Risk management

Goals and objectives

The main purpose of RMICS is to provide reasonable assurance that Russian Railways will achieve its goals.

The RMICS serves to:

• integrate risk management and internal control processes and procedures into the strategic and operational dimensions of the Company;
• put in place the necessary infrastructure, and policies and guidelines;
• reduce the number of contingencies that could undermine the Company’s ability to achieve its goals;
• raise risk awareness of RMICS participants and other stakeholders.

RMICS assessment

For a systematic and consistent approach to the integrated RMICS development, the Russian Railways Group has been implementing its Risk Management and Internal Control Development Programme for 2019–2024, which involves shaping the risk management infrastructure, continued monitoring and notification of governance bodies, conducting self-assessment, cascading the applied methodology, and building/developing RMICS in controlled entities.

RMICS must be subject to regular assessment for higher effectiveness and timely adjustment. The Company uses both internal (including assessment by the internal audit function) and external assessment.

The internal assessment is carried out from time to time at least once a year. The external assessment is carried out by an independent expert. Its frequency is set by the Russian Railways’ Board of Directors as recommended by its Audit and Risk Committee.

Improvement of the risk management system in 2019

In 2019, efforts were made to improve and develop the integrated risk management model. The RMICS in general was raised to a higher standard.

2019 key achievements:

• the Group developed and adopted its Risk Management and Internal Control Development Programme for 2019–2024, Risk Management and Internal Control Policy, Liaison Protocol for Risk Management and Reporting Processes, Risk Management and Internal Control Guidelines;
• Risk Appetite Guidelines submitted to Russian Railways’ Board of Directors;
• information on risks regularly submitted to the Company’s governance bodies (from the Management Board to the Board of Directors);
• information on risks reflected in the system of monitoring and control over Russian Railways’ operations, including information on the number of such risks and their description, risk breakdown by operations, risk materialisation events, and risk mitigants.

For a more effective risk management and internal control process, since 2018 Russian Railways has been conducting regular workshops and training sessions in RMICS for managers of different levels (from the Management Board members to specialists across the network). In 2019, a corporate training programme was developed for Russian Railways’ Corporate University to provide unified and scaled-up training based on the specific nature of the risk management process.

Part of the corporate governance system, risk management is a continuous and interactive process implemented across all management levels (organisational hierarchy).

Risk appetite

Russian Railways sets its risk appetite, which then shapes the decision-making on risk mitigants and controls and serves to maintain a balance between risks and opportunities. Risk appetite is determined by the Company’s Board of Directors and represents the maximum acceptable level of risk that the Company is ready to assume and stay within the bounds of when pursuing its objectives (including those defined in the Long-Term Development Programme)

Risk appetite is shaped by the Company’s goals, targets, target benchmarks, the requirements and resolutions of the General Meeting of Shareholders and the Board of Directors, as well as the Company’s key performance indicators and risk portfolio.

The procedure for setting, approving and revising the risk appetite is guided by the Company’s by-laws.

Risk management process