In accordance with the "Regulations Governing Establishment of Internal Control Systems by Public Companies" and the nature of the industry's characteristics, the Company categorizes its internal control policies into the sales and cash receipts and associated operational cycle control procedures, and management procedures that govern the supervision and management of subsidiaries. Through its efforts in developing comprehensive management, in improving operational efficiency, and in achieving reliability and timeliness of reporting standards in adherence to related regulations and legislative compliance, the Company aims to achieve a reasonable level of assurance in its internal audit procedures.
Organization of Internal Audit
The Company's Internal Audit Office reports to the Board of Directors, and is established with one chief auditor, and a varied number of auditing staff that is compliant with FSC rules on acceptable qualifications. The appointment of the Internal Auditor does not require the acceptance by the Board of Directors, and should attend Board of Director meetings to report on auditing matters. The names, age, education, expertise, service record, and related training records should be filed in accordance to FSC required formats, time, and uploaded to Internet systems for future reference.
Operations for Internal Audit
Scope of Audits
- The Company's finance cycle, key operational cycles, and related legal compliance matters are within the scope of audits.
Subject of Audits
- The business units and all branch units of the Company.
- Subsidiaries (including sub-subsidiaries, non-public companies, and overseas subsidiaries), that are in accordance to the rules governing the preparation of financial reports of public companies.
Purpose of Audits
The purpose of an internal audit is to assist the Company's Board of Directors and senior management to inspect and review internal control policies for areas of deficiency and to balance operational results and efficiency, and provide advice on improvements as needed, to ensure the internal control policy maintains an effective implementation and is in accordance to revisions to the internal control policy.
Method of Audits
- The internal audit procedures shall be primarily based on regular audits, and supported by spot checks. The internal audit plans should formulate annual audit plans. The sample size of audit checks, shall vary dependent on the completeness of internal control policies of each item, and based upon previous audit records and performance. For the choice of audit items, the decision shall be based upon the supervising officer, or in accordance to the annual auditing plan, or from past auditing results. A continual audit should be performed by each item, but if due to resource constraints, a selection of audit items can be performed, but each audit item should be audited at least once every 3 years.
- To perform internal audit processes, an planned audit item, time, procedure, and method should be specified.
- During the performance of internal audits, the Company's business activities, records, files, and personnel shall be free, fully able, and without restriction be open to the auditors for participation, review, and contact. For confidential documents, prior approval shall be received before eligible for review.
- During the audit, if auditors require the assistance of any business unit, each unit shall support and assist the auditor as requested.
Auditor's Report
The Company's auditing department shall review in accordance to the annual audit plan, check, and evaluate the execution of the Company's internal control systems. After the inspection and evaluation, a report should be complied with the report being as impartial, brief, constructive, and as timely as possible. Any deficiencies or recommendations as specified in the auditor's report should be noted in a tracking report on a regular basis.
Actual Operations
- At the end of the year, the auditing department shall draft an annual auditing plan in accordance to risk evaluation results. Each year's annual audit plan shall include items in the procedures for the acquisition and disposal of assets, procedures for derivatives trading, loans, endorsements, and guarantees to others, and management of trading with related parties, and other procedures for the control of the finance cycle. For the management and supervision of subsidiaries, rules governing the board of directors meetings, procedural guidelines for the compilation of financial reports, including rules for IFRS, professional accounting judgement, accounting evaluation procedures, accounting policy and changes in accounting estimates, IT security checks, and sales and cash receipt cycles, procurement and payment cycles, and other important operational cycles and regulatory compliance matters. The auditing items shall be categorized in the audit plan each year, and the audit plan shall be approved by the board of director prior to execution.
- Auditing personnel shall perform audits on the auditing items each year, including evaluations on whether the rules are comprehensive, actual performance, accuracy of the information, the timeliness and result of the audit, and an evaluation on the internal control procedures. An internal audit report shall be drafted, with recommendations for improvements included.
- Before the end of each fiscal year, the next year's audit plan shall be drafted, and within 2 months after the end of the fiscal year, the prior year's audit report shall be submitted in the required format to the FSC internet based IT system for reference.
- Within 5 months of the end of the fiscal year, the prior year's internal audit report deficiency and abnormal items improvement plan shall be submitted in the required format to the FSC internet IT system for reference.
- The self-assessment for internal audits for each internal business unit shall be reminded and performed at least once a year. The auditing unit shall review the self-assessment report of each business unit, and together with the deficiency and abnormal items improvement plan, a draft of an internal self-assessment report shall be complied for the Board of Directors and the President to evaluate the effectiveness of the overall internal control policies, and a declaration of the internal control statement shall be drafted. The management report on internal controls shall be approved by the Board of Directors, and after signatures by the Board and the President, submitted via the Internet IT systems to the FSC specified website for public announcement, and the statement shall be included in the Annual Report and Prospectuses.