Control and Audit

Internal control is a key part of NCSP Group’s corporate governance system. The Company’s internal control system includes the Audit Commission, the Audit Committee of the Board of Directors, management bodies, as well as the Internal Audit Service and the Internal Control and Risk Management Service (ICRMS).

The efforts of all participants in the internal control system are aimed at ensuring economic efficiency and maximum transparency, and that all aspects of NCSP Group companies’ activities comply with legal requirements.

Participants in the risk management and internal control (RM&IC) system, and their roles
Participants in RM&IC system Functions Objectives
Board of Directors Determines the Company’s policy for identifying risks and eliminating/minimizing them Approves changes in development and improvement of RM&IC system

Provides external support for RM&IC system (set tone from above)

CEO Establishes a ‘healthy’ business environment at the Company

Facilitates the implementation of the latest standards of internal control and risk management

Establishes a flexible system for sharing information between key RM&IC system participants

Creates conditions for motivating employees who propose effective measures to improve RM&IC

Internal Control and Risk Management Service Prepares proposals for updating the Regulation on the RM&IC System

Generally coordinates the process of RM&IC

Monitors the process of RM&IC

Develops methodological support in the area of RM&IC

Analyzes existing local regulations in the area of RM&IC, makes recommendations for their improvement

Exercises control over the Company’s financial and business activities by conducting audits (control actions)

Analyzes information about existence of risks pertaining to the Company’s business

Prepares reports on internal control and risk management

Evaluates individual business processes of the Company for compliance with legislation, the goals of the Company and expectations of shareholders

Directors of Company divisions and employees Supports the development of the internal control and risk management system in the Company Informs subordinate staff about the current RM&IC system

Identifies risks, measures to manage risks specified by divisions

Analyzes control procedures and business processes for possible improvements in their area of responsibility

Internal Audit Service Assesses the effectiveness of the internal control and risk management system Analyzes the goals of the RM&IC system for consistency with the goals of the Company

Submits recommendations for improving RM&IC