Internal Audit System

The internal audit policy of Transneft (hereinafter referred to as the Company) is stipulated in the Regulations on Internal Audit (approved by the resolution of the Board of Directors of Transneft dated 20 September 2019, Minutes No. 16). As per the given document, internal audit is the activity of providing independent and objective guarantees and advice to improve the performance of the Transneft system, the Company and its subsidiaries. Internal audit helps the Transneft system, the Company and its subsidiaries reach the set targets through the use of a systematic and consistent approach to assessing and raising the efficiency of the risk management system, the internal control system and the corporate governance of the Transneft system, the Company and its subsidiaries.

Internal audit within the Company and its subsidiaries is performed by the Department of Internal Audit and Analysis of Core Business Activities.

Internal audit is carried out for the following types of activities
Type of activity Measures
Assessment of the reliability and efficiency of the internal control system
  • analysing conformity of aims of business processes, projects, business units in the Company and its subsidiaries to the goals of Transneft Group, the Company and its subsidiaries; checking the efficiency, reliability and integrity of business processes (operations) and information systems, including the reliability of procedures for countering illegal actions, abuse and corruption;
  • checking the accuracy of accounting (financial), statistical, managerial and other reports; determining to what extent the results of business processes and activities of the Company’s business units and subsidiaries achieve the set goals;
  • determining the adequacy of criteria established for analysing the degree of achievement of the set goals;
  • detecting flaws of the internal control system which bar (barred) the Transneft system, the Company and its subsidiaries from reaching the set targets;
  • assessing the results of implementing (taking) the measures tailored to eliminate violations and flaws while improving the internal control system taken by the Company and its subsidiaries on all corporate governance levels;
  • checking the efficiency and expediency of using resources of the Company and its subsidiaries;
  • checking the safety of assets owned by the Company and its subsidiaries;
  • checking compliance with the law, the Articles of Association and internal regulatory documents of the Company and its subsidiaries.
Assessment of the reliability and efficiency of the risk management system
  • checking the sufficiency and maturity of the risk management system’s elements possessed by the Transneft system, the Company and its subsidiaries for efficient risk management, such as goals and objectives, infrastructure including corporate structure, automation tools and such, arrangement of processes, regulatory and methodological framework, interaction of business units within the risk management system and reporting;
  • checking whether the risks are fully exposed and correctly assessed by the management of the Company and its subsidiaries on all corporate governance levels;
  • checking the efficiency of monitoring procedures and other risk management measures, including the efficiency of use of the resources allocated for these purposes;
  • analysing information about the materialised risks (including violations detected during inspections, underperformance to target, lawsuits and other cases).
Assessment of corporate governance
  • checking adherence to business ethic principles and corporate values of the Transneft system, the Company and its subsidiaries;
  • checking the procedure of goal-setting by the Transneft system, the Company and its subsidiaries, as well as monitoring their implementation;
  • checking the level of regulatory support and information exchange procedures (including regarding risk management and internal control) at all corporate governance levels of the Transneft system, the Company and its subsidiaries, including engagement with stakeholders;
  • checking whether the shareholders’ rights are respected, including subsidiaries’ shareholders, as well as whether interaction with stakeholders is efficient;
  • checking the procedures of disclosing information about the activities of the Transneft system, the Company and its subsidiaries.

In 2019, Transneft’s Department of Internal Audit and Analysis of Core Business Activities operated in accordance with Transneft’s General Guidelines (Plan) for Internal Audit for 2019 approved by the Board of Directors of the Company on 24 December 2018. In pursuance of this plan, 105 internal audits were conducted in relation to the Company and its subsidiaries for the following main types of activities:

  • execution of certain provisions of the Long-Term Development Programme;
  • organisation and conduct of procurement and contract execution procedures;
  • capital investments in fixed assets;
  • fixed assets and inventories;
  • operations with oil and petroleum products;
  • financial management and budgeting;
  • forming the financial results, distribution and use of revenue;
  • information systems;
  • comprehensive assessment of the internal control and risk management systems;
  • other types of financial and operational activities.

Such audits resulted in recommendations on improvement of the business processes, elimination of the existing shortcomings and remarks, followed by checking whether the recommendations were observed.

The Audit Committee under the Company’s Board of Directors annually assesses the efficiency of performing internal audit functions, considers the matters of essential limitations and threats to the independence in performing internal audit functions. The Company’s Board of Directors annually approves a report on the performance results of the internal audit unit.

From 21 January 2019 to 5 April 2019, KPMG conducted external assessment of the quality of internal audit. Based on the assessment results, KPMG concluded that, as of April 2019, the structure and activities of the Department of Internal Audit and Analysis of Core Business Activities generally complied with the International Standards for the Professional Practice on Internal Auditing and the Code of Ethics developed by the Institute of Internal Auditors. “Generally Complies” is the highest rating, which means that the internal audit business unit has Regulations on Internal Audit, as well as corresponding policies and procedures, and that their performance and results comply with the International Standards for the Professional Practice on Internal Auditing. At the same time, KPMG defined individual recommendations to increase general effectiveness of the internal audit function, the implementation of which will be carried out in further work of the Department of Internal Audit and Analysis of Core Business Activities.

Based on the 2019 performance, the Audit Committee under the Board of Directors of the Company recognised the performed internal audit function as efficient at the Company and its subsidiaries, recognised the absence of essential limitations and threats to the independence in performing internal audit functions, as well as to the objectivity of the internal auditors at the Company and its subsidiaries, in 2019.

List of Internal Documents Governing the Internal Audit Functions:
  • The Regulations on Internal Audit (approved by resolution of the Board of Directors of Transneft on 20 September 2019, Minutes No. 16);
  • Regulations on Transneft’s Department of Internal Audit and Analysis of Core Business Activities No. 08-03/001 dated 8 December 2015;
  • The Internal Auditors’ Code of Ethics (approved by Transneft Order No. 87 dated 21 April 2016);
  • The Internal Audit Quality Assessment and Improvement Programme (approved by Transneft Order No. 136, dated 14 July 2016);
  • The Regulations on Planning Internal Audits and Analysing the Core Business Activities of Transneft and its subsidiaries (approved by the Transneft President on 24 November 2016).