Internal audit seeks to preserve and enhance the value of the company through the provision of independent and objective assessments, consultations to management and the Board of Directors. Among the key factors for the success of the function are the use of advanced technologies for internal audit, the continuous development of methodology and competencies, a flexible response to the changing economic situation and the needs of customers.ALEXANDER DOLGOPOLOV, Chief Audit Executive
SUEK’s Internal Control and Audit Service (ICAS) provides for the provision of independent and objective assessments and advice in the field of the following:
- Internal control system
- Risk management system
- Corporate governance system
The independence of the ICAS is ensured by its functional subordination to the Audit Committee. The Committee reviews the Service’s reports on a quarterly basis, approves internal audit plans and the Service’s budget and holds regular meetings with the head of the Service to discuss current issues.
When planning its work, the ICAS applies a risk-based approach, taking into account the external environment and performance of the company, focus areas of the Board of Directors and executives and risk assessment results.
In 2018, SUEK focused on:
- Production (efficient use of fixed assets)
- IT strategy implementation
- Investments and capital construction
- Financing of SUEK’s activities
Based on the recommendations of the Service, managers develop and take corrective actions aimed at overcoming shortcomings and improving the efficiency of business processes and operations. The Service monitors and analyses the efficiency of such actions.
During the year, the ICAS implemented the Development Strategy of the internal audit function for 2018-2020 in the following areas:
- Increasing the level of automation of internal control processes
- Further development of the methodology and expertise
- HR development of the Service
- Development of cooperation with the Internal Audit services of other companies, sharing of experiences and competencies
The key focus areas of the Service for 2019 are, in particular:
- Industrial and labour safety
- Environmental protection (including the delivery of environmental projects)
- Integration of SGC in SUEK's ICAS system
- Automation of business processes
- Working capital management
- Implementation of key projects and other issues
By developing the compliance programme, we also contribute to the sustainable development of SUEK.Dmitry Kanterov, Chief Compliance Officer
The compliance management system developed by SUEK includes:
- The Compliance Officer function integrated into the Legal Service
- Monitoring the external and internal regulatory environment
- Regulation of mandatory compliance procedures for employees
- Continuous employee training
- Work with compliance risks and provision of reporting information regarding compliance
- Compliance communications, including receiving hotline feedback
- Conducting inspections and compliance investigations
These procedures help prevent, find and eliminate the risks of non-compliance within the requirements of external and internal regulatory documents.
Key compliance activities in 2018:
- SUEK’s Code of Corporate Ethics
- Anti-corruption compliance
- Compliance in the field of covenants/limits
- Anti-monopoly compliance
- Tax compliance
- Compliance in the field of licensed activities and natural resource management
- Compliance in the field of land and property matters
- Sanction compliance
- Health and safety compliance
- Counterparties’ compliance
The risk assessment, regarding violations of compliance standards, is the responsibility of SUEK’s Compliance Officer function, which uses methodology based on the ISO 19600:2014 international standard for compliance management. In relation to the identified and assessed compliance risks, step-by-step action plans have been developed for the elimination of regulatory violations risks from SUEK’s operational practices.
On a daily basis, the compliance unit ensures:
- Continuous monitoring of the regulatory environment
- Timely development of local regulations required for the company
- Maintaining a sufficient level of awareness of staff to protect the company from compliance risks
- Confirmation of employee protection guaranteed when address ing compliance issues through the hotline
- Introduction of compliance tools in our business processes with an emphasis on automation and clear instructions to reduce any human factor risks
Actions taken in 2018 enabled the timely identification and reduction of specific compliance risks relating to corporate ethics, environmental management, antitrust compliance and licensing.
In 2018, the compliance programme additionally factored in the regulatory risk under the General Data Protection Regulation 2016/679, which entered into force in the EU in May 2018. The company created a GDPR working group, developed the necessary internal regulations, concluded agreements on inter-group transfer of personal data, amended the company's website, and established the position of Data Protection Officer, combining the functions of IT support, information security and personal data protection manager.
In 2018, an association of leading European energy companies, Bettercoal non-profit organisation, audited SUEK for compliance with the Bettercoal code standards. The main areas of audit coincided with the priority areas of SUEK’s compliance programme: ethical business conduct, environmental management, labour and industrial safety, respect for the rights of employees. The introduction of a compliance system and the development of a compliance programme, both at the level of SUEK’s headquarters and regional companies, was appreciated by the international auditors as examples of best practice that should to be extended to SUEK’s business partners.
Baker Botts, a leading international law firm, separately audited SUEK’s sanctions compliance. This area was recognised as compliant with best practices that can sufficiently prevent risks of violation of applicable requirements.
In connection with the consolidation of the energy business, compliance procedures are being introduced at SGC, with a compliance management function being established based on sharing experiences with SUEK. Eight priority areas for the compliance system were initially identified. Introductory compliance workshops for top managers were held at the head office and key regional companies. A roadmap for the introduction of a full-fledged compliance system has been developed and is being implemented, with events planned for 2019.