The Risk Management System

The Company has an established risk management system intended to provide for the sustainable and continuous operation and development of the Company via the timely identification, assessment and efficient management of risks that threaten the efficient economic operation and good standing of the Company, the health of the Company’s employees, the environment and the property interests of its shareholders and investors.

The risk management system is regulated by the following documents:

  • A Provision on the System of Internal Control, as approved by the Board of Directors of Federal Grid Company, Minutes #170, dated 3 August 2012. According to the Provision, the risk management system is an integral part of the Company’s system of internal control;
  • The Company’s Risk Management Policy as approved by Order #229, dated 7 April 2010. The Policy sets forth the goals and elements of the risk management system;
  • A Procedure for the use of the Company’s Risk Management System, as approved by Order #997, dated 28 December 2010. The Procedure contains practical recommendations on the identification and assessment of risks.
  1. Identification and assessment of risks, submission of the risk reports and information on risks that actually occurred
  2. Analysis and adjustment of risk reports, coordinating amendments with risk owners
  3. Coordinating risk reports with the heads of the corresponding departments of the Executive Body and with the directors
  4. Adjustment of reports depending on the results of coordinating efforts involving the heads of departments of the Executive Body and the directors
  5. Preparation of the Risk Matrix and of the Risk Summary, and risk minimization actions. Submission of the above to the Management Board for approval, control over the implementation of previous risk minimization actions and the analysis of risk assessment dynamics
  6. Approval of the Risk Matrix and Risk Summary and of risk minimization actions
  7. Re-working the approved risk minimization actions
  8. Implementing the approved risk minimization actions

The Risk Management System determines the following:

  1. Risk identification methods. The identification of risks is performed using methods based on ISO/IES 31010 and COSO standards (analysis, threat assessment, expert assessment, and the event tree).
  2. Risk Assessment Criteria The risk assessment criteria include: probability, financial impact and risk controllability. The probability and financial impact of the risk determines its significance. The significance can become higher in case the Company is intolerant to the particular risk, or in case some of the departments of the Company’s Executive Body, or its branches or SDC, are prone to said risk.
  3. Risk Response Methods The risk response methods include: risk taking, minimizing risk consequences, transferring risk to a third party, avoiding risk and other combined actions. The choice of strategy is agreed on with the Internal Control Department and is approved by the Management Board.
  4. Procedures and terms for the submission of risk reports Risk owners submit their risk reports to the Internal Control Division on a quarterly basis. If necessary, the Division adjusts the reports and coordinates the amendments with risk owners. Based on the adjusted reports, the Company prepares the Risk Matrix and the Risk Minimization Actions Summary. These documents are subject to the approval of the Company’s Management Board.

Principal Risks and Company-wide Risk Mitigation Actions