ҚАЗ РУС ENG
About the Report
Key sustainable development indicators 2024
Message from a Member of the Board of Directors
Message from the Chairman of the Management Board
Sustainability highlights 2024
1. About the Fund
2. Strategic approach to sustainable development and ESG
3. The Fund’s contribution to the welfare of the country
4. How we work
5. Our people
6. Investing in a clean environment
7. Corporate governance
Board of Directors
Management Board
Sustainability Management
Conflict of interest management
Openness and transparency
Risk management and internal control
ESG DataBook 2024
Report methodology
Our contribution to the SDGs
Participation in the UN Global Compact
Approach to stakeholder engagement
GRI Content Index
Contact information
Feedback questionnaire

Risk management and internal control

The Corporate Risk Management System (hereinafter – CRMS) is designed timely identify, assess, manage and monitor risks that may affect the achievement of the organisation's strategic and operational objectives.

The Board of Directors of the Fund determines the principles and approaches to the organisation of the risk management and internal control system based on the objectives of the system and taking into account the best practices and methodology of the Fund in the field of risk management and internal control.

Our main internal regulatory document governing risk management issues is the Fund's Policy on Risk Management and Internal Control. This Policy has been drafted taking into account the recommendations of COSO Conceptual Framework for Organisational Risk Management: Integration with Strategy and Performance Indicators and is designed to strengthen the responsibility of risk owners for risk management at all levels of the Fund, to increase the integration of risk management into all processes of the Fund.

For the purpose of effective risk management, the Board of Directors has established the principle of three lines of defence. The first line of defence is the direct risk owners. The second line of defence is the Risk Management and Internal Control Department and the Compliance Service, which perform control and monitoring functions. The third line of defence is the Internal Audit Service, which provides objective and independent assessment of the effectiveness of the risk management and internal control system.

GRI 2-16

The Risk Management Department, the Compliance Service and the Internal Audit Service bring to the attention of the Board of Directors information on emerging critical issues and matters requiring attention.

The internal control system is an integral part of the Fund's CRMS and is aimed at building a management system capable of responding quickly to process risks, exercising control over the main and auxiliary processes and daily operations, and is built in accordance with the COSO Internal Control – Integrated Model, and consists of five interdependent components:

  1. Control environment;
  2. Risk assessment;
  3. Control procedures;
  4. Information and communication;
  5. Monitoring.

In 2024, work continued to build an effective internal control system by documenting control procedures in the Fund's internal regulations and complying with internal regulations in the field of risk management and internal control.

The Internal Audit Service of the Fund is an important element of the risk management and control system. The Service carries out its activities in accordance with international professional standards of internal audit, including the Code of Ethics of the International Institute of Internal Auditors. In 2023, the Internal Audit Service successfully passed an external independent assessment for compliance with the International Professional Standards for Internal Auditing and the Code of Ethics developed by the Institute of Internal Auditors.

The role of the Board of Directors is to approve the overall risk management and internal control policy for the Fund. All key risks, including accident risks, risks of significant investment projects, risks of social instability, financial risks, risks of litigation, risks of reputational damage, risks of the impact of sanctions legislation, risks of the asset privatisation programme were in the constant focus of attention and control of the Board of Directors in 2024.

The Management Board is responsible for the organisation and effective functioning of the CRMS.

On annual basis, the Fund carries out risk identification, with the results reflected the Risk Register, which is approved by the Board of Directors. In the Risk Register of the Fund, all risks are divided into the following groups: strategic, financial, operational and legal.

The portfolio companies have risk management systems that take into account industry specifics.

Read more about risk management across the Fund in the Fund’s Annual Report 2024. Read more about risk management in the portfolio companies in the Annual Reports of the portfolio companies.

ESG RISK MANAGEMENT

GRI 2-12, TCFD

ESG risk management is integrated into the overall risk management system of the Fund. The Fund's risk register in 2024 included ESG-related risks, including: accident risk, social instability risk, personnel risks, litigation risk, compliance risks, and environmental risks, including ecological and climate risks.

We place significant emphasis on climate risks and their effective management. The Board of Directors is responsible for approving both short-term and long-term goals, including climate-related aspects.

Climate risks are included in the corporate risk management system; they are defined in the category of environment-related risks. The risk management system is aimed at timely identification, assessment, monitoring and mitigation of potential risk events that may adversely affect the achievement of strategic objectives.

We identify climate risks in accordance with the TCFD recommendations (Recommendations on the disclosure of financial information related to climate change). Among the portfolio companies, NC KazMunayGas JSC, Samruk-Energy JSC, NAC Kazatomprom JSC, KEGOC, Kazakhtelecom JSC, NC Kazakhstan Temir Zholy JSC identify climate risks of their activities. Read more about it in the Climate Risks subsection.

In addition, portfolio companies undergo an independent assessment of their exposure to material industry ESG risks in terms of environmental, social and governance criteria, as well as how effectively the company manages these risks. This assessment is conducted as part of international ESG ratings and assesses the quality of environmental and social management (including human resources, customer relations, community impact, etc.). The areas where the company has the greatest economic, environmental and social impact are analysed. We wrote more about the results of such an assessment within the framework of ESG ratings in the subsection Sustainability Ratings.

Risk management and internal control
© 2025 «Samruk-Kazyna» JSC
Contact information
www.sk.kz