In order to successfully manage existing risks, the Company has developed and implemented a risk-oriented approach to business, designed to help the management through the decision-making process under uncertainty, as well as to indentify opportunities for achievement of the Company’s goals.
The Board of Directors annually approves a Risk Management Plan, regularly updates risks together with the development and subsequent monitoring of action plans to mitigate risks to an acceptable level.
Along with the development and implementation of operational business decisions, Rostelecom reviews the risks associated with them. This takes place during collegial discussions at meetings of the Board of Directors, the Audit Committee of the Board of Directors, the Management Board, the Risk Management Committee, working groups and meetings.
Risk Management Policies
Risk management activities are based on the corporate governance policies of the Organization for Economic Cooperation and Development, standards of the Institute of Internal Auditors and the Standard No. 2 of the Board for Supervision of Accounting in Public Companies used in the course of audit of the companies as well as the recommendations of the Corporate Governance Code (approved on 21 March 2014 by the Board of Directors of the Bank of Russia).
As a methodological basis for building a risk management system, the Company uses the recommendations of the Integrated Risk Management Model, represented by the Committee of Sponsoring Organizations of the Treadway Commission in 2004, as well as international standards (GOST R ISO 31000: 2010 “Risk Management. Principles and guidelines, GOST R ISO 31010: 2011 “Risk Management. Risk Assessment Methods”, etc.).
Distribution of Responsibilities between the Risk Management System Participants
Responsibilities for risk management are distributed between the system participants as follows (see organizational chart in the section “Corporate Governance”):
- The Company’s Board of Directors is responsible for the overall monitoring of the risk management process efficiency (approves Risk Management Plan for the year and revises it during the year as appropriate, reviews the risk reports on quarterly and annual basis, takes the decision on the RMS development areas as a whole).
- Audit Committee of the Board of Directors is responsible for making recommendations to the Board of Directors on the basis of a regular review and discussion with the Company’s management of the procedures established by the Company in relation to risk assessment and management, including discussion of the main risks and the measures taken by the Company’s management for monitoring and control of such risks.
- The Company’s management is responsible for managing the key risks and regular monitoring of the risk management system operation.
- Internal Audit assesses and develops appropriate recommendations based on the risk management system effectiveness assessment in terms of identifying existing risks and possibility of new types of risks; proper risk assessment; effectiveness of actions taken to manage risks; Reporting on the status of the principal risks and actions taken to control them.
- The Company’s units and employees are responsible for risk management in accordance with the assigned functional areas and duties.
- Chief Risk Manager of the Company ensuring the risk management system building, operation monitoring and maintenance. As part of the risk management function, the Company has the structural unit — the Risk Management Department. The functional and administrative units are subordinate to the chief risk manager.
- The Company’s division performing internal control functions ensures the coordination of activities to build and sustain the internal control system effectiveness. The organization of the Company’s internal control system is based on the risk-oriented approach.
The risk management system is aimed at providing a reasonable, but not absolute assurance regarding the achievement of the Company’s goals. This limitation is due to the following factors:
- risk identification and assessment cannot be completely accurate, because the risks are related to the future, which is always associated with uncertainty;
- decision to respond to the risk are taken in view of the adequacy and appropriateness of the Company’s resources;
- some of the risks are beyond the Company’ control.