Risk management

Risk management system

As part of its corporate governance framework, the Company has in place a risk management and internal control system (“RMICS”) to provide reasonable assurance that the Company will achieve its goals (while balancing costs and benefits), including those in the sustainable development realm.

RMICS is integrated into operational and project activities as well as strategic planning, helping to improve the quality of identification and assessment of risks and their root causes and contributing to their timely processing through the analysis and refinement of business processes taking into account external and internal factors.

The existing RMICS ensures the Company’s robust operations and improves operational efficiency by creating and supporting a risk‑oriented culture, values, and behaviours at all organisational levels.

Risk management process

Risk management is integrated into the Company’s business processes and is an ongoing exercise that meets the requirements of internal regulatory documents.

As part of the risk management process, risks are identified, assessed, responded to, and monitored, with reports developed to be subsequently reviewed by executive bodies, the Audit and Risk Committee of the Board of Directors, and the Board of Directors. The reports are also provided to external stakeholders and include exhaustive information about the risks, risk response measures, and RMICS performance.

Ongoing information exchange, consultations, vertical and horizontal interaction of RMICS participants are not limited by reporting periods due to continuous risk management and internal control.

RMICS assessment

To enhance the effectiveness of RMICS and to develop and prioritise improvement measures, an annual internal assessment (self‑assessment and internal audit) is conducted. External assessment is subject to resolution by the Board of Directors.

The results of internal assessment are annually discussed by the Board of Directors following a preliminary review by the Board’s Audit and Risk Committee.

In 2023, the internal assessment of the risk management and internal control system was carried out by Zheldoraudit in accordance with the Internal Audit Manual on Assessment of the Risk Management and Internal Control System. The internal audit team assessed RMICS for compliance with established requirements and the effectiveness of risk management with respect to Russian Railways’ individual business processes.

The internal assessment resulted in the internal audit report on RMICS current status, compliance with the main RMICS requirements, and the opinion on efficient development of Russian Railways’ RMICS.

In addition, the Audit Commission of Russian Railways inspects and analyses the functioning of the internal control system and the financial and operational risk management system. The commission keeps the shareholder, the Board of Directors, and the Chief Executive Officer of Russian Railways updated on proposals aimed at enhancing the internal control system.

In line with the Three Lines of Defence model, external oversight (including regular audits of certain projects) contributes to continuous improvement of RMICS.

For more details on risk management and RMICS improvements in the reporting year, see the Risk Management section of Russian Railways’ 2023 Annual Report.

Sustainability risks

As a leader of the global railway transportation market and one of Russia’s backbone local players, Russian Railways helps achieve important social and economic goals and ensure transport accessibility of cities and regions. Being a major taxpayer, we place special emphasis on the professional development and safety of our employees.

We take into account all stakeholder interests, analyse risks, and take stronger effort towards sustainability. This helps us identify growth points and take advantage of new opportunities while striking a balance between such opportunities and related risks.