGRATED RISK AND CONTROL SYSTEM FOR FINANCIAL REPORTING The following information is provided pursuant to § 289 (4) and − Preventive and detective key controls addressing financial § 315 (4) of the German Commercial Code (“Handelsgesetzbuch – reporting risks have been put in place to reduce the likelihood HGB”). and impact of financial misstatements. When a potential risk In line with both our prudent approach to risk governance and materializes, actions are taken to reduce the impact of the compliance with regulatory requirements, we have created a financial misstatement. Given the strong dependence of financial framework and processes to identify and mitigate the risk of material reporting processes on information technology systems, we errors in our Consolidated Financial Statements (this also includes have also implemented IT controls. our market value balance sheet and risk capital calculation risks). The − Last but not least, we focus on ensuring that controls are Integrated Risk and Control System (IRCS) is regularly reviewed appropriately designed and effectively executed to mitigate and updated. It covers three buckets of risks: financial reporting risks, risks. We have set consistent process and documentation compliance risks, and other operational risks (including IT risks). The IT requirements across the Allianz Group for elements such as the controls are based on COBIT 5 and include, for example, controls design of key controls and evidence of their execution as well for access right management, project and change management. In as related control design and effectiveness testing procedures. addition, our Entity Level Control Assessment (ELCA) framework We conduct an annual assessment of our internal control system contains controls to monitor the effectiveness of our system of to maintain and continuously enhance its effectiveness. Group governance. Audit and local internal audit functions ensure that the overall quality of our control system is subject to regular control testing, in order to assure reasonable design and operating The accounting and consolidation processes we use to produce our effectiveness. Internal Audit does so through a comprehensive Consolidated Financial Statements are based on a central risk-based approach that assesses the key controls of the consolidation and reporting IT solution and local general ledger company’s internal procedures and processes, including local solutions. The latter are largely harmonized throughout the Group, and group-internal controls over financial reporting risks, using standardized processes, master data, posting logics, and from an integrated perspective. interfaces for data delivery to the Holding. Access rights to accounting systems are managed according to strict authorization procedures. Accounting rules for the classification, valuation, and disclosure of The Group center functions, the Group Disclosure Committee, and our all items in the balance sheet, the income statement, and notes related operating entities support the Allianz SE Board of Management to to the annual and interim financial statements are defined primarily in ensure the completeness, accuracy, and reliability of our Consolidated our Group accounting manual. Internal controls are embedded in the Financial Statements. accounting and consolidation processes to safeguard the accuracy, The Group Disclosure Committee ensures that the board completeness, and consistency of the information provided in our members are made aware of all material information that could affect financial statements. our disclosures, and assesses the completeness and accuracy of the information provided in the quarterly statements, half-year and annual financial reports as well as in the Solvency II qualitative Our approach can be summarized as follows: reports1. In 2021, the Group Disclosure Committee met on a quarterly basis before the quarterly statements and financial reports were − We use a centrally developed risk catalog which is linked to issued. In addition, the Group Disclosure Committee reviewed and individual accounts. This risk catalog is reviewed on a yearly basis approved the Solvency II qualitative reports prior to issuance. and is the starting point for the definition of the Group’s as well as Subsidiaries within the scope of our control system are individually the operating entities’ scope of financial reporting risks. The responsible for adhering to the Group’s internal governance and methodology is described in our IRCS Guideline. In the course of control policy and for creating local Disclosure Committees that are the scoping process, both materiality and susceptibility to a similar to the Group-level committee. The entities’ CEOs and CFOs misstatement are considered simultaneously. In addition to the provide periodic sign-offs to the management of Allianz SE, quantitative calculation, we also consider qualitative criteria, such certifying the effectiveness of their local systems of internal control as the expected increase in business volume or the complexity of as well as the completeness, accuracy, and reliability of financial data transactions. reported to the Holding. − Based on the centrally provided risk catalog, our local entities identify risks that could lead to material financial misstatements. 1_Solvency and Financial Condition Report and Regular Supervisory Report. 116 Annual Report 2021 − Allianz Group