DTEK Group has implemented an internal control and risk management system aligned with the framework outlined by The Committee of Sponsoring Organizations of the Treadway Commission (COSO). It is fully integrated into our strategic and tactical planning, including, but not limited to, strategy, business planning and budgeting processes and investment projects. Both the system and its processes are harmonized across all operating holdings.
The Three lines of defense model has been introduced across DTEK Group, establishing a common framework for the communication of roles and responsibilities regarding risks and controls. Risks and opportunities are identified and assessed by the holistic approach bottom-up and top-down.
The Management Board is responsible for the development of strategic and operational targets, in addition to identification, oversight of adequate assessment, and mitigation of associated risks in line with methodology developed by the Risk Management Function. The Finance & Risk Committee deals with risk management issues and provides management with regular risk reports, which articulate the ability of risk to positively or negatively influence business targets. As part of the third line of defense model, the Internal Audit regular evaluates control processes and procedures, while it also provides unbiased and independent information, including recommendations on further actions based on its results.
All operational holdings’ risk management systems do not operate in isolation, but instead are integrated into the governance structures at Group level. The objective is to achieve cross-implementation of risk management practice in all of DTEK’s units and business processes. A risk coordinator is appointed in each entity and is tasked with fostering a strong risk management culture, and facilitating development and implementation of measures to manage relevant risks.
The business process model is developed in a manner which addresses the complexity of DTEK Group’s organizational structure and business streams. An assessment of risks to core business processes should be routine, while necessary controls should be implemented and documented. The internal control system is continuously being developed and is governed by the relevant process owner.
Identified risks are aggregated by utilizing corporate risk tracking and reporting tools, resulting in risk profiles. DTEK applies uniform risk classifiers, dividing all risk into the following sub-categories: strategic, operational, financial and regulatory. This allows DTEK to manage identified risks in an efficient way. For the risks that are deemed to be material, comprehensive mitigating action plans are developed and regularly reviewed to ensure that the risks remain within acceptable levels.
In line with the risk management target operating model, DTEK utilizes a centralized model of insurance portfolio management to ensure all insurable group risks are known, measured and prioritized for most efficient program development.