Risk management and internal control

Overview

HMS Group is exposed to various risks and uncertainties that may have undesirable financial or reputational implications. A risk management and internal control system has been integrated into the Group’s operations in order to minimise the negative impact of such risks and to benefit from available opportunities. The overall objective of this system is to obtain reasonable assurance that HMS’ goals and objectives will be achieved.

The main principle in the design and maintenance of such systems is that the expected benefits should outweigh the associated costs.

Key features of the internal control system over financial reporting

The Group uses a formal risk management program across its companies; there is an ongoing process for identifying, evaluating and managing the significant risks the company faces. Risks are classified according to their likelihood and significance; different strategies are used to manage identified risks. This process is regularly reviewed by the Board in accordance with applicable guidance.

The Board is responsible for the Group’s system of internal control and for reviewing its effectiveness. This system is designed to manage rather than eliminate the risk of failure to achieve business objectives and can only provide reasonable and not absolute assurance against material misstatement or loss.

Internal control and risk management monitoring is performed through internal and external assurance providers, which include:

  • Financial statement audits performed by external auditors. Discussion by the Audit Committee of the results of the audit, including a review of the financial performance, any changes to disclosure, a subsequent events review, important accounting matters and other internal control matters.
  • Review and formal approval of the financial results by the CEO, CFO, Audit Committee and the Board.
  • Board and sub-committee approval and monitoring of operating, financial and other plans.
  • Consolidation and verification of correct identification and proper assessment of critical business risks. The Audit Committee reviews changes to the risk profiles together with progress on actions for key risks on a regular basis.
  • Internal audit function. The Head of Internal Audit functionally reports to the Audit Committee and administratively to the First Deputy CEO. The internal audit department performs its activities in accordance with an audit plan and incorporates review of material controls, including financial, compliance and operational controls. The results of each audit are discussed in detail with the companies and business units concerned and action plans are agreed upon.

Continuous improvement

HMS Group’s goal is to continuously improve its governance and risk management sub-systems. We assess the findings of audits and internal investigations and use them to revise our internal processes and procedures.

The key features of the risk management process include:

  • The gathering and analysis of information related to internal and external factors which can affect the achievement of the Group’s objectives;
  • Identifying the possible negative impact of various events on operational and financial results in accordance with applicable risk-assessment methods;
  • Setting appropriate risk-tolerance levels;
  • Ranking risks according to their significance and probability;
  • Making appropriate decisions to manage identified risks;
  • Actively monitoring the steps taken to control the most significant risks.

Principal risks and uncertainties

The table below shows the relationship between the main categories of the risks we encounter and how they affect our strategy.

Below is the summary of the principal risks facing the Group’s business. HMS also faces other risks both known and unknown; some of them apply to similar companies operating in both the Russian and international markets.

Global political and economic risks

The Group may be exposed to various political, economic and other risks not only in the countries where it has primary production facilities (Russia, Ukraine, Belarus, Germany) but also in jurisdictions, where the company has other interests (e.g. EPC projects in the Middle East and Central Asia).

Starting in 2014, sanctions have been imposed in several packages by the US and the EU on certain Russian officials, businessmen and companies. The above-mentioned events have led to reduced access of Russia’s businesses to international capital markets. The impact of further economic and political developments on future operations and the Group’s financial position might be significant.

The introduction of new regulations or the imposition of trade barriers or a new round of sanctions against Russia could disrupt the Group’s business activities or impact the Group’s customers, suppliers or other parties with whom it does business, though amid fairly high crude oil prices the influence of these actions could be smoothed out.

We consider the additional imposition of targeted personal sanctions to be most probable. They alone will hardly create systemic risks and financial stability risks. Such measures could return certain private capital to Russia and put some pressure on the Russian ruble amid relatively high oil prices.

Sanctions against the corporate sector (finance, defense, oil and gas industries) would create the most serious risks for Russia’s economics and financial system. Tighter and broader restrictions concerning both the use of equipment and/or software and financial operations could lead to a heavy disturbance on the markets. The capacity to develop new fields could also be constrained by sanctions; in the longer term, as existing fields run out, the country may find it hard to maintain the current level of crude output and gas production.

In some instances, this could have an adverse, material effect on the company’s financial position and prospects.

Sales

The Group’s business depends on the levels of capital investment and maintenance expenditures by the Group’s customers, which in turn are affected by numerous factors, including the state of the Russian economy and that of other nations, fluctuations in the price of oil, taxation of the Russian oil and gas industry, availability and cost of financing, and state investment and other support for the Group’s customers and for state-sponsored infrastructure projects.

The Group’s business depends on being awarded contracts and on the renewal and extension of existing contracts; moreover, the Group relies on a limited number of key customers and contracts and may incur losses due to unfavourable terms of contracts with certain large customers.

Project execution risks

Since HMS’ contracts are typically on a fixed-price basis, there are risks associated with cost overruns (especially in large integrated projects). The Group seeks to mitigate these risks through its efforts to improve profitability and cost control, in part relying on volume growth and an increasing share of high-margin integrated solutions services.

Contract execution risks

HMS Group performs a systematic work to manage legal risks through their identification, and prevention of reasons and conditions when they arise at the pre-contractual stage as well as at the stages of contracts execution and legal proceedings.

Risks formation in 2018 was stipulated by a number of reason both macroeconomic and contractual related to a number of projects executed by the company.

Main legal risks which arise at the stage of contracts execution and contracts signing:

  • a) Risk of nonfulfillment of a contract by a client (in whole or in part).
  • b) Risk of nonfulfillment of their liabilities by third parties (sub-tiers), responsible for delivery (production) of a product’s components.
  • c) Risk of “a mediator” insolvency (failure to generate a cash flow in a settlements’ chain “client – producer”).
  • d) Risk of penalty claims for the breach of the contract.
  • e) Default risk (including, as a result of sanctions and/or other enforcement actions from state services).
  • f) Piracy risks.

Management of legal risks is based on their quality (expert) assessment and directed to their identification, monitoring of risk factors, as well as their mitigation.

HMS Legal department uses the following basic strategy of risks management:

  • Legal risks are verified at the stage of contracts’ preliminary qualification and vetting as well as their further support.
  • Regarding risks (a)-(c): contracts execution security to guarantee adequate sources of costs covering in the case of contracts nonfulfillment is maintained through:
    • Usage of different kinds of collateral and non-material securities provided by a counterparty when entering into an agreement in the form of independent guarantees (banking, corporate) for advance payments/contract performance, third-party guarantees, collateral and others.
    • Withholding of an advance payment till the provision of a security; if it is not provided, then payment after delivery.
    • Management of the contract commitments chain “client - producer”, which assures the receipt of the payment at the time of cash flow passing.
  • Regarding (d) risks: control and organization of the work to fix legally important facts and circumstances through putting together evidential documentation (letter, acts, protocols, etc.), identified factors of contractual nonfulfillment (a customer’s fault), with subsequent claims settlement by signing amendments to the contract.
  • Regarding (e) risks: monitoring of changes and control of deals compliance with the current legislation of the Russian Federation.
  • Regarding (f) risks: processing of patent search, due diligence, and record-keeping of intellectual activity results.

In case when risks occur at the trial level, standard legal procedures and collected documentation, which proves the counter nonfulfillment by the client, perspectively deliver success of the trial (complete or partial rejection of the suit, or significant lowering of penal sanctions).

Human Capital

The ability to achieve the Group’s strategic goals highly depends on our most important asset — our people. We develop and remunerate our employees using leading HR practices. In line with Group’s growth strategy, we aim to attract talented employees from the market and continuously improve our recruitment methods.

The success of the Group’s businesses depends heavily on the continued service of its key senior managers. These individuals possess industry-specific skills in the areas of sales and marketing, engineering and manufacturing that are critical to the growth and operation of the Group’s businesses. While the Group has entered into employment contracts with its senior managers, the retention of their services cannot be guaranteed. The Group is not insured against damages that may be incurred in the case of loss or dismissal of its key specialists or managers. Moreover, the Group may be unable to attract and retain qualified personnel to succeed such managers. If the Group suffers an extended interruption in its services due to the loss of one or more such managers, its business, financial condition, results of operations, prospects may be adversely and materially affected.

Loss of key R&D employees (talents with high potential and unique R&D knowledge) can reduce the organisation’s productivity. Moreover the replacements can cost the Company long time. The Group uses proactive approach to avoid unwanted resignations. The Group increasing its focus on approaching and retaining the right talents, using a tailored mix of financial and non-financial incentives.

Mergers & Acquisitions

During the whole period of its operation, the Group has completed a number of acquisitions targeting the key players in the markets of industrial pumps, compressors, modular oil & gas equipment and EPC-contracts. Taking into account the economic slow-down and high uncertainties, insufficient demand in many segments that makes it difficult to evaluate potential synergies from M&A, the Group does not consider any material acquisitions in the nearest future, so this risk is considered as immaterial.

Fraud and corruption risks

Fraud and corruption are pervasive and inherent risks of all business operations. There is always some potential for fraud and other dishonest activity at all levels of a business, from that of a factory worker to senior management. Efficient operations and optimal use of resources depends on our ability to prevent occurrences of fraud and corruption at all levels within the Group.

HMS Group promotes ethical behaviour among its employees and maintains dedicated violation reporting channels to raise concerns within the Group through an ethics hotline available 24/7. The Group’s internal audit and/or security department perform investigations into alleged fraud and misconduct. If necessary, the results of such investigations are provided to the CEO, the Board, the management and the Audit Committee, as necessary.

As the Group operates in a number of jurisdictions around the world, the Board and senior management also put a strong emphasis on corporate compliance with applicable regulation, including anti-bribery and anti-corruption legislation, such as the UK Bribery Act.

The Group has implemented procedures to ensure that all employees are aware of the requirements of the Group’s anti-corruption policies, with a particular focus on those roles most exposed to the risk of breach.

Legislation and regulations

Laws and regulations affecting businesses in Russia continue to change rapidly. Tax and regulatory frameworks are subject to varying interpretations. The future economic direction of the Russian Federation is heavily influenced by the fiscal and monetary policies adopted by the government, together with developments in the legal, regulatory and political environment. Recent Russian government initiatives which are currently under consideration are likely to include, inter alia, significant amendments to tax law governing operations with entities incorporated in offshore jurisdictions. As a company with a majority of its operating assets located in Russia, HMS Group recognises that these developments may have significant implications for its business and development plans. HMS Group continues to monitor these developments.

Information technologies

There are several significant risks in IT that can affect the company, including cyber security and incident response risk, IT resiliency and continuity risk, data management risk, technology operations risk, etc. HMS Group believes that today the main risks for the company are the following – the risk of data loss, the risk of a computer virus epidemic or a large-scale (purposeless) hacking, and the risk of a special virus attack intended to pilfer information undetected.

HMS Group has developed a company-wide information security (IS) strategy and a road-map based on the audit results. The action plan will be realised in 2018-2019, including the creation of an Information Security department. Moreover, the company has planned other long-term measures which will mitigate the risk of information security breaches: development of an Information Security Policy, perimeter protection, segmentation of the network, TDS/IPS, two-factor authentication, etc.

In 2018 in accordance with the developed strategy, HMS Group has implemented a series of technical and administrative measures to further mitigate the above mentioned risks, i.e.:

  • The brand new Information Security department has been established.
  • A number of hardware and software solutions against malicious code, alongside with elaborated monitoring tools has been deployed, namely:
    • perimeter firewall and threat emulation appliances, endpoint software anti-virus agent from Checkpoint.
    • threat emulation and intrusion detection appliances from Group IB.
    • security information and event management solution from IBM.
  • Further hardened regulations for the privileged user accounts have been developed and implemented.

Financial risk

HMS Group doesn’t use financial instruments for hedging or other risk management, so the company is not exposed to such kind of risks, including price and liquidity risks.

Foreign exchange risk

The Group has no material foreign exchange mismatch. The company operates primarily in Russia, with the majority of its revenue generated in Russian rubles. Operating costs are also mainly Russian ruble denominated and 97%t of debt is also in Russian rubles.

Credit and liquidity risks

In 2018, the company continued work with its debt portfolio. As a result, HMS smoothed its repayment schedule with the major repayments of Rub 11.5 billion falling in 2021. At 2018-end, HMS Group had Rub 6.3 billion of available cash. Coupled with the available undrawn credit facilities, it should be enough to cover the Group’s short-term debt (6% of total debt portfolio according to IRFS accounts). Considering all the above factors, HMS considers its exposure to credit and liquidity risks as immaterial.