The internal control system in the bank performs a protective function. Its task is to minimize external and internal risks and ensure such a procedure banking operations and transactions that contributes to the achievement of set goals while complying with the requirements of legislation, regulations of the Bank of Russia, as well as internal procedures, standards and rules.

The legal field of the internal control service is determined by the regulation of the Bank of Russia “On the organization of internal control in banks” dated August 28, 1997 No. 509. Direct actions aimed at minimizing the bank’s risks are determined by a number of instructive acts, such as, for example, the Bank of Russia Directive dated July 7 . 1999 No. 603-U “On the procedure for implementing internal control over the compliance of activities in financial markets in credit institutions”, Resolution of the Federal Commission for the Securities Market dated July 19, 2001. No. 16 “On approval of the Regulations on internal control of a professional market participant valuable papers", rule (standards) of auditing activities "Study and assessment of systems accounting and internal control during the audit" (approved by the Commission on Auditing Activities under the President Russian Federation dated December 25, 1996, protocol No. 6) and a number of other acts.

IN organizational basis The internal control system contains principles that ensure the continuous operation of control mechanisms and functions in all areas banking and levels of decision making. These include, in particular, the principles:

• separation of duties;
• continuity;
• objectivity and specificity;
• objectivity;
• inclusiveness and diversity;
• information sufficiency for decision-making and restriction of access to information not related to the conduct of a specific operation and/or
  exceeding the limit of functional necessity within the scope of job duties;
• use various types control depending on the functional affiliation of the objects of control, the current need and the complexity of the tasks.

The efforts of the internal control service (based on the general situation and the creation of a high-tech bank in the future) are aimed mainly at controlling:

• for the creation of a single technological structure conducting all operations and customer service;
• for creating compliance of the technological structure, formalized in the form of regulations, orders, instructions, methods, procedures, with the actual practice of the bank;
• for adequate bank accounting, as well as the creation and effective functioning, within the framework of a single technological structure, of mechanisms for subsequent control over banking operations;
• for compliance internal regulations, orders, instructions, methods, procedures to external legislation.

To build a unified technological structure in a bank, a number of problems must be solved.

1. Develop (together with other divisions of the bank) unified and standardized rules and algorithms for the creation (formalization) of internal regulations, orders, instructions, methods, procedures, as well as their implementation, application, change (correction) and cancellation.
2. Monitor the unification and standardization of internal regulations and methodological acts.
3. Monitor the adaptability of internal regulations to a rapidly changing external environment.
4. Formalize all processes of the bank's activities.
5. Monitor the continuity of technological chains of the bank’s activities.

When talking about control, you should clearly understand its types. As a rule, this is administrative and financial control. Administrative control consists of checking the compliance of operations and transactions with the authorities officials, defined by bank regulations and procedures for making and implementing decisions. As a result of financial control, the compliance of ongoing operations and transactions with the bank’s policies set out in regulations, their adequate accounting and reporting is verified. It is important that both administrative and financial control determine the effectiveness of the bank’s risk management system and the measures taken to identify and minimize risks.

So, the goals and functions of the internal control service are clear. However, the question arises: what is the functional difference between the internal control function and the units involved in internal audit? After all, functionally, such divisions also exercise internal control over the bank’s activities.
To answer this, it is necessary to clearly distinguish between the concepts of “internal control system” and “internal control service”. The first covers all types of operations and all hierarchical levels of the bank's work, and the second controls the work of the first.

Considering the bank as a kind of production (which also includes divisions performing control functions - this is their production), we can say that internal audit is a division performing production functions. At the same time, the internal control service performs both production and organizational functions (creating control mechanisms).

The structural organization of the internal control service can be carried out in two ways.

First. The internal control service includes an internal control unit, internal audit, a risk management unit, as well as a number of other analytical and control units of the bank. In fact, we are talking about a multifunctional department that should cover various aspects of the bank's activities.

Second. The internal control service is created as a separate structural unit of the bank, interacting with other control units. With this option, the internal control service must be endowed with appropriate powers and rights.
The choice of a structural organization primarily depends on the characteristics of the bank, the availability of appropriate resources, and established business practices.

Internal control in the bank.

A number of problems may arise in the activities of the internal control service in connection with the established regulatory framework Bank of Russia. For example, international control practice presupposes the presence of compliance control in all areas of the bank’s activities. In principle, compliance controllers conduct inspections in all areas of banking activities. However, in Russian banking system regulatory compliance control (the activities of the compliance controller) is regulated only in the bank’s work on financial market(Instruction of the Bank of Russia dated July 7, 1999 No. 603-U). It seems that it would be more logical to cancel this Directive, but to supplement Regulation No. 509, expanding the functions of the internal control service by implementing compliance control over the entire set of bank operations.

A few words on the draft Code of Corporate Conduct developed by the Federal Securities Commission and issues of internal control.

Condition assessment corporate governance needs a special multidimensional system for assessing the performance of the subject of management. In this regard important occupied by the system of internal control over the financial and economic activities of the entity. The draft Code provides for the creation of a special body - the control and audit service - responsible for conducting daily internal control. However, its main task, according to the project, is audit support of the subject. In our opinion, this body must first of all create an internal control mechanism that can most effectively ensure the reliability of the activities of the subject of management. And within the framework of this mechanism the system should function internal audit, as an integral, but not the only part of the internal control system.

The draft Code very superficially describes the functions of the control and audit service, the principles of interaction of this body with other divisions of the entity, as well as with external auditors. The functions of the audit commission are not sufficiently developed in new edition Law "On joint stock companies", which came into force on January 1, 2002. Therefore, the regulation of the Bank of Russia "On the organization of internal control in banks" No. 509, in our opinion, more fully reveals the tasks and functions of the service organizing internal control, compared to Chapter. 8 “Control over the financial and economic activities of the company” of the draft Code. This concerns, in particular, the absence of such functions of the control and audit service as monitoring the compliance of the subject’s activities with the legislation of the Russian Federation, the creation of technology for controlling business processes, increasing its efficiency, the possibility of laundering proceeds from crime, as well as functions within preliminary, current and subsequent control. The developers of the draft Code did not take into account Bank of Russia Regulation No. 509, which is based on international principles for organizing internal control and recommendations of the Basel Committee. As a suggestion, we can recommend that the authors of the draft adapt some aspects of Regulation No. 509 for Ch. 8 of the draft Code.

Internal control over the bank's branch network.

Operations of branches are carried out within the limits and restrictions established by the parent organization. In particular, the activities of the branch are limited by the regulations on branches and the general power of attorney of the manager to carry out active operations(by type of activity and counterparties), as well as the cost of funds raised and the volume of transactions performed (limits). Limits on transactions of branches of various types financial instruments are established by the collegial body of the parent organization. At the same stage, business planning of the branches' activities is carried out. In the future, monitoring of the progress of the branches’ implementation of business plans should be carried out on an ongoing basis. In addition, the preliminary control stage involves mandatory coordination with the interested divisions of the bank of all developed regulations that directly affect the activities of branches.

Current control over the operations of branches by the parent organization is not implemented in real time. As a result, the parent organization cannot quickly (during the operation) monitor such violations as exceeding limits on individual species operations and the conduct by branches of transactions and operations not permitted by the parent organization.

Most violations are usually detected during follow-up monitoring. This is control of accounting and operational work, including cash register. It is carried out by the employees of the branch divisions themselves on the basis of Part 3 of the Accounting Rules No. 61 in two directions: complete control over the correctness of the reflection of all transactions made during trading day transactions in accounting registers and checking the work of employees based on quarterly plans. At the same time, based on the results of inspections, branches send certificates to the internal control service. These are audits of the activities of branches, which are carried out by the internal audit unit, including verification of the elimination of deficiencies identified by previous audits. One time in reporting year Internal audit units must conduct comprehensive audits of branches.

In addition, during subsequent control, all acts of inspections of the activities of branches by authorities are taken into account state control(territorial branches of the Bank of Russia, State Tax Service, funds), copies of which branches are required to send to the internal control service.

In addition to the above, it is desirable to have in the branches of the internal control group subsidiaries of the internal control service, whose task includes regular thematic inspections of the branches’ activities, as well as, at the stage of preliminary control, participation in the coordination of internal regulations of the branches. The reports of these groups are sent to the internal control service of the parent organization.

If a branch operates on a self-supporting basis, then control over its activities by the parent organization should be more strict. It should cover the execution by branches of limits on transactions, counterparties and financial instruments, balance sheet accounting (its compliance with actually completed transactions and payments, i.e. compliance with synthetic and analytical accounting data, as well as accounting (compliance with the requirements of the Central Bank of the Russian Federation and other regulatory government organs).

In order to minimize risks, limits are established on all unsecured transactions of a bank branch with counterparties: on unsecured transactions in the financial market, when lending corporate clients, for conducting transactions with financial instruments (bills, bonds, etc.), for issuing guarantees, sureties and trust servicing of client funds, as well as individual limits for authorized persons of branches. Branch internal control services must carry out subsequent supervision over the implementation of limit discipline, and
also for the correct and effective action current control mechanisms in this area.

The internal control service of the bank’s parent organization must organize interaction with territorial internal control units and develop internal regulations regulating the order of such interaction. It is necessary that territorial internal control groups be independent of the branch management. This will eliminate the possibility of influence of the branch management on their activities; however, the above also applies to the internal control service of the parent organization. It is desirable that she have the opportunity to “access” the bank’s Supervisory Board.

A separate problem is the organization of control over separate structural divisions of bank branches (additional offices and operational cash desks outside the cash desk). This is the prerogative of branch managers. At the same time, managers are guided by the provisions of regulations governing the procedure for carrying out operations in various areas of banking activities and organizing control over their implementation, as well as internal documents that take into account the specifics of a particular branch in relation to the activities of separate structural divisions. All procedures described in these documents must meet the requirements of Part 3 of the Accounting Rules for Credit Institutions located on the territory of the Russian Federation, No. 61 dated June 18, 1997.

Control over the activities of separate structural divisions of branches should be carried out both by employees of these divisions. and on the part of the branch by employees of territorial divisions of the internal control service.

In separate structural divisions of branches, subsequent control of accounting and operational work, including cash, should also be carried out, providing for regular checks by employees of accounting and operational departments of the activities of other employees. It is carried out by employees of the divisions of the internal control service of branches, and in the absence of such in branches - by employees of branches - in the areas of their activity.

In the latter case, certain difficulties arise due to the likelihood, on the one hand, of a biased assessment, and on the other - possible errors due to increased employee employment.

Current control is carried out by the heads of separate structural divisions, as well as the heads of specialized departments during banking operations. At the same time, the main problem of organizing effective control is the unclear division of functions and the inability to minimize the risk of a conflict of interest due to a shortage of personnel in a separate structural unit.

Internal control at the stage strategic planning and forecasting.

Strategic planning and forecasting are also the field of activity of the internal control service.
The main object of the internal control system at this stage is the state of internal bank analytical work: taking into account the impact on the effectiveness of the current and promising development a bank of possible changes in the macroenvironment, external risks (political, country, regional, industry, etc.).

At the stage of preliminary control, supervision is carried out over the completeness, composition and timeliness of updating the source databases, on the basis of which the analytical and functional divisions of the bank carry out a prospective assessment and forecast of the situation. The subject of preliminary control is also the existing procedure for promptly and systematically informing the bank’s governing bodies about the conclusions and proposals of analytical services on the current situation, about forecasts for the development of the situation in the relevant market segments and in the economy as a whole, in the field of regulatory support for banking activities.

To this end, comprehensive and thematic inspections of these units are carried out to ensure the availability of the necessary tools, procedures and technical means to conduct an adequate analysis and bring it to the attention of responsible persons involved in the preparation and adoption of relevant decisions.

Current control requires periodic checks of the fulfillment of tasks of analysis and forecasting of the situation and timely notification of the bank's governing bodies.

In the process of current control, the system for monitoring the competitiveness of the quality and cost of products offered by the bank is checked in the functional divisions of the bank. In addition, the timeliness of the response of these divisions to the actions of competitors, as well as to changes in economic conditions in the non-financial sector, is assessed.

Subsequent control comes down to comparative analysis conclusions and recommendations of analytical units and real development situation, resulting in an appropriate assessment.

A separate function of the internal control service is participation in the coordination of internal bank regulations and procedures with interested divisions of the bank. this work precedes preliminary control, since it determines the algorithm of employee actions and control mechanisms designed to prevent violations in these actions.

At the same time, the internal control service should pay attention to the sufficiency of such control mechanisms. It is clear that all internal bank regulatory documents must be checked for compliance regulations legislation of Russia, the Central Bank and international acts and documents.

In conclusion, I would like to note that the result of the functioning of the bank’s internal control system should be the organization of continuous and constant control over banking and administrative and economic activities. The list of the above problems that arise during such an organization is far from complete. For example, the problems of corporate governance and the control carried out within its framework are currently not resolved for a number of reasons (lack of appropriate state legislation and experience of corporate governance in Russia, poor transparency of accounting (due to the fact that the transition to IFRS standards will take place only in 2004 d) and traditions of widespread provision of it to third parties, etc.).

A.A. ARSLANBEKOV-FEDOROV,
expert of the Internal Control Service of Vneshtorgbank, candidate economic sciences, Master of Business Administration.

Taxi Airplane Calling a taxi? Today this is not a problem! Thanks to the well-established service of the Airplane Taxi company, you can call a taxi in Lyubertsy, microdistrict. Krasnaya Gorka, Lyubertsy 2015-2016, Tomilino, Lytkarino, Nekrasovka, Kozhukhovo, Zhulebino and other surrounding areas at any time of the day - simply and quickly.

Internal control and audit of VTB Group operates on the basis of the best global practices and fully complies with the requirements Russian legislation, as well as legislative and regulatory acts of the countries where the Group operates. The order of interaction and subordination of the elements of the internal control system ensures the necessary level of their independence, which allows the entire system to function as efficiently as possible.

VTB Group's internal control system ensures:

• efficiency and effectiveness of the Bank and VTB Group;
• effectiveness of asset and liability management (including asset security) and risk management;
• reliability, completeness and timeliness of provision of financial and management information and reporting;
• information security;
• compliance with laws, regulations, rules and standards;
• excluding the involvement of VTB Group and its employees in illegal activities.

The VTB Group Management Committee has a Coordination Commission for Internal Control and Audit, which ensures the effective functioning of the internal control and audit system in the Group, as well as the practical interaction of relevant specialists.

The main objectives of internal control and audit of VTB Group are:

• independent assessment effectiveness of internal control, risk management, accounting and reporting systems, business processes, activities of departments and employees, as well as assessment economic feasibility and the effectiveness of transactions and transactions performed;
• checking the reliability of internal control over the use of automated information systems, as well as checking the methods used to ensure the safety of property;
• monitoring the main areas of risks and control mechanisms in order to identify shortcomings in the internal control system, new risks, as well as create preventive control mechanisms to prevent risk events;
• developing recommendations for improving and increasing the efficiency of the systems, processes, procedures, transactions and activities of the Group’s divisions and employees;
• organizing effective interaction with external regulatory authorities and external auditors.

Internal control and audit of VTB Bank

In accordance with the Charter of VTB Bank, the system of internal control bodies of the Bank includes:

• management bodies of the Bank (General Meeting of Shareholders, Supervisory Board, Management Board, sole executive agency Bank – President – ​​Chairman of the Board);
• Audit committee;
• Chief Accountant(his deputies);
• heads of branches (their deputies) and chief accountants of branches (their deputies);
• structural divisions (responsible employees) of the Bank exercising internal control.

Audit Committee

Responsibility for the proper functioning of the internal control system lies with the VTB Bank Supervisory Board. For a full-scale analysis and maintenance of an effective internal control system, there is an Audit Committee within the structure of the Supervisory Board.

More detailed information the composition of the Audit Committee and its activities is contained in the “Supervisory Board” section.

Audit committee

Control over the financial and economic activities of VTB Bank is carried out by the Audit Commission. The Audit Commission checks the Bank’s compliance with legislative and other acts regulating its activities, the establishment of internal bank control, the legality of transactions performed by the Bank (complete or spot check). The Audit Commission is elected at the annual General Meeting of Shareholders of the Bank, which determines its size and composition for the period until the next annual General Meeting of Shareholders.

In accordance with the decision of the annual General Meeting of Shareholders of the Bank, held on June 19, 2014, for the first time the Audit Commission included a representative of VTB minority shareholders. The shareholders elected the following composition of the Audit Commission:

• Platonov Sergey Revazovich – Chairman of the Audit Commission, Deputy Director of the Department financial policy Ministry of Finance of the Russian Federation;
• Volkov Leonid Valerievich – authorized representative Chuvash Republic under the President of the Russian Federation, member of the Advisory Council of Shareholders of the Bank (representative of minority shareholders of the Bank);
• Evgeniy Shlemovich Gontmakher – Deputy Director of the Institute of World Economy and international relations Russian Academy of Sciences, Deputy Director of the Kudrin Foundation for Support of Civil Initiatives, Member of the Board of the Institute modern development;
• Kant Mandal Denis Rishievich – Head of the Department for Privatization of Organizations of Regulated Industries of the Department of Property Relations and Privatization largest organizations Federal agency on management state property;
• Krasnov Mikhail Petrovich – Director of the Company “VERISEL S.A.” (Switzerland), member of the Board of Directors of JSC Russian Aircraft Corporation MiG;
• Sabantsev Zakhar Borisovich – head of the monitoring department banking sector, summary and analytical work of the Department of Financial Policy of the Ministry of Finance of the Russian Federation.

In connection with the election of a new composition of the Audit Commission by the annual General Meeting of Shareholders, the following resigned from the Audit Commission in June 2014:

• Marina Aleksandrovna Kostina – Deputy Head of the Department of Industry Organizations and Foreign Property of the Federal Agency for State Property Management;
• Alexey Borisovich Mironov – member of the Board of Directors of OJSC Roskhimzashchita Corporation, CEO LLC "YB";
• Tikhonov Nikita Vadimovich – head of the department of the Financial Policy Department of the Ministry of Finance of the Russian Federation;
• Turukhina Maria Aleksandrovna – head of the department of financial and credit organizations, oil, gas, fuel and energy, coal industry and natural resources Directorate of Industry Organizations and Foreign Property of the Federal Agency for State Property Management;
• Filippova Olga Yurievna – member of the Audit Commission.

In 2014, no remuneration was paid to members of the Bank's Audit Commission.

Information about the Bank's Audit Commission can be found in more detail on the VTB Bank website at: http://www.vtb.ru/ir/governance/control/revission_commition/.

Internal Audit Department

To assist government authorities in ensuring efficient work VTB Group has an Internal Audit Department (IAD) in the Bank. VAD monitors the internal control system, audits, and also provides independent recommendations on improving banking activities and control procedures.

VAD is an independent structural division of VTB Bank and is directly accountable to the Supervisory Board. The Supervisory Board approves the VAD work plans, monitors their implementation, reviews the VAD reports on the results of audits and monitoring of the internal control system, as well as on the implementation of the VAD recommendations to eliminate identified deficiencies.

The structure of the VAD includes divisions responsible for ongoing monitoring, coordination of internal control systems in the Group, and audits. In order to increase the efficiency of monitoring the internal control system in the Bank's regional network, some of the VTB employees work on a permanent basis in VTB's territorial divisions.

The competence of the Internal Audit Department includes:

• checking and assessing the effectiveness of the internal control system;
• checking the effectiveness of the banking risk management system;
• checking the accuracy, completeness, objectivity and timeliness of accounting and management reporting;
• checking compliance with the requirements of the legislation of the Russian Federation, regulatory acts and supervisory authorities;
• checking the adequacy and reliability of the internal control system over the use of automated information systems;
• ensuring uniformity of approaches to organizing internal control in the VTB Group.

The Department of Internal Affairs interacts with the Audit Committee and the external auditors of the Bank in terms of providing information about the internal control system, as well as the main deficiencies identified by the Department during the period audited by the auditors.

Compliance control

The main goals of the VTB Group compliance control system are:

• compliance of the activities of the Group companies with the legislation of the country of registration, internal documents of the companies, standards self-regulatory organizations, customs of business activity;
• efficiency of regulatory (compliance) risk management;
• creating and maintaining an effective management information and reporting system;
• excluding the involvement of VTB Group and the participation of its employees in illegal activities, including manifestations of corruption, misuse insider information and market manipulation;
• maintaining the high reputation of VTB Group and increasing it investment attractiveness in the financial market.

The functional coordinator for compliance for VTB Group companies is the Compliance Control Department of VTB Bank.

Under the Management Committee of the VTB Group, a Coordination Commission for Compliance and Internal Control has been created and is functioning in order to combat money laundering and the financing of terrorism, at the meetings of which issues also fall within the competence of the compliance companies of the Group.

In 2014, the Coordination Commission held two in-person and five absentee meetings on compliance and internal control to combat money laundering and the financing of terrorism, as well as two internships and three round tables with the participation of representatives of VTB Group companies.

The basic requirements for organizing the compliance system, standards and principles of its functioning in the VTB Group, distribution of powers and areas of responsibility are enshrined in the Group’s internal documents. In 2014, in order to reflect the new Bank of Russia requirements for internal (compliance) control, the VTB Group updated the following compliance documents:

• The concept of consolidated management of the compliance function of VTB Group;
• Regulations for interaction between VTB Group companies in the functional area of ​​compliance.

External auditor

To conduct an audit and confirm the reliability of the annual financial statements, VTB Bank engages an independent professional auditing organization - an external auditor.

In accordance with current legislation, the selection of an auditor is carried out on the basis of an open competition. The procedure for holding the competition is regulated by Federal Law No. 44-FZ dated April 5, 2013 “On the contract system in the field of procurement of goods, works, and services to meet state and municipal needs.”

As part of the preparation for the competition, VTB Bank is developing competition documentation. Review of the tender documentation and the initial price of the contract for the provision of audit services is carried out by the Audit Committee of the Supervisory Board. An open competition for the selection of an auditor is held by the Bank's Tender Committee.

During the competition, members of the commission review applications received from competition participants. Based on the criteria specified in the tender documentation, applications are compared and the participant who offers the best financial and technical specifications. The audit organization selected based on the results of the competition is recommended by the Supervisory Board for approval by the annual General Meeting of Shareholders.

Based on the results of the audit of the financial and economic activities of VTB Bank, the external auditor prepares a conclusion, which is submitted to the Audit Committee for a preliminary assessment. Prepared audit report sent to the Supervisory Board, and also presented at the annual General Meeting of Shareholders of the Bank.

In 2014, Ernst & Young LLC, a Russian company, was approved as the external auditor of VTB Bank. subsidiary one of the world's leading audit firms, EY company.

EY's Russian subsidiaries have been the auditor of VTB Bank since 2003. The company has no other property interests in VTB Bank, except for payment for audit services, and has no affiliation relations with the Bank, members of its management bodies and VTB subsidiaries.

Anti-money laundering

VTB Group attaches great importance to activities to combat money laundering and the financing of terrorism.

As part of coordinating the activities of the Group's companies in this area, VTB Bank develops uniform group-wide financial monitoring standards and ensures their compliance by subsidiaries. Constant communication and exchange of information between the relevant divisions of the Group companies allows us to effectively manage the risks of money laundering and terrorist financing on a systematic basis.

Paying great attention to the quality of the client base, VTB Bank and its subsidiaries implement all the necessary procedures as part of the program for identifying and studying clients, and also carry out systematic work with correspondent banks.

All internal projects regulatory documents, defining the procedure for providing banking products and services undergo mandatory examination to determine the possibility of using the relevant product (service) for carrying out operations for laundering criminal proceeds. If necessary, measures are taken to minimize potential risks.

IN reporting period VTB Group provided effective management risks of involvement in the process of money laundering and terrorist financing.

In 2014, due to changes in the organization of internal control, the Bank of Russia separated the concepts of internal control and internal audit, which until recently were recognized by the Bank of Russia as synonyms. As a result of amendments to Regulation No. 242-P, the internal control service was separated from the internal audit service.

Internal audit in a bank is an independent assessment of the internal control system established in commercial bank. The main focus of internal audit is the analysis of information systems, including the accounting system and related types of controls, the study of financial and operational information, and the study of the economy and efficiency of operations.

Internal audit includes:

• Monitoring management control;
• Anticipation, identification and assessment of risks;
• Investigation of actual and potential control lapses and risk events;
• Providing recommendations for changing internal processes, procedures and control systems in the bank, improving risk response.

Internal audit, first of all, is obliged to check, evaluate and prepare reports on:

• bank compliance current legislation and regulations;
• risk identification and management systems;
• work in the bank's internal control system for risk management;
• systems and procedures for protecting the assets of the bank and its clients;
• systems and procedures to ensure the adequacy and reliability of accounting data for internal and external users.

The internal audit service is responsible for organizing cooperation with control services, both inside and outside the bank (independent external auditors, relevant divisions of the Bank of Russia; bank control and audit services; bank security service and others). The head of the internal audit service is responsible for organizing and managing the cooperation process within the bank.

The effectiveness of IAS activities depends entirely on compliance with generally accepted performance standards, as well as compliance with certain regulatory requirements.

The internal audit service must have an independent status in relation to those divisions that it inspects, therefore the heads of bank divisions do not have the right to influence the content and scope of inspections carried out by the internal audit service. But nevertheless, the Internal Control Service assists the bank’s staff and management in the effective performance of their duties by providing the results of analysis, assessment, recommendations and business comments in connection with the audited activities.

A necessary condition for the quality work of audits and auditors is a deep knowledge of banking activities, both from the point of view of technical knowledge and from the point of view of updating legislative acts. The head of the Internal Audit Service is obliged to maintain not only his level of professional training, but also the level of training of all service personnel.

ANO DPO "ISBD" offers to pass basic course advanced training for managers and employees of the Internal Audit Service “Internal audit: advanced experience and best international practices.” During the event, listeners will be able to familiarize themselves with examples and methods of advanced Russian and international practices in the field of internal audit on risk-based planning, risk-based internal audit, and also learn about the latest international trends related to the transformation of internal audit functions and tasks, including trends in organizational structure. The key skills of an effective internal audit manager will also be reviewed and developed.

A set of training seminars in the format of advanced training for internal audit “Features of internal audit in credit organization V modern conditions" A complete overview of inspection programs in the main areas of activity of a credit institution will be given with practical samples and materials for all participants (“Methodological support for conducting inspections of the Internal Audit Service in a commercial bank”); considered the basic requirements for the ICAAP of a credit organization in accordance with Directive No. 3624-U with detailed recommendations on the ICAAP for the work of the internal audit service, features of the audit of an ICAAP organization (“Internal procedures for assessing capital adequacy (ICAAP) in accordance with the Directive of the Bank of Russia dated April 15, 2015 No. 3624-U: aspects of internal audit"). The audit topic will be discussed separately automated systems and features of internal audit in the conditions of electronic banking (“Principles of internal audit of banking automated systems and electronic banking systems”).

Based on the experience of conducting events, the event “Assessment of the total level of risks within the framework of internal procedures for assessing capital adequacy (ICAAP)” will be of particular interest to IAS management specialists. A comprehensive overview of changes to internal capital adequacy assessment procedures will be presented, summarized practical experience largest banks of the Russian Federation and answers to questions on the Bank of Russia’s assessment of the quality of ICAAP and capital adequacy are given.

All activities that constitute advanced training meet the latest requirements of the Law “On Education” and established requirements Regulator (in accordance with the Directive of the Bank of Russia dated July 12, 2016 N 4067-U “On amendments to the Directive of the Bank of Russia dated April 1, 2014 N 3223-U “On the requirements for the heads of the risk management service, the internal control service, the internal audit service of the credit organizations")

ANO DPO "ISBD" proposes to separately consider the event for internal audit specialists of professional participants in the securities market "Internal control and internal audit of a professional participant in the securities market." A representative of the Bank of Russia will give detailed explanations on the requirements for internal documents of a professional participant in the securities market, which determine the procedure for implementing internal control and audit in financial organization.

Each of the training seminars includes a review of Bank of Russia regulations governing the activities of IAS in credit institutions.

In addition, every month the Institute conducts more than 100 seminars for financial organizations that will help internal auditors understand the theoretical and practical nuances the work of each division of a financial organization, will provide in-depth knowledge in the field of constructing and assessing internal control systems and procedures.

Institute of Modern Banking Publication date: 2017-07-12

An auditing company applying for the right to conduct an audit of Sberbank is selected based on the results of an open competition. The competition documentation for holding an open competition for the selection of an auditor is approved by the Sberbank competition commission for the purchase of goods, performance of work, provision of services and is published on the official website of the Bank. The audit organization selected based on the results of an open competition is approved by the Management Board, the Supervisory Board Audit Committee, the Supervisory Board and submitted for approval to the annual general meeting of shareholders.

Annual general meeting of Sberbank shareholders, held on May 24, 2019, the auditor of the Bank for 2019 and the 1st quarter of 2020 was approved as the audit organization JSC PricewaterhouseCoopers Audit.

Audit committee

According to paragraph 1 of Article 85 Federal Law“On joint stock companies” in a public company An audit commission may not be created if its existence is not provided for by the charter of the public company.

The annual general meeting of shareholders of Sberbank on May 24, 2019 adopted a decision to approve the Bank’s Charter in a new edition, which does not provide for the formation of an Audit Commission in the Bank. In this regard, starting from 2019, the Audit Commission in Sberbank is not elected.

Internal Audit Service

The Internal Audit Service is entrusted with the functions of checking and assessing the effectiveness of the internal control system, risk management systems, information security systems, the reliability of accounting and reporting, and a number of others control functions, including functions of monitoring compliance with internal control procedures over financial and economic activities.

Internal Control Service

The Internal Control Service is entrusted with the functions of ensuring compliance of Sberbank’s activities with legislation, regulation and best practices, as well as creating and applying effective methods and mechanisms for managing the bank’s risk of losses due to non-compliance with legislation, internal documents bank, standards of self-regulatory organizations and/or the application of sanctions and/or other measures of influence by supervisory authorities.

Risk Management Service (Block “Risks”)

For the purpose of risk management, the Bank operates the “Risks” Block, which is a set of structural divisions of the bank, as well as committees whose main function is risk management.

Head of the Internal Audit Service of Samruk-Energy JSC

He has been heading the Service since 2012. Member of the international Institute of Internal Auditors (IIA). Holds an international certificate internal auditor CIA, Diploma of the International Institute of Audit and Management IFA (DipIFA), international certificate CAP ESSBA.

In modern conditions economic situation, when both the external and internal environment of the Company are faced with risks of the widest range, we recognize the importance of the role of internal audit in achieving the strategic goals of the Company. Today, the Company's internal audit is an effective tool designed to identify opportunities to improve the efficiency of the Company's activities.

Our Internal Audit Team consists of qualified, experienced professionals.

The activities of the Internal Audit Service are built on the International Foundations of Professional Practice of Internal Auditing and are recognized as complying with the International professional standards internal audit.

Using our skills and knowledge, we bring benefit to the Company by providing independent and objective guarantees and advice aimed at improving risk management, internal control and corporate governance systems in the Company and its subsidiaries and affiliates.

The service is functionally accountable to the Board of Directors of the Company, administratively – to the Management Board of the Company. The activities of the Service are supervised by the Audit Committee. The head and employees of the Service are appointed by the Board of Directors.

In 2016, the number of the Service was 7 people.

Internal auditors carry out continuous Professional Development. Thus, employees of the Service have an international certificate of internal auditor CIA, diplomas from the International Institute of Audit and Management IFA (DipIFA), an international certificate CAP ECCBA, diplomas from the Institute of Financial Managers of Great Britain (DipPIA and DiPCPIA).

The main functions of the Internal Audit Service are:

• Assessment of risks, adequacy and effectiveness of internal control over risks in the field of corporate governance, operational (production and financial) activities of the Company and its subsidiaries and affiliates, as well as their information systems;
• Carrying out, in the prescribed manner, an assessment (diagnosis) of the corporate governance system in the Company and its subsidiaries and affiliates, including assessment of the implementation and compliance with the accepted principles of corporate governance, relevant ethical standards and values ​​in the Company and its subsidiaries and affiliates;
• Verification of compliance with the requirements of the legislation of the Republic of Kazakhstan, international agreements, internal documents of the Company and its subsidiaries and affiliates, as well as compliance with the instructions of authorized and supervisory authorities, decisions of the bodies of the Company and its subsidiaries and affiliates, as well as assessment of systems created in order to comply with these requirements;
• Assessing the adequacy of the measures taken by the divisions of the Company and its subsidiaries and affiliates to ensure the achievement of the goals set for them within the framework of the strategic goals of the Company and its subsidiaries and affiliates.

Annual risk-based audit plans are reviewed and approved by the Company's Board of Directors.

All planned audit assignments were completed in full.

In carrying out its functions, the Service confirmed to the Board of Directors its independence from the influence of any persons.

The KPIs of the Service and its head are established taking into account the strategic goals of the Company. The Board of Directors of the Company assessed the activity of the Service as “effective”.

Working with the Company's trust mail

The service is authorized body for consideration, monitoring and control over the consideration of requests received at the Company's trust mail. In 2016, 45 applications were received and considered.