EN / DE

Internal audit and risk management at EVN

back

continue

Internal audit

EVN’s internal audit department reports directly to the Executive Board and to the Audit Committee of the Supervisory Board. It is responsible for auditing and controlling processes and business units throughout the EVN Group. Separate internal audit departments were also established at EVN’s subsidiaries in Bulgaria and Macedonia. The internal audit departments prepare annual audit plans based on the results of risk assessments, and these plans are approved by the responsible corporate bodies before implementation. Any problem areas identified during the audits are reported to the respective business units and measures for improvement are recommended. The implementation of the measures approved by EVN’s management is then evaluated in follow-up audits. No serious deficiencies were identified that could endanger the strategy and objectives of the EVN Group.

Risk management

The primary goal of risk management at EVN is to protect the Group’s current and future earnings potential. Risks are recorded and analysed based on a centrally managed two-stage process that provides the responsible employees in the EVN Group with methods and tools to identify and evaluate risks. The respective business units, which are also responsible for risk management, communicate their risk exposures to the central risk management department, which classifies, analyses and evaluates risks across the entire Group. Measures to minimise corporate risks are also identified and their implementation is monitored. The two-stage risk management process is supported by standardised guidelines and carried out throughout the Group on an on-going basis. The resulting risk analyses are presented to the Executive Board and the responsible managing directors at regular intervals by the Group Risk Committee. A detailed presentation of EVN’s main risks and the measures taken to control risks can be found in the chapter Risk management in the2013/14 management report.

Issuer compliance

EVN has developed a comprehensive set of rules to prevent the misuse of insider information, which are based on the regulations defined by the Austrian Stock Corporation and Stock Exchange Acts, the Austrian Issuer Compliance Code and the Directive of the European Parliament on insider dealing and market manipulation. Twenty permanent and six ad-hoc areas of EVN’s business have been designated as strictly confidential, and the involved employees undergo regular training. In line with the Austrian Stock Exchange Act, compliance and confidentiality are monitored and evaluated by a designated compliance officer who reports directly to the Executive Board. The regular controls carried out by the compliance officer in 2013 /14 did not identify any deficiencies.

EVN Code of Conduct

EVN places great importance on the integrity and legally compliant behaviour of all its employees and business partners. As an international energy and environmental services company, the management and employees of EVN have a far-reaching responsibility and role model function both in Austria and abroad.

The Code of Conduct, which was developed in a Group-wide process and updated during 2012, forms the basis for all compliance measures at EVN.

EVN’s compliance organisation was revised in 2011/12, and a fundamental commitment was made to develop a compliance management system (CMS). The staff department Corporate Compliance Management (CCM) was established as of 1 October 2012 to develop, manage and improve the CMS; this department reports directly to the Executive Board. The CMS defines a standardised framework for the entire Group, which is designed to ensure honest and legally compliant behaviour in everyday business activities.

Following the installation of a Group-wide compliance organisation in 2012/2013, activities during the reporting year focused on employee training. As EVN managers play a key role and serve as role models in establishing a sustainable compliance culture, roughly 100 managers were sensitised for this subject in five-hour interactive, dialogue-oriented workshops in October. Training sessions for the managers of the strategic units in South Eastern Europe, above all in Bulgaria and Macedonia, followed during the months from February to April 2014.

In order to spread and anchor the CMS as strongly as possible throughout the Group, training sessions were consequently also organised for employees. The compliance officers responsible for the respective departments explained EVN‘s CMS and the related structures and processes in sessions consisting of small groups and lasting for at least 2.5 hours, whereby special focus was placed on explaining the anonymous whistle-blower system. The content of the training sessions is based on the ten subject areas defined in EVN‘s Code of Conduct. The following subjects were defined based on the risk analysis and discussed with the help of specific case studies: customers, capital market and investors, integrity and avoidance of corruption, data protection and confidentiality.

The compliance box “Compliance. It´s good energy.“ was developed for these training courses. It can be used as a collection of resources or reference work and was distributed to all participants at the start of the training course. The box is available in German, English, Bulgarian, Macedonian and Russian.

Compliance training courses on the content described above were held for roughly 6,000 employees and over 200 managers in ten different languages at more than 100 different locations in 2013/14. Plans call for the completion of these courses by the end of the 2014 calendar year, which means that all employees and all managers in the EVN Group are well equipped to deal with the challenges resulting from adherence to the compliance rules.

New compliance-relevant content and issues are reviewed on a regular basis. In accordance with the risk assessment, they are processed and included in the compliance box as required. Training courses on special subjects provide additional information for areas exposed to increased risk. In order to strengthen the awareness for compliance and reinforce the course content, employees have access to the EVN Intranet as well as to e-learning tools that were especially developed and contain, among other, special functions for managers, infrastructure project managers or sales employees. A specific plan sets the main points for communications on current compliance issues.

An important element of the CMS is the whistle-blowing procedure, which provides a framework to report possible violations of EVN‘s Code of Conduct. This system is voluntary and anonymous, and the identity of the reporting person is never revealed.

The EVN Code of Conduct can be found under www.evn.at/Codeof- conduct.aspx. Its content is based on EVN’s various stakeholder groups and is designed to support all employees in implementing EVN’s values during their working activities.

The Supervisory Board received a report on the content, goals and status of the compliance organisation in its meeting on 11 December 2013 in accordance with Rule 18a of the ACGC.

Audit of the consideration of the Austrian Corporate Governance Code by KPMG Austria

The report by KPMG Austria GmbH Wirtschaftsprüfungs- und Steuerberatungsgesellschaft, Vienna, on their audit of the corporate governance report of EVN AG, Maria Enzersdorf, pursuant to § 96 (2) Stock Corporation Act, to evaluate compliance with the ACGC is available under www.investor.evn.at.

Maria Enzersdorf, 18 November 2014