He has been in charge of the Service since 2012. Member of the International Institute of Internal Auditors (IIA). He holds an international certificate of internal auditor CIA, a Diploma of the International Institute of Audit and Management IFA (DipIFA), an international certificate of CAP ECCBA.
In the conditions of modern economic situation When both the external and internal environment of the Company are faced with the widest range of risks, we are aware of the importance of the role of internal audit in achieving the strategic goals of the Company. Today, the internal audit of the Company is an effective tool designed to identify opportunities to improve the efficiency of the Company's activities.
Our Internal Audit Team consists of qualified and experienced professionals.
The activity of the Internal Audit Service is based on International Foundations professional practice of internal audit and is recognized as compliant with the International Standards for the Professional Practice of Internal Auditing.
Applying our skills and knowledge, we bring value to the Company by providing independent and objective guarantees and advice aimed at improving risk management systems, internal control and corporate governance in the Company and its SDCs.
The Service is functionally accountable to the Board of Directors of the Company, administratively - to the Management Board of the Company. The activities of the Service are supervised by the Audit Committee. The head and employees of the Service are appointed by the Board of Directors.
In 2016, the number of the Service was 7 people.
Internal auditors carry out continuous professional development on an ongoing basis. Thus, the employees of the Service hold an international certificate of internal auditor CIA, diplomas of the International Institute of Audit and Management IFA (DipIFA), an international certificate of CAP ECCBA, diplomas of the Institute of Financial Managers of Great Britain (DipPIA and DiPCPIA).
The main functions of the Internal Audit Service are:
Annual risk-based audit plans are reviewed and approved by the Board of Directors of the Company.
All scheduled audit assignments were completed in full.
When exercising its functions, the Service confirmed to the Board of Directors its independence from the influence of any persons.
KPI of the Service and its head are established taking into account the strategic goals of the Company. The Board of Directors of the Company assessed the activity of the Service as “effective”.
The Service is an authorized body for the consideration, monitoring and control over the consideration of applications received by the Company's trust mail. In 2016, 45 applications were received and considered.
This article was written for a specialized magazine several years ago, but the publication unexpectedly closed. The text has been adjusted in accordance with the new wording of the International Standards for the Professional Practice of Internal Auditing. It is assumed that even today it has not lost its relevance and practical significance regarding the issues of presenting the results of internal audit.
Presenting the results of an audit, in other words, writing an audit report, often turns into a real test for internal auditors. The requirements for the presentation of the material, report formats, the list of their recipients are individual for each company. The company itself decides what the report of its internal audit service should be. For one company in the audit report, it is enough to indicate in one sentence that such and such an internal regulation has been violated, and the guilty person will be fired from work. For the other, reasonable arguments are needed that it is precisely as a result of the identified shortcomings in control that the company loses profits, assets, does not fulfill plans, etc.
So, the initial data: two large oil companies- public American (let's call it WorldWideOil, abbreviated as WWO) and Russian (let's call it PetrolUnion, or PU). Both operate worldwide, both strive for growth in capitalization and expansion of activities. The securities of an American company are listed on the New York stock exchange(NYSE), Russian shares - on the London (LSE). In both companies, internal audit services are approximately equal in number. The PU Internal Audit Service was formed in 2002. WWO Internal Audit is much older, but in the same 2002, as a result of major mergers conducted by WWO, its Internal Audit Service underwent significant changes and was actually created anew.
International Professional Standards for Internal Auditing. Standard 2060 Reporting to Senior Management and the Board
The head of internal audit should report periodically to senior management and the board on the objectives, powers and responsibilities of internal audit, and on the progress of the work plan. The report must also contain information about significant risks and control issues, including fraud risks, corporate governance issues, and other information required by senior management and the Board.
Ideally, it is believed that the internal audit service should have dual accountability: functional - to the board of directors, more precisely, its audit committee, and administrative - to the head of the organization or another head (financial director, controller ...) with the appropriate level of authority in order to ensure daily activities of the internal audit service. It is generally accepted that accountability to the audit committee of the board of directors ensures the independence of the internal audit function.
In the companies under consideration, the situation is as follows.
Administrative accountability:
WWO: The Auditor General (as the head of internal audit is called) reports to the First Vice President of Finance (CFO). That is, all issues related to the day-to-day activities of the internal audit service are resolved through the CFO.
PU: The Vice President (Head of Internal Audit) reports and reports directly to the President of the company.
Functional accountability:
Under this line of accountability, the internal audit functions of both companies report periodically to their audit committees. In addition, the head of the internal audit service of the PU reports quarterly on the results of its work to the company's board.
Both companies are trying to follow the requirements of the 2060 standard. In PU, the frequency of reports to the audit committee is not established, it is arbitrary, it depends entirely on the work plan of the committee, which indicates the number and timing of consideration of issues related to internal audit. Special type form report has not been developed. The reports contain general information on the nature of the identified deficiencies, including significant risks and control issues, as well as information on the number of inspections carried out.
The WWO Auditor General reports regularly to the Audit Committee during the year: 5-6 times during the year reports are submitted on the progress of the annual plan (in the form of a diagram - status report) and once - a report on the work of the internal audit service for the year (in the form of a report ).
The report on the work of the internal audit service for the year contains information on:
Reports on the progress of the implementation of the annual audit plan are submitted in the form established by the internal audit service and agreed with the audit committee. They contain information:
Schematically, it looks like this:
The status has three states: completed, in progress, due date overdue. In the report, these states are reflected in the colors of the "traffic light", respectively: green, yellow and red dots.
Information for progress reports on the implementation of the annual audit plan is collected from reports on the results of specific audit engagements. The information is shown objectively, but at the same time “dosed”. What does it mean? This means that all participants in the process, including members of the board of directors, should not be embarrassed; information about shortcomings is not inflated to the size of a “universal catastrophe” (as, for example, modern Russian television likes to do), negative is not pumped up. Everything is business-like: something is discovered, we plan to do something to improve it, something has already been done or something has not been done.
One can recall the case when once the head of the internal audit service of PetrolUnion, subordinates prepared a report to the audit committee in the form in which a report is usually made at a board meeting: biting phrases about the outrageous things that are happening, predicting the consequences of hypertrophied sizes - in a word, a picture of a real Apocalypse.
Can't do without an explanation.
It is one thing to bring information in this form to the members of the board (the executive body of the company), who are required to adequately respond to internal audit signals, and therefore, “the more terrible the story, the calmer the audit conscience”, and another thing to the members of the audit committee, who are called upon to perform supervisory, but not administrative functions.
Group of standards 2400-2440 "Disclosure of results".
Internal auditors should report the results of completed assignments.
Results reports should contain definitions of the objectives, scope, and scope of the engagement, as well as related conclusions, recommendations, and action plans.
Messages should be accurate, clear, objective, clear, constructive, concise and timely.
The CAE should communicate the results of the engagement to the relevant parties.
WWO's standard audit report template has evolved at certain stages in the development of the internal audit function. Now it is defined by the corporate regulation of internal audit and the audit report is as follows:
Rice. one. Audit report of oil and gas producing subsidiary WorldWideOil
In fact, the report is the conclusion of the WWO internal audit on the state of the internal control system of those areas of the enterprise or structural unit that have been audited. The conclusions are summarized briefly.
As a rule, the auditor's report itself occupies one page. As part of the audit report in without fail Three applications are included:
BUT. Assessment of control in each focus area (see Figure 2);
AT. List of control deficiencies identified as a result of the audit;
FROM. Description of control deficiencies and management action plan to address them (see Figure 3).
Rice. 2. Exhibit A to the Audit Report of an Oil and Gas Production Subsidiary of WWO
Explanation for fig. 2 (Appendix A). The internal audit of WWO uses four assessments of control: positive - effective, reliable; negative - in need of improvement, weak. Appropriate criteria are defined for each assessment. For example, the rating "reliable" corresponds to the level of control that can be provided with protection against material losses, distortions and errors, non-compliance with company policies. At the same time, the highest positive rating can be assigned to the control, even if certain shortcomings are revealed in it by audit testing, but only on condition that these shortcomings do not lead to a distortion of the reporting and do not violate the security of the information systems used.
Control is assessed as “weak”, the shortcomings of which are significant: important control procedures are ignored, not performed or objects of audit are not defined by management at all, which leads to high risks of financial losses, leakage of confidential information, non-compliance with company policies.
Appendix B is actually the content of Appendix C, i.e. it simply lists in order all identified control deficiencies.
Rice. 3. Appendix C to the Audit Report of an Oil and Gas Production Subsidiary of WWO.
Appendix C When describing control deficiencies, internal auditors are guided by the WWO Internal Audit Regulations, according to which the description of “weaknesses” should be short and precise (usually 2-3 sentences for each example). Minor remarks are not included in the report. It is mandatory to indicate which control procedures should be carried out, what risks the identified shortcomings lead to, which specific WWO internal control standards and provisions of other local regulations of the company are not complied with. The draft audit report is prepared by the head of the audit (working) group (Lead Auditor, Auditor In-Charge). Deadline - by the last day of the audit "in the field", by the final conference with the audited object. The draft report is sent to the management of the audited entity for final approval and inclusion in Appendix C of the Management Action Plan to eliminate deficiencies (Action Plan), in which managers set out actions to correct the situation. This part of the audit report should also be clearly articulated. It indicates the persons responsible for the implementation and the timing of the elimination of deficiencies. The implementation of the Plan is monitored by the internal audit service, including during subsequent audits.
Due to the fact that information on corrective actions is agreed with the management of the audited entity and included in the audit report, no administrative documents are issued based on the results of the audit (orders, instructions, including those at the corporate level).
The deadline for preparing the final version of the audit report in WWO is one of the indicators (metrics) for evaluating the work of the internal audit service. The goal is 14 days, but in fact, the final versions of the reports are ready on average ten days after the completion of the review!
An audit report can be generated using a special computer program (for example, TeamMate), which allows you to automatically group auditors' comments into an audit report form. But in practice, the wording of comments, their composition is largely determined by the manager of internal audit in the direction of the company, based on the results of the meetings and the opinion of all members of the audit team. Comments not included in the report are included in the audit discussion memorandum, which is also considered at the final conference with auditee managers. All deficiencies noted both in the audit report and in the memorandum are subject to unconditional elimination.
The WWO Internal Audit Policy defines the list of recipients of audit reports. These are:
At the discretion of the head of the audit team, managers of all levels, including vice presidents and executive vice presidents with relevant functional responsibilities (finance, information technology, logistics, etc.), may also be included in the mailing list.
Reports are sent to the first head of the WWO only for those audits, according to the results of which the control is rated as “weak”! Before that, they are mandatory reviewed by the General Auditor.
In other cases, the responsibility for the quality of the report lies with the managers of the internal audit service.
PU: In PU, as well as in WWO, internal audit regulations have been developed. These are both corporate standards for internal audit and standards (at the level of methods) for conducting audits in areas of activity (business segments), which contain, among other things, the requirements for the formation of an audit report. So, for example, according to the corporate standard, the statement of the results of the audit assignment should include observations, conclusions (opinion), recommendations and an action plan. Observations should represent facts relevant to the audit engagement. Observations necessary to clarify (prevent misunderstanding) the conclusions and recommendations of internal auditors should be included in the final presentation of the results of the audit engagement.
PU audit reports are very voluminous, have a lot of applications, and essentially document the progress of the audit engagement. They are not easy to read, let alone write! ..
The difficulty also lies in the fact that the PU internal audit service includes in the report recommendations for eliminating deficiencies, including those for top managers of the company. These recommendations are formalized as administrative documents (orders, instructions), which require the approval procedure within the company and have a significant impact on the duration of the final report preparation process.
The requirements set by the head of the PU internal audit service for the quality of audit reports are also understandable: the president will read them! In fact, each report is the “face” of the service. (Very responsible.)
In conditions when any internal audit service objectively cannot be 100% staffed with highly qualified specialists, the quality of the audit report is directly dependent on the amount of time spent on writing it. There is no need to talk about 10 days per report! Sometimes the process drags on for several months, and one of the main qualities of the audit report is lost - its timeliness.
However, is it worth nodding to PetrolUnion, when such a situation was quite recently characteristic of the internal audit services of very large international companies.
All audit reports are sent to the president of the company, as the head of the internal audit service reports and reports directly to him. After consideration, the president decides to distribute the audit report, i.e. determines the circle of persons to whom the results of the audit engagement are communicated.
Which reporting option is best? You will have to decide on your own. The statistics are as follows: having an approximately equal number of objects in the audit base (over 500 for each company), WorldWideOil's internal audit service conducts about 120 audits per year, PetrolUnion's internal audit - a little more than thirty. And the deadline for preparing the final version of the audit report, of course, is not the only one, but very important factor to explain this difference. It would seem that the conclusion is obvious - to urgently change the procedure for presenting the audit results, simplify the structure of the report and not send it to the first person of the company (or send it only in exceptional cases). But here it is worth thinking about one scrupulous moment.
Let's imagine the work of internal audit in the conditions of a more or less well-functioning system of internal control, risk management, and corporate governance. This is when the remarks in the audit report may sound something like this: "no confirmation is provided that the reconciliation of accounts for March was carried out in the prescribed manner." In fact, this is a serious violation for the internal control system, and managers of various levels are well aware of this. And the most severe measures will be taken against the guilty. But this is ... a working moment. It is inconvenient to go to the very top with such remarks. And what happens? The work is debugged nowhere better, but this is not appreciated, since meetings with top management are extremely rare, and, as they say, “falling out of the cage” occurs over time. Therefore, it is a paradox: the better the results of the work, the more clearly the whole mechanism works, the more vulnerable the position is over time, and this is both a loss of authority and far-reaching conclusions.
Sometimes, this seems to be what actually happens. True, this does not apply to the above companies.
And in conclusion. Theoretically, the processes of formation and presentation of the results of the completed audit assignment in PetrolUnion and WorldWideOil do not have fundamental differences, since internal audit in both companies complies with International Professional Standards. In practice, these differences are significant. The reason lies in the different tasks facing internal audit services at the current stage of development of companies.
The primary task of PetrolUnion's internal audit is to create modern system corporate governance through recommendations (including top management) developed based on the results of audits, and systematic monitoring of their implementation.
In WorldWideOil the situation is as follows. The external environment (primarily the market valuable papers). How? First of all, the existence of relevant legislation. Internal audit today mainly checks the compliance of the control actions of managers and executors with the adopted regulations, which is fully consistent with the requirements of the Sarbanes-Oxley Act. Under such conditions, it is easier to standardize both the audit process and the process of reporting audit results. The WWO internal audit does not make recommendations based on the results of the audit. Conformity international standard 2130 is achieved by providing consulting services to subsidiaries and structural divisions, i.е. analysis to develop recommendations. However, the number of such projects per year is very small, and now the WorldWideOil auditors themselves complain about the decrease in efficiency, the impossibility, due to lack of time, to pay more attention to identifying new risks and preparing recommendations aimed at improving the company's efficiency.
Obviously, there is no single recipe, but there is a main principle: do not stop there, constantly strive to improve and improve methods and processes.
No one disputes the undoubted benefits. Properly conducted control within the company allows you to eliminate errors and shortcomings, increase efficiency and discipline employees. This form of activity of the organization, like many others, requires documentary work.
The IA report is one of the mandatory control documents that reflects data based on the results of an internal audit. The information contained in it should reflect the control data, its results and specific proposals. This document is an important link in the process of eliminating deficiencies and violations, as well as in the analysis of the effectiveness of work processes.
When checking a narrow part of the company's work processes, the report can be quite modest. Especially if the audit did not reveal any serious deficiencies. The global audit has a larger report form, but this document is also the main form of the control carried out.
This video will tell you about the report on internal audit:
Simply writing an IA report indicating the identified shortcomings only highlights the errors. Such a report does not contain complete information and cannot be considered a useful document. A well-written report solves much more problems than simple informing.
A correct report solves the following tasks:
Based on various audit reports, correction of errors or final approval of the company's strategy is acceptable.
This document is essentially a confirmation of the correct organization of work and the correct course of the enterprise.
The main criteria for the rules for compiling a report are qualitatively presented information. A correct internal audit report must meet the 7 requirements for the correctness of reporting information. Messages in reports should be:
Based on these rules, the form of the internal audit report should also be based. Despite the fact that the IA report is an official document of the organization, there is no single form for its preparation. Each company has the right to use a convenient format for presenting information, depending on the scope of the report and the purpose of its preparation.
The form of the report on the results of the internal audit of the QMS will be considered below.
This video contains more useful information about the internal audit report:
When writing a report, you need to understand that this document does not apply to all areas of the organization, but only in the area of the issues under consideration. Therefore, regardless of the chosen form of the document, it should reflect 3 main parts:
The introductory part of the audit report indicates the data of the enterprise and information about the object of control. It also provides information on the timing of the audit and the main issues that have been audited. The analytical part of the document implies the inclusion of all identified shortcomings and nuances, and should also contain indications of the advantages identified as a result of control. The final part contains conclusions and recommendations.
An example of filling out a report on the results of the implementation of internal financial audit
Report on the results of the internal financial audit - 1
Report on the results of the internal financial audit - 2
Report on the results of the internal financial audit - 3
Report on the results of the internal financial audit - 4
Report on the results of the internal financial audit - 5
Report on the results of the internal financial audit - 6
Internal audit report binding document. Without its compilation, the entire activity of the VA practically loses its meaning. The form of its compilation is arbitrary, and the content should be extremely concise and complete. Compiling a report on a narrow scope of audit is quite simple, and the ability to correctly generate data for all company activities comes with experience.
The internal control and audit of the VTB Group operates on the basis of the best world practices and fully complies with both the requirements Russian legislation, as well as legislative and regulations countries where the Group operates. The order of interaction and subordination of the elements of the internal control system provides the necessary level of their independence, which allows the entire system to function as efficiently as possible.
VTB Group's internal control system ensures:
The Steering Committee of the VTB Group has a coordinating Commission for Internal Control and Audit, which ensures the effective functioning of the internal control and audit system in the Group, as well as the practical interaction of relevant specialized specialists.
The main tasks of internal control and audit of VTB Group are:
Internal control and audit of VTB Bank
In accordance with the Charter of VTB Bank, the system of the Bank's internal control bodies includes:
Audit Committee
The Supervisory Board of VTB Bank is responsible for the proper functioning of the internal control system. For a full-scale analysis and maintenance of an effective internal control system, the Audit Committee operates in the structure of the Supervisory Board.
More detailed information the composition of the Audit Committee and its activities is contained in the Supervisory Board section.
Audit committee
The Audit Commission controls the financial and economic activities of VTB Bank. The Audit Commission checks the Bank's compliance with legislative and other acts regulating its activities, the establishment of internal banking control, the legality of the operations performed by the Bank (through a complete or selective audit). The Audit Commission is elected at the annual General Meeting of Shareholders of the Bank, which determines its number and composition for the period until the next Annual General Meeting of Shareholders.
In accordance with the decision of the annual General Meeting of Shareholders of the Bank held on June 19, 2014, a representative of VTB minority shareholders entered the Audit Commission for the first time. The shareholders elected the following members of the Audit Commission:
In connection with the election of a new composition of the Audit Commission by the annual General Meeting of Shareholders, the following members of the Audit Commission left the Audit Commission in June 2014:
In 2014, no remuneration was paid to the members of the Audit Commission of the Bank.
More information about the Bank's Audit Commission can be found on the VTB Bank website at: http://www.vtb.ru/ir/governance/control/revission_commition/.
Internal Audit Department
To assist authorities in providing effective work VTB Group, the Bank has an Internal Audit Department (IAD). DVA monitors the internal control system, audit checks and provides independent advice on improving banking and control procedures.
DVA is an independent structural subdivision of VTB Bank and is directly accountable to the Supervisory Board. The Supervisory Board approves the work plans of the AIA, controls their implementation, considers the reports of the AIA on the results of audits and monitoring of the internal control system, as well as on the implementation of the recommendations of the AIA to eliminate the identified deficiencies.
The structure of the DVA includes divisions responsible for current monitoring, coordination of internal control systems in the Group, and audits. In order to improve the effectiveness of monitoring the internal control system in the Bank's regional network, a part of the DVA employees work on a permanent basis in the territorial divisions of VTB.
The competence of the Internal Audit Department includes:
The AAD interacts with the Audit Committee and the Bank's external auditors to provide information on the internal control system, as well as the main deficiencies identified by the Department during the audited period.
Compliance control
The main objectives of the VTB Group compliance control system are:
The functional coordinator for compliance for VTB Group companies is the Compliance Control Department of VTB Bank.
Under the VTB Group Management Committee, the Coordinating Commission for Compliance and Internal Control has been established and is functioning in order to combat money laundering and the financing of terrorism.
In 2014, the Coordinating Commission held two in-person and five absentee meetings on compliance and internal control in order to combat money laundering and terrorist financing, as well as two internships and three round tables with the participation of representatives of VTB Group companies.
The main requirements for the organization of the compliance system, the standards and principles of its functioning in the VTB Group, the distribution of powers and areas of responsibility are enshrined in the Group's internal documents. In 2014, in order to reflect the new requirements of the Bank of Russia for internal (compliance) control, VTB Group updated the following compliance documents:
External Auditor
To conduct an audit and confirm the reliability of the annual financial statements, VTB Bank engages an independent professional audit organization - an external auditor.
In accordance with the current legislation, the choice of the auditor is carried out on the basis of an open competition. The procedure for holding the tender is regulated by Federal Law No. 44-FZ of 05.04.2013 “On the contract system in the field of procurement of goods, works, services to meet state and municipal needs”.
As part of the preparation for the tender, VTB Bank is developing tender documentation. Consideration of the tender documentation and the size of the initial price of the contract for the provision of audit services is carried out by the Audit Committee of the Supervisory Board. An open competition for the selection of an auditor is held by the Bank's Competition Commission.
During the competition, members of the commission consider applications received from participants in the competition. Based on the criteria specified in the tender documentation, the bids are compared and the participant who has offered the best financial and specifications. Selected by the results of the competition audit organization recommended by the Supervisory Board for approval by the annual General Meeting of Shareholders.
Based on the results of the audit of the financial and economic activities of VTB Bank, the external auditor prepares an opinion, which is submitted to the Audit Committee for a preliminary assessment. Prepared audit report sent to the Supervisory Board, and also presented at the annual General Meeting of Shareholders of the Bank.
In 2014, Ernst & Young LLC, the Russian subsidiary of one of the world's leading audit firms, EY, was approved as the external auditor of VTB Bank.
EY's Russian subsidiaries have been the auditor of VTB Bank since 2003. The company has no other property interests in VTB Bank, except for paying for audit services, has no affiliation with the Bank, members of its management bodies and VTB subsidiaries.
Anti-money laundering
VTB Group attaches great importance to activities to counter the legalization of proceeds from crime and the financing of terrorism.
As part of coordinating the activities of the Group's companies in this area, VTB Bank develops uniform group-wide financial monitoring standards and ensures that their subsidiaries comply with them. Constant communication and information exchange between the relevant divisions of the Group's companies makes it possible to effectively manage the risks of money laundering and terrorist financing on a systematic basis.
Paying great attention to quality client base, VTB Bank and its subsidiaries implement all the necessary procedures as part of the customer identification and study program, and also carry out systematic work with correspondent banks.
Projects of all internal normative documents that determine the procedure for providing banking products and services undergo a mandatory examination for the possibility of using the relevant product (service) for carrying out operations for laundering criminal proceeds. If necessary, measures are taken to minimize potential risks.
AT reporting period VTB Group ensured effective management of the risks of involvement in money laundering and terrorist financing.
An audit company claiming the right to audit Sberbank is selected based on the results of an open tender. Competitive documentation for holding an open tender to select an auditor is approved by the Sberbank tender commission for the purchase of goods, performance of work, provision of services and is published on the official website of the Bank. The audit organization selected by the results of an open tender is agreed upon by the Management Board, the Audit Committee of the Supervisory Board, the Supervisory Board and is submitted for approval to the annual general meeting of shareholders.
annual general meeting shareholders of Sberbank, which took place on May 24, 2019, the auditor of the Bank for 2019 and Q1 2020 was approved by JSC PricewaterhouseCoopers Audit.
According to paragraph 1 of Article 85 federal law"About joint-stock companies» in a public company, the Audit Commission may not be created if its presence is not provided for by the charter of the public company.
On May 24, 2019, the annual general meeting of shareholders of Sberbank decided to approve the Charter of the Bank in new edition which do not provide for the formation of the Audit Commission in the Bank. In this regard, starting from 2019, the Audit Commission at Sberbank is not elected.
Internal Audit Service
The Internal Audit Service is entrusted with the functions of checking and evaluating the effectiveness of the internal control system, risk management systems, information security systems, the reliability of accounting and reporting, and a number of other control functions, including the functions of monitoring compliance with internal control procedures for financial and economic activities.
The Internal Control Service is entrusted with the functions of ensuring that Sberbank’s activities comply with legislation, regulation and best practices, as well as creating and applying effective methods and mechanisms for managing the risk of the bank incurring losses due to non-compliance with the law, internal documents of the bank, standards of self-regulatory organizations and / or application of sanctions and/or other measures of influence on the part of supervisory authorities.
For the purpose of risk management, the Bank operates the “Risks” Block, which is a set of structural divisions bank, as well as committees whose main function is risk management.
