3.3.3 Internal control
The Company’s internal control system is an integral element of the Company’s governing system, focused to ensure reasonable guarantees that the goals below are achieved:
- Company’s efficiency and performance, including achievement of financial and operational indicators, soundness of assets;
- Company’s compliance with applicable laws and Company’s enactments, incl. Company’s operations and accounting;
- Provision of integrity and timeliness of financial and other reporting.
The internal control system is risk-oriented, its control procedures were shaped by risks and set in a way to ensure reasonable guarantee of an efficient and timely response to risks. The ICS covers all lines of Company’s operations, with all processes regularly controlled at all management levels, under the “three lines of defense” model. The first line of defense is management bodies (sole and collegiate executive bodies) and units in charge of control procedures due to their duties. The second line of defense is the Company’s control units. The third line of defense is internal audit units.
Functions of the system players are stipulated by the Company’s Internal Control Policy (80), Regulations on the structural units and job descriptions. The Internal Control Policy stipulates goals, operational principles and elements of the ICS, primary functions and responsibilities of ICS participants, ICS efficiency assessment procedure. The Company enforces the Procedure of implementation of the Internal Control Policy, disclosing practical aspects related to application of the norms, set by the Internal Control Policy. Control procedures on core and auxiliary processes, subprocesses and governance processes are stipulated by control and risk matrices. The Company has approved ICS improvement plans and enforces them (81).
To guarantee the ICS efficiency and compliance with changing requirements and conditions, the Company’s internal auditor evaluates efficiency of the system. The ICS maturity level in 2018 has not changed on 2017 and is assessed as “Optimal” (2017 – 4.8 points, 2018 – 5.2 points). External independent assessment of the internal control system as of 31.12.2018 was conducted by OOOLimited Liability Company Ernst & Young – Assessment and Consulting Services and OOOLimited Liability Company RSM RUS (82).
During the reported period, the Company has implemented a range of key measures focused on ICS improvement, incl.:
- Preparation and adoption of the Methodology for self-evaluation of efficiency of control procedures and system of internal control of processes;
- Implementation of remedial actions eliminating weaknesses exposed during the evaluation of efficiency of the Company’s internal control and risk management systems in 2017, conducted by the Internal Audit Department;
- Assessment of design and operating efficiency of control procedures regarding 29 business processes, development and adoption of the post-assessment remedial action plan eliminating exposed weaknesses;
- Preparation and implementation of regulatory and administrative documents regarding update and integration of the control matrices and schemes on 29 business processes;
- Participation in the recertification audit of the Company’s Integrated Management System to certify compliance with ISOinternational standardization organization 9001:2015, ISOinternational standardization organization 14001:2015, ISOinternational standardization organization 45001:2018, ISOinternational standardization organization 50001:2011 and relevant national standards.
The Internal Audit Department is a unit, liable for internal audit. The Internal Audit Department is responsible to the Company’s Board of Directors. This means that the Board of Directors oversees and administers the unit (namely, adoption of the unit’s action plan, progress report, its budget as well as assignment, dismissal and remuneration of the unit head). The goal of internal audit is to assist the Board of Directors and executive bodies of the Company in enhancing efficacy of governance and improving its financial and economic performance, by enforcing systematic and coherent approaches to analysis and evaluation of the systems of risk management, internal control and corporate governance as instruments of reasonable assurance in Company’s goal achievement.
Goals and objectives, principles of IA rollout and functioning, functions and authorities of the internal audit are stipulated by the Internal Audit Policy (83). Internal audit performance is regulated by the Internal Audit Policy and Internal Auditor Ethics Code (83), Regulations on the OAOOpen Joint-Stock Company IDGCInterregional Distribution Grid Company of Urals Internal Audit Department (84), Guarantee and Enhanced Quality of Internal Audit Program (85), Internal audit standards and standards of practical application, developed to comply with the International Professional Internal Audit Standards.
The Board of Directors Audit Committee evaluates the efficiency of internal audit. The Committee’s feedback is delivered to the head of the internal audit unit through the head’s interaction with the Committee, incl. analysis of resolutions/ recommendations of the Committee on matters falling under the competence of the internal audit unit and questionnaire survey of the Committee members. Satiation of the Audit Committee with the performance of the internal audit unit (average weighted total points from the questionnaires / quantity of votes Committee members) in 2018 corresponds with “compliance” estimation value. The Company has prepared and adopted the action plan with regard to development and improvement of the Company’s internal audit for 2017-2019 (86).