Internal control is an integral component of Company’s governing system, focused to ensure reasonable guarantees that the goals below are achieved:
- Company’s efficiency and performance, including achievement of financial and operational indicators, soundness of assets;
- Company’s compliance with applicable laws and Company’s enactments, incl. Company’s operations and accounting;
- Provision of integrity and timeliness of financial and other reporting.
Internal control covers all lines of Company’s operations, with all processes regularly controlled at all management levels. The Company’s system of internal control functions in line with the “three lines of defense” model. This model means that internal control is enforced on three levels:
- First line of defense: management bodies (sole and collegiate executive bodies), units in charge of the control procedure due to their duties;
- Second line of defense: Company's control units;
- Third line of defense: Internal Audit units.
Functions of the system players are stipulated by the Company’s Internal Control Policy, Regulations on the structural units.
The Company enforces the Procedure of implementation of the Internal Control Policy, disclosing practical aspects related to application of the norms, set by the Internal Control Policy. Control procedures on core and auxiliary processes, subprocesses and governance processes are stipulated by control and risk matrices. Pursuant to the decree ICS improvement plans are in progress after adoption.
To guarantee the ICS efficiency and compliance with changing requirements and conditions, the Company’s internal auditor evaluates efficiency of the system, its compliance with target state and maturity level. The internal auditor has conducted internal independent evaluation of ICS efficiency. There was no external independent evaluation. The ICS maturity level was assessed as “optimal” in 2017[82, 83], with it being between “moderate” and “optimal” in 2016.
During the reported period the Company has carried out the following activities focusing on ICS perfection:
- Adoption of the Procedure of Implementation of the OAO IDGC of Urals Internal Control Policy, providing detailed disclosures related to implementation of the Policy’s provisions.
- Continuation of description of all core processes in line with the project-based approach (26 processes have control procedures schemes and matrices).
- Implementation of project-based approach philosophy into development, implementation and enhancement of performance of the integrated management system, with a need of risk identification and management being enshrined.
- Arrangement of centralized training of ICS and RMS participants (595 employees).
- Process owners are set to conduct efficiency and control procedures execution evaluation.
The Internal Audit Department is a unit, liable for internal audit. The Internal Audit Department is responsible to the Company’s Board of Directors. This means that the Board of Directors oversees and administers the unit (namely, adoption of the unit’s action plan, progress report, its budget as well as assignment, dismissal and remuneration of the unit head). The goal of internal audit is to assist the Board of Directors and executive bodies of the Company in enhancing efficacy of governance and improving its financial and economic performance, by enforcing systematic and coherent approach to analysis and evaluation of the systems of risk management, internal control and corporate governance as instruments of reasonable assurance in Company’s goal achievement. Goals and objectives, principles of IA rollout and functioning, functions and authorities of the internal audit are stipulated by the Internal Audit Policy.
The Company had 6 employees in charge of the internal audit in 2017.
The Company has adopted the following bylaws regulating internal audit function:
- The Company’s Internal Audit Policy and Internal Auditor Ethics Code;
- The Regulations on the Internal Audit Department;
- The Guarantee and Enhanced Quality of Internal Audit Program ;
- The Internal audit standards and standards of practical application, developed to comply with the International Professional Internal Audit Standards.
The Board of Directors Audit Committee evaluates the efficiency of internal audit. The Committee’s feedback is delivered to the head of the internal audit unit through head’s interaction with the Committee, incl. analysis of resolutions/ recommendations of the Committee on matters falling under the competence of the internal audit unit and questionnaire survey of the Committee members. Satiation of the Audit Committee with the performance of the internal audit unit (average weighted total points from the questionnaires / quantity of votes Committee members) in 2017 corresponds with “compliance” estimation value, as stated in еhe Guarantee and Enhanced Quality of Internal Audit Program.
The Company’s Internal Audit Enhancement Action Plan for 2017-2019 was prepared and adopted by the Board of Directors on 26.06.2017.