Internal Audit Department

In accordance with paragraph 4. The Company's Internal Audit Policy, approved by the Board of Directors (Minutes No. 501 of 11.11.2021), includes the following internal audit functions:

1. With regard to the implementation and application of unified approaches established in the "Rosseti" Group of Companies to the construction, management and coordination of the internal audit function in the Company and SDC:

1.1. development of proposals on the most optimal form of implementation of the internal audit function in the Company and ICS;
1.2. implementation of the Company's common principles for building the internal audit function and evaluating the implementation of the internal audit function established in the "Rosseti" Group of Companies;
1.3. development and implementation of methodological documents regulating the internal audit activity (policies, regulations, rules, methods, instructions and other documents) in accordance with the methodological documents developed by PJSC "Rosseti";
1.4. development of proposals for the development of documents defining common approaches and principles in the "Rosseti" Group of Companies to the construction, management and coordination of the internal audit function, participation in working groups on the development of documents on regulatory support for internal audit activities.
1.5. organization and implementation of measures to automate the internal audit activities of the Company and ICS.

2. With regard to internal audit implementation, participation in other verification activities in the Company and ICS;

2.1. planning, organizing and conducting internal audits of business processes (areas of activity), business functions, projects/plans/programs, structural and separate divisions and other objects of audit of the Company on the issues of ensuring:

– compliance with the requirements of legislation, industry regulations, internal regulations, standards and other internal documents (with the exception of technical regulations, standards and rules governing the operation of electric grid facilities), contractual obligations;
– implementation of orders of state bodies of the Russian Federation on the functioning and development of the electric grid complex;
– implementation of decisions/orders (instructions) of management bodies, requirements of organizational and administrative documents and other internal documents;
– effectiveness, economy and impact of the activities;
– reliability, accuracy, completeness and timeliness of accounting (financial) and management reporting;
– safety of assets.

2.2. implementation of the practice of conducting thematic audits conducted by all power grid companies that are part of the "Rosseti" Group of Companies on a specific topic in accordance with a unified audit program;

2.3. carrying out inspections, performing other tasks on behalf of the Board of Directors (Audit Committee), and/or executive bodies of the Company on issues within the competence of internal audit;

2.4. organization, planning, and provision of audit of ICS;

2.5. participation in the activities of the audit committee of ICS of employees of the internal audit division of the Company as elected members of the audit committees or invited experts;

2.6. participation in specialized (official) investigations on the facts of abuse (fraud), damage to the Company and ICS, inefficient use of resources and other facts of unfair/illegal actions on the part of employees and third parties;

2.7. informing the Board of Directors (Audit Committee), the Sole Executive Body/Management Board on the results of inspections, submitting recommendations on elimination of violations and deficiencies identified during inspections, and proposals on improvement of effectiveness of internal control systems, risk management and corporate management, on improvement of the Company and ICS activities;

2.8. monitoring the implementation of corrective action plans aimed at elimination of violations and deficiencies identified during inspections, and implementation of recommendations and proposals for improvement of Company and ICS activities;

2.9. organization and conduct of post-audits in relation to business processes (areas of activity), business functions, projects/plans/programs, structural and separate divisions and other objects of verification.

3. In terms of provision of independent and objective assurance services regarding the effectiveness of internal control systems, risk management and corporate governance, as well as assistance to executive bodies and employees of the Company in the elaboration and monitoring the implementation of procedures and measures in order to improve internal control systems, risk management and corporate governance of the Company:

3.1. assessment of the reliability and effectiveness of the internal control system, including:

– evaluation of internal (control) environment in the Company (including evaluation of such elements of control environment as philosophy of internal control system, integrity and ethical values, organizational structure, distribution of powers and responsibilities, personnel management);

– effectiveness evaluation of the implementation of internal control policies;

– evaluation of the process of setting objectives in the Company, including the determination of criteria adequacy used in order to analyze the fulfillment (implementation) degree of the set purposes;

– identification of internal control deficiencies that did not allow (do not allow) to achieve the set objectives;

– risk management evaluation;

– evaluation of issues regarding organization, construction and implementation of internal controls (control procedures) built into processes;

– evaluation of issues regarding information exchange (information exchange process) in the Company;

– evaluation of monitoring process in the Company, including results of introduction (realization) of actions aimed at elimination of violations and deficiencies and also results of improvement of a system of internal control;

3.2. assessment of the reliability and effectiveness of the risk management system, including:

– verification of adequacy and maturity of the internal control system elements in the Company for effective risk management, including organization of processes, setting objectives and targets, implementation of the policy provisions in the field of risk management, automation tools, regulatory and methodological support, interaction of structural departments within the framework of the risk management system, reporting, infrastructure, including organizational structure, etc.;

– verification of completeness of risk evaluation identification and correctness at all levels of the Company's management;

– verification the effectiveness of the Company's control procedures and other risk management measures, including effectiveness of use of resources allocated for these purposes;

– analysis of information on realized risks in the Company (including violations identified on the basis of the results of inspections, facts of failure to achieve the set objectives, facts of court proceedings, etc.);

3.3. corporate governance evaluation, including:

– evaluation of compliance with ethical principles and corporate values of the Company;

– checking the procedure for setting the Company's objectives and monitoring / controlling their achievement;

– verification of the regulatory support level and information interaction procedures (including risk management and internal control) at all levels of the Company's management, including interaction with interested parties;

– verification of the rights of shareholders, including controlled companies, and the effectiveness of relations with interested parties;

– verification of the disclosure procedures regarding the Company activities;

3.4. consulting the executive bodies of the Company regarding internal control, risk management and corporate governance issues (while preserving the independence and objectivity of internal audit).

4. Internal audit functions with regard to effective interaction between the Company and its external auditor, Audit Committee , as well as persons providing consulting services in the field of risk management, internal control and corporate governance are shown in Section 8 "Interaction between internal audit with interested parties" of this Policy.

5. Internal audit functions with regard to preparation and provision to the Board of Directors (Audit Committee) and executive bodies of the Company (Sole Executive Body/Management Board) of reports on the results of internal audit activities are shown in Section 8 "Interaction between internal audit with interested parties" of this Policy.

6. The Internal Audit performs other functions aimed at achieving objectives and solving the goals defined in this Policy.