The principal goal of the ROSSETI Group’s internal control is to provide reasonable assurance that the Company and ROSSETI ’s subsidiaries and dependent companies achieve the goals in the following areas:
- efficiency, cost effectiveness, and productivity of organizing the Company’s and its SDCs’ activities,
- compliance with the legal requirements applicable to the Company’s and its SDCs’ activities and with the requirements set forth in the Company’s and SDCs’ internal documents,
- prevention of wrongful acts on the part of the Company’s and its SDCs’ employees and third parties in relation to the Company’s and its SDCs’ assets,
- reliability, completeness, and timeliness of preparing all kinds of reports.
The effectiveness of the internal control system relies on the interrelationship of three constituent management processes:
- organization of effective internal control over business processes,
- risk management,
- internal audit and independent evaluation,
- auditorial control.
Key internal regulatory documents of the Company on internal control:
- Strategy for Developing and Improving the Internal Control System of RO SSETI and Subsidiaries and Dependent Companies of RO SSETI approved by the decision adopted by the Board of Directors of ROSSETI on February 10, 2014
- Internal Control Policy of ROSSETI approved by the decision adopted by the Board of Directors of ROSSETI on April 28, 2014
- Risk Management Policy of ROSSETI approved by the decision adopted by the Board of Directors of ROSSETI on April 28, 2014
- Internal Audit Policy of ROSSETI approved by the decision adopted by the Board of Directors of ROSSETI on April 28, 2014
Regulatory documents of ROSSETI on internal control can be found on the corporate website at
http://www.rosseti.ru/eng/investors/reports/Internal-docs/
Internal Control and Audit
Internal Control System Participants; Their Authority and Responsibilities
The ROSSETI Group takes a unified approach to organizing its internal control system:
Internal Audit Commission
The competence of the Internal Audit Commission of the Company and the internal audit commissions of SDCs includes:
- exercising control of the Company’s and SDCs’ financial and economic activities;
- ensuring compliance of business transactions conducted by the Company and SDCs with the laws of the Russian Federation and the Articles of Association of the Company and SDCs;
- making an independent assessment of information about the Company’s and SDCs’ financial condition;
- assuring the reliability of information contained in reports and other financial documents of the Company and SDCs.
Board of Directors
Within the internal control system, the competence of the Board of Directors of the Company includes ensuring the creation, supervising the operation, and defining the general development strategy of the Company’s internal control system. The corresponding functions are performed by the boards of directors of RO SSETI SDCs under the internal control, internal audit, and risk management policies approved in 2014 in accordance with the Model Internal Control Policy, the Model Internal Audit Policy, and the Model Risk Management Policy approved by ROSSETI on June 6, 2014.
Audit Committee
Within the internal control system, the Audit Committee of the Board of Directors of the Company:
- ensures the selection of the external auditor;
- monitors the preparation of accounting (financial) statements and conducts their preliminary reviews;
- assesses external auditors’ reports;
- reviews the internal audit policy;
- is responsible for the functional management of internal audit;
- reviews the report on key risks;
- is responsible for the prior approval of the internal documents defining the principles of and approaches to organizing the internal control and risk management system;
- assesses the effectiveness of the internal control system and prepares proposals for its improvement.
Within the internal control system, the audit committees of the boards of directors of ROSSETI SDCs perform the functions specified above.
Management Board
SDCs’ management boards review and analyze reports on the status of SDCs’ internal control and risk management systems, while the Management Board of RO SSETI does the same in relation to the entire RO SSETI Group.
Director General
Within the internal control system, the Director General of the Company and the sole executive bodies of the Company’s SDCs:
- ensure the creation and operation of the Company’s and SDCs’ effective and reliable internal control and risk management system;
- formulate proposals to improve the internal control system of the Company and SDCs.
A unified approach to building up the ROSSETI Group’s internal control and risk management system and improving the effectiveness of control over SDCs’ activities are ensured by RO SSETI ’s representatives’ participation on SDCs’ boards of directors and the audit committees of SDCs’ boards of directors.
Managers of Functional Areas and Divisions
Within the internal control system, the managers of the Company’s and SDCs’ functional areas and divisions:
- are responsible for the effective attainment of the operating goals of supervised processes;
- assess supervised processes (areas of activities) for the necessity for their optimization with the aim of improving their efficiency;
- manage risks involved in supervised processes;
- ensure that the discovered deficiencies in control procedures and the control environment of processes are corrected.
Personnel of Divisions
Personnel of the Company’s and SDCs’ divisions who are responsible for control procedures by virtue of their employment duties:
- implement control procedures as specified in their job descriptions and the applicable regulations;
- monitor the implementation of control procedures;
- perform control self-assessments and participate in improving the internal control system;
- ensure that their immediate supervisors are informed in a timely manner that it is necessary to redesign control procedures/risk management measures due to changes in the internal and/or external environment of the Company’s and SDCs’ operations.
Internal Audit, Internal Control, and Risk Management Division
Methodological support for the RO SSETI Group’s internal control and risk management system and the Company’s internal audit in 2014 were the responsibility of the Internal Audit and Control Department of ROSSETI .
As part of preventive and routine control, this department was responsible for:
- developing and ensuring the implementation of basic and methodological documents in relation to building and improving the internal control, risk management, and internal audit system;
- assisting management in building a control environment;
- coordinating activities in relation to maintaining and monitoring the target state of the internal control and risk management system;
- applying additional routine control procedures in key and high-risk business processes.
As part of follow-up control, the Internal Audit and Control Department of JSC ROSSETI, jointly with SDCs’ internal audit divisions:
- conducted internal audits of divisions, branches, business processes, projects, and activities;
- assessed the reliability and effectiveness of internal control and risk management;
- formulated recommendations to improve the efficiency of operations, enhance corporate governance, and increase the effectiveness of internal controls and risk management processes.
In 2014, the number of employees responsible for internal audit, internal control, and risk management in ROSSETI and ROSSETI’s subsidiaries and dependent companies (a total of 18 organizations) was 168
Key Results of Control Measures in 2014
The units responsible for internal audit, internal control, and risk management conducted 563 inspections, including 107 internal audits of subsidiaries, subsidiary subsidiaries, and dependent companies (internal audits covered 104 entities of the ROSSETI Group).
Follow-up Control of Corrective Measures
2,286 corrective measures were prescribed for the ROSSETI Group’s entities in 2014 as a result of internal inspections, including internal audits
Out of the 1,897 corrective measures to be implemented in the reporting year, 1,701 were completed.
In early 2014, the Board of Directors of ROSSETI approved the Strategy for Developing and Improving the Internal Control System of ROSSETI and Subsidiaries and Dependent Companies of RO SSETI . In furtherance of the Strategy, the Company has developed and carries out a package of measures (road map) to improve RO SSETI ’s and its SDCs’ internal control and risk management system, whose maturity level will be reached by 2018.
Key Measures to Improve Internal Control and Risk Management in 2015
- organize the implementation of the project to improve SDCs’ internal control system in business accounting, tax accounting, and the preparation of accounting (financial) statements and in processes (areas of activities) that have a material effect on RO SSETI SDCs’ records and accounts
- develop and improve the regulatory framework for risk management in the RO SSETI Group
- integrate risk information into the ROSSETI Group’s business planning system
- make the internal audit function a separate functional area
- develop and improve the regulatory framework for internal audit
- implement an automated system of internal audit
- establish ROSSETI’s permanent collegial working body of (Internal Control Commission (ICC)) within the internal control system with the aim of improving the effectiveness of managerial decisions and measures to correct discovered deficiencies and nonconformities and ensuring the objectivity of assessing the results of control measures and related administrative response measures
- create ROSSETI’s warning system to deal with potential misconduct on the part of RO SSETI ’s and RO SSETI SDCs’ employees (hotline)
- create on the Company’s intranet a common information space, including a knowledge base containing internal regulatory documents and other key information
- develop methods for assessing the achievement of the goals and the corresponding KPI
- formulate/update standard documents relating to personnel recruitment, evaluation, rotation, promotion, motivation and pay and organize their introduction into SDCs etc.
Internal Audit Function Implemented by the Company
For the purpose of implementing the internal audit function, the Company set up a special division of the Company, namely the Directorate for Internal Audit, after the reporting date (on January 19, 2015). This division is functionally subordinate to the Board of Directors of ROSSETI and administratively subordinate to the sole executive body of the Company.
The principal internal documents that govern the Company’s internal audit are the Internal Audit Policy (approved by the Board of Directors of ROSSETI; Minutes of the Meeting No. 151 of April 28, 2014) and the Regulations for the Directorate for Internal Audit.
The Policy is based on best practices and experience of leading international and Russian companies and is formulated in accordance with the approaches applied by The Institute of Internal Auditors (IIA ), an international professional association. The IIA is the internal audit profession’s global voice, recognized authority, acknowledged leader, chief advocate, and principal educator.
The Internal Audit Policy defines the goals, objectives, principles, and key functions of internal audit. The principal goal of internal audit is to assist the Board of Directors and executive bodies in increasing the Company’s management efficiency, improving the Company’s financial and economic activities by taking a systematic and consistent approach to the analysis and evaluation of the risk management, internal control, and corporate governance systems as instruments for reasonable assurance regarding the achievement of the Company’s goals.
The principal objectives of the internal audit division are as follows:
- conduct internal audits;
- evaluate the effectiveness of the internal control, risk management, and corporate governance systems of the Company and SDCs;
- cooperate with the Internal Audit Commission;
- organize cooperation with the Company’s external auditor;
- cooperate with the Audit Committee of the Company’s Board of Directors and the Company’s Board of Directors.
In accordance with the Internal Audit Policy, the chief internal audit executive ensures that internal audit is of adequate quality and that the internal audit function is implemented and monitors the overall effectiveness of measures to ensure the quality of internal audit. This process includes the self-monitoring and external evaluation of the quality of internal audit. External evaluation should be made at least every 5 years.
Risk Management
The ROSSETI Group operates a risk management system aimed at ensuring the sustained and continued functioning and developing of the Company by means of the timely identification and assessment and effective management of risks threatening the efficiency of the Company’s economic operations, its reputation, the health of its employees, the environment, and the property interests of its shareholders and investors.
Key internal regulatory documents that govern the risk management
system of ROSSETI:
- Risk Management Policy of ROSSETI
- Recommended Guidelines for Risk Management
Detailed information about the Risk Management Policy can be found on the corporate website at
http://www.rosseti.ru/media/eng/docs/int_docs/Risk_Management_Policy.pdf
The Risk Management Policy approved by the Board of Directors of the Company (Minutes of the Meeting No. 151 of April 28, 2014) defines the following operating principles of the risk management system:
- systematic approach;
- senior management’s support for developing the corporate culture of risk management;
- integration into strategic and operational administration;
- separated decision-making levels;
- responsibility for risk management;
- common information channel;
- cost-effectiveness.
Key Risks of the Company and SDCs
The ROSSETI Group’s performance is affected by a number of risks which are under the limited control of the Company. Although these are mostly macroeconomic factors impacting the Russian economy in its entirety, certain areas of the Company’s activities can be especially sensitive to certain risk factors. The most important risks are as follows:
- industry-specific risks;
- country and regional risks;
- financial risks;
- legal risks;
- risks associated with the Company’s activities.
The list provided above is incomplete since there are other risks which are currently negligible, but later can have an adverse impact on the Company’s activities, thus affecting its profit, assets, capital, liquidity, and solvency.
Based on the risks disclosed in the annual reports of RO SSETI SDCs for 2014, the ROSSETI Group’s risk information has been summarized.
Each risk is assigned a significance level (moderate, significant, critical) and changes.
Significance Level |
Changes |
||
---|---|---|---|
Critical |
|
No changes or minor changes in significance |
– |
Significant |
|
Increased significance |
↑ |
Moderate |
|
Decreased significance |
↓ |
Main Risks of the ROSSETI Group, Risk Assessment, and Risk Mitigation Measures
Risks |
Description |
Assessment |
Risk Mitigation Measures |
INDUSTRY-SPECIFIC RISKS |
|||
Tariff regulation risks |
These risks are associated with restrictions imposed by tariff regulators on the tariff growth rate of electricity distribution services and with a possibility that that grid companies’ expenses are only partially recognized for the formation of minimum regulated revenue. |
↑ |
A balanced policy is pursued on improving the efficiency of investing and operating activities, aimed at reducing costs and optimally planning the structure of financing. |
Risk of lost income resulting from interrupted electricity consumption |
This risk is associated with the termination of last mile agreements in most Russian regions, effective from January 1, 2014, and with a possibility that that the amount of cross-subsidies is frozen at the 2013 level. |
|
ROSSETI works to develop the mechanisms agreed upon with federal executive authorities for receiving compensation for lost income resulting from abolished cross-subsidies, including by obtaining subsidies from the federal budget. |
Network connection risks |
These risks are associated with a decrease in the volume of connected capacity in network connection requests, with a possibility that that financing sources may be insufficient for work under network connection contracts, with failure to provide network connections within the required period, and with the nonfulfillment by requesting entities of their network connection obligations. |
↓ |
Work is done on monitoring changes in the maximum capacity requested in network connection requests, on causing ROSSETI SDCs to assume the correct scope of obligations under network connection contracts, on developing project documents specifying the scope of obligations under network connection contracts, on submitting to regulatory authorities additional justifying documents in support of the economic feasibility of connection fee rates, on using information technology and template solutions to improve the Business Process “Performance of Electricity Network Connection Services,” and on explaining to customers the process of providing network connection services. |
Risk associated with the decreased volume of electricity distribution |
This risk is associated with the overall decline in large customers’ electricity and capacity demand due to decreased industrial production, the optimization of customers’ external electricity supply, the increasingly wide use of customers’ in-house generation facilities, and impaired financial solvency. |
↑ |
Measures are taken to enhance the reliability of the predicted volume of electricity distribution services for pricing and business planning purposes; the Company participates in developing legislative measures to reduce the number of grid organizations, thus optimizing customers’ costs related to electricity distribution; the Company prepares proposals to improve legislation as related to changing the procedure for determining the volume of provided electricity distribution services. |
Risk of increased expenses incurred in relation to the purchase of electricity to compensate for electricity network losses |
This risk is associated with changes in electricity network losses and price fluctuations in the wholesale electricity market. |
↓ |
The Energy Conservation and Energy Efficiency Enhancement Program is implemented as related to reducing electricity network losses. |
Risks associated with increases in overdue and uncollectable receivables for provided electricity distribution services |
These risks are associated with disagreements between electric grid companies and retail companies over the volume of consumed electricity and capacity, which leads to contested and overdue receivables related to electricity distribution services. |
↑ |
ROSSETI carries out the Program for Improving the Efficiency of Measures to Reduce Receivables for Electricity Distribution Services, including preparing proposals to improve current laws in order to enhance payment discipline and participating in regional commissions to monitor payments for electricity. |
Risks associated with taking on and subsequently transferring the supplier of last resort status |
The Company’s SDCs continue to incur the risk that certain retail companies may be deprived of the supplier of last resort (SOLR) status and that the SOLR powers and duties may be transferred to Company’s SDCs. The performance of the SOLR functions and their subsequent transfer to winning bidders according to the results of the bidding procedures conducted by the Ministry of Energy of the Russian Federation are exposed to certain financial and organizational risks. |
↓ |
Measures are taken to cooperate with federal and regional governmental authorities, the mass media, infrastructural organizations of the wholesale electricity market, law enforcement agencies, and organizations deprived of the supplier of last resort status in the performance of the SOLR functions and the settlement of debts. Initiatives are promoted to streamline the procedure for changing the SOLR, enhance ROSSETI SDCs’ competencies in collecting bad debts and participating effectively in bankruptcy procedures against debtors, etc. |
RISKS ASSOCIATED WITH THE COMPANY’S ACTIVITIES |
|||
Operational and technological risk of SDCs’ activities |
External and internal factors may cause system-wide failures of the operability and performance of electric grid equipment and power outages suffered by customers of SDCs. |
↑ |
Measures are taken to make the power supply more reliable and prevent process failure risks, including:rehabilitating electric grid facilities; modernizing electric grid assets; clearing and expanding the pathways of overhead lines rated 0.4 kV and above; expanding the stock of reserve power supply equipment and the stock of vehicles and special equipment for accident recovery work; improving data exchange systems, analyzing process failures, and forecasting the consequences of process failures, including the implementation of the Automated Management System for Distributed Resources for Accident Recovery Work; improving the emergency reserve management system; increasing the number of mobile accident recovery crews and improving the quality of their personnel; carrying out the program to reduce injury risks of electric grid facilities; ensuring the training, control, and certification of personnel operating process equipment; carrying out the insurance program; implementing the energy conservation and energy efficiency enhancement program; working to set a series of the Organization Standards establishing uniform requirements for the principal aspects of activities conducted by ROSSETI SDCs in the area of operational process control and situation management, etc. |
Investment (project) risk affecting SDCs’ activities |
This risk is associated with the decreasing efficiency and value of investments over the course of implementing SDCs’ capital investment programs. |
↑ |
Capital investment programs are planned and monitored taking account of the following key efficiency criteria: raising the reliability and affordability of the grid infrastructure, reducing the physical deterioration of electric grid facilities and modernizing them, achieving a high utilization rate of commissioned facilities, optimizing technical solutions based on the necessity of excluding the use of imported equipment and materials whose value is highly dependent on foreign exchange rates. Measures are taken to improve the quality of implementing capital investment projects, including updating the list of priority projects, stiffening supervision over construction contractors, and preparing and analyzing progress reports. |
Legal risks |
These risks are associated with changes to legislation and judicial practice relating to the Company’s activities and with changes to the balance between the interests of the Company and other electricity sector entities. |
|
The Company is involved in governmental authorities’ regulatory and legislative activities and monitors changes to legislation and judicial practice. There were no significant changes in the above-mentioned areas in 2014. The Company was not a party to any legal proceedings that could have a material effect on its activities. |
COUNTRY AND REGIONAL RISKS |
|||
Risks associated with the political and economic situation in the country and the regions of SDCs’ operations |
These risks are determined by macroeconomic factors existing globally, nationwide, and at regional level. |
↑ |
Measures are taken to optimize the share of borrowings in their total capital, take out fixed interest rate loans, and enhance the efficiency of the Company’s and SDCs’ operating and investment expenses. |
Risks associated with the geographical characteristics of the country and the regions of SDCs’ operations |
There is a high probability of natural calamities, and there may be interruptions in transportation due to remoteness and/or inaccessibility and the like. |
|
Measures are taken to prevent and promptly remedy emergency situations. |
FINANCIAL RISKS |
|||
Risks associated with exchange rate changes |
These risks are involved in a possible rise in SDCs’ costs in the event of growth of the Russian ruble foreign exchange rates, including in the case of purchased foreign-made equipment. |
↑ |
Measures are taken to make the Company less financially vulnerable to external threats. The import substitution program is carried out. |
Risks associated with loan interest rate changes |
SDCs may incur higher debt service expenses. |
↑ |
Measures are taken to optimize the loan portfolio, including by optimizing operating expenses and capital investment programs and by using SDCs’ own funds for partial debt repayment. |
Risks associated with inflation impact |
These risks are involved in growing prices of materials, raw materials, and services in a situation where the opportunities of SDCs to raise the prices of electricity distribution and transmission services are restricted by government regulation. |
↑ |
Measures are taken to make the Company less financially vulnerable to external threats. |
The risks described above, except for legal risks and risks associated with the geographical characteristics of the country and the regions of SDCs’ operations, occurred in 2014.
Report on the Evaluation of RM&IC System Effectiveness
In accordance with the approaches to implementing internal control as set forth in the Enterprise Risk Management – Integrated Framework (2004) and the Internal Control – Integrated Framework (2013) released and updated by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and as required by the International Standards for the Professional Practice of Internal Auditing released by The Institute of Internal Auditors (IIA ), the best practice in the development and improvement of management systems is the continuous evaluation of their effectiveness, including the evaluation of the risk management and internal control system (“RM&IC System”).
The principal participant in this evaluation is the internal audit division, which helps the organization maintain an effective risk management and internal control system, making the internal evaluation of its efficiency and effectiveness on an ongoing basis and facilitation the continuous improvement of the system.
External evaluation should be made at least every five years by a qualified and independent appraiser or group of appraisers that is not the organization’s employee.
The external evaluation of ROSSETI’s risk management and internal control system was made in 2011 by an independent consultant, RSM Top-Audit. The consultant found the RM&IC System to be at a development stage in 2011:
- 6 components of 8 (internal environment, event identification, risk assessment, controls, information, and monitoring) were in the range of Maturity Level 1 to Maturity Level 2 (on a scale of one to three: Standardized, Optimized, and Automated);
- 2 components of 8 (goal setting and risk response) were below Maturity Level 1 (Standardized).
With the aim of building up and improving the RM&IC System, the Board of Directors of RO SSETI approved the Strategy for Developing and Improving the Internal Control System of RO SSETI and Subsidiaries and Dependent Companies of RO SSETI (“Strategy”) (Minutes of the Meeting No. 143 of February 10, 2014) on the initiative of the Company’s management.
In accordance with the Strategy, the RM&IC System can have six maturity levels: from “Zero” to “High”:
Maturity Level |
Characteristics Corresponding to a Certain Maturity Level |
Zero |
1. There is no awareness of problems associated with the management of activities 2. There is no description (regulation) of processes |
Basic |
1. There is documented evidence that the Company is aware of problems associated with the management of activities. There is no overall approach to the management of activities 2. Processes related to the management of activities are not regulated and are used sporadically and unsystematically |
Satisfactory |
1. There is documented evidence that the Company is aware of problems associated with the management of activities. There is an overall approach to the management of activities 2. Processes are partly regulated. Responsibility lies mainly with process owners, which entails a high probability of potential errors |
Moderate |
1. Problems (risks) associated with the management of activities are identified. However, the Risk Management System is not integrated into the decision-making process in full 2. Processes are regulated and communicated to personnel. However, the procedure for applying these processes is left to the discretion of personnel. This brings about potentially unidentified deviations from standard procedures. Applied procedures are not optimal and not modern enough but reflect practices used by the Company |
Optimal |
1. Problems (risks) associated with the management of activities are identified. The Risk Management System is integrated into the planning and decision-making processes. However, the Risk Management System is not automated and neither are all possible controls 2. Processes are regulated, are unified in the Company, the executive arm, and branches of SDCs, and are communicated to personnel by being posted in the public domain. The Company monitors the implementation of its processes and evaluates their effectiveness. If any implemented processes are found to have low effectiveness, they are optimized. Processes are improved on a continuous basis and are built on a good practice. The management of activities is automated in part and to a limited extent |
High |
1. Problems (risks) associated with the management of activities are identified. The Risk Management System is integrated into the planning and decision-making processes. The Risk Management System and control procedures are, where possible, automated 2. Processes have reached the level of a best practice based on continuous improvement and maturity benchmarking against other organizations, are regulated, are unified in the Company, the executive arm, and branches of SDCs, and are communicated to personnel by being posted in the public domain. The Company monitors the implementation of its processes and evaluates their effectiveness. The Company is able to quickly adapt processes for changes in the environment and business |
In 2014, ROSSETI formulated and the Company’s Board of Directors approved the internal documents setting out the requirements and approaches applied to evaluating the internal control, risk management,
and internal audit systems, namely the Internal Control Policy, the Risk Management Policy, and the Internal Audit Policy (approved by the decision adopted by the Board of Directors of RO SSETI on April 28, 2014; Minutes of the Meeting No. 151).
In accordance with the Risk Management, Internal Control, and Internal Audit Policies, the Company
is subject to annual internal evaluation and periodic external independent evaluation:
– in the case of the risk management and internal control systems, at least every 3 years,
– in the case of the internal audit function, every 5 years.
In early 2014, the Internal Audit and Control Department made an internal evaluation of the RM&IC System’s performance in 2013. The evaluation results were preliminarily reviewed by the Audit Committee of the Company’s Board of Directors.
Main conclusions from the evaluation:
- based on the levels specified in the Strategy, the RM&IC System maturity level of the entire RO SSETI Group was found to be between “Satisfactory” (3) and “Moderate” (4).
In the 2nd quarter of 2015, the Company’s internal auditor, the Directorate for Internal Audit, evaluated the RM&IC System of ROSSETI and its SDCs for 2014. The evaluation results will be preliminarily reviewed by the Audit Committee of the Company’s Board of Directors, submitted for review by the Company’s Board of Directors, and disclosed in accordance with the prescribed procedure.
The ROSSETI Group’s auditor, Ernst & Young LLC, under the agreements for the mandatory external audit of ROSSETI’s and SDCs’ statements in accordance with Russian Accounting Standards for 2014, was separately engaged to conduct an external evaluation of the internal control system. As stated in the auditor’s report:
– methodological and organizational support for ROSSETI’s and SDCs’ internal control and risk management is sufficient and, in general, meets the requirements for such documents in accordance with legal regulations and current business practices,
– the ROSSETI Group employs an adequate mechanism to identify business and financial risks,
– the existing elements of internal control are used to build an effective system of internal control over the accounting process and the preparation of accounting (financial) statements.
The Company will engage independent consultants on a competitive basis to conduct the next external evaluation of the status and effectiveness of the risk management, internal control, and internal audit systems in 2016.