Main page / Risk management / Model of internal control and risk management system

Model of internal control and risk management system

Internal control and risk management system of the Company is an element of Company’s corporate governance system comprising a wide range of procedures, methods and mechanisms of control created and used by the Board of Directors, Audit Commission, executive management bodies, senior managers and personnel of the Company focused on the provision of reasonable guarantees for achieving the following goals:

  • Efficiency of process administration;
  • Observation of legislative requirements, that may apply to the Company’s operations, as well as requirements of the Company’s internal documents;
  • Prevention of malpractices of the Company’s employees and third parties with Company’s assets;
  • Authenticity, completeness and timeliness of all types of reporting.

To evolve the system the Board of Directors has approved a range of internal documents. Principles of functioning, processes and procedures for risk management and internal control system of the Company are regulated by:

According to the above-mentioned internal documents we also approved the Regulations on the control environment and risks typical for “Commercial Metering and Transmission Services” business process, Regulations on the control environment and risks typical for “Exploitation” business process, Regulations on the control environment and risks typical for “Procurement Management” business process, Regulations on the control environment and risks typical for “Connection” business process.

The system is evolving on all management levels of the Company according to the following directions:

1) Preventive (monitoring) control includes build-up and optimization of processes with baseline control procedures (including implementation expenses and effect), as well as regulation of activities, including description of processes, participants (their authorities and responsibilities) and identification of milestones and control activities. Besides, this type of control includes risk management measures (monitoring, identification and risk evaluation, development and implementation of risk management measures).

2) In-process control includes control procedures by process owners (heads of structural units) and employees during the execution of their functions and control over the achievement of qualitative and quantitative performance indicators and separate lines of activities (monitoring of process efficiency, corrective measures).

3) Follow-up control includes internal audit (inspections of structural units, processes, projects and lines of activities, evaluation of reliability and efficiency of internal control system, participation in internal investigations of abuses, frauds, damages to the Company and its SACSubsidiary and associated companys, inappropriate expenditures), external audit (audit of annual financial statements under Russian Accounting Standards and evaluation of the Company’s internal control system), inspections (control over financial and operating activities of the Company to check whether it complies with the Russian legislation, charter and internal documents of the Company) as well as auto-evaluation (heads of structural units or senior management evaluate reliability and efficiency of the internal control system).

Participants of the internal control and risk management system:

Participant Key authorities and responsibilities in IC&RM system
Board of Directors
  • Creation, control over operations and determination of overall strategy for the evolution of the Company’s internal control and risk management system;
  • Review of reports and decision-taking on fundamental, key and problematic issues related to corporate governance;
Audit Commission
  • Control over financial and economic operations of the Company;
  • Independent appraisal of authenticity of data contained in the annual report and annual financial statements of the Company;
Audit Committee
  • Provision of external auditor selection and evaluation of its operations;
  • Provision of evaluation of authenticity of the Company’s financial statements (including auditor report);
  • Evaluation of the efficiency of the internal control and risk management system, preparation of proposals related to its improvement;
General Director, Management Board
  • Provision of creation and daily functioning of efficient and reliable system of internal control in the Company;
Heads of structural units
  • Arrangement of efficient control environment of processes under supervision (directions of activities), responsibility for the efficiency of operating goals of processes under supervision (directions of activities) and management of risks belonging to processes under supervision (directions of activities) and execution of control procedures;
Personnel of structural units responsible for control procedures according to the job functions
  • Execution of control procedures within internal control system according to job descriptions and regulatory documents;
  • Provision of timely informing direct heads on cases when control procedures and risk management activities became impossible due to any reasons and/or change of control procedures/risk management activities is required due to changes of internal and/or external environment of Company’s operations, including elaboration and submission for review by heads of proposals related to the implementation of control procedures and risk management procedures in corresponding fields of activities;
Internal Audit and Control Department
  • Provision of methodological support and coordination of risk management and control environment regulation processes, execution of independent follow-up control and evaluation of control environment efficiency, submission of information to the Board of Directors, executive bodies of the Company on significant trends and problems in Company’s operations.

To ensure the efficiency of the internal control system and its compliance with changing requirements and challenges the Company evaluates the efficiency of internal control system, its compliance with targets and maturity levels.

Up