Internal Audit System
The design, implementation and operation of the Company’s internal control system follow the Regulations Governing Establishment of Internal Control Systems by Public Companies and other related regulations.1. Purpose of Internal Audit
Internal Audit aims to assist the Board of Directors and management in inspecting and reviewing deficiencies in the internal control system as well as measuring operational effectiveness and efficiency, reliability of financial reporting, and compliance with applicable laws and regulations. Internal Audit shall make timely recommendations for improvements to ensure sustained operating effectiveness of the system as well as to provide a basis for review and correction, with the overall goal of achieving sound operation within the Company.2. Organization of Internal Audit
2.1 The Company’s Internal Audit Division reports to the Board of Directors and performs full-time internal audit work. Internal Audit shall consist of qualified persons in an appropriate number as full-time internal auditors based on the Company’s scale, business conditions, management needs, and other applicable laws and regulations. The Internal Audit Division is comprised of a Chief Audit Executive and seven full-time internal auditors.
2.2 Any appointment or discharge of the Chief Audit Executive shall be approved by the Board of Directors, and be reported to the FSC for recording via the internet-based information system by the 10th day of the following month.
2.3 The qualifications of internal auditors shall follow the regulations and shall pursue continuing education and obtain prescribed hours of training. The names, ages, educational background, experience, seniority, and training of the internal auditors shall be reported to the FSC for recording by the end of January each year via the internet-based information system.
2.4 Organization Structure - Internal Audit Division
The internal auditors shall be detached, independent, objective, and impartial, in faithfully performing their duties, and in addition to reporting their audit operations to each supervisor on a regular basis, the Chief Audit Executive shall also attend and deliver a report at the Board of Directors meetings.
3.1 The operation of internal audit shall be performed by executing annual audit plans. The annual audit plans shall be formulated based on the results of risk assessment and include audit items, times, procedures, methodology, etc. The internal auditors shall regularly or irregularly perform on-site audits, and prepare and submit audit reports with working papers and relevant materials in order to ensure the sustained operating effectiveness of the Company’s internal control systems.
3.2 Annual self-assessment of the Company’s internal control system shall first be conducted periodically by all internal departments and subsidiaries themselves and reports shall be reviewed by internal auditors. The Company has adopted the ICSA ePlatform (Internal Control Self-Assessment ePlatform) to perform internal control self-assessment. Based on the internal control risks database, all department heads assess and inspect the effectiveness of the design and operation of the internal controls. In addition, the self-inspection reports of departments and subsidiaries shall be reviewed by the internal auditors. These reports, combined with the corrections of any deficiencies or irregularities of the internal control system discovered by the internal auditors, will be the main references for the Board of Directors and the CEO in evaluating the overall effectiveness of the internal control system and issuing the Internal Control System Statement. The Internal Control System Statement shall be publicly announced and reported on the websites designated by the FSC within four months from the end of each fiscal year in the prescribed format, and published in the Annual Report.
3.3 The internal auditors shall faithfully disclose in audit reports any deficiencies or irregularities discovered in the internal control system, and, after presenting the reports, follow up on the matter and prepare follow-up reports on a regular basis to ensure that the relevant departments have taken appropriate corrective actions in a timely manner, which shall also be a basis for the performance evaluations of the relevant departments.
3.4 After having presented the audit and follow-up reports, the internal auditors shall submit the same for review by the supervisors by the end of the month following the completion of the audit. Any material violation or likelihood of material damage to the company shall be promptly reported to the supervisors.
3.5 Internal auditors shall submit the next year's audit plan to the FSC for recording by the end of each fiscal year, and shall also submit a report on the execution of its previous year's annual audit plan within two months from the end of each fiscal year. Internal auditors shall report its corrections of any defects or irregularities of the internal control system discovered during the past year's internal audits within five months from the end of each fiscal year in the prescribed format via the internet-based information system.