Internal Control System
The Company has implemented the effective systems of internal control and risk management by applying modern standards and procedures.
The Company’s internal control system was developed and implemented in order to protect assets, improve business processes, ensure that financial, business and other activities comply with current laws, and maintain the control environment at the required level.
The Directorate for Control, Internal Audit and Business Coordination (further the Directorate for Control), the Audit Committee and Internal Audit Commissions are the main bodies that develop and implement measures in these areas.
The Directorate for Control develops internal control measures over the operations of UC RUSAL enterprises, ensures that these measures are implemented by conducting appropriate audits and reviews and undertakes the development and monitoring of the Company’s risk management policy. In its activity the Directorate for Control is responsible for independent assessment of the effectiveness of management decisions and for monitoring the compliance with the requirements of external regulators.
The Company has set up the Internal Audit Commissions at all enterprises of the Company to monitor the effectiveness of financial and business activity and the organisation of the internal control system. The Commissions analyse and review financial statements of enterprises on an annual basis and this is a mandatory stage in holding annual shareholder meetings.
The internal control measures are governed by constantly updated regulations, procedures and orders which include the following:
Regulations on notification of the Board of Directors and the Management Board in Special Situations, Environmental Policy of UC RUSAL,
Instruction on Occupational Safety and Fire Control System in UC RUSAL,
Guidelines on Organization of Working Conditions Control,
Regulations on Internal Investigation and Accident Analysis Related to Occupational Health, Industrial and Fire Safety,
Standard ST RGM 09.8.2.2 Internal Audits of Management Systems. Requirements to Organization and Planning,
Methods of Efficiency Indicators Formation,
Risk Management Policy of UC RUSAL,
Regulations on Emergency Control and etc.
The Directorate for Control continually monitors the performance by the Company’s management of all policies, rules and procedures established by the internal documents, as well as the recommendations submitted following the results of inspections and audits.
The Directorate for Control reports to the Board of Directors, the Audit Committee and the Internal Audit Commission on a regular basis about the results of its work, inspections and audits held, including the results of auditing the management bodies.
Based on the submitted reports the Audit Committee carries out an assessment of the effectiveness of the Company's internal control system on a quarterly basis. Following the results of the assessment 2015 the Board of Directors concluded that the internal control system of the Group operated in conformity with the Code of Corporate Governance.
One of the main objectives of the internal control is ensuring compliance with the requirements of regulatory bodies and documents (compliance), formation of the control system and coordination of works to ensure compliance with:
· the requirements to publicly traded companies;
· the requirements of agreements between shareholders;
· the requirements of ALUMINIUM FACILITY AGREEMENT (AFA) on conformity of the activities with the laws and regulations of various jurisdictions;
· the requirements in the sphere of labour relations and social policy of the Company;
· the requirements on environmental protection and others.
In order to prevent conflicts of interest the Company has implemented an automated control system for transactions with related parties (in accordance with International Financial Reporting Standards), and regularly develops and updates the internal regulations, holding training for the responsible employees. The Company implements an automatic control of transactions coherence and of the necessity to disclose transactions at the Stock Exchange of Hong Kong and to the shareholders in case of the established limits exceeding and the regulations on related transactions control.
According to the Listing Rules and the IFRS 24, 28, 31, the Company has developed and introduced a multi-level system of controlling transactions with the related parties (as defined in the Listing Rules) and the stakeholders, through which system the Company can ensure compliance with the Listing Rules and other applicable standards. These measures improved the risk identification system and increased the responsibility of the persons involved in the risk management process.
Anti-Corruption and Anti-Fraud Activity
UC RUSAL will neither tolerate bribery or corruption in any form to and from individuals or public officials, nor participate in any unethical incentives or payments.
The top executives of UC RUSAL participated in the development of the Anti-Corruption Charter of Russian Business of the Russian Union of Industrialists and Entrepreneurs (RUIE) as experts, and specifically President of the Company, Oleg Deripaska, who holds the position of RUIE Vice-President and the Chairman of the Committee on Ecology and Natural Resources Management.
The Directorate for Control and the Central Company Resource Protection Directorate play the leading role in prevention of any corrupt practices. They coordinate the activities of the corresponding departments at enterprises of the Company.
- Business Partner Code, which contains the rules of corruption non-acceptance;
- Corporate Code of Ethics;
- Regulations on Preventing and Settling Conflicts of Interest;
- Internal Code of Labour Conduct;
- UC RUSAL Information Security Policy;
- Information Security Management System Policy;
At the time of this Report rendering the Company conducted a coordination of the Anti-Corruption Policy, which is expected to be approved before the end of 2016. G4-SO4
The Company also holds the Central Company Resource Protection Directorate and the Resource Protection Department in the Aluminium Division. Their activity is primarily aimed at fraud combatting.
The Directorate for Control performs regular audits, which allow preventing possible violations or minimising their consequences. Corruption and fraud risks are analysed and entered in the Company’s risk map. G4-SO3
Based on the results of audits held by the Directorate for Control at the Company’s enterprises and in the Central Company certain personnel solutions were adopted: several employees were penalized and several employees were dismissed. G4-SO5
All employees are informed about current procedures in the area of combatting fraud and corruption. In addition to this, the Human Resources Directorate regularly trains employees in methods of combatting corruption. Within the frameworks of annual meetings, managers of resource protection departments share their experience in this sphere.
One of the most effective current tools for combatting corruption and fraud is the RUSAL Line of Trust, in which any employee of the Company can use to report cases of fraud or any other violations. Over the reporting period, the Line of Trust received 39 reports, 100% of which were processed and approximately 40% of which were confirmed in whole or in part, and as such were followed by the corresponding correction measures. G4-SO5
In connection with the fact that the Company purchases large volumes of raw materials, consumables, and services, the control and optimisation of procurement activities is a specific area of responsibility on the part of the Directorate for Control. The Tender Committee chaired by the Director for Control includes representatives of the key divisions of the Company, thus allowing to fulfill a wide range of control functions. The successful work of the Directorate for Control in the Tender Committee is confirmed by the achieved financial savings in the amount of USD 4.7 million within the year 2015.
The main results in 2015
· The Directorate for Control performed 90 reviews, of which around 50% were unscheduled and were conducted on the instructions of the Company management. Based on reviews and audit results about 80% of the recommendations made by the Directorate for Control were fulfilled or in the process of completion. This dynamics can be an evidence of the high level of executive discipline among the Company management.
· Continuation of the measures to increase the control over:
o execution of the administrative documents of the Company;
o compliance with the requirements of external regulators (HKEx, the Company’s shareholders) regarding transactions with related parties and associates;
o completion of personnel-related procedures;
o opening and implementation of investment projects;
o improvement of electronic document management system in the Company.
· Operation of the Line of Trust.
In order to reduce the negative effects of the potential dangers and to ensure stable and sustainable business development, the Company pays particular attention to building an effective risk management system.
Risk management is part of the competence of the risk management group created by the Board of Directors as part of the Directorate for Control. The main internal documents governing activity in this area are: G4-45
· Risk Management Policy which determines the general concept and obligations of employees;
· Regulations on risk management which include description of the key tools and methods for identifying, assessing and mitigating risks.
The key elements of the risk management system are identification and assessment of risks, development and implementation of risk mitigation measures, risk management reporting, as well as assessment of the risk management system performance.
Key steps taken on risk management include:
· organising independent risk audits at the Company enterprises, conducted by specialists of Willis Group and of Ingosstrakh Engineering Centre to reduce risks and optimise the Company’s insurance program;
· preparation of an annual Corporate Risk Map and submission to the Audit Committee quarterly reports on status of the risk management system; G4-49
· assessment and audit of the risk management system;
· preparation the risk management program.
The auditing procedure includes planned activities on risk maps for industrial sites and solving problems set by the governance bodies of the Company. The purpose of auditing is to identify significant risks, evaluate available key performance indicators of business processes and make recommendations to improve the internal control system, as well as to control implementation of the recommendations made following the results of such audits.
These measures improved the risk identification system and increased responsibility of the persons involved in the risk management process. New areas of risks which were not identified earlier are regularly analyzed and the quality of information submitted by the enterprises of the Company is regularly improved.
Monitoring, reporting and performance assessment
The Directorate for Control regularly reports on its activities to the Board of Directors, the Audit Committee and the Internal Audit Commission. As part of these reports, the Directorate for Control provides information on the risk management system, the results of preparing the Risk Maps, new risks and mitigation of various types of risks. G4-47
The Audit Committee controls management’s compliance with the Company’s risk management policies and procedures. Based on the reporting submitted, the Audit Committee and Board of Directors review the Company’s risk profile and the results of its risk management programs on a quarterly and annual basis. The Internal Audit Commission also receives reports and performs independent assessment of the risk management system.
According to the Audit Committee and the Board of Directors, the internal control system of UC RUSAL was in conformity with the Code of Corporate Governance within the year ended on 31 December 2015. G4-46
Risks management measures
Risks related to damage caused by the Company to the environment and an increase in environmental pollution payments
In order to mitigate risks the Company monitors environmental legislation and implements a set of environmental protection measures (e.g. monitoring mud lakes)
See details in Section "Environmental Protection"
Occupational health and safety risks
Risks related to employee health and safety
In order to prevent accidents the Company develops an Occupational Health, Industrial and Fire Safety Management System, assesses risks in this area, trains employees, implements programmes and measures to ensure safe employment conditions, and conducts audits of the system.
See details in Section "Occupational Health "
Risks associated with social tensions
Risks related to social tensions arising from employee dissatisfaction with the current situation at enterprises.
Managing this risk includes ongoing conciliatory work with employees, management and trade unions. Work to prevent these risks is methodical and well-organised, and these risks are currently at a minimal level.
See details in Section "Employees"