Technical audits in the railway system. On the regulations on the organization of internal audit in the Russian Railways holding. I. General provisions

There are external and internal audits. External audit is an independent control of a particular activity of an enterprise, which is carried out by specialists invited from outside and certified in the field of accounting, control and analysis of this activity, who have the appropriate licenses or certificates for the right to conduct the relevant audit activity. External audit carried out by an organization independent of the subject being inspected.

Internal audit is control over compliance with the accounting procedures established at the enterprise and the functioning of any management system. This type of audit is organized by the management of the enterprise itself and is carried out in its own interests. In other words, internal audit is one of the ways to monitor the performance of individual parts of the management structure or specific services of an enterprise. The functions of internal audit can be performed by individual auditors invited from outside or working on the staff of the enterprise, as well as audit groups, audit commissions or auditors appointed for these purposes by the management of the enterprise.

Internal audits of the Occupational Health and Safety Management System at JSC Russian Railways are carried out on a scheduled and unscheduled basis.

Conducting scheduled audits of the OSMS includes the formation of an annual program of internal audits, implementation, and provision of control over implementation.

Unscheduled audits may be carried out for the following reasons:

· deterioration of health and safety indicators;

· changes in the structural unit (reorganization, development of new types of services);

· order of the management of JSC Russian Railways.

Today, such a service as an occupational safety audit is becoming increasingly in demand, since optimization of work on the implementation of occupational safety and timely identification of shortcomings in this process ultimately has a positive effect on the efficiency of the enterprise. In this regard, many enterprise managers seek to invite qualified specialists who will conduct a high-quality occupational safety audit and help to properly organize the work process at the enterprise. And, as you know, good working conditions and safety are the key to employees’ conscientious attitude towards their work and increased labor efficiency. In addition, an occupational safety audit is a way to avoid sanctions due to non-compliance with legislation that may be identified at an enterprise during an audit.

Audits at railway transport enterprises are regulated by the following documents:

1. STO Russian Railways 1.15.002–2008 Occupational safety management system at JSC Russian Railways General provisions.

Checking the state of labor protection

Inspection of the state of labor protection includes monitoring the state of conditions and labor protection and monitoring the functioning of the OSMS, which are carried out periodically in all divisions of JSC Russian Railways.

Monitoring of the state of labor conditions and labor protection in JSC Russian Railways is carried out by managers and specialists of the central technical labor center, divisions of the management apparatus of JSC Russian Railways, railways, other branches and structural divisions of JSC Russian Railways, NBT and NODBT in accordance with the standard of JSC Russian Railways .

Monitoring the functioning of the occupational safety and health system, covering all elements of the system, is carried out simultaneously with monitoring the state of labor protection.

The inspection of the state of labor protection is carried out by managers and specialists who have undergone training and testing of knowledge on labor protection.

The results of inspections are documented and communicated to the heads of the departments being inspected.

The inspection reports reflect:

Deficiencies identified during the inspection process;

The effectiveness of the functioning of the OSMS elements in the department being inspected;

The performance of the heads of the audited departments;

Compliance of the activities carried out in the department with the adopted policy, set goals and objectives of the OSMS;

Compliance of the organization of work on labor protection with labor legislation, regulatory legal acts of the Russian Federation and regulatory documents of JSC Russian Railways;

The effectiveness of the participation of department employees in occupational safety management, inspections and analysis of their results;

All documents presented in the catalog are not their official publication and are intended for informational purposes only. Electronic copies of these documents can be distributed without any restrictions. You can post information from this site on any other site.

On approval of the Russian Railways JSC standard “Procedure for conducting audits in standardization departments”

In order to establish general requirements for the procedure for conducting audits in the standardization departments of JSC Russian Railways and to ensure high quality of activities in the field of standardization in JSC Russian Railways:

1. Approve and put into effect from January 1, 2009 STO Russian Railways 1.01.006-2008 “The procedure for conducting audits in standardization departments.”

2. To the Head of the Technical Policy Department of JSC Russian Railways, A.S. Nazarov. organize work to conduct an audit of the standardization divisions of JSC Russian Railways in accordance with the requirements of the standard approved by this order.

3. Heads of departments and departments, railways and other branches, other structural divisions of JSC Russian Railways must ensure compliance with the requirements of the standard approved by this order.

Senior Vice President of JSC Russian Railways V.A. Gapanovich

Standard of JSC Russian Railways "STO Russian Railways 1.01.006-2008"
"The procedure for conducting audits in standardization departments"

1 area of use

This standard establishes the rules for conducting an audit of the organization of work and the performance of functions by divisions of the open joint-stock company "Russian Railways" (hereinafter - JSC "Russian Railways"), carrying out standardization work in accordance with the responsibilities assigned to them (hereinafter - the audit).

The standard is intended for use by divisions of the management apparatus, branches and other structural divisions of JSC Russian Railways.

2. Normative references

This standard uses references to the following standards:

- GOST 1.1-2002 "Interstate standardization system. Terms and definitions";

- GOST R 1.12-2004 "Standardization in the Russian Federation. Terms and definitions."

3. Terms and definitions

This standard uses the terms established by the Federal Law of December 27, 2002 N 184-FZ “On Technical Regulation”, GOST 1.1, GOST R 1.12 and GOST R ISO 9000, as well as the following terms with corresponding definitions:

3.1. Standardization division is a division of JSC Russian Railways or a structural unit of a division of JSC Russian Railways (including a functional branch), or employees of JSC Russian Railways appointed in accordance with the established procedure and responsible for standardization work.

3.2. Audit is a systematic, objective and documented process of checking the divisions of JSC Russian Railways responsible for standardization work in order to determine the degree of compliance with the rules established for them and the performance of the functions assigned to them.

3.3. Audit program - description of activities and measures to conduct a specific audit.

3.4. Technical documentation - design and technological documentation.

4. General provisions

4.1. The basis for conducting audits of standardization departments is the Regulations on the standardization service of JSC Russian Railways. The audit of standardization units is carried out in accordance with the requirements of this standard.

4.2. The purpose of the audit of standardization units is to ensure compliance with the requirements imposed on them, to improve the content and mechanisms of their activities in the field of standardization.

The objective of the audit of standardization units is to verify the success of their duties in standardization work.

4.3. The standardization units of design and engineering and design and technological branches and structural divisions of JSC Russian Railways, standardization divisions at railway branches of JSC Russian Railways, standardization divisions in other functional branches and structural divisions of JSC Russian Railways can be subject to an audit.

4.4. The customer and organizer of the audit of standardization units is the Department of Technical Policy of JSC Russian Railways.

4.5. The audit of standardization departments is carried out in accordance with the annual plan approved by the order of JSC Russian Railways. A draft audit plan is developed by the customer.

The approved audit plan is posted on the information portal organized by the Technical Policy Department of JSC Russian Railways.

4.6. The audit of standardization units is usually carried out as a separate event.

It is allowed to conduct an audit of standardization units as part of an internal audit of the quality management system, or as part of conducting schools of excellence, or as part of audits of the activities of the metrological service.

4.7. The customer can entrust the organization of the audit in the prescribed manner to the scientific and methodological center for standardization, determined from among scientific organizations and institutions with significant experience in the field of standardization.

5. Audit procedure

5.1. In accordance with the annual audit plan, the customer appoints the head of a specific audit team to conduct each audit.

5.2. The head of the audit team forms it from among specialists in the field of standardization and submits it to the audit client for approval.

5.3. After the customer has agreed on the composition of the audit team, the manager distributes specific work among its members.

5.4. The head of the audit team, with the involvement of team members, develops an audit program.

5.5. In general, the audit program should contain:

Purpose of the audit;

Information about the audit client and the unit being audited;

Location of the audit;

Timing of the audit;

Audit criteria;

Conclusion on the elimination of comments on previous audits (if they were carried out).

5.6. The audit program is approved by the head of the audit team from the customer and sent to the standardization unit being audited no later than a month before the start of the audit.

5.7. The head of the audit team establishes working contact with the head of the unit being audited.

In the process of interaction, the heads of the audit team and the audited unit exchange information on aspects of the audit program and the composition of the audit team.

The procedure for providing access to administrative and production premises during the audit process, clarification of the scope of the documentation being audited, the need for and procedure for interaction with accompanying persons () and other organizational and technical issues may be subject to discussion.

5.8. The head of the audited standardization unit, for the sake of objectivity and impartiality of the conclusion based on the audit results, has the right to demand the replacement of members of the audit team for objective reasons (for example, in the case of previous work in the audited organization or in the case of documented information about the unethical behavior of a member of the audit team during previous audits).

Replacement of members of the audit team is agreed upon with the audit client.

5.9. The head of the audit team informs the head of the audited standardization unit about the specific start date of the audit no later than 15 calendar days before the start of the audit.

5.10. In agreement with the head of the audit team, the head of the standardization department or the chief engineer of the structural unit of JSC Russian Railways in which the audit is being conducted appoints specialists to accompany the audit team. These specialists should be relieved of their main duties during the audit.

5.11. The responsibilities of specialists accompanying the audit team include:

Ensuring contacts between audit team members and representatives of the audited unit;

Acting as an audit witness on behalf of the audited unit;

Ensuring that the information collected during inspections is correct;

Providing the necessary organizational assistance to members of the audit team during the audit.

5.12. Before conducting an audit, the audit team should review and review reports from previous audits (if any).

It is permissible to carry out the specified analysis at the audit site, which must be provided for in the audit program.

5.13. During the audit, based on document analysis, interviews and observations, information related to the objectives of the audit is collected and verified.

The analysis is carried out, first of all, by the regulations on the standardization unit or job descriptions of employees responsible for standardization work, their tasks, functions, and responsibilities. This takes into account the peculiarities of the structure and operating conditions of this division of JSC Russian Railways, the nature and volume of production and economic activities.

The audit is subject to activities related to the implementation of standards, the procedure established in the department for conducting an examination of projects of developed regulatory and technical documentation, compliance with the rules of content, updating and updating of the applied fund of regulatory documents, organization of advanced training of personnel in the field of standardization and other issues.

5.14. During the audit, members of the audit team have the right to:

Ask questions related to the objectives of the audit;

Monitor the activities of the unit being inspected and the production environment;

Use documentation related to the audit object; request additional information for audit purposes.

6. Requirements for the audit team

6.1. The head and members of the audit team must have experience in the field of standardization: in the development of standards, their implementation in production and economic processes, examination of draft standards, etc.

6.2. The head and members of the audit team must have a higher education, a total work experience of at least five years and experience in the field of standardization for at least three years.

6.3. Members of the audit team must have knowledge of federal legislation in the field of technical regulation, as well as knowledge of regulatory legal acts in force in the field of standardization, fundamental standards and other documents on the methodology of interstate, national, international and corporate standardization, and master terminology in the field of standardization.

6.4. Before conducting an audit, members of the audit team must study the structure, functions and general business processes of the division of JSC Russian Railways in which the standardization division is being audited, as well as internal production and economic relationships.

6.5. Each member of the audit team must have erudition and observation, ensuring his ability to independently carry out a full cycle of work to conduct an audit of the issue entrusted to him.

6.6. The head of the audit team must have experience in participating in at least two audits of standardization units and must:

Plan an audit;

Organize the work of members of the audit team;

Prevent and resolve conflicts;

Prepare a report in a high-quality manner and on time.

6.7. A member of the audit team must be able to:

Planning and organizing work for specific inspections;

Conducting the audit within the established time frame;

Data collection through interviews, observations and document analysis;

Assessing the sufficiency and acceptability of the data obtained during the audit to develop specific conclusions;

Preparation of audit reports.

6.8. Members of the audit team must constantly maintain their competence through additional training on the development of standardization at least once every five years, and participate in specialized seminars and conferences.

6.9. The head and members of the audit team must maintain the confidentiality of information obtained during the audit process.

7. Audit results

7.1. Information obtained as a result of the audit is subject to analysis for compliance with the requirements.

7.2. Each member of the audit team prepares an initial analysis and corresponding conclusions on the issues assigned to him. The audit team leader holds a team meeting to discuss the performance of each audit team member. In this case, representatives of the audited standardization unit can take part in it.

7.3. Based on the results of the audit, the audit team prepares a conclusion, which in general should contain:

Conclusion on the degree of compliance with the requirements for the standardization unit;

The audit report is signed by the head of the audit team.

7.4. The conclusion based on the audit results is brought to the attention of the head of the structural unit of JSC Russian Railways, to which the audited standardization unit is subordinated.

If you agree with the conclusions of the audit team, the conclusion is signed by the head of the unit being audited. In case of disagreement with the conclusions of the audit report, it is recommended to discuss them together with the head of the structural unit of JSC Russian Railways in order to resolve disagreements.

If an agreement is not reached, then the disagreements are reflected in the minutes of the joint meeting.

7.5. Based on the results of the audit, the audit team draws up a report that reflects:

Purpose of the audit;

Information about the audit client;

Information about the head and members of the audit team;

Data on the timing and location of the audit;

List of inspections carried out;

List of accompanying persons from the unit being inspected;

Information about obstacles encountered during the audit;

Characteristics of unresolved contradictions (with the attachment of the corresponding protocol with disagreements, drawn up with the participation of the inspected structural unit of JSC Russian Railways);

Conclusions based on the results of the audit;

7.6. The report is signed by members of the audit team and submitted to the audit client for approval.

7.7. Based on the approved report, the audit customer prepares an order from the chief engineer of JSC Russian Railways to the head (chief engineer) of the division of JSC Russian Railways, where the audit of the standardization division was carried out, to develop a set of measures to eliminate the shortcomings identified during the audit.

7.8. The developed plan for eliminating deficiencies is agreed upon by the head (chief engineer) of the division of JSC Russian Railways where the audit was carried out with the audit customer and approved by the chief engineer of JSC Russian Railways.

7.9. Within the time period established by the order, the head (chief engineer) of the division of JSC Russian Railways, in whose standardization division deficiencies were noted, reports in writing to the audit customer about their elimination.

7.10. Materials about the audit (program, conclusion, protocols, report on eliminating comments) must be stored in the standardization department of the structural division of JSC Russian Railways and with the audit customer for at least five years, the audit report must be stored with the audit customer for five years.

_____________________________

JSC "RUSSIAN RAILROADS"

ORDER

On the Regulations on the organization of internal audit in the Russian Railways holding company

1. Accept to the management the Regulations on the organization of internal audit in the Russian Railways holding company, approved by the decision of the board of directors of JSC Russian Railways (minutes dated December 7, 2015 No. 22), hereinafter referred to as the Regulations.

2. Heads of the Department for Management of Subsidiaries and Dependent Companies Davydov A.Yu. and the Center for Corporate Management of the Suburban Complex Belyankin A.Yu. initiate corporate events by subsidiaries of JSC Russian Railways to adopt the Regulations for Management.

3. The Regulations on the organization of internal audit in the Russian Railways holding company, approved by JSC Russian Railways on July 6, 2014 No. 286, shall be declared invalid.

President of JSC Russian Railways
O.V. Belozerov

Regulations on the organization of internal audit in the Russian Railways holding company

I. General provisions

1. These Regulations define the goals, objectives, status and procedure for organizing internal audit in the Russian Railways holding company, as well as the powers and responsibilities of the internal audit unit and other internal audit participants.

2. Conducting an internal audit at JSC Russian Railways is entrusted to the Center for Internal Audit "Zheldoraudit" - a structural division of JSC Russian Railways (hereinafter referred to as the Center "Zheldoraudit").

The internal audit division of JSC Russian Railways is created and liquidated on the basis of an order from the president of JSC Russian Railways.

3. These Regulations apply to divisions of the management apparatus of JSC Russian Railways, its branches, and other structural divisions of JSC Russian Railways (hereinafter referred to as divisions of JSC Russian Railways).

In the subsidiaries of JSC Russian Railways, these Regulations are implemented by conducting corporate procedures in accordance with the legislation of the Russian Federation and the regulatory documents of JSC Russian Railways.

The issue of organizing internal audit in the subsidiaries of JSC Russian Railways is considered by the management bodies of the subsidiaries in accordance with the constituent documents and other documents defining the specific features of the work of a particular company.

Conducting internal audits in the subsidiaries of JSC Russian Railways is entrusted to the internal audit units of the corresponding subsidiaries.

4. Changes to these Regulations are made when conditions or events arise that have a significant impact on the activities of internal audit, including:

- changing the goals, objectives and functions of internal audit;

- changes in powers and the emergence of significant restrictions in the activities of internal audit;

- based on the results of assessing the quality of internal audit activities;

- significant changes in the activities and structure of the Russian Railways holding company.

The Director of Russian Railways JSC for Internal Control and Audit and the Head of the Zheldoraudit Center periodically consider the need to amend these Regulations.

The initiators of changes may also be the President of JSC Russian Railways, the Board of Directors of JSC Russian Railways, the Audit and Risk Committee of the Board of Directors of JSC Russian Railways, the Vice President of JSC Russian Railways, which is responsible for internal audit issues. The organization of the development and preparation of proposals to amend these Regulations is entrusted to the head of the Zheldoraudit Center.

Coordination and approval of changes are carried out in accordance with the procedure established by JSC Russian Railways.

5. These Regulations have been developed taking into account the requirements of federal laws and other regulatory legal documents of the Russian Federation, the conceptual framework of professional practice of the Institute of Internal Auditors to the extent that does not contradict Russian legislation, advanced international and domestic practices in the field of internal audit, guidelines and recommendations in the field of internal audit audit of the Ministry of Economic Development of the Russian Federation (Federal Agency for State Property Management) and regulatory documents of JSC Russian Railways.

6. The following terms and concepts are used in these Regulations:

- audit evidence - information obtained during the audit, and the result of the analysis of this information, on which conclusions based on the audit results are based;

- audit procedure - a set of professional actions to collect audit evidence to achieve the objectives of the audit;

- business process - a stable, purposeful set of interrelated actions (sequence of work) carried out with the aim of creating a specific product or service;

- executive management bodies of JSC Russian Railways - the president of JSC Russian Railways, the board of JSC Russian Railways;

- conflict of interest - any situation in which the personal or professional interest of an employee of the internal audit unit may lead to improper performance of his official duties;

- audit model - a list of internal audit objects (business processes, activities, individual projects or initiatives, divisions, business units, responsibility centers, etc.), depending on the approach chosen by the company to their structuring for the purposes of internal audits;

- company - JSC Russian Railways and (or) a subsidiary of JSC Russian Railways;

- object of internal audit - divisions of the management apparatus of JSC Russian Railways, its branches and other structural divisions, subsidiaries of JSC Russian Railways (in accordance with the established procedure), other centers of responsibility, as well as types of activities, business processes, individual projects or initiatives, on which internal audits are carried out;

- internal audit unit - Internal Audit Center "Zheldor-audit" - a structural unit of JSC Russian Railways or an internal audit unit of a subsidiary of JSC Russian Railways;

- internal control procedures (control procedures) - a set of actions and measures aimed at preventing, limiting and preventing risks in the financial and economic activities of JSC Russian Railways (a subsidiary of JSC Russian Railways);

- internal control system - a set of organizational measures, methods, procedures, norms of corporate culture and actions taken by the company (board of directors, other management bodies, management and other employees) to achieve an optimal balance between the growth of the company’s value, profitability and risks, to ensure financial sustainability, efficient management of business activities, safety of assets, compliance with legislation, charter and regulatory documents of the company, timely preparation of reliable reporting;

- a system of internal corporate auditing standards - a set of interrelated regulatory documents that create conditions for organizing and conducting effective internal audit in the Russian Railways holding company;

- risk management system - a set of interrelated procedures, methods and corresponding risk management tools of JSC Russian Railways (a subsidiary of JSC Russian Railways).

II. Definition, goals and objectives of internal audit

7. Internal audit is a process aimed at assisting the board of directors and executive management bodies in increasing the efficiency of company management, improving its financial and economic activities through a systematic and consistent approach to the analysis and assessment of the risk management and internal control system, as well as corporate governance practices as tools for providing reasonable confidence in achieving the goals set for society.

8. The purpose of internal audit is to provide independent and objective information to the board of directors and executive management bodies on the state of financial and economic activities, reliability and efficiency of risk management systems, internal control and corporate governance practices in the company and its subsidiaries to maintain financial stability and improve performance and efficiency of business processes, improvement of activities and achievement of goals set for society.

At the same time, divisions of JSC Russian Railways and subsidiaries of JSC Russian Railways are responsible for building internal control and risk management systems, including identifying and assessing risks, developing and implementing risk management measures.

9. The main objectives of internal audit are:

- organizing and conducting inspections aimed at increasing the efficiency and effectiveness of business processes of the Russian Railways holding company, the reliability of reporting, the safety of assets, compliance with the requirements of the legislation of the Russian Federation and regulatory documents of JSC Russian Railways and its subsidiaries;

- systematic and consistent assessment of the reliability and effectiveness of internal control and risk management systems, as well as assessment of corporate governance practices;

- timely provision of management of JSC Russian Railways (a subsidiary of JSC Russian Railways) with reliable information on the state of financial and economic activities, the efficiency of business processes, the reliability of internal control and risk management procedures, as well as corporate governance in the divisions of JSC Russian Railways (a subsidiary JSC "Russian Railways" company);

- development of proposals and recommendations for improving activities, increasing the reliability and efficiency of the risk management and internal control system, corporate governance practices of the audited entity and (or) society as a whole.

10. To assess the effectiveness of the internal control system, internal audit conducts an audit, including:

- compliance of the goals of business processes, projects, divisions with the goals of society, ensuring the efficiency, reliability and integrity of business processes and information systems, including the reliability of procedures for combating illegal actions, abuse and corruption;

- compliance of the results of the functioning of business processes and the activities of departments with the set goals;

- ensuring the reliability of accounting (financial), statistical, management, production and other reporting;

- the adequacy of the criteria established for analyzing the degree of fulfillment (achievement) of the set goals;

- to identify deficiencies in the internal control system that did not allow (are not allowing) the business process, division or society as a whole to achieve its goals;

- results of implementation of measures to eliminate violations, deficiencies and improve risk management and internal control systems;

- efficiency and expediency of resource use;

- ensuring the safety of assets;

- compliance with the requirements of the legislation of the Russian Federation and regulatory documents of JSC Russian Railways (subsidiaries of JSC Russian Railways).

11. To assess the effectiveness of the risk management system, internal audit conducts an audit, including:

- sufficiency and maturity of the elements of the risk management system for its effective functioning: goals and objectives, infrastructure, including organizational structure, automation tools, etc., organization of processes, regulatory and methodological support, interaction of departments within the risk management system, reporting;

- completeness of identification and correctness of risk assessment by departments and responsibility centers;

- the effectiveness of control procedures and other risk management measures, including the effectiveness of the use of resources allocated for these purposes;

- analyzes information about realized risks (including violations identified as a result of inspections, facts of failure to achieve set goals, cases of litigation and others).

12. To assess the effectiveness of corporate governance practices, internal audit conducts an audit, including:

- compliance with ethical principles and corporate values;

- the procedure for setting goals, monitoring and controlling their achievement;

- the level of regulatory support and procedures for information interaction (including on issues of internal control and risk management) at all levels of management, including interaction with stakeholders;

- ensuring the rights of shareholders, including in subsidiaries, and the effectiveness of relationships with stakeholders;

- procedures for disclosing information about the activities of the company, including its subsidiaries.

III. Internal Audit Accountability

13. The Vice President of Russian Railways JSC, who is in charge of internal audit issues (hereinafter referred to as the supervising Vice President of Russian Railways JSC), leads issues and is responsible for the implementation of internal audit in Russian Railways JSC and (in accordance with the established procedure) in its subsidiaries.

The supervising vice president of JSC Russian Railways coordinates the work of the director of JSC Russian Railways for internal control and audit, as well as the Zheldoraudit Center.

The Director of Russian Railways JSC for Internal Control and Audit organizes the work of conducting internal audits at Russian Railways JSC and (in accordance with the established procedure) in its subsidiaries.

The Zheldoraudit Center, which is responsible for conducting internal audits at Russian Railways JSC, is under the direct supervision of the director of Russian Railways JSC for internal control and audit.

The Zheldoraudit Center is managed by the head of the Center, who is appointed and dismissed by the President of JSC Russian Railways on the recommendation of the Director of JSC Russian Railways for Internal Control and Audit and in agreement with the supervising Vice President of JSC Russian Railways, as well as in the prescribed manner with Audit and Risk Committee of the Board of Directors of JSC Russian Railways.

14. The independence of internal audit at JSC Russian Railways is ensured by the division of administrative and functional accountability of the Zheldoraudit Center.

15. Administrative accountability is expressed in the direct subordination of the Zheldoraudit Center to the director of Russian Railways JSC for internal control and audit, the work of which is coordinated by the supervising vice president of Russian Railways JSC.

The administrative accountability of the Zheldoraudit Center to the supervising vice president of JSC Russian Railways includes, among other things:

- receipt by the supervising vice-president of JSC Russian Railways of reports on the activities of the Zheldoraudit Center;

- consideration and decision-making on the allocation of necessary funds within the approved budget for the implementation of internal audit;

- administration of internal audit strategies, policies and procedures;

- providing support in the interaction of the Zheldoraudit Center with divisions of JSC Russian Railways and (in accordance with the established procedure) with subsidiaries of JSC Russian Railways.

16. The Zheldoraudit Center is functionally accountable to the Board of Directors of JSC Russian Railways (through the Audit and Risk Committee), which means considering and making decisions at meetings of the Audit and Risk Committee on the following issues:

- approval of the Regulations on the organization of internal audit;

- approval of the activity plan of the Zheldoraudit Center;

- approval of the annual budget of the Zheldoraudit Center;

- obtaining information on the progress of implementation of the activity plan of the Zheldoraudit Center;

- approval of a candidacy for the position of head of the Zheldoraudit Center;

- determination of remuneration for the head of the Zheldoraudit Center;

- consideration of significant restrictions on authority and other restrictions that could negatively affect the implementation of internal audit.

17. The independence of internal audit in the subsidiaries of JSC Russian Railways should be similarly ensured by delimiting the administrative and functional accountability of the internal audit unit of the subsidiary.

18. The internal audit divisions of JSC Russian Railways and subsidiaries of JSC Russian Railways do not include divisions and employees whose activities are not related to the implementation of internal audit.

The head of the internal audit unit cannot be assigned responsibilities not related to the implementation of internal audit.

IV. Powers of Internal Audit

19. The Director of Russian Railways JSC for Internal Control and Audit and the Head of the Zheldoraudit Center are authorized to:

- participate in meetings of the Board of Directors of JSC Russian Railways, the Audit and Risk Committee on issues of internal audit, internal control, risk management and corporate governance;

- request and receive any information and materials about the activities of JSC Russian Railways and its subsidiaries necessary to fulfill their official duties;

- get acquainted with current and long-term activity plans, reports on the implementation of plans and programs, draft decisions and decisions of the board of directors of JSC Russian Railways and the executive bodies of JSC Russian Railways;

- bring to the attention of the Board of Directors of Russian Railways JSC, the Audit and Risk Committee and the executive management bodies of Russian Railways JSC proposals for improving existing systems, processes, standards, business methods, as well as provide comments on any issues within the competence of the internal audit;

- involve, in the manner established by the internal regulatory documents of JSC Russian Railways, employees of JSC Russian Railways and third-party experts to carry out inspections and other tasks;

- take part in meetings and meetings of the working bodies of JSC Russian Railways and (in accordance with the established procedure) subsidiaries of JSC Russian Railways, provided that you are not involved in operational activities (committees, commissions, working groups, etc.).

20. The head and employees of internal audit units, within the framework of their powers, have the right:

- request from departments any information necessary to conduct the inspection, receive comments (explanations) on the information provided in written and oral form. In case of failure to provide information or comments (explanations), a corresponding act is drawn up, which is communicated to a senior manager in the prescribed manner;

- make copies of documents, if necessary, use photo and video equipment and other technical means;

- use information resources and software databases, primary documents and other necessary information, accounting, tax, statistical and other reporting of departments;

- freely inspect any premises and territories of departmental facilities during inspections;

- require departments (if necessary) to conduct an unscheduled inventory of property and liabilities;

- as part of the inspections, conduct interviews with department employees;

- request and receive the necessary assistance from employees of the departments in which the inspection is carried out, as well as assistance from employees of other departments on inspection issues;

- carry out other actions necessary to achieve the inspection goals.

21. Managers and employees of internal audit objects when conducting internal audits are obliged to:

- create conditions for the complete and effective conduct of internal audit, as well as ensuring the safety of working materials;

- provide, at the request of internal audit department employees, the necessary information, including primary and other documents on paper and (or) in electronic form;

- present conclusions, reports (acts) based on the results of audits carried out by audit organizations, tax and other state regulatory authorities;

- provide access to internal audit department employees to all information resources used by the internal audit entity;

- provide written explanations on issues arising during the inspection;

- provide access to internal audit department employees to the objects and premises being inspected;

- take the necessary measures to eliminate identified violations, deficiencies in internal control and risk management systems, their causes and consequences.

V. Responsibilities of internal audit

22. The head and employees of the internal audit unit bear, in accordance with the established procedure, responsibility for the quality and timeliness of fulfillment of assigned tasks and functions.

Employees of the internal audit unit must ensure the quality, completeness, reliability and objectivity of the information reflected in the report on the results of the audit.

23. In order to comply with the principle of objectivity and prevent the emergence of conflicts of interest when performing their functions, internal audit employees should not:

- engage in inspection of those areas of activity of departments for which they were previously responsible during the year preceding the inspection;

- participate in the processes of operational activities and management decision-making;

- develop and implement internal control procedures and risk management processes;

- take part in inspections and other tasks if they have a competing professional or personal interest (financial, property, related or any other interest) in the activities of the internal audit objects being audited;

- engage in any activity that could be or be perceived to be prejudicial to their impartiality;

- manage employees of other departments, except for cases when these employees are assigned to participate in the inspection.

24. Employees of internal audit units do not have the right:

- do not disclose all material facts known to them, which, if concealed, may distort the data of the report on the results of the audit;

- accept as a gift anything that could damage the professional opinion of an internal audit employee or be perceived as causing such damage.

25. If there is a conflict of interest or limitation of the powers of internal audit:

- employees of the internal audit unit inform the head of the internal audit unit about any restrictions on their powers and emerging conflicts of interest;

- the head of the internal audit unit informs the sole executive body of the company or other authorized official to whom the unit is administratively accountable.

26. Employees of internal audit departments are not allowed to use confidential and insider information, as well as information constituting a trade secret of JSC Russian Railways (subsidiaries of JSC Russian Railways), obtained as part of inspections, for personal interests or in any other way that contradicts the requirements regulatory legal documents of the Russian Federation or regulatory documents of JSC Russian Railways (subsidiaries of JSC Russian Railways).

Employees of the internal audit department do not have the right to disclose or transfer this information.

27. The rules of conduct for employees of internal audit units and the basic principles that must be observed by them in their professional activities are established in the relevant codes of business ethics for employees of these units.

28. Employees of internal audit units must display professionalism and a responsible attitude to work, have the knowledge, skills and competencies necessary to perform their job duties, and constantly improve them.

29. Internal audit units develop and implement programs to improve the professional level of their employees.

VI. Interaction between internal audit and stakeholders

30. The Zheldoraudit Center, within the framework of its powers, interacts on issues related to internal audit:

- with the Audit and Risk Committee of the Board of Directors of JSC Russian Railways, divisions of JSC Russian Railways, the audit commission of JSC Russian Railways, the external auditor of JSC Russian Railways, other subjects of internal control and risk management, other interested parties, control and other bodies state authorities, local governments, state supervisory authorities;

- in the prescribed manner - with the audit committees of the boards of directors, audit commissions and external auditors of the subsidiaries of JSC Russian Railways.

31. The Zheldoraudit Center carries out general coordination of work in the Russian Railways holding on the development and improvement of methodology, new forms and methods of conducting internal audits and participates in:

- creation of internal audit units in subsidiaries of JSC Russian Railways and organization of their work;

- approval of candidates for heads of internal audit departments of subsidiaries of JSC Russian Railways;

- review and approval of work plans for internal audit departments of subsidiaries of JSC Russian Railways;

- consideration of reports on the results of internal audits conducted by the internal audit departments of subsidiaries of JSC Russian Railways;

- work of audit committees of subsidiaries of JSC Russian Railways (as invited experts);

- the work of the audit commissions of subsidiaries of JSC Russian Railways.

32. Internal audit units of subsidiaries of JSC Russian Railways submit reports on the results of internal and external assessments of the quality of the activities of internal audit units to the Zheldoraudit Center in the prescribed manner.

VII. Quality control and assessment of the activities of the internal audit unit

33. Heads of internal audit units are responsible for the quality of work of these units.

Procedures for quality control of the activities of the internal audit unit must be implemented at all stages of the internal audit. Employees of internal audit departments must continuously improve the efficiency and quality of their work.

34. In order to carry out proper quality control and performance assessment, the internal audit unit develops, approves from the official under whose direct administrative subordination it is located, and implements a quality assurance and improvement program (audit quality assessment and improvement program/program for monitoring the quality of work of the internal audit unit ), including:

- continuous monitoring of the quality of activities of the internal audit unit;

- periodic internal assessments of the quality of work of the internal audit unit (self-assessment), carried out once a year (usually based on the results of the annual Internal Audit Plan);

- external assessments of the quality of the internal audit unit’s activities, conducted by an independent external expert, carried out at least once every 5 years, in order to obtain an independent opinion on the quality of the internal audit function.

35. On a regular basis, the director of Russian Railways JSC for internal control and audit informs the supervising vice president of Russian Railways JSC and the Audit and Risk Committee of the Board of Directors of Russian Railways JSC about activities within the framework of the guarantee and quality improvement program, including results of internal and external assessments of the quality of activities of the internal audit unit.

VIII. Regulatory support of internal audit

36. Internal audit is carried out taking into account best international and domestic practices and is regulated by regulatory documents of the system of internal corporate auditing standards of the Russian Railways holding company.

The development of the necessary methodological and methodological support for internal audit and keeping it up to date is carried out systematically, on an ongoing basis.

37. The system of internal corporate audit standards of the Russian Railways holding includes organizational and administrative documents, standards and practical guidelines for internal audit, creating conditions for the effective conduct of internal audit.

Organizational and administrative documents determine the order of work (organization, activities) and powers of internal audit units, establish uniform, mandatory requirements for the application and execution of the behavior of its employees, as well as the procedure for interaction with the units of JSC Russian Railways and (in the prescribed manner) with subsidiaries companies of JSC Russian Railways and other interested parties. These include:

- regulations on the organization of internal audit;

- regulations on the internal audit unit;

- code of business ethics for employees of the internal audit unit;

- regulations on the departments of the internal audit unit;

- job descriptions of employees of the internal audit unit and other documents.

38. Internal audit standards establish the procedure for carrying out basic and additional sub-processes, including (but not limited to) planning activities and resource management, preparing for an audit, conducting an audit, recording the results of an audit, monitoring the implementation of an action plan developed by the internal audit entity for test results.

Practical guidelines for internal audit (methodological recommendations, standard inspection programs, etc.) represent the methodological basis for organizing and conducting internal audit in certain areas.

IX. The procedure for organizing and conducting internal audit

39. The internal audit division draws up, based on the audit model, a risk-based plan for conducting an internal audit of the most significant areas of the company’s activities, its business processes and other internal audit objects with a high level of risk.

The plan for conducting an internal audit at JSC Russian Railways is formed by the Zheldoraudit Center, taking into account the instructions of the President of JSC Russian Railways, the Audit and Risk Committee of the Board of Directors of JSC Russian Railways, supervising the Vice President of JSC Russian Railways and the Director of JSC Russian Railways internal control and audit and approved by the supervising vice-president of JSC Russian Railways. In addition to scheduled inspections, unscheduled inspections may be carried out on instructions from the President of JSC Russian Railways, the Audit and Risk Committee of the Board of Directors of JSC Russian Railways, and the supervising Vice President of JSC Russian Railways.

The head of the internal audit unit is obliged to ensure the effective use of resources to implement the approved plan.

If necessary, the head of the internal audit unit has the right to involve (in accordance with the established procedure) employees of other units, as well as external independent experts, in participation in inspections.

40. Preparation for an audit includes collecting information about the internal audit object, analyzing risk factors and using information about significant risks inherent in the internal audit object and their assessment, as well as developing audit procedures and other activities necessary to carry out and achieve the goal checks.

41. Conducting an audit involves performing audit procedures, collecting audit evidence and drawing conclusions based on the results of the audit, including a description of violations, risks, deficiencies in internal control systems, risk management and corporate governance practices identified at the internal audit site, and other activities.

Employees of the internal audit unit must:

- collect, analyze, evaluate and document the necessary and reliable information in an amount sufficient to achieve the objectives of the audit;

- formulate conclusions and recommendations, present the results of the audit based on appropriate analysis and assessment of information;

- document relevant information to support the conclusions and results of the audit.

When conducting checks at the proper level, internal audit does not guarantee, however, the identification of all violations, risks and shortcomings of the internal control system, risk management and corporate governance practices.

The head of the internal audit unit organizes proper control over the audit to achieve the set goals and ensure the quality of work.

42. The results of the inspection are presented in the form of a report, which must be reliable, objective, complete and concise. It is not permitted to include conclusions in the report that are not supported by audit evidence.

The format and content of the audit report may vary depending on the type and purpose of the audit.

The report on the results of the audit is drawn up, as a rule, in 2 copies and signed by the head of the audit and the head of the internal audit object.

The period for consideration and signing of the report by the head of the internal audit facility should not exceed 5 days.

If the head of the internal audit object refuses to sign the report or fails to comply with the deadline for signing it, information about this is communicated in the prescribed manner to the superior manager.

Objections from the management of the internal audit entity are made in writing. If necessary, the facts stated in the objections can be verified additionally.

Objections are not subject to consideration:

- submitted after signing the report on the inspection results;

- not having documentary evidence of certified copies of primary documents;

- represented by a person who does not have the authority to act on behalf of the internal audit entity.

43. Bringing the results of the audit to the attention of officials who can ensure their due consideration and develop measures to eliminate violations and deficiencies in internal control systems, risk management and corporate governance practices or ensure the implementation of such measures is carried out in the prescribed manner and in accordance with the rules handling information containing trade secrets.

44. After signing the report on the results of the audit, the head of the internal audit object, within the period established in the report, is obliged to ensure:

- review of the audit results with the participation of the involved managers and employees of the internal audit object;

- development of an action plan based on the results of the inspection (hereinafter referred to as the action plan). The action plan specifies the time frame for implementing measures to eliminate violations and deficiencies and improve internal control systems, risk management and corporate governance practices, as well as the employees of the internal audit facility responsible for their implementation. Activities should be aimed at eliminating the causes and consequences of identified violations and shortcomings, improving systems for accounting and control of financial flows and material resources, preventing financial risks and losses of income, mobilizing economic reserves;

- forwarding (in the prescribed manner) the action plan approved by the head of the internal audit facility to the internal audit unit;

- timely submission (in the prescribed manner) to the internal audit unit of information on the implementation of activities and documents confirming their implementation.

The internal audit unit organizes regular monitoring and systematic control of the implementation by internal audit objects of measures to eliminate violations and deficiencies identified during inspections, improve internal control and risk management systems in order to assess their effective implementation or confirm the acceptance of risk by senior executive management in the event of failure to implement measures .

Registration of activities developed by internal audit objects is carried out by the internal audit unit as such information becomes available and is monitored according to established deadlines. Activity statuses are usually updated quarterly. Systematic monitoring of the implementation of activities implies verification of their actual implementation and achievement of the declared effect from implementation.

The results of the implementation of activities, if necessary, can be additionally verified as part of separate audits by the internal audit unit.

Electronic document text
prepared by Kodeks JSC and verified against:

Economics of railways,
N 4, 2016

Send your good work in the knowledge base is simple. Use the form below

Students, graduate students, young scientists who use the knowledge base in their studies and work will be very grateful to you.

Posted on http://www.allbest.ru/

Introduction

Technicalaudit - This a modern effective procedure that allows you to examine production and engineering systems in order to assess the current state, identify reserves for increasing efficiency, estimate future costs for repair cycles, modernization, energy costs and the introduction of energy saving systems.

The purpose of introducing a technical audit is to increase the level of traffic safety in JSC Russian Railways on the basis of a systematic and consistent analysis and assessment of the activities of structural units to ensure traffic safety.

1. Definition of concepts

Audit (verification) is a systematic, independent and documented process of obtaining audit evidence and evaluating it objectively to determine the degree of compliance with audit criteria.

An auditor is a person who has the competence to conduct an audit.

Security - absence of unacceptable risk of loss.

Safety of traffic and operation of railway transport - a state of security of the process of movement of railway rolling stock and the railway rolling stock itself, in which there is no unacceptable risk of transport accidents and their consequences entailing harm to the life or health of citizens, harm to the environment, property of individuals or legal entities persons (Federal Law of January 10, 2003 N 17-FZ).

Train traffic safety is the ability of a train to be in a non-hazardous state during the estimated time, when there is no threat to the safety of the lives and health of passengers, technical personnel, the population, the safety of cargo, business facilities, and technical means of the transport system.

Verification is confirmation, based on the provision of objective evidence, that specified requirements have been met.

Internal audits (inspections) are audits conducted for internal purposes by the organization itself or on its behalf.

Audit findings (observations) are the result of evaluating the collected audit evidence in relation to the audit criteria.

Technical audit group (audit team) - one or more auditors conducting the audit, supported by technical experts if necessary.

Audit Conclusion - The audit output presented by the audit team after considering the audit objectives and all audit findings.

Competence is demonstrated personal qualities and a demonstrated ability to apply one's knowledge and skills.

Audit criteria are a set of policies, procedures or requirements.

Non-compliance is failure to comply with a requirement.

Scope of the audit - the content and boundaries of the audit.

Audit plan - a description of the activities and measures for conducting the audit.

A representative of the audited unit (hereinafter referred to as the representative) is a specialist of the audited unit who is appointed by the head of the unit to accompany the auditor and answer questions posed by him.

The audited division is the division of the enterprise in which the audit (inspection) is carried out.

An audit program is a set of one or more audits planned for a specific time interval and aimed at achieving a specific goal.

Audit evidence is records, statements of fact, or other information that are relevant to the audit criteria and can be verified.

Traffic safety management system (traffic safety management system) is a set of interrelated and interacting control elements in relation to ensuring traffic safety, including elements: structure, functions, resources, activities for planning, implementation, monitoring and improvement of traffic safety processes.

Technical audit of the traffic safety management system is an independent examination carried out by conducting scheduled, unscheduled, comprehensive and thematic inspections of the traffic safety management system, carried out to assess the technical condition of railway transport facilities and aimed at preventing negative phenomena and trends in the production field, as well as increasing the level of traffic safety.

A technical expert is a person who provides the engagement team with knowledge or experience on a specialized issue.

2. Audit Responsibilities and General Provisions

Table 1

Responsibility for the main types of technical audit activities in the traffic safety management system of JSC Russian Railways

The priority areas when conducting a technical audit of the traffic safety management system (hereinafter referred to as the technical audit) are:

Prevention of failures in the traffic safety system and risk reduction;

Analysis and assessment of the traffic safety system at the enterprise being audited;

Analysis and assessment of the effectiveness of the current risk management system;

Ranking of processes in accordance with security risks, highlighting processes and services with high risks of security violations;

Assessing the effectiveness of applied preventive measures to reduce risks;

Assessing the effectiveness of corrective actions taken by the process manager;

The model for organizing and monitoring traffic safety includes: an audit apparatus, a technical audit of the traffic safety management system, a situation center at both the network and regional levels (Figure 1).

Figure 1 Model of a traffic safety management system

When conducting a technical audit of a DBMS, it is necessary to:

Based on an analysis of factors, evaluate the traffic safety system at the audited enterprise;

Assess the effectiveness and efficiency of the current risk management system;

Assess the effectiveness and efficiency of corrective actions taken by the process manager.

Technical audit of structural divisions of various forms of ownership is carried out as follows:

In the case of contractors - approval at the stage of concluding a contract and immediately before work is carried out;

With subsidiaries and dependent companies (SDCs) - technical audit (by agreement);

With the structural divisions of JSC Russian Railways - internal technical audit;

Work with contractors (based on contractual work with contractors) includes 2 stages.

At the first stage, a technical audit is carried out at the stage of concluding a contract and participating in the tender commission for compliance (availability):

License (certificate) to carry out work;

Resources and technologies (what and how to fulfill the planned volume);

Previously existing claims against the relevant organization (if any, what corrective measures were taken and whether the damage caused was recovered).

Depending on compliance (availability) or non-compliance with the established requirements, approval or refusal of approval to participate in the tender is given.

At the second stage, a technical audit is carried out immediately before work is carried out. The availability of all necessary documents is checked:

Project for the execution of work;

Agreements for technical acceptance;

A work plan agreed upon with related services, and the readiness of related services, telegrams for the provision of those responsible (do these responsible people know about the upcoming work, do they plan to participate in this process);

The availability of resources is checked (readiness of equipment, people, etc.).

If the specified documents are available and they comply with the established requirements, a permit to carry out work is issued, otherwise the work is prohibited.

According to methods for identifying inconsistencies and their analysis, technical audit is divided into two levels (Figure 2).

Figure 2 Levels of technical audit

3. Conducting a technical audit

The head of the technical audit group holds a preliminary meeting with the participants of the unit being audited (the process owner).

In accordance with the technical audit plan, a group of auditors conducts a study of the unit being audited (process owner) (surveys, observations, examination and analysis of documentation and activities performed at the audited sites, implementation of corrective and preventive actions). During an audit, auditors record observations.

Auditors document audit results in worksheets.

Based on the study of the data obtained during the audit, a preliminary analysis of the results obtained is carried out.

Based on the results of the analysis, the head of the technical audit group makes a decision on including the results obtained in the report.

In accordance with the audit plan, the head of the technical audit group holds a final meeting with the participants of the audited unit (the process owner). Following the meeting, a protocol of the established form is drawn up.

At the final meeting, the head of the technical audit group presents the identified inconsistencies, possible risks for the DBMS, and auditors’ proposals for corrective and preventive actions.

4. Analysis of audit results

technical audit traffic safety

The head of the audited department (process owner) analyzes the report within a week (analysis of the causes and discussion of actions to eliminate inconsistencies).

The head of the audited department (process owner) determines corrective actions (CA) to eliminate identified inconsistencies.

The head of the unit being audited (process owner) coordinates the design documentation with the head of the technical audit group.

In accordance with the deadlines established in the Nonconformity Registration Card, the head of the inspected unit (process owner) carries out corrective actions.

In accordance with the established deadlines, the head of the department (enterprise) monitors the implementation of design documentation and their effectiveness.

After the results of the design work are presented, information about the execution of the design work is entered into the journal

5. Summing up the results of the technical audit

The result of the technical audit is the auditors’ conclusion on the level of guaranteed safety and reliability of the transportation process in the audited unit, an assessment of the manager’s work in analyzing inconsistencies identified during all types of inspections: technical audits of levels 1 and 2 and inspections by supervisory authorities, as well as in performing corrective actions.

6. Completion of technical audit

A technical audit is considered complete when all activities included in the audit plan have been completed and the audit report has been submitted to the involved services.

7. Corrective and preventive actions

A technical audit is based on preventing problems. When identifying a problem, the following are of particular importance:

Early detection of the problem;

Its depth;

Finding its root cause;

Preventing relapses.

During a technical audit, the implementation of corrective and preventive actions on inconsistencies identified by process owners (heads of departments), when identifying problems by situation centers, during audits and previous technical audits is verified.

The head of the unit being inspected is responsible for ensuring the planning and implementation of corrective actions, and also determines the need for preventive actions.

Planning and implementation of corrective actions includes:

Analysis of the causes of non-conformity;

Implementation of measures to mitigate the impacts (correction - elimination of consequences) of the identified non-compliance;

Assessing the need to develop and plan corrective actions, the timing of their implementation, necessary to eliminate the causes of nonconformities and identifying those responsible for implementing corrective actions;

Implementation of planned corrective actions.

Planning and execution of preventive actions includes:

Determining the area for taking preventive actions (analysis of potential nonconformities);

Implementation of measures aimed at preventing non-conformities.

The head of the technical audited object organizes an analysis of the causes of identified inconsistencies, if necessary creating a working group with the involvement of auditors, managers and specialists of the involved services to make a collegial decision.

The results of the analysis of the causes of identified inconsistencies serve as the basis for the development of corrections, corrective and preventive actions.

The results of the cause analysis are documented in a protocol.

To decide on the need for preventive actions, the risks of problems occurring are assessed in the following sequence:

Risk identification;

Arranging them in a hierarchical sequence;

Assessment of the significance of risk according to certain criteria;

Setting a goal to reduce the significance of the risk;

Determining means of reducing significance in relation to these goals;

Planning and implementation of processes that contribute to the achievement of set goals.

Measures to eliminate the consequences of identified nonconformities must be carried out as soon as possible.

The proposed corrective (preventive) action must meet the following requirements:

Validity, that is, it must be well-reasoned, based on convincing evidence;

Feasibility, that is, it must take into account the practical possibilities of its implementation;

Consistency, that is, it should not contain measures that are incompatible or inconsistent with other measures in the management system;

Targeting, that is, to provide for its specific performers in accordance with their competence and job responsibilities;

Certainty in time, that is, it must contain specific deadlines for its implementation;

Timeliness, that is, it must be taken at the appropriate time and not allow further complications of the problem;

Effectiveness, that is, it must provide for an effective result during its implementation.

In case of implementation of a correction, the head of the audited object is obliged to provide the head of the technical audit department with information about the implementation of the correction (fax, e-mail, etc.).

Based on an analysis of the causes of the identified nonconformity, the manager of the inspected facility makes a decision on the need to take corrective (preventive) actions.

If necessary, a cross-functional working group is created with the involvement of specialists from the involved services and auditors.

Based on the proposals of the cross-functional working group, the head of the inspected facility develops a plan of corrective and preventive actions.

The head of the inspected facility must agree with the head of the technical audit group (by fax, e-mail) on an action plan for corrective (preventive) actions no later than 10 days from the date of signing the non-conformity registration card.

The corrective (preventive) action plan must include the following columns:

Corrective (preventive) actions;

Implementation period;

Personnel responsible for performing corrective (preventive) actions.

In case of disagreement between the head of the technical audit group and the head of the audited object, the decision on corrective/(preventive) actions is made by the head of the structural unit to which the audited object belongs.

The head of the audited entity must ensure the implementation of planned corrective (preventive) actions within the timeframe agreed with the head of the audit team. If the manager of the inspected facility cannot carry out corrective (preventive) actions at his level, he is obliged to notify senior management about this in writing.

The head of the inspected facility is obliged to provide the head of the technical audit group with information about the implementation of corrective (preventive) actions within 10 days from the date of implementation of the corrective (preventive) action.

If corrective (preventive) actions are not completed on time, the head of the technical audit group and the head (representative) of the audited object analyze the reasons for the untimely implementation of measures, agree on new deadlines and measures for the implementation of corrective (preventive) actions.

Literature

1. Osipov S. A. Technical operation of railways and traffic safety [Electronic resource]: automated training system (for professions by order of JSC Russian Railways dated March 26, 2013 No. 731r Appendix 3) / S. A. Osipov, V. K. Safronov ; Training and methodological center for education in railway transport. Prog. St. Petersburg: Educational and Methodological Center for Education in Railway Transport, 2001 - 2013.

2. JSC "Russian Railways". On organizing and equipping production facilities, conducting internal technical audits, implementing corrective and preventive actions in locomotive, carriage and infrastructure complexes [Text]: Order of JSC Russian Railways dated November 21, 2012 No. 2349r / JSC Russian Railways. Ekaterinburg: UralYurIzdat, 2014. 35 p.

3. Order No. 1887r dated September 2, 2013 On approval of the methodology for determining cause-and-effect relationships of traffic safety violations.

4. Order dated November 6, 2013 N TsD-238 r On the entry into force of the Regulations on the procedure for organizing and conducting internal technical audits in the safety management system of the Central Traffic Control Directorate - a branch of JSC Russian Railways.

5. Order No. 1498 r dated July 4, 2013 On approval of the Guidelines for the creation of a traffic safety management system in the Russian Railways holding company.

6. Ministry of Transport of the Russian Federation Order No. 344 dated December 18, 2014 On approval of the Regulations on the classification, procedure for investigation and recording of transport accidents and other events related to violation of traffic safety rules and operation of railway transport.

8. GOST R ISO 19011-2012 Guidelines for auditing management systems.

9. Standard of JSC Russian Railways STO RZD 05.514.1-2014 Audits in the traffic safety management system of JSC Russian Railways. Basic provisions.

10. Standard of JSC Russian Railways STO RZD 1.02.514.3-2014 Audits in the traffic safety management system of JSC Russian Railways. Requirements for auditors.

11. Standard of JSC Russian Railways STO RZD 1.05.502-2007 Internal audits of the processes of the corporate integrated quality management system of JSC Russian Railways. Requirements for auditors.

12. Standard of JSC Russian Railways STO Russian Railways 1.05.509. 16-2008 Supply efficiency management system. Guidelines for conducting audits of the quality management system of suppliers and manufacturers.

13.Standard of JSC Russian Railways STO Russian Railways 1.05.514. 4-2008 Locomotive quality assurance system. Methodology for conducting audits of locomotive manufacturers.

14. Standard of JSC Russian Railways STO Russian Railways 1.05.501-2007 Internal system audits of the corporate integrated quality management system of JSC Russian Railways. Basic provisions.

15.Standard of JSC Russian Railways STO RZD 1.15.005-2009 System of internal audit of occupational health and industrial safety management in JSC Russian Railways.

Posted on Allbest.ru

...

Transcript

1 PRACTICE OF JSC RUSSIAN RAILWAYS MOSCOW

2 For Russia, with its vast territories, the railway complex is of particular importance. It ensures the stable operation of industrial enterprises, timely delivery of vital goods to the most remote corners of the country, and is also the most affordable transport for millions of citizens. Russian railways turned 175 last year. We became a joint stock company on October 1, 2003 in accordance with Decree of the Government of the Russian Federation of September 18, 2003 No. 585, transforming from the Ministry of Railways of Russia (MPS of Russia). The founder and sole shareholder of JSC Russian Railways is the Russian Federation. On behalf of the Russian Federation, the powers of the shareholder are exercised by the Government of the Russian Federation, the Board of Directors appointed by it and the board headed by the President. The company's property was formed by introducing into the authorized capital of JSC Russian Railways the assets of 987 federal railway transport organizations owned by the state. The creation of JSC Russian Railways was the result of the first stage of reform of the railway industry. 2

3 RUSSIAN RAILWAYS HOLDING IS ONE OF THE WORLD’S THREE LEADING RAILWAY COMPANIES 85.2 thousand km of railways Annual income over 1.6 trillion. rub. 30% of passenger turnover 1.2 million employees 44% of freight turnover Contribution to Russia's GDP about 2% Operates 1.1 million freight cars Freight, passenger, shunting locomotives 20.2 thousand Passenger and commuter cars 70 thousand 3

4 BUSINESS ARCHITECTURE OF THE RUSSIAN RAILWAYS HOLDING 4

5 IMPORTANCE OF THE SYSTEM OF INTERNAL AUDIT AND CONTROL IN THE RUSSIAN RAILWAYS HOLDING ENSURING OPERATIONAL EFFICIENCY AND FINANCIAL STABILITY TRANSFORMATION OF FINANCIAL ARCHITECTURE AND ENTERING INTERNATIONAL FINANCIAL MARKETS DOMESTIC A AUDITING AND CONTROL INCREASING INVESTMENT INFLOW AND MARKET VALUE GROWTH 5

6 ORGANIZATIONAL AND FUNCTIONAL STRUCTURE OF INTERNAL AUDIT AND CONTROL DIVISIONS IN JSC "Russian Railways" Audit Committee of the Board of Directors of JSC "Russian Railways" President of JSC "Russian Railways" Director of JSC "Russian Railways" for Internal Control and Audit CENTER "ZHELDORCONTROL" CENTER "ZHELDORAUDIT" 17 REGIONAL MANAGEMENT 6

7 DIRECTOR OF INTERNAL CONTROL AND AUDIT OF JSC "Russian Railways" Center "Zheldorkontrol" Center "Zheldoraudit" Department for monitoring the implementation of investment projects and other capital investments Department for comprehensive inspections at railway test sites Department for control of FCD of production and economic units Department for control of the completeness of revenue receipts Department for control of FCD of JSC divisions "Russian Railways" Department of Legal and Documentation Support Organizational and Analytical Department Personnel Management Department Financial and Economic Support Department Operational and Financial Audit Department Department of Internal Control and Risk Management Systems Assessment Department of Audit for Compliance with Regulatory Documents and Fraud Risk Assessment Department of Internal Audit Methodology and Interaction with Audit Committee of 17 REGIONAL DEPARTMENTS ST. PETERSBURG, KALININGRAD MOSCOW NIZHNY NOVGOROD YAROSLAVL ROSTOV-ON-DON VORONEZH SARATOV SAMARA EKATERINBURG CHELYABINSK NOVOSIBIRSK KRASNOYARSK IRKUTSK CHITA KHABAROVSK SOUTH -SAKHALINSK 7

8 INTERNAL AUDIT CREATES MECHANISMS THAT PROVIDE CONFIDENCE IN ACHIEVING SET GOALS IN THE MOST EFFECTIVE WAY 1. ANALYSIS AND EVALUATION OF INTERNAL CONTROL SYSTEMS 2. ANALYSIS AND EVALUATION OF CORPORATE GOVERNANCE SYSTEMS, INCLUDING ISLE SUBSIDIARIES PRIORITY AREAS OF INTERNAL AUDIT 3. ANALYSIS AND EVALUATION OF RISK MANAGEMENT SYSTEMS 4. IDENTIFICATION OF CASES OF ABUSE 5. AUDIT OF COMPLIANCE WITH TAX LEGISLATION 6. MONITORING THE ELIMINATION OF IDENTIFIED VIOLATIONS AND DISADVANTAGES 7. INTERACTION WITH EXTERNAL AUDIT 8

9 ORGANIZATION AND CONDUCT OF INTERNAL AUDIT IN JSC "Russian Railways" Planning of activities and resource management of the internal audit unit Planning of internal audits Conducting internal audits Preparing a report on the results of an internal audit Organizing and monitoring the implementation of the action plan to eliminate violations, deficiencies and improve implementation of the internal control system Preparation of reports on the results of the activities of the internal audit unit 9

10 STAGES OF THE INTERNAL AUDIT PROCESS (PERFORMANCE STANDARDS) Planning Audit projects (proposals) Internal audit plan Internal audit schedule Preparation for the audit Plan Audit program Audit work programs Individual assignment Orders/instructions of the audit Conducting an audit Documenting the results of audit procedures Register of identified violations , disadvantages and risks 10

11 STEPS OF THE INTERNAL AUDIT PROCESS (PERFORMANCE STANDARDS) (CONTINUED) Registration of audit results References Local reports Inspection report Inspection report Classifier Monitoring the elimination of violations and deficiencies Action plan for eliminating violations Report on the implementation of measures Report on verification of the elimination of violations 11

12 STRUCTURE OF THE CORPORATE SYSTEM OF INTERNAL AUDIT STANDARDS CORPORATE SYSTEM OF INTERNAL AUDIT STANDARDS OF THE RZD HOLDING GLOSSARY OF TERMS AND DEFINITIONS OF INTERNAL AUDIT ADMINISTRATIVE REGULATIVE DOCUMENTS INTERNAL ESSENTIAL AUDIT BASIC STANDARDS OF INTERNAL AUDIT ADDITIONAL STANDARDS OF INTERNAL AUDIT METHODOLOGICAL INSTRUCTIONS METHODOLOGICAL INSTRUCTIONS PRACTICAL GUIDELINES PRACTICAL GUIDELINES 12

13 INTERNAL AUDIT STANDARDS APPLIED IN THE RUSSIAN RAILWAYS HOLDING Classification 1. General standards 2. Working standards 3. Specialized standards Types of standards Code of Ethics for Internal Auditors Regulations on Internal Audit Personnel Training Standard Professional Development Standard Internal Audit Quality Standard Internal and External Assessment Standard Glossary, goals, etc. Planning standards Standards for audit performance Reporting standards Standards by type of activity Standards by object of accounting Standards for certain areas of internal audit 13

14 GRAPHICAL DIAGRAM OF THE STANDARD “CONDUCTING INTERNAL AUDITS” Set of rules for modeling processes and business architecture of JSC Russian Railways (Order of JSC Russian Railways dated 8r) 14

15 INTERNAL AUDIT GRAPHIC DIAGRAM OF THE STANDARD “PREPARATION OF A REPORT ON THE RESULTS OF AN INTERNAL AUDIT” Code of rules for modeling processes and business architecture of JSC Russian Railways (Order of JSC Russian Railways dated 8r) 15

16 OPERATIONAL AUDIT IN ACCORDANCE WITH THE SYSTEM OF INTERNAL AUDITING STANDARDS AT JSC Russian Railways Conducting operational audits in accordance with the approved plans of the Zheldoraudit Center Risks of business processes Internal control procedures Owners of risks and controls Formation of a risk register for internal audit purposes based on data: - Business risks -processes identified during current audits and according to individual audits of previous years; - Analysis of identified violations; - Analysis of regulatory documents in the areas of activity of JSC Russian Railways; - Interviews with heads of structural divisions (if necessary). - Determination of “uncovered” significant risks in the business processes of JSC Russian Railways; - Formation of a risk register indicating those responsible for control Violations Recommendations based on the results of audits aimed at eliminating violations and proposals for changes in the business process Disadvantages of the internal control system Proposals for strengthening control procedures in areas of the business process where violations were identified - Monitoring action plan; - Register of “uncovered” risky business processes of JSC Russian Railways for the formation of an audit plan; - Systematization of audits of previous years by type and business processes and the formation of a unified audit model of JSCo Russian Railways Results Materials of audits Classification of identified violations and deficiencies of the internal control system Register of “uncovered” risk business processes of JSCo Russian Railways Action plan for eliminating identified violations and introducing changes in the business process Measures to improve internal control and risk management systems of audited business processes Updating the audit model 16 Proposals for the draft audit plan

17 GOALS AND RESULTS OF BUILDING A UNIFIED RISK-ORIENTED SYSTEM OF INTERNAL AUDIT AND CONTROL IN THE RUSSIAN RAILWAYS HOLDING 17

18 RISK-ORIENTED INTERNAL CONTROL SYSTEM Implementation of internal control is the task of each and every employee in the company, regardless of position BUILDING AND MAINTAINING AN EFFECTIVE INTERNAL CONTROL SYSTEM DIRECT AND IMMEDIATE RESPONSIBILITY OF THE COMPANY MANAGEMENT Delegation of responsibility by management for building a control system is being transformed in abdication of responsibility If responsibility for internal control will be borne by a separate division, then only it will deal with control issues 18

19 MAIN AREAS OF ASSISTANCE OF THE INTERNAL CONTROL AND AUDIT SERVICE TO THE COMPANY’S RISK MANAGEMENT ACTIONS / STEPS Providing information on existing and newly identified risks that require measures to reduce them Systematization and transfer of accumulated experience on procedures and their sequence for identifying and analyzing risks, conducting assessments anti-risk measures Recommendations for the formation of monitoring and information support for the risk management process, within the framework of which all corporate information on risks will be consolidated Submission of proposals for the formation of corporate risk management regulations for JSC Russian Railways Participation in the development of a draft regulatory document on the procedure for interaction of divisions of JSC Russian Railways with Center "Zheldorkontrol" when implementing risk management procedures WHY IS THIS IMPORTANT? Formation of a register of typical risks of JSC Russian Railways, risk maps (risk matrices), risk passports and documents regulating the procedure and regularity of their updating Development of methodological documents on risk management for structural divisions of JSC Russian Railways Creation of a monitoring and information support system for the risk management process Creation organizational infrastructure for risk management of JSC Russian Railways Formation of regulatory documents on the procedure for interaction of divisions of JSC Russian Railways in the process of risk management 19

20 FUNCTIONS OF INTERNAL AUDIT WITHIN THE FRAMEWORK OF THE MODEL OF THE INTERNAL ACCOUNTING CONTROL SYSTEM OF JSC RZD 20

21 The role of internal audit in the vertically integrated company of the Russian Holding Type Russian Railways Holding OJSC Russian Railways (main society) pursuing a unified policy under the holding based on the contracts between the main and subsidiaries the larger company and the more separate divisions, all the more in demand are the functions of independent assessment and an objective information source performed by internal audit. The importance of internal audit is determined by the need for the parent company to receive timely and objective information about the activities of branches and subsidiaries SUBSIDIARIES AND DEPENDENT COMPANIES OF JSC Russian Railways Corporate governance and control based on participation in authorized capital Development of a holding structure requires comprehensive and formalized control over cash flows, management system and financial condition of each business unit included in the group structure 21

22 PARTICIPATION IN THE AUDIT COMMISSIONS OF SDCs OF JSC "Russian Railways" 18 SDCs WITH AN EXTENSIVE NETWORK OF BRANCHES Standard regulations on the audit commission More than 118 SDCs Development of internal normative documents regulating the activities of the audit commission Methodological recommendations for conducting audits Standard format for the conclusion of audit commissions B 75 EMPLOYEES OF THE CENTERS ELECTED BY THE PRESIDENT GIVERS AUDIT COMMISSIONS Internal regulations for organizing the work of audit commissions 22

23 IMPLEMENTATION OF AN AUTOMATED SYSTEM FOR INTERNAL AUDIT AND CONTROL (SOLUTION ARCHITECTURE) 23

24 PRACTICAL APPLICATION Workplace of the Inspection Manager 24 Monitoring the status of local reports; Coordination of local reports, sending for revision; Drawing up a summary report; Control of reporting forms and more.

25 RESULTS ACHIEVED WHEN USING ASP VAK OPERATIONAL CONTROL OVER INTERNAL AUDIT PROCESSES STANDARDIZATION OF REPORTING FORMS BASED ON AUDIT RESULTS QUALITY CONTROL OF AUDIT PROCEDURES REDUCED PROCESSING TIME CM AND FORMATION OF AUDIT RESULTS OPERATIVE ANALYSIS OF AUDIT RESULTS INCREASING THE EFFICIENCY OF DECISION MAKING AND INFORMATION TRANSMISSION POSSIBILITY OF WORKING IN OFF-MODE LINE IN THE ABSENCE OF THE SPD NETWORK OF JSC Russian Railways ENSURING SECURITY AND CONFIDENTIALITY OF INFORMATION 25

26 RELEVANCE OF IMPROVING THE COMPLIANCE SYSTEM MODERN TRENDS AND TRENDS STAKEHOLDERS Extraterritorial application of legislative acts of foreign states International community Strengthening the fight against corruption Reducing the possibilities of budget financing State Strengthening institutions of public control Civil society Development of foreign economic activity Management of JSC Russian Railways 26

27 BLOCK FUNCTIONAL MODEL OF MONITORING MEASURES TO PREVENT AND SUPPRESS INTERNAL CORPORATE FRAUD AND CORRUPTION IN JSC "Russian Railways" Active model of the Fraud Prevention Program Typical model Committing fraud Investigation Appropriate actions Resolving the problem Analysis Informing Improving control methods Checking their suitability Professional training Conducting active audits Aspect s corporate policies clear understanding of fraudsters' behavior patterns constant dissemination of positive information reflecting company policy application of sanctions publicizing information about existing sanctions Motivation Corporate spirit Respect from society Important and valuable work Adequate resources Humane and dignified management Payment Working conditions Elements of standards for the prevention of abuse specific actions are defined who violate established ethical standards it is indicated that dishonest behavior will be punished contains information about the mechanism existing in the Organization for reporting unethical behavior 27

28 AN INTEGRATED APPROACH TO BUILDING AN ANTI-CORRUPTION COMPLIANCE SYSTEM I. Formation of a list of requirements for organizing the company’s anti-corruption compliance system VI. Implementation of the program for introducing and monitoring the quality of implementation of the system of anti-corruption measures II. Diagnostics of the elements of the anti-corruption system and the level of corruption risk V. Development of a program for introducing and monitoring the quality of implementation of the system of anti-corruption measures III. Development of a list (system) of anti-corruption measures IV. Development of regulatory documents to ensure the implementation of anti-corruption measures 28

29 CONCEPTUAL-LOGICAL SEQUENCE OF PROJECT IMPLEMENTATION Development of main activities directly related to the description of existing and new processes Development of a conceptual and methodological basis for the Anti-Corruption Compliance System, a set of special programs and internal audit procedures for the prevention, prevention and suppression of facts (DESIGN AND DEVELOPMENT OF THE PROJECT) Development of preparatory activities development of a set of measures to inform and train employees of JSCo "Russian Railways" (DEPLOYMENT OF THE PROJECT) Supporting measures development of regulatory and methodological documents to counter the risks of bribery and corruption (OPERATION OF THE PROJECT) Activities for testing the effectiveness Assessment and analysis of the system for countering the risks of bribery and corruption of JSCo "Russian Railways" (PROJECT OPERATION) 29

30 LIST OF BASIC DOCUMENTS ENSURING THE IMPLEMENTATION OF ANTI-CORRUPTION MEASURES ANTI-CORRUPTION POLICY OF JSCo "Russian Railways" CHANGES AND ADDITIONS TO THE CODE OF BUSINESS ETHICS OF JSCo "Russian Railways" TO CREATE AN ETHICAL BASIS FOR THE PREVENTION OF CORRUPTION ORGANIZATIONAL AND FUNCTIONAL STRUCTURE OF ANTI-CORRUPTION COMPLIANCE SYSTEM: SUBJECTS OF THE SYSTEM, THEIR ROLES AND POWERS PROCEDURE DISCLOSURE OF JSC "Russian Railways" INFORMATION ABOUT MEASURES DIRECTED TO COUNTER BRIBERY AND CORRUPTION PROCEDURE FOR AN ANTI-CORRUPTION EXAMINATION OF DRAFT INTERNAL REGULATIVE DOCUMENTS OF JSC "Russian Railways" EMPLOYEE INFORMATION PROGRAM OV WITHIN THE FRAMEWORK OF PREVENTION OF CORRUPTION ACTIONS, CHANGES AND ADDITIONS TO BE INTRODUCED TO THE CORPORATE LEVEL DOCUMENTS OF JSC "Russian Railways", DIRECTED TO REDUCE THE RISKS OF CORRUPTION IN THE HOLDING 30

31 SET OF MEASURES TO FORM A UNIFIED RISK-ORIENTED SYSTEM OF INTERNAL AUDIT AND CONTROL IN THE RUSSIAN RAILWAYS HOLDING EFFECTIVE USE OF RESOURCES INVESTMENT ATTRACTIVENESS FINANCIAL STABILITY EFFECTIVE MANAGEMENT Drive of creation DEVELOPMENT OF AN EFFECTIVE CONTROL SYSTEM FOR THE ACTIVITIES OF SDCs DEVELOPMENT OF REGULATIONS ON THE CENTERS "ZHDK", "ZhDA" DEVELOPMENT OF REGULATIONS ON RESPONSIBILITY CENTERS DEVELOPMENT OF REGULATIONS ON ICS IN THE RUSSIAN RAILWAYS HOLDING STRENGTHENING THE CONTROL VERTICAL CREATION OF A SYSTEM FOR EVALUATING INTERNAL CONTROL PROCEDURES BY INTERNAL AUDIT DEVELOPMENT OF A PROCEDURE FOR ORGANIZING A RISK-ORIENTED ICS CREATION OF A UNIFIED METHODOLOGIES OF VA AND VC IN THE RUSSIAN RAILWAYS HOLDING DEVELOPMENT OF INTERNAL CORPORATE STANDARDS 31

32 TARGETS FOR THE DEVELOPMENT OF INTERNAL AUDIT AND CONTROL IN THE RUSSIAN RAILWAYS HOLDING TO CREATE AND STRENGTHEN THE COMPANY’S CONTROL VERTICAL BASED ON COMPLIANCE WITH THE PRINCIPLES OF INDEPENDENCE AND OBJECTIVITY INCREASE THE EFFECTIVENESS OF CORPORATE GOVERNANCE AND OBSERVATION PROVIDING THE COMPANY'S TOP MANAGEMENT WITH RELIABLE INFORMATION FOR MAKING MANAGEMENT DECISIONS TO ENSURE A SIGNIFICANT REDUCTION OF THE SIGNIFICANCE OF THE RISKS OF ILLEGAL ACTIONS AND PREVENTION POSSIBILITIES OF ABUSE (INTERNAL CORPORATE FRAUD) TO FORM A UNIFORM INTERNAL CONTROL AND AUDIT SYSTEM ADEQUATE TO MODERN, CONSTANTLY CHANGING ECONOMIC CONDITIONS TO ENSURE INCREASED ECO NOMICAL STABILITY, TRANSPARENCY OF FINANCIAL ACTIVITIES AND MARKET VALUE OF THE COMPANY, SAFETY, TARGETED AND EFFECTIVE USE OF FINANCIAL AND MATERIAL RESOURCES. 32

33 PRIORITY PROJECTS FOR DEVELOPMENT AND IMPROVEMENT OF INTERNAL AUDIT IN JSC Russian Railways 1. IMPROVEMENT OF THE ORGANIZATIONAL AND METHODOLOGICAL BASIS OF INTERNAL AUDIT AND CONTROL 4. AUTOMATION OF INTERNAL AUDIT AND CONTROL PROCESSES TROLYA 2. EXPANDING THE APPLICATION OF THE PROCESS APPROACH IN MANAGEMENT AND INCREASING THE EFFICIENCY OF INTERNAL AUDIT AND CONTROL 5 IMPROVEMENT OF THE MECHANISM OF CORPORATE CONTROL OF FINANCIAL AND ECONOMIC ACTIVITIES OF SUBSIDIARIES AND DEPENDENT COMPANIES OF JSC Russian Railways 3. APPLICATION OF INTERNAL AUDIT STANDARDS IN PRACTICE 6. DEVELOPMENT OF ANTI-CORRUPTION COMPLIANCE SYSTEM S AND SPECIAL PROGRAMS AND PROCEDURES FOR PREVENTION, PREVENTION AND SUPPRESSION OF ABUSE 33

Second practical conference INTERNAL CONTROL AND AUDIT IN RUSSIA: NEW PERSPECTIVES AND OPPORTUNITIES About the system of internal control and audit of JSC Russian Railways Speech by the Director of JSC Russian Railways for Internal Control

IV national practical conference INTERNAL CONTROL AND AUDIT IN RUSSIA Internal audit function: assessment of the internal control and risk management system February 28, 2017 Head of the Center

Accounting, statistics 111 Practice of JSC Russian Railways in building a risk-oriented system of internal control and audit 2014 Ivanov Oleg Borisovich Director of JSC Russian Railways for Internal

CONTENTS: 1. GENERAL PROVISIONS... 3 2. OBJECTIVES OF THE INTERNAL CONTROL SYSTEM... 4 3. PRINCIPLES OF OPERATION OF THE INTERNAL CONTROL SYSTEM... 5 4. PROCESSES OF THE INTERNAL CONTROL SYSTEM... 6 5. SYSTEM STRUCTURE

APPROVED by the Order of the Open Joint Stock Company "Russian Venture Company" dated January 19, 2016 02/16 PLAN for the implementation of anti-corruption measures of RVC OJSC 2 1. Goals, objectives and reasons for planning

Internal control system in OJSC Bank BelVEB and the banking holding company, the parent organization of which is OJSC Bank BelVEB In accordance with the requirements of the legislation of the Republic of Belarus in OJSC

APPROVED by the Decision of the Board of Directors of Mechel Open Joint Stock Company Minutes w/n dated August 19, 2013 Chairman of the Board of Directors / I.V. Zyuzin / Regulations on internal control

54 CONSTELLATION OF THE URAL / REPORT ON THE RESULTS OF ACTIVITIES OF IDGC OF URAL, OJSC FOR 2015 INTERNAL CONTROL SYSTEM The internal control system is an element of the general management system of the Company. SVK covers all areas

“APPROVED” General Director April 29, 2010 Regulations on the Internal Department Ufa-2010 1 1. GENERAL PROVISIONS 1.1. The Internal Department (hereinafter referred to as the “Department”) is a structural unit

Appendix to the order of PJSC RusHydro dated COMPREHENSIVE ANTI-CORRUPTION PROGRAM 1. Introduction 1.1. The basis for the development of a Comprehensive Anti-Corruption Program for PJSC RusHydro

APPROVED by the Decision of the Board of Directors of PJSC TGC-1 Minutes 3 dated October 03, 2016 REGULATIONS on the Internal Audit Service of PJSC TGC-1 1. General provisions 1.1. This Regulation on the Internal Audit Service

APPROVED by order of JSC "USC" dated / b.9b. s^g PLAN at JSC "USC" for 2016-2017 p/n Responsible Term Name of the event executor I. Organizational and legal measures I quarter 1.

APPROVED by the Decision of the Board of Directors of JSC IDGC Holding dated December 29, 2011. (minutes 72) Internal control policy of JSC IDGC Holding Moscow 2011 Contents 1. General provisions.... 3 2. Main

Public Joint Stock Company NOVOLIPETSK METALLURGICAL PLANT APPROVED BY: The Board of Directors of the public joint stock company "Novolipetsk Metallurgical Plant" Minutes 238 of 04/22/2016

APPROVED by the Board of Directors of OJSC NOVATEK (Minutes 170 dated September 1, 2014) with additions and changes approved by the Board of Directors (Minutes 173 dated March 12, 2015, Minutes 184 dated 10

1. GENERAL PROVISIONS 1.1. These Regulations on the organization of internal control of the federal state budgetary educational institution of higher education "Krasnodar State Institute

REGULATIONS ON THE INTERNAL CONTROL SYSTEM OF PJSC GAZPROM 1. GENERAL PROVISIONS APPROVED by the decision of the Board of Directors of OJSC Gazprom dated February 25, 2014 2315 as amended by the decision of the Board of Directors

Chief Auditor of PJSC Rostelecom Anna Lerner Interaction of internal control and internal audit Moscow, February 2017 FIRST LINE OF DEFENSE Business units THIRD LINE OF DEFENSE Audit Commission/

AGREED with the Audit, Information and Shareholder Relations Committee of the Board of Directors of OJSC Irkut Corporation APPROVED by the Management Board of OJSC Irkut Corporation Minutes 36 dated July 26, 2010 Minutes

Description of the internal control system in OJSC Non-banking Credit and Financial Organization Home Credit According to the requirements of the legislation of the Republic of Belarus in OJSC Non-Banking Credit and Financial Organization

APPROVED BY THE Board of Directors of PAO TMK on November 18, 2015 TMK GROUP INTERNAL AUDIT POLICY 1. GENERAL PROVISIONS, BASIC TERMS AND DEFINITIONS 1. 1. GENERAL PROVISIONS This policy defines

APPROVED by the Decision of the Board of Directors of OJSC Raspadskaya dated August 20, 2014. (Minutes uncapped from August 20, 2014) REGULATIONS ON INTERNAL AUDIT OF JSC Raspadskaya 1. GENERAL PROVISIONS 1.1. Department of Internal

APPROVED by the decision of the Board of Directors of PJSC "Magnit" on May 28, 2015, minutes b/n dated "May 28, 2015" REGULATIONS ON THE INTERNAL AUDIT OF THE PUBLIC JOINT STOCK COMPANY "MAGNIT" Krasnodar 2015 Article 1.

APPROVED by the Board of Directors of Mechel OAO Minutes dated December 18, 2006 Chairman of the meeting AGREED BY the Chairman of the Audit Committee of the Board of Directors of Mechel OAO REGULATIONS on the Service

Approved by the decision of the Board of Directors of PJSC Inter RAO dated August 21, 2015 (minutes dated August 24, 2015 152) INTERNAL AUDIT POLICY OF PJSC Inter RAO Moscow 2015 CONTENTS 1. Terms, definitions

APPROVED by the Decision of the Board of Directors Minutes of the meeting dated September 30, 2014 2 Regulations on the Internal Control Service in the Open Joint Stock Company Bashkir Industrial Bank Ufa, 2014 CONTENTS

APPROVED by the decision of the Board of Directors of PJSC GAZPROM dated November 15, 2846 ANTI-CORRUPTION POLICY OF PJSC GAZPROM 1. GENERAL PROVISIONS 1.1. The anti-corruption policy of PJSC Gazprom (hereinafter referred to as the Policy) is

OPEN JOINT STOCK COMPANY "TERRITORIAL GENERATING COMPANY 1" APPROVED BY THE Board of Directors of OJSC "TGC-1" Minutes 15 dated February 11, 2013 REGULATIONS on the Internal Audit Service St. Petersburg

APPROVED by the Decision of the Board of Directors of the Public Joint Stock Company "Mobile TeleSystems" on September 09, 2015, Minutes 238 REGULATIONS ON THE INTERNAL CONTROL SYSTEM OF THE PUBLIC JOINT STOCK COMPANY

APPROVED by the Board of Directors of the Open Joint Stock Company United Chemical Company URALCHEM (Minutes _1_ dated September 17, 2008) REGULATIONS ON THE POLICY OF INTERNAL CONTROL FOR FINANCIAL

APPROVED by the Decision of the Board of Directors of Kubanenergo JSC, minutes dated August 24, 2012 142\2012 Internal control policy of Kubanenergo JSC (new edition) 2012 Contents 1. General provisions... 3

Open Joint Stock Company "Uralkali" APPROVED by the Decision of the Board of Directors of OJSC "Uralkali" (Minutes 269 dated September 11, 2012) for risk management and internal controls of OJSC "Uralkali"

APPROVED by the Decision of the Board of Directors of PJSC NK "RussNeft" on December 24, 2018 (Minutes 19 of December 25, 2018) PUBLIC JOINT STOCK COMPANY OIL AND GAS COMPANY "RUSSNEFT" INTERNAL CONTROL POLICY Moscow, 2018

Approved by the Board of Directors of OJSC NOVATEK Minutes 170 dated September 1, 2014. REGULATIONS ON THE RISK MANAGEMENT AND INTERNAL CONTROL SYSTEM OF NOVATEK OPEN JOINT STOCK COMPANY (new version)

Approved on August 25, 2015 by the decision of the Board of Directors of the Public Joint Stock Company "Cherkizovo Group" (Minutes 25/085d dated August 26, 2015) REGULATIONS ON THE INTERNAL AUDIT OF THE PUBLIC

RUSSIAN INITIATIVES IN THE FIELD OF RMICS, INTERNAL AUDIT MOSCOW 2014 1 TASKS OF THE SHAREHOLDER State program of the Russian Federation “Federal Property Management”, approved by the Decree of the Government of the Russian Federation

CENTRAL BANK OF THE RUSSIAN FEDERATION CONCEPT OF ORGANIZING THE INTERNAL CONTROL SYSTEM FOR NON-CREDIT FINANCIAL ORGANIZATIONS (Approved by the Bank of Russia in 2017. The text of the document is given in accordance with

JOINT STOCK COMMERCIAL BANK "CHUVASHKREDITPROMBANK" (Public Joint Stock Company) Basic license of the Central Bank of the Russian Federation 1280 APPROVED by: Board of Directors of JSCB "CHUVASHKREDITPROMBANK" PJSC Minutes 14 dated November 13

APPROVED by the Decision of the Board of Directors of the Limited Liability Company "Archer Finance" Minutes 6 dated September 22, 2014 REGULATIONS on the internal audit of the Limited Liability Company

Project CENTRAL BANK OF THE RUSSIAN FEDERATION (BANK OF RUSSIA) 2017 Moscow Concept of organizing an internal control system for non-credit financial organizations General provisions This Concept

2015 Federal Agency for State Property Management METHODOLOGICAL INSTRUCTIONS FOR PREPARING REGULATIONS ON THE RISK MANAGEMENT SYSTEM Contents 1. Introduction......2 2. General provisions......l 3.

APPROVED by the decision of the Board of Directors of the Open Joint Stock Company "Belon" Minutes of 2009 Chairman of the Board of Directors of OJSC "Belon" /V.N. Karmachev/ REGULATIONS ON INTERNAL CONTROL OVER FINANCIAL AND ECONOMIC

1. GENERAL PROVISIONS 1.1. These Regulations on internal audit (hereinafter referred to as the “Regulations”) of OJSC “Company M.video” (hereinafter referred to as the “Company”) were developed in accordance with the legislation of the Russian Federation, the Rules

APPROVED by the Decision of the Board of Directors of OTCPharm OJSC dated December 1, 2014 (Minutes 50 dated December 1, 2014) REGULATIONS ON THE INTERNAL AUDIT DIVISION OF OTCPharm OPEN JOINT STOCK COMPANY

Approved at a meeting of the Board of Directors of OJSC GAZKON Minutes 5 dated December 15, 2008 REGULATIONS ON INTERNAL CONTROL OVER THE FINANCIAL AND ECONOMIC ACTIVITIES OF THE OPEN JOINT STOCK COMPANY "GAZKON"

Second practical conference INTERNAL CONTROL AND AUDIT IN RUSSIA: NEW PERSPECTIVES AND OPPORTUNITIES February 27, 2015, Moscow Process approach to organizing and conducting internal audit. (practice

APPROVED by the Decision of the Annual General Meeting of Shareholders of the Open Joint-Stock Company Mineral and Chemical Company EuroChem Minutes dated June 27, 2006 Code of Corporate Conduct of the Open Joint-Stock Company

CORPORATE GOVERNANCE CODE OF PJSC GAZPROM I. GENERAL PROVISIONS APPROVED by the decision of the annual General Meeting of Shareholders of PJSC GAZPROM dated June 30, 2017, minutes 1 1.1. This Corporate Code

APPROVED: by the decision of the Board of Directors of PJSC "MOSTOTREST" (minutes dated December 14, 2015, w/n) REGULATIONS ON THE INTERNAL AUDIT OF THE PUBLIC JOINT STOCK COMPANY "MOSTOTREST" Moscow 2015 Contents 1. GENERAL

Public joint-stock company NOVOLIPETSK METALLURGICAL PLANT APPROVED by the Board of Directors of the public joint-stock company "Novolipetsk Metallurgical Plant" Minutes 236 dated December 22, 2015

APPROVED by the Decision of the Board of Directors of PJSC TGC-1 Minutes 3 dated October 3, 2016 Regulations on the internal control system of PJSC TGC-1 1. General provisions 1.1. Regulations on the internal control system

APPROVED by the Decision of the Board of Directors of OJSC IFC RFA-Invest Minutes 06-13 dated July 19, 2013 Regulations on the Internal Control Service of OJSC IFC RFA-Invest< Гор. Якутск Статья 1. Общие положения 1.1.

Federal State Budgetary Institution of Culture "ALL-RUSSIAN STATE LIBRARY OF FOREIGN LITERATURE NAMED AFTER M.I.RUDOMINO" ORDER Moscow m, oe /6 On approval of the Countermeasures Plan

Project CENTRAL BANK OF THE RUSSIAN FEDERATION (BANK OF RUSSIA) 2016 Moscow Concept of organizing an internal control system for non-credit financial organizations Chapter 1. Control environment. NFO should

APPROVED by the decision of the Board of Directors of PJSC TransContainer, held on May 17, 2016 (minutes 12) (Appendix 7 to the minutes) Deputy Chairman of the Board of Directors / Yu.V. Novozhilov POSITION

“Approved” by the Board of OJSC “VostSibtranskombank” Minutes 25 dated “09” July 2015 REGULATIONS ON ANTI-CORRUPTION in OJSC “VostSibtranskombank” Irkutsk 1. Basic concepts and definitions For the purposes

Approved by the decision of the Board of Directors of OJSC Gazprom on February 25, 2014. 2315 REGULATIONS on the internal control system of OJSC Gazprom 1. GENERAL PROVISIONS 1.1. Regulations on the internal control system of OJSC Gazprom

CENTRAL BANK OF THE RUSSIAN FEDERATION (BANK OF RUSSIA) ORDER May 13, 2016 OD - 1504 Moscow On approval of the Anti-Corruption Plan of the Central Bank of the Russian Federation for 2016-2017

APPROVED BY THE Board of Directors of NOVATEK OJSC (Minutes 192 dated August 26, 2016) POLICY IN THE FIELD OF INTERNAL AUDIT OF NOVATEK OPEN JOINT STOCK COMPANY 2 CONTENTS ARTICLE 1. GENERAL PROVISIONS

APPROVED by the Decision of the Board of Directors of RBC Information Systems OJSC Minutes 31 dated July 23, 2004 Chairman of the Board of Directors / G.V. Kaplun Regulations on the Internal Audit Department of an open joint stock company

JOINT STOCK COMMERCIAL BANK "NOVATION" (OPEN JOINT STOCK COMPANY) Approved by the Board of Directors Minutes dated 01.09.2014 3 REGULATIONS ON THE ORGANIZATION OF THE INTERNAL CONTROL SYSTEM, Maykop, 2014

Approved by the Decision of the Board of Directors of the Open Joint Stock Company "Koks" on August 30, 2010, Minutes w/n dated August 30, 2010 REGULATIONS ON INTERNAL CONTROL OVER FINANCIAL AND ECONOMIC ACTIVITIES

How to differentiate between internal control and internal audit in companies. Is it possible? Director of the Department of Control and Audit Activities of PJSC Rosseti M.A. Lelekova February 28, 2017 SVK I EE

APPROVED by the decision of the Board of Directors of PJSC "Northern Port" (Minutes of the meeting of the Board of Directors 07/15 dated May 19, 2015) REGULATIONS ON THE INTERNAL AUDIT OF THE PUBLIC JOINT STOCK COMPANY "NORTHERN PORT"

“APPROVED” by the Decision of the Board of Directors of PJSC JSCB Primorye Minutes 445 dated April 1, 2016 Chairman of the Board of Directors of PJSC JSCB Primorye S.V. Ponomarenko “AGREED” Chairman of the Board of PJSC