The Internal Audit Office is an independent unit in the Company and reports directly to the Audit Committee. The Internal Audit Office has responsibilities to examine and evaluate the sufficiency of the Company’s internal control system both financial and non-financial information, including reviewing compliance with the internal policies and providing recommendations in order to develop and improve the Company’s operations. The objective is to ensure that the Company strictly abides by the laws and regulations, retains good corporate governance and good internal control, and achieves the operational objectives of the organization.
The Internal Audit Office prepares an annual plan and a 3-year long-term plan based on the principles for the assessment of risks that affect the business operation and cover the operational process of the organization. These plans are approved by the Audit Committee. The scope of work of the Internal Audit Office covers auditing, monitoring, controlling, examining, reviewing, and assessing the sufficiency and the effectiveness of the Company’s internal control system, including the performance quality of the following:
- Reliability of the internal control system as well as compliance with the standards and finance and accounting policies to ensure that the accounting and financial information is accurate and reliable and that the adopted organization structure plan, procedures, and measures are sufficient for protecting the assets from all kinds of frauds and errors;
- Reliability of the internal control system in terms of management and operation to ensure that they are consistent with the policies and plans and are in accordance with the requirements of the laws and regulations of the government and supervisory authorities, including the Company’s regulations which cover activities such as operation management, procurement, marketing, administration, finance, accounting and human resources;
- Reliability of the internal control system as regards information and communication, review the structure of the Information Technology Department, access to information, access to programs, data processing, system development, data backup, preparation of backup plans in case of emergency, authority of operation in the system, and production of documents from the system, including storage of documents, manuals, and computer system flowchart; and
- Reliability of the internal control system with regard to anti-corruption in order to be consistent with and correspond to the Company’s anti-corruption measures, which shall support the Company’s business operation to be conducted with integrity and in a sustainable manner. The measures cover a complaint receiving framework and a complaint management procedure in order to provide complaint channels for employees and other stakeholders. In this regard, a collaboration among relevant departments is established in order to find solutions, set up preventive measures and provide employees and other stakeholders with the complaint channel. The Internal Audit Office is one of the channels to receive complaints. A complaint receiving manual has been prepared for general complaints, material adverse impact complaints and corruption and bribery related complaints. The Internal Audit Office will monitor the progress on the handling of complaints and report the same to the Audit Committee.
The Internal Audit Office presents the audit report to the Audit Committee constantly on a quarterly basis and regularly monitors the progress of the corrective actions as per recommendations.