RU | EN
Back Back
    1. 4.1 The Memo of the Controlling Stockholder (PAO Rosseti) with Regard to the Controlled Grid Companies
    2. 4.2 Corporate Governance Practices
    3. 4.3 General Meetings of Stockholders
    4. 4.4 Board of Directors’ Progress Report
    5. 4.5 Board of Directors Committees
    6. 4.6 Corporate Secretary
    7. 4.7 Executive Bodies
    8. 4.8 Remuneration and Compensation Policy
    9. 4.9 Settlement of Competing Interests
    10. 4.10 Internal Control, Risk Management and Internal Audit
    11. 4.11 Board of Internal Auditors
    12. 4.12 External Auditor
    13. 4.13 Management of subsidiaries and affiliates
    14. 4.14 Stockholder Equity and Securities
Download center
Data analysis
Browsing history
Social networks
Feedback
Version for the visually impaired
Print out
Share
Send to E-mail Copy link
Add to downloads
View PDF
Document for 2021

For the operation of the site, we collect cookies, information about the IP address and location of users. If you do not want this data to be processed, please leave the site.

You didn't fill in the Email field

4.10 Internal Control, Risk Management and Internal Audit

Internal Control System

The Company’s internal control system is an integral element of the Company’s governing system, focused to ensure reasonable guarantees that the goals below are achieved:

The internal control system is risk-oriented, its control procedures shaped by risks and set in a way to ensure reasonable guarantee of an efficient and timely response to risks. The ICSinternal control system covers all lines of Company’s operations, with all processes regularly controlled at all management levels, under the “three lines of defense” model:

The Company has set up the Internal Control and Risk Management Section, which, under the Internal Control Policy and the Regulations on the Structural Unit, is liable for:

To enforce implementation and maintenance of the efficient internal control system, consistent with generally accepted practices and standards of internal control and requirements of regulators as well as promoting the Company’s goals the Company has adopted the Internal Control Policy[68], that stipulates goals, operational principles and elements of the ICSinternal control system, primary functions and responsibilities of ICSinternal control system participants, ICSinternal control system efficiency assessment procedure.

The Company enforced the Procedure of implementation of the Internal Control Policy, disclosing practical aspects related to application of the norms, set by the Internal Control Policy[69]. Control procedures on core and auxiliary processes and subprocesses as well as governance processes are stipulated by control and risk matrices. The Board of Directors has adopted the action plan to maintain efficiency and develop internal control and risk management systems[70] (enforced by the decree[71]). To guarantee the ICSinternal control system efficiency and compliance with changing requirements and conditions, the Company’s internal auditor evaluates the efficiency of the system (whether it complies with its target status and maturity level). The maturity level in 2022, in comparison to 2021, was assessed between “Optimal” and “High” (5.3 points in 2021 and 5.3 points in 2022).

During the reported period the Company has implemented the following key measures related to ICSinternal control system improvement:

In 2023, we plan to implement the following measures to improve the ICSinternal control system:

  1. Revision of the regulatory documents on internal control.
  2. Conduct of trainings for management and employees on the roll-out and functioning of the ICSinternal control system.
  3. Improvement of the tool for the control of financial stability, legal support of contractors’ liquidation and bankruptcy.

Risk Management System

The Company has the risk management system focusing on reduction of uncertainty in relation to the achievement of the goals, set at all management levels of the Company, incl. by the Rosseti Group’s Development Strategy and tactical and operational planning documents (business plans, budgets, etc.). The RMSrisk management system is focused on determining events, that may influence the Company’s activities, and managing risks related to these events as well as maintaining integral risk of the Company at preferred level.

The RMSrisk management system develops and functions using unified principles that are accepted and complied with by management bodies and employees of the Company at all management levels: consistency and complexity; goal orientation; integration into management; formation and conservation (protection) of the Company’s value; balance between risks and profitability; uncertainty; systematic approach; quality of information;  concern and leadership; assignment of responsibility for risk management; efficiency; cross-functional interaction; reasonable assurance; agility; responsiveness; constant improvement.

To enforce the functioning of the RMSrisk management system the Company has adopted the Risk Management Policy[76], stipulating the goals, principles of operation and elements of the Company’s RMSrisk management system, primary functions and responsibilities of the RMSrisk management system participants, forms of evaluation of the RMSrisk management system efficiency. In 2022, the Company adopted the risk appetite[77]. The risk appetite is a combination of risk appetite targets which the company strives to maintain in the course of its operations. Besides, the Company adopted the Risk Appetite Determination Procedure[78], and also has the following RMSrisk management system-related regulatory documents[79]:

  • Regulations on risk management.
  • Risk tree model.
  • RMSrisk management system maturity model.

As stated in the Risk Management Policy and Regulations on the Structural Unit, the Company’s Internal Control and Risk Management Section is liable for general coordination of risk management processes, crafting of the RM-related methodology, preparation of reporting on outcomes of risk management and evaluation of the RMSrisk management system efficiency. Functions of the RMSrisk management system participants are stipulated by the Risk Management Policy, Regulations on structural units and job descriptions.

To guarantee the RMSrisk management system efficiency and compliance with changing requirements and conditions, the Company’s internal auditor evaluates the RMSrisk management system efficiency. The maturity level in 2022, in comparison to 2021, was assessed between “Moderate” and “Optimal” (4.2 points in 2021, 4.6 points in 2022). The Board of Directors has adopted the action plan to maintain efficiency and develop internal control and risk management systems[80] (enforced by the decree[81]).

During the reported period, the Company implemented the following key measures to improve the RMSrisk management system:

  • The action plan on risk culture was adopted[82].
  • The Risk Appetite Determination Procedure was updated[83].
  • The Regulations on the preparation of reporting on risk management in terms of consolidation of information on the occurrence of risks impacting the achievement of the Company’s goals were revised[84].
  • Trainings for C-level executives and employees on the roll-out and functioning of the RMSrisk management system were conducted.

In 2023, we plan to implement the following measures to improve the RMSrisk management system:

  1. Revision of the regulatory documents on risk management.
  2. Specification of key indicators using unified methodology for specification of key indicators for Rosseti Group.
  3. Conduct of trainings for C-level executives and employees on the roll-out and functioning of the RMSrisk management system.
Metrics Meas. units 2020 2021 2022 2022/2021, %
Internal evaluation of ICSinternal control system efficiency points 5.3 5.3 0 %
Internal evaluation of RMSrisk management system efficiency points 4.2 4.6 9.5 %
Number of conducted control activities aimed at exposure and minimization of risks pcs 383 455 302 -33.6 %
Number of examined procurement-related materials (items) pcs 3,375 3,462 2,179 -37 %
Number of rectified violations after inspections conducted by external watchdogs pcs (%) 49.3 74.6 86.0 11.4 %
Total sum of annulled fines after appeals against decisions to impose administrative sanctions RUBruble million 6.2 9.6 7.6 -20.8 %
Total funds received by the Company from contractors under liquidation and bankruptcy procedures RUBruble million No statistics 18.985 200 953.5 %

Internal Audit

The Internal Audit Department is a unit, liable for internal audit. The Internal Audit Department is responsible to the Company’s Board of Directors (via the Audit Committee). This means that the Board of Directors oversees and administers the unit (namely, adoption of the unit’s action plan, progress report, its budget as well as assignment, dismissal and remuneration of the unit head). The goal of internal audit is to assist the Board of Directors and executive bodies of the Company in enhancing efficacy of governance and improving its financial and economic performance, by enforcing systematic and coherent approaches to analysis and evaluation of the systems of risk management, internal control and corporate governance as tools of reasonable assurance in Company’s goal achievement. Goals and objectives, principles of IA rollout and functioning, functions and authorities of the internal audit are stipulated by the Internal Audit Policy[85]. In 2022, 8 employees performed internal audit functions.

The Company has adopted the following principal documents regulating internal audit performance:

Pursuant to the Regulations on the Board of Directors’ Audit Committee[53] arrangement, efficiency evaluation and enforcement of independency and neutrality of internal audit fall within the remit of the Board of Directors’ Audit Committee. The Audit Committee’s feedback is delivered to the head of the internal audit unit through the head’s interaction with the Committee, incl. analysis of resolutions/ recommendations of the Committee on matters falling under the competence of the internal audit unit and questionnaire survey of the Committee members. Satiation of the Audit Committee with the performance of the internal audit unit (average weighted total points from the questionnaires / quantity of votes of the Committee members) in 2022 corresponds with “full compliance” estimation value in line with the Guarantee and Enhanced Quality of Internal Audit Program.

Pursuant to the Guarantee and Enhanced Quality of Internal Audit Program, the quality of the Company’s internal audit is evaluated by independent external expert at least once in 5 years. External independent evaluation of the IA’s performance was carried out by AOJoint-Stock Company KPMG in 2019. After the evaluation, AOJoint-Stock Company KPMG presented a report, certifying general compliance of the Company’s internal audit performance with the International Professional Internal Audit Standards, Ethics Code, Internal Audit Policy, and issued recommendations regarding improvements of internal audit practices. Using feedback from the Audit Committee’s questionnaires regarding areas of improvement and recommendations from the external independent expert, the Company has prepared and enforces the action plan on the development and improvement of the Company’s internal audit performance[88]. Pursuant to the action plan on the development and improvement of the Company’s internal audit performance we prepared the action plan on professional development of internal auditors for 2021-2024[89].