In order to meet the requirements for proper corporate governance, RAG has implemented all of the elements necessary in accordance with a modern Three Lines of Defence model and integrated them into its operations. These are mainly related to the groups of issues typically associated with compliance, risk management and the internal control system. Additional elements – such as an information security management system (ISMS) and a business continuity management system – are in place to help us fulfil our duties as an operator of critical infrastructure.
An internal audit of RAG’s compliance management system was carried out at the end of 2020, and the resulting proposals for improvements were quickly implemented.
We are well-known for our long-term ties with contractual partners and suppliers. These business relationships are characterised by fairness, trustworthiness, integrity and transparency. We are also committed to upholding the principles of fair and honest competition, and complying with all statutory regulations designed to combat bribery and corruption.
Our employees are forbidden from requesting or accepting preferential treatment or inducements, and from offering or providing such advantages to others. They are also obliged to avoid conflicts of interest between personal matters and their company-related duties. In order to prevent misconduct, all employees receive compulsory training on appropriate behaviour. The company also has internal anti-corruption reporting systems in place, and reports are prepared annually for the Executive Board and the Audit Committee.
Donations and sponsorship of third parties require the express permission of the Executive Board. All such activities are registered centrally and reported to the Executive Board once a year.
The company has no political affiliations, and makes no financial contributions to political parties or organisations, or their representatives. We represent RAG’s interests in dealings with public bodies with regard to matters that affect the company itself, or its employees, customers and representatives of the owners. This relates to memberships or involvement in working groups set up by various industrial associations and interest groups.
Compliance with internal guidelines and processes is maintained by an internal control system (ICS). This is characterised by a functioning organisational structure, application of the four-eye principle, separation of functions, and internal guidelines for business processes.
All business transactions concluded on behalf of RAG must be booked or documented in accordance with the applicable regulations, and must be verifiable. Under the process-oriented ICS, selected business processes are subject to systematic controls – the individual control steps are documented and checks are made to ensure they are carried out. Annual evaluations ensure that the ICS is kept up to date, and its effectiveness is also continuously monitored by Internal Audit.
The ICS focuses primarily on financial reporting, but it also covers key operational aspects, such as tank farm inventories in order to ascertain stocks of crude oil held as compulsory emergency reserves, and reserve accounting for oil and gas.
Based on the General Data Protection Regulation (GDPR), our data protection policy governs the treatment of personal data at the company. In order to ensure effective policies, a data protection management process has been implemented with the goal of achieving continuous improvements in data protection standards and adapting to new requirements. If employees have any questions they can contact the designated data protection officer, the HR Department or the Legal Department.
We place an emphasis on forming fair and transparent relationships with suppliers and partners who operate in accordance with our philosophy, and are also committed to environmentally and socially responsible management. For this reason, in 2020 we drew up a supplier code of conduct containing corresponding long-term requirements for suppliers’ practices.
The code also contains provisions on human rights, social responsibility, environmental matters, as well as compliance and integrity. The supplier code of conduct can be found here.
We are fully aware that sustainability-related aspects can make a significant contribution in procurement. And over the coming years we will engage even more closely with our suppliers in order to establish basic principles and to examine the associated risks and effects for the value chain.
Curd Ornig | Head of Procurement