Internal control is an integral component of Company’s governing system.
Internal control covers all lines of Company’s operations, all processes are regularly controlled at all management levels to ensure reasonable guarantees that the goals below are achieved:
Company’s efficiency and performance, soundness of assets;
Company’s compliance with applicable laws and Company’s enactments, incl. Company’s operations and accounting;
Provision of integrity and timeliness of financial and other reporting.
For the purposes of the strategyNo.62-ref the Company has adopted Amended and Restated Policy of Internal Control at IDGC of Urals (OAO). The policy stipulates the goals, operations and elements of Company’s internal control, primary functions and liability of participants as well as procedure for IC efficiency evaluation. Besides, the Company enforces a range of bylaws to regulate IC-related issues No.63-68-ref.
Participants of the internal control system
Functions of the participants
|Board of Internal Auditors||
|Board of Directors||
|Board of Directors Audit Committee||
|Other Board of Directors Committees||
|General Director and Executive Board||
|Heads of units||
|Company’s employees, liable for control due to their duties||
|Task control units: Security Department||
|Anti-corruption Compliance Group||
|Legal Affairs Department||
|Unit, liable for internal control: Section for Oversight and Risks||
|Unit, liable for internal audit: Directorate of External Audit and Inspections||
To ensure that internal control system is efficient and meets ever-changing requirements and conditions, the Company evaluates its efficiency: whether it complies with target status and maturity level. The strategyNo.62-ref stipulates 6 maturity levels of the internal control system (from 1 «null» to 6 «high»).
In 2015 the Company conducted the following measures to improve its ICS:
Integration of ICS master elements and principles into the system of management and decision-taking::
- Implementation of risk-oriented internal audit, stipulating planning and conduct of inspections on risk-evaluation basis to concentrate on most vulnerable facilities and lines of operations (moving from cycle checks to checks on vital problems and issues);
- Setting of criteria for evaluation of IA&RM unit performance and for focus on requirements and expectations of a customer, launch of auditee feedback mechanism.
Implementation of the most efficient model of control functions ensuring a reasonable level of independency and objectivity:
- Analysis of leading practices and filing of possible target structures of control function with Company’s governing bodies;
- Conduct of cycle internal and independent external evaluations of the internal control system;
- Administrative reassignment of Internal Audit and Risk Management Department to the Company’s SEB;
- Release of Internal Audit and Risk Management Department from operating activities and alien functions
Development and implementation of standards of internal control, internal audit and risk management:
- Promotion of the Internal Auditor Ethics Code, stipulating criteria of loyal conduct and responsible behavior, drilling and training standards for internal auditors;
- Generation and update of IC&RM regulatory base;
- Generation and approval of primary RMS parameters: acceptable risk level (risk appetite) and key risk indicators;
- Conduct of trainings and seminars on internal control and risk management systems for structural units of the Company to enhance their engagement and quality of their contribution to the build-up, working maintenance and development of the internal control system with regard to their business processes to comply with sensitive external and internal environment;
- Further training of employees of Internal Audit and Control Department in various spheres of operations.
Promotion of these measures has lifted up the maturity level from 4 (2014) to 4.3 (2015) out of 6. Independent evaluation of ICS efficiency was conducted only by the Company’s internal auditor, with no external agencies engaged.
For the purposes of implementation of ICS development strategy the following measures are scheduled for 2016:
- Alignment and lock-up of the list of bylaws regarding internal control, internal audit and risk management.
- Informing of interested entities about regulatory base regarding internal control, internal audit and risk management.
- Alignment of the list of enforced bylaws and informing of interested entities on it.
- All revealed abuses and thefts should be processed in a proper manner.
- Periodic checks of control procedures efficiency should be provided for by process owners.
- Risks should be identified during both process and project approaches.
- Risk appetite should be set.
- Periodic checks of process efficiency should be provided for by process owners.
- Provision of control matrix generation and filling-in.
- Provision of functional liability matrix generation and filling-in.
- Procedures focusing on exposure of omissions, inaccuracy and mistakes as well as their correction should be provided for, when preparing reports in a non-automated manner
- Periodic checks whether control procedures are executed should be provided for and be obligatory recorded.
Internal audit unit
Directorate for Internal Audit and Inspections of Internal Audit and Control Department is a structural unit, liable for internal audit. IA unit is responsible to the Board of Directors (via the Audit Committee). This means that the Board of Directors oversees and administers IA unit. Namely, the Audit Committee approves the action plan for the unit, progress report, its budget as well as decides on assignment, dismissal and remuneration of the unit head.
Goals, principles, functions and authorities of internal audit are stipulated by the Internal Audit Policyno.69-ref. There are also several bylaws regulating internal auditNo.70-74-ref.
Key goals of internal audit are:
- Provision of the Board of Directors/Audit Committee and executive bodies with independent and unbiased guarantees that the Company has adequate systems of internal control, risk management and corporate governance;
- Counseling of executives with regard to the build-up of efficient systems of internal control, risk management and corporate governance.
The Company had 6 employees in charge of the internal audit in 2015. The internal auditor has conducted 14 inspections during the year. Follow-up control comprised 54 activities. 2015 IA control procedures prescribed 37 remedial actions to eliminate and prevent exposed violations and problems. All (18 out of 18) remedial actions, subject to performance during the reported year, were conducted.