The Company’s internal control and risk management system is set up to provide reasonable assurance that the Company fulfils its mission and values, whilst meeting business targets. The system gives an accurate, fair and clear representation of the Company’s current affairs and prospects, whilst also ensuring the integrity and transparency of Magnit’s accounts and reports. Finally, the system establishes a reasonable and acceptable Company risk level.
The Company’s Board of Directors and Management Board ensure the effective operation and development of the internal control and risk management system. This helps control the Company’s strategic and operational goal achievement, the reliability of information disclosure and compliance with external and internal requirements.
In the process of creating shareholder value, the Company makes management decisions based on a number of mixed factors that can have both a positive and negative impact on progress towards the set goals. One of the ways to reduce uncertainty caused by such factors is to raise the awareness of shareholders, management and employees of such factors and assess their potential impact.
The Company adopts a consistent approach to the organisation of internal control and risk management with a focus on five key components.
The control and risk management system is governed by the following internal regulations:
Internal Control and Risk Management PolicyApproved by the Board of Directors on 12 December 2019 (Minutes w/o No. dated 13 December 2019).
Regulations on Process-Oriented Risk Management
Risk Register
Core principles:
comprehensive and continuous operation. Risk management and internal control are undertaken on a constant and cyclical basis and cover all areas of the Company’s business operations across the governance hierarchy;
integration with governance. Risk management is an integral part of the decision-making process. It supports sound management decisions and factors in the probability and consequences of risks;
distinction of decision-making levels. Risk management decisions shall be made at various governance levels subject to the significance of the risk and area of the Company’s business activities;
responsibility. All subjects of internal control are responsible for compliance with risk management and internal control standards and approaches within their respective remit;
distribution of responsibilities and powers. The responsibilities and powers of the internal control and risk management bodies are distributed to eliminate or reduce the risk of error and/or fraud;
balance between risk exposure and profitability. Risks in each area of the Company’s business activities are monitored with a focus on the risk/profitability ratio;
risk-focused approach. Control procedures shall be established for business lines based on their significance in terms of the Company’s operational efficiency;
reasonable assurance. The Company relies on high rather than absolute confidence regarding the reliability of risk management and internal control;
ongoing improvement. The Company constantly monitors its risk management system and works out new ways for its improvement and development.
The Company applies a three lines of defence model A control model developed and recommended by the Institute of Internal Auditors (IIA). to coordinate risk management and internal control processes by clearly defining and delimiting respective functions and responsibilities.
Risk management system improvement
We continue to improve our internal control and risk management systems to reflect the scale of our business, retail focus, diversified lines of operations, and regulatory environment.
Work completed to update the Internal Control and Risk Management Policy to be submitted to the Board of Directors
Internal Control and Risk Management Policy updated
Risk registers of the Company and its subsidiaries updated
Internal control projects successfully implemented
Initiative completed to integrate risk management into project management
Risk management workshops held for some of the Company’s units
Risk management training course developed for the Corporate Academy.