Independent assessment of the corporate system of internal control and risk management

External assessment of the corporate system of internal control and risk management

The Audit Committee of the Board of Directors or the Chairman of the Management Board – General Director may seek an external independent assessment of the corporate system of internal control and risk management by independent third-party experts.

In 2018, no external independent assessment was performed.

Internal assessment of the corporate system of internal control and risk management

The internal assessment of the corporate system of internal control and risk management is performed annually by the Company’s Internal Audit Service to provide the Company’s Board of Directors and the Group’s executive bodies with independent and objective information about the current state of the corporate system of internal control and risk management against its target state and to identify areas for its improvement.

In 2018, RusHydro’s Board of Directors performed an assessment of the corporate system of internal control and risk management.

The assessment relied on the methodology agreed with the Audit Committee of the Board of Directors and designed to assess the current state of the corporate system of internal control and risk management against its target state set by the methodology.

The assessment results were presented in a follow-up report on the operation of the corporate system of internal control and risk management that was reviewed by the Company’s Board of Directors at a meeting held in person and approved by resolution of the Board of Directors on June 21, 2018.

The report revealed that the Company’s corporate system of internal control and risk management had a moderate level of maturity, with elements of both systems being generally in line with the target state set by the assessment methodology as approved by the Audit Committee of the Company’s Board of Directors.

The priority areas for the improvement of the corporate system of internal control and risk management identified by the Board of Directors based on the report findings include updating the model of the Company’s business processes, benchmarking, and revising the Company’s approach to further development of the corporate system of internal control and risk management.