Internal Audit Service
The main objective of the activity of the Internal Audit Service of PJSC RusHydro is to assist the Board of Directors and the executive bodies of RusHydro Group in improving the management of the Group, improving its operations, including through a systematic and consistent approach to the analysis and evaluation of the risk management system, internal control, and corporate governance. The number of members of the Internal Audit Service as of December 31, 2017, is five.
The Internal Audit Service is a separate structural unit of PJSC RusHydro, which is subordinate to the Board of Directors (the Audit Committee) and administratively subordinate to the CEO, the Chairman of the Management Board of PJSC RusHydro. The head of the Internal Audit Service was approved by the decision of the Board of Directors of PJSC RusHydro.
The tasks and functions of the Internal Audit Service include:
- organisation and conduct of internal audits of the Company and Subsidiaries, processes and activities;
- ssessment of the effectiveness of the internal control system, the risk management system, corporate governance of the Company and Subsidiaries;
- organisation of methodological support and control over the activities of the Company's representatives in the Audit Commissions Subsidiaries;
- interaction with the Audit Committee.
General principles and approaches to the Company's internal audit system are fixed in the Internal Audit Policy approved by the Board of Directors of PJSC RusHydro. The policy takes into account the requirements of the Corporate Governance Code of PJSC RusHydro, the Methodological Recommendations and Guidelines of the Federal Property Management Agency, and is aimed, among other things, at increasing the compliance of the Internal Audit Service of PJSC RusHydro to the International Professional Standards of Internal Audit.
The priorities of the Company's internal audit in accordance with the objectives of RusHydro Group, taking into account the available resources, as well as the risk-oriented approach to planning of control activities, are determined by the Monitoring Action Plan, which is approved annually by the Audit Committee.
In the course of 2017, 14 planned monitoring activities were carried out, and 6 unscheduled inspections and official investigations were conducted / attended, during which audit evidence was collected and analysed to assess the effectiveness of the internal control, risk management, and corporate governance system, including:
- checks of branches and subsidiaries engaged in the construction, operation, and repair of generation facilities;
- thematic audits aimed at identifying opportunities to improve the Company's business processes and the activities of key controlled companies;
- evaluation of the internal control and risk management system of RusHydro Group;
- evaluation of the corporate governance system.
Based on the results of the control activities, the Company's management and the controlled companies develop and implement corrective actions aimed at following the remarks, increasing the efficiency of the internal control system, preventing the repetition of violations, applying disciplinary measures to persons who committed violations. Internal auditors carry out follow-up control of corrective actions.
Evaluation by the Audit Committee of the effectiveness of the internal audit process
On a quarterly basis, the Audit Committee reviews the report of the Head of the Internal Audit Service on the implementation of the Monitoring Schedule Plan, which contains a brief description of the identified material violations, remarks and shortcomings in the activities of the Company and its controlled companies, including information on significant risks, control and corporate governance issues, and recommendations on their elimination, increase of efficiency of internal control system.
Based on the results of the evaluation (feedback) in 2017, the high efficiency of the internal audit work was identified in terms of identifying shortcomings, the elimination of which would reduce / eliminate the impact of negative factors on the efficiency of the Company and the controlled companies.
In the reporting year, the Methodology for evaluating the effectiveness of the internal control and risk management system by the Internal Audit Service was approved. The Company also approved the Programme for ensuring and improving the quality of the Company's internal audit, designed to ensure proper control and evaluation of the internal audit activity, as well as to identify areas for its improvement.
The Programme defines the goals, directions, approaches and procedures for the continuous (ongoing) and cyclical monitoring of the quality of internal audit activities. The implementation of the Programme includes:
- conducting ongoing (continuous) monitoring of internal audit activities,
- conducting annual internal assessments of internal audit activities (self-assessments),
- regular external evaluation of internal audit activities (every 5 years),
- informing about the results of the evaluation,
- development / update of the plan of measures for the development and improvement of internal audit activities.