Purpose of internal audit

The purpose of internal audit is to assist the Board of Directors and the management team in inspecting and reviewing defects of the internal control system, the effectiveness and efficiency of the operation, reliability of financial reports and compliance with laws and regulations. Recommendations are made timely to ensure sustained effectiveness of the internal control system and as a reference for further improvement, thereby helping the operation and governance of the Company.

Organization of internal audit

COPLUS has set up an internal audit unit affiliated to the board of directors and is dedicated to the internal audit work. In accordance with the company's scale, business conditions, management needs and other relevant laws and regulations, an audit supervisor and a qualified and appropriate number of internal auditors to which he belongs are assigned.

Operation of internal audit

• The internal auditors uphold the spirit of detachment and independence, perform their duties in an objective and impartial position, and do their due professional attention. The audit supervisor reports the audit business to the audit committee on a regular basis and attends the report of the board of directors.
  
  The company's internal audit business is based on the results of the risk assessment to prepare an annual audit plan, clearly specifying the audit items, time, procedures and methods. Auditors conduct regular and project audits on a regular or irregular basis. The audit results are attached to work papers and related materials to prepare audit reports for review to ensure that the company's internal control system can be continuously and effectively implemented.
  
  Supervise all units and subsidiaries within the company to periodically evaluate the effectiveness of the internal control system on a regular basis each year. Internal control self-assessment adopts e-platform operation. The self-assessment supervisors of each unit conduct internal control system design and execution effectiveness evaluation based on the internal control risk database. The findings of the lack of internal control and improvement of abnormal events are used as the main basis for the board of directors and the general manager to evaluate the effectiveness of the overall internal control system and issue a statement of the internal control system.
  
  The internal auditors discovered the internal control system's findings and internal audit system declarations, self-assessment and accountant's ad hoc review of the internal control system's deficiencies and anomalies, which were actually disclosed in the audit report and reported in the report Afterwards, follow-up reports are made quarterly to ensure that relevant units have taken appropriate improvement measures in a timely manner and are listed as important items in the performance evaluation of each department. After the audit report and follow-up report are reviewed, they should be submitted to the audit committee for review before the end of the month following the completion of the audit project. If an internal auditor finds major violations or the company is at risk of major damage, he immediately makes a report and reports, and notifies the board of directors and the audit committee.