Controls

Risk Management

The Group’s business and operations are exposed to various business risks. While a number of these risks are operational or procedural in nature, several of these risks are inherent in the character and jurisdiction of the Group�s international business activities, while others relate to changes in the global economy and are largely outside management�s control.

As a structured and coordinated Group-wide governance approach, the Group�s executives have created an enterprise risk management process (ERM) designed to identify, quantify, respond to and monitor the consequences of an executive agreed risk schedule that encompasses both internal and external critical risks. This process is consistent with the listing rules published by the UK Financial Services Authority and is based on the Turnbull Guidance on Internal Control.

The ERM process is fully supported by the Board, the Audit Committee and executive management. Senior management, tasked with the development of the ERM process, identified key risk elements and, in order to further risk management accountability, assigned ownership of the relevant risk areas to senior managers according to their designated functions.

As a result of the ERM process, a Risk Committee, under the chairmanship of the Audit Committee Chairman and including within its membership the Group CEO and vice presidents, is established and mandated to have oversight of the Group�s risk profile and supervise the entire risk management process including response procedures.

The Group�s executive management is responsible for embedding the agreed Risk Management related internal controls and mitigating actions throughout the entirety of the Group�s business and operations and through all levels of management and supervisory personnel. Such practices serve to encourage a risk conscious business culture.

We apply the following core principles to the identification, monitoring and management of risk throughout the organisation:

Risks are identified, documented, assessed, monitored, tested and the risk profile communicated to the relevant risk management team on a regular basis.
Business management and the risk management team are primarily responsible for ERM and accountable for all risks assumed in their operations.
The Board is responsible for assessing the optimum balance of risk through the alignment of business strategy and risk tolerance on an enterprise-wide basis.
All acquired businesses are brought within the Group�s system of internal control as soon as practicable. OAO Raspadskaya, in which the Group indirectly holds a 40% interest, is not within the Group�s system of internal control.

Risk Committee

The Risk Committee was established on 14 October 2011 prior to the Company�s admission to trading on the London Stock Exchange�s main market and the terms of reference were approved by the Risk Committee on 30 November 2011.

Risk Committee Terms of Reference (48 kb)

The Chairman of the Audit Committee, Terry Robinson, a non-executive director, also chairs the Risk Committee. Further members of the Risk
Committee include the relevant senior and executive management of EVRAZ plc with accountability for delivering appropriate business and
operation risk management mitigation actions as part of their functional responsibility. Furthermore, the Committee invites Head of Group
Internal Audit, members of senior management and Audit Committee members to attend all its meetings.

The Committee meets at least twice a year at appropriate times and at other times as required.

The Committee�s role is one of oversight and supervision of the Group�s risk profile and risk framework. It is tasked with reviewing the overall risk
profile and resulting Risk Register of the Group for completeness and monitoring the related risk management actions and risk event
management ownership within the divisions, functions and at corporate level.

Responsibilities of the Risk Committee include:

Reviewing annually the Group�s internal control and assurance framework to satisfy itself on the design and completeness of the framework
relative to the Group�s activities and risk profile.
Considering and recommending to the Board for approval via the Group Chief Executive and/or the Committee chairman parameters for the
Group�s risk appetite.
Reviewing and monitoring the Group�s risk profile and the appropriateness of the Group�s risk measurement systems.
Reviewing the completeness of the Group�s Principal Risk Categories and appropriateness of the supporting documentation and approving the
creation of new Key Risk Categories in the Risk Register; and
Receiving and reviewing reports that assess the nature and extent of risks facing the Group.

During 2011, the Risk Committee reviewed and updated the Group�s risk matrix together with related risk mitigating actions and delivered its proposals to the Board for consideration and adoption. The Committee also recommended the development of a risk appetite profile based on the Group�s Impact and Probability risk matrix. Both the risk appetite and the Probability risk matrix with mitigating actions were adopted.

Additionally, regional executive risk committees were established in North America and South Africa to enhance the risk identification process using a bottom up approach to complement the top down approach which was used for initial risk identification and assessment and preparation of the Group risk register in 2011.

The Committee also reviewed plans to extend the risk management process to the entity-level during 2012.

Controls

EVRAZ�s internal control systems have been designed to manage rather than eliminate the risk of failure to achieve business objectives and provide reasonable but not absolute assurance against material misstatement or loss. Consistent with its governance policies, the Group continues to improve the process through which the effectiveness of its internal control system can be regularly reviewed as required by provision C.2.1 of the UK Corporate Governance Code. The process enables the Board and the Audit Committee to review the effectiveness of the system of internal controls in place within the Group to manage significant business, operational and financial risks (including, environmental, safety and ethical risks) throughout the year.

The processes of preparation of Consolidated Financial Statements are designed to prevent any material misstatements and present such Financial Statements fairly in accordance with the Group�s accounting policies. The use of our standard accounting manual and reporting pack by our finance teams throughout the group ensures that transactions are recognised and measured in accordance with prescribed accounting policies and that information is gathered and presented in a consistent way that facilitates the production of the Consolidated Financial Statements. The Audit Committee considers all significant judgements and estimates made in the preparation of the Financial Statements for the period and reviews and analyses the Annual Report and Accounts. Each Financial Statements are required to be approved by the Audit Committee and the Company�s Board.

The Audit Committee has the primary oversight role of the Group�s internal control regime and has direction as to the internal audit function resources and annual audit programmes thereby ensuring that the Group�s ongoing internal control process is adequate and effective.

Principal Risks and Uncertainties (1.9 mb)

Internal Audit

Internal audit is an independent appraisal function established by the Board to evaluate the adequacy and effectiveness of controls, systems and procedures, within EVRAZ plc, in order to reduce business risks to an acceptable level in a cost effective manner.

The latest version of the Internal Audit Charter of EVRAZ plc was approved by the Board on 13 December 2011. The role of internal audit in the Group is to provide an independent, objective, innovative, responsive and effective value-added internal audit service through a systematic and disciplined approach by assisting management in controlling risks, monitoring compliance, improving the efficiency and effectiveness of internal control systems and governance processes.

In 2011, EVRAZ�s Head of Internal Audit attended all the meetings of the Audit Committee and addressed any reported deficiencies in internal control as required by the Audit Committee. The Audit Committee continued to engage with executive management during the year to monitor the effectiveness of internal control and accordingly considered certain deficiencies that had been identified in internal control together with management�s response to such deficiencies. The Audit Committee also agreed timelines for effecting the proposed corrective actions in respect of the aforementioned deficiencies.

The annual internal audit programme is predominantly risk-based and in 2011 incorporated particular assignments and priorities agreed by the Audit Committee. Further, the scope of the 2011 annual internal audit plan included a review of the internal control systems of newly acquired trading subsidiaries as considered appropriate for effective risk management.

The Company�s internal audit is structured on a regional basis, reflecting the developing geographic diversity of the Group�s operations. In the light of this the head office internal audit function has furthered implementation of common internal audit practices throughout the Group.

During 2011 the internal audit function worked in cooperation with Ernst & Young, EVRAZ�s external auditor, in conducting their respective responsibilities for the Group. In 2011 KPMG conducted a quality assessment review of EVRAZ�s internal audit function in Russian Federation and Ukraine, and the Institute of Internal Auditors (the IIA) in US and Canada, to attest the conformity of EVRAZ�s internal audit activity with the International Standards for the Professional Practice of Internal auditing developed by the Institute of Internal Auditors as well as best practice in internal auditing. Based on this review KPMG and the IIA issued reports with the assessment of the respective EVRAZ�s Internal audit activities. Recommendations of these reports contributed to further refinement of the function.

Policy for Approval of Services to be Provided by EVRAZ External Auditor (90 kb)