Rosseti Yug 2024 Annual Report
  • ru

    • Risk Management, Internal Control and Internal Audit

    Internal Control and Risk Management System

    The purpose of the internal control and risk management system (RM&ICS) is to provide reasonable assurance that the Company will achieve the goals of Rosseti Group’s development strategy, namely ensuring reliable, high-quality, and affordable power supply to consumers, as well as the operational business goals.

    List of internal documents regulating the RM&ICS

    • Risk management and internal control policy (decision of the Board of Directors dated 7 June 2023, Minutes No. 525/2023 dated 8 June 2023)
    • Preferred risk (risk appetite) (decision of the Board of Directors dated 5 October 2023, Minutes No. 546/2023 dated 6 October 2023)
    • RM&ICS Development Programme (Decree No. 302 dated 1 June 2023, No. 669 dated 8 November 2024)
    • Procedure for organising risk management and internal control (Order No. 564 dated 24 September 2024)
    • Risk assessment and monitoring methodology (Order No. 15 dated 15 January 2024)
    • Procedure for determining preferred risk (risk appetite) (Order No. 626 dated 17 October 2023)
    • Glossary on risk management and internal control (Order No. 40 dated 24 January 2023)
    • Risk register (decision of the Management Board dated 14 December 2023, Minutes No. 535 dated 14 December 2023)
    Pattern of interaction of RM&ICS participants
    interaction participants

    Information on the results of the internal audit assessment of the RM&ICS for the reporting year

    The Internal Audit Department conducts an annual internal independent assessment of how effective and reliable the RM&ICS is.

    The results of the RM&ICS reliability and efficiency assessment and recommendations designed to improve the efficiency of RM&ICS functioning are included in the internal auditor’s report submitted annually for consideration by the Company’s governance bodies.

    The internal audit report for 2023 was reviewed at the meeting of the Board of Directors (Minutes No. 569/2024 dated 23 April 2024). At the end of 2023, the maturity level of the RM&ICS was assessed at 5.2 (the average score for all criteria was 334).

    Based on the results of the assessment of the quality of the Company’s internal audit activities for 2024, the current status of the internal audit function was rated at 3.9 points, which corresponds to an intermediate level between ‘generally compliant’ and ‘fully compliant’.

    List of key measures aimed at improving the RM&ICS taken during the reporting year

    In 2024, the Company undertook the following key measures to improve the RM&ICS:

    1. Regulatory and methodological documents on risk management and internal control were developed / updated:
      • Procedure for organising risk management and internal control
      • Risk management and internal control system development programme
      • Format of the report on the organisation, functioning and effectiveness of the risk management and internal control system, format of the risk management report
      • Risk assessment and monitoring methodology
      • Risk register for 2024
      • Process management documents, risk matrices and control procedures
    2. Monthly monitoring of financial stability, support of liquidation and bankruptcy procedures of counterparties was carried out.
    3. The Company organised training of its employees on building the RM&ICS.

    Main areas for improvement of the RM&ICS for the next year

    • Decomposition and interconnection of corporate-level risks with business process risks
    • Upgrading of the risk assessment and monitoring methodology
    • Participation in training events for employees of Rosseti Group companies on the organisation and functioning of the RM&ICS
    • Participation in internal audits, inspections of subsidiaries and training centres, audits of financial and economic activities of subsidiaries, and internal reviews
    • Participation in risk management in liquidation and bankruptcy proceedings
    • Completion of training in qualifications based on the professional standard on Internal Control Specialist (Internal Controller)

    Internal audit

    The internal audit function is exercised in the Company through the foundation of the internal audit department (detached subdivision) or the attraction of an independent third party (outsourcing). The Company’s Board of Directors decides on the most optimal form of the internal audit function.

    The Internal Audit Department is a subdivision responsible for the implementation of the internal audit function in the Company.

    The purpose of internal audit is to assist the Company’s Board of Directors and executive bodies in improving the management of the Company and its financial and business activities, including through systemic and consistent analysis and assessment of risk management, internal controls and corporate governance as tools for providing reasonable assurance that the goals set for the Company will be achieved.

    The goals and objectives, organisational and functional principles, roles and responsibilities of the Internal Audit Department are set out in the Internal Audit Policy of the Company as amended by the Board of Directors (Minutes No. 526/2023 dated 9 June 2023).

    In 2024, the internal audit function comprised of six employees.

    The Company approved the following documents regulating the internal audit function:
    • Internal Audit Policy of the Company and the Code of Internal Audit Ethics approved by the decision of the Board of Directors on 8 June 2023 (Minutes No. 526/2023 dated 9 June 2023)
    • Regulations on the Internal Audit Department, agreed by the Audit Committee of the Company’s Board of Directors on 28 February 2024 (Minutes No. 169 dated 28 February 2024), approved by the Company’s Board of Directors on 7 March 2024 (Minutes No. 564/2024 dated 7 March 2024) and approved by the Company’s General Director on 18 March 2024
    • Internal Audit Quality Assurance and Improvement Programme approved by the decision of the Board of Directors on 28 February 2022 (Minutes No. 468/2022 dated 3 March 2022)
    • Internal Standards for the internal audit functions and the practical application standards aligned with the international professional standards for internal auditing With the new International Standards for Internal Auditing from the Institute of Internal Auditors coming into effect on 9 January 2025, the internal standards that regulate the Company’s internal audit activities are set to be updated.

    The Head of Internal Audit receives feedback from the Audit Committee (hereinafter referred to as the Audit Committee) in various forms in the course of interaction with the Audit Committee, including analysing decisions/recommendations of the Audit Committee on matters within the internal audit remit, as well as by means of questionnaire survey of the members of the Audit Committee.

    Satisfaction quotient of the Audit Committee of the Board of Directors of the Company with the results of the work of the Internal Audit Function (average weighted score on the questionnaires of the members of the Audit Committee to the number of members of the Committee voted) according to the results of 2024 corresponds to the “fully consistent” assessment according to the Internal Audit Quality Assurance and Improvement Programme of the Company approved by the Board of Directors on 28 February 2022 (Minutes No. 468/2022 dated 3 March 2022).

    In 2024, LLC B1-CONSULT conducted an external independent assessment of the Company’s internal audit activities. Based on the results of this assessment, LLC B1-CONSULT concluded that the internal audit activities generally comply with the requirements of the International Professional Standards for Internal Auditing and the Company’s Code of Ethics.

    Auditing CommissionRemuneration System