Site colours:

Improving the internal control system and the risk management system, developing the internal audit function

In 2014 the Board of Directors of IDGC of Centre identified improving the system of internal control and risk management, developing the internal audit function as one of the Company’s priority areas of activity (Minutes of the Board of Directors dated 20.08.2014 # 18/14).

As part of this area implementation IDGC of Centre is guided by the following internal documents approved by the Board of Directors of the Company:

Developing and improving the Internal Control System and the Risk Management System is provided by three interrelated processes:

Internal Control System

Implemented by participants of the Internal Control System and aimed to provide reasonable assurance regarding achievement of the following objectives of the Internal Control System:

- ensuring efficiency and performance of the Company’s activities, safeguarding the Company’s assets;

- the Company complies with applicable legal requirements and local regulations of the Company, including while making economic events and business accounting;

- ensuring the reliability and timeliness of financial (accounting) and other statements.

Strategic objectives are not part of the internal control. Setting strategy is a necessary condition for the internal control implementation.

The Internal Control System must provide an objective, fair and clear picture of the current state of the Company, integrity and transparency of the Company’s financial statements.

The objectives of the Internal Control System:
  • providing reliable, quality and affordable power supply to consumers;
  • ensuring environmental integrity and safety of employees and third parties in the performance by the Company of its activities;
  • ensuring the implementation of financial and business plans of the Company in the most efficient and cost effective way (by building efficient processes (areas of activity));
  • ensuring the development and implementation of effective control procedures to reduce the risks associated with the Company’s activity, to a level not higher than the preferred risk (risk appetite);
  • ensuring effective prevention, detection and elimination of irregularities in the performance by the Company of its activities and doing financial and business operations;
  • safeguarding the Company’s assets, ensuring the effective use of the Company’s resources, protecting the Company’s interests, combating fraud of the Company’s employees and third parties;
  • ensuring prevention or detection of deviations from established rules and procedures, as well as distortion of accounting information, accounting (financial) and other statements;
  • ensuring compliance with legal requirements applicable to the Company, compliance with internal policies, regulations and procedures of the Company;
  • ensuring accuracy, completeness, reliability and timeliness of formation, communicating / reporting and all kinds of statements of the Company, under the applicable legislation and regulations of the Company.
Participants in the internal control process are:
  • Audit Commission of the Company;
  • Board of Directors of the Company;
  • Audit Committee of the Board of Directors of the Company;
  • other Committees of the Board of Directors of the Company;
  • executive bodies (Management Board of the Company, General Director of the Company);
  • collegial working bodies, created by the Company’s executive bodies for specific functions (commissions, working groups, etc.);
  • heads of units and structural divisions of the Company;
  • employees of structural divisions of the Company, performing control procedures by virtue of their official duties;
  • the internal control division;
  • the internal audit division.

Roles of the participants of the internal control process are differentiated according to their participation in the relevant stages of the internal control process.

Risk management System

The Company has a risk management system (hereinafter - the RMS) integrated into the general management system of the Company. The purpose of the RMS is to provide reasonable confidence in achieving the goals set for the Company, determined by the Strategy for Development of the Electric Grid Complex of the Russian Federation, development program documents and the Articles of Association of the Company, as well as to ensure the growth of the Company’s value, while maintaining the balance of interests of all stakeholders.
Risk management is an ongoing, constant process.

The principles of the Risk Management System are:
  • risk management is an integral part of all organizational processes;
  • risk management is part of the decision-making process;
  • risk management is systematic, structured and timely;
  • risk management is based on the best available information;
  • risk management is transparent and takes into account the interests of stakeholders;
  • risk management is dynamic, iterative (repetitive) and responsive to change;
  • risk management contributes to continual improvement of the organization.
The objectives of the Risk Management System are:
  • development of a risk-oriented corporate culture;
  • achieving an optimal balance between the preferred risk (risk appetite) and the development strategy;
  • improving the decision-making process for responding to emerging risks;
  • reduction in the number of unforeseen events and losses in economic activity;
  • determination and management of the entire set of risks in economic activity.
The main participants of the risk management process are:
  • Board of Directors;
  • Authorized Committee of the Board of Directors;
  • Audit Commission;
  • executive bodies (Management Board, General Director);
  • risk owners;
  • executors of risk management measures;
  • the risk management division;
  • the internal audit division.

All RMS participants are responsible for identifying, assessing, analyzing and continuously monitoring risks within the framework of their activities, developing and implementing the necessary risk management measures, and continuously monitoring the effectiveness of risk management measures.

Functional risks of the Company for 2023 with significant and critical levels of materiality.

Internal audit

It represents activities to provide objective and independent assurance and consulting aimed at improving the operations of the Company.

Internal audit is intended to assist the Board of Directors and executive bodies of the Company in improving the Company’s management efficiency, enhancing its financial and economic activities, including through systematic and consistent approach to analysis and evaluation of the risk management, internal control and corporate governance systems as tools to provide reasonable assurance in achieving the goals set for the Company. 

To achieve the goal the internal audit solves tasks in the following areas:
  • implementation and application of a common approach set out in the Group of Companies Rosseti to the construction, management and coordination of the internal audit function in the Company and its subsidiaries;
  • performance of internal audit, participation in other verification activities in the Company and its subsidiaries;
  • providing independent and objective assurance regarding the effectiveness of internal control, risk management and corporate governance systems, and assisting the executive bodies and employees of the Company in the development and monitoring of execution of procedures and measures to improve the internal control, risk management and corporate governance systems by the Company;
  • organization of effective interaction of the company with the Company’s external auditor, the Company’s Audit Committee, as well as persons providing counseling services in the field of risk management, internal control and corporate governance;
  • preparation and submission to the Board of Directors (Audit Committee) and executive bodies (Chief Executive Officer/Management Board) of reports on results of the internal audit activity (including information about significant risks, deficiencies, results and effectiveness of the implementation of measures to address identified deficiencies, implementation of a plan of the internal audit activity, results of the actual condition assessment, reliability and effectiveness of the internal control, risk management and corporate governance systems).