Internal audit and risk management
EVN’s internal audit department reports directly to the Executive Board and to the Audit Committee of the Supervisory Board. Separate internal audit departments were also installed at EVN’s subsidiaries in Bulgaria and Macedonia. The internal audit departments are responsible for auditing and controlling processes and business units, whereby continuous training for the staffs is ensured by specially organised programmes. The internal audit departments prepare annual audit plans based on the results of risk assessments. These plans are approved by the responsible corporate bodies and supplemented by ad-hoc and special audits where required. The work of the internal audit departments is based on the International Standards for the Professional Practice of Internal Auditing (IIA). Any problem areas identified during the audits are reported to the respective business units and measures for improvement are recommended. The implementation of the measures approved by EVN’s management is then evaluated in follow-up audits. The above-mentioned audits did not identify any serious deficiencies that could endanger the strategy or goals of the EVN Group.
The primary goal of risk management at EVN is to protect the Group’s current and future earnings potential. Risks are recorded and analysed based on a centrally managed two-stage process that provides the responsible employees in the EVN Group with methods and tools to identify and evaluate risks. The respective business units, which are also responsible for risk management, communicate their risk exposures to the central risk management department, which classifies, analyses and evaluates risks across the entire Group. Measures to minimise corporate risks are also identified and their implementation is monitored. The two-stage risk management process is supported by standardised guidelines and consistently carried out throughout the Group. The resulting risk analyses are presented to the Executive Board and the responsible managing directors at regular intervals by the Group Risk Committee. A detailed presentation of EVN’s main risks and the measures taken to control risks can be found in the chapter on risk management in the 2015/16 management report.
EVN has developed a comprehensive set of rules to prevent the misuse of insider information, which are based on the regulations defined by the Austrian Stock Corporation and Stock Exchange Acts, the Austrian Issuer Compliance Code and the Directive of the European Parliament on insider dealing and market manipulation. 21 permanent and five ad-hoc areas of EVN’s business have been designated as strictly confidential, and the involved employees take part in regular training. In accordance with the Austrian Stock Exchange Act, compliance and confidentiality are monitored and evaluated by a designated compliance officer who reports directly to the Executive Board. The regular controls carried out by the compliance officer in 2015/16 did not identify any deficiencies.
EVN Code of Conduct
EVN places great importance on the integrity and legally compliant behaviour of all its employees and business partners. Through their role as an integral part of an international energy and environmental services company, the managers and employees of EVN have a far-reaching responsibility and role model function both in Austria and abroad.
The Code of Conduct, which was developed in a Group-wide process and updated during 2012, forms the basis for all compliance measures at EVN. Corporate Compliance Management (CCM), a staff department reporting directly to the Executive Board, was established as of 1 October 2012 to develop, manage and improve the Compliance Management System (CMS). The CMS defines a standardised framework for the entire Group which is designed to support employees to behave in an honest and legally compliant manner in everyday business activities.
Activities during the past two financial years focused on employee training. As a first step, EVN managers of all strategic business units were sensitised for this subject in five-hour workshops. The sensitisation of managers was followed by two-hour training sessions for all employees by the responsible compliance officers. The focus was placed on explaining the anonymous whistle-blower system and the subjects customers, capital market and investors, integrity and avoidance of corruption, as well as data protection and confidentiality. Over 8,000 employees and 200 managers have been trained on compliance in ten languages at more than 100 different locations. These activities ensure that all employees and managers in the EVN Group are well equipped to deal with the challenges resulting from adherence to the compliance rules.
An important element of the CMS is the whistle-blowing procedure, which provides a framework to report possible violations of EVN’s Code of Conduct. This system is voluntary and anonymous, and the identity of the reporting person is never revealed.
The EVN Code of Conduct can be found under www.evn.at/Code-of-conduct.aspx. Its content is based on EVN’s various stakeholder groups and is designed to support all employees in implementing EVN’s values during their working activities.
Training courses on special subjects provide additional information for areas exposed to increased risk. In addition to content in the EVN Intranet, e-learning tools were also developed for employees. These tools have been implemented in all strategic business units and Group companies in Austria, in the WTE Group, at EVN Bulgaria and at EVN Croatia. The introduction of this content at EVN Macedonia has also started. Special content is offered for managing directors, infrastructure project managers and sales employees. A communication plan based on the specific target groups anchors and ensures the further development of awareness for compliance issues in all Group companies in Austria and abroad.
Internal processes that are exposed to particular risks from a compliance standpoint were equipped with so-called compliance controls and technically integrated in EVN’s process management system during 2015/16. These controls are ongoing and thereby provide additional security for adherence to the Group’s compliance rules.
Activities during the reporting year also included the intensification of business partner reviews. In line with the respective risks, the business partners of the EVN Group in Austria and the WTE Group are audited on compliance-relevant issues with the support of an external service provider. Any sensitive information revealed by this screening leads to the implementation of risk-minimising measures. Preparations are currently underway to extend this process to other Group companies.
The previous implementation of the compliance management system was tested in a survey of managers and employees. A compliance dialogue on future compliance challenges was also carried out with managers. The analysis and appraisal of the results of these internal analyses will be followed by the further optimisation of EVN’s compliance management system to meet these future challenges.
The Supervisory Board received a report on the content, goals and status of the compliance organisation in its meeting on 9 December 2015 in accordance with Rule 18a of the ACGC.
In order to anchor data protection in the EVN Group, a data protection officer was appointed in Austria. This position is assigned to the Corporate Compliance Management Department and thereby reports directly to the Executive Board. The officer is independent in the exercise of his function and situated outside business processes. He will develop, direct and improve a crossfunctional, Group-wide data protection management system. In this way, EVN will meet and effectively address the challenges related to the EU Data Protection Regulation on a timely basis.
Audit of compliance with the Austrian Corporate Governance Code by KPMG Austria
KPMG Austria GmbH Wirtschaftsprüfungs- und Steuerberatungsgesellschaft, Vienna, has audited and reported on the corporate governance report of EVN AG, Maria Enzersdorf, pursuant to § 96 (2) of the Austrian Stock Corporation Act. This report on the evaluation of compliance with the ACGC is available under www.investor.evn.at.
Maria Enzersdorf, 17. November 2016