Procesamiento y análisis de datos:

The Board focuses on risk management and internal control, and this is an integral part of the Board’s systematic work. The Board has adopted a policy for risk manage- ment and internal control. Among other things, the document describes the main principles for risk management and internal control, in addition to describing the division of responsibility. The document is available at www.gjensidige.no/konsern. The main purpose of risk management and internal control is to provide reasonable assurance of goal attainment through the following methods:

• Goal-oriented, efficient and expedient operations • Reliable internal and external reporting

• Compliance with laws and regulations, and internal regulations.

The Board carries out an annual review of the Group’s most important risk areas and its internal control. The Board also receives quarterly reports on the risk situation in the Group. The division of responsibility between the Board and the CEO is as follows: The Board’s responsibilities:

• The Board has overall responsibility for ensuring that Gjensidige has established expedient, effective processes for risk management and internal control in accordance with recognised frameworks.

• The Board shall ensure that such processes are satisfactorily established, implemen- ted and followed up, among other things by considering reports prepared by the Compliance function and the risk management function that are submitted to the Board by the CEO and the internal audit function as direct reports to the Board. • The Board shall ensure that risk management and internal control are integrated

in the Group’s strategy and business processes. The CEO’s responsibilities:

• The CEO shall ensure that Gjensidige’s risk management and internal control are implemented, documented, monitored and followed up in an adequate manner.

The CEO shall issue instructions and guidelines for how the Group’s risk manage- ment and internal control shall be carried out in practice and establish expedient control processes and functions.

Centralised risk control functions have been established that are independent of business operations; Compliance, and Risk and Capital Management. In addition, the internal audit function serves as an additional, independent control level that reports directly to the Board.

The Compliance function is independent in relation to the operations and it iden- tifies, assesses, advises on, monitors and reports on the Group’s compliance risk. Assessing compliance risk is part of the Group’s annual risk assessment process. The Department for Risk and Capital Management is responsible for monitor- ing the overall risk situation and the framework for risk management, including internal control and the quantification and aggregation of risk.

Group Auditing is an independent, objective confirmatory and advisory function that shall contribute to the organisation achieving its goals. The Group Auditing Manager is appointed and dismissed by the Board and submits reports on the Group’s risk management and internal control to the Board and the CEO at least once a year. The Board approves resources and plans for Group Auditing annually. The Chief Audit Executive reports quarterly to the Board and the CEO on the results of the audit work. The audit work is carried out in accordance with international internal audit standards (IIA).

The Group’s risk control functions are organised on the basis of the principle of three lines of defence.

Control committee

Financial institutions are required to have a separate elected control committee. The control committee is independent of the Board and management, and is elec- ted by the general meeting. The committee holds regular meetings, and it is tasked with ensuring that the Company operates in an expedient and appropriate manner in accordance with legislation, the Articles of Association, guidelines adopted by the Supervisory Board and instructions from the Financial Supervisory Authority of Norway. The committee shall in particular ensure that the Company has satisfact- ory management systems and internal control systems. The control committee is identical for all companies in the Group that are obliged to have such a commit- tee. The committee shall also supervise other companies in the Group.

As of 31 December 2012, the control committee consisted of the following members: • Sven Iver Steen

• Hallvar Strømme • Liselotte Aune Lee

• Vigdis Myhre Næsseth (attending deputy member)

Internal control and the pertaining systems also include the Company’s core values and guidelines for ethics and social responsibility.

Financial reporting and financial management

Among other things, the CFO is responsible for asset management, risk and capital management, the actuary function, the planning process and financial perform- ance. The Executive Vice President of Group Staff/general services is responsible for financial reporting, among other things. This organisation is intended to ensure independence between the leading premise setter for profit performance and those who report the results.

The Gjensidige Group publishes four interim accounts in addition to the ordinary annual accounts. The accounts shall meet requirements in laws and regulations and be prepared in accordance with adopted accounting principles.

Deadlines for publishing are stipulated by the Board. The duties that are carried out in the concluding phase are set out in a schedule that specifies the person respons- ible and the deadline for ensuring timely reporting. The schedule is reviewed prior to each quarter to ensure that any new circumstances are identified and that the schedule continues to be expedient.

As part of Gjensidige’s governing documents, an overall description has been prepared of the process relating to the closing of the accounts. Reporting instruc- tions have also been prepared, including accounting principles that subsidiaries and branch offices must use in their reporting. The internal control is based on the principle of division of labour and dualism, and it is documented through descrip- tions of processes and procedures in material areas. Authorisation structures, reconciliation and management reviews have been established.

As part of the Board’s above-mentioned annual review of the Group’s risk areas and internal control, an evaluation is also carried out of risk and control in the fin- ancial reporting process, and whether measures are necessary.

Group accounts are prepared every month and reported to the Board on a monthly basis, with comments on and explanations of each business segment. In this connection, Group Accounts cooperates with the Actuary function, Group Per- formance Management, reinsurance and the controllers in the business areas on quality assurance of figures and comments. The insurance provisions are assessed monthly by the Actuary function and annually by an external actuary. Accounting items that entail a varying degree of discretionary judgement and assessment are reviewed and documented in advance of the quarterly closing of accounts. Discre- tionary items are reviewed by the Board’s audit committee at quarterly meetings. The audit committee also considers the quarterly accounts, company accounts and group accounts. The processes are identical for the Group and the parent company. The annual accounts are adopted by the respective general meetings. The Group has established a planning process for financial management whereby the CEO, the CFO and the Chief Performance Officer meet with business and support areas at least every quarter and review financial performance and goal achievement as well as events that affect future development. Among other things, they assess risks relating to financial reporting, in both the short and long term. The senior group management reviews monthly financial reporting, includ- ing developments in profit/loss and balance sheet items, goal achievement, the forecast for the year, risk assessment and analysis of and comments on results in business and support areas.

In connection with the outsourcing of material work processes, such as payroll and ICT services, the Group obtains statements in accordance with ISA3402 in order to assess the contracting party’s internal control. The purpose of this is to ensure that the contracting party has satisfactory internal control.

The Group is concerned with ensuring that processes relating to financial reporting and financial management are carried out by personnel with the right expertise for the different tasks. Professional updating in the form of self-studies, courses and continuing education takes place on the basis of the needs and complexity of the position in question. The goal is that the Group shall have sufficient expertise and resources at all times to be able to carry out timely closing of the accounts without there being material errors in the group and company accounts. This involves fields such as IFRS, NGAAP, the Annual Accounts Regulations for Insurance Companies etc. We participate actively in various industry organisations for banks and life and general insurance companies where topical issues are discussed.