Internal Control System
The pandemic has created a revolution in remote work, which is likely to remain part of the post-COVID world. 2020 has set in motion adaptation of processes with regard to remoteness and isolation at all organization levels. We had to rely on technologies to ensure working efficiency. This is especially important in terms of internal control work. Ensuring confidence in old processes at a distance, as well as evaluating new remote processes will be a priority for internal control development after COVID-19 pandemic. Effective use of technologies will be crucial”.Head of the Internal Control and Risk Management Department Nadezhda Mayakovskaya
The Internal Control System (ICS) of Rosseti Kuban is integrated into the Corporate-Wide Management System and is designed to provide reasonable assurance regarding the achievement of the objectives related to the following focus areas:
- operational efficiency and strong performances of the Company including achievement of financial and operating results, protection of the Company’s assets;
- compliance with applicable laws of the Russian Federation and regulations applied to the Company in its business activities and financial accounting;
- reliability and timeliness of accounting (financial) statements and other types of statements.
ICS is a risk-based system; control procedures are developed taking into account the risks and are established in such a way as to provide reasonable assurance of effective and timely response to the emerging risk. ICS envelopes all of the aspects of the Company operations, and the control procedures are implemented continually in all of the Company processes (areas of activity), at all of the management levels according to the Three Defence Lines model:
- the level of governing bodies (sole and collective executive bodies), the Company’s units and divisions performing control procedures as part of their functions and professional duties – the first line of defence;
- the level of the Company’s control divisions – the second line of defence;
- the level of Internal Audit Department – the third line of defence.
The Internal Control and Risk Management Department was created in the Company and is currently in operation. According to the Internal Control Policy and the Regulation on the Department, it is tasked with the following functions:
- development and implementation of the basic and methodological documents related to building and improving the ICS;
- assistance to the management in creating the ICS for business processes, development of recommendations for the description and implementation of control procedures into processes (activities) and assignment of responsibility for officials;
- coordination of actions aimed at the ICS goal state supporting and monitoring;
- preparation of information on the ICS state for stakeholders;
- interaction with the state regulatory authorities on the internal control issues.
The functions of the ICS participants can be found in the Annex 6 of the Annual Report, and they are described and formalized in the following documents:
- Company’s Articles of Association ;
- Regulation on the Audit Committee of the Board of Directors ;
- Company’s Internal Control Policy and Procedure of Internal Control Policy Implementation ;
- the internal documents regulating the distribution of responsibilities between the Deputy General Directors and other managers reporting to the Company’s General Director; regulations on divisions, job descriptions, and control procedure matrices;
- Regulation on Specialized Internal Control Bodies.
The Board of Directors approved the Internal Control Policy of the Company (Minutes No.233/2016 dated March 18, 2016) to support the introduction and implementation of an efficient ICS complying with the generally accepted practices and standards of internal control activities, as well as the requirements of regulators, and aimed at the implementation of the Company goals. It defines the objectives, principles and components of the Company’s ICS, main roles and responsibilities of actors in internal control, and ICS performance assessment procedure.
The Company has in plate the Procedure to fulfil requirements of the Internal Control Policy, defining the aspects of applying the rules under the Internal Control Policy. Control procedures for processes and sub-processes of the main and supporting activities, as well as governance processes of the Company are recorded in control and risk matrices.
In the reporting year, the Company implemented the following key actions aimed at the improvement of the ICS:
- routine control was taken for highly-risky business processes in the scope of activities of the collective bodies (controlling the writing-off of the unaccounted consumption acts, accounts receivable settlements, power supply facility consolidation, introduction of automated data systems);
- technical specifications for introduction and refining of automated data systems of the Company in terms of automated control procedures were approved by the Internal Control and Risk Management Department;
- local regulations defining control procedures, including those intended for control efficiency were approved;
- the ICS and management system were integrated within the framework of development of the process regulations containing information on description, indicators of progress, risks and control procedures of the process in a single document;
- new revisions of the procedure for implementation of requirements of the Internal Control Policy and Regulation on Specialized Internal Control Bodies were approved were approved;
- process owners conducted self-assessment of control procedure efficiency and ICS processes in the Company.
To guarantee that the ICS is efficient and in compliance with the intrinsically changing requirements and conditions, the internal auditor of the Company assesses the efficiency of the ICS to test its compliance with the target state and maturity level.
The maturity level of the ICS of Rosseti Kuban is equal to 5.3 from 6.0 as per the results of average assessment values of compliance of the current state with the target state criteria in 2020. This assessment value corresponds to the intermediate level between optimal and high levels and remains at the level of 2019.
The key ICS development measures scheduled for 2021:
- updating the regulatory base for internal control;
- integrating the existing anti-corruption compliance system into the common internal control system;
- conducting trainings for managers and employees regarding organization and functioning of the internal control system;
- introducing the control mechanism for financial stability, support of procedures of winding-up and bankruptcy of counterparties.