Internal audit

and internal control system

Within the corporate governance system of Zarubezhneft, the Internal Audit Department performs the function of providing the Audit Committee and the General Director with independent and objective information on the reliability and effectiveness of the Company’s governance system.

The Department’s activities aim to ensure transparency and economic efficiency in all areas of the Company’s operations.

The functional principles of the Internal Audit Department are enshrined in the Corporate Governance Code of Zarubezhneft (Clause 3.17). In its activities, the Department is guided by the Regulation on Internal Audit of Zarubezhneft, Internal Audit Planning and Methodology, and the Regulation on the Internal Audit Department.

The main objective of the internal audit of Zarubezhneft is to assess the effectiveness of the risk management system and express an opinion on the reliability and effectiveness of the internal control and corporate governance system throughout the Group.

In accordance with the Code of Corporate Governance of Zarubezhneft (Clause 3.4.4), the Internal Audit Department is accountable to the Board of Directors. The existing reporting sequence of the Internal Audit Department to the Company’s Board of Directors and executive bodies ensures sufficient independence to perform the functions entrusted to the Internal Audit Department.

The Code of Corporate Governance of Zarubezhneft (Clause 3.8) stipulates that the main function of the Internal Audit Department is to conduct internal audits.

The annual internal audit plan and the report on the Department’s activities are approved by the Audit Committee and reviewed by the Board of Directors.

Key focuses of the internal audit in 2020:

  • Assessment of the compilation of corporate KPIs (on a quarterly basis)
  • Process of the disposal of non-core assets of ZARUBEZHNEFT GROUP (on a quarterly basis)
  • Risk management process at ZARUBEZHNEFT GROUP (on an annual basis)
  • Effectiveness of the internal control system in implementing production well construction projects
  • Effectiveness of the internal control system in developing wells after drilling, well servicing and workover (WSW), and the acceptance of completed works and services
  • Effectiveness of the internal control system in information technology management procedures
  • Contract management business process as regards the execution of contractual terms with contractors
  • Process of archival storage of documentation at Zarubezhneft subsidiaries
  • Process of forming, monitoring, and assessing the fulfillment of KPIs by Zarubezhneft subsidiaries

In addition, during the reporting period, the internal control and risk management system as regards anti-corruption was audited with the hiring of external consultants.

Besides the audits, the Internal Audit Department conducted a number of unscheduled audits on behalf of the General Director.

The Internal Audit Department is the owner of the business process ‘Audits of Subsidiaries’. As part of the Regulation on the Audits of Subsidiaries, it coordinates audits and also prepares audit reports and opinions. The Department continuously monitors the implementation of recommendations based on the findings of internal auditing and audit activities that aim to improve internal control, risk management, and corporate governance systems.

In order to improve the regulatory framework for auditing, a new version of the Regulation on the Audits of Subsidiaries of Zarubezhneft was approved in 2020.

In 2020, the project ‘Automation of the Audit Process of Subsidiaries’ was initiated. The automated audit system will be put into operation in 2021.

As part of the development and improvement of the internal audit function as recommended by external consultants, the Department carried out the following activities:

  • The annual audit plan was compiled using a risk-based approach based on the ‘audit universe’, with an analysis of the audit findings for previous periods, and an evaluation and ranking of audit items taking into account the opinion of the management team
  • The ‘Matrix of Increased Management Attention’ and ‘Matrix of Repeat Violations’ were integrated into the process of monitoring the elimination of discrepancies identified during audits
  • An algorithm for evaluating the internal control system of the processes being audited was introduced in the auditing practice process
  • Work was carried out to develop the internal audit function for IT audits
  • The effectiveness of the pricing system was assessed in order to reduce the risk of an unreasonable increase in the cost of works, services, materials, and resources when concluding works contracts

In accordance with the requirements of the International Standards for the Professional Practice of Internal Auditing, the Department employs:

  • A procedure for confirming the independence and lack of conflict of interest among employees
  • A unified system for recording violations revealed during audits and monitoring measures to eliminate them
  • An internal audit quality management system (in accordance with the requirements of ISO 9001:2015)

Throughout the year, in order to develop professional expertise, employees of the Internal Audit Department took part in training events: training sessions, seminars, and strategy sessions.

Interaction between the Audit Committee and external auditor

The Company’s internal audit unit (Internal Audit Department) and external auditors interacted based on the Policy of Interaction between the Audit Committee of the Zarubezhneft Board of Directors with External Auditors, which was approved by the Company as required by the methodological recommendations of the Federal Agency for State Property Management for organizing and conducting a mandatory audit of financial (accounting) statements.

As part of this interaction, the internal and external auditors primarily focused on the following issues in 2020:

  • Assessment of non-current assets (impairment testing of assets)
  • Assessment of the risks of the material misstatement of financial statements
  • Assessment of the risk of fraud and bias in judgments and assessments
  • Application of new standards in preparing consolidated financial statements
  • Quality of interaction between the Company’s responsible executives with the auditors of Nexia Pacioli and Deloitte & Touche CIS during the external audit

Based on the criteria recommended by the Federal Agency for State Property Management, the Internal Audit Department assessed the interaction between the Company and the external auditor, which led to the high quality of communications with the external auditors during the audit and preparation of the audit opinion. The assessment results were submitted to the Audit Committee in September 2020.