RISK MANAGEMENT, INTERNAL CONTROL,AND INTERNAL AUDIT
During the year, FPC continued to develop and formalise its risk management, internal control, and audit system procedures as recommended by the Bank of Russia’s Corporate Governance Code.
In August 2017, FPC’s Board of Directors made a resolution approving a new organisational and HR model of the Company’s administration, which, for the purpose of delimitation of control and audit functions, established a stand-alone Internal Audit Unit, with administrative reporting to the General Director of the Company and functional reporting to the Board of Directors.
The previously established Internal Audit Centre was renamed the Control and Audit Centre in accordance with its functions. The Risk Management and Internal Control Unit was renamed the Risk Management Unit.
The above bodies are governed both by applicable regulations and the local regulations of FPC.
|Role||Risk Management and Internal Control||Internal Audit|
|Allocated to a separate structural unit||Risk Management Unit||Internal Audit Unit|
|Reporting to||PC’s Deputy General Director for Safety and Security with responsibility for the risk management system||Administrative reporting to FPC General Director of and functional reporting to FPC’s Board of DirectorsThe unit leader was approved by the Board of Directors on 22 December 2017 (Minutes No. 14)|
|The unit’s key objectives||Organise FPC’s risk management Coordinating and improving risk management processes, developing internal control framework Performing day-to-day monitoring of the risk management process in FPC and its subsidiaries, as prescribed Monitoring and supervising the risk management process at FPC||Evaluating performance of the internal control system of FPC and its subsidiariesEvaluating performance of the risk management system of FPC and its subsidiariesEvaluating performance of the corporate governance practice at FPC|
|The unit’s activities regulated by (key documents)||Regulations on Risk Management approved by General Director’s Order No. FPC-557 dated 10 December 2017JSC FPC’s Risk Management Policy approved by Resolution of the Board of Directors dated 14 December 2015 (Minutes No. 8)||Regulations on JSC FPC’s Internal Audit Unit approved by Resolution of the Board of Directors dated 30 March 2018 (Minutes No. 22)Regulations on JSC FPC’s Internal Audit Organisation, approved by Resolution of the Board of Directors dated 30 March 2018 (Minutes No. 22)|
|Full name of the unit leader||Sergey Selishchev, born 1972||Pavel Frolov, born 1968|
RISK MANAGEMENT AND INTERNAL CONTROL
The purpose of risk management in FPC is to provide reasonable assurance on the achievement of the Company’s strategic, tactical, and operational goals in an uncertain environment by effectively taking advantage of attractive opportunities while mitigating risks.
FPC’s risk management process is governed by the Company’s Risk Management Policy as approved by its Board of Directors.
A new version of FPC’s Risk Management Policy was prepared in 2017 and will be submitted to FPC’s Board of Directors.
The Risk Management Committee established in 2016 is the central decision-making body for risk management at FPC.
FPC has a stand-alone risk management unit. Its primary objective is to coordinate and improve risk management processes, and develop an internal control framework. The risk management unit is also responsible for setting up FPC’s risk management process and functioning of FPC’s Risk Management Committee.
Drafts of FPC’s risk maps, matrix models, and matrices were developed in 2017 and are awaiting approval by FPC’s Board of Directors in 2018.
In 2017, FPC continued its efforts to build a risk management framework at its branches and subsidiaries.
FPC is governed by the following key risk management principles:
- Comprehensive approach to risk management
- Continuity of the risk management process
- Involvement of all employees in risk management as part of their duties
- The risk management framework covers all FPC’s activities
- The risk management process is based on uniform principles and approaches
- Segregation of duties among participants of the risk management system
- Making management decisions with due regard to risks
- Balanced criteria for making decisions on risk handling – striking the right balance between potential losses and opportunities, as well as between risk management costs and potential damages if the risk occurs.
The FPC’s Risk Management System aims to address the following tasks:
- Development and maintenance of a uniform, methodology-based approach to risk management across FPC
- Identification, analysis, assessment, selection, preparation, and implementation of risk mitigation plans with consideration of the cost vs benefit balance
- Ensuring integrity, reliability, and effectiveness of risk management at FPC
- Allocation of risk management responsibilities among FPC’s personnel and inclusion of these in corporate regulations
- Development of FPC employees’ skills to ensure successful performance of risk management roles and responsibilities
- Integration of the risk management process into FPC’s management and operational processes and regulation of interactions between the risk management process participants
- Allocation of required and sufficient resources to support risk management
- Creation and maintenance of effective communication channels to support engaging internal and external stakeholders in risk management
- Development of risk management reporting mechanisms, ensuring the completeness, reliability, and timeliness of reporting
- Continuous improvement of the risk management infrastructure and process.
Risk mitigation approaches
Risk avoidance is an approach that implies discontinuing a particular activity (such as abandoning a project, exiting a market, etc.).
One method of risk avoidance involves changing strategic, tactical, or operational goals.
Risk acceptance (conscious risk retention) means risk monitoring without any active treatment of such risks, where the risks are at an acceptable level or where risk treatment is impossible or makes no economic sense.
This approach is also used where all risk mitigation methods available are economically unviable compared to the potential damage of the risk occurrence.
Eliminating the source of risk means addressing the risk source through actions that mitigate its adverse effects.
Mitigating the possibility (likelihood) of risk occurrence (reducing the likelihood of risk occurrence) means actions to reduce the likelihood of risk occurring.
Mitigating risk consequences (reducing the severity of risk consequences) means loss minimisation through appropriate actions.
Risk sharing with another party (parties) means reducing the likelihood and/or effect of risk through risk transfer or any other partial risk reallocation. Conventional risk sharing methods are as follows: insurance, liability sharing, outsourcing, and hedging.
FPC’s internal control is governed by the Company’s Internal Control Policy as approved by its Board of Directors.
The primary objectives of FPC’s internal control system:
- Assuring the efficiency and performance of financial and business operations
- Safeguarding the assets and ensuring the cost effective use of resources
- Risk identification and management
- Ensuring the reliability and completeness of accounting (financial) statements and other types of reporting
- Ensuring compliance with laws and regulations of the Russian Federation as well as FPC’s corporate regulations.
The organisation and operation of FPC’s internal control system are based on the following components:
- Control environment
- Risk assessment
- Internal control procedures
- Information and communication
The following requirements apply to FPC’s internal control system and are essential for its effective operation:
- Timely information sharing
- Focus on risks
- Delineation of responsibilities
In its operations, FPC uses the approach driven by the three lines of defence model based on roles and responsibilities sharing. Each of the three lines is crucial in defining the conceptual framework for FPC management and increases the probability of FPC successfully achieving its goals.
The first line of defence is comprised by business units that are risk owners managing risks, such as those exercising operational control and internal control procedures.
The second line of defence are business units responsible for the effective functioning of control procedures and risk management processes used by the first line of defence. Business units in the second line of defence are independent from those in the first line, but are reporting to the executive management of FPC.
Internal audit, as an independent assurance function, is the third line of defence, whose main responsibility is assessing the performance of the internal control system.
ID 80e495a819065784c4f4a8b17e2333cf отсутствует в базе>
ID 9263bca0060bccbce82f2ac5cf460f47 отсутствует в базе>
ID 19476b01f20bfa2dcd7513ba9d47941f отсутствует в базе>
ID 0006b50fb0cac86f2c152820b667e1f6 отсутствует в базе>
ID e3282d0b475d060194c0054c524cffdc отсутствует в базе>
ID 2a649eb4f716f783a1e759ed0fa19925 отсутствует в базе>
ID 3f1c911b8fe542474d6f3ff77f545fb0 отсутствует в базе>
ID 33ec659bb3666d3590deb28bdabe745e отсутствует в базе>
ID 787869d0999ce135f0b8d88d55c54f44 отсутствует в базе>