Сorporate risk management system and internal control system

KazTransOil JSC (hereinafter referred to as the Company) is aware of the importance of developing a corporate risk management system (hereinafter referred to as CRMS) and an internal control system (hereinafter referred to as ICS) as key components of the corporate governance system aimed at timely identification, assessment, monitoring and reduction of potential risk events that may negatively affect the achievement of strategic and operational objectives of the Company

Improving CRMS and ICS is an important aspect of the Company's effective operations for a number of reasons:

• Providing reliable information to management, and as a result, making balanced and informed management decisions;
• Ensuring the safety of the company's assets and the efficiency of economic activity;
• Adequate assurance that all internal policies and procedures, as well as laws and requirements, are being followed as prescribed.

The Company develops and improves CRMS and ICS by applying a set of organizational measures, methods, procedures, norms of corporate culture and actions to achieve an optimal balance between the growth of the company's value, its profitability and risks.

CORPORATE RISK MANAGEMENT SYSTEM

The Company's Board of Directors adopted and approved the Policy on the Corporate Risk Management System of KazTransOil JSC. This document reflects the vision, goals and objectives of CRMS in the Company, defines the risk management structure, the main components of the risk management system, provides a systematic and consistent approach to the implementation of the risk management process, general approaches to the classification of risks of the Company, elements linking the Company's CRMS with the processes of planning, budgeting and motivation, as well as criteria for the effectiveness of the Company's CRMS.

The policy does not aim to cover all possible scenarios that may arise in the process of practical application of CRMS, assuming that the risk management process, as part of the daily management process, should provide freedom to apply various management styles and creative approach.

The procedure, methods and tools for identification, methods of quantitative and qualitative assessment of parameters, risk analysis/risk factors are regulated by the Company's internal risk management documents.

INTERNAL CONTROL SYSTEM

ICS is aimed at timely identification and analysis of process-level risks inherent in the Company's activities, as well as identification and analysis of control procedures for managing these risks in three key areas of ICS: operational activities, preparation of financial statements and compliance with legislative and regulatory requirements.

In order to further implement and improve ICS, the Company has developed and approved the following internal documents regulating ICS:

• The ICS Policy, which contains a statement on the directions and intentions of development, principles in the field of internal control and represents the general vision of the management for the improvement and development of ICS.
• ICS Regulation, which defines the interaction of ICS subjects and the distribution of responsibility for the organization, functioning and effectiveness of ICS.

The Company carried out the following work on documenting ICS:

• Classifiers of business processes have been developed and approved at the level of the central office, branches and oil pipeline departments of the Company;
• Flowcharts and matrices of risks and controls for key business processes of the central office, branches and oil pipeline departments of the Company have been developed and approved.

RISK CULTURE DEVELOPMENT 

The company is interested in developing a risk-oriented culture of doing business.The risk culture in the Company develops through the involvement of all its employees in the risk management process, as well as through the regular exchange of information between the Board of Directors, the Management Board and employees of the Company, including through corporate seminars in the field of risk management, both with the involvement of third-party organizations and the Company's own risk managers. 

The main goals of the CRMS workshops are:

• Formation of a CRMS system view;
• Familiarization with the structure of the CRMS, its participants, the process and functions of risk management;
• Development of skills to identify, assess risks, apply risk management methods and develop risk management measures using a practical case.

The main objectives of the ICS seminars are:

• Familiarization with the principles of ICS and training in building ICS at the level of a business unit;
• Training of specialists in risk management and IMS of branches of KazTransOil JSC in existing methods and approaches in the field of ICS, including:
  • Identification of risks inherent in the business process;
  • Identification of existing control procedures covering the identified risks;
  • Development of risk matrices and controls and flowcharts for the business process, which are the final documents for the identification and analysis of process risks, as well as control procedures.

When hiring, all employees undergo standard procedures to familiarize themselves with the principles of functioning of CRMS and ICS.