Internal Control System
The Company’s internal control system (hereinafter referred to as ICS) is an element of the Company’s overall management system aimed at providing reasonable guarantees of achieving the goals in the following areas:
- efficiency and effectiveness of the Company’s activities, including the achievement of financial and operational indicators, the safety of the Company’s assets;
- compliance with applicable legal requirements and local regulatory acts of the Company, including when committing business facts and maintaining accounting records;
- ensuring the reliability and timeliness of accounting (financial) and other statements.
ICS covers all areas of the Company’s business. Control procedures are performed continuously in all processes (areas of activity) of the Company at all levels of management.
The Company’s internal control system operates in accordance with the "three lines of defense" model. This model means the implementation of internal control in the Company at three levels:
- at the level of the management bodies (the sole and collegial executive bodies), units and divisions of the Company performing control procedures by virtue of their functions and official duties which is the first line of defense;
- at the level of control units of the Company which is the second line of defense;
- at the level of the internal audit unit which is the third line of defense.
The functions of the participants of the ICS are enshrined in the Company’s Internal Control Policy, approved by a decision of the Board of Directors of March 14, 2016 (Minutes No. 180/2016), as well as in the regulations on structural divisions. Information on the main functions in the area of ICS is set out in Appendix 6 to the Annual Report.
In order to implement the Strategy for the Development and Improvement of ICS of ROSSETI, PJSC and Subsidiaries and Affiliates of ROSSETI, PJSC approved by the decision of the Board of Directors of PJSC ROSSETI dated February 10, 2014 (Minutes No. 143), in the Company by decision of the Board of Directors dated March 14, 2016 (Minutes No. 180/2016) approved the Internal Control Policy of IDGC of South, PJSC (order of IDGC of South, PJSC dd. April 22, 2016 No. 242). The internal control policy defines the objectives, principles of operation and elements of the Company’s ICS, the main functions and responsibilities of the participants of the ICS, the procedure for evaluating the effectiveness of the ICS.
The Company has the Procedure for implementation of requirements of the Internal Control Policy, which reveals the applied aspects of the application of the standards set out in the Internal Control Policy.
The control procedures for the processes and subprocesses of the core and supporting activities, as well as the Company’s management processes are documented in the control and risk matrices.
A set of measures to improve the internal control and risk management systems is implemented within the Company (Order No. 349 of May 25, 2018).
To ensure that the ICS is effective and meets objectively changing requirements and conditions, the Company’s internal auditor evaluates the effectiveness of the ICS: its compliance with the target state and level of maturity.
The issue of ICS effectiveness based on the results of 2018 was considered at a meeting of the Board of Directors in May 2019 with a preliminary discussion of this issue by the Audit Committee of the Board of Directors dd. March 28, 2019 No. 94. These decisions estimated the level of maturity of the ICS as 5.3 (according to the results of 2017, the level of maturity of the ICS was rated as “optimal”, 4.8 points).
External independent assessment of ICS performance as of December 31, 2018 is carried out in the Company by a consortium of Ernst&Young LLC (appraisal and consulting services) and RSM RUS LLC (an independent assessment of the effectiveness of the Company’s internal control system), based on which the Company a report will be provided. ICS is rated as “effective” (3 points).
In the reporting year, the Company implemented the following key activities aimed at improving the ICS:
- for the effective functioning of the internal control system in accordance with uniform standards, the ROSSETI group of companies approved the Procedure for implementing the requirements of the Internal Control Policy of IDGC of South, PJSC (order No. 52 of January 26, 2018), in accordance with which, together with the owners of the processes, a phased design assessment was conducted and operational effectiveness of control procedures;
- the process of updating the process control matrices in IDGC of South, PJSC was organized (Order No. 926 of December 26, 2018);
- improved management of key operational risks, operational risks of main and other business processes, the introduction of a transparent and effective risk management system, the updating of methodological documents in the field of operational risk assessment and improving the efficiency of risk management measures (Order of September 27, 2018 No. 679);
- in order to increase the efficiency of management of the integrated management system and to take into account the new requirements of the international standard ISO 9001: 2015, the order of September 28, 2018 No. 686-A approved a new version of РУК ИСМ 80380011-ИА/Ф-7220 002-2018 Guide to Integrated Management System in Areas of Quality, Ecology, Health Protection and Occupational Safety at IDGC of South, PJSC;
- in order to determine a common procedure and rules for organizing measures for preparing for the stock-taking, stock-taking procedures during its conduct, and drawing up documents based on the results of the stock-taking, Order No. 718 dated October 11, 2018 amended the Methodological Recommendations for the stock-taking of capital, assets and liabilities;
- a Methodology for Corruption Risk Assessment in PJSC ROSSETI and Subsidiaries and Affiliates PJSC ROSSETI was developed and approved (Order No. 199 dated March 23, 2018).