Risk Management and Internal Control Framework
The Group has introduced and employs the Risk Management and Internal Control Framework (RMICF), which encompasses key assets, business processes, lines of business, and all levels of the Group’s management.
Goals and objectives of the Risk Management and Internal Control Framework
The use of the Risk Management and Internal Control Framework ensures:
- An objective, fair, and clear view of the Group’s current state and prospects
- Reasonable confidence in achieving the goals set for the Group
- A high level of trust among shareholders and investors in the Company’s management bodies
- The protection of investments and assets and the containment of risks within acceptable limits
Participants in the Risk Management and Internal Control Framework
The Group’s management ensures the RMICF is integrated into key business processes and the Group’s activities, above all in the planning and monitoring of business activities, including business planning and project management in the Generation, Supply, Trading, and Engineering segments.
Inter RAO has established a separate risk management and internal control unit at PJSC Inter RAO, which remains in constant cooperation with the Board of Directors and the Audit and Sustainable Development Committee.
Based on the independent evaluation of the activities of the Board of Directors and its committees, the Board of Directors decided to review the risk management report on a semi-annual basis.
With the support of the Internal Control and Risk Management Department (ICRMD), senior management is responsible for coordinating and drafting a unified methodology and ensuring the stages of the RMICF cycle are properly implemented and produce the key results. The head of the ICRMD reports directly to the CEO, which ensures the independent identification and assessment of risks as well as the development and monitoring of risk management measures, including control procedures.
The objectives, core principles, approaches, and parties involved in risk management and internal control processes at PJSC Inter RAO are enshrined in theRisk Management and Internal Control Policy of PJSC Inter RAO, which is approved by the Company’s Board of DirectorsMinutes No. 234 dated November 19, 2018.. This Policy is a top-level document drafted based on the Charter of PJSC Inter RAO that takes into account the recommendations of Russian and international risk management standards, the Corporate Governance Code, the guidelines of the Federal Agency for State Property Management, risk management and corporate governance best practices, and the listing rules of Russian and international stock exchanges.
The Risk Management and Internal Control Policy was approved as a corporate standard for the Group’s companies by an orderOrder No. IRAO/652 dated December 17, 2018 “On the Risk Management and Internal Control Policy of PJSC Inter RAO” approved by the Board of Directors of the CEO.
Functions and objectives of participants in the RMICF
Participants | Key functions and objectives |
---|---|
Board of Directors |
|
Level of executive management bodies CEO Management Board Collegial advisory bodies |
|
Level of risk owners Managers who report directly to the CEO Managers of structural units of the Group’s companies |
|
Internal Control and Risk Management Department |
|
Internal Audit |
|
Level of employees |
|
Development of the Risk Management and Internal Control Framework
Results of the functioning of the Risk Management and Internal Control Framework in 2019:
- The Group’s risk appetite was drafted and approved
- Additional training and information sharing was organized for the Group’s employees in an effort to promote norms and standards of conduct and apply risk-based approaches in business planning and when developing control procedures
- A list of the Group’s strategic risks was drafted and approved for inclusion in the updated strategy
- The Antimonopoly Risk Map was approved and contains a quantitative calculation of risk consequences; antimonopoly compliance subcommittees were formed at subsidiaries; and advanced training on antimonopoly compliance was provided to the staff of the Group’s companies
- Cybersecurity risks were verified through external penetration testing. PJSC Inter RAO set up an information security division
- A list of the main cyber threats was developed and an assessment of these risks was conducted
- The level of organization of the PJSC Inter RAO internal control system was assessed and measures were developed to improve the internal control system of the Company as a participant in tax monitoring
In 2019, the Board of Directors approved 12 principles of risk appetite. Details are in the Strategic Report.
Efficiency assessment of the RMICF
- Management informs the Board of Directors each year about the results achieved in matters concerning risk management and internal control over the reporting period as part of an annual report on the operation of the RMICF
- The internal audit division conducts an annual efficiency assessment of the RMICF and provides the Board of Directors with reporting on the results of the assessment
- The Board of Directors reviews matters concerning the organization, functioning, and effectiveness of the RMICF at least once a year and makes recommendations for its improvement, and also has the power to initiate an external assessment of the RMICF with the hiring of an independent organization
- The efficiency assessment of the RMICF for 2019 was presented by the Internal Audit Unit to the Company’s Board of Directors for review and approved on March 31, 2020Minutes No. 270 dated April 6, 2020.. The results of the efficiency assessment of the RMICF
are presented in the section ‘Internal Audit – 2019 Results’ of this Report.