The corporate risk management system is based on generally accepted international standards:
- Enterprise Risk Management Integrated Framework (COSO ERM, 2004, The Committee of Sponsoring Organizations of the Treadway Commission);
ISO 31000:2009Risk Management. Principles and guidelines (ISO 31000:2009, 2009, International Organization for Standardization).
The risk management approaches are formulated in the Concept and Policy of the Corporate Risk Management System approved by the Company's Board of Directors on 18 November 2013, taking into account changes and supplements as at 31 December 2020.
Principles of risk management:
- systematic approach
- balance, depth and completeness of the process;
- clear distinction of powers and decision-making levels;
- integration with the internal control system;
- comprehensive system type.
Risk Management System
Roles of Corporate Risk Management System Members
Board of Directors
Management and monitoring of the Company’s critical risks, approval of risk maps and risk management measures, and adoption of governing documents on risk management
Recommendations for the Board of Directors on the operation of the risk management system, review of the report on realised risks, recommendations for the Board of Directors on the approval of the corporate risk map
President, Director, Management Board
Responsible for the effective management of the Company’s risks
Preliminary consideration of all issues related to the system operation, management of minor and acceptable risks, preliminary consideration of critical risks, review of risk reports, prior approval of the corporate risk map
Risk Owners (Management)
Identification, assessment, description, prevention and management of risks
Employees of the Company
Identification and prevention of risks, implementation of risk management initiatives
Risk Management and Business Process Optimisation Service
Organising and maintaining the risk management system and coordinating its processes, preparation of materials for meetings of the Audit Committees and the Board of Directors, consolidation of information, and working with risks, risk owners, creation of the corporate risk map
Internal Control and Audit Service
Assessment of the risk management system in the Company
Independent External Auditor
Recommendations on organising the risk management system
Development of the Risk Management System
In 2020, the Company established the Risk Management and Business Process Optimisation Service in order to further improve the risk management system. The main objective of the Service in terms of the Company's corporate risk management system is to ensure the continuous functioning and timely development of the system for achievement of the Company’s goals.
In 2020, the Company's main efforts in improving the corporate risk management system were aimed at further integrating risk management into the Company's business process system. In 2021, it is planned to introduce a new automated risk management system and improve the internal risk regulatory documentation based on the updated COSO ERM 2017 concept and changes in international risk management standards ISO 31000:2018.
Map A detailed risk report is set out in the 2020 Corporate Risk Map appendix.
TransContainer defines three risk types: critical, acceptable and minor ones depending on the likelihood of their occurrence and the potential damage from their realisation.
|Category||Management control||Risk assessment based on the amount of material damage and the likelihood of occurrence|
|Critical risks||Board of Directors|| more than 380 million rubles with any probability of occurrence; |
or more than 200 million rubles with a probability of occurrence of more than 5%;
or more than 100 million rubles with a probability of more than 80%
|Acceptable risks||Audit Committee|| from 100 million to 380 million rubles with a probability of 0 to 5%; |
from 50 million to 200 million rubles with a probability of 5 to 80%;
or less than 100 million rubles with a probability of more than 50%
|Minor risks||Risk Committee|| less than 100 million rubles with a probability of less than 5%; |
less than 50 million rubles with a probability of less than 50%
In line with the generally accepted standards, the risks are classified into strategic, operational, regulatory and financial.
In 2020, the corporate risk map saw the following changes.
The risk “Sanctions and restrictions imposed by customs authorities related to international cargo transportation” (minor risk) is excluded.
- "Adjustment of customs value" that may occur when purchasing large-capacity containers (critical risk);
- "Failure by customers to provide customs authorities with transportation documents with preliminary information on cargo and transit declarations until the import cargo arrives to the checkpoint" (acceptable risk).
Implementing Critical Risks during 2020
Early in November 2020, Russian Railways Logistics (a subsidiary of Russian Railways) registered a new operator in the container market – Russian Railways Business Asset. The creation of a new container operator by a monopoly can have a significant impact on the container transportation market. The Company monitors the situation with changes in competition and takes steps to increase the competitiveness of its own services.