Internal Control and Risk Management System
Seeing the completion of the Company’s restructuring in 2023, active efforts were made to update the methodological framework, and regulations were adopted that govern updated approaches to the organisation and functioning of the Rosseti Group’s Risk Management and Internal Control System (RM&ICS).
The Risk Management and Internal Control Policy of PJSC Rosseti and subsidiaries (the Rosseti Group)Resolution of the Board of Directors of the Company dated 17 April 2023 (Minutes No. 616 dated 18 April 2023) was approved in 2023 in order to implement and maintain an effective RM&ICS that complies with generally accepted practices and standards of risk management and internal control, as well as with the requirements of regulators. This policy outlines the goals of the Company’s RM&ICS functioning, the primary roles and responsibilities of RM&ICS participants, and forms of RM&ICS efficiency assessment.
In addition, the Risk Management and Internal Control Arrangement Procedure of PJSC Rosseti and subsidiaries (the Rosseti Group)Company Order No. 203 dated 15 May 2023 (as amended by Order No. 575 dated 12 December 2023). was approved to stipulate hands‑on aspects of the application of the rules set forth in the Risk Management and Internal Control Policy of PJSC Rosseti and its subsidiaries (the Rosseti Group). The control matrices (matrices of risk and control procedures) contain the control procedures for the core and supporting business operations, as well as the management Processes of the company.
The following regulatory documents in the field of risk management and internal control have been in force in the Company since 2023:
- Glossary on risk management and internal controlCompany Order No. 8 dated 12 January 2023
- RM&ICS Development ProgrammeCompany Order No. 208 dated 19 May 2023.
- Preparation guidelines for a report on the organisation, functioning and effectiveness of RM&ICSCompany Order No. 209 dated 19 May 2023.
- Typical list of risksCompany Order No. 69 dated 16 February 2023 (as amended by Order No. 479 dated 31 October 2023)
- Risk Assessment and Monitoring MethodologyCompany Order No. 516 dated 23 November 2023.
- Risk Appetite Determination ProcedureCompany Order No. 423 dated 25 September 2023.
Risk Management and Internal Control System (RM&ICS) is a set of organisational measures, methods, procedures, corporate culture practices and actions taken to achieve an optimal balance between the growth of the Company’s value, profitability and risks, to ensure financial stability, efficient conduct of business activities, safeguarding of assets, compliance with legislation, the Articles of Association and internal documents of the Company, timely preparation of reliable reporting.
The purpose of the RM&ICS is to provide reasonable assurance that the Rosseti Group will achieve the goals of Rosseti Group’s development strategy, namely ensuring reliable, high‑quality, and affordable power supply to consumers, as well as the operational business goals of PJSC Rosseti and its subsidiaries.
The RM&ICS is an integral part of the strategic planning and decision‑making system at PJSC Rosseti and its subsidiaries at all governance levels.
Risk Management imply coordinated actions to risk‑based steering, control and management of the Company.
Internal Control is a process carried out by the Company’s Board of Directors, the Company’s Audit Commission, the Company’s executive bodies and employees at all levels of management to obtain reasonable assurance that the Company provides:
- Efficiency and effectiveness of its activities, including achievement of financial and operational indicators, and safeguarding of assets
- Reliability, completeness and timeliness of accounting (financial) accounts and other types of reporting
- Compliance with applicable laws and regulations, as well as the Company’s internal regulatory documents
Relationship between the RM&ICS Participants
The highest level of risk that may be taken on and still be supported by the Rosseti Group in order to accomplish the objectives of the Company and its subsidiaries is known as risk appetite. Company Order No. 423 dated 25 September 2023 approved the Risk Appetite Determination Procedure of PJSC Rosseti and its Subsidiaries (the Rosseti Group), which establishes principles and approaches to determining and reviewing the preferred risk (risk appetite) of the Company and its Subsidiaries.
Risk Appetite Targets
Assessment of RM&ICS Efficiency
The Company’s internal auditor assesses the efficiency of the Risk Management and Internal Control (RM&ICS), including its compliance with the target state and maturity level, in order to make sure that it continues to meet objectively changing requirements and conditions.
The Company’s internal auditor annually assesses the RM&ICS of the Company and the Group of companies and its compliance with the target state and maturity level. Six maturity levels are in place in the Company.
The report of PJSC Rosseti’s internal auditor on the results of the assessment of the effectiveness of the internal control system (ICS) and risk management system (RMS) at the Rosseti Group for 2022 was reviewed by the Audit Committee on 30 August 2023 (Minutes No. 161 dated 30 August 2023) and approved by the Board of Directors on 3 November 2023 (Minutes No. 631 dated 7 November 2023), taking into account the Committee’s recommendations.
The summarised assessment of ICS and RMS efficiency for the Rosseti Group at the end of 2022 was 5.1 points and 4.8 points, respectively, out of a possible 6 points, which, according to the applicable assessment scale, makes it possible to assess the ICS and RMS maturity level as “optimal” at the current stage.
The internal auditor’s report on the results of the assessment of the Rosseti Group’s RM&ICS efficiency for 2023 will also be submitted to the Audit Committee for review and to the Company’s Board of Directors for approval.
Improvement of the RM&ICS
The Company sees to it that the RM&ICS is continuously developed and improved, keeping in mind the requirement to handle new tasks and adjustments to the internal and external situations affecting the Group’s operation.