Risk management and internal control
TMK’s risk management and internal control framework is a set of procedures exercised by the Board of Directors, executive and supervisory bodies, officers and employees to ensure a true and fair view of its state of affairs and prospects, risk exposure, reliability of all types of reporting, and compliance with laws and internal regulations.
The Board of Directors has approved the Regulations on Internal Control laying out principles and approaches to building a risk management and internal control framework and exercises control over financial and economic activities at the operational and organisational levels.
The Audit Committee assesses the effectiveness of internal control and risk management framework and develops recommendations on its improvement. In the reporting year, the Audit Committee gave a positive assessment of the current risk management and internal control framework.
TMK employs a two-level risk management approach, identifying risks at its corporate center and controlled entities and integrating them to assess their overall impact on the Company.
To manage risks, the Company has set up a dedicated risk management unit whose responsibilities are fully in line with TMK’s Corporate Governance Code. It also has the Risk Management Committee reporting to the CEO and in charge of mitigating risks by drafting and implementing a uniform risk management policy and risk identification, assessment and management methodology. Its Chairman reports to the Board’s Audit Committee at least once a quarter.
TMK seeks to mitigate risks through an adequate control over all of its operations. In order to do that:
- the Company implements controls based on its policies, regulations and standards, at all governance levels;
- CEO sets goals for the Company’s senior executives and oversees their activities aimed at maintaining proper internal controls across the units they supervise;
- TMK’s senior executives delegate responsibilities to implement specific control policies and procedures to the heads of business units whose responsibilities include, inter alia, assessing control processes within the scope of their competence;
- TMK employs the principle of segregating responsibilities: there are no officers combining authorisation, accounting, storage and control functions.
In 2014, the Company fully integrated the compliance function into the overall framework of risk management and internal control as well as of corporate governance and corporate security. This process was coordinated by the CEO’s Committee on Regulating Compliance Risks and its regional subcommittees at TMK plants governed by the Company’s Key Compliance Risk Principles and Anti-Corruption Policy.
TMK operates a hotline as a public control instrument using a full range of communication channels for the Company’s employees, investors, clients and other stakeholders to report any known abuse or violations.
The Company has an internal audit system in place to assess the adequacy and effectiveness of risk controls pertaining to corporate governance, operations at TMK’s entities and divisions and their information systems.
The Company has established the Internal Audit Department (IAD), a standalone function operating under the IAD Regulations approved by the Board of Directors. The IAD’s independence and impartiality are ensured through its reporting directly to the CEO and functionally to the Board of Directors via the Audit Committee. Its head reports to the Board of Directors, which appoints and removes him / her from office and decides on his / her remuneration. The IAD operates in compliance with regulations on and international professional standards of internal audit.
It has regional units across TMK’s geographies, which use a single planning and reporting system and functionally report to the head of TMK’s (the Holding Company’s) IAD. The IAD’s regional units ensure a prompt response to any changes in business processes and operations at TMK entities.
The Department develops an annual risk-focused audit plan based on priority business processes subject to audit, and on risk ranking and assessment (by probability and potential impact). The plan is discussed at the Audit Committee’s meetings and approved by the Board of Directors and TMK’s CEO.
The IAD also oversees compliance by the Company’s governance bodies, officers and employees with insider dealing laws and regulations and regularly reports to the Audit Committee as well as to the Board, at the year-end.
TMK’s management promptly responds to gaps in controls identified by internal audit, introducing the required changes to the risk management and internal control framework, which help streamline the corporate governance processes and quality.
Internal control over financial reporting
TMK’s management is responsible for implementing and maintaining adequate internal control over financial reporting to provide reasonable assurance as regards the reliability of financial statements and their conformity with the RAS and IFRS.
Throughout 2014 and to date, TMK has been operating an internal control framework, which reasonably assures the effectiveness of all controls, including financial and operational controls, as well as compliance with laws and regulations.
The Revision Committee controls the Company’s financial and economic activities on behalf of shareholders and reports to the General Meeting of Shareholders on the reliability of the reporting data and deficiencies or violations identified.
The External Auditor verifies and confirms that the Company’s financial statements are in line with the applicable accounting rules and national and international financial reporting standards (RAS and IRFS) and expresses its opinion on the reliability of the financial statements following their audit.
In selecting an external auditor to audit the Group’s IFRS consolidated financial statements and assessing its performance, we adhere to the Policy on Selection of TMK Group’s External Auditor, as approved by the Board of Directors (http://www.tmk-group.ru/media_ru/fies/51/tmk_pol_vyb_aud14.pdf).
The following procedures are in place to ensure the auditor’s independence and impartiality:
- Every decade the Company holds a tender to select an auditor under the terms and conditions approved by the Board of Directors based on the Audit Committee’s recommendations. The Committee organises the tender and announces its results.
- It is also entitled to request an early tender following the assessment of the auditor’s performance quality and its compliance with the independence requirement.
- The auditor is selected from among internationally recognised independent audit firms and approved by the Board of Directors.
To mitigate the risk of long-term relationship compromising the external auditor’s independence and impartiality, members of audit teams and the lead partner responsible for the audit are subject to rotation.
TMK appointed Ernst & Young, a member of the Selfregulated Non-Profit Partnership «Audit Chamber of Russia», as the external independent auditor of its FY 2014 and interim consolidated and separate financial statements.
In 2014, the auditor’s remuneration for auditing the annual financial statements and reviewing interim financials (including audit of separate financials at some TMK’s entities) was USD 2.86 m, for other auditrelated services — USD 0.03 m, and for non-audit services — USD 0.26 m.