Annual report and accounts 2012

Risk report

Risk management framework

Severstal’s operations are subject to certain risks. Effective risk management is an essential element of our operations and strategy. The accurate and timely identification, assessment and management of risks supports decision making at all management levels and ensures we will achieve our strategic goals and meet our KPIs.

Our risk management framework is designed to identify, manage and mitigate the risk of failure to achieve business objectives. Executive management and managers and employees at all levels participate in the process of managing risks on a continuing basis, and perform duties assigned to them within the risk management process. The Board of Directors and all employees of Severstal are obliged to adhere to the company’s risk policies and standards at all times during their work.

There is a formalised risk management structure in place, with clear delineation of roles, responsibilities and accountabilities for the Board, Audit Committee, Executive Committee and Risk Management function (a part of the Internal Audit and Risk Management Department).

The Board of Directors is ultimately responsible for maintaining a sound risk management and internal control system. The Audit Committee closely monitors the effectiveness of the risk management system and internal audit function and obtains regular risk reports from management.

Our risk management structure includes a Risk Management Committee that is responsible for implementing our risk management policy and monitoring the effectiveness of controls in support of the company’s business objectives. This committee meets several times a year and can meet more frequently if required. The committee comprises key vice presidents, the CEOs of our most important production facilities, and the head of our risk management function. Risk reports are compiled and submitted at each Risk Management Committee meeting, after which the most material risks are reported to the Audit Committee.

The Risk Management function (part of our Internal Audit and Risk Management Department) is responsible for coordinating risk identification and assessment processes, implementing risk management best practice, and internal and external reporting.


• Assures shareholders that the company has identified key risks and is successfully managing them

Audit Committee

• Monitors the overall effectiveness of the risk management system and internal audit function

Risk Management Committee

• Monitors performance of the risk management system and key risks

• Promotes communication between functional managers and between management and the Board

• Preliminarily approves risk management policies and procedures

• Reviews and approves external and internal risk reports

Risk Management function

• Coordinates risk identification, assessment and mitigation measures

• Accumulates and processes risk assessment data

• Generates consolidated risk reports

Risk owners

• Identify specific risks and initiate risk management measures

The key risks factors which are likely to affect our business, financial position and operational performance as well as mitigation measures are described below 1.

1 This chapter presents only key risks and does not give an exhaustive account of all risks facing the Company.