Rosseti Yug 2023 Annual Report
ru

RISK MANAGEMENT, INTERNAL CONTROL AND INTERNAL AUDIT

INFORMATION ON THE INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM

Risk Management and Internal Control System (RM&ICS) is a set of organisational measures, methods, procedures, corporate culture practices and actions taken to achieve an optimal balance between the growth of the Company’s value, profitability and risks, to ensure financial stability, efficient conduct of business activities, safeguarding of assets, compliance with legislation, the Articles of Association and internal documents of the Company, timely preparation of reliable reporting.

The purpose of the RM&ICS is to provide reasonable assurance that the Company will achieve the goals of Rosseti Group’s development strategy, namely ensuring reliable, high-quality, and affordable power supply to consumers, as well as the operational business goals.

List of internal documents regulating the RM&ICS

The following internal documents were put in place in the Company in order to ensure the functioning of the RM&ICS:
  • Risk Management and Internal Control Policy of PJSC Rosseti South (approved by the Board of Directors of the Company, Minutes No. 525/2023 dated 8 June 2023)
  • Procedure for Organising Risk Management and Internal Control of PJSC Rosseti South (Order No. 300 dated 1 June 2023, as amended, Order No. 774 dated 18 December 2023)
  • Procedure for Determining the Preferred Risk (Risk Appetite) of PJSC Rosseti South (Order No. 626 dated 17 October 2023)
  • Glossary in the area of risk management and internal control of PJSC Rosseti South (Order No. 40 dated 24 January 2023)
  • Model List of Risks of PJSC Rosseti South and List of Risk Owners of PJSC Rosseti South (Order No. 415 dated 27 July 2023, as amended, Order No. 754 dated 8 December 2023)
  • Risk Assessment Methodology of PJSC Rosseti South (Order No. 471 dated 15 August 2023)
  • Procedure for Organising Risk Management and Internal Control to Prevent Corruption and Misconduct at PJSC Rosseti South (Order No. 494 dated 24 August 2023)
  • Regulations on Accounting for Inspections of PJSC Rosseti South and the Company’s S&As carried out by external control (supervision) bodies (Order No. 153 dated 22 March 2023)
  • Regulations for bankruptcy and liquidation proceedings in which PJSC South acts as a creditor (Order No. 414 dated 26 July 2023)

Pattern of interaction of RM&ICS participants

The Risk Management and Internal Control process covers all areas of activity and is exercised at all levels of corporate governance: the Board of Directors, authorised committees of the Board of Directors, the Audit Commission of the Company, executive bodies of the Company, managers and employees at all management levels of the Company, the Internal Control and Risk Management Department, and the Internal Audit Department.

Interaction of the Company’s RM&ICS participants
Shareholders

The Company has an Internal Control and Risk Management Department (hereinafter – RM&ICD).

Improvement of the RM&ICS in the reporting year

In 2023, the Company undertook the following key measures to improve the RM&ICS:

  • The Board of Directors of the Company approved the Risk Management and Internal Control Policy of PJSC Rosseti South and the updwated preferred risk (risk appetite) of PJSC Rosseti South.
  • Set of regulatory and methodological documents in the field of risk management and internal control was developed / updated:
    • Glossary in the field of risk management and internal control
    • Typical list of risks
    • Procedure for organising risk management and internal control
    • Procedure for determining the preferred risk (risk appetite)
    • Risk Assessment and Monitoring Methodology
  • Monthly monitoring of financial stability, support of liquidation and bankruptcy procedures of counterparties was carried out.
  • The Company organised training of its employees on building the RM&ICS.
  • PJSC Rosseti South approved the Procedure for organising risk management and internal control in prevention of corruption and misconduct, and updated risk matrices and control procedures for key processes to include and regulate corruption risks.

Plans for improvement of the RM&ICS for 2024

  • To carry out risk-oriented control activities: when reviewing materials submitted for approval by collegial bodies; when analysing information on audits carried out by external control (supervision) bodies; when assessing the targeted and timely expenditure of financial support to subsidiaries
  • To participate in internal audits, inspections of subsidiaries and training centres, audits of financial and economic activities of subsidiaries, and internal reviews
  • To take part in risk management in liquidation and bankruptcy proceedings
  • To improve approaches to integrating risk management into key business processes
  • To promote risk awareness, to conduct training events on the organisation and operation of the RM&ICS
The Company’s Risk Management and Internal Control Policy and the Regulations on the Department assign the following functions and tasks to the Department:
  • Co-ordinates risk management and internal control processes
  • Organises and conducts staff training in risk management and internal control
  • Analyses the risk portfolio and develops proposals on response strategy and reallocation of resources in relation to risk management
  • Generates risk reporting
  • Exercises operational control over the process of risk management by structural subdivisions
  • Conducts control activities in the field of organisation and functioning of the RM&ICS
  • Prepares and submits to the executive bodies information on the organisation, functioning and efficiency of the RM&ICS, as well as on other issues stipulated by the Policy

Assessment of RM&ICS Efficiency

The Internal Audit Department conducts an annual internal independent assessment of how effective the RM&ICS is.

The results of the RM&ICS efficiency assessment and recommendations designed to improve the efficiency of RM&ICS functioning are included in the internal auditor’s report submitted annually for consideration by the Company’s governance bodies.

The report of the internal audit on the assessment of the effectiveness of the RM&ICS for 2023 was considered at the meeting of the Board of Directors (Minutes No. 569/2024 dated 23 April 2024). As of the year-end 2023, RM&ICS maturity rated at 5.2 points out of 6.0 possible, which correponds to the “Optimal” level.

The effectiveness of the RM&ICS for 2023 was assessed in accordance with the updated Methodology for assessing the reliability and effectiveness of the risk management and internal control system approved by Order No. 808 dated 28 December 2023; therefore, the RM&ICS maturity level compared to the previous year is not assessed.

INTERNAL AUDIT

The internal audit function is exercised in the Company through the foundation of the internal audit department (detached subdivision) or the attraction of an independent third party (outsourcing). The Company’s Board of Directors decides on an optimal form of the internal audit function.

The Internal Audit Department is a subdivision responsible for the implementation of the internal audit function in the Company.

The internal audit is functionally accountable to the Company’s Board of Directors, i.e., the Board of Directors monitors and organises the internal audit activities, including approval of the Internal Audit Regulations, the Internal Audit Action Plan, the Report on the performance of that plan and the budget of the Internal Audit Unit, preliminary approves the decision on the appointment, termination of the Head of the Internal Audit Unit, as well as approves the terms and conditions of the employment agreement and remuneration of the head of internal audit, and reviews the results of the quality assessment of the internal audit function.

The purpose of internal audit is to assist the Company’s Board of Directors and executive bodies in improving the management of the Company and its financial and business activities, including through systemic and consistent analysis and assessment of risk management, internal controls and corporate governance as tools for providing reasonable assurance that the goals set for the Company will be achieved.

The goals and objectives, organisational and functional principles, roles and responsibilities of the Internal Audit Department are set out in the Internal Audit Policy of the Company as amended by the Board of Directors (Minutes No. 526/2023 dated 8 June 2023).

In 2023, the internal audit function comprised of six employees.

The Company approved the following documents regulating the internal audit function:
  • The Company’s Internal Audit Policy and the Code of Ethics for Internal Auditors approved by resolution of the Board of Directors on 8 June 2023 (Minutes No. 526/2023 dated 9 June 2023)
  • Regulations on the Internal Audit Department approved by a resolution of the Company’s Board of Directors on 31 December 2019 (Minutes No. 353/2020 dated 9 January 2020)
  • Internal Audit Assurance and Quality Improvement Programme approved by a resolution of the Board of Directors on 28 February 2022 (Minutes No. 468/2022 dated 3 March 2022)
  • Internal Standards for the internal audit functions and the practical application standards aligned with the International Standards for the Professional Practice of Internal Auditing

The Head of Internal Audit receives feedback from the Audit Committee (hereinafter referred to as the Audit Committee) in various forms in the course of interaction with the Audit Committee, including analysing decisions/recommendations of the Audit Committee on matters within the internal audit remit, as well as by means of questionnaire survey of the members of the Audit Committee.

Satisfaction quotient of the Audit Committee of the Board of Directors of the Company with the results of the work of the Internal Audit Function (average weighted score on the questionnaires of the members of the Audit Committee to the number of members of the Committee voted) according to the results of 2023 corresponds to the “fully consistent” assessment according to the Internal Audit Quality Assurance and Improvement Programme of the Company approved by the Board of Directors on 28 February 2022 (Minutes No. 468/2022 dated 3 March 2022).

Following the results of the external assessment of the Company’s internal audit activity conducted by JSC KPMG in 2019, the Action Plan for the development and improvement of the Company’s internal audit activity was prepared and approved (Minutes of the meeting of the Board of Directors No. 367/2020 dated 6 April 2020). The planned activities were fully accomplished by the end of 2023.

Pursuant to the resolution of the Board of Directors of the Company dated 15 September 2023 (Minutes No. 543/2023 dated 18 September 2023), the Board of Directors of the Company approved the Action Plan for the Professional Development of Internal Auditors at PJSC Rosseti South. The planned activities were fully accomplished by the end of 2023.

Remuneration SystemAudit Commission