RISK MANAGEMENT

The Board of Directors and Management of PJSC M.video are responsible for developing, introducing and implementing an effective risk management and internal control system. It was created to monitor progress in achieving the Company’s strategic and operational goals, ensure reliable information disclosure and oversee regulatory compliance. The system aims to promptly identify all key risks; assess the likelihood of occurrence, damage and implications; determine measures to minimize any adverse consequences; and create control mechanisms to ensure that business processes function sustainably.

When dealing with issues related to creating shareholder value, the Company has to make management decisions based on various factors that could have both a positive and a negative impact on achieving its goals. One way to reduce the uncertainty caused by such factors is to raise awareness among shareholders, management and employees about the existence of factors that could influence the achievement of these goals, and to assess their possible impact.

Key initiatives and results of internal control and risk management in 2020

In 2020, the Company undertook several key initiatives aimed at improving the internal control and risk management system. Below are some of the key ones.

• Conduct a comprehensive assessment of internal and external risks at least once a year;
• Alongside a qualitative assessment of key risks, conduct a quantitative assessment of the impact of various types of risks; at present, 70% of risks have been quantified;
• Identify and assess strategic risks for the Company;
• Implement measures to prevent risks from occurring;
• Update internal regulations governing internal control and risk management procedures.

Internal control system

To ensure that internal processes are efficient, the Company employs the following three-tier model to support control mechanisms:

• Tier 1 – Business: risk management is conducted daily, implementing and carrying out control procedures;
• Tier 2 – Dedicated department for risk management and internal control, compliance and other departments work to introduce and maintain an effective internal control system;
• Tier 3 – Internal audit: conduct audits and test the internal control system to further confirm the effectiveness of control mechanisms.

Risk management system

Risk management at M.Video–Eldorado is centralized within the holding company, PJSC M.video.

As part of the Company’s strategic management, the risk management system consists of comprehensive measures and interrelated processes that aim to:

• Develop risk management as a continuous cyclical management process;
• Integrate risk management principles and tools into the Company’s operational processes;
• Develop risk management as one of the key management skills of the Company’s employees;
• Develop risk management as an integral part of the Company’s corporate culture and all its business processes.

The Company’s risk management system has identified the following key areas:

• The Company ensures that an appropriate organizational structure, internal policies and capabilities are in place to support risk management processes. Each employee must understand the importance of risk management. Risk-based approaches should be developed and applied in all the Company’s activities.
• Based on long-term strategic goals, operational objectives and plans, the Company has designated measures to identify and control risks.
• The Company ensures that effective and efficient procedures are in place to identify internal and external events that may affect the achievement of its goals.
• The Company develops criteria to assess risks in terms of likelihood, potential damage and manageability so as to rank them and allocate resources based on these criteria.
• For each risk, an owner is appointed from the Company’s senior management to quickly respond to emerging risks and establish a systematic approach to risk management.
• The Company’s management is responsible for developing action plans that aim to mitigate risks identified to an acceptable level, or to respond to them in another appropriate manner.
• The Company approves processes and procedures to monitor the proper and timely implementation of the risk management plans developed.

Risk communication channels aim to ensure that this information is complete, timely, accurate and optimal; is addressed to the proper parties; and complies with data confidentiality requirements and appropriate feedback.

To build an effective risk management system, the Company divides all risks into the following categories:

• Strategic risks: risks that affect the Company’s strategic longterm goals and influence its activities, particularly issues concerning the effectiveness of corporate governance, political risk, natural risks, risk of changes in legislation or the consumer market, and risk of the Company’s reputation deteriorating, among others
• Operational risks: events in the Company’s business processes of an unregulated nature that occur due to internal and external factors and result in operational losses
• Financial risks: risks that potentially have a negative impact on the Company’s financial management. These include credit, interest-rate, currency and liquidity risks, as well as those associated with changes and ambiguities in tax legislation

Risk matrix for 2020

NO	RISK
C-2	Pressure on sales margin
C-3	Change in market environment and loss of market share
C-4	Deterioration in reputation
C-6	Violation of antimonopoly legislation
C-8	Risk of application of Law on Trade
C-9	Risk of ineffectiveness of IT architecture
C-11	Risk of introduction of Russian software
C-12	Risk of COVID pandemic
O-1	Disruption in supply chain
O-2	Failure of IT systems
O-3	Risk of safeguarding of assets
O-4	Risk of increased employee turnover
O-5	Risk of failing to comply with occupational and fire safety requirements
O-6	Risk of data leak
O-7	Risk of short-term lease agreements
O-8	Risk of cyberfraud
O-9	Risk of breach of licensing agreements
O-12	Risk of disruption in operations due to lack of access to DPCs
F-1	Risk of volatility in working capital and liquidity
F-3	Ineffective internal control
F-4	Tax risk

The Company conducts proper monitoring and promptly takes measures to mitigate corporate risks identified. This helps to stabilize potential damage from risks at an acceptable level and, consequently, to avoid significant losses from them.

Risk management: part of the Company’s corporate culture

The Company acknowledges that risk management is an integral part of its corporate culture and is committed to increasing employees’ awareness of the risk management system and encouraging them to embrace risk management as part of their daily activities. The Company views employees’ involvement in risk management, including identifying and assessing risks, as a valuable and obligatory contribution to its successful development.

Key plans for internal control and risk management in 2021

In 2021, the Company intends to further develop the internal control and risk management system. Plans will focus on:

• Introducing a risk-oriented approach to the investment process
• Developing and introducing an approach to risk appetite
• Transitioning to a quarterly update of the risk matrix, risk mitigation measures and quantitative risk assessment
• Identifying shortcomings in the control procedures of the Company’s key processes and developing measures to correct them
• Automating the risk management and internal control system
• Continuing the process of updating internal regulations governing internal control and risk management procedures.

CONTROL AND AUDIT

Control over the financial, economic and ownership activities of the Company is carried out by the Audit Commission.

The Audit Commission consists of three members. The Audit Commission is elected by the General Meeting of Shareholders for the period until the next Annual General Meeting of Shareholders.

The audit of the financial and economic activities of the Company is carried out by the Audit Commission based on the results of the Company’s activities for the year, in addition to at any time at the initiative of the Audit Commission, by decision of the General Meeting of Shareholders, by decision of the Board of Directors or at the request of any shareholders owning in aggregate at least 10% of the voting shares of the Company.

The Audit Commission periodically monitors the Company’s financial and business operations, and the activities of its executive bodies and officials through documentary and factual audits of the following points:

• the legality, economic merits and efficiency (expediency) of business and financial operations performed by the Company during the audit period;
• the completeness and veracity of the information on business and financial operations reflected in the Company’s management documents;
• the legality, economic merits and effectiveness of actions taken by Company executives and heads of structural divisions in terms of compliance with the laws of the Russian Federation, as well as the Company’s Charter, approved plans, programs and other bylaws.

Members of the Audit Commission in 2020:

1. Evgeny Bezlik
2. Andrey Gorokhov
3. Alexey Rozhkovsky

Information on Audit Commission members

INTERNAL AUDIT DEPARTMENT

An Internal Audit Department has been created in the Company.

Heads of the Internal Audit Department 2020

The head of the Internal Audit Department is accountable to the Board of Directors of the Company, and is appointed and dismissed by the sole executive body based on a decision of the Board of Directors.

The activities of the Internal Audit Department are governed by the Regulation on Internal Audit of the Open Joint-Stock Company M.video, approved by the Company’s Board of Directors (minutes No. 94/2014 of December 15, 2014).

The key competencies of the Internal Audit Department are as follows:

• Assisting the executive bodies and employees in the implementation and monitoring of procedures and measures for the development of risk management, internal control and corporate governance
• Coordinating with the external auditor and consultants in the field of risk management, internal control and corporate governance
• Conducting internal audits of subsidiary companies
• Preparing and submitting to the Board of Directors and executive bodies reports on the results of the activities of the Internal Audit Department
• Verifying compliance on the part of the Company’s executive bodies and employees with the provisions of laws and the Company’s internal policies regarding insider information and the fight against corruption, in compliance with the requirements of the Code of Ethics.

The Audit Committee of the Board of Directors and the Board of Directors regularly review the reports of the head of the Internal Audit Department and evaluate their effectiveness.

Information on the head of the Internal Audit Department

INTERNAL CONTROL AND RISK MANAGEMENT DEPARTMENT

The Company has established an Internal Control and Risk Management Department.

Heads of the Internal Control and Risk Management Department in the reporting year

The objectives of the Internal Control and Risk Management Department are as follows:

• Implementation and coordination of the building a risk management system;
• Identification and assessment of risks and risk response methods;
• Ensurance of the effective performance of the risk management system;
• Methodological support for the internal control and risk management system.

Key regulations in the field of internal control and risk management are as follows:

• Bylaw on internal control over the financial and economic activities of the Company, approved by the Board of Directors of the Company (minutes No. 81/2013 of December 12, 2013);
• Risk Management Policy approved by the Company’s Board of Directors (minutes No. 116/2016 of December 16, 2016).

At a meeting of the Board of Directors of the Company held on December 21, 2020, a new version of the risk matrix was approved.

Information about the head of the Internal Control and Risk Management Department in the reporting year

EXTERNAL AUDITOR

The Company engages an external auditor who carries out an audit of the Company. The external auditor is approved by the General Meeting of Shareholders

The objectivity of the selection of the auditor is ensured through a tender procedure. The tender procedure is carried out by a subsidiary of the Company, MVM LLC, on the basis of a service agreement concluded between MVM LLC and PJSC M.video (hereinafter the "Tender Committee"). Only applicants who meet the requirements for the independence of audit providers set out in Article 8 of Federal Law No. 307-FZ of December 30, 2008 on Audit Activities are invited to participate in the tender. Bids are evaluated based on price.

On April 15, 2020, the Tender Committee initiated tender procedures for selecting an external auditor to audit the business and financial activities for the Company in 2020. The tender was conducted in the form of a secured request for price proposals among such providers of audit services as JSC Deloitte and Touche CIS, JSC PwC Audit, JSC KPMG and LLC Ernst & Young.

PwC Audit and KPMG refused to participate in the tender procedure. The tender specification for the provision of audit services for PJSC M.video included the following services:

• Review of the condensed consolidated financial statements of PJSC M.video for the H1 2020;
• Audit of the annual consolidated financial statements of PJSC M.video for 2020 within the terms established by the Company;
• Audit of the financial statements of PJSC M.video in accordance with RAS for 2020;
• Audit of an additional section of the semi-annual and annual consolidated statements of PJSC M.video with financial indicators calculated in accordance with IAS 17;
• Additional services.

As part of the tender process, the applicants' bids were collected and evaluated. At a scheduled meeting of the Tender Committee on April 23, 2020, it was decided to recommend Deloitte & Touche CIS as the auditor of the Company.

The Audit Committee of the Board of Directors gave the Board of Directors appropriate recommendations for the matter of selecting an auditor at the Annual General Meeting of Shareholders to audit the financial and business procedures of the Company for 2020 (Minutes No. 82/2020 dated April 29, 2020).

Based on the recommendation of the Audit Committee of the Board of Directors (Minutes No. 82/2020 dated April 29, 2020), the Board of Directors advised the General Meeting of Shareholders to make the following decision on the issue of approving the Company’s auditor: “Approve Joint-Stock Company Deloitte & Touche CIS as the auditor to audit the financial and economic statements of the Company for 2020.”

At the Annual General Meeting of Shareholders on June 22, 2020 (Minutes No. 30 dated June 22, 2020), it was decided to approve Deloitte & Touche CIS as the auditor to audit the financial and economic statements of the Company for 2020.

After the appointment of the Company’s auditor at the Annual General Meeting of Shareholders held on June 22, 2020 (Minutes of the Annual General Meeting of Shareholders No. 30 dated June 22, 2020), the Board of Directors, based on the recommendation of the Audit Committee of the Board of Directors (Minutes No. 82/2020 dated April 29, 2020), approved the payment for the services of the auditor—Deloitte& Touche CIS—for the audit of the financial and economic statements of the Company for 2020 for an amount not exceeding RUB 19,000,000 excluding VAT, inclusive of additional services (Minutes of the meeting of the Board of Directors No. 185/2020 dated June 30, 2020).

There are no deferred or overdue payments for the services rendered by the auditor.