Internal Control and Risk Management System

Seeing the completion of the Company’s restructuring in 2023, active efforts were made to update the methodological framework, and regulations were adopted that govern updated approaches to the organisation and functioning of the Rosseti Group’s Risk Management and Internal Control System (RM&ICS).

The Risk Management and Internal Control Policy of PJSC Rosseti and subsidiaries (the Rosseti Group)Resolution of the Board of Directors of the Company dated 17 April 2023 (Minutes No. 616 dated 18 April 2023) was approved in 2023 in order to implement and maintain an effective RM&ICS that complies with generally accepted practices and standards of risk management and internal control, as well as with the requirements of regulators. This policy outlines the goals of the Company’s RM&ICS functioning, the primary roles and responsibilities of RM&ICS participants, and forms of RM&ICS efficiency assessment.

In addition, the Risk Management and Internal Control Arrangement Procedure of PJSC Rosseti and subsidiaries (the Rosseti Group)Company Order No. 203 dated 15 May 2023 (as amended by Order No. 575 dated 12 December 2023). was approved to stipulate hands‑on aspects of the application of the rules set forth in the Risk Management and Internal Control Policy of PJSC Rosseti and its subsidiaries (the Rosseti Group). The control matrices (matrices of risk and control procedures) contain the control procedures for the core and supporting business operations, as well as the management Processes of the company.

The following regulatory documents in the field of risk management and internal control have been in force in the Company since 2023:

  • Glossary on risk management and internal controlCompany Order No. 8 dated 12 January 2023
  • RM&ICS Development ProgrammeCompany Order No. 208 dated 19 May 2023.
  • Preparation guidelines for a report on the organisation, functioning and effectiveness of RM&ICSCompany Order No. 209 dated 19 May 2023.
  • Typical list of risksCompany Order No. 69 dated 16 February 2023 (as amended by Order No. 479 dated 31 October 2023)
  • Risk Assessment and Monitoring MethodologyCompany Order No. 516 dated 23 November 2023.
  • Risk Appetite Determination ProcedureCompany Order No. 423 dated 25 September 2023.

Risk Management and Internal Control System (RM&ICS) is a set of organisational measures, methods, procedures, corporate culture practices and actions taken to achieve an optimal balance between the growth of the Company’s value, profitability and risks, to ensure financial stability, efficient conduct of business activities, safeguarding of assets, compliance with legislation, the Articles of Association and internal documents of the Company, timely preparation of reliable reporting.

The purpose of the RM&ICS is to provide reasonable assurance that the Rosseti Group will achieve the goals of Rosseti Group’s development strategy, namely ensuring reliable, high‑quality, and affordable power supply to consumers, as well as the operational business goals of PJSC Rosseti and its subsidiaries.

The RM&ICS is an integral part of the strategic planning and decision‑making system at PJSC Rosseti and its subsidiaries at all governance levels.

Risk Management imply coordinated actions to risk‑based steering, control and management of the Company.

Internal Control is a process carried out by the Company’s Board of Directors, the Company’s Audit Commission, the Company’s executive bodies and employees at all levels of management to obtain reasonable assurance that the Company provides:

  • Efficiency and effectiveness of its activities, including achievement of financial and operational indicators, and safeguarding of assets
  • Reliability, completeness and timeliness of accounting (financial) accounts and other types of reporting
  • Compliance with applicable laws and regulations, as well as the Company’s internal regulatory documents

Relationship between the RM&ICS Participants

The highest level of risk that may be taken on and still be supported by the Rosseti Group in order to accomplish the objectives of the Company and its subsidiaries is known as risk appetite. Company Order No. 423 dated 25 September 2023 approved the Risk Appetite Determination Procedure of PJSC Rosseti and its Subsidiaries (the Rosseti Group), which establishes principles and approaches to determining and reviewing the preferred risk (risk appetite) of the Company and its Subsidiaries.

The risk appetite of the Rosseti Group was approved by the resolution of the Board of Directors (Minutes No. 626 dated 4 August 2023).
Power lines

Risk Appetite Targets

The Rosseti Group ensures reliable and high‑quality power supply

The Rosseti Group strives to reduce (minimise) its negative environmental impact

The Rosseti Group ensures implementation of the obligations under the Occupational Health and Safety Policy, development and improvement of the occupational health and safety management system and safety culture

The Rosseti Group ensures that shareholder rights are respected

The Rosseti Group ensures the development and increased availability of power grid infrastructure

The Rosseti Group does not tolerate violations of the requirements established by the laws of the Russian Federation

The Rosseti Group strives to reduce electricity losses during transmission and distribution

The Rosseti Group strives to ensure technological and innovative development by making and integrating scientific developments

The Rosseti Group strives to maintain a stable financial position

The Rosseti Group ensures the development of the power grid complex’s human resources potential and maintains a consistently high staffing level

Assessment of RM&ICS Efficiency

The Company’s internal auditor assesses the efficiency of the Risk Management and Internal Control (RM&ICS), including its compliance with the target state and maturity level, in order to make sure that it continues to meet objectively changing requirements and conditions.

The Company’s internal auditor annually assesses the RM&ICS of the Company and the Group of companies and its compliance with the target state and maturity level. Six maturity levels are in place in the Company.

The report of PJSC Rosseti’s internal auditor on the results of the assessment of the effectiveness of the internal control system (ICS) and risk management system (RMS) at the Rosseti Group for 2022 was reviewed by the Audit Committee on 30 August 2023 (Minutes No. 161 dated 30 August 2023) and approved by the Board of Directors on 3 November 2023 (Minutes No. 631 dated 7 November 2023), taking into account the Committee’s recommendations.

The summarised assessment of ICS and RMS efficiency for the Rosseti Group at the end of 2022 was 5.1 points and 4.8 points, respectively, out of a possible 6 points, which, according to the applicable assessment scale, makes it possible to assess the ICS and RMS maturity level as “optimal” at the current stage.

The internal auditor’s report on the results of the assessment of the Rosseti Group’s RM&ICS efficiency for 2023 will also be submitted to the Audit Committee for review and to the Company’s Board of Directors for approval.

Power lines

Improvement of the RM&ICS

The Company sees to it that the RM&ICS is continuously developed and improved, keeping in mind the requirement to handle new tasks and adjustments to the internal and external situations affecting the Group’s operation.

Key measures to improve the IRM&ICS taken in 2023:
  • Set of regulatory and methodological documents in the field of risk management and internal control was developed / updated
  • Preferred risk (risk appetite) of the Rosseti Group was updated
  • The following training events were held for employees of the Rosseti Group on the organisation and operation of the risk management and internal control system:
    • Knowledge Days (four training sessions)
    • Conferences on pressing issues and development strategy of the risk management and internal control system
Plans for improvement of the RM&ICS in 2024
  • To exercise additional control with the participation of the Department of Internal Control and Risk Management in collegial bodies
  • To carry out risk‑oriented control activities: when reviewing materials submitted for approval by collegial bodies; when analysing information on audits carried out by external control (supervision) bodies; when assessing the targeted and timely expenditure of financial support to subsidiaries
  • To implement unified standards and principles for controlling the financial stability of counterparties of the Rosseti’s Group of companies. To take part in risk management in liquidation and bankruptcy proceedings
  • To promote risk awareness, to conduct training events on the organisation and operation of the RM&ICS