Risk management and internal control
The Group has introduced and employs the Risk Management and Internal Control Framework (RMICF), which encompasses key assets, business processes, lines of business, and all levels of the Group’s management.
Purpose and objectives of the Risk Management and Internal Control Framework
The use of the Risk Management and Internal Control Framework ensures:
- an objective, fair, and clear view of the Group’s current state and prospects,
- reasonable confidence in achieving the goals set for the Group,
- a high level of trust among shareholders and investors in the Company’s management bodies,
- the protection of investments and assets and the containment of risks within acceptable limits.
Participants in the Risk Management and Internal Control Framework
The Group’s management ensures the RMICF is integrated into key business processes and the Group’s activities, above all in the planning and monitoring of business activities, including business planning and project management in the Generation, Supply, Trading, and Engineering segments.
With the support of the Internal Control and Risk Management Department (ICRMD), senior management is responsible for coordinating and drafting a unified methodology and ensuring the stages of the RMICF cycle are properly implemented and produce the key results. The head of the ICRMD reports directly to the Chairman of the Management Board, which ensures the independent identification and assessment of risks as well as the development and monitoring of risk management measures, including control procedures.
The objectives, core principles, approaches, and parties involved in risk management and internal control processes at PJSC Inter RAO are enshrined in the Risk Management and Internal Control Policy of PJSC Inter RAOThe Risk Management and Internal Control Policy (Minutes No. 234 of the Company’s Board of Directors dated November 19, 2018) is a top-level document drafted based on the Charter of PJSC Inter RAO that takes into account the recommendations of Russian and international risk management standards, the Corporate Governance Code, the guidelines of the Federal Agency for State Property Management, risk management and corporate governance best practices, and the listing rules of Russian and international stock exchanges., which is reviewed and approved by the Company’s Board of Directors.
The Risk Management and Internal Control Policy was approved as a corporate standard for the companies of the Inter RAO Group by an orderOrder No. IRAO/652 dated December 17, 2018 “On the Risk Management and Internal Control Policy of PJSC Inter RAO approved by the Board of Directors.” of the Chairman of the Management Board.
Flow chart of responsibility of participants in the Risk Management and Internal Control Framework of the Inter RAO Group
|Participants||Key functions and objectives|
|Board of Directors||Determination of the principles and approaches to the organization of the RMICF and approval of the Risk Management and Internal Control Policy. Approval of risk appetite for the planned period, critical risk maps, and a critical risk management action plan. Annual review of a report on the operation of the RMICF and an assessment report on the effectiveness of the RMICF.|
|Executive management bodies Chairman of the Management Board, Management Board, Collective advisory bodies|| Ensuring the RMICF functions effectively at the Company. Distribution of powers, duties, and responsibilities for specific risk management and internal control procedures. Approval of requirements for the structure, content, and formats of reporting processes and risk management and internal control procedures. Approval of benchmarks for the RMICF, including: |
|Risk Owners Managers who directly report to the Chairman of the Management Board, Managers of structural units of the Group’s companies||Establishing the RMICF within the functional areas they manage, ensuring it functions effectively, and introducing, implementing, and improving internal control and risk management procedures. Introducing a risk-based approach to operational practices and disseminating the standards and values of a risk management culture among employees. Drafting internal regulatory documents on risk management and internal control for functional areas. Ensuring the stages of the RMICF cycle are properly implemented and produce the key results. Implementing functional risk management measures, including control procedures, and ensuring their monitoring. Coordinating employees’ actions, information flows, and resources in order to manage the risks of their functional areas.|
|Internal Control and Risk Management Department||Overall coordination of risk management and internal control processes. Creation of a unified methodology for the RMICF and monitoring its compliance. Implementing and improving RMICF processes and ensuring the stages of the RMICF cycle are properly implemented and produce the key results. Informing the Company’s Board of Directors and executive bodies about the operational results of the RMICF. Disclosing information on risk management and internal control issues to internal and external stakeholders. Organizing training for the Company’s employees and controlling entities on matters concerning risk management and internal control and ensuring the dissemination of knowledge and skills in risk management and internal control at the Group’s companies.|
|Internal Audit||Assessing the effectiveness of the RMICF. Monitoring measures that aim to improve the effectiveness of the RMICF. Consulting the Company’s executive bodies on matters concerning risk management and internal control.|
|Employees||Taking a risk-oriented approach to activities, including the adoption of risk-oriented decisions and following compliance principles in the areas of functional responsibility stipulated by official duties. Documenting and monitoring risks in day-to-day operating activities as part of the performance of official duties, carrying out risk management measures and control procedures, and/or ensuring their monitoring. Informing immediate superiors in a timely manner about changes to the internal and external conditions of the Company’s activities that could lead to changes in the degree of risk or the emergence of new risks as well as cases where risk management measures cannot be implemented or need to be adjusted.|
Development of the Risk Management and Internal Control Framework
The PJSC Inter RAO Board of Directors decided to merge the Enterprise Risk Management Framework and the Internal Control Framework into the unified RMICFMinutes No. 234 dated November 19, 2018.. The merger and mutual integration of the systems has made it possible to achieve the following results:
- the perimeter for inclusion in the Risk Management and Internal Control Framework was expanded from 15 to 26 of the Group’s subsidiaries. This has resulted in the cumulative revenue of companies within the perimeter of the RMICF accounting for 96% of the Group’s revenue per IFRS
- an assessment was conducted of the impact risks have on the Group’s performance targets in the context of its strategic development priorities;
- the list of the Group’s standard risks was updated and the number of standard risks faced by the Group’s companies that are assessed and managed within the RMICF was increased from 30 to 57;
- an approach was approved for assessing process level risks, developing control procedures, and building risk-oriented internal control.
Based on the results of the annual efficiency assessment of the Enterprise Risk Management Framework (ERM) and the Internal Control Framework (IC) conducted by the internal audit division in the first quarter of 2018, the Board of Directors approved recommendations to improve the efficiency of the ERM and IC taking into account the priorities for risk management and internal controls for 2018Minutes No. 221 dated April 2, 2018..
Efficiency assessment of the Risk Management and Internal Control Framework
- Management informs the Board of Directors each year about the results achieved in matters concerning risk management and internal control over the reporting period as part of an annual report on the operation of the RMICF.
- The internal audit division conducts audits and an annual efficiency assessment of the RMICF and provides the Board of Directors with reporting on the results of the assessment.
- The Company’s Board of Directors reviews matters concerning the organization, functioning, and effectiveness of the RMICF at least once a year and makes recommendations for its improvement, and also has the power to initiate an external assessment of the RMICF with the hiring of an independent organization.
- The efficiency assessment of the RMICF for 2018 was presented by the Internal Audit Unit to the Company’s Board of Directors for review and approved on March 29, 2019Minutes No. 243 dated April 1, 2019..
|Priorities for 2018||Results achieved|
|Strengthening the integration of the ERM and IC||The Enterprise Risk Management Framework and Internal Control Framework were integrated into the unified Risk Management and Internal Control Framework. The Enterprise Risk Management Framework and Internal Control Framework were integrated into the unified Risk Management and Internal Control FrameworkMinutes No. 234 dated November 19, 2018.. The number of internal regulatory documents (IRD) in the ‘Risk Management’ and ‘Internal Control’ functional areas was updated and optimized. The conceptual framework in risk management and internal control was improved and unified.|
|Updating approaches to determining acceptable risk levels, including risk appetite|| The Group approved the concept of acceptable risk levels (risk appetite, risk capacity, risk tolerance, and risk limit), which upon being introduced in 2019 will make it possible to: |
|Strengthening the integration of risk management with business planning processes||The RMICF was integrated into business planning processes and reporting on the execution of the business plans of the Group’s companies. Approaches were formalized for conducting an integrated risk-oriented factor analysis of deviations in the business plans of the Group’s companies.|
|Strengthening the integration of risk management with project management||Project risk assessment was integrated into project management processes. The approaches that have been developed for project risk management have been tested during various types of projects. A project risk management methodology has been developed and recommendations have been made on updating the IRD in project management.|
|Assistance in the development of compliance methodology||Antimonopoly Compliance (AMC): The Board of Directors has approved an Antimonopoly Compliance PolicyMinutes No. 235 dated December 3, 2019. . An order Order No. IRAO/703 dated December 27, 2018. of the Chairman of the PJSC Inter RAO Management Board approved the Antimonopoly Risk Map together with the Antimonopoly Risk Management Action Plan. An Antimonopoly Compliance Commission has been established and functions at the Company. In December 2018, organizations controlled by the Company appointed persons responsible for AMC in coordination with the Antimonopoly Compliance Commission. Tax compliance: Since 2018, PJSC Inter RAO has been submitting quarterly reporting forms on internal control to the tax authorities in accordance with the requirements of the Federal Tax Service of Russia (FTS of Russia). Regulatory documents have been drafted to ensure the effective functioning of the internal tax control system at PJSC Inter RAO.|
Critical risk analysis
The critical risk map of the Inter RAO Group is compiled annually and reflects the results of the critical risk assessment, including a graphic display, a list of critical risks, and the disclosure of information about them. Critical risks refer to risks that pose a threat of deviation from the Group’s goals and require priority management and monitoring in order to comply with an acceptable level of risk.
- Credit risk of counterparty banksPer a resolution of the Board of Directors, such risks are listed among critical risks, but are not graphically displayed on the risk map since they are categorized as risks whose impact on EBITDA and cash flow from operations are not assessed. Information on corruption risks is disclosed in the ‘Anti-Fraud and Corruption’ section.
- Risk of a decrease in the day-ahead market price as a result of changes related to the procedure used to convert price bids for the planning of production volumes
- Risk of the regulator adopting unfavorable tariff and balance decisions and a shortfall in the actual approved required gross proceeds
- Currency risk
- Price risk in the day-ahead market (risk associated with adverse price changes in the day-ahead market)
- Credit risk of the receivables of electricity customers/organizations
- Credit risk of the receivables of customers on the wholesle electric power and capacity market
- Risk of the failure to meet commissioning deadlines (failure to meet the capacity supply schedules under capacity delivery agreements (CDA))
- Price risk (foreign economic activities)
- Risk of a reduction in the volume of electricity supplies (FEA)
- Risk of a lower guaranteed rate of return on CDA investments and the share of a CDA facility’s expenses compensated by payment for capacity
- Corruption risksPer a resolution of the Board of Directors, such risks are listed among critical risks, but are not graphically displayed on the risk map since they are categorized as risks whose impact on EBITDA and cash flow from operations are not assessed. Information on corruption risks is disclosed in the ‘Anti-Fraud and Corruption’ section.
Risks that materialized in 2018
|Price risk in the day-ahead market (risk associated with adverse price changes in the day-ahead market)|| The main factors that had an effect on the decrease in day-ahead market prices relative to the targets were: |
|Credit risk of the receivables of electricity customers/grid organizations|| Main factors of risk materialization in 2018: |
|Credit risk of the receivables of customers on the wholesale electric power and capacity market|| Main factors of risk materialization in 2018: |
|Risk of the failure to meet commissioning deadlines (failure to meet the capacity supply schedules under capacity delivery agreements)|| Main factors of risk materialization in 2018: |
|Corruption risks|| According to the approaches used at the Group, fraud is considered a corruption risk, and the risk is deemed to have materialized when a conviction is handed down in court in cases that were not initiated as a result of the Group’s companies reaching out to law enforcement agencies. A case involving the risk of fraud was uncovered in the Group’s supply business: an employee of a company of the Group was found guilty under a conviction that was handed down in 2018. |
It should also be noted in terms of criminal cases initiated by a company of the Group (does not affect risk materialization), one conviction was handed down against employees of the supply business in 2018 and another two convictions were handed down in 2019.
The Group has organized work to counter and prevent fraud and corruption.
For more on the management of corruption risks, please see the section ‘Anti-Fraud and Corruption’.
|Changes in electricity sales on the day-ahead market (competitiveness of branches)|| The main factors that had an effect on the decrease in electricity sales on the day-ahead market relative to the targets were: |
|Credit risk of the receivables of thermal power customers|| |
The main reason for the growth in receivables: revenue growth due to the climatic factor (a colder heating period compared with the temperatures projected in the Business Plan).
The growth in receivables among thermal energy customer in 2018 was offset by increased claim-related work and intensified interaction with the bailiffs service, collection agencies, and law enforcement agencies.
Correlation of risk management and internal control with the Group’s Development Strategy
The PJSC Inter RAO Board of Directors has approved strategic goals and development priorities (see the ‘‘Strategic Priorities’’ section). Operational-level goals are set to assess the achievement of strategic priorities and their fulfillment is included in the KPIs and PBs of the Chairman and members of the Company’s Management Board (see the ‘‘Key Performance Indicators System’’ section).
A list of standard risks inherent in the Group’s activities was determined as part of the target benchmarks of the Risk Management and Internal Control Framework, and target indicators were enshrined based on which the impact of the risks was assessed.
The breakdown of the Group’s strategic priorities into operational indicators and the assessment of the impact of risks on these indicators ensure the integration of the RMICF with the management incentive system and make it possible to effectively manage the Group’s companies taking into account their inherent risks.