Internal audit and Compliance management system
Alexander Dolgopolov, Chief Audit Executive
Areas of responsibility:
- Helping improve the efficiency and effectiveness of the company’s activities by providing independent assessment and advice on internal control, corporate governance, risk management, the compliance of the distribution of roles and responsibilities in risk management and internal control with international best practices.
- Facilitating the timely identification of risks and the development of risk mitigation actions by evaluating the efficiency of operations, compliance with regulatory requirements, the reliability of the company’s external and internal reporting.
- Providing management, the Audit Committee and the Board of Directors with timely and complete and high-quality information for making decisions and gaining reasonable confidence in assessing the degree to which the company has achieved its goals.
- Contributing to the company’s value enhancement by participating in the processes of setting and assessing the achievement of strategic goals.
- Being a model in following the principles of corporate culture and behaviour, ethics and professionalism.
The independence of the Service is ensured by its functional subordination to the Audit Committee. The Committee reviews the Service’s reports on a quarterly basis, approves internal audit plans and the Service’s budget, holds regular meetings with the head of the Service to discuss current issues.
When planning its work, the Service applies a risk-based approach, taking into account the external environment and performance of the company, focus areas of the Board of Directors and executives, risk assessment results.
In 2019, particular focus was given to the following issues:
- Industrial and labour safety
- Environmental protection
- Automation of business processes
- Production planning
- Asset management, equipment maintenance and repairs
- Implementing keys investment projects
Based on the recommendations of the Service, managers develop and take corrective actions aimed at improving the efficiency of the internal control system, business processes and operations. The Service monitors and analyses the efficiency of such actions.
During the year, the Service implemented the internal audit function’s development strategy for 2018–2020, including the following areas:
- Assessing the principles of building the internal control system in the context of the ‘Three Defence Lines’ concept according to the Board’s recommendations on the compliance of the company’s internal control system with best practices
- Increasing the automation of internal audit processes
- Unifying the audit methodology and developing the expertise function, taking into consideration the consolidation of SUEK’s and SGC’s internal audit services, in particular, unifying risk assessment processes and procedures for planning and conducting audits in the Coal and Energy Segments
- Creating a single platform for scheduling, accounting for resources used and managing internal audit projects
The Service implemented its own development software, for the automation of the following elements:
- Scheduling of and accounting for actual hours worked in terms of employees and projects
- Monitoring the deadlines and planned labour intensity of projects by stages
- Approval procedures for initiating, modifying, completing and assessing the quality of conducted audits
- Support for the employee competency model and the Service as a whole
Further work continues on the automation of the internal audit function. In particular, based on the results of analytical work carried out in 2019, a project was initiated to automate audit procedures for a ‘continuous audit’ of business processes based on the automated continuous analysis of accounting systems data.
The key focus areas for 2020
- Evaluating the compliance of the internal control system for business processes with the classic ‘Three Defence Lines’ model
- Project management risk assessment, including when delivering projects of the DPM‑2 programme and purchasing new assets
- Automation of business processes
- Wage pool budgeting
- Implementing the development strategy for maintenance and repair processes
Dmitry Kanterov, Chief Compliance Officer
By ingraining values of compliance in SUEK’s corporate culture and affecting a gradual change in the mind-sets of our employees, we can achieve greater business sustainability, confident of avoiding the negative consequences associated with potential compliance breaches.
SUEK has introduced a compliance system and approved a Compliance Policy designed to ensure the company’s activities remain in compliance with the requirements of applicable law, internal norms and rules, compliance principles and standards.
Within the framework of the compliance management system, applicable standards are monitored, explained and communicated to performers; compliance with mandatory requirements is monitored across all units; non-compliance risks are prevented, identified and corrected.
In connection with the consolidation of the energy business, compliance procedures are being introduced in phases at SGC. Key roadmap activities were completed by mid‑2019, and the synergistic effect of synchronising compliance across SUEK’s Coal and Energy Segments’ management systems is already visible. Our own experience gained in consistently implementing compliance systems means we are able to move towards achieving compliance goals ahead of standard deadlines.
In 2019, SUEK’s compliance management system successfully passed an independent audit and gained recognition at a global level. Experts from the International Compliance Association visited SUEK’s office in Moscow and production assets in the Krasnoyarsk region. Our certification audit at all levels, from the Board of Directors to production sites, included 55 interviews and resulted in more than 230 documentary proofs of how the company actually followed compliance policies. Based on the audit results, in December 2019, SUEK received certification for ISO 19600:2014 (Compliance Management) and ISO 37001:2016 (Anti-Corruption Management).
Therefore, SUEK’s management systems have now been confirmed for compliance with international standards across all ten areas (risk areas) of the company’s compliance programme:
- Code of Corporate Ethics
- Anti-corruption compliance
- Anti-monopoly compliance
- Sanction compliance
- Compliance in licensed activities and natural resource management
- Compliance in covenants/limits
- Tax compliance of our business partners
- Compliance in land and property matters
- Counterparties’ compliance
- Health and safety compliance
The continuous improvement to our compliance system is intended to provide reasonable assurance that the company’s efficiency, the achievement of its targets, preservation of assets, reliability and timeliness of reporting are achieved in compliance with applicable standards.
Digitisation of compliance management
In 2019, a pilot project was launched to optimise the process of analysing violations, identifying systemic and repeated violations. The following modules were developed on the basis of the existing IT system:
Module 1 – systematisation of data on cases of administrative offenses in relation to enterprises and officials
Module 2 – the development and implementation of action plans (‘road maps’) to eliminate inconsistencies associated with the preparation of permits for construction.
Digitalisation reduces dependence on the ‘human factor’, expands the potential for analytics and forecasting and significantly reduces the complexity of standard processes, which allows the company to best prioritize and provide the necessary resources to the most relevant areas.