The purpose of an internal audit is to assist the Board of Directors and executive bodies in enhancing the efficiency of the Company’s management and in improving its financial and economic activities by using a systematic and consistent approach to the analysis and assessment of the risk management and internal control systems, as well as corporate governance, as tools to provide reasonable assurance that the Company will achieve the goals it has set.

In 2018, the Company established the Internal Audit Department (formerly the Internal Audit Division), whose main task is to provide the Board of Directorsvia the Audit Committee of the Board of Directors, the CEO, and the Management Board with independent, objective, reasonable, and substantiated analysis and advice that aim to improve the Company’s operations.

The Internal Audit Department is administratively subordinate to the Company’s CEO and functionally subordinate to the Company’s Board of Directorsvia the Audit Committee of the Board of Directors.

In October 2018, the Board of Directors approved a new version of the Internal Audit Regulation of PJSC “Magnit,” which defines the goals, objectives, powers, responsibilities, and status of the PJSC “Magnit” Internal Audit Department.

Per this regulation, the main objectives of the Internal Audit Department are:

• To provide support to all of the Company’s structural units and employees, management, the Audit Committee of the Board of Directors, and the Board of Directors by conducting audits, analyses, and evaluations, providing consultations, and drafting recommendations to improve the Company’s internal control and risk management system and its business processes.
• To provide assistance in the timely identification and analysis of risks that affect the reliability of financial and management information, the safeguarding of assets, compliance with legislation and in-house policies and procedures, the execution of financial and business plans, and the effective use of resources.

To perform its tasks, the Internal Audit Department performs the following key functions:

• Preparing an annual internal audit plan on the core of a risk-based approach and conducting internal audits in accordance with the approved plan;
• Tracking major changes within the Company in order to update the audit plan, identify risk areas, and inform management of any problems that may arise in a timely manner.
• Preparing and conducting training presentations and sessions on the internal control and risk management system;
• Maintaining a high level of knowledge and skills in matters concerning internal audit among department employees for the effective performance of the functions specified in this document.
• Providing methodological support in the organization of the internal control and risk management system.
• Organizing a monitoring system to introduce the recommendations of the Internal Audit Department and monitor their implementation.
• Providing assistance in the selection of external auditors and consultants as well as preparing and presenting the selection results for review by the Company’s management and Audit Committee.
• Interacting with external auditors and consultants on matters concerning internal audit, the provision of audit-related services, and consulting services;
• Preparing reports on the results of the Department’s work on a monthly, quarterly, and annual basis and regularly submitting to the Company’s management, Board of Directors, and Audit Committee to discuss the results and recommendations. Notifying the Audit Committee and Board of Directors in a timely manner about any disputes or difficulties that arise in the process of implementing the internal audit plan;
• Preparing information for the Company’s management, Audit Committee, or Board of Directors based on special requests, including unscheduled performance evaluations and recommendations on ways to improve individual components of the internal control and risk management system.

The Director of the Internal Audit Department regularly reports to the Chairman of the Audit Committee and takes part in meetings of the Audit Committee to present the results of the work conducted by the internal audit system upon conclusion of internal audits. The Audit Committee regularly analyzes and discusses the effectiveness of internal audits jointly with the Director of the Internal Audit Department.

In 2018, the Internal Audit Department primarily focused its efforts on updating the methodological framework for conducting scheduled audits and providing consulting services that aim to improve the Company’s business.

The Company also continued to implement a set of measures in 2018 to improve the efficiency of the business process internal control system.

Efficiency assessment

The Internal Audit Division (whose functions were subsequently transferred to the Internal Audit Department) conducted an assessment of the effectiveness of the internal control and risk management system at PJSC “Magnit” and its subsidiaries for 2017 based on the principles of the Corporate Governance Code and the relevant international concepts and standards, Information No. PZ-11/2013 of the Ministry of Finance of the Russian Federation “Organization and Implementation by an Economic Entity of the Internal Control of Business Operation Items, Accounting, and the Preparation of Accounting (Financial) Statements,” the COSO concept of “Internal Control – Integrated Model,” and the COSO concept of “Organizational Risk Management – Integrated Model.”

The assessment was carried out through a breakdown of the components of internal control and risk management processes: internal (control) environment, goal-setting, event definition, risk assessment, risk response, means of control, information, communications, and monitoring. The assessment highlights the parameters of the components of internal control and risk management process and identifies the current state of the parameters describing the level of organization and functioning of the internal control and risk management system.

Based on the assessment results, the current level of organization and functioning of the internal control and risk management system is recognized as well-established and consistent with the Company’s needs.

The report on the assessment of the effectiveness of the internal control and risk management system of PJSC “Magnit” and its subsidiaries for 2017, which contains the results of the assessment, was reviewed by the Company’s Board of Directors at a meeting on March 23, 2018. After reviewing the report, the Board of Directors endorsed the results of the assessment of the effectiveness of the system and the measures proposed for its improvement.

In December 2018, the Board of Directors approved the action plan for the Internal Audit Department for 2019.

Remuneration in 2018