Internal Control System (ICS)

Internal Control, its definition and goals, as well as its organization are viewed as a process giving reasonable guarantee that Company will achieve its goals, namely following achievements:

 - effective activity;
 - assets maintenance and effective use of Company resources;
 - full, reliable and accurate financial and management reporting;
 - compliance to legislation of the Republic of Kazakhstan and Company internal regulations;
 - prevention and mitigation of losses (such as cut revenue, damage, lower corporate management ratings and others);
 - contribution in construction of an optimal organization structure.

 ICS is a summation of policies, procedures, processes, norms of behavior and actions contributing into effective and rational business, allowing Company to duly react to significant risks and ensure achievement of goals.

ICS is inclusive of the following inter-connected elements:

 - control media;
 - internal control procedures;
 - information support and exchange system;
 - evaluation of ICS effectivity.

ICS must be in full readiness to face risks, integrate with Company processes and daily routine operations, immediately notify appropriate bodies of any shortcomings and poor control areas identified, alongside with proposed corrective action taken or to be taken. Bodies that belong to ICS have various competences, depending on their connection to the ICS design, approval, application and control.

Board of Directors and Management Board ensure the existence of the control media that would express and demonstrate to personnel the importance of internal control and compliance to ethical norms at all levels of Company management and operationа. Board of Directors shall assume responsibility for organization of risk oriented ICS. Management Board shall assume responsibility to ensure the reliable functioning and ICS monitoring. Company divisions heads shall assume responsibility for design, documenting, introduction, monitoring and improvement of internal control procedures to be mandatory of their divisions.

Certain internal control functions may be delegated to individual workers and officials or special divisions within Company.

ICS Functioning Principles

ICS is based on the following principles:

 - absolutely non-stop operation for timely identification of any deviations from norm and adequate counter-action and prevention of repeated deviations in future;
 - reporting of all subjects of ICS: all internal control subjects cross-inspect among each other;
 - duty division: Company strives to prevent duplication of functions, which functions must be distributed among workers and officials in the way preventing one person from performance of several functions associated with operations with certain assets, process and operations accounts, assets security and inventory;
 - due endorsement and approval of operations:  Company strives to establish the order of approval of all financial and economic operations making all officials and workers  act in accordance to their duties;
 - all internal control subjects shall assume responsibility for execution of control functions;
 - internal control function based on good interaction among Company bodies and divisions;
 - continuous improvement;  Company strives to create conditions for flexible ICS operation making it adaptable and able to address new issues and improve the system itself;
 - timely delivery of communications regarding shortcomings and weak areas of ICS itself:  Company must establish shortest deadlines for delivery of information to individuals authorized to make decisions about replacement of significant shortcomings and areas of poor control;
 - internal control locally must be adequate to level of complexity of controlled objects;
 - definition of priority spheres of the Company where control must be established, identification of its strategic aspects to be controlled, even if it appears complicated to evaluate its effectivity (cost-economic effect);
 - Integrated and system nature of ICS.

Control Media

Control Media is Sole Shareholder, Board of Directors and Management Board’s common attitude presuming necessity to create and ensure functioning of internal control, realization of the importance of such system by all Company officials and personnel and actions taken in the light of that realization. Control Media factors:

 - honesty, ethical values and competence of Company officials and personnel that reflect knowledge and skills necessary for performance of tasks;
 - management philosophy and style;
 - Company organization chart that creates the basis for planning, execution, control and monitoring of Company activities;
 - personnel management policy and practices;
 - attention and strategic management from Board of Directors.

Risk Assessment

Principles and methods for risk management, as well as procedure for monitoring and control of effectivity of performance of risk management system (RMS), authorities of the bodies responsible for the functioning of RMS and the disclosure of information shall be governed by internal regulations of Society. Risk Management division of the Company is the main coordination body risk management process.  All division heads shall assume responsibility for implementation of RMS.

Internal Control Procedures

Internal Control procedures to be observed by Company bodies and personnel and documented measures for effective internal control of performance of all Company programs, plans and objectives, as well as identification and performance of unconventional operations, and prevention and mitigation of risks and potential undue or illegal actions by Company workers and officials.

Internal Control Procedures include the following :

 - establishment of tasks and objectives and responsibilities and authorities for divisions, workers and officials at all levels of Company management; ensuring their effective interaction;
 - establishment of authorities to approve operations: approval and implementation of operations only by those authorized to do so;
 - distribution of duties and lack of conflicts in the course of implementation of duties by Company personnel and officials;
 - creation and maintenance of reliable information support and exchange system covering all divisions, personnel and officials;
 - communication to all workers and officials of their duties in the sphere of internal control and for the sake of encouragement of their comprehension of functional roles in the Internal Control System;
 - establishment of key indicators of the Company activity, individually for each worker and managerial official in accordance to internal regulations;
 - establishment of criteria and effectivity appraisal of bodies, workers and officials of the Company;
 - Company Risk Management;
 - monitoring and acquisition and alienation, restructuring and other similar operations in regards to Company assets, as well as acquisition of ownership of such assets (assets preservation);
 - monitoring of effectivity of use of company resources;
 - monitoring of fulfillment of long-term development strategies, Development Plan (Middle-Term Business Plan) and Budgets (one year business plan);
 - control of implementation of investment projects;
 - control of observation of established accounting and tax procedures, as well as making and submission of all due Company reports (accounting, tax, fiscal and others);
 - control of Republic of Kazakhstan legislation compliance, as well as compliance to internal regulations and prescriptions and instructions from regulatory bodies;
 - control of execution of decisions made by Company bodies and managing officials;
 - control of fulfillment of recommendations from external auditors performing annual financial statement audits, and Internal Auditors;
 - control of observation of established information disclosure procedures;
 - control of maintenance of due document circulation within Company;
 - regular evaluation of Internal Control System;
 - due documentation of internal control procedures;
 - other procedures envisaged in Company internal documents and regulations.

Information Support and Exchange System

Informational support and exchange system is the timely and effective identification of data, their registration and exchange. Company ensure availability of full and adequate information about terms and conditions capable to render their influence on the decisions made within Company. Company strives to create and maintain due information system covering all activity spheres and processes.  Information provided in licenses applied software shall be authorized and kept in accordance with Company procedures. Company ensures creation of effective information exchange canals, both vertical and horizontal for the encouragement of comprehension of Company policies and procedures, in the sphere of internal control, by all subjects of internal control.

Internal Control Effectivity Evaluation

Internal control system (ICS) evaluation procedure is necessary for identification of potential mistakes that may affect Company activity and accuracy of Company reports, identification of the extent of such mistakes and capacity of ICS to address the issue. In evaluation of effectivity and adequacy of ICS, such factors, as actions (failure to act) by Board of Directors, Management Board and Company personnel, are taken in account, and, first of all, those aimed at integration of internal control into all processes, timely assessment of risks and effectivity of measures of risks mitigation. Internal Control System evaluation is an integral and mandatory duty of the Board of Directors, which body must develop its own opinion of ICS effectivity, after considerate and detailed research based on information and guarantees brought to its attention and disposal.

Management Board shall report to Board of Directors about continuous monitoring of internal control system and shall ensure its implementation.  Board of Directors must regularly collect and evaluate Management Board reports on internal control.  Effective and continuous monitoring is an integral part of a reliable internal control system.  In performing its duties, Board of Directors should not rely only on the monitoring processes practices in Company.

Audit Committee performs analysis and evaluation of affectivity in Company ICS, as well as collects and reviews appropriate communications and reports from Internal Auditors.  Results from Audit Committee work regarding audits and evaluation of Company ICS shall be communication to the Board of Directors and duly reviewed by the latter body.

Internal  Auditors shall take part in the continuous monitoring of the Company ICS and will be the body for evaluation of ICS and its compliance to all Company tasks, criteria and improvement recommendations.

 Board of Directors must define the process for internal control effectivity evaluation and establish the limits and the regularity of submission of reports by the Management Board, which reports shall be, within the current year, collected and reviewed by Board of Directors.  Board of Directors will also define the process of annual evaluation, which must be duly and correctly documented, and will be used as the main information about system of internal control and included in Company reports.  Reports from IAS must give Board of Directors balanced evaluation of existing risks and internal control system for effective risk management in all relevant spheres of activities. Any identified shortcomings and poor control shall be reflected in appropriate reports, as well as the information as to influence, such shortcomings and poor control areas may produce on Company and activities and the action taken for elimination of same.

Board of Directors Internal Control Report

Board of Directors shall bear responsibility for communication of information pertaining to internal control system in annual reports submitted to Sole Shareholder.  Such reports must indicate the following data:

 - description of existing process regarding identification, assessment and management of significant risks, the company faces;
 - indication of the fact that the process was performed within the analyzed year and was actualized (confirmed) on the date of approval of the final annual report;
 - indication of regularity, with which Board of Directors evaluates the process and confirmation of process’s legal compliance.

Consolidated Group Control System Establishment

 Company ICS is an integral part of an uniform internal control system operating in a consolidated group.  Company takes all action necessary for establishment and due approval of internal control regulations in its subsidiaries and affiliated entities.  As per existing appropriate procedures, Company will render methodical and practical assistance to its subsidiaries and affiliated entities in the formation of internal control systems.  In accordance with existing procedures and taking advantage of its rights of a shareholder, Company will perform the monitoring of effectivity of ICS in its subsidiaries and affiliated entities.  In consolidated group, ICS effectivity, as well as relevant report to Sole Shareholder are made for the whole group, based on reports (evaluations) from relevant bodies of subsidiaries, affiliates and external auditors.

 

Risk Management System