Organization of Internal Audit

1. Purpose of internal audit

Purpose of Internal Audit

At JiYou Technology, internal audit adheres to the principle of “promoting benefits over preventing fraud.” Through risk assessments, system reviews, and on-site audits, we assist various departments in identifying areas for process improvement. By conducting independent and objective evaluations and consulting activities, internal audit adds value to the company, optimizes organizational operations, strengthens corporate governance, and supports the board of directors and management in achieving organizational goals.

Internal Audit Organization

The internal audit department of the company reports directly to the Board of Directors.

The appointment or dismissal of the Chief Audit Officer (CAO) is subject to the approval of the Audit Committee and must be submitted to the Board of Directors for final approval. The CAO reports the internal audit plan, the details of various internal audit activities, and the audit results during each routine Board meeting, along with improvement suggestions and progress on corrective actions.

The qualifications of internal audit personnel and their deputies comply with Article 11 of the Financial Supervisory Commission’s “Regulations Governing the Establishment of Internal Control Systems by Public Companies.” The appointment, evaluation, and remuneration of internal audit personnel are approved by the Chairman of the Board, following the recommendation of the CAO. Existing internal auditors are required to complete the designated training hours each year, in accordance with Article 17 of the same regulations.

Internal Audit Responsibilities and Operations

1. Evaluate and examine the soundness, reasonableness, and effectiveness of the internal control system and various management systems.
2. Investigate and assess deficiencies in the internal control system and measure operational efficiency, providing timely recommendations for improvement to ensure the continuous and effective implementation of internal controls, and to assist the Board of Directors and management in fulfilling their responsibilities.
3. Supervise and provide recommendations for improvements to the company’s internal operational processes.
4. Plan and execute both internal and external audit activities.

Internal Audit Scope of Work

1. Audit the progress of operational plan implementation and the achievement of objectives.
2. Audit the use of company resources to ensure their effective utilization.
3. Audit the integrity and reliability of the execution of company policies and regulations.
4. Conduct regular audits according to the internal audit plan.
5. Conduct special audits on an ad-hoc basis.

Internal Audit Timing and Procedures

The audit unit selects audit items and frequency each year based on the results of the risk assessment and drafts the audit plan, which is then approved by the Board of Directors before being executed. The internal audit reports and working papers submitted by the audit department include evaluations of the internal control system, management regulations, and business processes to determine whether the current rules and process controls are appropriate, whether management and business units are effectively implementing internal controls, and whether operational efficiency is reasonable. Improvement suggestions are provided promptly.

Internal auditors disclose any deficiencies or abnormalities in the internal control system identified during audits in the audit report, and after the report is submitted, they follow up by regularly creating follow-up reports to ensure that all units have taken appropriate corrective actions in a timely manner.

1. Collect and analyze business activities, assess business risks, and establish an audit plan.
2. Conduct on-site audits based on the audit plan, prepare audit working papers, communicate audit results with the responsible unit’s management, provide improvement suggestions, and submit the audit report to the audit unit supervisor.
3. The audit unit supervisor reviews the report and requests the audited unit to provide an improvement plan and schedule for implementation, which is included in the follow-up.
4. The audit unit follows up on the results of the improvement plan, conducts a re-audit of the improvement actions, and submits the audit report and follow-up results to the independent directors for review.

Self-assessment of Internal Controls

The company’s internal control system is designed by management and approved by the Board of Directors in accordance with the “Regulations Governing Establishment of Internal Control Systems by Public Companies” and considering the company’s overall business operations. The internal control system includes key components and control activities to reasonably ensure the achievement of the following objectives:

1. Effectiveness and efficiency of operations.
2. Reliability, timeliness, and transparency of reporting, and compliance with relevant standards.

3.     Compliance with applicable laws and regulations.

The General Manager oversees that all internal units and subsidiaries conduct at least one internal control self-assessment each year. The audit department reviews the self-assessment reports from each unit and subsidiary, along with the improvement status of any internal control deficiencies or irregularities previously identified by the audit department. This serves as the primary basis for the Chairman and General Manager to evaluate the overall effectiveness of the internal control system and to issue the Internal Control System Statement, which is then submitted to the Audit Committee and the Board of Directors for approval.

Audit Management of Subsidiaries

Taking into account the regulations of the government where the group’s subsidiaries are located and the nature of their actual operations, each subsidiary is encouraged to establish necessary supervision and management control procedures as needed. Subsidiaries are included in the scope of internal audits, and audit tasks are executed based on risk assessment results. For internal control deficiencies or irregularities identified by the audit department, the audit department should communicate fully with the audited unit and request them to propose specific and effective improvement measures. The audit department will follow up until the improvements are completed.

Communication Policy Between Independent Directors, Internal Audit Supervisor, and Accountants

Independent directors actively participate in board meetings and are able to communicate with financial and accounting managers, internal audit, and accountants at any time. Additionally, independent directors meet face-to-face with the accountants and the internal audit supervisor at least once a year and may convene meetings at any time to discuss significant or unusual matters.

After completing the monthly audit reports, the internal audit supervisor submits them to the independent directors for review by the following month and provides regular reports at board meetings. The internal audit supervisor and the independent directors meet at least once a year and may convene additional meetings to discuss significant or unusual matters.

※ Self-inspection of operating procedures and methods

I. Purpose of Self-inspection The purpose of the self-inspection of the self-inspection system is to implement the company’s self-supervision mechanism and respond to changes in the environment in a timely manner to adjust the design and implementation of the internal control system and improve the inspection quality and internal audit department effectiveness.

II. Self-inspection operation procedures and methods

• Procedures and methods for self-inspection includes: control of the environment, risk assessment, information and communication, and supervision: At least once a year, self-inspection will be conducted by the relevant unit based on the judgment items set by the certificate authority, and the “internal components Control Evaluation Form “, and the internal audit unit reviews the self-inspection report of each unit.
• Procedures and methods for self-inspection of control operations: first urge internal units and subsidiaries to conduct self-inspection at least once a year, conduct self-inspection according to various internal control systems, and issue an “operation-level internal control assessment form”, and then the internal audit unit Review the self-inspection report of each unit and subsidiary as the main basis for the board of directors to evaluate the effectiveness of the overall internal control system and issue the “Statement of Internal Control System”.