Internal control system
The Company’s internal control system (further referred to as ICS) is integrated into the general management system of the Company, aimed at providing reasonable guarantees for achieving the goals in the following areas:
- the efficiency and effectiveness of the Company’s activities, including the achievement of financial and operational indicators, the safety of the Company’s assets;
- compliance with requirements of the legislation of the Russian Federation, applicable to the Company, and local regulatory acts of the Company, including in making economic activities and accounting;
- ensuring the reliability and timeliness of accounting (financial) and other statements.
The ICS is risk-oriented; therefore, control procedures are risk-based and established in a way to provide reasonable assurance that the response to an emerging risk occurs efficiently and on time. ICS covers all areas of the Company’s activities; control procedures are performed continuously in all processes (operations) of the Company at all levels of management by the model with three lines of protection:
- at the level of management bodies (the sole and collegial executive bodies), units and subdivisions of the Company performing control procedures by their functions and official duties — the first line of protection;
- at the level of control subdivisions of the Company — the second line of protection;
- at the level of the internal audit subdivisions, the third line of protection.
The functions of the ICS participants are given in Appendix No. 5 to the annual report, assigned and described in the following documents:
- Charter of the Company
- Regulation for the Audit Committee of the Board of Directors Kubanenergo PJSC,
- The Company’s internal control policy,
- The methodology for evaluating the effectiveness of the internal control system and risk management system of the Rosseti Group of Companies,
- distribution of responsibilities between the deputies of the General Director and other managers subordinate to the General Director of Company,
- Regulation for the procedure for requirements to the Internal Control Policy,
- The Regulation for the functioning of specialized internal control bodies, and the structural branches of Kubanenergo PJSC,
- Order of operation of the internal control system of Kubanenergo PJSC for the targeted, useful and timely use of funds, received from the additional issue of shares to perform the development plan of the Company,
- Methods of self-assessment of the effectiveness of control procedures and the system of compliance control processes (activities),
- process control matrices (activities),
- the Regulations of subdivisions and job descriptions of employees.
To guarantee the implementation and maintenance of a practical ICS, conforming to generally accepted practices and standards of activity in the area of internal control, as well as regulatory requirements and contributing to the achievement of the Company’s objectives, by decision of the Board of Directors dated 17.03.2016, the Internal Control Policy of Kubanenergo PJSC was approved in the new edition (minutes No. 233/2016). The Internal Control Policy defines the objectives, principles of operation, and elements of the Company’s ICS, the primary duties and responsibilities of its participants, as well as the procedure for evaluating effectiveness.
The Company operates the Regulation for the implementation of requirements to the compliance control policies, revealing the aspects of application of standards, outlined in the Internal Control Policy.
The control procedures for the processes and subprocesses of the primary and supporting activities, as well as the Company’s management processes, are documented in the process (actions) control matrices.
The action plan for development and improvement of the internal control and risk management systems of Kubanenergo PJSC for 2016–2018, approved by a decision of the Board of Directors (minutes No. 256/2016, dated 02.12.2016), was fulfilled in 2018, which let to increase the level of ICS maturity.
To guarantee the valid ICS that meets the objectively changing requirements and conditions, the internal auditor of the Company conducts an independent internal assessment of ICS effectiveness and its compliance with the target state and level of maturity. According to this assessment, the level of maturity of ICS according to the results of 2018 is "optimal" (by the results of 2017, ICS maturity level was rated as "intermediate" between "moderate" and "optimal").
An independent external assessment of ICS conducted by a consortium of performers as a part of the appraisal and consulting services of Ernst & Young LLC together with "RSM RUS" LLC, resulted in recognition of the Company’s ICS as of March 31, 2019, as effective. Providing for the recommendations issued in the second half of 2019, the Company will develop a plan to maintain the effectiveness of the ICS.
The results of the internal and external evaluation of ICS efficiency. The Board of Directors plans to review it in 2019.
In the reporting year, the Company has brought into action the following key activities to assure the improvement of ICS:
- improvement of regulatory and methodological support of ICS:
- The following have been approved in a new edition: The Charter, the Regulations for the Board of Directors and the Management Board of the Company, the accounting procedure for inspections of Kubanenergo PJSC carried out by external control (supervision) bodies,
- also, there were approved: Methods of self-assessment of the effectiveness of control procedures and system of internal control processes (activities), Guidelines for an integrated management system, Regulation for the rotation policy of the external auditor of the Company,
- and were updated: Protocol for interaction of the internal audit subdivisions with the structural branches of Kubanenergo PJSC during inspections and monitoring the implementation of corrective action plans, control matrices for 27 processes (areas of operation);
- integrated development of ICS:
- there was executed the Operating Plan for development and improvement of ICS and SRM (System of Risk Management) of the Company for 2016–2018,
- A set of measures was performed to develop and improve the Company’s management system,
- the plans for 2018 were executed by the specialized internal control bodies (second-line protection subdivisions) in full, and the action plans for 2019 were elaborated in terms of planning for the specialized functions assigned to them;
- arrangements for updating the distribution of responsibilities between top managers and managers subordinate to the General Director of the Company;
- measures aimed at improving the processes (activities) of the Company:
- Corrective action plans were performed to improve the processes (activities),
- the Directorate for Internal Control and Risk Management has monitored the execution of the Company’s development plan report, audited the management system, provided self-assessment of the effectiveness of control procedures by process owners, gave appraisal to the design and operational efficiency of the Company’s process control matrices, carried out measures to evaluate the draft internal documents of the Company in terms of the effectiveness of control procedures, made recommendations to improve control procedures in areas of receivables management, procurement, the functioning of commissions/headquarters, the consolidation of the Company’s assets, the inventory of assets and in other areas,
- the permanent working group for control of the write-off of the unaccounted electricity consumption acts of Kubanenergo PJSC was established to improve the efficiency of work with acts of unaccounted electricity consumption and to protect the Company’s interests in judicial and other instances.
The Company plans to hold the following key events as a part of the fulfillment of the internal control functions in ICS in 2019:
- the introduction of recommendations received from the results of external independent evaluation of ICS effectiveness;
- improvement of the control environment, including through the advancement of control procedures in the Company’s processes;
- the accomplishment of internal control mechanisms, including through the development, adjustment, and coordination of internal local documents of the Company;
- delivery of control procedures in the processes of the commissions and working groups of the Company;
- realization of the Comprehensive Security Policy of the Company and the Company’s anti-corruption program for 2018, as well as other policies of the Company;
- monitoring of the corrective action plans based on the results of internal and external audits of the Company.