APPROVED
by the General Meeting of Shareholders of
the JSC ‘Toshkent’ Republican Stock Exchange
24 May 2016
REGULATIONS ON
THE INTERNAL CONTROL OF
THE JSC ‘TOSHKENT’ REPUBLICAN STOCK
EXCHANGE
CONTENTS:
1.1. These ‘Regulations on the Internal Control of the Joint-Stock Company “Toshkent” Republican Stock Exchange’ (hereinafter - the ‘Regulations’) is developed in accordance with the current legislation of the Republic of Uzbekistan, the Charter of the Company (hereinafter - the “Company”), the Corporate Governance Code, and other internal documents of the JSC “Toshkent” Republican Stock Exchange.
1.2. These Regulations determines the goals and objectives of the Internal Control System, the principles of its operation, as well as the bodies and officers of the Company responsible for internal control.
1.3. All amendments and additions hereto shall be made by the decision of the Supervisory Board of the Company.
2.1. Internal control is a continuous process integrated into the activities of the Company and aimed at improving the effectiveness of risk management, control and corporate governance in the most optimal manner in order to obtain reasonable and sufficient confirmation in the following areas with regard to achievement of the objectives of the Company:
- efficiency and productivity of activities, including the performance level, gaining of profit, and asset protection;
- integrity and reliability of financial statements;
- compliance with applicable laws and legal standards that regulate activities.
2.2. The internal control system is a set of the organizational structure, controlling measures, procedures and methods of internal control, regulated by internal documents, organized and implemented in the Company by the Supervisory Board, the Management and other employees at all levels and over all functions.
2.3. Internal control procedures are a set of measures carried out by the Audit Committee of the Company, the Supervisory Board of the Company, the Executive Board of the Company (the Board), as well as the units of the Company authorized to exercise internal control (further - the units of the Company), and aimed at identifying breaches of legislation and internal documents of the Company in carrying out its financial and economic activities, at assessing the effectiveness of achievement of the goals set by Company, as well as the interaction of subjects of internal control between themselves in the process of implementing the internal control procedures.
2.4. The main purpose of internal control is to obtain reasonable assurance that the Company will achieve its activity objectives in the most effective manner.
2.5. Internal control is designed to ensure in an expeditious manner:
2.5.1. soundness of the assets, economical and efficient use of the Company’s resources;
2.5.2. compliance with the requirements of the current legislation, internal policies, standards and procedures of the Company;
2.5.3. fulfillment of business plans of the Company;
2.5.4. completeness and reliability of the accounting records, financial statements and management information of the Company;
2.5.5. identification and analysis of risks at the time of their occurrence in the activities of Company;
2.5.6. planning and management of risks in the activities of the Company, including making timely and adequate decisions on risk management till the moment when the risk does maximum damage;
2.5.7. gaining and maintaining a good reputation of the Company in business circles and among consumers.
3.1. The internal control system in the Company is based on the following principles:
3.1.1. Smooth-running operation, i.e. the permanent and proper operation of the internal control system allows the Company to promptly identify any departure from the standard and prevent their occurrence in the future;
3.1.2. Accountability of all participants in the internal control system, i.e. the quality of performance of control functions by each person is controlled by another participant in the internal control system;
3.1.3. Separation of duties, i.e. the Company seeks to avoid duplication of control functions, and these functions should be allocated among employees in such a way that the same person does not unite the functions associated with approving transactions with certain assets, transaction accounting, ensuring the safety of assets, and making up their inventory;
3.1.4. Due acceptance and approval of transactions, i.e. the Company seeks to establish the procedure for approving all financial and economic transactions by authorized persons within their respective authorities;
3.1.5. Ensuring the organizational isolation of the unit of the Company, which carries out daily internal control, and its functional accountability directly to the Supervisory Board;
3.1.6. Responsibility of all subjects of internal control working in the Company for the proper performance of control functions;
3.1.7. Implementation of internal control based on the seamless interaction of all units and services of the Company;
3.1.8. Continuous development and improvement, i.e. the Company strives to provide the conditions for flexible adjustment of the internal control system so that it can be adapted taking into account the need to handle new tasks, expand and improve the system itself;
3.1.9. Timeliness of sending reports on deviations, i.e. the Company has established the minimum period of time for transferring relevant information to persons authorized to take decisions on eliminating deviations;
3.1.10. Correspondence between the level of complexity of the internal control system and that of complexity of the controlled facility;
3.1.11. Prioritizing the areas of activity of the Company, in which control is being established, i.e. strategic directions covered by the internal control system are singled out, even if the effectiveness of their operation (cost/performance ratio) is difficult to measure;
3.1.12. The complex nature of internal control over objects of various types.
4.1. The internal control system includes the following interrelated components:
4.1.1. The control environment that includes the ethical values and competence of the Company’s employees, management policy, the way in which the Management assigns authority and responsibility, the structure of employee organization and professional development, as well as the management and administration exercised by the Supervisory Board;
4.1.2. Risk assessment, which is the identification and analysis of relevant risks in the process of achieving certain tasks that are interconnected at different levels;
4.1.3. Control activities summarizing policies and procedures that help ensure that the Management guidelines are being implemented and including a variety of activities, such as: issuing approvals, sanctions, confirmations, carrying out inspections, monitoring day-to-day operations, ensuring the security of assets, and division of powers;
4.1.4. Activities on strategic communications and information exchange aimed at the timely and effective identification of data, their recording and exchange, including, among other things, creating effective channels for information exchange in order to form understanding the internal control policies and procedures, which the Company has in place, in all subjects of internal control, as well as to ensure their fulfillment. The Company takes measures to protect against unauthorized access to information;
4.1.5. Monitoring is a process that includes management and supervision functions, during which the quality of the system’s performance is evaluated with the course of time. The internal control system is evaluated to determine the likelihood of errors that would affect the reliability of financial statements, clarify the materiality of these errors and determine the ability of the internal control system to ensure fulfillment of the tasks set.
5.1. Internal control shall be exercised by the Supervisory Board of the Company, the Audit Committee, the Executive Body (Management Board), the Internal Audit Service, and other employees of the Company at all levels, and each of them takes some responsibility for internal control.
5.2. The functions, rights and responsibilities, liability of the units operating in the Company are provided for by regulatory and administrative documents of the Company. The documents, as well as other documents that directly or indirectly affect the issues of internal control shall not conflict with the provisions hereof.
5.3. In order to ensure the systematic nature of the control over the financial and economic activities of the Company, the internal control procedures shall be carried out by the authorized unit of the Company - the Internal Audit Service responsible for internal control, in cooperation with other bodies and units of the Company.
5.4. The functions of the Supervisory Board include:
5.4.1. Determining the direction of development and approval of certain operations and strategies of the internal control system;
5.4.2. Making an annual report on the results of the analysis and assessment of the reliability and effectiveness of the internal control system based on the data of the regular reports of the Executive Body of the Company, internal and external audits, the Audit Committee, information from other sources and the Supervisory Board’s own observations with regard to all aspects of internal control, including: financial control, operational control, monitoring of statutory compliance, as well as control over internal policy and procedures at the Annual General Meeting of Shareholders;
5.4.3. Determining the structure and composition of the unit of the Company, responsible for internal control;
5.4.4. Continuous improvement of the internal control procedures.
5.5. In accordance with the Internal Control Policy approved by the Supervisory Board of the Company, the responsibility for the performance of the internal control system shall be vested in the Executive Body (the Board). The Executive Body of the Company will introduce the procedures of the internal control system and ensure its effective performance, timely informing the Supervisory Board of all significant risks of the Company, significant shortcomings of the internal control system, as well as plans and results of measures taken to eliminate them.
5.6. Employees (including executives) of units of any level shall directly participate in the detailed development of control strategies and procedures within the limits of their competence. To cope with off-nominal situations and problems as they arise is part of their duties. Employees shall report significant issues or risks, occurring on a specific transaction, to the higher management of the Company.
5.7. Responsibility for exercising control over the financial and economic activities of the Company and its separate units shall be vested in the permanent internal control body - the Audit Committee, whose role, goals, objectives, and powers are presented in the Regulations on the Audit Committee.
5.8. Responsibility for the implementation of regular monitoring of the performance of internal control procedures, namely for the compliance of business transactions carried out by the Company with the requirements of legislation of the Republic of Uzbekistan and the Charter of the JSC ‘Toshkent’ Republican Stock Exchange as a whole, its separate units, as well as the completeness and accuracy of accounting statements and financial reporting shall be vested in the Internal Audit Service, whose role, goals, objectives, and powers are presented in the Regulation on the Internal Audit Service, including a time limit for submitting documents and materials for assessment of a business transaction conducted to the Internal Audit Service, as well as the liability of officials and employees of the Company for failure to submit the above documents and materials within the time limit.
The Regulations on the Internal Audit Service shall be agreed upon by the Supervisory Board and approved by the Executive Body (the Board).
5.9. The Internal Audit Service of the Company reports to the Supervisory Board on the results of internal audit and the performance of the internal control system. The Internal Audit Service of the Company is functionally subordinated to the Audit Supervisory Board, and administratively to the Executive Body (the Board).
5.10. Persons who:
- have been found guilty of committing crimes in the sphere of economic activity or crimes against the public order, interests of the state service and service in local government bodies or to whom administrative penalties for offenses in the field of entrepreneurial activity or in the field of finance, taxes and fees, the securities market have been applied;
- serve on the executive bodies of the Company;
- are participants in, general director (manager), members of management bodies or employees of a legal entity competing with the Company;
do not have the right to hold positions in the Internal Audit Service of the Company .
Other requirements for persons who are members of the Internal Audit Service may be established by the Supervisory Board or by the Executive Body (the Board) in consultation with the Supervisory Board.
5.11. The proper operation of the internal control system also depends on the professionalism of the employees. The Company makes efforts so that the system of recruiting, hiring, development, training and promotion of employees ensures their high qualification and their compliance with high ethical standards.
6.1. The internal control procedures of the Company include:
6.1.1. Determining interrelated and consistent goals and objectives at various levels of the Company’s management;
6.1.2. Identifying and analyzing potential and existing operational, financial, strategic and other risks that may hinder the achievement of the Company’s objectives;
6.1.3. Evaluating the essential components of internal control;
6.1.4. Evaluating the effectiveness of the system of internal control of business processes;
6.1.5. Establishing the criteria of and evaluating the performance of organizational units, officials and other employees of the Company;
6.1.6. Considering financial and other information in comparison with the comparable information for prior periods or with expected performance results;
6.1.7. Using proper methods of accounting for events, operations, and transactions;
6.1.8. Checking the soundness of assets;
6.1.9. Proper documenting the internal control procedures;
6.1.10. Regular assessing the quality of the internal control system;
6.1.11. Bringing to all employees’ of the Company notice their duties in the field of internal control;
6.1.12. Distributing key responsibilities between the employees of the Company (including the responsibilities for acceptance and approval of transactions, transaction accounting, issuance, storage and receipt of resources, analysis and verification of transactions);
6.1.13. Approval and implementation of transactions only by those persons who are duly authorized;
6.1.14. Other procedures are necessary to achieve the objectives of internal control.
6.2. When conducting the internal control procedures, methods of inspection, surveillance, confirmation, recounting, as well as other methods necessary for the implementation of the internal control procedures shall be applied.
7.1. These Regulations, as well as amendments and additions thereto, are approved by the Supervisory Board of the Company by a majority of votes of its members present at the meeting or participating in absentee voting.
7.2. Additions and changes hereto shall be made at the suggestion of the Corporate Consultant, the members of the Supervisory Board of the Company, the auditor of the Company, the Audit Committee of the Company, and the Executive Body of the Company.
7.3. If, as a result of changes in the legislation and regulations of the Republic of Uzbekistan, certain articles hereof conflict with the legislation or regulations, then the articles become invalid, and until the changes are made to the Regulations, the Company shall be guided by the legislation and regulatory acts of the Republic of Uzbekistan.
