Internal control framework
The internal control framework of MMC Norilsk Nickel is a combination of organisational structures, methods and procedures approved by the Company’s Board of Directors, executive/control bodies and officers as a reasonable guarantee of the following:
- efficiency and effectiveness of the business,
- reporting accuracy and reliability,
- compliance with the laws of the Russian Federation and by-laws of the Company.
The internal control framework embraces all management levels and is represented by the following control bodies:
- Audit Commission,
- Audit Committee of the Board of Directors,
- Financial Control Service,
- Risk Management Service,
- Internal Audit Department.
The Audit Commission controls the financial and business operations of the Company. This Commission audits the Company’s results on an annual basis and at any time as decided by the Commission, resolutions of the General Meeting of Shareholders and the Board of Directors or as requested by the shareholders holding collectively at least 10% of the Company’s voting shares. After the review of the financial and business results, the Audit Commission issues opinions in accordance with the Federal Law and other applicable laws and regulations of the Russian Federation.
The purpose of the audits (reviews) conducted by the Audit Commission is as follows:
- confirm the accuracy of data provided in the Company’s annual report, balance sheet and income statement,
- review compliance of the accounting framework with the applicable regulations,
- control compliance of the Company’s financial and business operations with the applicable rules and standards,
- review the Company’s financial position of solvency, assets liquidity and debt/equity ratio; identify potential for improvement of the Company’s economic performance and issue recommendations for governance bodies,
- check the timing and accuracy of payments to the suppliers and the government, dividend distribution and payouts, bond interest accruals and satisfaction of the Company’s other liabilities,
- see to the application of the Company’s profits,
- inform the Company’s Board of Directors of the identified breaches of the statutory accounting and reporting procedures or business practices.
Members of the Audit Commission are elected by the Annual General Meeting of Shareholders for a period extending until the next Annual General Meeting of Shareholders. The composition of the Audit Commission, election procedures and restrictions applying to the election process are set forth in the Federal Law and the Company’s Charter.
- Members of the Audit Commission may not simultaneously serve on the Company’s Board of Directors or take up other management jobs.
- The Chairman of the Audit Commission is elected by the members of the Audit Commission among themselves by a majority vote from the total number of members of the Audit Commission and may be re-elected at any time. The Chairman steers the Audit Commission, convenes and chairs its meetings and ensures the recording of minutes.
Members of the Audit Commission as at 31 December 2015
In the reporting year, the Audit Commission consisted of five people as prescribed by Clause 12.2 of the Company’s Charter and resolution of the Annual General Meeting of Shareholders dated 13 May 2015:
- Vladimir Shilkov, Vice President of the CIS Investment Advisers’ Investment Department, Deputy Project Manager of the Financial Control Service at MMC Norilsk Nickel;
- Georgy Svanidze, member of the Management Board, CFO at Interros Holding Company;
- Ekaterina Voziyanova, member of the Audit Commission at MMC Norilsk Nickel;
- Elena Yanevitch, First Deputy CEO at Interpromleasing;
- Anna Masalova, Financial and Administrative Director, Russia and CIS, UCB Pharma.
Financial Control Service
The Financial Control Service audits the financial and business operations of the Company and its subsidiaries to report and issue recommendations to the President and directors of the Company. The head of the Service is appointed by a resolution adopted by the Company’s Board of Directors.
Risk Management Service
The Company has a Risk Management Service responsible for the development of a risk management framework. The key task of the Service is to implement and improve the risk management framework maintaining overall exposure within the Company’s risk appetite profile.
The risk management framework was designed in accordance with the Russian laws, including the Corporate Governance Code recommended by the Bank of Russia, and Russian and international professional risk management standards, including ISO 31000 family standards [Risk management] and COSO ERM [Enterprise Risk Management — Integrated Framework]. MMC Norilsk Nickel’s management framework is based on uniform principles and covers all business areas and management levels with a view to maintaining overall exposure within the Company’s risk appetite profile.
Risk Management Service — objectives:
- to provide methodological support to the risk management function of the Group and its companies;
- to introduce and maintain information exchange on risks and risk management at all decision-making levels. To ensure continuous awareness of risks among stakeholders;
- to develop/integrate risk management framework components within multiple areas of business and business processes, including the internal control framework, and to secure information exchange with the internal audit function;
- to improve workforce knowledge and competencies in risk management.
Risk Management Service — functions:
- to report key risks and action taken to improve the risk management framework (to be submitted to the Company’s management, Audit Committee and Internal Audit Department);
- to consolidate information on the Company’s risks and monitor risk management initiatives;
- to develop and apply data analysis techniques, risk management modelling and forecasting;
- to introduce and review acceptable levels of risk appetite and risk tolerance;
- to develop risk management guidelines;
- to coordinate employee training programmes in risk management.
The key risk management improvement initiatives include better methodological support of risk management, further integration of risk management practices into key business processes (including strategic planning, budgeting and incentives), and support of the risk management function across Norilsk Nickel’s operations.
A comprehensive security framework
In 2015, MMC Norilsk Nickel’s security operations focused on the implementation of a comprehensive security concept approved by the Company’s Management Board, and drew heavily on the ongoing analysis of the full range of the Company’s challenges and threats in a rapidly changing operating environment. The gradual embedding of the MBO (Management by Objectives) principles in the economic, corporate, information and physical security systems has enabled the Company to promptly and adequately respond to the production and financial risks, clamp down on embezzlement, implement initiatives to counter illicit trafficking of precious metals and metal bearing materials, and efficiently prevent in-house corruption.
To further promote security related public-private partnerships, MMC Norilsk Nickel and the Federal Customs Service of Russia signed a cooperation agreement to develop and launch a handful of initiatives aimed at detecting and preventing smuggling of metal products across the borders of the Customs Union.
MMC Norilsk Nickel pays special attention to complying with the federal anti-terrorism laws and enhancing security of the Company’s strategic power and transportation facilities. In 2015, the close cooperation with law enforcement authorities helped the Company protect these facilities from any potential unlawful intrusion.
The Company ensures 100% safety and confidentiality of the employee and counterparty personal data through an ongoing upgrade of the dedicated protection systems. Steps are taken to integrate information security processes with other group-wide business processes and IT solutions. The 2015 initiatives greatly improved the Company’s IT infrastructure security. MMC Norilsk Nickel’s excellence in IT security was recognised by the Silver Dagger Award, a professional information security prize won by the Company in the nomination for “Secure Cyberspace”.
The Company continued to promote international cooperation to enhance occupational safety and safe trading in precious metals. As the chair of the Security Committee of the International Platinum Group Metals Association, the Company’s representative, jointly with the United Nations Interregional Crime and Justice Research Institute (UNICRI), sponsored a number of initiatives to strengthen public-private partnerships aimed at fighting illicit transnational trafficking of precious metals. These initiatives received the support of world’s major metal producers.
Under the comprehensive security framework, the Institute for Modern Security Challenges, the Company’s subsidiary, has been developing new corporate tools to protect the Company’s legitimate interests focusing on the analysis of best international practices, introduction of acknowledged standards and technologies, expert reviews and preparation of analytical materials. These initiatives seek to optimise MMC Norilsk Nickel’s expenses, ensure its security, boost transparency and enhance cost efficiency.
Internal Audit Department
The Company has an Internal Audit Department (Internal Control Department until June 2015). The Department is headed by Nina Plastinina, Vice President for Internal Audit.
The key goals and objectives of the Department are as follows:
- maintain and increase the Company’s value by conducting impartial and unbiased audits,
- assess the efficiency of the internal control, risk management and corporate governance frameworks of the Group and its companies,
- provide methodological support to the internal control framework of the Group and its companies, and ensure a consistent approach to the design, operation and development of such internal control framework,
- offer an independent assessment of the accuracy and reliability of information about the Company’s metal bearing products at each stage of their production and circulation.
To assess quality of the internal control framework, the Department monitors compliance with the approved internal control procedures by:
- organising and conducting audits of the Company’s key financial and business operations with labour input from other business units,
- keeping record of breaches identified under internal control activities,
- analysing the Company’s internal audit results and overseeing the development and implementation of action plans to eliminate breaches identified during such audits,
- submitting proposals to improve the internal control procedures,
- coordinating operations of control and supervision functions in branches and subsidiaries, and engaging their people to participate in joint audits and expert reviews.
In 2015, the Internal Audit Department underwent significant restructuring, including introduction of the following units:
- business process audit desk,
- corporate group audit desk,
- expert support and internal control desk,
- accounting control unit for metal bearing products,
- enquiry control unit.
The business process and corporate group audit desks are responsible for audits of the Company’s key financial and business operations and coordination of the control and supervision functions’ operations in branches and subsidiaries, including exercises requiring an input from other business units and subsidiaries of the Company.
The expert support and internal control desk offers methodological support to the internal control function.
The accounting control unit for metal bearing products is responsible for monitoring the accuracy of information about the circulation of metal bearing products, measurement management of the control and accounting systems for such products and provision of methodological support.
The enquiry control unit serves as the Corporate Trust Service and ensures a prompt response from the Company’s management to any reports of abuses, embezzlement and other violations coming from the Company’s Head Office, its branches, representative office and Russian subsidiaries.
The Internal Audit Department issues reports, recommendations and other documents submitted to the heads of the Company’s business units and departments and to the President of MMC Norilsk Nickel. The Audit Committee of the Company’s Board of Directors regularly reviews performance of the Internal Audit Department.
In addition, the Department interacts with external auditors to improve the Company’s internal control framework.
Internal control policy
The Company’s internal control policy is set forth in the Regulation on Internal Control over Financial and Business Performance of MMC Norilsk Nickel approved by the resolution of the Board of Directors dated 14 July 2006 (Minutes No. GMK/18-pr-sd).
The Company’s internal control framework aims to:
- timely identify and analyse the Company’s risks;
- ensure accuracy of the Company’s financial statements and management reports;
- meet the Company’s financial and business targets;
- ensure safety of the Company’s assets and efficient use of its resources;
- support optimisation of the Company’s corporate structure;
- comply with the Company’s effective by-laws and internal procedures.
The internal control framework embraces all of the Company’s units and lines of businesses. In addition to the above policy, internal control procedures and requirements are set out in the Company’s business unit regulations, policies, standards and process operating procedures.
The Company has also adopted special procedures to handle information qualifying as a trade secret. MMC Norilsk Nickel’s Board of Directors has also approved a Regulation on the Procedure to Access Insider Information, Confidentiality Protection, and Supervision of Compliance with Laws on Prevention of Unauthorised Use of Insider Information and Market Manipulation, which sets out rules preventing unauthorised use of insider information and market manipulation.
Internal control changes in 2015
Last year, the Company’s internal control framework saw a number of major changes.
1. Improvements in control procedures
Norilsk Nickel launched a project to improve, standardise and automate its control procedures in conjunction with the embedment of integrated business management systems. Rolled out across the Company’s key business processes, units and operations, the project aims to establish a uniform group-wide methodology for internal controls design, application and development.
2. Updates in the regulatory and procedural frameworks
In addition to developing the new ones, the Company updated and refined its existing regulations and procedures, including business unit regulations, policies, standards and operating procedures governing operations and business processes pertaining to the prevention and settlement of conflicts of interest, exchange of business presents, in-house investigations, fight against embezzlement, protection of personal data, access to information resources through mobile devices, performance assessment, emergency procurement, accounting policy, etc. (a total of 53 documents).
Efficient internal controls help boost investors’ confidence in the Company and its management.