4.7. RISK MANAGEMENT, INTERNAL CONTROL AND AUDIT

CONTINUOUS DEVELOPMENT AND IMPROVEMENT OF IC&RMS ALLOWS THE COMPANY TO RESPOND TO CHANGES BOTH IN THE EXTERNAL AND INTERNAL ENVIRONMENT AS APPROPRIATE, INCREASE THE EFFECTIVENESS AND EFFICIENCY OF OPERATIONS, SAFEGUARD AND BOOST VALUE OF THE COMPANY.

GENERAL INFORMATION

In accordance with the recommendations of the Corporate Governance Code of the Bank of Russia¹, requirements of the Russian Legislation² and other generally recognized best practices, an Internal Control and Risk Management System (IC&RMS) has been set up and is continuously improved in Rosneft.

The goals and objectives of the IC&RMS are set out in the Company Policy on the Internal Control and Risk Management³, that has been developed in line with the recommendations of the international professional organizations specializing in risk management, internal control and internal audit services and provide reasonable assurance in the delivery of the Company goals, including:

strategic goals contributing to performance of the Company mission;
operating goals, assuring effectiveness of financial and business operations of the Company and soundness of assets;
goals assuring compliance with the applicable laws and local regulatory documents;
goals assuring prompt issuing of reliable financial and non-financial statements, internal and/ or external reporting.

Continuous development and improvement of IC&RMS allows the Company to respond to changes both in the external and internal environment as appropriate, increase the effectiveness and efficiency of operations, safeguard and boost value of the Company.

The key lines of IC&RMS development atr included into the Long-Term Development Program approved by the Rosneft Board of Directors as of December 21, 2015 (Minutes No. 10).

IC&RMS BODIES

The key IC&RMS bodies of the Company are: the Board of Directors, the Board Audit Committee, the President, the Management Board, the Audit Commission, the Company management, heads of structural divisions and employees responsible for development and operation of risks management and internal control system, Risks Department, Internal Control Department, Internal Audit Service.

SUMMARY OF IC&RMS MANDATE AND KEY ACHIEVEMENTS IN 2015

Rosneft Board of Directors (BoD)

The Board of Directors performs the Company strategic management on behalf and in the best interests of all shareholders of the Company.

In accordance with the Regulations on the Board of Directors⁴ the functions of the Board of Directors in the area of control over financial and business operations of the Company assumes approval of the main vectors of development of internal control and risk management systems, their implementation control, organization and execution of evaluation and assessment of the effectiveness of IC&RMS.

Rosneft Board Audit Committee

Rosneft Board Audit Committee was established to perform profound consideration of issues and preparation of recommendations to the Company Board of Directors on matters within its remit related to control of financial and business operations of the Company and on other matters delegated to the Committee.

Pursuant to the Regulations on the Rosneft Audit Committee under the Board of Directors the main task of the Committee shall be rendering assistance to the Rosneft Board of Directors in its assuring protection of interests of the Company shareholders by exercising control of completeness and reliability of financial statements of the Company and other reports, reliability and efficiency of the system of internal control and risk management, compliance, internal audit and corporate management system.

Audit Commission

AS OF DECEMBER 31, 2015 THE INTERNAL AUDIT COMMISSION CONSISTED OF FIVE MEMBERS

The Company has adopted a new version of the Regulation on the Rosneft Audit Commission approved by the General Shareholders Meeting on June 27, 2014 and Regulation on Remuneration and Compensations to Audit Commitee Members, approved by the Rosneft Board of Directors on May 27, 2015.

An Audit Commission of five members is elected by the General Shareholders Meeting for the period until the next Annual General Shareholders Meeting. A Company shareholder or any person nominated by a shareholder may be a member of the Audit Commission. Audit Commission members cannot concurrently be members of the Board of Directors or hold other positions in the Company management bodies.

The Audit Commission shall inspect / audit the Company activities, including identification and assessment of risks arising from and in the course of business operations of the Company.

Rosneft Audit Commission shall audit / inspect financial and business operations of the Company, confirm reliability and accuracy of data included in the Rosneft Annual Report and annual accounting (financial) statements of the Company.

Two meetings of the Audit Commission were held during the reporting period.

In compliance with the approved 2015 – 2016 work plan and Guidelines on organizing the checking process for audit commissions of joint-stock companies with the participation of the Russian Federation, approved by Order No. 254 of the Federal Agency for Management of State Property dated 26 August 2013, the Audit Commission undertook a desktop review of financial and business operations of Rosneft and issued opinions on its review of the annual financial statements and on the accuracy of the data presented in the annual report.

Audit Commission membership (as of December 31, 2015)

By a decision of Rosneft’s General Shareholders Meeting dated June 17, 2015, the following persons were elected members of the Internal Audit Commission:

Alexei Afonyashin

Born in: 1983
Education: higher

Entity: Ministry of Economic Development of the Russian Federation

Position: Deputy Director of State Regulation of Tariffs, Infrastructure Reforms and Energy Efficiency Department

Oleg Zenkov

Born in: 1977
Education: higher

Entity: Federal Agency for State Property Management (Rosimushchestvo)

Position: Adviser to the Deputy Minister — Head of Rosimushchestvo

Sergey Poma

Born in: 1959
Education: higher

Entity: Russian National Association of Securities Market Participants (NAUFOR)

Position: Deputy Chairman of the Management Board

Zakhar Sabantsev

Born in: 1974
Education: higher

Entity: Ministry of Finance of the Russian Federation

Position: Head of banking sector monitoring and summary analytics unit, Financial Policy Department

Tatyana Fisenko

Born in: 1961
Education: higher

Entity: Ministry of Finance of the Russian Federation

Position: Director for Budget Planning and Accounting Department

Audit Commission members did not receive remuneration in the reporting year for their activities in the Audit Commission.

Risk Management Department

Responsibility for development and maintenance of the Corporate-Wide Risk Management System (CWRM) is assigned to the Risk Management Department. The Company risk management process is regulated by the Standard for the Corporate-Wide Risk Management System (CWRM)⁵.

Reporting on the key risks of the Company, including risks related to the Long-Term Development Program implementation and risks related to financial and business operations, is issued in accordance with the Corporate-Wide Risk Management System. Risk reporting is communicated to the Company Board of Directors, management team and employees, and includes all the required information on risks and risks assessment as well as details of the activities for risks mitigation to the acceptable level.

The following steps were performed to improve the Corporate-Wide Risk Management System:

Further development of risk assessment methods and approaches, including application of quantitative methods for the Company material (key) risks assessment.
Regular analysis of the Company exposure to market risks performed on the basis of analysis and quantitative assessment of price and exchange risks influence to financial indicators of the Company as part of portfolio-based approach to market risks management.
Development and updating of the Company risk reporting, including risks, having impact on the Long-Term Development Program implementation and current business operational risks (including risk modeling results).
Step-wise integration of the Group companies into CWRM perimeter.

Corporate insurance

Rosneft considers insurance as a risk management tool which allows transferring financial losses from insurable risks in the event of risk occurrence to insurance companies. Insurance covers Rosneft ownership interests in relation to:

ownership, usage and asset management (property damage insurance);
obligatory indemnification (third-party liability insurance);
entrepreneurial activities (entrepreneurial risks insurance).

Rosneft resorts to liability insurance as it is required under federal legislation, including Federal Law No. 225-FZ “On Mandatory Insurance of the Owner of a Hazardous Facility against Civil Liability for Harm Caused by an Accident at the Hazardous Facility”. In accordance with Federal Law No.225 the subject of mandatory insurance is the proprietary interest of the owner of a hazardous facility, associated with his liability to cover for the damage inflicted upon victims .

Rosneft performs insurance of risks of property damaging (loss) and potential losses from business interruption as a result of site accidents or other accidental exposure. Also, the Company resorts to third-party liability insurance against potential damage resulting from onshore and offshore operations.

In 2015 the Company completed indemnified loss adjustment related to the accident on OJSC Achinsk Refinery.

Internal Control Department

In accordance with the Internal Control and Risk Management System Policy and the Standard for Internal Control⁷ Rosneft implements and constantly improves its Internal Control System (ICS).

The Internal Control Department, a part of Rosneft Administration, provides methodological support and assistance to the Company management in formalizing and increasing the effectiveness of business processes through development and implementation of the requirements for the design of controls and their weight in the business processes.

Completeness of information on risks and control procedures within business processes allows the Management to make effective management decisions and accomplish the identified goals by means of due prevention of adverse events in business processes, which contributes directly to accomplishing strategic goals of the Company while ensuring a high level of management.

The objectives of the Internal Control are consistent with the objectives of the Internal Control and Risk Management System, identified in the respective Company Policy and are being delivered through Internal Control processes.

Delivery of Internal Control goals assumes accomplishment of the following objectives:

development and upgrade of the key areas of IC development as consistent with the Company needs, requirements of the parties concerned, risk assessment of the business processes, etc.
development, implementation and execution of control procedures, including methodological support to the organization and effective functioning of the internal control in the Company.
identification of gaps in the existing control procedures, development and implementation of corrective actions; control procedures unification and optimization.
development and implementation (with the help of IT systems among the rest) of a mechanism of interaction and sharing information related to internal controls and risk management among all structural divisions of Rosneft and the Group companies, including joint ventures.

The list of the key actions and initiatives implemented as part of internal controls development in 2015 includes:

risk matrices and control procedures were generated for 14 business processes in the Rosneft Head Office and in 16 Group companies (over 100 matrices), reflecting gaps in the design of business processes controls. Improved efficiency of the controls design by means of implementing a series of corrective actions.
standard risk matrices and controls were developed for key business processes. Implementation of standard control procedures in the Group companies is in progress.
regular training on Internal Control is provided for Rosneft employees and the Heads of the Group companies and joint ventures. Development and launch into commercial operation of a multimedia course on risk management and internal control.
update of consolidated corporate events program dedicated to compliance as part of the compliance system development in the Company by the relevant Task Force; specific training of the top managers, the heads of independent structural divisions and the Company employees, including online training (multimedia course on corruption and fraud management).

Internal Audit

> 180

INTERNAL AUDIT INSPECTIONS
were performed in 2015

The internal audit function in Rosneft is performed by the Head of Internal Audit Service and structural divisions: Operations Audit Department, Corporate Audit Department, Regional Audit Department, Economic and Administrative Analysis Division, Internal Audit Concept and Arrangement Division (structural divisions of the Internal Audit Service). In accordance with the administrative structure of Rosneft, approved by the Board of Directors, structural divisions of the Internal Audit Service directly report to the Head of Internal Audit Service.

The following regulations were approved in the Company to develop internal audit functions: the Company Policy on Internal Audit⁸ , the Company Regulation on the Internal Audit Quality Assurance Program⁹ , the Company Regulation on the Procedure for Cooperation of Rosneft Internal Audit Service with Rosneft Structural Divisions and the Group Companies when Performing Internal Audit¹⁰.

Internal Audit assists the Board of Directors and the executive bodies of the Company in increasing efficiency of the corporate management, improving its financial and business operations through systemic and consistent approach towards analysis and assessment of the internal control and risk management system, as well as corporate governance as the tools providing reasonable assurance in the delivery of objectives set by the Company, and provides as follows:

reliability and integrity of submitted information on financial and business operations of the Company and the Group companies;
efficiency and productivity of operations of the Company and the Group companies;
determination of internal reserves to raise efficiency of financial and business operations of the Company and the Group companies;
safekeeping of property of the Company and the Group companies.

The Internal Audit Work Plan is endorsed by the Audit Committee and approved by the President of the Company; internal audit reports are reviewed by the Rosneft Board of Directors. The existing reporting line where the Head of Internal Audit Service reports to the Board of Directors and the executive bodies of the Company ensures independence sufficient for delivery of functions assigned to the internal audit.

The key areas of internal audits in 2015 were Upstream (20 % of audits) and Downstream (18 % of audits). Over 90 % of the audits come to specific inspections and audits aimed at identifying opportunities to improve the most important business processes in the Company and activities of the key subsidiaries.

In 2015 over 180 audits were performed covering over 90 % of the top business processes.

Upon results of the internal audits the Internal Audit Service together with the heads of business segments, develops the proposals for improving business processes and raising efficiency of the internal control and risk management system as well as action plans to correct the revealed violations and defects.

According to the Company Policy on Internal Audit, in 2015 the Internal Audit Service performed self-assessment of Rosneft internal audit and issued a report and action plan for developing internal audit function in the Company in 2016.

The Head of Rosneft Internal Audit Service executes functional management of internal audit in the Group companies and coordination of the activities of internal audit divisions organized in 97 Rosneft subsidiaries. Internal auditors and inspectors of the subsidiaries were involved in the audits carried out by the Internal Audit Service and performed standalone audits of areas recommended by the Internal Audit Service. This ensures implementation of a risk-based approach aimed at maximum auditing of the Company risks and enhances the internal audit efficiency at the level of the Group companies.

The Internal Audit Service was rearranged in January, 2016 to provide for the internal audit independence, administrative integrity and centralization of the Company's internal audit function. The employees of internal audit divisions of the Group companies were transferred to the Rosneft Internal Audit Service.

The Head of Rosneft Internal Audit Service interacts with the Company management and control bodies, external auditor and audit commissions of the subsidiaries and affiliates. The Head of Rosneft Internal Audit Service annually confirms to the Board of Directors (Rosneft Audit Committee under the Board of Directors) the fact of administrative independence of the internal audit.

Both global and domestic economic climate in 2015 as well as certain changes in foreign policy environment had a significant impact on the Company operations. The Company expects that the above trends may still have impact on its business operations in the nearest future.

In 2015 a number of countries including the USA and the EU states prolonged their sectoral sanctions imposed on Russia. The above sanctions impose restrictions to USA and EU citizen in terms of providing financing to the targets of sanctions stated in the USA and EU regulations, as well as providing works, goods and services that might be used in the Russian Federation for performing deep-water exploration and oil production, exploration and oil production in the Arctic region and implementing difficult oil production projects. The Company takes into account the above sanctions when performing business operations and keeps their continuous monitoring to mitigate negative effect.

General information
IC&RMS bodies
Summary of IC&RMS mandate and key achievements in 2015

Corporate Governance Code recommended by letter of the Bank of Russia No. 06-52/246 of April 10, 2014.
Federal Law No. 402-FZ, On Accounting, of December 06, 2011, Corporate Governance Code of the Bank of Russia, implemented in the Company according to the Instruction of the Government of the Russian Federation No. ISH-P13-5859 of July 31, 2014.
The Company Policy on the Internal Control and Risk Management No. P4-01 P-01 is approved by the Rosneft Board of Directors, minutes No. 8 of November 16, 2015.
Provision on the Rosneft Board of Directors approved by the Rosneft General Shareholders Meeting on June 26, 2014 (minutes w/o No.).

The Company Standard for the Corporate-Wide Risk Management System No. P4-05 C-0012, version 1.0 approved by the Rosneft Management Board as of October 16, 2015 (Minutes No. Pr-IS-35p of November 16, 2015).
Part 1 of article 1 of the Federal Law No. 225-FZ “On Mandatory Insurance of the Owner of a Hazardous Facility against Civil Liability for Harm Caused by an Accident at the Hazardous Facility”.
The Company Standard on Internal Control No.P4-01C-0018 of December 31, 2014.
The Company Policy on Internal Audit was approved by the Rosneft Board of Directors as of February 02, 2015 (Minutes No. 20) and enacted by the Order No. 60 as of February 18, 2015.
The Company Regulation on the Internal Audit Quality Assurance Program was approved by the Rosneft Order No. 215 of May 18, 2015.
The Company Regulation on the Procedure for Cooperation of Rosneft Internal Audit Service with Rosneft Structural Divisions and the Group Companies when Performing Internal Audit was approved and enacted by the Rosneft Order No. 10 of January 21, 2016.

4.6. Remuneration of management

5. Shareholders and investors

Back