PJSC Tatneft. Annual report 2017
PJSC Tatneft. Annual report 2017

Integrated corporate risk management system and internal control

The Company’s key priority in risk management and internal control is to ensure reasonable confidence in achieving strategic and operational goals, safeguarding assets, complying with legal and regulatory requirements, compliance with information disclosure procedures, and security in all areas of operations.
TATNEFT Group Management Ensuring Business Process Efficiency Business Process Quality Control Management of Corporate Risks Key Elements of Risk Management The mechanism of qualitative assessment of all possible factors that can significantly affect the production and financial operations of the Group and have direct or indirect impact on the day-to-day and strategic operations of the Company The system of uniform corporate standards regulating basic procedures of industrial, financial, and economic activities of TATNEFT Company, its structural divisions, and entities of the Group Risk elimination or mitigation Risk elimination within the framework of schedules Risk detection Internal schedules Risk management Risk management monitoring Monitoring compliance with corporate standards and detecting new risks in business processes and implementing new projects, assessing personal responsibility of corporate officers Production activities Corporate governance

Risk management system

The risk management system (RMS) in the Company is focused on the ISO 31000 standard — Risk Management, which defines principles and guidelines for minimizing potential negative external and internal factors related to the Company’s activities (economic, financial, reputational, environmental, social, etc.), as well as processes to increase the likelihood of achieving goals: more effectively identifying opportunities and threats, as well as more efficient allocation and use of resources when monitoring risks.

Risk management targets

Risk management is aimed at identifying, evaluating and monitoring all significant risks, as well as at taking measures to reduce the level of risks that may have a negative impact on current performance and in the long term.

Principles of risk management

The unity of the methodological base of the Company: the RMS is built on the basis of uniform approaches and standards for all structural divisions and subsidiaries of the Company.

Continuity: RMS operates on an ongoing basis.

Complexity: the RMS covers all areas of the Company’s activities and all types of risks arising within their framework. Control procedures exist in all business processes of the Group at all levels of management.

Accountability: The RMS determines the competence for decision-making and control in the field of risk management at all levels of the Tatneft Group.

Awareness and timeliness of communication: the risk management process is accompanied by the presence of objective, reliable and relevant information.

Rationality: The company efficiently uses resources to implement risk management measures.

Reasonable assurance: the RMS can provide only reasonable guarantees for achieving the goals of the Company, but cannot give an absolute guarantee due to the inherent limitations of the external and internal environment.

Adaptability: RMS is regularly improved to identify all possible risks of activities and maximize the use of risk control and management methods.

Clear regulation: all operations are carried out in accordance with the procedure for their implementation, established by internal regulatory documents.

Management’s active participation: The management of the Company and its subsidiaries and affiliates actively participates and provides support in the implementation and improvement of the risk management system of Tatneft Group.

G4 -14

The principal approach of the Company is to assess the likelihood of a risk event occurring and the priority of preventive measures over reactive ones.

The company adheres to the precautionary principle, which is one of the basic ones in the system of strategic and current planning of activities in all areas. This principle defines a risk control mechanism to prevent the occurrence of risk or its minimization in circumstances beyond the control of the Company.


The Company has identified the most significant potential risks that could affect the Company’s operations, and they are regularly and qualitatively assessed; control is established for each significant risk; measures are being developed aimed at reducing or eliminating their negative impact. Monitoring of the performance and effectiveness of activities.

The Company's risk management system includes processes:

  • identification of risks;
  • planning risk mitigation measures;
  • risk monitoring and control of risk reduction measures.
The risk management policy of the Company and its subsidiaries and affiliates defines the goals, objectives and basic principles of risk management and the functions of the participants in the corporate risk management system, as well as the interrelation (integration) of the risk management process with the strategic and investment planning, planning of operating activities, management human resources and labor relations, supply chain, aspects of industrial safety, environmental and social activities.

In the reporting year, relevant risk management measures were taken. To keep risks at an acceptable level, the Company develops and implements appropriate compensatory measures. To minimize the possible negative impact on the results of the Company’s financial and business operations, part of the risks are insured.

The Company plans to improve the implementation and improvement of the risk management system, in particular, on the regulation of procedures, terminology, forms and procedures for reporting risks — the same for all structural organizations of the TATNEFT Group.

Information on the main risks associated with the Company’s financial and business activities is regularly published in annual and quarterly reports.


The internal control functions are aimed at assisting the executive bodies in improving the efficiency of the Company’s management and in carrying out financial and economic activities. Corporate control functions include methodological support for the Company’s management staff in terms of compliance with tax laws and accounting legislation. This function helps to ensure compliance with laws and reduce tax and financial risks in the Company.

Reliability assurance

G4 -45 G4 -46 G4 -47

Ensuring the reliability and efficiency of the risk management system and internal control is built on three levels:

Board of Directors of PJSC TATNEFT

Audit Committee and Corporate Governance Committee of the Board of Directors
Board of Directors of PJSC TATNEFT
Management, staff

The functions of the Audit Committee include control over the reliability and efficiency of the internal control system and risk management of the Company, as well as monitoring the effectiveness of the warning system about potential cases of unfair actions of employees of the Company and third parties, other violations in the Company’s activities, and monitoring the implementation of measures adopted by the executive bodies of the Company within the framework of such a system, including an assessment of the effectiveness of internal control procedures, and the preparation of proposals on their improvement.

The Audit Committee together with the Corporate Governance Committee:

  • analyzes and evaluates the implementation of the Company’s internal control policy;
  • monitors the Company’s internal control and risk management system, including the assessment of the effectiveness of internal control procedures, and prepares proposals for their improvement;
  • analyzes and evaluates the implementation of the Company’s internal control policy;
  • analyzes and evaluates the implementation of the conflict of interest management policy;
  • discusses the reports of the Company’s auditor, the executive bodies and the Company’s internal audit department on the state of the internal control systems;
  • holds meetings with the executive bodies of the Company to consider material problems of internal control and plans of the executive bodies of the Company to eliminate them;
  • discusses the results of the implementation of measures (corrective measures) taken by the Company’s executive bodies to improve the internal control systems.

The company develops communication mechanisms of the KPI management system with the objectives in the field of risk management and corporate control and internal corporate control.