Internal Control and Risk Management System
The issuer has a structural unit to handle the risks and internal control – the Internal Control and Risk Management Service.
The functions of the Company’s Internal Control and Risk Management Service are:
- overall coordination of risk management and internal control processes, including the actions of all participants of the Risk Management System (RMS) and Internal Control System (ICS);
- development of methodological documents with regard to the risk management and internal control processes and RMS and ICS functioning;
- analysis of the risk portfolio and development of a strategy of response actions and redistribution of resources to manage the relevant risks;
- calculation of a preferred risk (risk appetite statements);
- organisation of the RMS and ICS training for the Company’s employees;
- timely aggregation of information concerning all identified risks and updating of the risk register;
- monitoring of the risk management and internal control process;
- preparation of a report, at least once in six months, and informing of the executive bodies about the results of risk management and internal control activities, as well as RMS & ICS efficiency estimation;
- preparation of an annual report on organisation, functioning and efficiency of the risk management and internal control systems.
The main function of the Internal Control and Risk Management Service is to co-ordinate risk management and internal control and provide appropriate methodological materials.
Over the entire life period, the issuer regularly analyses the risks considering probability and impact. In case the risks are identified, the issuer evaluates them and develops the measures to eliminate or mitigate the negative consequences to acceptable level. The internal control is continuous and is provided at the level of the issuer’s structural units heads.
The issuer’s risk management policy
The Company’s Board of Directors is responsible for determining principles and approaches to risk management and internal control system. The executive bodies of PJSC Evropeyskaya Elektrotekhnica participants create and support the effective risk management and internal control system in the Group of Companies, bear responsibility for implementation of the Board of Directors decisions as relates to risk management and internal control system.
The issuer’s risk management system is most of all aimed at revealing potential risks before they occur or at a very early stage. The issuer regularly analyses the risks considering probability and impact. In case the risks are identified, the issuer evaluates them and develops the measures to eliminate or mitigate the negative consequences to acceptable level.
The essence of the risk management system of PJSC Evropeyskaya Elektrotekhnica is to implement a continuous process relating to all activities of the issuer and aimed at risks identification, assessment and development of measures to mitigate the risks and probability of their occurrence.
As part of the risk management and internal control system, the interaction is provided both within the Group of Companies and with external parties according to regulatory documents.
The risk management and internal control of the Group of Companies is a multi-level system. It implies continuous data exchange between all parties (management bodies and structural units of the Group of Companies, participants of the Group of Companies).
Basing on information, which is submitted from the functional units of the Group about business-processes being implemented in the Group of Companies, availability and execution of internal control procedures, the Risk Management and Internal Control Service analyses the existing risks and tests the control procedures (evaluate their efficiency) aimed to mitigate the risks. Considering the results of the analysis, the Risk Management and Internal Control Service states recommendations on improvement of the risk management and internal control procedures.
The Company adheres to the principles of maximum transparency while interacting with the external related parties, which are the state regulatory authorities, the external auditors, the banks, the insurance companies, the shareholders, the investors. The local regulatory acts approved by the governing bodies of the Group of Companies are the basis for this interaction. One of the key tasks is to disclose true essential information on the Group of Companies activities to the external parties observing the regulatory documents on information disclosure.