4.1

Internal control

Internal control is an integral component of Company’s governing system.

Internal control covers all lines of Company’s operations, all processes are regularly controlled at all management levels to ensure reasonable guarantees that the goals below are achieved:

Company’s efficiency and performance, soundness of assets;

Company’s compliance with applicable laws and Company’s enactments, incl. Company’s operations and accounting;

Provision of integrity and timeliness of financial and other reporting.

...

For the purposes of the strategyNo.62-ref the Company has adopted Amended and Restated Policy of Internal Control at IDGC of Urals (OAO). The policy stipulates the goals, operations and elements of Company’s internal control, primary functions and liability of participants as well as procedure for IC efficiency evaluation. Besides, the Company enforces a range of bylaws to regulate IC-related issues No.63-68-ref.

Participants of the internal control system

...

*Unit, liable for internal control: Section for control and risks;

**Task control units: Security Department, Anti-corruption Compliance Group, Legal Affairs Department;

***Unit, liable for internal audit: Directorate for Internal Audit and Inspections.

Functions of the participants

Participant Primary functions****
Board of Internal Auditors
  • Oversight of Company’s financial and economic operations, followed up by recommendations/proposals with regard to IC improvement;
  • Independent evaluation of integrity of data presented by the Company’s annual report and annual financial statements
Board of Directors
  • Outlining of principles and approaches with regard to arrangement of internal control and strategy for its development and improvement;
  • Oversight and arrangement of internal audit;
  • Oversight of Company’s executive bodies in key aspects of activities
Board of Directors Audit Committee
  • Preview of Company’s bylaws on the structure, development and improvement strategy of Company’s internal control prior to Board’s approval
  • Preview of IC efficiency evaluation results, prepared in line with internal auditor’s IC efficiency report as well as external independent evaluation reports, prior to Board’s approval and generation of proposals/recommendations to improve internal control;
  • Preview of issues on arrangement and performance of internal audit prior to Board’s approval;
  • Supervision of reliability and efficiency of internal control with regard to issues related to integrity of Company’s reporting, supervision of selection of external auditor and external audit; oversight whether regulatory requirements are complied with, as well as review of analysis and evaluation of the policy of internal control
Other Board of Directors Committees
  • Supervision whether financial and operational indicators are achieved, applied laws or rules and procedures, stipulated by local enactments, are complied with as well as whether Company’s reporting are accurate and on schedule (within their competence, set by the Board of Directors)
General Director and Executive Board
  • Provision of efficient and reliable internal control, established and applied by the Company on a daily basis
Heads of units
  • Arrangement of efficient control environment for supervised processes, responsibility for efficiency and achievement of process goals and performance of control procedures
Companys employees, liable for control due to their duties
  • Performance of control procedures as parts of internal control, consistent with their job descriptions and regulatory documents
  • Provision of on-schedule reporting to direct supervisors on cases when control procedures cannot be performed due to certain barriers and/or require redesigning, caused by changes of internal and/or external environment of Company’s operations, incl. oversight of generation and filing with the supervisors of proposals to implement control procedures into relevant spheres of operations
Task control units: Security Department
  • Determination of spheres to be protected in terms of economic resilience, cyber or physical security
  • Arrangement of anti-threat system and performance of activities to fight potential internal and external threats, abuse or fraud during commercial operations
  • Administration and conduct of internal investigations with regard to damages of the Company
  • Oversight whether contractors discharge contractual liabilities or not, assistance of structural units and branches in partnerships in terms of economic resilience and damage prevention
  • Conduct of measures to reveal, prevent and hinder activities of legal entities and individuals with intention or actions to cause damage or illegally interfere into operations of Company’s production facilities
Anti-corruption Compliance Group
  • Arrangement of anti-corruption compliance system, aimed at prevention, exposure, suppression of corrupt practices and minimization of corruption risks: generation of anti-corruption policy, unified rules, standards and principles to prevent violations of laws, abuses and conflict of interests
  • Arrangement of disclosure of information on conflict of interests, analysis of obtained information, preparation of materials to be examined by the Conflict Commission of the Company
  • Examination of credibility of information, filed by the heads of Company’s HQ and branch units in revenues, properties and liabilities statements, incl. exposure of conflict of interests
  • Participation in anti-corruption control of procurements of Company’s HQ and branches
Legal Affairs Department
  • Company’s litigation support in commercial courts, regular courts, mediation courts, administrative proceedings
  • Protection of Company’s interests during enforcement proceedings as well as liquidation, restructuring and bankruptcy of Company’s debtors
  • Legal expertise and approval in the prescribed manner of drafts of Company’ civil contracts, orders and decrees
  • Preparation of drafts of Company-related enactments, legal expertise of such documents, as requested by Company’s units, preparation of proposals to be included into drafts of statutes and other enactments, prepared by relevant state instrumentalities and filed with the Company for examination
  • Company’s litigation support in disputing various enactments in state, regional and local executive and legislative instrumentalities, all organizations and institutions in Russia, commercial and regular courts
  • Preparation and legal expertise of statements, applications, letters, appeals, claims of the Company to be filed with legislative and executive instrumentalities, judicial authorities and enforcement agencies
  • Legal defense of Company’s employees in furtherance of their duties
  • Generation of legal guidelines and similar documents
  • Monitoring of judicial disputes, arbitration and administrative proceedings
  • Coordination of filings on preparation of enactments and guidelines with federal legislative and executive bodies
Unit, liable for internal control: Section for Oversight and Risks
  • Preparation and provision of key guidelines on how to build and improve internal control;
  • Coordination of maintenance and monitoring of IC target status;
  • Preparation of information on the status of internal control for related parties
Unit, liable for internal audit: Directorate of External Audit and Inspections
  • Preparation of post-IA recommendations on how to improve control procedures, several components of internal control and IC system;
  • Internal independent evaluation of ICS efficiency and preparation of recommendations to enhance ICS efficiency and performance

To ensure that internal control system is efficient and meets ever-changing requirements and conditions, the Company evaluates its efficiency: whether it complies with target status and maturity level. The strategyNo.62-ref stipulates 6 maturity levels of the internal control system (from 1 «null» to 6 «high»).

In 2015 the Company conducted the following measures to improve its ICS:

  1. Integration of ICS master elements and principles into the system of management and decision-taking::
    1. Implementation of risk-oriented internal audit, stipulating planning and conduct of inspections on risk-evaluation basis to concentrate on most vulnerable facilities and lines of operations (moving from cycle checks to checks on vital problems and issues);
    2. Setting of criteria for evaluation of IA&RM unit performance and for focus on requirements and expectations of a customer, launch of auditee feedback mechanism.
  2. Implementation of the most efficient model of control functions ensuring a reasonable level of independency and objectivity:
    1. Analysis of leading practices and filing of possible target structures of control function with Company’s governing bodies;
    2. Conduct of cycle internal and independent external evaluations of the internal control system;
    3. Administrative reassignment of Internal Audit and Risk Management Department to the Company’s SEB;
    4. Release of Internal Audit and Risk Management Department from operating activities and alien functions
  3. Development and implementation of standards of internal control, internal audit and risk management:
    1. Promotion of the Internal Auditor Ethics Code, stipulating criteria of loyal conduct and responsible behavior, drilling and training standards for internal auditors;
    2. Generation and update of IC&RM regulatory base;
    3. Generation and approval of primary RMS parameters: acceptable risk level (risk appetite) and key risk indicators;
    4. Conduct of trainings and seminars on internal control and risk management systems for structural units of the Company to enhance their engagement and quality of their contribution to the build-up, working maintenance and development of the internal control system with regard to their business processes to comply with sensitive external and internal environment;
    5. Further training of employees of Internal Audit and Control Department in various spheres of operations.

Promotion of these measures has lifted up the maturity level from 4 (2014) to 4.3 (2015) out of 6. Independent evaluation of ICS efficiency was conducted only by the Company’s internal auditor, with no external agencies engaged.

For the purposes of implementation of ICS development strategy the following measures are scheduled for 2016:

  1. Alignment and lock-up of the list of bylaws regarding internal control, internal audit and risk management.
  2. Informing of interested entities about regulatory base regarding internal control, internal audit and risk management.
  3. Alignment of the list of enforced bylaws and informing of interested entities on it.
  4. All revealed abuses and thefts should be processed in a proper manner.
  5. Periodic checks of control procedures efficiency should be provided for by process owners.
  6. Risks should be identified during both process and project approaches.
  7. Risk appetite should be set.
  8. Periodic checks of process efficiency should be provided for by process owners.
  9. Provision of control matrix generation and filling-in.
  10. Provision of functional liability matrix generation and filling-in.
  11. Procedures focusing on exposure of omissions, inaccuracy and mistakes as well as their correction should be provided for, when preparing reports in a non-automated manner
  12. Periodic checks whether control procedures are executed should be provided for and be obligatory recorded.

Internal audit unit

Directorate for Internal Audit and Inspections of Internal Audit and Control Department is a structural unit, liable for internal audit. IA unit is responsible to the Board of Directors (via the Audit Committee). This means that the Board of Directors oversees and administers IA unit. Namely, the Audit Committee approves the action plan for the unit, progress report, its budget as well as decides on assignment, dismissal and remuneration of the unit head.

Goals, principles, functions and authorities of internal audit are stipulated by the Internal Audit Policyno.69-ref. There are also several bylaws regulating internal auditNo.70-74-ref.

Key goals of internal audit are:

  1. Provision of the Board of Directors/Audit Committee and executive bodies with independent and unbiased guarantees that the Company has adequate systems of internal control, risk management and corporate governance;
  2. Counseling of executives with regard to the build-up of efficient systems of internal control, risk management and corporate governance.
...

The Company had 6 employees in charge of the internal audit in 2015. The internal auditor has conducted 14 inspections during the year. Follow-up control comprised 54 activities. 2015 IA control procedures prescribed 37 remedial actions to eliminate and prevent exposed violations and problems. All (18 out of 18) remedial actions, subject to performance during the reported year, were conducted.

...

The Audit Committee oversees the execution of remedial actions. It continuously examines executives’ progress reports, prepared with regard to elimination of problems, exposed by the Board of Internal Auditors, internal auditor and watchdogs.