Internal Control Policy
State Joint Stock Company
1. Purpose and Audience1.1. The Internal Control Policy of State Joint Stock Company “Latvijas Valsts radio un televīzijas centrs” (hereinafter - LVRTC) stipulates uniform basic principles and approaches to the formation of an internal control system, internal control system elements, its goals and assignments, as well as stipulating the duties and responsibility of management system stakeholders in relation to internal monitoring.
1.2. The objective of the policy is the introduction, maintenance and improvement of the internal control system, in order to improve the credibility and effectiveness of the functioning of LSRTC, ensuring sufficient guarantees for the attainment of the goals of LSRTC and the fulfilment of its tasks.
1.3. This policy is binding on the LSRTC Supervisory Board, Management Board and employees.
2. Terms and acronyms
External audit- Checks conducted by independent third parties, evaluating conformity to international, national or industry requirements.
DMS- Document Management System
Internal Audit- Functional means, with the help of which the LVRTC Management Board receives approval from internal sources that the processes for which it is responsible function in a way that reduces fraudulent, erroneous, or unproductive or uneconomic activities and conform to the defined requirements. This is the collection and evaluation of information evidence, in order to determine and report to the LVRTC Management Board regarding the degree of correspondence between this information and the set criteria.
Internal Control- A process, the goal of which is to reduce risks and to ensure an orderly, economic, productive and efficient LVRTC operating process that corresponds to ethical norms, compatibility with valid laws and regulations, protection of resources against losses and malicious use and damage.
LVRTC- VAS “Latvijas Valsts radio un televīzijas centrs”, Uniform Registration No. 40003011203, 14 Ērgļu Street, Riga, Latvia, LV-1012
LVRTC Development Strategy- LVRTC “Medium Term Operating Strategy for 2019–2022.”
LVRTC Management- LVRTC Supervisory Board, Management Board, departmental directors and section heads directly subordinate to the Management Board
Policy- Internal Control Policy
RQMS- Risk and Quality Management Section
Internal Control System- A set of risk management, control and management measures, the task of which is to ensure the attainment of the company’s goals, efficient operations, active protection, credibility of reports, compatibility of operations with legislative acts, the formation of which is the responsibility of the company’s Management Board.
Direct manager- The manager to whom an employee is directly subordinate in employment relations (direct manager) Plans, organises and manages the work of the structural unit in accordance with the by-law for the structural unit and job description within the scope of its competence.
3. General3.1. Internal control is a continual and cyclical process as part of LVRTC corporate governance.
3.2. Establishment of an internal control systems is a task for management, but its effective introduction is the responsibility of all LVRTC employees. Every employee must facilitate the formation of an effective control system that would make it possible to perform his or her duties better.
3.3. The internal control system must achieve a reasonable balance between threatening risks and the costs of risk reduction measures. One must realise that no system can ensure absolute security, discover all errors or prevent deliberate fraud (corruption).
3.4. The internal control system consists of the following mutually connected elements, which are described in Clause 5 of the Policy:
3.4.1 LVRTC operational planning; 3.4.2. control environment; 3.4.3. risk assessment; 3.4.4. control measures; 3.4.5. information and communication; 3.4.6. oversight.
3.5. The authorisations and responsibility of internal control system stakeholders are stipulated in Annex 1 to the Policy.
4. Functioning of the Internal Control System4.1. Basic Requirements for Functioning of the Internal Control System: 4.1.1. Efficient, useful and economic operations of LVRTC; 4.1.2. Obtaining of timely and credible financial and management information; 4.1.3. Performance of the required improvements; 4.1.4. Work in the public interest; 4.1.5. Ensuring good governance; 4.1.6. Prevention of potential risks, including risks related to corruption and potential conflicts of interest; 4.1.7. Prevention of waste, inefficient and counter-productive use of property and funds; 4.1.8. Protection against the unauthorised disclosure of information (data); 4.1.9. Operation in conformity with the competence stipulated in laws and regulations; 4.1.10. Timely identification and prevention of mistakes that have been made.
4.2. Internal Control System Principles 4.2.1. Principle of Integrity. Monitoring measures span all processes or process element operational aspects, risks and monitoring are considered in light of their mutual impact and consequences. 4.2.2. Integration principle. The internal control system is integrated into current business directions and is aimed at the attainment of LVRTC goals. 4.2.3. Principle of Continuity. The internal control system operates continually in the performance of financial and economic operations and in the making of management decisions. 4.2.4. Principle of Feasibility. Control measures have been developed and are implemented in processes, based on an analysis of their effectiveness, taking the complexity of LVRTC business processes and significance of risks into account. 4.2.5. Principle of full responsibility. All LVRTC structural units are responsible for the identification, analysis and ongoing oversight of risks under the auspices of their operations, development and introduction of the required risk management measures and monitoring, their application within the scope of its competence and ongoing oversight of the effectiveness of risk management measures and monitoring. 4.2.6. Security principle. For the fulfilment of the tasks entrusted to it, LVRTC is provided with the required organisational and technical means only. 4.2.7. Principle of Separation of Duties. Fulfilment of duties and fulfilment of control shall not be entrusted to a single LVRTC employee.
4.2.8. Principle of Delegation In the determination of boundaries of responsibility and authorisations, a precise balance shall be ensured between interest, support and motivation on the one hand and intervention or carelessness on the other.
4.2.9. Principle of Timeliness. Information about violations or incidents discovered shall be reported to decision-makers immediately.
4.2.10. Optimisation principle. The scope and complexity of internal control measures should be necessary and sufficient to fulfil tasks and attain risk prevention and reduction goals. 4.2.11. Adaptation and Development Principle The LVRTC Board ensures conditions for the ongoing development of the internal control system, bearing in mind the need to resolve new problems that arise as the internal and external conditions of LVRTC operations change.
4.3. Internal Control System Tasks 4.3.1. Risk identification, analysis and assessment, effective management of these risks, including risk management regarding the efficient use of available resources. 4.3.2. Compilation of credible information regarding the functioning of the internal control system for decision-making by the Management Board. 4.3.3. Creation of internal control mechanisms, whose objective is the efficient functioning of business processes, reducing risks related to business processes, and realisation of LVRTC business projects. 4.3.4. To provide an optimal organisational structure, which in accordance with its requirements, is built based on the principle of separation of authorisations and responsibility between persons involved in the internal control system. 4.3.5. Ensuring the secure and efficient use of LVRTC assets and resources. 4.3.6. Objective, fair and clear presentation of opinions regarding the current state and development prospects of LVRTC, integrity and transparency of LVRTC overviews, and the rationale and acceptability of risks assumed by LVRTC. 4.3.7. Ensuring the effectiveness of control measures, the objective of which is to reduce the risks of LVRTC becoming involved in corruption and corporate fraud involving LVRTC. 4.3.8. Protection of LVRTC shareholders’ interests, screening of business partners and analysis of their anti-corruption measures, as well as evaluation and prevention of conflicts of interest. 4.3.9. To create conditions for the timely preparation of credible reports and their presentation for internal and external use, as well as other information, which must be disclosed in accordance with the applicable laws and regulations. 4.3.10. Ensuring the compliance of LVRTC with the applicable laws and regulations.
5. Elements of the Internal Control System5.1. LVRTC Operational Planning
5.1.1. set LVRTC purpose and values;
5.1.2. ratified LVRTC management documents;
5.1.3. specified operating results to be attained;
5.1.4. set goals and tasks for employees in conformity with LVRTC management documents.
5.2. Control Environment
5.2.1. set LVRTC structure corresponding to LVRTC goals and operations;
5.2.2. approved structural unit by-laws and employees’ job descriptions (the referred to documents are regularly reviewed and, if necessary, updated);
5.2.3. logical, transparent and easily manageable delegation of actions and responsibilities as stipulated in LVRTC internal rules, ensuring effective decision-making;
5.2.4. approved and introduced LVRTC human resources policy, which fosters the recruitment of personnel appropriate for the attainment of LVRTC objectives;
5.2.5. approved LVRTC ethical requirements, which are binding on LVRTC management and employees and stipulate their behaviour and conduct in relation to decision-making.
5.3. Risk Assessment
5.3.1. identification of internal and external risks that could hamper the attainment of LVRTC goals;
5.3.2. assessment of the probability of the occurrence of risks, their impact and vulnerability in relation to the attainment of goals;
5.3.3. identification of the acceptable risk level for LVRTC, classifying them from significant to minor.
4. 5.4. Monitoring Measures
5.4.1. stipulation and introduction of the process delegating rights, examining, harmonising and ratifying management decisions;
5.4.2. protection of materials and financial resources;
5.4.3. stipulation and introduction of conditions for the separation of duties (responsibility) and prevention of corruption and conflicts of interest;
5.4.4. establishment of a system for making reports regarding attained results in conformity with LVRTC management documents;
5.4.5. regular employees’ work performance reviews;
5.4.6. stipulation and regular review of LVRTC processes and realms, where consistent action is required in identical instances, and set internal procedures for its fulfilment;
5.4.7. implementation of risk management measures, in order to reduce the most significant risks facing LVRTC and ensure the attainment of LVRTC goals;
5.4.8. measures devised and introduced ensure that accounts and other information are true, comparable, timely, meaningful, clear and complete;
5.4.9. performance of other monitoring measures ensuring the efficient and useful utilisation of financial and other resources, adhering to the principles of good governance.
5.5. Information and Communication
5.5.1. LVRTC employees are informed about LVRTC goals, LVRTC management documents, internal rules and ethical principles;
5.5.2. the internal information circulation and communication system provides managers and employees of all levels with the information required to performs tasks effectively and to attain LVRTC objectives;
5.5.3. development of processes to provide the public with information and to ensure the involvement of public representatives;
5.5.4. establishment of a document circulation and storage system to provide LVRTC with appropriate, up-to-date, accurate and accessible information;
5.5.5. development of information systems’ security policy, which employees are acquainted with.
5.6.1. occasional assessment of internal audit internal controls;
5.6.2. regular checks on the implementation of control measures;
5.6.3. ongoing oversight elements integrated into information systems;
5.6.4. assessments of internal and external audit results;
5.6.5. assessments of the quality of the internal audit function.
6. Development of the Internal Control System6.1. Internal control system developmental planning is performed, in order to ensure the consistent, ongoing and integrated development of the internal control system.
6.2. Internal control system effectiveness assessment forms:
6.2.2. internal audit assessment;
6.2.3. external audit assessment.
6.3. Development of the internal control system includes measures, which improve internal control processes (e.g. use of new methods and practices, formulation and updating of internal rules in the realm of internal control) and organise interaction and information exchange under the auspices of the internal control system (e.g. LVRTC employee training) in accordance with the developmental directions of the internal control system.
6.4. The goal of the self-assessment of the internal control system is to assess weaknesses and strengths and to formulate proposals for improvements.
6.5. The scope and framework of the internal control system self-assessment for direct managers are determined by the Risk Manager.
6.6. Internal control system self-assessments are prepared by direct managers regarding processes under their control. Self-assessments are compiled in February each year for the previous calendar year. Direct managers submit self-assessments to the Risk Manager.
6.7. The Risk Manager analyses the assessment made in self-assessments, prepares proposals for improvement of the internal control system in March each year for the previous calendar year and submits them to the Management Board for evaluation.
7. Closing provisions7.1. This policy is reviewed at least once every three years, as well as in the event of amendments to pertinent laws and regulations of the European Union or Republic of Latvia, LVRTC internal rules, or significant changes to the organisational structure or managers’ authorisations, the internal communication corporate system, and business processes, etc.
7.2. Policy change management is overseen by the RQMS.
7.3. This policy comes into force from the time of its ratification at a Management Board meeting, in accordance with the procedure stipulated in the decision of the Management Board.
7.4. The original policy is stored in the DMS.