4.7. Risk management and internal audit system
Description of the principles and approaches to organization of risk management and internal audit system
Pursuant to the paragraph 2 of the list of mandates of the President of the Russian Federation following the meeting on improving of the efficiency of state-owned companies dated 27.12.2014 №Pr-3013, the Directive of the Government of the Russian Federation dated 06.24.2015 №3984p-P13 (the letter from Federal Agency for State Property Management (Rosimushchestvo) dated 07.07.2015 №11/27343), the Company in 2015 year in accordance with the “Guidelines for the preparing of the Regulation on risks management system” (developed by the Ministry of Economic Development of Russia) developed “Regulations on the risks management system” (approved by the Resolution of Transneft PJSC Board of Directors dated 16.11.2015 year, Minutes № 28), which establishes the general principles of risks management system, its goals and objectives, common approaches to the organization, functions and responsibilities distribution between the subjects. Further improvement of the regulatory framework of the Company in terms of risks management was planned for 2016 year, in accordance with the Transneft PJSC Action Plan (Roadmap) on the implementation of the provisions of the Corporate Governance Code (approved by the Resolution of Transneft PJSC Board of Directors dated 18.09.2015 year, Minutes №23).
The core principles of RMS functioning are:
- cohesion and integration of approaches and risks management standards in the Company's corporate governance system;
- comprehensiveness and continuity of risks management in all areas of the Company business and all business processes;
- need for and adequacy of risks management efforts in order to ensure an acceptable level of risk at the maximum effective implementation of the goals and objectives of the Company's activities;
- providing of the RMS subjects with powers and resources (including information), necessary and sufficient to carry out the functions and activities of risks management;
- timeliness impacts on the risk due to predominantly preventive character of procedures and measures, as well as the availability of action plans at the implementation of risks;
- priority in the adoption of necessary and sufficient measures on critical risks management;
- regulation of risks management processes in accordance with the division of functional responsibilities of the RMS subjects;
- adaptability to change and continuous improvement of risks management systems.
Regulations contemplate the functioning of the Transneft PJSC Board of Risks Management as a permanent collegial body that provides overall coordination of the risks management systems at the level of operational management.
The specialized unit, ensuring operation of the Transneft PJSC risks management system, is a Risk Assessment Department, reporting to the first Vice President of Transneft PJSC (as a part of management of financial provision and risks assessment of the Transneft PJSC Department of Economics) . The main tasks and functions of the units are as follows:
- the overall coordination of risks management processes, including monitoring of the risks management process;
- developing of the necessary methodological and regulatory risks management documents and amendments thereto;
- development of parameters of risks management systems;
- training of employees of the Company in the sphere of risk management systems;
- maintenance of procedures of detection and identification of the risks by the structural divisions of the Company, including the use of the results of the control procedures of the internal audit department;
- creating and updating of the Company's risks register and approval of the access to it of other divisions and units of the Company;
- consolidation of information and training materials on the issues of functioning of the risks management systems, including all kinds of reporting on risks;
- consultative and methodological support of the analysis processes and risks assessment, together with divisions and units of the Company;
- participation in the quantitative assessment of critical risks.
In Transneft PJSC there is an internal audit system aimed at improving of corporate management, ensuring of Transneft PJSC business efficiency and effectiveness, safety and reliability of financial reporting and the compliance of Transneft PJSC business activity with the applicable law and the rules of law governing its business. Regulations on Internal Audit Procedures of the Public Oil Transport Company Transneft, PJSC, which is a key internal normative document regulating the function of internal audit approved by the Resolution of Transneft PJSC Board of Directors dated 10.09.2009 year (Minutes number 12).
In order to prevent risks in the financial and economic activity, the timely adoption of remedial measures and measures on identification and mobilization of internal opportunities and profit reserves, assistance in the management of Transneft PJSC in the effective implementation of administrative functions, the internal audit performs the following tasks:
- ensuring of investors’ confidence, protection of shareholders investments and assets;
- maintaining of a high level of goodwill of PJSC Transneft;
- ensuring of the completeness and accuracy of financial and management reporting;
- ensuring of compliance with the normative legal acts of the Russian Federation, resolutions of regulatory bodies and local regulations;
- safeguarding of assets and efficient use of resources;
- ensuring of compliance with the financial and economic plans.
The Policy of the Company in the sphere of internal audit is defined by the Regulation on internal audit (approved by the Resolution of Transneft PJSC Board of Directors dated 16.11.2015 year (Minutes №28). According to this document the internal audit - is an activity aimed at assistance to the Company’s governance body, entities of Transneft system (hereinafter - ETS) in improving of efficiency of management with the Transneft system, the Company, ETS, improving of their financial and economic activity through a systematic and consistent approach to the analysis and assessment of the risks management system, internal audit and corporate management system of Transneft , the Company and ETS.
The Department of Internal Audit and Analysis of Core Business Activities performs function of the internal audit in the Company and ETS.
Within the internal audit there is performed the following:
- 1. Assessment of the internal audit system efficiency:
- analysis of compliance of business-processes objectives, projects, structural divisions of the Company, ETS with the goals of Transneft system, the Company, ETS, control of ensuring of the efficiency, reliability, business-processes (activity) and information systems integrity, including the reliability of countering against illegal actions, abuses and corruption;
- verification of the reliability of the accounting (financial), statistical, administrative and other reports, determining how the results of the activities of business processes and structural units of the Company, ETS meet the planned objectives;
- determination of the adequacy of the criteria established for the analysis of the degree of performance (achievement) of the planned objectives;
- identification of weaknesses in internal audit systems, which deny (denied) Transneft system, the Company, ETS to achieve its goals;
- evaluation of the results of the implementation (realization) of measures on elimination of the violations, deficiencies and improvement of the internal audit system implemented by the Company, ETS at all levels of management;
- verification of the effectiveness and appropriateness of use of the Company's and ETS resources;
- verification of safeguard of the assets of the Company and ETS;
- verification of compliance with legal requirements, the Company and ETS Charters, normative documents of the Company and ETS.
- 2. Assessment of risks management system efficiency:
- control of the adequacy and maturity of the items of risks management systems of Transneft system, the Company and ETS for effective risks management: goals and objectives, the infrastructure, including the organizational structure, automation equipment, etc., the organization processes, legal and methodological support, the interaction of structural units within the risks management system, reporting;
- verification of the completeness and correctness of the identification of risks assessment by management of the Company and ETS at all levels of management;
- verification of the effectiveness of control procedures and other risks management measures, including efficient use of resources allocated for this purposes;
- analysis of information on realized risks (including the violations identified following the results of the control, the facts of failure to reach these goals, the facts of proceedings and in other cases).
- 3. Assessment of the corporate management:
- verification of compliance with ethical principles and corporate values of Transneft system, the Company and ETS;
- verification of the order of setting the goals of Transneft system, the Company and ETS and monitoring / control of their achievement;
- verification of the level of regulatory support, and procedures of information exchange (including on risks management and internal audit issues) at all levels of management of Transneft system, the Company and ETS, including the interaction with related parties;
- verification of granting the shareholders with their rights, including controlled companies, and effectiveness of relationships with related parties;
- verification of information disclosure procedures on the activities of Transneft system, the Company and ETS.
The list of the internal documents regulating the functions of the internal audit and issues on activity of the risks management and internal audit system:
- Regulation on the internal audit (approved by the Resolution of Transneft PJSC Board of Directors dated 16.11.2015 year (Minutes № 28);
- Regulation on the department of the internal audit and analysis of core business activities of Transneft PJSC dated 08.12.2015 year №08-03/001;
- Regulation on the risks management system approved by the Resolution of Transneft PJSC Board of Directors dated 16.11.2015 year (Minutes № 28).
- Regulation on the procedures of the internal audit approved by the Resolution of Transneft PJSC Board of Directors dated 10.09.2009 year (Minutes № 12).