Control, audit and risk management
RVC’s main control, audit and risk management bodies are the Board of Directors, the Audit and Integrity Committee, the Audit Commission, the CEO, the Risk Analysis and Internal Control Department and the Internal Audit Department. RVC’s financial statements are audited by an external independent auditor approved by the General Meeting of Shareholders based on the results of an open competitive selection. RVC carries out comprehensive work in line with best corporate governance practices in order to develop its internal control, audit and risk management system.
Internal control and audit
The internal control and audit system is designed to ensure the achievement of RVC’s strategic goals and objectives, the implementation of the Company’s financial and Business Plans and the preservation and efficient use of its resources and capacity, and also to ensure that RVC and its subsidiaries are in compliance with Russian laws and RVC’s bylaws.
During the reporting period, the Company took measures to implement RVC’s policies on internal audit and internal control, as well as to improve the organizational and legal framework for the functioning of the internal control and audit system:
- a methodology was developed for carrying out monthly reviews of employees’ compliance with the requirements of RVC’s bylaws and with the conditions of civil law contracts entered into by the Company when making payments, and informing the CEO about the results of these reviews
- measures were developed to rectify and identified shortcomings, and employees were consulted on improving internal control in the Company’s business processes
- procurement documentation was checked on an ongoing basis to identify non-compliance with legal requirements and the Company’s bylaws;
- an assessment was conducted of Company bylaws, the operations of the Company’s business divisions and the existence of oversight procedures, and also of the application, adequacy and effectiveness of those procedures.
In 2018, the Internal Audit Department carried out 16 audits, including an audit of the quality of corporate governance and planned audits of the financial and business operations of RVC’s subsidiaries.
In accordance with RVC’s Internal Audit Policy and the International Standards for the Professional Practice of Internal Auditing, RVC’s Audit and Integrity Committee regularly reviewed plans for internal audit activities and reports on the results of the internal audit activities within the Company.
Risk Analysis and Internal Control Department
In accordance with the Regulation on the Risk Analysis and Internal Control Department, the functions of RVC’s Risk Analysis and Internal Control Department include:
- The development of risk management and internal control policies
- The introduction of elements of a risk management and internal control system into the activities of structural units
- Methodological guidance, analysis of the quality and functioning of the risk management and internal control system
- Coordination and participation in classifying, assessing and responding to risks
- Monitoring the effectiveness of the risk management and internal control system and preparing proposals for the Company’s management bodies the improvement thereof
Part of RVC’s corporate governance practice includes identifying and responding to risks. Risk management is a continuous, systematic process that affects all of RVC’s operations.
RVC established and operates a risk management system based on legislative requirements, government standards and best practices in risk management.
The following measures were taken during the reporting period in order to improve the risk management system:
- A permanent Risk Committee was created, and the organizational and legal framework for its activities was developed and approved nine Committee meetings were held to carry out a comprehensive assessment of the risks facing RVC, and measures aimed at minimizing those risks were discussed
- RVC’s Risk Register and Risk Map for 2018 were compiled based on the objectives of the Business Plan for 2018 and for the 2019–2020 planning period with subsequent approval by the RVC Board of Directors (minutes No. 18 of 26 December 2018)
- An analysis of the remits of the Company’s business divisions was carried out, and the status of “Risk Owner” was assigned to the heads of business divisions responsible for identifying, informing and developing risk management measures
- Risk Management Procedures were introduced at RVC (approved at a meeting of the Audit and Integrity Committee, minutes No. 02 of 20 November 2017 approved by RVC Order No. 119/18 of 12 December 2018)
- The functioning of the risk management and internal control systems was secured, as was their integration into the corporate management processes of NTI projects in order to implement NTI action plans (road maps)
- Company employees received training on the methodology for risk identification and assessment and for the development of risk management measures
An integral element of risk management at RVC is providing methodological assistance for subsidiaries’ risk management and internal control systems, as well as monitoring their performance.
The members of the Audit Commission are elected by the General Meeting of Shareholders. The Commission consists of at least three and no more than five people. Members of the Audit Commission cannot simultaneously be members of the Board of Directors or occupy other positions in RVC’s Management Bodies.
The composition of the Audit Commission (elected by decision of the Annual General Meeting of Shareholders of 29 June 2018):
- Viktor Bovt, Senior Audit Manager at VimpelCom, independent expert
- Konstantin Lukoyanov, Рartner in the law firm of Chernyshov, Lukoyanov and Partners (CLP Law Offices), independent expert
- Alexey Priyatkin, Vice President at Russia Partners, independent expert
- Nikolay Starchenko, member of the Management Board, Deputy Executive Director of the National Association of Corporate Directors, independent expert
- Alexey Khudyakov, independent director, member of the Direktorium Professional Association of Directors, independent expert
The functions of the Chairman of the Audit Commission are performed by Nikolay Starchenko (elected by Decision No. 1-2018 of the Audit Commission of 28 September 2018).
The tasks of the Audit Commission include:
- Monitoring compliance on the part of the Executive Body and the Board of Directors with the provisions of the Company’s Charter and bylaws, and also monitoring the execution of decisions taken by the General Meeting of Shareholders and the Board of Directors
- Verification of the organization and functioning of the internal audit, internal control and risk management systems
- Developing recommendations (proposals) to improve the internal audit, internal control and risk management systems
- Confirmation of the accuracy of the information contained in the Company’s annual report and annual financial statements
- Other powers attributed by the current laws of the Russian Federation, the Company’s Charter and the Regulation on the Audit Commission
Audit and Integrity Committee
In accordance with the Regulation on the Committees of RVC’s Board of Directors, approved by decision of the Board of Directors (minutes No. 21 of 6 December 2017), the Audit and Integrity Committee was established for the preliminary consideration of the most important issues that, according to the Company’s Charter, fall within the remit of the Board of the Directors, including consideration of issues concerning the systems of internal control, audit, risk management and ethics.
Remit of the Audit and Integrity Committee:
- Preliminary consideration of policies and other documents (procedures) governing the functioning of the internal audit, internal control and risk management systems
- Assessment of the effectiveness of the risk management, internal control and audit systems
- Consideration of reports on material risks and the management thereof
- Consideration of information on response measures and/or control procedures (action plan) for the prevention of material risks
- Review of the Company’s risk register and risk map (or maps)
- Ensuring the effectiveness of risk management and the development of a risk management culture are the responsibility of the Risk Analysis and Internal Control Department, which is directly subordinate to the Company’s CEO.
In accordance with the applicable legal requirements, RVC conducts an annual mandatory audit of its financial statements. The auditor is selected on a competitive basis in accordance with the requirements of Federal Law No. 307-FZ of 30 December 2008 on Audit and in the manner prescribed by Federal Law No. 44-FZ 5 April 2013 on the Contract System for the Procurement of Goods, Works and Services for State and Municipal Needs.
In 2016, Intercom-Audit Limited Liability Company was selected as RVC’s auditor for three years.
RVC’s Anti-Corruption Policy reflects a commitment to high ethical standards of business conduct, the Company’s desire to improve its corporate culture and follow best practices in corporate governance, as well as concern for RVC’s business reputation. RVC is included in the Consolidated Register of Participants in the Anti-Corruption Charter of Russian Business. In 2018, RVC once again completed the procedure for declaring its compliance with the provisions of the Anti-Corruption Charter of Russian Business and an assessment of measures to prevent and combat corruption.
In an effort to prevent and combat corruption in 2018, the Company implemented its Anti-Corruption Action Plan, approved by RVC Order No. 02/16 of 19 January 2016.
The Company’s main activities aimed at preventing corruption included the following:
- Unifying the corporate Anti-Corruption Policy
- Improving interaction between business divisions
- Maintaining the operation of RVC’s hotline
- Improving the procedure for conducting workplace inspections
- Updating the register of persons required to provide information on their interest in transactions concluded by RVC
- Ensuring the inclusion of anti-corruption conditions (reservations) in all contracts with counterparties (when approving draft contracts and when concluding contracts)
- Anti-corruption monitoring (analysis of RVC’s statutory and operational activities)
- Analysis of reports and negative publications in the media about RVC’s activities
In order to improve the organizational and legal framework for combating corruption, measures were taken in 2018 to improve the risk management, internal control and internal audit systems.
Activities aimed at the formation of common approaches to ensuring work on the prevention and enhancement of the effectiveness of the Company’s anti-corruption efforts are carried out on an ongoing basis.
As it is not a public company, RVC discloses information on a voluntary basis. The disclosure procedure is governed by RVC’s Regulation on Disclosure, which requires the publication of:
- Annual reports and annual financial statements, including the auditor’s opinion
- RVC’s Charter and regulations on its Management Bodies
- Lists of affiliates
This information is disclosed on RVC’s website: http://www.rvc.ru/about/disclosure/
In addition, RVC, in accordance with legal requirements, discloses information in the Unified Federal Register of Information about the Activities of Legal Entities.
In accordance with decrees of the Government of the Russian Federation and the directives of the Federal Agency for State Property Management, RVC allocates 25% of its net profit at year end for the payout of dividends. In the absence of profit, dividends are not paid.
A decision on profit allocation, including dividend payments for 2018, will be made at the Annual General Meeting of Shareholders in June 2019.