Stakeholders > Shareholders and investors > Internal control system and risk management

We focus on the improvement of the internal control and risk management system. Work in this field enables us to provide additional guarantees for achievement of strategic goals by early identification and prevention of risks and taking effective measures for mitigation thereof.

The Company’s activities in the area of internal control and risk management are regulated by internal documents of the Company: Internal Control Policy approved by the Board of Directors on August 27, 2012 (Minutes No.109/7), Risk Management Policy approved by the Board of Directors on June 23, 2010 (Minutes No.60/15) and Methodical Guidelines on Risk Management.

The internal control system (ICS) is the whole range of procedures, methods and mechanisms of control created by the Board of Directors and management of the Company in order to ensure proper performance of financial and business operations. The internal control procedures are an integral part of the Company’s business processes. They are carried out both during the business process and immediately prior to and after completion of an assignment.

The ICS has functioned in the Company since December 2004. Its normative base is being constantly improved and it effectiveness is systematically assessed. Activities of the ICS are regulated by the Company’s internal documents.

Key goals of the ICS:

  • Improvement of the corporate governance system of the Company and its subsidiaries and affiliates in order to provide reasonable assurance in observance of interests and rights of shareholders and investors of the Company and its subsidiaries and affiliates with regard to:
    • effective and productive use of resources of the Company and its subsidiaries and affiliates;
    • protection of assets of the Company and its subsidiaries and affiliates;
    • compliance with requirements of the Russian Federation, local legal acts of the Company and its subsidiaries and affiliates (compliance control);
    • accuracy and relevance of management reporting and accounting (financial) statements and reliability of the system of their preparation.
  • Increasing efficiency and productivity of activities of the Company and its subsidiaries and affiliates by improving risk management processes and implementation of effective control procedures.
  • Facilitation of timely adaptation of the Company to changes in the internal and external environment.

The risk management system (RMS) is a set of processes, methods and information systems aimed at achievement of risk management goals and objectives.

RMS is aimed at:

Providing a reasonable assurance of achievement of strategic goals:

  • identification and assessment of materiality of events affecting achievement of strategic goals;
  • taking preventive measures for minimization of possibility and negative effect of risks on the goals;
  • strategic planning taking into account risks;
  • timely reporting to Director General (Management Board) and stakeholders of threats and opportunities;
  • monitoring of risk control measures.

Protection of assets and support of business effectiveness:

  • identification, assessment and management of risks relating to business processes;
  • provision of information on risks in making managerial decisions;
  • creation of a risk control matrix;
  • creation and management of a system of key risk indicators (KRIs);
  • fraud prevention.

Assurance of uninterrupted electric power supply:

  • creation of programs of responding to risk situations;
  • regulation of localization of consequences of risk events;
  • coordination, assurance and assessment of effectiveness of prompt responding to emergency situations.
Responsible Person Internal Control System (ICS) Risk Management System (RMS)
Board of Directors Determination of a necessary level of ICS development, approval and making of amendments to the Internal Control Policy, giving instructions to executive authorities on areas of ICS development.
Audit Committee of the Board of Directors General assessment of effectiveness of ICS procedures. Supervision over risk management efficiency.
Director General, Management Board Responsibility for effective functioning of ICS procedures. Responsibility for effective risk management.
Deputy Directors General —Directors of the branches Responsibility for effective risk management (at lower levels of the Company’s management).
Heads of Structural Divisions Responsibility for implementation of ICS principles and effectiveness of achievement of operating goals of business processes. Business process risk management. Responsibility for timely identification, risk assessment, development and implementation of measures, risk monitoring.
Internal Audit and Risk Management Division ICS functions over financial and business activities.

Assessment of adequacy, sufficiency and efficiency of ICS procedures, control over compliance with ICS procedures, monitoring of remedy of violations, support of methodological and legal framework of the ICS.

Responsibility for methodological support and coordination (timely collection of information) of all risk management processes. Provision of timely and full information on risks to all stakeholders.
Employees of structural divisions (performers) Conduct of control procedures within the framework of ICS functioning, monitoring of execution of control procedures, participation in ICS improvement, informing officials and subdivisions of identified risks and violations in functioning of business processes.

Key ICS and RMS results of 2011-2012

  • Key risks for main business processes were approved:
    • “Commercial Metering and Implementation of Power Transmission Services”;
    • “Implementation of Technological Connection Services”;
    • “Purchasing Management”;
    • “Operational Activities”.
  • In the reporting period the management of internal audit and risk management prepared and performed self-assessment of the Company’s ICS and RMS in accordance with the best practices in the field of ICS organization.
  • The management of internal audit and risk management issues, on a quarterly basis, a risk map and plans of actions for risk management for the reporting quarter based on risk passports provided.
  • The Company began the creation of an integrated risk management and internal control system. Within the framework of this system it is planned to maintain an effective information exchange required for operating and strategic risk management between the Board of Directors, executive bodies and all functional divisions. In 2012 by order a working group for creation of integrated ICS and RMS was established, risk owners (responsible employees and divisions on the basis of a relationship between the division’s functions and the relative field) were identified.
Types of controls 2012 2011
Scheduled inspections 8 36
Inspections by Director General’s order 4 9
Purchasing quality inspections 80
Audit inspections of subsidiaries and affiliates 2 5
Internal investigation 12
Participation in inspections as experts (Russian Grids) 3
Total number of inspections 109 50
Key risks Risk description Measures for risk minimization
Country and regional risks Risk of occurrence of emergency situations as a result of negative natural phenomena
  • Designing energy facilities taking into account peculiarities of regional climate and geography
Risk of decrease in actual consumption of electric power by consumers of the services
  • Continuous monitoring of energy supply;
  • Working with consumers of the services in order to agree upon target values of electricity net supply to be included in the agreement for the next year in the size of applications.
Regulatory risks Limitation of tariff sources to restrain electricity tariff growth and related risks
  • Implementation of a balanced policy for increase of the efficiency of investment and operational activities aimed at reducing expenses and optimal planning of the structure of financing sources for the Company’s activities.
Risks of decreased revenues from technological connection to the grids due to increased number of privileged consumers
  • Forecasting technological connection in order to forecast application volumes and obligations of the grid company for the next year;
  • implementation of a program for increasing trust of consumers to the issuer by explaining the entire process of technological connection (posting information on the official website);
  • development of the Customer Service Center.

Financial risks Risks relating to the cross-subsidization mechanism effective in the Company
  • monitoring of the capital structure and determination of optimal borrowing parameters as well as taking measures for reducing the volume of cross-subsidization and optimization of the structure of working capital.
Operating risks Risk of failure to ensure a safe operation of production facilities due to the high level of deterioration of electric grid equipment, violation of operation conditions and errors of operating personnel.
  • implementation of measures aimed at prevention of risks of technological violations:
  • implementation of a complex program for modernization of electric grid facilities;
  • increase of the number of mobile emergency and restoration brigades and the quality of their composition;
  • modernization and creation of automated systems of technological control;
  • implementation of a program for reduction of injury risks at electric grid facilities;
  • training, control and attestation of personnel operating technological equipment.

Investment risks Risks of failure to meet deadlines set for development of capital investments and delays in commissioning of investment program facilities, including due to failure to perform or delayed performance by contractors and suppliers of their obligations
  • monitoring of implementation of the Company’s investment programs, their financing, and analysis of deviation of actual parameters of implementation of the investment program from planned ones;
  • project management of investment activities

Compliance risks Risk of the issuer’s loss due to gaps in or violation of legal requirement of effective legislation
  • full compliance with effective laws and regulations and the issuer’s internal documents;
  • where necessary, using all legal remedies, including filing petitions to court;
  • conduct of legal expertise of all of the issuer’s transactions;
  • development of standard (model) forms of agreements applied by the issuer.

Shareholder value risk (corporate risk) Risk of shareholder value growth
  • implementation of cost management programs;
  • control over implementation of approved business plans;
  • participation in joint with local government authorities programs for development of territories with agreement upon volumes and sources of financing of investment programs.

ICS and RMS activity areas

Beneficiaries Inside
Internal audit Audit inspections Risk management