АКЦИОНЕРНОЕ ОБЩЕСТВО
KAZAKHSTAN ELECTRICITY GRID OPERATING COMPANY
(KEGOC) JOINT-STOCK COMPANY
APPROVED BY
APPROVED BY
Minutes of KEGOC Board of Directors
No. 9 dated 29 December 2010
COMPANY STANDARD
KEGOC POLICY ON CORPORATE
RISKS MANAGEMENT
СТ KEGOC 00-202-10
Copy No. ___
Revision 2
Effective date 29 December 2010
Astana
СТ KEGOC 00-202-10
Revision 2
Table of Contents
1 Scope of Application
2 Regulatory References
3 Terms and Definitions
4 Designations and Abbreviations
5 Responsibility and Authority
6 General Provisions
7 Goals, Tasks and Principles of Risk Management System
8 Model of Risk Management System
9 Processes of Risk Management System
10. Reporting
11 Policy Management
Appendix 1. Approval Sheet
Appendix 2. Acknowledgement Sheet
Appendix 3. Revision Record Sheet
Appendix 4. Regular Check Record Sheet
3
3
3
3
4
4
5
6
7
8
9
10
11
12
13
This Company Standard may not be fully or partially reproduced, duplicated or
distributed without permission of the Representative of KEGOC IMS Management.
Unauthorized copying of the document is forbidden
page 2 out of 12
СТ KEGOC 00-202-10
Revision 2
1 Scope of Application
1.1 This Company Standard (hereinafter referred to as the Policy) establishes
the Corporate Risks Management Policy for Kazakhstan Electricity Grid Operating
Company - KEGOC (hereinafter referred to as KEGOC) to regulate processes and
procedures of KEGOC Risk Management System.
1.2 This Policy shall be applied by all structural units, branches and employees
of KEGOC.
1.3. KEGOC affiliates shall independently elaborate the Policy, procedures and
instruments for risks management based on and subject to the provisions of this
Policy.
To ensure the unified approaches to the management of general risks inside the
Company KEGOC coordinates the development of Risk Management System in
branches and affiliates.
2 Regulatory References
This Policy refers to the following documents:
KEGOC Long-Term Development Strategy until 2025;
СТ KEGOC 00-101-10 Corporate Standard. Document Management;
Р СУР KEGOC 00-200-14-СД Guideline. Risk Management System.
3 Terms and Definitions
This Standard uses terms in accordance with the internal documents of
KEGOC as well as the following terms with respective definitions:
3.1 Risk: Any possible event or action that if occurred may affect the
achievement of KEGOC objectives and may infringe the successful implementation of
its strategy.
3.2 Risk Owner An entity (employee/structural unit) whose job duties
envisage responsibility for all aspects of a certain risk management, in particular for
mitigation of the probability of risk occurrence and/or mitigation of possible
influence of consequences caused by risk occurrence on KEGOC.
4 Designations and Abbreviations
This Policy uses the following abbreviations:
KEGOC - Kazakhstan Electricity Grid Operating Company joint stock
company;
CDD – Corporate Development Department;
RMS – Risk Management System.
Sole Shareholder – Samruk-Kazyna Sovereign Wealth Fund.
Unauthorized copying of the document is forbidden
page 3 out of 12
СТ KEGOC 00-202-10
Revision 2
5 Responsibility and Authority
5.1 This Policy shall be approved by the decision of KEGOC Board of
Directors.
5.2 Control over implementation of the requirements indicated in this Policy
shall be performed by the Deputy Chairman of the Management Board - Corporate
Governance.
5.3 Responsibility for compliance of the Policy requirements with the
requirements of laws and regulations of the Republic of Kazakhstan, regulatory
documents shall be borne by the Head of CDD.
5.4 Responsibility for management of this Policy shall be borne by the Senior
Manager for corporate development and risk management, CDD.
4.3 Heads of KEGOC structural units, including branches and affiliates shall be
responsible for performance of the requirements stated herein.
6 General Provisions
6.1 This Policy of the Corporate Risk Management was elaborated in
accordance with the legislation of the Republic of Kazakhstan, requirements of the
Sole Shareholder, KEGOC Long-Term Development Strategy until 2025 and
international best practices and risk management standards.
6.2 The Policy is aimed at minimization of adverse effect of the threats which
may influence the achievement of objectives and implementation of tasks stated in
KEGOC Long-Term Development Strategy until 2025. Risk management process in
KEGOC has a preventive character, and shall be carried out in the whole company
and under the control and with the direct participation of the top management of the
company.
6.3 The Policy does not guarantee absence of losses or successful performance
of KEGOC, it ensures strategic advantages allowing intensifying the certainty in
achievement of strategic and operational objectives, defines responsibility, ensures
transparency and feasibility of the decisions made, enables tracing and timely
response to the changes and tendencies in the external environment.
6.4 This Policy defines the directions for development of RMS, regulates the
major processes of this system and maintains the adequate level of risk-management
structure.
6.5 The clause was excluded.
6.6 Risk management is an essential part of doing business. Each structural
unit and employee of KEGOC and its branches and affiliates when performing their
functions or implementing the assigned tasks shall follow the requirements stated
herein.
7 Goals, Tasks and Principles of Risk Management System
Unauthorized copying of the document is forbidden
page 4 out of 12
СТ KEGOC 00-202-10
Revision 2
7.1 RMS objective: The main objective of risk management in KEGOC is to
ensure continuous activity through hedging the influence of inner and outer adverse
effects on KEGOC operations.
7.2 RMS tasks:
- elaboration and application of uniform and consequent approaches to risk
identification, assessment and management in KEGOC, simplification of a procedure
for risk information sharing vertically (management) and horizontally (experience
exchange);
- dynamic response to occurring risk events, tracking of changes in inner and
outer environment;
- arrangement of a task-oriented risk management activity to ensure their
decrease down to the acceptable level or transfer to the third parties (outsourcing,
insurance, hedging) or risk aversion;
- systematization and further accumulation of information on risks in KEGOC,
increase of KEGOC manageability;
- improvement of KEGOC's competitiveness and achievement of the assigned
strategic objectives through improvement of RMS performance.
7.3 Basic RMS Principles:
- engagement of KEGOC’s executives in risk management;
- continuous improvement of the risk management system;
- continuous learning and knowledge sharing by the company employees in
risk management sphere;
- transparency and integrity in submitting reports and risk escalation.
8 Model of Risk Management System
8.1 Organizational Structure of RMS in KEGOC is shown in Figure 1.
Unauthorized copying of the document is forbidden
page 5 out of 12
СТ KEGOC 00-202-10
Revision 2
Fig. 1 - Organizational Structure of RMS in KEGOC
8.2 To assign the roles and duties on timely risk identification and management
a cooperation model was elaborated based on the concept of three levels of RMS:
8.2.1. Board of Directors and Internal Audit Service
The Board of Directors is responsible for efficient functioning of three lines of
protection, improvement of the RMS, and maintaining the risk tolerance level.
The Internal Audit Service is responsible for the regular audit of the RMS and
submission of the independent opinion to the Board of Directors/Audit Committee.
8.2.2. Management Board and structural units.
Management Board is responsible for development, maintaining and use of the
procedures for risk management, creation of an efficient risk management system in
the Company, and determination of the resources required for implementation of the
most critical risks management plan. Members of the Management Board use the
information on risks when making the managerial solutions.
Structural units are the risk owners and bear the responsibility for the timely
risks identification, analysis, management, preparation of proposals for risks
mitigation and the report on the Company's key risks.
8.2.3. Risk Committee and the structural unit responsible for the risk
management.
The role of the Risk Committee is to preliminary review and prepare the
recommendations for the Management Board to make decisions on the Company's
risk management.
The structural unit responsible for the risk management bears the responsibility
for development of the RMS, clarification of the internal and external requirements,
rendering of the consultant support to the structural units with regard to the risk
management issues.
Also to ensure the successful implementation of the Corporate Policy for Risk
Management the structural unit responsible for the risk management together with the
Internal Audit Service can hold regular checks in order to identify the level of
efficiency of the measures on risk mitigation.
9 Processes of Risk Management System
9.1. RMS consists of the following components and processes:
- Internal environment. Internal environment determines the environment
of the organization and provides for the preparation of the documents stipulating the
policy and minimum requirements with respect of the risks, internal culture
improvement, ethical values enhancement, understanding of risk management,
behaviour, processes and practices at all stages of the organization as an integral part
of day-to-day operations.
- Determination of goals. Potential risks identification process shall be in line with
the Company's goals. Corporate risk management makes it possible to ensure that the
Unauthorized copying of the document is forbidden
page 6 out of 12
СТ KEGOC 00-202-10
Revision 2
organization has a process of goals and tasks setting, which are in line with the
mission and correspond to its risk appetite.
- Risk identification. This process determines the internal and external
events which can influence the Company's goals achievement.
- Risks assessment. Risks are analysed in terms of probability of occurrence
and influence as a basis to decide on their management. Risks are assessed on a
qualitative and a quantitative basis.
- Risk management. This process determines the methods to response to the
risks (to avoid, hold, control or postpone) and preparation of the action plan in line
with the risk tolerance level of the company.
- Monitoring and control means the continuous monitoring of the risk
management system integrity, and its amendment as required. Monitoring is
performed on a continuous basis or based on selected assessment; or both methods
are used.
- Control. It is a set of policies and procedures which provide for the risk
management system functioning.
- Information and communication means the required information
submitted by the structural units for KEGOC risk management report.
- Monitoring means the process to monitor the risk management system
integrity on a regular basis, and to be amended if required. Monitoring is performed
on a continuous basis or based on selected assessment.
9.2. Detailed description, structure and procedures of the RMS are given in the
Guideline for the Risk Management System.
10. Reporting
10.1. The Company provides for a permanent information interchange between
the RMS levels in order to raise the risk awareness, develop the risk-culture and
efficient risk management. The reporting of the risks provides every level of the
management with a certain scope of timely information according to the approved
form.
10.2. KEGOC introduces the following system of reporting on the risk
management:
- every quarter before the 12th day of the month following the reported period
the structural units who are the risk owners shall submit the reports on risks to the
structural unit responsible for the risk management in accordance with the Guideline
for the Risk Management System KEGOC 00-200-14-СД;
- structural units/branches and affiliates (risk owners) shall submit the
information on the occurred risks to the structural unit responsible for the risk
management within five business days from the day of risk occurrence (and within
five business days from the day of conclusion of investigation) in the form of the
Report on the risk occurred;
- structural units responsible for the risk management in accordance with the
Guideline for the Risk Management System KEGOC 00-200-14-СД. Based on the
Unauthorized copying of the document is forbidden
page 7 out of 12
СТ KEGOC 00-202-10
Revision 2
information submitted by the structural units who are the risk owners, the risk
management system prepares and submits the report on risks to the Risk Committee,
Management Board, and Board of Directors on a quarterly basis.
At the year-end, the Internal Audit Service prepares the Report on the RMS
efficiency to the Board of Directors.
11 Policy Management
11.1 The Policy shall be managed in accordance with the corporate standard
СТ KEGOC 00-101-10.
11.2 The Policy shall be approved by the First Vice-President, Vice-President
for Operations, Vice-President for Corporate Governance, Management representative
for IMS, managing directors for system services and MTS, economics, NPG
development, legal support and security, branches and affiliates, Head of Legal
Department, Head of Internal Audit Service by making a record in the Approval Sheet.
Prepared by:
Senior Manager for
Corporate Development and
Risk Management - CDD
signed
7 Nov 2010 Zh. Zhumabayeva
(signature)
Unauthorized copying of the document is forbidden
(date)
page 8 out of 12
СТ KEGOC 00-202-10
Revision 2
Appendix 1
to the Corporate Standard.
Policy for Corporate Risk
Management
Ф. СТ KEGOC 00-101-01
Position
First Vice President
Vice President for Corporate
Governance
Vice President for Operations
Managing Director for System
Services and MTS
Managing Director for Legal
Support and Security
Managing Director for
Economics
Managing Director for NPG
Development, Advisor for
Corporate Development
Managing Director for
Branches and Affiliates
Head of Legal Department
Head of Corporate
Development Department
Head of Internal Audit Service
Approval Sheet
Name
Date
S. Ospanov
11 Nov 2010
Zh. Beksary
10 Nov 2010
Signature
signed
signed
B. Kazhiyev
V. Li
9 Nov 2010
7 Nov 2010
signed
signed
K. Zhakipbayev
7 Nov 2010
signed
A. Botabekov
7 Nov 2010
signed
V. Ossochenko
7 Nov 2010
signed
A. Akmurzin
7 Nov 2010
signed
M. Auezova
Ye. Akhmetov
8 Nov 2010
7 Nov 2010
signed
signed
O. Yessetov
23 Nov 2010
signed
Unauthorized copying of the document is forbidden
page 9 out of 12
СТ KEGOC 00-202-10
Revision 2
Appendix 2
to the Corporate Standard.
Policy for Corporate Risk
Management
Ф. СТ KEGOC 00-101-02
Acknowledgement Sheet
Position
Name
Unauthorized copying of the document is forbidden
Date
Signature
page 10 out of 12
СТ KEGOC 00-202-10
Revision 2
Appendix 3
to the Corporate Standard.
Policy for Corporate Risk
Management
Ф. СТ KEGOC 00-101-03
Revision Record Sheet
No. of
notification
being the
basis for
introducing
an
amendment
1
Sheet No.
amende
d
replace
d
new
cancelled
2
3
4
5
Notification
No. 125
4
СТ 00-20210/167
3, 8
No. 251
3-8
Full name
of the
person
introducing
the
amendment
s
6
S. Murat
Signature
of the
person
who made
amendmen
ts
Date
of
amendme
nts
7
8
S. Murat
18 Feb
2011
A.
Issabekova
A.
07 Sep
Issabekov 2012
a
A.
A.
19 Jun
Abdymanap Abdymana
2014
ova
pova
Unauthorized copying of the document is forbidden
page 11 out of 12
СТ KEGOC 00-202-10
Revision 2
Appendix 4
to the Corporate Standard.
Policy for Corporate Risk
Management
Ф. СТ KEGOC 00-101-04
Regular Check Record Sheet
Date
of
check
1
05 Jan
2011
06 Jan
2012
10 Jan
2013
13 Jan
2014
10 Jan
2015
Full name of the
person
who performed
checks
2
Signature of a
person
who performed
checks
3
Comments
4
Zh. Zhumabayeva
Zh. Zhumabayeva
No changes need to be made
Zh. Zhumabayeva
Zh. Zhumabayeva
No changes need to be made
Zh. Zhumabayeva
Zh. Zhumabayeva
No changes need to be made
Zh. Zhumabayeva
Zh. Zhumabayeva
Zh. Zhumabayeva
Zh. Zhumabayeva
Changes required pursuant to KPMG
recommendations
No changes need to be made
Unauthorized copying of the document is forbidden
page 12 out of 12