Risk Management in Kazatomprom
IAEA Technical Meeting on Risk Management in Nuclear Power Plant Construction
Vienna
7th September, 2016
• Kazatomprom – is a national atomic company that was founded in 1997 by the Decree of President
of Kazakhstan. This is a state owned company – our sole stockholder is National Welfare Fund
«Samruk – Kazyna».
• Kazatomprom is a national operator of import and export of uranium and nuclear fuel for nuclear
power plants. Kazatomprom is one of the world's leading uranium mining companies.
• Kazatomprom concentrates its activity not only on mining uranium mining products, but it is also
actively involved in the field of alternative energy and rare metals.
• Kazatomprom has about 80 subsidiaries employing around 27 000 people.
• Kazatomprom’s enterprises are involved in the whole complex related to manufacturing of the
finished products: from geological exploration, extraction of uranium, and nuclear fuel production
to science, social support, and personnel training.
About Kazatomprom
2
Strategic objectives of Kazatomprom are focused:
• on saving the leading positions in the global natural uranium market,
• maximizing company’s activity in production diversification in the front-end of Nuclear Fuel Cycle
(NFC) by participating in foreign assets (in such stages as conversion, enrichment, fuel assemblies
production, construction of nuclear power plants),
• and expansion onto adjacent hi-tech industries, where company’s scientific and technical capabilities
will be developed and utilized.
Thus, Kazatomprom is faced by various types of risks everyday.
Risk management system (RMS) was implemented in 2010 for the purpose of managing and improving
Kazatomprom’s corporate management system.
Risk management is regulated by:
• international standards in the field of risk management and internal control - COSO, ISO;
• approved internal risk management documents;
• regulatory documents of the sole stockholder - “Samruk-Kazyna”.
Risk Management System (RMS)
3
Protecting the Company’s Shareholder interests.
Ensuring the strategic and operational sustainability of the Company.
Decreasing the losses of the Company, in a case of unfavorable negative risks
implementation.
The Main Purposes of Risk Management
4
Organizational Structure of Risk Management System
The Sole
shareholder
Board of Directors
Management Board
Corporative Secretary Committee of internal
audit
Internal audit Service Risk management
Committee
Chief Risk Officer
Risk management
Division
Unit 1 Unit 2 Unit 3 Unit 4 Unit …
Ris
k o
wner
s
5
Role of Participants
Board of Directors
Management Board is in charge for organizing an efficient RMS, which allows to identify and assess potential risks. It
additionally performs the following functions: enforcement of the compliance with risk management policies
and other internal documents related to risk management.
Risk management
Committee
Review and preliminary approval of RMS’ plan of actions;
Review and preliminary approval of risk management documents of the Company.
Risk owners Timely identification and information of significant risks in the scope of their activity;
Execution of approved action plans;
Timely submission of information of all realized risks to Risk management Division.
Risk management
Division
Coordination and improvement of RMS process in the Company;
Preparation of register of risks, setting the limits and risk appetites;
Initiating development of the plan of actions directed to minimization of risks and coordination of activities
related to its implementation.
The Board of Directors plays a key role in RMS supervising and reviewing risk reports. It also approves the
following: risk management Strategy, risk management Policy, register of risks, and risk appetites.
6
The main risk management
processes
Register
of risks
Risk
Appetite
Setting
limits KRI Hedge
Register of
risks must
be approved
by Board of
Directors
Risk
appetite
must be
approved by
Board of
Directors
Setting
limits for
countries
and
banking
operations
Setting KRI
for weekly
monitoring
Hedge of
financial
risks
Analyze and
assessment
of risks in
investment
projects
Analyze
7
Risk Management Process
Information and communication
Determination:
Aims, risks, factors,
consequences
Risks Assessment
Procedure:
Risk Reduction,
Risk Acceptance,
Risk Deviation,
Risk Transfer.
Monitoring:
KRI, Risks Reports
8
Map of Risks
Every year we initiate the formation of the register of risks and
conduct its quarterly update.
The register of risks identifies key risks.
Red risks are risks with high probability of realization and/or they
have significant negative impact on the Company’s activity.
All risks are divided for 5 groups: Strategic, Operational, Finance,
Investment and Legal.
On a regular basis, risk owners together with Risk Management
Division analyze all identified risks within the qualitative and
quantitative risk assessment and determine measures to minimize
their impact and/or probability of their occurrence.
Strategic and
operational
goals, KPI
Interview with
owners of
risks,
questionnaire
Factors KRI Plan of
action
Assessment,
qualitative
&
quantitative
The process of risk management is simple as following:
Monitoring,
reports
1 2 3 4 5
О-10,
Probability
1
О-9,
F-2,
F-6
I-10 О-12
F-3О-3,
О-11
2 F-5
О-2,
О-6,
I-7
О-8,
I-8
О-5,
F-4,
L-1
S-2
Risk Map of group of companies of Kazatomprom
Imp
act
5 I-3
4 I-6
S-1,
О-4,
О-1
I-1, I-2,
3 F-1
9
Risk Appetite, Risk Tolerance, Limits
Risk appetite - the amount and type of risk an organization is willing to accept in pursuit of its business objectives. We use practice of definition quantitative and qualitative risk appetite. Risk management carries out quarterly
monitoring practice.
“Designing risk management without defining your risk appetite is like designing a bridge without knowing which river
it needs to span. Your bridge will be too long or too short, too high or too low, and certainly not the best solution to
cross the river in question”. E&Y, Risk appetite. The strategic balancing act.
Risk tolerance: the specific maximum risk that an organization is willing to take regarding each relevant risk.
Setting Limits
The Company has set limits for banks and a list of banks for deposit operations and carries out monthly monitoring.
We used a practice to set a country’s limits and providing monthly monitoring.
10
Key Risk Indicators
Key Risk Indicator - is the indicator used by Company for receiving an early signal of increasing
probability of certain risk realization.
We will try to define KRI for each key risks. It helps for the Management Board to monitor all risks every
week and make effective decisions.
KRI are useful tools for
Management
Information about KRI
condition for Management
Board is displayed every
week on electronic screen
Information about KRI
condition for Board of
Directors is submitted by
quarterly reports
№ Code of
risksRisks KRI Unit Formula
Measuring
frequencyStatus
Responsible
unit
1 S-1 Risks #1 KRI #1 $ Formula Every week Unit #1
2 O-2 Risks #2 KRI #2 % Formula Every week Unit #2
3 F-3 Risks #3 KRI #3 tons Formula Every month Unit #3
n L-4 Risks #4 KRI #4 coefficient Formula Quarterly Unit #4
KRI Board
11
Risk Reports
Reports Terms Recipient Responsible unit
Reports on KRI Every week Management Board
Risk management
Division
Reports on limits
for banking
operations
Every month Management Board Risk management
Division
Reports on
implementation of
action Plan in the
context of register
of risks
Quarterly Management Board Risk management
Division
Risk management
reports Quarterly Board of Directors
Risk management
Division
12
Internal Control
The internal control system provides a management system, which is capable to quickly react to process risks and has
control over the business processes.
Internal control is directed to prevent risks in three key areas of activities:
• formation of financial and management reports,
• compliance with legal requirements and internal documents,
• increase of productivity in processes within operational activities.
Internal control system in Kazatomprom consists of five interdependent components:
• control environment;
• risks assessment;
• control procedures;
• information and its transfer;
• monitoring.
Within an internal control system the Company performs the following actions:
• Carrying out testing of efficiency of design of control procedures of business processes;
• Carrying out diagnostics of development of an internal control system in subsidiaries.
13
Thank you for your attention!
14