Improving the system of internal control and risk management, developing the internal audit function

In 2014 the Board of Directors of IDGC of Centre identified improving the system of internal control and risk management, developing the internal audit function as one of the Company’s priority areas of activity (Minutes of the Board of Directors dated 20.08.2014 # 18/14).

As part of this area implementation IDGC of Centre is guided by the following internal documents approved by the Board of Directors of the Company:

Developing and improving the Internal Control and Risk Management System is provided by three interrelated processes:

Internal Control

Implemented by participants of the Internal Control System and aimed to provide reasonable assurance regarding achievement of the following objectives of the Internal Control System:

- ensuring efficiency and performance of the Company’s activities, safeguarding the Company’s assets;

- the Company complies with applicable legal requirements and local regulations of the Company, including while making economic events and business accounting;

- ensuring the reliability and timeliness of financial (accounting) and other statements.

Strategic objectives are not part of the internal control. Setting strategy is a necessary condition for the internal control implementation.

The Internal Control System must provide an objective, fair and clear picture of the current state of the Company, integrity and transparency of the Company’s financial statements.

The objectives of the Internal Control System:

  • providing reliable, quality and affordable power supply to consumers;
  • ensuring environmental integrity and safety of employees and third parties in the performance by the Company of its activities;
  • ensuring the implementation of financial and business plans of the Company in the most efficient and cost effective way (by building efficient processes (areas of activity));
  • ensuring the development and implementation of effective control procedures to reduce the risks associated with the Company’s activity, to a level not higher than the preferred risk (risk appetite);
  • ensuring effective prevention, detection and elimination of irregularities in the performance by the Company of its activities and doing financial and business operations;
  • safeguarding the Company’s assets, ensuring the effective use of the Company’s resources, protecting the Company’s interests, combating fraud of the Company’s employees and third parties;
  • ensuring prevention or detection of deviations from established rules and procedures, as well as distortion of accounting information, accounting (financial) and other statements;
  • ensuring compliance with legal requirements applicable to the Company, compliance with internal policies, regulations and procedures of the Company;
  • ensuring accuracy, completeness, reliability and timeliness of formation, communicating / reporting and all kinds of statements of the Company, under the applicable legislation and regulations of the Company.

Participants in the internal control process are:

  • Audit Commission of the Company;
  • Board of Directors of the Company;
  • Audit Committee of the Board of Directors of the Company;
  • other Committees of the Board of Directors of the Company;
  • executive bodies (Management Board of the Company, General Director of the Company);
  • collegial working bodies, created by the Company’s executive bodies for specific functions (commissions, working groups, etc.);
  • heads of units and structural divisions of the Company;
  • employees of structural divisions of the Company, performing control procedures by virtue of their official duties;
  • the internal control division;
  • the internal audit division.

Roles of the participants of the internal control process are differentiated according to their participation in the relevant stages of the internal control process.

Risk management

Implemented by participants of the Risk Management System and includes providing reasonable assurance in achieving the Company’s objectives defined by the Strategy of development of electric grid facilities of the Russian Federation, program development documents and the Articles of Association of the Company, as well as ensuring the growth of value of the Company, subject to the balance of interests of all stakeholders.

The objectives of the Risk Management System include:

  • strategic goals - high-level targets, correlated with the mission of the Company;
  • operational objectives - ensuring the efficiency of financial and economic activity and economic use of resources, as well as safeguarding the Company’s assets;
  • targets for reporting - ensuring completeness and accuracy of accounting (financial), statistical, administrative and other statements;
  • targets for compliance - compliance with applicable legal requirements to the Company and local regulations of the Company.

The objectives of the Risk Management System are:

  • development of a risk-focused corporate culture, dissemination by the executive bodies and the management of the Company of knowledge and skills in the field of risk management and the use of the possibility of effective exchange of information in the framework of the risk management system;
  • improving the decision-making process and choosing how to respond to emerging risks in order to ensure cost-effectiveness of events for risk management and economic expediency;
  • reduction in the number of unforeseen events and losses in economic activity by expanding capacity to identify potential events and take appropriate measures (risk response);
  • definition and management of the totality of risks in economic activity in the interests of a more effective response to different impact using, including an integrated approach to their sets.

The main participants of the risk management process are:

  • Board of Directors;
  • Strategy and Development Committee of the Board of Directors;
  • Audit Commission;
  • executive bodies (Management Board, General Director);
  • risk owners;
  • the risk management division;
  • persons performing events for risk management;
  • the internal audit division.

Internal audit

It represents activities to provide objective and independent assurance and consulting aimed at improving the operations of the Company.

Internal audit is intended to assist the Board of Directors and executive bodies of the Company in improving the Company’s management efficiency, enhancing its financial and economic activities, including through systematic and consistent approach to analysis and evaluation of the risk management, internal control and corporate governance systems as tools to provide reasonable assurance in achieving the goals set for the Company. 

To achieve the goal the internal audit solves tasks in the following areas:

  • implementation and application of a common approach set out in the Group of Companies Rosseti to the construction, management and coordination of the internal audit function in the Company and its subsidiaries;
  • performance of internal audit, participation in other verification activities in the Company and its subsidiaries;
  • providing independent and objective assurance regarding the effectiveness of internal control, risk management and corporate governance systems, and assisting the executive bodies and employees of the Company in the development and monitoring of execution of procedures and measures to improve the internal control, risk management and corporate governance systems by the Company;
  • organization of effective interaction of the company with the Company’s external auditor, the Company’s Audit Committee, as well as persons providing counseling services in the field of risk management, internal control and corporate governance;
  • preparation and submission to the Board of Directors (Audit Committee) and executive bodies (Chief Executive Officer/Management Board) of reports on results of the internal audit activity (including information about significant risks, deficiencies, results and effectiveness of the implementation of measures to address identified deficiencies, implementation of a plan of the internal audit activity, results of the actual condition assessment, reliability and effectiveness of the internal control, risk management and corporate governance systems).