RU

Internal Control System

The internal control system of MTS PJSC (ICS) represents a combination of internal-control processes implemented by ICS entities based on the existing organizational structure, internal policies and regulations, internal-control and risk-management procedures and methods applied within the Company at all management levels and as part of all functional areas.

The establishment and efficient operation of the internal control system are designed to ensure reasonable confidence in the achievement of objectives set by the Company and to ensure proper control over the financial and economic activities of the Company, as well as its efficiency.

The internal control system of MTS PJSC represents a combination of interrelated components, the structure of which meets the general accepted methodology COSO Internal Control — Integrated Framework 2013. In accordance with COSO model, a control environment is established, the risk assessment system is applied, control procedures are implemented and their performance is monitored, and changes in organizational structure and business processes are monitored.

Under the internal control system, a range of anti-corruption measures mitigating reputational risks and risks of sanctions for bribery of officials against MTS PJSC. For the purposes of counteraction to abuses, authorization of transactions and operations, distinction of powers and rotation of duties, control over the actual availability and condition of facilities is implemented.

MTS PJSC approved the Policy for complying with anti-corruption legislation defining measures aimed at establishing elements of the corporate culture, organizational structure, rules and procedures assuring non-admission of corruption.

For a comprehensive, independent evaluation of the reliability and efficiency of the risk-management and internal-control system and of the corporate-governance practice of MTS PJSC, the Internal Audit Block (IAB) of MTS PJSC uses the results of the completed audits to generate a report on the level of maturity within the Company as a whole. The Internal Audit Block is an individual structural division of MTS PJSC functionally reporting to the Board of Directors and administratively — directly to the President of MTS PJSC.

For some areas, the Internal Audit Block of MTS not only holds the leading positions in Russia, but also meets the strictest global standards of quality in terms of setting objectives and performance of tasks, communications building, and also organization of the work and status of the Internal Audit Service. The Internal Audit Block of MTS successfully underwent an external independent evaluation – activities of the subdivision were recognized as compliant with the International Professional Standards of Internal Audit and Code of Ethics, Institute of Internal Auditors, the reputable international professional association.

Following the results of 2021, an employee of the Internal Audit Block of MTS won the nomination “Internal Auditor of the Year” as a part of the IX National Prize organized by the Institute of Internal Auditors Association with the support of the Russian Union of Industrialists and Entrepreneurs and the Moscow Exchange. The national award is an integral part of the promotion of the internal auditor profession in our country, and an important component in assessing the personal contribution of internal auditors and internal audit services to the development of the profession.

The Audit Committee at the Board of Directors of MTS PJSC biannually reviews reports on the operation of the Internal Audit Block, Internal Control Systems Department, Ethics & Compliance Department and Risk Management Unit and generates conclusions on the efficiency of the internal control and audit function, risk management, compliance and internal control of MTS PJSC.

The Audit Committee positively evaluates the work of the Internal Audit Block in terms of evaluation of internal control, risk management, compliance and corporate governance system efficiency, and believes that the objectives of the Unit were met in full compliance with the expected results and recognizes the function as efficient.

The Audit Committee positively evaluates the work of the Internal Control Systems Department with regard to the creation, implementation and development of an effective system of internal control over the reliability of generation of financial statements for the MTS Group, including in new businesses, for 2021.

The Audit Committee positively assesses performance of the Risk Management Function as effective and fit for its purposes at the moment.

The Audit Committee positively assesses the work of the Ethics and Compliance Department and believes that the tasks of the division have been completed in full compliance with the expected results.

On a quarterly basis, the Audit Committee reviews the reports of external auditor Deloitte and Touche CIS JSC approving their performance.

The Board of Directors of MTS PJSC defines the policy in respect to internal control and audit and twice per year considers the report of the Audit Committee following the results of performance of the internal audit, risk management, business ethics, compliance and internal control functions of MTS PJSC with analysis of the existing control system and identified violations.

The Report of the Audit Commission is annually attached to the materials of the annual General Shareholders’ Meeting of MTS PJSC.

Audit Committee of the Board of Directors

The Audit Committee is a collective deliberative body of the Board of Directors. The committee was established for the purposes of assisting in efficient implementation of functions of the Board of Directors in terms of control over financial and economic activities of the Company.

For detailed information about the Audit Committee’s work results in the reporting year see the section “Committees of the Board of Directors”.

Results of evaluation by the Audit Committee of the external and internal audit process efficiency: are specified in the section “Report on the work of the Audit Committee”.

Auditing Commission

On June 23, 2021, the followings persons were elected as members of the Auditing Commission at the annual General Shareholder Meeting of MTS PJSC:

1) Irina Radomirovna Borisenkova, born in 1963, holds the position of the Chief Accountant, managing director of the Finance and Investment Complex of Sistema PJSFC;

2) Natalya Andreevna Mikheeva, born in 1983, holds the position of Director for Internal Audit of MTS PJSC;

3) Evgeny Leonidovich Madorsky, born in 1975, holds the position of the Chief Auditor of Sistema PJSFC.

Report on the operation of the Auditing Commission

In April 2021, the Auditing Commission carried out an audit of the financial and economic activities of the Company for 2020. The Auditing Committee did not record material facts of violation of accounting and financial statements submission procedures while carrying out financial and economic activities of the Company.

The Auditing Commission confirmed that the financial statements of the Company for 2020 and the Annual report on the Company’s activities for 2020, in terms of the Company’s financial statements, are authentic.

In April 2022, the Auditing Commission plans an audit of the financial and economic activities of the Company for 2021. The opinion report of the Auditing Commission will be submitted for the approval of the Annual General Shareholder Meeting of MTS in June 2022.

Internal Audit Block (IAB)

The Internal Audit Block (IAB) is an independent structural division headed by the Director for Internal Audit who is functionally subordinated to the Chairman of the Audit Committee of the Board of Directors of MTS OJSC, and administratively subordinated directly to the President of MTS PJSC.

The Internal Audit Block performs the following functions:

  • assessment of the efficiency of the internal control system, risk management and corporate governance processes by analyzing the Company’s operating activities and its information systems, achieving the Company’s strategic goals, the effectiveness and progress of projects and products, the reliability and integrity of information on the Company’s operation, the safety of assets, compliance with internal regulations, and external requirements;
  • development of recommendations for improvement of internal control, risk management and corporate governance procedures, and assistance to the management in development of corrective measures based on the results of performed audits;
  • monitoring of execution of recommendations for rectification of violations and deficiencies discovered based on audit results;
  • development and implementation of IT analytics for the purpose of continuous monitoring of risk indicators based on data from business processes and increasing the efficiency of audit procedures;
  • improvement of the internal audit methodology and the audit quality control system;
  • analysis and improvement of efficiency of the Internal Audit Block, coordination of joint work of the Block units and internal audit functions in subsidiaries;
  • registration and coordination of investigation of messages received via the Unified Hotline;
  • providing consulting services.

The IAB maintains a program to ensure and improve the quality of internal audit designed to assess the conformity of IAB with international professional standards of internal audit and the use by the IAB staff of the Institute of Internal Auditors Code of Ethics (The IIA)

Report on operation of the Internal Audit Block

During 2021, the Internal Audit Block operated in accordance with the set objectives, tasks and performed functions.

The Audit Committee reviewed the progress of implementation of strategic initiatives in the field of internal audit, including optimization of internal audit processes, improvement of the audit methodology and the process of eliminating deficiencies identified by internal audit in MTS PJSC and its subsidiaries, expansion of data analysis projects and other activities. The results of the Internal Audit Block’s operation for the first six months and in general for 2021 were inspected and approved by the Audit Committee.

In 2021 an external assessment of the quality of Internal Audit Block activities was carried out, following the results of which its activities were recognized as complying with the International Standards for the Professional Practice of Internal Auditing and the Code of Ethics of the Institute of Internal Auditors and effective in fulfilling its goals and meeting the expectations of stakeholders.

The Committee gave a positive assessment to the results of the Internal Audit Block performance and believes that the objectives of the internal audit for 2021 have been achieved in full volume.

In December 2021 the committee considered and approved the internal audit strategy, the audit plan, the key performance indicators and the budget for 2022.

Internal Control Systems Department (ICSD)

In 2021, within the framework of development of the internal control system for proving the accuracy of preparation of financial statements of MTS Group of Companies, including creation and implementation of internal control in new business types, as well as taking into account the results of management testing and external audit for 2020, changes in the organizational structure and business processes, works were performed to update and formalize control procedures aimed at coverage of essential risks, documented for SOX purposes.

Since 2018, ICSD has changed the strategy for implementing and developing ICS in new subsidiaries — management of the ICS function in subsidiaries is carried out from the CC level. This approach was maintained in 2021 as applicable to all subsidiaries included in the SOX scope of work. The strategy has proven to be effective in terms of efficient and flexible allocation of resources and optimizing the time to support the ICS in subsidiaries.

Within the framework of the works in MTS Group, more than a thousand control procedures were updated and tested. The internal control system for the purposes of 2021 financial statements reliability for MTS Group was recognized effective, no material or significant shortcomings were identified. The trend for reduction of the total number of shortcomings that do not have a significant or material impact on the MTS Group was maintained.

Significant events/projects of ICSD carried out in 2021 include the following.

  • ICS update, testing, assessment and certification were completed in the automated information system of ICS and risk management.
  • The norms of testing of the Internal Control Systems Department for the MTS Group were revised.
  • The adaptation of the regulatory documents of the Internal Control Systems Departments for subsidiaries was completed.
  • The perimeter of using the robotized solution for revision of the access rights in SOX-critical systems was expanded. Following the results of using the specified solution in the second half of 2021, the revision of the access rights of employees was completed for 8 SOX-critical systems already. Within the framework of extension of the algorithm usage field in 2022, the analysis of critical powers will also be spread over some new subsidiaries and will cover the processes for providing/maintaining access when the employees migrate between the companies of the Group. Closure of extra powers also helps to more efficiently manage the costs for purchase of software licenses.

In accordance with the approved methodology for managing the separation of powers in SOX-essential information systems, works were completed to identify and reduce conflicts of roles and powers (SOD) in the companies of MTS Group, the registers of compensating control procedures (CCP) were updated.

  • In the key ERP system of MTS PJSC, the number of SOD risks at the level of business processes was reduced in 2021 due to the analysis of the created functions/powers of the current year. The stage of automated solution development for SOD-risk matrix and powers assigned to users is in progress.
  • The automated solution was introduced to grant access rights and to do SOD-analysis in the billing system of the system using the robot by HelpDesk requests for all critical roles in real time mode. The technical analysis of the “Conflicts within the role” and conflicts between the roles was completed. The CCP register was updated.
  • For some information systems the existing role models were analyzed ahead of schedule (roles, functions, powers), as well as the primary assessment of roles and powers of the users was completed. SOD-matrices were developed at the technical and business level, recommendations were given to eliminate and reduce SOD-conflicts from the side. Works were completed to introduce recommendations and CCP.
  • Procedures were completed to mitigate SOD-risks in MTS Bank PJSC, roles were analyzed in the processing center system, the SOD-matrix was developed and introduced. Following the results of work, there are no SOD-conflicts. Works in the ERP-system continue.
  • Roles were analyzed for MGTS PJSC billing systems by extent of their impact. Excessive powers were recalled from the users, non-relevant roles were removed. As a result of the analysis, the register of potential SOD-conflicts was prepared. Identified risks were closed by existing CCP. Works were planned to establish an SOD-matrix in 2022.

The MTS Group internal control system is tested and certified in accordance with the article 404 of the Sarbanes and Oxley Act.

Based on the results of the internal evaluation and external audit opinion, the internal control system for proving the accuracy of preparation of financial statements of the MTS Group as of December 31, 2021 was found to be efficient and to have no material and significant deficiencies.

External Audit

Auditor

On June 23, 2021, the Annual General Meeting of shareholders of MTS PJSC approved Deloitte & Touche CIS Joint Stock Company as the auditor (hereinafter referred to as the “Auditor” (Location: 125047, Russian Federation, Moscow, Lesnaya Str., 5), OGRN 1027700425444, certificate of membership in the Self-Regulatory Organization of Auditors of the Association “Commonwealth” (Association) of January 31, 2020, ORNZ 12006020384.

Deloitte and Touche CIS CJSC is one of the leading audit and consulting firms providing services in the field of audit, management and financing consulting, risk management, taxation and accompanying services. It is a member of the international association Deloitte Touche Tohmatsu Limited, one of the world’s leading providers of professional services, with more than 345 thousand employees in more than 150 countries.

In the reporting year, the Auditor performed:

  • an audit of annual financial statements of MTS PJSC for 2021 prepared in accordance with the Russian Accounting Standards as per the International Audit Standards (IAS);
  • audit of consolidated financial statements of MTS PJSC and its subsidiaries prepared in accordance with IFRS for 2021, as per the International Audit Standards;
  • an integrated audit of consolidated financial statements of MTS PJSC and its subsidiaries prepared in accordance with IFRS for 2021 and efficiency of the internal control system over its preparation as of December 31, 2021, conducted in accordance with the standards of the US Public Company Accounting Oversight Board.

In March and April 2022, the Audit Committee approved the results of the external auditor based on the results of audits for 2021, including conclusions on the effectiveness of the internal control system over the formation of financial statements at the MTS Group.

Based on the results of the audits, the MTS PJSC auditor expressed opinions on the reliability of the financial statements of MTS PJSC for 2021 prepared in accordance with Russian accounting standards, and the consolidated financial statements of MTS PJSC and its subsidiaries for 2021 prepared in compliance with the IFRS.

Settlement of possible conflicts of interest of management bodies at MTS PJSC

For the purposes of non-admission of conflicts of interests, the Company holds an annual knowledge testing and certification of compliance with norms of the Code of Business Conduct and Ethics for executives and top management, the result of which are reviewed at the Audit Committee at the Board of Directors of MTS PJSC.

Members of the Management Board and employees are not entitled to participate in approval, agreement, other decision-making in respect of transactions concluded by the Company if they are or may be under the influence of the conflict of interests.

During managing a conflict of interests the Company is guided by the principles of lawfulness, confidentiality, impartiality, objectiveness and reasonable sufficiency, obligatory immediate disclosure of information by Company’s employees about an actual or potential conflict of interests or likelihood of such a conflict.

Procedures preventing a possible conflict of interests of directors are also established at our Company. Members of the Board of Directors must refrain from actions which may result in appearance of a conflict of interests and, if such a situation exists or arises, disclose information about it to the Board of Directors and not participate in voting on conflict agenda items.

Members of the Board of Directors, who have interest in agenda items of the Board of Directors, do not take part in discussion and voting on the specified agenda items.

During 2021, no conflict of interests of members of the Management Board of MTS PJSC was found.