Disclaimer Site map

DOWNLOADS Related links

Risk Management and Internal Control


The Group is exposed to various risks and uncertainties that may have undesirable financial or reputational implications. In order to minimize the negative impact of such risks and to benefit from opportunities a risk management and internal control system has been established and integrated into the Group’s operations. The overall objective is to obtain reasonable assurance that the Group’s goals and objectives will be achieved, while remaining true to the principle that expected benefits should outweigh costs associated with them.

Key features of the Group’s internal control system over financial reporting

The Group uses a formal risk management program across its companies, i.e. there is an ongoing process for identifying, evaluating and managing the significant risks faced by the Group. Risks are classified as to their possibility and significance; and different strategies are used to manage identified risks. This process is regularly reviewed by the Board in accordance with applicable guidance.

The Board is responsible for the Group’s system of internal control and for reviewing its effectiveness. This system is designed to manage rather than eliminate the risk of failure to achieve business objectives, and can only provide reasonable and not absolute assurance against material misstatement or loss.

Risk management and internal control

Internal control and risk management monitoring is performed through internal and external assurance providers, which include:

  • financial statement audits performed by external auditors – discussion with the Audit Committee of the results of the audit, including a review of the financial performance, any changes to disclosure, a subsequent events review, important accounting matters and other internal control matters;
  • review and formal approval of the financial results by the CEO, CFO, Audit Committee and the Board;
  • Board and sub-committee approval and monitoring of operating, financial and other plans;
  • consolidation and verification of correct identification and assessment of critical business risks – the Audit Committee reviews changes to the risk profiles, together with progress on actions for key risks on a regular basis;
  • internal audit function – the Head of Internal Audit functionally reports to the Audit Committee and administratively to the First Deputy CEO. The internal audit department activities are performed in accordance with a risk-based audit plan and incorporate review of material controls, including financial, compliance and operational controls. The results of each audit are discussed in detail with the companies and business units concerned, and action plans agreed.

The key features of the risk management process include:

  • gathering and analysis of information, related to internal and external factors, which can negatively impact the achievement of the Group’s objectives;
  • identification of the possible level of negative impact of various events to operational and financial results in accordance with applicable risk-assessment methods;
  • setting appropriate risk-tolerance levels;
  • ranging risks according to their significance and probability;
  • making appropriate decisions to manage identified risks;
  • active monitoring of the steps taken to control the most significant risks.
Send E-mail