Р СУР KEGOC 00-200-14-СД
Version 3
AGREEDMinutes of KEGOCManagement Board
No. 4 dated 12March2014 / APPROVEDMinutes of KEGOCBoard of Directors
No. 3dated 04April2014AGREED:
Minutes of the Risk Committee
No. 3dated 06March2014GUIDELINES
RISKManagement System
Р СУР KEGOC 00-200-14-СД
Copy No. ___
Version 3
Effective date 04 April 2014
Astana
Table of Contents
1 Scope of Application
2 Regulatory References
3 Terms and Definitions
4 Designations and Abbreviations
5 Responsibility and Authority
6 Risk Management System
6.1 Internal Environment
6.2. Determination of Goals
6.3 Risk Identification
6.4. Risks Assessment
6.5 Risk Management
6.6 Control
6.7 Information and Communication
6.8 Monitoring
7 Interrelation of Risk Management Process with Processes of Strategical Planning and Operations, Budgeting and Motivation
8 RSM Management
Appendix 1
Appendix 2
Appendix 3
Appendix 4
Appendix 5
Appendix 6
Appendix 7
Appendix 8
Appendix 9
Appendix 10
Appendix 11
Appendix 12
Appendix 13
Appendix 13
Appendix 15
Appendix 16
These Company Guidelines may not be fully or partially reproduced, duplicated or distributed without permission of the Representative of KEGOC IMS Management.
1 Scope of Application
1.1 These Guidelines for Risk Management System (hereinafter referred to as RMS Guidelines) determine the procedures of risk management in Kazakhstan Electricity Grid Operating Company - KEGOC JSC (hereinafter referred to as KEGOC).
1.2 RMS Guidelines are elaborated subject to the best international standards and methodologies in RMS sphere (COSO methodology, etc.)
1.3 RMS Guidelines shall be applied by all KEGOC structural subdivisions including KEGOC branches and Representative Office of KEGOC
in Almaty.
1.4RMS Guidelines are an internal regulatory document of KEGOC
and shall not be subject to submission to other parties except for the governmental bodies, Sovereign Wealth Fund 'Samruk-Kazyna' JSC, rating agencies.
2 Regulatory References
These RMS guidelines have references to the following legal acts of the Republic of Kazakhstan and internal regulatory documents:
Policy establishing the limits on balance sheet liabilities and off-sheet liabilities in counter-banks of Samruk-Kazyna companies;
KEGOC Long-Term Development Strategy until 2025 (hereinafter referred to as KEGOC Long-Term Strategy);
ISO 14001:2009 Environmental Management System. Requirements with guidance for use;
OHSAS 18001:2007 Occupational Health and Safety Management Systems. Requirements;
Regulations on the Internal Audit Service
Rules on Arrangement of Internal Audit Procedures in Kazakhstan Electricity Grid Operating Company JSC;
СТ KEGOC 00-101-10 Company Standard. Document Management.
СТ KEGOC 00-202-10 Company Standard. KEGOC Policy on Corporate Risks Management.
Пр KEGOC 00-322-09 Rules. Exchange Risk Management in KEGOC;
Пр KEGOC 00-323-10 Rules. Interest Rate Risk Management in KEGOC;
Пр KEGOC 00-333-13 Rules. Arrangement of Insurance Coverage in KEGOC;
Пр KEGOC 00-338-13 Rules. Management of Theft and Fraud Risks in KEGOC;
Пр KEGOC 00-315-13 Rules. Elaboration, Agreement, Approval, Adjustment, Execution and Execution Monitoring of Development and Budget Plan in KEGOC.
Пр KEGOC 00-335-13 Rules. Labour Remuneration and Bonus Payment for Managerial and Administrative Employees of KEGOC
3 Terms and Definitions
These RMS Guidance use terms in accordance with internal regulatory documents as well as the following terms with respective definitions:
3.1 Business Process shall mean logically accomplished set of interrelated actions, operations and processes using various resources, implementing KEGOC Policy in management sphere (managing business process) or in doing the core business (operating business process), or serving the core business (auxiliary business process) to achieve KEGOC stated goals.
3.2 Corporate Development Department shall mean structural subdivision responsible for risk management matters.
3.3Risk Map shall mean graphical and text description of the limited number of risks in the company placed in the rectangular chart with vertical indication of influence and size of a risk and horizontal indication of plausibility or frequency of its occurrence.
3.4 Key Performance Indicators (goals) shall mean indicators characterizing the efficiency level in KEGOC activity allowing us to assess the efficiency of the activity as a whole as well as the company executives.
3.5 Key Risks shall mean the risks that fall into the red and orange zones of the Risk Map.
3.6 Key Risk Indicators shall mean indicators used by KEGOC to get the early signal on the increased plausibility of risk occurrence in various spheres of its activity.
3.7 Control Actions shall mean the actions which help to ensure performance of measures on risk management.
3.8 Cross-Functional Coordination under Risk Management shall mean the management process of interfunctional (interprocess) risks (risks that influence the goals of several functions (business processes) which is based on the collegial decisions made jointly based on the information availed by the different functions (business processes)).
3.9 Residual Risk shall mean the risk remaining when the top management has taken the risk response measures (the control procedure).
3.10 Risk Register shall mean the list of KEGOC and/or its business-related risks.
3.11 Risk shall mean any possible event or action that if occurred may affect the achievement of KEGOC goals and may infringe the successful implementation of its strategy.
3.12 Risk Appetite shall mean KEGOC's ability and desire to undertake the certain risks to achieve its strategic goals.
3.13 Risk Coordinator shall mean the employee of a structural subdivision responsible for arrangement of work on risk management within the structural subdivision which is the one to communicate with CDD.
3.14 Risk Culture shall mean the indicator of the internal environment which reflects that KEGOC top management and employees make the decisions and perform their operating and other activity taking into account the optimal balance of risks and opportunities.
3.15 Risk Factor shall mean the reason causing the risk occurrence.
3.16Risk Owner shall mean an entity (employee/structural subdivision) which job duties envisage responsibility for all aspects of certain risk management, in particular for decrease of plausibility of risk occurrence and/or decrease of possible influence of consequences caused by risk occurrence on KEGOC.
3.17 Risks Tolerance shall mean an adequate level of deviation from the targeted indicators which does not influence significantly the achievement of KEGOC strategic goals.
3.18 Hedging shall mean the risk insurance against the adverse changes in currency exchange rate of Tenge in relation to foreign currencies and fluctuations of variable interest rates through getting into counterposition in the parallel market. Hedging strategy envisages the specific hedging instruments and methods of their use to mitigate foreign exchange and interest risks.
3.19 Expert shall mean key employee of the structural subdivision/B&A having the specific knowledge and experience in his (her) sphere.
3.20Goal of the Head of Structural Subdivision shall mean KPI established for managerial staff of KEGOC in accordance with Пр KEGOC 00-335-13-ПР.
4 Designations and Abbreviations
These RMS Guidelines use the following abbreviations:
KEGOC - Kazakhstan Electricity Grid Operating Company (KEGOC);
RMS Guidelines - the Guidelines for KEGOC Risk Management System;
RMS - Risk Management System;
KRI - Key Risk Indicators;
KPI - Key Performance Indicators;
B&A - Branches and Affiliates;
CDD - Corporate Development Department;
IAS - Internal Audit Service.
HRD - Human Resources Department
TCOSS - Technical Control and Occupational Safety Service;
Audit Committee – the Audit Committee of KEGOC Board of Directors.
5 Responsibility and Authority
5.1 These RMS Guidelines shall be approved by the decision of KEGOC Board of Directors.
5.2 Control over implementation of the requirements indicated in these RMS Guidelines shall be performed by the Deputy Chairman of the Management Board - Corporate Governance.
5.3 Head of the Corporate Development Department shall be responsible for management and compliance of the requirements stated in these RMS Guidelines with the legal acts of the Republic of Kazakhstan.
5.4 Heads of KEGOC structural subdivisions, including branches and affiliates shall be responsible for performance of the requirements stated hereof.
6 Risk Management System
The main objective of risk management in KEGOC is to ensure continuity and stability of the activity through hedging the influence of internal and external adverse effects on KEGOC's activity.
6.2 Risk Management System challenges the following tasks:
1) elaboration and application of the uniform and consequent approaches to risk identification, assessment and management in KEGOC, simplification of a procedure for risk information sharing vertically (management) and horizontally (experience exchange).
2) dynamic response to occurring risk events, tracking of changes in the internal and external environment;
3) arrangement of goal-directed risk management activity to ensure their decrease down to the acceptable level or transfer to the third parties (outsourcing, insurance, hedging) or risk aversion;
4) systematization and further accumulation of information on risks in KEGOC, increase of KEGOC manageability;
5) improvement of KEGOC's competitive strength and achievement of the assigned strategic goals through intensification of RMS.
6.3 RMS serves as an instrument supporting the managerial decision-making process and daily operating activity of KEGOC.
6.4 Risk management process in KEGOC is constant, cyclic (continuous) and multidirectional.
Risk management process consists of the following components:
- Internal environment;
- Goal setting;
- Risk identification;
- Risk assessment;
- Risk management;
- Control;
- Information and communication;
- Monitoring.
6.5 The schematic view of the risk management process is given in Picture 1.
Picture 1 –The RMS Operating Process
6.6The annual schedule for RMS process in KEGOC is given in Appendix 1 hereto.
6.1 Internal Environment
6.1.1 RMS internal environment defines the treatment of KEGOC employees of the risks. The internal environment is a basis for other RMS components and includes Risk Management Policy, risk-appetite, fairness and ethical values, professionalism, organizational structure, delegation of powers and allocation of responsibilities.
6.1.2 KEGOC activity is aimed at formation of the internal environment enhancing the competence of KEGOC employees in risk comprehension and increase their engagement into the risk management process.
6.1.3 Internal environment supports the following principles of KEGOC activity:
- risk identification and review under decision-making process and support of comprehensive view of the risks by KEGOC top management;
- formation and assessment of a risk profile in KEGOC which will meet KEGOC goals and its B&A in a best way.
- control of compliance with the internal policy and procedures of KEGOC.
- timely informing on RMS key risks and disadvantages;
- understanding of the necessity and mandatory character of the policy and risk management procedures.
6.1.4 To fix the roles and duties of the management bodies and structural subdivisions in terms of timely identification and management of the risks in KEGOC, the company has three-levelled model of interrelation under RMS which is given in Appendix 2 hereto.
6.1.5 First level - Board of Directors and IAS.
6.1.5.1 The Board of Directors is responsible for efficient functioning and development of RMS as a whole and performs the following functions in risk management sphere:
- approval of the Policy on Corporate Risk Management;
- approval of RMS Guidelines;
- approval of regulatory documents on risk management;
- approval of the Action Plan on RMS Improvement;
- approval of the risk-appetite;
- approval of the limits based on the certain regulatory documents;
- approval of the Risk Register, Risk Map and Action Plan for Key Risks Management;
- approval of KRI and levels of tolerance with regard to key risks in KEGOC;
- review of RMS efficiency report and response to recommendations of the external auditors on RMS improvement and outcomes of the inspections performed by IAS;
- approval of RMS reports.
6.1.5.2 The Audit Committee acts in the interests of KEGOC shareholder(s) and its activity is focused on assisting KEGOC Board of Directors by giving recommendations on control over RMS reliability and efficiency.
Documents put to approval by the Board of Directors shall be preliminarily reviewed by the Audit Committee of the Board of Directors.
6.1.5.3 The Internal Audit Service is responsible for the regular audit of the RMS and submission of the independent opinion to KEGOC Board of Directors/Audit Committee and shall exercise the following functions:
- audit and analysis of the efficiency of risk management procedures and RMS methodology and development of proposals to enhance the risk management procedures efficiency;
- submission of RMS efficiency report to KEGOC Board of Directors;
- submission of information to CDD on the occurred risks revealed in the course of the audit;
- other functions in compliance with the regulatory documents approved in KEGOC.
6.1.6 Second level - KEGOC Management Board and structural subdivisions.
6.1.6.1 KEGOC Management Board is obliged to prepare, maintain and use the procedure on risk identification, assessment and management, to organize the efficient operation of RMS, to support the structural subdivisions when introducing the risk management processes into their activity.
KEGOC Management Board performs the following functions with regard to risk management:
- arrangement of the efficient RMS operation enabling the company to identify, assess and manage the potential risks;
- improvement of the internal documents with regard to risk management;
- enforcement of the requirements stated in the internal regulatory documents with regard to risk management by the structural subdivisions;
- review and agreement of the risk-appetite;
- approval of the limits based on the certain regulatory documents;
- review and agreement of the Risk Register, Risk Map and Action Plan for Key Risk Management and submission for approval by the Company Board of Directors;
- approval of KRI and levels of tolerance with regard to key risks in KEGOC;
- submission to KEGOC Board of Directors the reports as per the internal documents;
- review of the risk management reports and taking of corresponding measures within their competence;
- taking immediate measures on the occurred risks and their prevention in future;
- other functions in compliance with the internal documents.
6.1.6.2 Structural subdivisions are the risk owners and shall bear responsibility for timely risks identification, analysis, assessment, management, preparation of proposals for key risks mitigation and preparation of KEGOC key risks reports.
Structural subdivisions perform the following RMS functions:
- quarterly risk identification and assessment;
- preparation of the proposals for the Action Plan on Key Risks Management;
- execution of the approved Action Plan on Key Risks Management and quarterly submission of the execution reports;
- inclusion of the resources required for risks management into KEGOCDevelopment Plan within the terms and according to the procedure established byПрKEGOC00-315-14-СД;
- elaboration of KRI and levels of tolerance with regard to key risks;
- monitoring of risks situation and compilation of reports on management of the own risks;
- informing CDD during five (5) working days following the day of the risk occurrence, on the occurred risks, taken and proposed measures to mitigate the risks (and during five (5) working days following the completion of investigation);
-participation in elaboration of the methodological and regulatory documents for RMS within the limits of their competence;
- promotion of the risk-communication.
In addition, the structural subdivisions shall have risk-coordinators with the functions established in the job description. The list of risk-coordinators is given in Appendix 3.
Risk-coordinators perform the following RMS functions:
- methodological support to the employees of their structural subdivisions in RMS sphere;
- identification and assessment of the risks in the structural subdivision being the owner of the risks and submission to CDD the information for compilation of the Risk Register and Risk Map;
- compilation and submission to CDD the execution reports on Action Plan on Key Risks Management as well as any other information required under the RMS reporting.
6.1.7 Third Level - Risk Committee and CDD.
6.1.7.1 The Risk Committee is an advisory body under KEGOC Management Board with the functions as follows:
- review and preliminary approval of the draft internal RMS documents;
- review of the Risk Register, Risk Map and KRI and levels of tolerance on the key risks and Action Plan on Key Risks Management and submission to KEGOC Management Board for consideration;
- participation in elaboration and execution of the Action Plan on RMS Improvement;
- review and formulation of proposals for KEGOC Management Board based on the results of the conducted identification and assessment of the risks and risks management methods;
- review and preparation of proposals based on the results of risk control and monitoring, observance of the maximum allowable risk limits and fulfilment of internal regulatory documents on risk management by the subdivisions;
- review and preliminary approval of reports on RMS for KEGOC Management Board and KEGOC Board of Directors;
- coordination of the interaction of structural subdivisions during the risk management process;
- preparation of prompt recommendations on the occurred risk management for KEGOC Management Board;
- introduction and development of the risk-culture in KEGOC and consultations in risk management issues;
- submission of the Report on the Risk Committee operating results to KEGOC Management Board;
- review of other issues with regard to RMS.
6.1.7.2. CDD is obliged to develop RMS, clarify the internal and external requirements, render the consultancy support for structural subdivisions with regard to the risk management issues.
CDD performs the following functions with regard to risk management:
- preparation of internal regulatory documents (hereinafter referred to as the IRD) on risk management system;
- preparation of the Action Plan on RMS improvement, monitoring of its implementation and preparation of the quarterly report;
- preparation and follow-up of the Risk Map and the Risk Register, Action Plan on key risks management;
- monitoring of implementation of risk management actions and preparation of a quarterly risk report for the Risk Committee, Management Board and the Board of Directors;
- determination of risk-appetite, risk tolerance levels;
- determination of risk limits and their monitoring;
- qualitative risk assessment;
- quantitative risk assessment;
- development, determination, monitoring of key risk indicators (KRI) and preparation of the quarterly report on KRI performance;