Internal control and risk management
- A risk committee has been established to coordinate the actions of the Company’s structural divisions
- The environmental risk assessment methodology has been updated
- Risk Management Policy
- Anti‑bribery and Corruption Policy
- Corporate Code of Ethics
- Policy on Conflict of Interest
- Sanctions Policy
- Regulations on Risk Management
Material topics
- Corporate governance
| Goals | Status | Progress made in 2024 |
|---|---|---|
| Update internal documents | On track | The Risk Management Policy and Regulations on Risk Management have been updated. |
Internal control and risk management system
Internal control and risks management at En+ Group is organised in accordance with global best practice to ensure the identification and systematic analysis of risks when making decisions to prevent/minimise them.
The Company’s approaches to risk management and internal control are set out in the Risk Management Policy, and the process is outlined in the Regulations on Risk Management. In 2024, the Policy and Regulations were updated.
The Group has established a comprehensive internal control system (ICS) to safeguard its assets, improve business processes, and ensure compliance with applicable laws and local regulations throughout its operations.
The Internal Audit Directorate (IAD) seeks to ensure that a robust system of internal controls is in place in the Group through:
- operational and financial control;
- compliance control;
- business process institutionalisation;
- implementation of ICS enhancement projects.
The risk management system (RMS) is an integral part of ICS and the corporate governance system as a whole. RMS ensures compliance with corporate governance standards and consistent sustainable development of the Group’s business.
In 2024, a risk committee was established at the level of the Company’s management to ensure effective risk management by coordinating the actions of various structural divisions.
To enhance risk management’s effectiveness, objectives in this area are integrated into the key performance indicators (KPIs) of both management and relevant employees.
GRI 2‑12, 2‑13, 2‑16
Organisational structure of internal control and risk management
Approach to risk management
GRI 2‑25
Risk management at the Company is structured as a continuous cyclical process, which enables En+ Group to promptly identify potential threats that may affect its operations and take measures to reduce the adverse impact if they occur.
The Company regularly analyses material factors and monitors changes in legislation and regulatory requirements not only in the countries where it operates, but also at the international level. In the course of strategic and business planning, the Company assesses the impact of external and internal environment factors on the most probable risks.
The risk management process commences with setting the Company’s business objectives. The Company manages risks vertically, with risks to business processes identified at the individual facility level and subsequently aggregated at the Company level.
The IAD conducts quarterly monitoring of risk status, including analysing changes during the reporting period, the likelihood of their materialisation, reviewing the ongoing relevance of financial risk assessments and the progress of mitigation measures, as well as assessing whether the new risks that emerged during the quarter were promptly identified.
To foster a robust risk management culture, employees and managers take training and courses that equip them with the requisite knowledge and practical skills to analyse, assess, and manage risks.
Risk management process
Key risks of the Company
The key risks in En+ Group are risks that may prevent the achievement of the Company’s goals and the creation of value for shareholders or lead to significant damage. To prevent/minimise potential damage, the Company is constantly improving the system for identifying risks and responding to each risk to the extent corresponding to the nature and size of the risk.
The extent of risk impact is determined by the amount of possible financial losses (damage) taking into account the assessment of the probability of the occurrence of a risk event (statistical and analytical methods are used as appropriate).
When managing risks, the Company takes into account the expectations of stakeholders and assesses the economic, environmental and social impact based on sustainable development principles.
Key risks of the Company
In 2024, key risks impact assessment in En+ Group remained unchanged.
Risk impact on the Company’s operations
High
Medium
Low
| Risk | Description | Changes in 2024 | Mitigation measures | |
|---|---|---|---|---|
| External and market risks | ||||
| Environment | Risk of negative impacts stemming from legislative initiatives and law enforcement practices on the Company’s day‑to‑day operations. Extension of new legal requirements to existing facilities. Tougher sanctions for regulatory non‑compliance and delayed acquisition of permit. Risk of sanctions or fines resulting from soil, water, or air pollution due to equipment failure or human error | no change | Robust operation of the environmental management system. Consistent application of Environmental Policy provisions. Environmental auditing and monitoring of operating processes. Engagement with national and local governments on developments in environmental laws | |
| Laws and regulations | Impact of legislative changes or their enforcement, both domestically in Russia and internationally, encompassing antimonopoly and tariff regulations, licensing and permits, and environmental and HSE regulation | no change | Monitoring changes in the regulatory frameworks. Engagement with the regulatory authorities | |
| Legal risks | Risks of potential losses arising from the enforcement of judgments on claims | no change | Legal defence against claims. Negotiating with claimants | |
| Market: supply, demand and commodity price volatility | Business impact of fluctuations in supply, demand, and/or commodity prices critical to the Group’s operations:
Risk of a recession in the US/EU and worldwide | no change | Monitoring risks and conducting market research, business planning, and scenario analysis. Using derivative financial instruments for partial hedging of market risks. Expanding customer portfolio, expanding product range to diversify sales, and boosting sales in alternative markets. Promoting highly competitive low‑carbon metal and electricity | |
| Geopolitical | Risks of an adverse business impact (including commodity security and supply chain risks) in the event of new economic restrictions imposed by foreign governments, affecting:
| no change | Monitoring geopolitical situation and relevant risks. Developing and implementing risk mitigation measures:
Protecting the Company’s interests through legal means | |
| Safety risks | Risks of significant damage to production facilities and suspension/termination of operations of the Company’s enterprises as a result of terrorist attacks | no change | Scenario planning. Development of early response measures, including a set of organisational and practical measures to ensure the integrity of assets | |
| Business and operational risks | ||||
| Maintenance | Equipment operation risks involve potential equipment failures leading to financial losses, lower productivity, or the halt of operating facilities, including situations where repair plans are not fulfilled (due to failures or longer lead times for imported equipment and materials) | no change | Timely maintenance and repairs/overhauls of equipment; upgrades to operating facilities. Searching for alternative suppliers of imported equipment | |
| Commercial and project | Risks of disruptions in supply chains for goods and raw materials. Pricing risks: monopolistic pricing in the transportation market and regulatory pricing in the electricity market. Risks of time or budget overruns for projects | no change | Negotiating with suppliers and broadening the pool of potential suppliers. Monitoring lead time and investment contract performance. Entering into long‑term contracts with formula pricing mechanisms. Making spot purchases subject to economic viability. Continuous monitoring of alternative markets | |
| Health and safety | Workforce or contractor injury due to human error, equipment failure, or workplace configuration, given the endemic risks within the Power and Metals segments relating to major accident hazards | no change | Managing dedicated units tasked with
OHS compliance checks by regulatory authorities (Rostechnadzor, Rospotrebnadzor, etc.) during both scheduled and unscheduled inspections | |
| IT security and resilience | Risks of data loss or IT infrastructure damage stemming from hacker attacks or malware intrusion. Risks of malfunctions in automated information control and management systems at major industrial facilities (HPPs, CHPs, etc.) | no change | Testing the IT infrastructure for security vulnerabilities. Using uniform policies and procedures to ensure security | |
| Financial risks | ||||
| Financial | Financial implications resulting from market volatility in foreign exchange rates, interest rates and commodity prices. Tax risks | no change | Ongoing monitoring of the Company’s financial position. Ensuring compliance with the terms of loan agreements with banks, including regular monitoring of financial covenant compliance. Coordination of tax planning and oversight of tax assessments and payments. Implementing partial hedging of currency risks, diversifying the debt portfolio and foreign‑currency deposits. Continuous monitoring and adjustment of cash flow | |
| Climate‑related risks | ||||
| Transition risks | Financial or reputational impact due to policy, legal, technology, and market changes | no change | Constant monitoring of policy, legal, technology, and market changes | |
| Physical risks | Negative impacts on operations stemming from climate change, including fluctuations in water supply and temperature variations | no change | Business and scenario planning; climate research and analysis. Incorporating climate‑related risks and regional considerations into R&D and investment projects | |
Plans for 2025 and the medium term
- To approve and apply the updated Risk Management Policy and Regulations on Risk Managemen.
- To analyse the efficiency and effectiveness of the risk management system for 2024.