The Board of Directors has set the overall principles and framework for how to organize internal control activities and how to ensure independency between the various organizational functions.
These organizational functions include business areas and other functions that have ongoing responsibility for managing and limiting operational risks and thus minimizing the risk of errors or offenses which have economic and reputational loss consequences for the company. Full organizational independence is not required if it is not possible to organize it or if it is considered appropriate not to have full independence. In case there is no established full organizational independence, there is a requirement for compensatory checks.
With well-documented business practices and procedures as well as effective control environment, Topdanmark minimizes the risk of errors in internal processes and insurance fraud. There are contingency plans for the most important areas. In addition, business practices and procedures in all critical areas are continuously reviewed by Internal Audit. Internal Audit assesses risks and may make recommendations for limiting individual risks.
Topdanmark continuously develops its IT systems. Responsibility for risk management in this connection lies with the responsible business entities. Projects must always prepare a risk assessment containing a description of risks, possible consequences and measures to limit these risks.
Topdanmark monitors and regularly reports on operational risks. For this purpose the company has a process of recording operational risk events. The events are collected centrally into a register and communicated further in the management system. This way the organization can learn from its errors.
Topdanmark has numerous documents in which instructions regarding operational risks are given. The most important ones are Policy and Guidelines for Operational Risks, Compliance and Internal Control, Information Security Policy, IT-Preparedness Strategy and IT-Preparedness plan.
Operational risks are included as part of Topdanmark's ORSA and reported to the Risk Committee in Topdanmark's Risk Registry.