Internal control and risk management

The Internal Control Policy of Gazprom Neft PJSC, which was approved by the Board of Directors in February 2017, took effect at the Company during the reporting period. The Policy is now the main document used to define the goals, objectives, components, and principles for the organization and functioning of the Company’s internal control system.

The Company employs an internal control system that ensures:

  • the minimization of risks
  • the development, introduction, proper implementation, monitoring, and improvement of control procedures at all levels of the Company’s business operations and management
  • the continuity of the Company’s operations as well as the most effective performance of the Company’s activities, its sustainability, and development prospects, including the Company’s timely adaptation to changes in the internal and external environment
  • a uniform and systematic methodological approach as well as high-quality information and analytical support for the management decision-making process at the Company
  • the timely resolution of conflicts of interest that arise in the process of the Company’s activities
Development of internal control for financial reporting

The Company continued to implement a project in 2017 to introduce a solution to automate internal control functions based on the SAP GRC Process Control system. The further development of this project extended coverage to risks involving the distortion of financial statements at all major subsidiaries. A project was also launched during the reporting year to develop the existing system of internal tax control taking into account the requirements of the Federal Tax Service for the Company’s internal control service. The project aims to identify and eliminate the risk of distortions to tax reporting.

Subjects of internal control at Gazprom Neft

The Board of Directors determines the principles and approaches used for the organization and operation of the Company’s internal control system (ICS) and conducts a high-level analysis and assessment of its effectiveness, including an annual review of the effectiveness of the ICS.

The Audit Committee prepares recommendations for the Board of Directors on matters concerning the organization, operation, effectiveness assessment, and improvement of the ICS, analyses the Company’s reporting and internal audit results for compliance with the legislation of the Russian Federation, IFRS, RAS, and other regulatory legal acts, and considers any established or alleged unethical practices by the Company’s employees.

The Company’s executive bodies and senior management are responsible for the effective operation of the ICS, introduce a culture of internal control, and support high ethical standards at all levels of the Company’s activities, and conduct a regular performance assessment of the Company’s employees and train staff on internal control.

The heads of structural units and the Company as a whole perform functions that aim to develop, document, introduce, fulfil, monitor (self-assessment), and improve control procedures within the framework of their relevant competencies and in the zone of their responsibility and also timely inform supervisors about incidents when it is impossible to perform control procedures for any reason and/or changes must be made to control procedures due to changes to the internal and external conditions of the Company’s operation.

The Audit Commission monitors the compilation of reliable financial statements and other information about the Company’s financial and business activities and property status.

The Internal Audit Department conducts an independent and objective assessment of the effective organization and functioning of the ICS and risk management, drafts and monitors the implementation of recommendations to eliminate shortcomings identified during audits, reports on the results of the ICS assessment, and offers suggestions for its improvement to the Company's Audit Committee and executive bodies.

Information concerning the effectiveness of the internal control system is provided to shareholders within the Company’s annual report and also to the Company's Board of Directors and executive bodies as part of the Gazprom Neft Internal Audit Department’s report on its performance results.