MONITORING AND AUDITING

The internal control system of MTS PJSC represents a combination of internal-control processes implemented by ICS entities based on the existing organizational structure, internal policies and regulations, internal-control and risk-management procedures and methods applied within the Company at all management levels and as part of all functional areas.

The establishment and efficient operation of the internal control system are designed to ensure reasonable confidence in the achievement of objectives set by the Company and to ensure proper control over the financial and economic activities of the Company as well as its efficiency.

The internal control system of MTS PJSC represents a combination of interrelated components, the structure of which meets the general accepted methodology COSO Internal Control – Integrated Framework 2013. In accordance with COSO model, a control environment is established, the risk assessment system is applied, control procedures are implemented and their performance monitored, and changes in organizational structure and business processes are monitored.

Under the internal control system, a range of anti-corruption measures mitigating reputational risks and risks of sanctions for bribery of officials against MTS PJSC. For the purposes of counteraction to abuses, authorization of transactions and operations, distinction of powers and rotation of duties, control over the actual availability and condition of facilities is implemented.

MTS PJSC approved the Policy for Complying with Anti-Corruption Legislation defining measures aimed at establishing elements of the corporate culture, organizational structure, rules and procedures assuring non-admission of corruption.

As a part of the Unified Hotline of MTS Group, the line of the Internal Control and Audit Unit was organized as a safe, confidential and accessible way to inform the Audit Committee of the Board of Directors and the Internal Control and Audit Unit about cases of breaches of the legislation, internal procedures, the Code of Business Conduct and Ethics of MTS PJSC by any of its employees and (or) by any members of the management body or the body of control over the financial and economic activities of MTS PJSC.

Proposals for the improvement of anti-corruption procedures and other internal control procedures are received through the hotline addressed to the Audit Committee of the Board of Directors and the Internal Control and Audit Unit. A person who has submitted relevant information is protected from any forms of pressure (including from dismissal, persecution, any forms of discrimination).

For a comprehensive, independent evaluation of the reliability and efficiency of the risk-management and internal-control system and of the corporate-governance practice of MTS PJSC, the Internal Control and Audit Unit of MTS PJSC uses the results of the completed audits to generate a report on the level of maturity in the Company as a whole. The Internal Control and Audit Unit is an individual structural division of MTS PJSC functionally reporting to the Board of Directors and administratively — directly to the President of MTS PJSC.

For some areas, the Internal Control and Audit Unit of MTS not only holds the leading positions in Russia, but meets the strictest global standards of quality in terms of setting objectives and performance of tasks, communications building, and also organization of the work and status of the Internal Audit Service. An employee of the Internal Control and Audit Unit, continuing the traditions of 2018, became the 2019 Laureate in the nomination “Internal Auditor of the Year” as a part of the VII National Prize organized by the Institute of Internal Auditors Association with the support of the Russian Union of Industrialists and Entrepreneurs and the Moscow Exchange. The national award is an integral part of the promotion of the internal auditor profession in our country, and an important component in assessing the personal contribution of internal auditors and internal audit services to the development of the profession.

The Audit Committee at the Board of Directors of MTS PJSC biannually reviews reports on the operation of the Internal Control and Audit Unit, Internal Control-Systems Department, Department of Compliance and Business and Risk Management Unit and generates conclusions on the efficiency of the internal control and audit function, risk management, compliance and internal control of MTS PJSC.

The Audit Committee positively evaluates the work of the Internal Control and Audit Unit in terms of evaluation of internal control, risk management, compliance and corporate governance system efficiency, and believes that the objectives of the Unit were met in full compliance with the expected results and recognizes the function as efficient.

The Audit Committee positively evaluates the work of the Internal Control-Systems Department with regard to the creation, implementation and development of an effective system of internal control over the reliability of generation of financial statements for MTS Group, including in new businesses, for 2019.

The Audit Committee positively evaluates the operations of the risk management functions as effective and compliant with the objectives as of now, and positively evaluates the operations of the compliance function and finds it efficient.

The Audit Committee on a quarterly basis reviews the reports of external auditor Deloitte and Touche CIS JSC approving their performance.

The Board of Directors of MTS PJSC defines the policy in respect to internal control and twice per year considers the report of the Audit Committee following the results of performance of the internal control and audit, risk management, compliance and internal control and audit, functions of MTS PJSC with analysis of the existing control system and identified violations.


The Report of the Audit Commission is annually attached to the materials of the annual General Shareholders’ Meeting of MTS PJSC.
Audit Committee under the Board of Directors

The Audit Committee is a collective deliberative body under the Board of Directors. The Committee was established for the purposes of assisting in the efficient implementation of the duties of the Board of Directors in terms of control over the financial and economic activities of the Company.

For detailed information about the Audit Committee’s work results in the reporting year see the “Committees of the Board of Directors” section.

Results of evaluation by the Committee of the external and internal audit process efficiency: please see the “Audit Committee Performance Report” section

Auditing Commission

On June 27, 2019, the followings persons were elected as members of the Auditing Committee at the annual general shareholder meeting of MTS PJSC:

  • Irina Radomirovna Borisenkova, born in 1963, holds the position of the chief accountant, managing director of the Finance and Investment Complex of Sistema PJSFC;
  • Maxim Aleksandrovitch Mamonov, born in 1978, holds the position of the internal control and audit director of MTS PJSC;
  • Andrei Anatolyevich Porokh, born in 1979, holds the position of vice president for internal control and audit of Sistema JSFC.

Report on the operation of the Auditing Committee

In April 2019, based on the results of the performed audit for 2018, the Auditing Committee did not record any material facts of violation of accounting activities or in the submission of financial statements while carrying out the financial and economic activities of the Company.

The Auditing Committee confirmed that the financial statements of the Company for 2018 and the Annual Report on Company’s activities for 2018, in terms of the Company’s financial statements, are authentic.

In April 2020, the Auditing Committee carried out an audit of the financial and economic activities of the Company for 2019. The opinion report of the Auditing Committee will be submitted for the approval of the Annual General Shareholder Meeting of MTS in June 2020.

Internal Control and Audit Unit

The Internal Control and Audit Unit is an independent structural subdivision and consists of the Internal Audit Department, Control Department, Methodology and Coordination Department. The Unit is headed by the Director for Internal Control and Audit who is functionally subordinated to the Chairman of the Audit Committee under the Board of Directors of MTS PJSC, and is administratively subordinated directly to the President of MTS PJSC.

The Internal Control and Audit Unit performs the following functions:

  • evaluation of the internal control system’s efficiency based on the following areas: efficiency and effectiveness of business operations, authenticity of financial and management accounting, compliance with internal standards and external requirements;
  • evaluation of the risk management system’s efficiency in the company in general and development of recommendations for improvement of the risk management system;
  • development of recommendations for improvement of internal control, risk management and corporate governance procedures, and assistance to the management in development of corrective measures based on the results of performed audits/inspections of financial and economic activities;
  • implementation of monitoring of execution of recommendations for rectification of violations and deficiencies discovered based on audit results;
  • analysis of authenticity of performance indicators and achievement of planned results during audits/inspections of financial and economic activities;
  • coordination, analysis and registration of messages received through the “Unified hotline”;
  • analysis of compliance of the company’s operations with requirements of legislation (including anti-corruption) during audits/inspections of financial and economic activities;
  • assessment of the design and operational effectiveness of the control procedures in the processes of managing the information systems and information technologies, ensuring information security and cybersecurity, protecting personal data and intellectual property; assessment of the effectiveness of the management of business continuity and sustainability;
  • providing consulting services

The IK&AU maintains a program to ensure and improve the quality of internal control and audit designed to assess the conformity of IK&AU with international professional standards of internal audit and the use by the IK&AU staff of the Institute of Internal Auditors Code of Ethics (The IIA).

Report on operation of the Internal Control and Audit Unit

During 2019, the Internal Control and Audit Unit operated in accordance with the set objectives, tasks and performed functions.

In July 2019, a new version of the Rules of Procedure RP-013-4 “Conducting Audits by the Internal Control and Audit Unit of the MTS Group CC” was developed and approved, after having improved in accordance with the International Principles of Professional Practice of Internal Auditing adopted by the International Institute of Internal Auditors (The IIA) and supplemented by a section identifying parameters for the provision of consulting services.

The results of the Internal Control and Audit Unit’s operation for the first six months and in general for 2019 were inspected and approved by the Audit Committee. The Audit Committee positively evaluated the operations of the Internal Control and Audit Unit, and believes it is efficient.

In December 2019, the Audit Committee approved the work plan and budget of the Internal Control and Audit Unit for 2020.

Today, IT auditing is the most promising area in the digital economy. The structure of IK&AU has an IT audit department. IT auditors work with a wide range of tasks — from general IT processes to analysis of use of specific technologies. To conduct such an audit, you need to have the appropriate knowledge, as well as an ability to communicate both with the management of IT departments, and with highly specialized technical specialists. Hence the constant need for continuous professional development, which is implemented in our company in approved career development programs.
Maxim Mamonov, Internal Control and Audit Director
Department of Internal Control Systems

The Department of Internal Control Systems is a structural unit which is part of the Finance Unit, and consists of the ICS development department for the key business, the ICS development department for integrator business, the ICS development department for financial technologies and commerce, the Certification Group and the General Methodology ICS. The Department of Internal Control Systems is headed by the director of the department, who is directly subordinated to the member of the Management Board and vice president for finance of MTS PJSC and reports to the Audit Committee under the Board of Directors of MTS PJSC.

The Department of Internal Control Systems performs the following main functions:

  • formation, implementation and development of the system for internal control over reliability of financial statements of MTS Group;
  • testing, evaluation and certification of the system of internal control over generation of financial statement of MTS Group;
  • management of the separation of authorities in SOX-essential information systems (SoD-analysis);
  • completion of expert assessment of business processes with the purpose of identifying potential risk areas and subsequent communication to owners of business processes;
  • coordination of interaction of external auditors and functional subdivisions of the company during the audit of efficiency of the internal control system of MTS Group.

The Department of Internal Control Systems is directly subordinated to the Member of the Management Board, Vice President for Finance of MTS PJSC and reports to the Audit Committee under the Board of Directors of MTS PJSC.

Report on operation of the Department of Internal Control Systems

In 2019, as a part of the development of the internal control system for the MTS Group of Companies, including the construction and implementation of the internal control system in new types of businesses, as well as taking into account the results of the management testing and external audit in 2018, and changes in the organizational structure and business processes, activities were carried out to formalize the control procedures aimed at covering significant risks, and an evaluation of their effectiveness, including control over the correctness of applying the updated accounting standards IAS 16, IAS 15, IAS 9, controls for centralization of the accounting function of a subsidiary company of MGTS PJSC in SSC of MTS PJSC, controls for the application of RPA technology and automation in the accounting processes and the other company's business processes documented for SOX purposes.

Since 2018, ICSD has changed the strategy for implementing and developing ICS in new subsidiaries – the management of the ICS function in subsidiaries is carried out from the CC level. This approach was implemented in 2019 in the following subsidiaries: RTC JSC, NVision Group JSC, Satellite TV LLC, Stream LLC, Cloud Retail LLC, NVision Czech Republic a.s. MTS Bank PJSC and MGTS PJSC. The strategy proved its effectiveness through the efficient and flexible distribution of resources and the optimization of time in support of ICS in subsidiaries. In 2019 the the project for implementation of the internal control system (SOX) was successfully carried out with regard to the accuracy of accounting in the largest subsidiary of MTS Group – MTS Bank PJSC. According to the results of the implementation in 2019, 227 control procedures were documented, 175 control procedures in business processes, 35 general corporate controls and 15 ITGC.

In accordance with the approved methodology for managing the separation of powers in SOX-essential information systems, efforts are underway to identify and reduce conflicts of roles and powers (SoD):

  • In the key ERP system of Oracle EBS, the number of SoD risks was significantly reduced in 2019 at the level of business processes.
  • Robotization of ICSD control processes launched: SoD Foris and testing marketing programs. With the participation of IS owners, within the framework of the first stage of the project for the implementation of separation of powers in Foris IS, business processes were analyzed to identify SoD risks, a SoD risk matrix was formalized at the business level, a technical SoD risk matrix was developed taking into account the role structure of Foris IS. The Terms of Reference have been developed for automating the processing of the SoD-risk matrix and the privileges assigned to users in IS Foris.

The MTS Group's internal control system is tested and certified in accordance with Art. 404 of the Sarbanes-Oxley Act.

Based on the results of the internal evaluation and external audit, the internal control system of MTS Group as of December 31, 2019, was found to be efficient and to have no material and significant deficiencies.

External Audit

Auditor

On June 27, 2019 the Annual General Meeting of shareholders of MTS PJSC approved Joint-Stock Company Deloitte & Touche CIS as the auditor (Location: 5 Lesnaya Str., Moscow 125047, Russian Federation), OGRN 1027700425444, certificate of membership in the Self-Regulatory Organization of Auditors of the Association “Commonwealth” (Association) of January 31, 2020, ORNZ 12006020384.

Deloitte and Touche CIS CJSC is one of the leading audit and consulting firms providing services in the field of audit, consulting, corporate finance, risk management and tax and legal advice. It is a member of the international association Deloitte Touche Tohmatsu Limited, one of the world's leading providers of professional services, with more than 286,000 employees in more than 150 countries.

In the reporting year the Auditor performed:

  • an audit of annual financial statements of MTS PJSC for 2019 prepared in accordance with the Russian Accounting Standards as per the International Audit Standards (IAS);
  • an audit of the consolidated financial statements of MTS PJSC and its subsidiaries, prepared in accordance with IFRS for 2019, conducted in accordance with ISA;
  • an integrated audit of consolidated financial statements of MTS PJSC and its subsidiaries prepared in accordance with IFRS for 2019 and efficiency of the internal control system over its preparation as of December 31, 2019, conducted in accordance with the standards of the US Public Company Accounting Oversight Board.

In March and April 2020, the Audit Committee approved the results of the external auditor based on the results of audits for 2019, including conclusions on the effectiveness of the internal control system over the formation of financial statements in the MTS Group.

Based on the results of the audits, the MTS PJSC auditor expressed opinions on the reliability of the financial statements of MTS PJSC for 2019 prepared in accordance with Russian accounting standards, and the consolidated financial statements of MTS PJSC and its subsidiaries for 2019 prepared in compliance with international financial reporting standards.

Procedure for the selection of the issuer's auditor

A tender for selection of the external auditor of MTS PJSC is conducted at least once every five years. To conduct the tender, MTS PJSC establishes a tender commission. Based on tender results the tender commission generates recommendations for selection of the external auditor which are submitted for approval to members of the Audit Committee at the Board of Directors of MTS PJSC.

In the event that the auditor’s candidacy is approved by the Audit Committee, Board of Directors and General Shareholder Meeting of the Company, a contract for financial statements audit services shall be signed with an auditing company.

The remuneration of the auditor for the audit of the accounts of MTS PJSC and its subsidiaries for 2019 is approved by the Board of Directors of MTS PJSC and according to the results of 2019 amounted to 177,479 thousand rubles, excluding VAT and overhead expenses, including audit of reports of MTS PJSC In the amount of 13,500 thousand rubles and an audit of the incoming balances of MTS Bank in 2018 in the amount of 1,050 thousand rubles.


Settlement of possible conflicts of interest of management bodies at MTS PJSC

For the purposes of non-admission of conflicts of interests, the Company holds an annual knowledge testing and certification of compliance with norms of the Code of Business Conduct and Ethics for executives and top management, the result of which are reviewed at the Auditing Committee at the Board of Directors of MTS PJSC.

Members of the Management Board and employees are not entitled to participate in the approval, agreement, or other decision-making in respect of transactions concluded by the Company if they are or may be under the influence of the conflict of interests.

During managing a conflict of interests the Company is guided by the principles of lawfulness, confidentiality, impartiality, objectiveness and reasonable sufficiency, obligatory immediate disclosure of information by Company’s employees about an actual or potential conflict of interests or likelihood of such a conflict.

During 2019, two cases of conflict of interest were discovered among members of the Management Board of MTS PJSC. All the situations have been resolved in accordance with the conflict of interest management policy approved by the Company.

Procedures preventing a possible conflict of interests of directors are also established in our Company. Members of the Board of Directors must refrain from actions which may result in appearance of a conflict of interests and, if such a situation exists or arises, disclose information about it to the Board of Directors and not participate in voting on conflict agenda items.

Members of the Board of Directors, who have interest in agenda items of the Board of Directors, do not take part in discussion and voting on the specified agenda items.

During 2019 no conflict of interests of members of the Board of Directors of MTS PJSC was found.