Internal Control and Risk Management

The model of internal control and risk management system

Internal control and risk management system is an element of our corporate governance system. It includes a range of procedures, methods and mechanisms of control, created and used by the Board of Directors, Audit Commission, executive bodies and employees of the Company to ensure reasonable guarantees regarding the achievement of the following goals:

  • Efficiency of process administration;
  • Observation of legislative requirements, that may apply to the Company’s operations, as well as requirements of the Company’s internal documents;
  • Prevention of malpractices of the Company’s employees and third parties with the Company’s assets;
  • Authenticity, completeness and timeliness of all types of reporting.

The system is polished up on all management levels of the Company.

Preventive (monitoring) control includes build-up and optimization of processes with baseline control procedures (taking account of implementation expenses and effect) as well as regulation of activities, including description of processes, participants (their authorities and responsibilities) and identification of milestones and control activities. Besides, this type of control includes risk management measures (monitoring, identification and risk evaluation, development and implementation of risk management measures).

In-process control includes control procedures by process owners (heads of structural units) and employees during the execution of their functions and control over the achievement of qualitative and quantitative performance indicators and separate lines of activities (monitoring of process efficiency, corrective measures).

Follow-up control includes internal audit (inspections of structural units, processes, projects and lines of activities, evaluation of reliability and efficiency of internal control system, participation in internal investigations of abuses, frauds, damages to the Company and its SACs, inappropriate expenditures), external audit (audit of annual financial statements under Russian Accounting Standards and evaluation of status of the Company’s internal control system), inspections (control over financial and operating activities of the Company to check whether it complies with the Russian legislation, charter and internal documents of the Company) as well as auto-evaluation (heads of structural units or senior management evaluate reliability and efficiency of the internal control system).

The participants of the internal control system are: Board of Directors and its Committees; Audit Commission; Management Board; General Director; Collegiate consultative bodies formed by the sole executive bodies to execute specific functions; Heads of structural units; Employees of structural units fulfilling control procedures as their working functions; as well as Internal Audit and Risk Management Department.

Principles of functioning, processes and procedures of risk management and internal control system are regulated by the Risk Management Policy (approved by a BoD resolution, protocol #151 dd.28.08.2014), Internal Control Policy (approved by a BoD resolution, protocol #151 dd.28.08.2014) and Internal Audit Policy (approved by a BoD resolution, protocol #151 dd.28.08.2014). Under the documents we approved the Regulations on the control environment and risks of “Metering and Transmission” business process, Regulations on the control environment and risks of “Exploitation” business process, Regulations of the control environment and risks of “Procurement” business process and Regulations on the control environment and risks of “Connection” business process.

Resolutions on risk management adopted by the senior management of the Company comply with the Russian legislation and ensure reasonable correlation of beneficial effect and expenses. Executing risk management solutions the Company regularly analyzes its practical efficiency. The Company emphasizes the following risk management operating procedures:

  1. Insurance of property, production facilities and transport, civil responsibilities, medical insurance and other types of insurance;
  2. Diversification of market channels to distribute consumer shares in overall consumption structure;
  3. Refusal to interact with unreliable contractors;
  4. Diversification of procurement of materials, inventories, equipment and services to lower dependence of the Company from stand-alone contractors;
  5. Refusal to implement high-risk investment projects.

Key risk factors

The Company’s operations are influenced by a range of factors that the Company is unable to have a chokehold on. Several factors named below are macro economical and affect all companies. Some lines of activities can be especially susceptible to certain risk factors. Risks in energy transmission, to a certain extent, are derivatives of risks related to wholesale and retail energy markets. These evolving markets, in their turn, have a higher risk level than developed markets of other services and products and include significant legal, economic and political risks. A proportion of political risks in overall risk volume is inconspicuous. An aggressive growth of wholesale and retail energy markets enable most likely to assume that the information may rapidly get outdated. Existing uncertainty in information as a result of factor dynamism may impact future operations, possible sale of the Company’s assets and observation of due dates. Besides, some risks, insignificant for the moment, may become drastic in future.

Up