Model of internal control and risk management system
Internal control and risk management system of the Company is an element of Company’s corporate governance system comprising a wide range of procedures, methods and mechanisms of control created and used by the Board of Directors, Audit Commission, executive management bodies, senior managers and personnel of the Company focused on the provision of reasonable guarantees for achieving the following goals:
- Efficiency of process administration;
- Observation of legislative requirements, that may apply to the Company’s operations, as well as requirements of the Company’s internal documents;
- Prevention of malpractices of the Company’s employees and third parties with Company’s assets;
- Authenticity, completeness and timeliness of all types of reporting.
To evolve the system the Board of Directors has approved a range of internal documents. Principles of functioning, processes and procedures for risk management and internal control system of the Company are regulated by:
- The Risk Management Policy of IDGCInterregional Distributive Grid Company of Urals (approved by the Board of Directors, protocol #151 dd. 28.08.2014);
- The Internal Control Policy of IDGCInterregional Distributive Grid Company of Urals (approved by the Board of Directors, protocol #151 dd. 28.08.2014);
- The Internal Audit Policy of IDGCInterregional Distributive Grid Company of Urals (approved by the Board of Directors, protocol #151 dd. 28.08.2014).
According to the above-mentioned internal documents we also approved the Regulations on the control environment and risks typical for “Commercial Metering and Transmission Services” business process, Regulations on the control environment and risks typical for “Exploitation” business process, Regulations on the control environment and risks typical for “Procurement Management” business process, Regulations on the control environment and risks typical for “Connection” business process.
The system is evolving on all management levels of the Company according to the following directions:
1) Preventive (monitoring) control includes build-up and optimization of processes with baseline control procedures (including implementation expenses and effect), as well as regulation of activities, including description of processes, participants (their authorities and responsibilities) and identification of milestones and control activities. Besides, this type of control includes risk management measures (monitoring, identification and risk evaluation, development and implementation of risk management measures).
2) In-process control includes control procedures by process owners (heads of structural units) and employees during the execution of their functions and control over the achievement of qualitative and quantitative performance indicators and separate lines of activities (monitoring of process efficiency, corrective measures).
3) Follow-up control includes internal audit (inspections of structural units, processes, projects and lines of activities, evaluation of reliability and efficiency of internal control system, participation in internal investigations of abuses, frauds, damages to the Company and its SACSubsidiary and associated companys, inappropriate expenditures), external audit (audit of annual financial statements under Russian Accounting Standards and evaluation of the Company’s internal control system), inspections (control over financial and operating activities of the Company to check whether it complies with the Russian legislation, charter and internal documents of the Company) as well as auto-evaluation (heads of structural units or senior management evaluate reliability and efficiency of the internal control system).
Participants of the internal control and risk management system:
|Participant||Key authorities and responsibilities in IC&RM system|
|Board of Directors||
|General Director, Management Board||
|Heads of structural units||
|Personnel of structural units responsible for control procedures according to the job functions||
|Internal Audit and Control Department||
To ensure the efficiency of the internal control system and its compliance with changing requirements and challenges the Company evaluates the efficiency of internal control system, its compliance with targets and maturity levels.