Internal control and risk management

The Gazprom Neft risk management system aims to ensure the Company’s financial stability, achieve a balance between growth in the Company’s value, profitability and risk, effectively manage business activities, ensure the safekeeping of assets, identify, correct and prevent violations, prepare reliable accounting in a timely manner and improve the Company’s investment appeal as a result.

The principles and approaches to organising the Gazprom Neft risk management and internal control system are determined by the Company’s Board of Directors. The Audit Committee under the Board of Directors assesses whether the system functions effectively and submits a report on the audit results to shareholders as part of materials for the annual General Meeting of Shareholders. The creation and maintenance of the risk management and internal control system falls within the responsibilities of the Management Board and CEO.

In an effort to improve the effectiveness of the internal control system and improve corporate governance, the Company drafted a new version of the Gazprom Neft PJSC Internal Control Policy. The Policy is published along with other Company documents at the address.

Company supervisory bodies

The Internal Audit Department evaluates and makes improvements to the Company’s corporate governance, risk management and internal control processes. Its functions include conducting internal audits, organising the integrated risk management system and engaging in fraud prevention activities.

As part of its activities, the Internal Audit Department assesses the effectiveness of the internal control system for the Company’s business processes, including operational efficiency, the safeguarding and legitimate use of assets, the accuracy of external and internal reporting as well as compliance with the requirements of applicable existing legislation and regulatory organisations.

The Internal Audit Department interacts with the Company’s audit commissions and coordinates its work with external auditors in all stages of the audit cycle.

The audits cover key aspects of the Company’s activities and also take into account its goals and priorities. The audit plan is formulated based on a risk-oriented approach, is regularly updated and includes audits of such areas as exploration and production, refining and sales, capital construction, financial activities, information technologies and industrial safety, among others.

The Audit Commission monitors the Company’s financial and business activities, audits and analyses the Company’s financial position and the operation of the internal control and risk management systems and also verifies the validity of business transactions. It is elected by the General Meeting of Shareholders.

The External Auditor conducts an annual audit of the financial statement in accordance with Russian Accounting Standards and International Financial Reporting Standards (IFRS). It is approved by the General Meeting of Shareholders based on a recommendation by the Company’s Board of Directors.

Gazprom Neft devotes special attention to improving the internal control system (ICS) for reporting accuracy. In 2016, such work included:

  • identifying and evaluating risks that influence reporting accuracy;
  • drafting and introducing control procedures to minimise such risks;
  • work involving the self-diagnosis of the effectiveness of control procedures;
  • drafting and implementing procedures to manage changes to ICS data in an effort to ensure such data remains updated and effective.
SAP GRC Process Control system
The Financial Control Department implemented a project in 2016 to introduce a solution to automate internal control functions based on the SAP GRC Process Control system. This solution made it possible to create a unified information space of the ICS for all of the Group’s companies, reduce labour costs and improve the quality of internal control management procedures and the degree of control procedure automation. More than 60 manual control procedures were automated as part of the project.

Risk management is one of the key components of the sustainable development management system. The Company has a Risk Management Policy that defines the general goals and principles of risk management in order to make the Group’s business more secure in both the short and the long term.

Gazprom Neft’s key goal in risk management is to increase the effectiveness of management decisions through a detailed analysis of related risks and also to maximise the effectiveness of risk management measures when implementing the decisions that the Company has adopted.

Objectives of risk management:

  • to establish a risk management culture at the Company that aims to achieve a common understanding among all employees of the main principles and approaches to risk management;
  • to establish and introduce a systematic approach to identifying and assessing risks;
  • to stimulate the exchange of information on risks between the Company’s structural divisions and the joint development of risk management actions;
  • to provide systematic information about risks to the Company’s governing bodies.

Risk management system

The Company’s risk management processes are described by the corporate Risk Management Policy and the Integrated Risk Management System (IRMS) unified corporate standard, which covers all of Gazprom Neft’s major assets. The IRMS provides a continuous process to identify, assess and manage risks. Risk analysis and management tools are integrated into key corporate processes.

Responsibility for risk management and preparing reporting on risk management is determined in accordance with the system of linear and functional management. An owner is appointed for each risk and is responsible for managing it. Risk coordinators who promote and support the use of corporate risk management principles are selected from among managers at the level of each function and business directions. The risk analysis deadlines and objectives take into account the specific features and demands of each business process for which risk management is performed.

Improving the quality of business planning, project management and strategic planning remains a key component of risk management tools. In addition to financial and operational risks, the risk management system covers risks of a social and environmental nature. The Board of Directors assesses the effectiveness of the risk management system.

Schematic diagram of irms process at the gazprom neft group
Levels of financial impact of risk and distribution of powers within the irms
Management of social and environmental risks
Risk description Risk management measures
Risks associated with human resources
Successfully achieving the Company's strategic goals largely depends on the efforts and abilities of key employees, including skilled technical personnel. The inability to recruit personnel and/or retain existing personnel with the necessary skills and experience could have a negative effect on the Company's appeal as an employer. Factors that increase HR risks include a growing shortage of skilled specialists and, as a consequence, increased competition on the labour market in Russia and abroad.

Gazprom Neft offers competitive remuneration, including a salary, performance-based bonuses and a social benefits package. The Company develops and implements programmes to establish a talent pool as well as train and develop personnel which aim to meet its demand for qualified staff both now and in the future.

Gazprom Neft is improving its recruitment procedures and undertaking measures to reduce staff turnover and encourage staff to realize their potential.

The Company implements social investment programmes in its regions of operation that aim to improve the quality of life of employees and their families, among other things.

Risks associated with industrial and occupational safety
The Group is exposed to risks associated with the safety of its employees and their operations. Such risks may arise as a result of equipment damage and failure, natural disasters, terrorist attacks or the actions or inaction of personnel. Any of these risks could have a materially adverse effect on the business, financial situation, operating results or reputation of Gazprom Neft. Gazprom Neft strives to provide a safe working environment for its employees and seeks to avoid injury or death, actions brought against the Group or damage to its business reputation. The Company constantly monitors safety threats, and pays particular attention to complying with сompliance with industrial safety.
Environmental risks
Gazprom Neft’s operations carry an inherent risk of environmental damage or pollution, which may lead to civil liability and require action to mitigate such damage. Environmental risks and expenses related to compliance with environmental requirements or commitments may increase in the future as the Company’s production activities and assets expand. The Company is fully aware of its responsibility to the public for creating safe working conditions and protecting the natural environment. Gazprom Neft ensures compliance with environmental protection standards and also monitors changes in environmental legislation in the various countries in which it operates. The Company also implements programmes to minimise its negative impact on the environment as well as nature conservation and biodiversity preservation programmes.

The Company continuously develops the methodological framework for the IRMS, including general recommendations on the quantitative risk assessment of project and business planning as well as detailed methods for assessing the most substantial inherent risks such as ‘unscheduled equipment downtime’, ‘pipeline failures’ and other risks. In 2016, the Company continued developing its regulatory and methodological framework to assess risks related to industrial, environmental and occupational safety as well as civil defence.

Expansion of the IRMS
Gazprom Neft Shelf obtained a certificate on the compliance of its risk management system with the requirements of ISO 31000:2009 and the PMBOK Guide standard in February 2016. Independent auditors noted the thorough integration of the risk management system in all the Company’s fundamental processes, management’s leadership and interest in this issue as well as the high degree of involvement by personnel and contractors in the risk management process. The Company plans to further expand the IRMS as it launches new products or acquires existing assets.