Annual Report 2013

Model of Internal Auditing and Risk Management System

  • The Company uses a three-tier internal audit and risk management system that consists of preventive, current, and follow-up controls.
  • Internal audit and risk management are conducted under the Company’s Internal Audit Policy and Risk Management Policy.

The internal audit and risk management system of the Company is part of the Company’s corporate governance system, which includes all of the procedures, methods and mechanisms for auditing, created and used by the Board of Directors, the Audit Commission, executive bodies, management and all Company’s employees to ensure reasonable guarantees of achieving goals in the following areas:

  • efficient and effective organization of work;
  • compliance with the legislative regulations applied to the Company’s operations and the Company’s internal regulations;
  • prevention of the wrongful actions of the Company’s employees and the third parties with regard to the Company’s assets;
  • reliability, completeness and timeliness of preparation of all kinds of reports.

The Board of Directors has approved the following regulations to improve the internal audit and risk management system:

  • the Internal Audit Policy (Minutes No. 19/12 dd. August 03, 2012);
  • the Risk Management Policy (Minutes No. 13/10 dd. June 10, 2010). MODEL OF INTERNAL AUDIT AND

THE INTERNAL AUDIT AND RISK MANAGEMENT SYSTEM IS IMPROVED ON ALL LEVELS OF THE COMPANY’S MANAGEMENT IN THE FOLLOWING AREAS OF CONTROL:

Preventive control

THAT IS:

  • creation and optimization of processes (areas of operation) with the development of the minimum required audit procedures taking into account the expenses on their implementation and the implementation effect;
  • formalization (regulation) of operations, i.e. the Company’s processes are described in the internal documents; the participants, their powers and responsibilities are documented; the checkpoints and measures are identified;
  • risk management measures, i.e. the Company monitors, identifies and evaluates risks, develops and takes measures to manage the risks

Current control

THAT IS:

  • execution of the audit procedures by the process owners (heads of the divisions) and the Company’s employees within the course of their fulfilling their direct duties;
  • control over the achievement of the qualitative and quantitative indicators of the Company’s operations and certain areas of operations (monitoring of the efficiency of current operations). Corrective measures are taken after completing the monitoring procedures

Follow-up control

THAT IS:

  • internal audit which is carried out by way of:
    • auditing the Company’s structural divisions, processes, projects and areas of operation;
    • evaluating the reliability and efficiency of the Company’s internal audit system;
    • conducting special (official) investigations of abusive practices (fraud), damage caused to the Company and its subsidiaries / controlled companies, improper or inefficient utilization of resources;
  • external audit which is carried out by an independent auditor of the Company by way of auditing the Company’s annual reports under RAS and evaluation of the Company’s internal audit system;
  • audits performed by the audit commission of the Company and its subsidiaries / controlled companies by way of checking, whether the financial and business operations of the Company and its subsidiaries / controlled companies comply with the laws of the Russian Federation, the Charter and internal documents of the Company and its subsidiaries / controlled companies

THE INTERNAL AUDIT SYSTEM ENCOMPASSES THE FOLLOWING PARTICIPANTS:

  • The Company’s Board of Directors and its committees (the Audit Committee and others).
  • The Company’s Audit Commission.
  • The Company’s collective executive body (the Management Board).
  • The Company’s sole executive body (the General Director).
  • The collective bodies serving consulting and advisory purposes created by the Company’s sole executive body to perform specific functions (committees, commissions, etc.).
  • Heads of the Company’s units and structural divisions.
  • Employees of the Company’s structural divisions carrying out the functions of control as part of their job duties.
  • The Department of Internal Audit and Risk Management.

POWERS AND RESPONSIBILITIES OF THE MAJOR PARTICIPANTS OF THE INTERNAL AUDIT SYSTEM:

  1. The Company’s Board of Directors is responsible for ensuring the creation of the Company’s internal audit system, control of its operation and the development of a general strategy of its development
  2. The Company’s Audit Commission is responsible for:
    • controlling the Company’s financial and business operations;
    • observing the Company’s compliance with the laws of the Russian Federation and the Company’s Charter when carrying out its financial and business operations;
    • carrying out an independent evaluation of information about the Company’s financial standing;
    • confirming reliability of data contained in the reports and other financial documents of the Company.
  3. The Audit Committee under the Company’s Board of Directors is responsible for:
    • selecting the auditor(s) and their valuation;
    • evaluating reliability of the Company’s financial statements (including the external auditor’s opinion);
    • evaluating the external auditor’s opinion;
    • evaluating the efficiency of the internal audit system and preparing improvement suggestions.
  4. The Company’s Management Board prepares reports on the Company’s operations in the area of the internal audit system, including the review and analysis of the reports on the internal control of risks.
  5. The Company’s General Director is responsible for:
    • ensuring the creation of an internal audit system at the Company and its ongoing effective and reliable operation;
    • submitting suggestions on the improvement of the internal audit system to the Board of Directors.
  6. Heads of the units and structural divisions of the Company are responsible for:
    • ensuring implementation of the internal audit principles;
    • organizing an effective system for controlling the processes (areas of operations), which they are in charge of;
    • effective achievement of the operational goals of the processes (areas of operations), which they are in charge of;
    • ensuring regulation of the processes (areas of operation), which they are in charge of;
    • evaluating the processes (areas of operations), which they are in charge of, in order to determine whether they need to be optimized to improve their efficiency and compliance with the changing conditions of the external and internal environment, and for organizing the development of suggestions to improve the control procedures;
    • ensuring the detection and elimination of the defects in control procedures and the processes’ control environment;
    • controlling the risks pertaining to the processes (areas of operations), which they are in charge of, and for organizing the implementation of the control procedures.
  7. Employees of the Company’s structural divisions, fulfilling the control procedures due to their job duties, are responsible for:
    • fulfilling the control procedures within the internal audit system in accordance with the job descriptions and the established regulatory documents;
    • monitoring the fulfillment of the control procedures;
    • carrying out self-evaluation of the fulfilled control procedures and taking part in the improvement of the internal audit system;
    • ensuring timely notification of the line managers of the instances where the fulfillment of the control procedures and the risk management measures becomes impossible for any reasons and/or where the design of such control procedures/risk management measures requires modification due to the changes in the internal and/or external conditions of the Company’s operations, and for ensuring the development and submitting of suggestions to the management on the implementation of control procedures and risk management measures in the relevant areas of operation.
  8. The Department of Internal Audit and Risk Management carries out:
    • 8.1. Preventive control by way of:
      • 8.1.1. implementing policies, standards and procedures for establishing the internal audit and risk management system, in particular:
        • ensuring the development and improvement of the internal audit system at the Company, control over the operations of the structural divisions and branches of the Company and its subsidiaries in the area of development and improvement of the internal audit and risk management system;
        • implementing a unified system of methods and regulating the activities aimed at creating and improving the risk-oriented internal audit system; standardizing the Company’s internal audit and organizing the unification of operations carried out by the subsidiaries’ audit commissions;
        • coordinating the efforts aimed at supporting and monitoring the designated status of the internal audit and risk management system;
        • disclosing information pertaining to the internal audit and risk management system to the external users.
      • 8.1.2. organizing the risk management process, in particular:
        • organizing and coordinating operations to reveal, evaluate and manage risks;
        • evaluating the sufficiency and efficiency of the risk management measures and the control over the fulfillment of the risk management measures in accordance with the plan;
        • preparing recommendations for the risk owners and management associated with the issues of risk management and the efficiency of measures being taken;
        • organizing the review and approval by the Company’s executive bodies of the risk management measures and the strategy of reacting to external hazards;
        • organizing notification of the Company’s management bodies about the risk management results, trends and the status of the risk management system.
      • 8.1.3. Assisting in the creation of effective processes, in particular, assisting the management in the creation of the control environment, preparation of recommendations regarding the description and implementation of the control procedures to the processes and determination of responsibilities of the officers.
    • 8.2. Current control by way of:
      • 8.2.1. monitoring the fulfillment of internal audit measures and procedures at the Company;
      • 8.2.2. taking additional measures of current control in the key and high-risk processes (finance, investment, procurement, power transmission and grid connection operations, etc.) by participating in the work groups, commissions, collective bodies; ensuring the execution of analysis and the issue of opinions, including expert opinions (keeping in mind the necessity of maintaining the balance between participation in the current control procedures and maintaining independency when carrying out follow-up control);
      • 8.2.3. organizing efficient interaction and assisting the Company’s Audit Commission, in particular:
        • organizing interaction with the Company’s Audit Commission;
        • providing administrative support of the operations of the Company’s Audit Commission;
        • organizing the development of corrective measures after the Company has been audited in order to eliminate the deficiencies and follow the recommendations issued by the Company’s Audit Commission and controlling their fulfillment.
      • 8.2.4. interacting with the state control and supervisory bodies on the issues of internal audit, in particular:
        • ensuring compliance with the requirements of the state control bodies to the internal audit system;
        • ensuring cooperation with the state control and supervisory bodies during the course of control measures taken by the latter;
        • coordinating the operations aimed at developing corrective measures to eliminate the deficiencies and follow recommendations and instructions issued by the state control and supervisory bodies; controlling their fulfillment;
        • monitoring the checks carried out by the control/ supervisory bodies.
      • 8.2.5. interacting with the external auditor of the Company and its subsidiaries on the issues of evaluating the efficiency of the internal audit and risk management system, in particular:
        • providing assistance and information about the status of the internal audit system of the Company and its subsidiaries;
        • coordinating conclusions of the external auditors on the status of the internal audit and risk management system;
        • evaluating the quality of the external auditor’s work, preparing an opinion on the basis of this evaluation and submitting it to the related parties.
      • 8.2.6. interacting with the Audit Committee under the Company’s Board of Directors, in particular:
        • interacting with the Audit Committee under the Company’s Board of Directors on the issues of internal control, risk management and internal audit;
        • ensuring that the Audit Committee fulfills its functions most effectively: performing preliminary analysis of all the materials submitted for consideration by the Audit Committee under the Company’s Board of Directors in order to evaluate the completeness of disclosure and objective character of the information;
      • 8.2.7. preparing expert opinions, opinions and suggestions regarding the materials submitted for consideration to the senior management and the executive bodies of the Company and its subsidiaries on the issues associated with the responsibility of the Department of Internal Audit and Risk Management.
    • 8.3. Follow up control by way of:
      • 8.3.1. ensuring effective functioning of the internal audit system, in particular:
        • planning, organizing and conducting internal audits of the structural divisions, branches, processes, projects and areas of operations;
        • preparing recommendations to increase the efficiency and effectiveness of operations, improve corporate control, increase the efficiency of internal control and risk management processes on the basis of the results of the internal audit and evaluation;
        • evaluating the reliability and effectiveness of the internal audit and risk management system;
        • participating in special (official) investigations of abusive actions (fraud), caused damage or improper or inefficient utilization of resources;
        • carrying out follow up control and control of over the implementation of corrective measures on the basis of the internal audit;
        • organizing notification of the management bodies about the audit results and the status of the internal audit and risk management system, the major trends and changes in the operations, submitting suggestions to increase the efficiency of operations;
      • 8.3.2. organizing and coordinating operations of the subsidiaries’ audit commissions and exerting follow up control and control over the elimination of deficiencies by the subsidiaries detected during the audit and the fulfillment of recommendation and instructions of the audit commission.