Internal Control ensures that rules and regulations regarding security and risk management (as set by corporate management) are incorporated into the Bank’s business procedures.
The Bank follows the independence principle of the Internal Control Service, which reports directly to the Supervisory Board and makes recommendations on the efficiency of risk management procedures, complies with regulators’ requirements, and reports the timeliness, reliability and economic efficiency of operations.
The Internal Control Service annually draws up an audit plan comprising a revisions schedule based on the adopted methodology of the Bank’s risks and internal controls assessment, which takes into account changes in the Bank’s internal control system and new business segments.
The plan necessarily includes audits of branches that are exposed to increased risk levels, and carry a significant amount of loans on their balance sheet. The Head office audit plan comprises audits of business processes that involve: high credit, market, and operational and reputational risks. On a monthly basis, the Internal Control Service carries out audit reviews on how internal controls functions over credit operations.
Branch-level internal auditors carry out audits of branches and additional offices, including end-to-end checks in the following directions:
On an ongoing basis, the Internal Control Service monitors the Bank’s operations in the financial market, including changes in internal and external regulations, compliance with set limits, proprietary securities transactions, and brokerage operations.
The internal auditor, within the sphere of financial market operations, carries out a compliance audit with the qualification requirements of Russian legislation by employees executing financial market operations and checks on the Bank’s compliance with Russian legislation and Federal Financial Markets Service regulations.
In addition, the internal auditor of financial market operations carries out the following checks:
Regarding enhancing further internal controls, the Bank sets a priority on the application of computer technologies and the development of IT audits