STRATEGY OF INTERNAL AUDIT FUNCTION DOMAIN IV PRINCIPLE 9.2 GIAS

KEY SUMMARY

Risk-Based Approach: Internal Audit will focus on high-priority risks, ensuring alignment with the company’s strategic goals and operational challenges across all locations.

Comprehensive Coverage: The audit scope includes risk management, compliance, operational efficiency, cybersecurity, and sustainability (ESG) initiatives.

Collaboration and Technology: Leveraging global-local resources, audit management software, and data analytics tools for enhanced audit effectiveness and streamlined processes.

Continuous Improvement: Ensuring high-quality audits through ongoing training, peer reviews, and stakeholder feedback to mai is to provide independent, objective assurance and consulting services to enhance and protect organizational value by ensuring the effectiveness of governance, risk management, and internal controls. The Internal Audit strategy is designed to support the company's strategic goals, operational efficiency, compliance with regulations, and risk mitigation, while fostering a culture of transparency, accountability, and continuous improvement.

1. Scope and Focus Areas

The Internal Audit function will focus on the following key areas to align with the company’s objectives:

Risk Management and Controls: Assessing the effectiveness of the company’s risk management processes and internal controls, ensuring they address key financial, operational, and strategic risks.

Compliance and Governance: Evaluating compliance with internal policies, regulatory requirements, and industry standards, with a focus on legal, environmental, health and safety, and labor regulations across all locations.

Operational Efficiency: Identifying opportunities to enhance operational processes, streamline activities, and eliminate inefficiencies while maintaining quality standards.

Technology and Cybersecurity: Assessing the robustness of the company’s IT infrastructure, data security policies, and compliance with cybersecurity regulations, particularly in light of evolving threats.

Sustainability and ESG (Environmental, Social, and Governance): Reviewing sustainability initiatives, carbon footprint management, and adherence to ESG reporting standards.

2. Audit Approach

Our approach will be risk-based, focusing on areas of highest risk and strategic importance to the organization. Key elements of the approach include:

Risk Assessment: Annual identification and prioritization of risks across all business units and geographies to ensure audits are aligned with the highest priorities.

Integrated Audit Teams: Leveraging a combination of global and local resources to address both centralized and decentralized risks effectively.

Technology Integration: Utilizing audit management software and data analytics tools to enhance audit effectiveness, improve reporting, and streamline processes.

Collaboration: Working closely with other departments (e.g., Compliance, IT, HR, Finance) to ensure comprehensive evaluations and foster a collaborative risk culture.

Continuous Monitoring: Implementing real-time monitoring solutions where applicable to detect and address control failures promptly.

3. Audit Methodology

Planning: Detailed planning of each audit, with clear objectives, scope, and methodology tailored to each audit engagement’s requirements.

Execution: Conducting fieldwork with a focus on both qualitative and quantitative assessments. Interviews, data reviews, control testing, and process walkthroughs will be central to the audit process.

Reporting: Providing clear, actionable, and risk-based audit reports to senior management and relevant stakeholders. Reports will emphasize root causes, impacts, and pragmatic recommendations.

Follow-up: Establishing a robust follow-up process to track the implementation of audit recommendations and assess their effectiveness.

4. Quality Assurance and Improvement

The Internal Audit function will maintain a strong focus on quality assurance and continuous improvement through:

Peer Reviews: Periodic internal and external reviews of audit processes and outcomes to ensure compliance with professional standards (e.g., IIA Standards).

Training and Development: Continuous professional development of audit staff, ensuring they are equipped with up-to-date knowledge of industry trends, regulatory changes, and technological advancements.

Stakeholder Feedback: Regularly soliciting feedback from senior management and key stakeholders to evaluate the audit function’s effectiveness and to adjust strategies as needed.

5. Alignment with Organizational Goals

The Internal Audit strategy is fully aligned with the company’s strategic objectives, providing an independent, objective assessment of business activities and enabling informed decision-making. The audit function will also play a key role in supporting strategic initiatives such as expansion into new markets, digital transformation, and achieving sustainability targets.

6. Resource Allocation

Internal Audit will allocate resources in line with identified priorities, leveraging global and local expertise. Audits will be planned and executed with the necessary personnel, technology, and expertise to ensure that risk areas are effectively covered.

7. Governance and Reporting Structure

Internal Audit will report directly to the Audit Committee of the Board of Directors, ensuring independence and objectivity. Regular updates will be provided to senior management to keep them informed of audit findings, emerging risks, and progress on action plans.

Conclusion:

The Internal Audit strategy is committed to supporting the company’s goals by providing value-added, insightful, and independent assessments. By adopting a risk-based, collaborative, and technology-driven approach, the Internal Audit function will continue to enhance the company’s ability to manage risks, comply with regulations, and improve operational performance across all locations.