Sustainability Risk Management
102-11
Risk management is one of the key processes that ensures the stability of business. Metalloinvest strives to proactively manage risks before they materialise and thus introduces risk management components into each business process.
As part of the Corporate Risk Management and Internal Control System, each functional unit performs risk management. The Management Company’s Internal Control and Risk Management Department serves as the main methodologist and is responsible for developing and improving procedures used to identify, assess, and monitor risks. Risks identified at the level of structural units are evaluated, ranked, and documented in the unified risk register. The Board of Directors monitors the response measures and ongoing status of key risks.
102-29, 102-30,102-31
The Risk Committee of the Management Board handles the operational management of the Corporate Risk Management and Internal Control System. The Risk Committee, which includes the heads of functions at production facilities, meets at least once a month to discuss day-to-day risk management matters. The committee may meet more frequently if there are issues requiring urgent resolution. The Risk Committee met 15 times in 2018. Feedback from business units directs the meeting agenda. The Risk Committee develops its main conclusions and recommendations on the issues in question and refers the most significant matters to the Audit Committee for consideration. The Audit Committee also monitors quarterly reporting on the status of the risk management and internal control system, reports on risks that have materialised, and compliance with the Group's risk appetite. It approves the Corporate Risk Management and Internal Control System Strategy and key initiatives to develop this function. The Board of Directors is the final authority that reviews and approves reports and the Corporate Risk Management and Internal Control System Strategy. The current status of the CRMICS is reported by the Chairman of the Audit Committee of the Board of Directors.
In 2018, Metalloinvest approved the Strategy for the Corporate Risk Management and Internal Control System, which has become a top-level document within the risk management system that is complemented by the existing Corporate Risk Management and Internal Control System standard and the regulation on the management of business processes (risk management and internal control). The approval of the Strategy has become part of the implementation of the recommendations obtained during an independent audit of the maturity of the Risk Management System that was carried out in 2017.
According to the Strategy, one of the priority areas for developing the risk management and internal control system is the development and introduction of targeted risk management programmes for occupational health and safety and environmental safety, the development of the compliance function and an integral compliance programme, and conducting an assessment of compliance with the ISO 37001:2016 Anti-bribery management systems. As part of its strategy, the Company establishes zero tolerance for any manifestations of the risk of corruption, fraud, harm, or damage to the health of workers and the environment.
For more about the risk management system and regulatory documents, see the 2018 Annual Report.
Key measures carried out in 2018
- One of the key roles of the risk management and internal control function in the transformation and automation of the Group’s business processes.
- Active participation in the work of the Transformation Office, a structural unit headed by the Director for Strategy, Development and Transformation, which manages over 20 related automation and transformation projects with methodological support from the Internal Control and Risk Management Department.
- The introduction of the automated SAP GRC Access Control module as part of the first deployment phase of the mining segment’s integrated management system for financial and economic activities (IMS FEA). The module separate access rights and reduce the risk of errors and personnel misconduct.
- The creation of a process model of the Company and the coordinated development of regulations for automated business processes, including risk and control matrices.
102-15
Non-financial risks groups | Brief description of risks | External factors | Internal factors | Possible implications | Risk mitigation measures |
---|---|---|---|---|---|
Risks related to changes in legislation |
|
|
- |
|
|
Risks associated with personnel management For more details on engagement with employees, see the section Responsibility to Employees. |
|
- |
|
|
|
Risks related to corporate governance For more details on the corporate governance system, see the section Corporate Governance. |
|
|
|
|
|
Cyber risks |
|
|
|
|
|
Corruption risks For more details on anti-corruption measures, see the section Business Ethics and Anti-Corruption. |
|
|
|
|
|
Risks related to cooperation with third parties (suppliers) For more details on engagement with suppliers, see the section Supply Chain. |
|
|
|
|
|
Environmental risks For more details on environmental protection measures and compliance with environmental legislation, see the section Environmental Responsibility. |
|
|
|
|
|
Risks related to occupational health and safety For more details, see the section Occupational Health and Safety. |
|
|
|
|
|
For more details on the Company’s key risks, including commercial, financial, industrial, investment, legal, GR, and HR risks, see the section Key Risks of the 2018 Annual Report (pp. 100-104).