The Issuer’s internal control system consists of, in particular:

1. Group-wide uniform accounting policies on measurement, recognition and disclosure in accordance with the International Financial Reporting Standards, as well as unified templates for separate and consolidated financial statements;
2. Internal control mechanisms, including separation of duties, multi-stage data verification, accuracy reviews of data received, independent checks, etc;
3. Internal operating procedures implemented under the Orders of the President of the Management Board;
4. Definition of accounting, financial reporting and tax settlement responsibilities at the Company, in the task book and in the rules approved by the Management Board and the Supervisory Board;
5. Regulation and supervision of financial and accounting documents’ distribution, including review of the documents for their formal, accounting and substantive correctness;
6. Recording of economic events in an integrated finance and accounting system configured in compliance with the accounting policies in place at the Company, containing controls and checks ensuring the consistency and integrity of data, such as integrity checks, hardware checks, operating checks, and authority checks;
7. Uniform rules and procedures for consolidating financial data, whose consistent application is ensured through the use of unified reports, automatic validations of the consistency and completeness of the reported data, as well as two-stage data authentication and approval procedures;
8. Formalised procedure for the preparation of financial statements (scheduled by individual deadline and person responsible);
9. Multi-stage review and approval process for financial statements, in which the Supervisory Board also participates;
10. Assessment of current reporting risk by the PGNiG Group’s Internal Audit and Control Department and the Security Department;
11. Independent review of financial statements for reliability and accuracy by an independent external auditor;
12. Consistent development of the Group’s internal regulatory framework designed to ensure uniformity of reporting processes and their continuous improvement.

At the centre of the accounting and financial reporting controls is a fully integrated financial and accounting system. This system not only allows for recorded transactions to be checked for correctness, but also identifies which users have entered and approved individual transactions. Access to financial information is restricted by an authorisation system. Access authorisation is granted based on an employee’s function and responsibilities, and is subject to stringent control measures.

An additional level of control was introduced to oversee the Group’s financial statements by assigning the preparation of the Issuer’s financial statements and the Group’s consolidated financial statements to two distinct Departments at the Company’s Head Office; the financial statements are entered in an integrated IT system with the accounts of other consolidated entities. Data undergoing consolidation is automatically checked for correctness by automatic validation systems and is subject to logical verification procedures carried out by dedicated Group employees.

The PGNiG Group’s Accounting Policy ensures the compliance of the Issuer’s accountancy and financial statements with the relevant regulations, in particular with regard to the overriding principles and quality features of financial statements, the correctness of event valuation and categorisation, and safety mechanisms for databases. The Accounting Policy is regularly updated to ensure its ongoing compliance with amended regulations, particularly the International Financial Reporting Standards. The Policy was last updated in 2014.

To further mitigate the risks associated with financial reporting, financial statements are verified by an independent auditor every three months. The procedures used by the Issuer ensure that the selected auditor performs its duties independently (auditors are chosen by the Supervisory Board) and in accordance with the highest standards.

Annual financial statements are audited, whereas Q1, H1 and Q3 statements undergo reviews. The results of both processes are presented by the auditor to the Management Board and to the Supervisory Board’s Audit Committee.

In its operations, the Issuer uses a dedicated system for managing overall financial safety, comprising liquidity, exchange rate risk, and budget drafting and control.

The financial reporting process is reviewed on an on-going basis. Furthermore, internal audit of individual processes and projects typically consists in reviewing accounting records for certain processes and one-off events in terms of their reliability and completeness, as well as in checking the correctness of accounting documents’ distribution. Based on the findings and assessments formulated during operating audits in different areas of accounting, no need to develop a dedicated mechanism for reviewing the preparation process for financial statements has been identified. In particular, there are no grounds to believe that the absence of such a dedicated mechanism poses any threat to the Issuer’s business. There is also no reason to believe that this situation is likely to significantly change in the near future. Annual inspections of the internal control and risk management system at the Company level show consistent implementation of recommendations on improving the system for financial reporting purposes.

Factors mitigating the risks related to financial reporting primarily include constant upgrading of particular modules of the integrated management system and improvement of the practical skills of the employees operating it.