The Company implements internal auditing with the purpose of assisting the Board of Directors and management in examining and reviewing deficiencies in the internal control system, as well as evaluating the effectiveness and efficiency of operations. Timely recommendations for improvement are provided to ensure the continuous and effective implementation of the internal control system, serving as a basis for reviewing and amending the internal control framework.

To implement internal auditing, the Company has established an Audit Office directly under the Board of Directors, as shown in the Company’s organizational chart. The office is staffed with one full-time Chief Audit Executive and at least one internal auditor (the number of auditors may be adjusted based on practical needs but will not be fewer than one). Internal auditors are expected to exercise due professional care, uphold independence and impartiality, and maintain objectivity when performing internal audit tasks.

Appointment, dismissal, and compensation of internal auditors:
(1) These are handled in accordance with the Company’s relevant personnel and compensation policies applicable to general employees, subject to approval by the Chairman of the Board.
(2) The appointment and dismissal of the Chief Audit Executive must be approved by the Audit Committee and resolved by the Board of Directors. Furthermore, the reasons and details of such changes shall be reported to the Financial Supervisory Commission through the Market Observation Post System (MOPS) within two days from the effective date.

Performance evaluation of internal audit personnel: This is conducted in accordance with the “Internal Audit Performance Evaluation Regulations,” which have been reviewed and approved by the Audit Committee and submitted to the Board of Directors for final approval.

1. Audit Scope: The scope of the Company’s internal audit covers all operational activities. The mandatory annual audit items include the following:

● Acquisition or disposal of assets
● Derivatives trading (monthly)
● Lending of funds to others (quarterly)
● Management of endorsements and guarantees (quarterly)
● Management of related-party transactions
● Supervision and management of subsidiaries
● Management of Board of Directors meeting procedures
● Information security inspections
● Sales and collection cycle
● Procurement and payment cycle
● Operations of the Remuneration Committee
● Management of insider trading prevention
● Compliance with International Financial Reporting Standards (IFRS)
● Accounting judgment processes, accounting policies, and changes in estimates

In addition, based on risk assessment results, instructions from the Board of Directors, or regulatory requirements relating to internal controls, the Audit Office may include other risk items within the scope of audits.

2. Audit Targets: The audit covers all units, branches, and subsidiaries of the Company.

3. Audit Operations: By the end of each year, the Audit Office formulates the audit plan for the following year based on risk assessment results and Board instructions, which is then submitted to the Board for approval and implementation. Audit operations are classified as follows:

(1) Annual planned audits: Conducted in accordance with the annual audit plan approved by the Board of Directors.
(2) Special project audits: Conducted in accordance with instructions from the Board of Directors or management, or as required by specific projects or business needs.
(3) Self-assessment: The Audit Office requires all internal departments and subsidiaries to periodically perform self-assessments of the implementation of their internal control systems. Each unit and subsidiary must evaluate its internal controls over business operations, document the results in assessment reports, and submit them to the Audit Office. The Audit Office then regularly reviews the self-assessment results to confirm their effectiveness.

4. Audit Reports:

(1) In accordance with the annual audit plan, the Audit Office examines and evaluates the implementation of the internal control system and prepares audit reports, which are submitted monthly to the President and Chairman of the Board for review. Audit reports are expected to be concise, objective, constructive, and timely. Audit findings and deficiencies in internal controls must be truthfully disclosed in the reports. Pursuant to the “Regulations Governing Establishment of Internal Control Systems by Public Companies,” completed reports shall be submitted to the members of the Audit Committee by the end of the month following completion.
(2) Audit findings must be followed up, and periodic follow-up reports shall be prepared to ensure that the relevant units have taken appropriate corrective actions in a timely manner until full remediation is achieved.
(3) The Chief Audit Executive shall attend Board meetings and report on the implementation and results of internal audit operations.

1. Communication between Independent Directors and External Auditors:

Quarterly: Prior to and following the review or audit of the semi-annual and annual financial reports, the external auditors communicate with the Audit Committee regarding audit scope, execution, and results.
Ad hoc: Independent Directors may communicate with the auditors via telephone, email, or meetings. In the event of significant regulatory changes or unusual matters, the auditors promptly notify the Independent Directors.

2. Main communication methods and frequency between Independent Directors and the Chief Audit Executive are as follows:

Monthly: The Chief Audit Executive submits internal audit reports for the prior period to all Independent Directors by the end of each month. If Directors have questions or require additional information, the Audit Office provides clarifications or supplementary information immediately.
Quarterly: At least once per quarter, during Audit Committee meetings, the Chief Audit Executive reports on the execution of internal audit operations and identified internal control issues. Independent Directors may raise detailed questions, track corrective actions, and instruct enhancements to audit procedures. Extraordinary meetings may also be convened when major irregularities arise.
Ad hoc: Independent Directors may communicate audit findings via telephone, email, or meetings. If the Audit Office discovers major internal control deficiencies or irregularities, the Independent Directors are notified immediately.

Summary of Communications among Independent Directors, External Auditors, and the Chief Audit Executive at the Board of Directors

Date of Communication	Participants (Independent Directors / Auditors / Audit Executive)	Key Discussion Points and Results
2024-02-29 Board of Directors	Independent Directors Chief Audit Executive	1. Report on audit activities from Dec. 2023 to Jan. 2024. 2. Results of 2023 self-assessment. 3. Discussion of 2023 Internal Control System Statement. 4. Communication outcome – Independent Directors acknowledged the report with no comments.
2024-05-10 Board of Directors	Independent Directors Chief Audit Executive	1. Report on audit activities from Feb. to Mar. 2024. 2. Communication outcome – Independent Directors acknowledged the report with no comments.
2024-08-08 Board of Directors	Independent Directors Chief Audit Executive	1. Report on audit activities from Apr. to Jun. 2024. 2. Communication outcome – Independent Directors acknowledged the report with no comments.
2024-11-01 Board of Directors	Independent Directors Chief Audit Executive	1. Report on audit activities from Jul. to Sep. 2024. 2. Communication outcome – Independent Directors acknowledged the report with no comments.
2024-12-13 Board of Directors	Independent Directors Chief Audit Executive	1. Report on audit activities from Oct. to Nov. 2024. 2. Communication outcome – Independent Directors acknowledged the report with no comments.

Summary of Communications among Independent Directors, External Auditors, and the Chief Audit Executive at the Audit Committee

Date	Participants	Matters Discussed	Communication Results
2024-02-29 Tripartite Meeting (Independent Directors, Audit Executive, and External Auditors)	Independent Directors Chief Audit Executive External Auditors	1. Audit approach and type of audit opinion for 2023. 2. 2023 audit scope. 3. Key audit matters. 4. 2023 self-assessment results. 5. New internal control regulations in 2024 and compliance measures. 6. Communication outcome – Independent Directors acknowledged the report with no comments.	Independent Directors expressed no objections or additional comments.
2024-02-29 Audit Committee	Independent Directors Chief Audit Executive	1. Report on audit activities from Oct. 2023 to Jan. 2024. 2. 2023 self-assessment results. 3. Discussion of 2023 Internal Control System Statement. 4. 2023 internal audit performance report. 5. Communication outcome – Independent Directors acknowledged the report with no comments.	Independent Directors expressed no objections or additional comments.
2024-05-10 Audit Committee	Independent Directors Chief Audit Executive	1. Report on audit activities from Feb. to Mar. 2024. 2. Communication outcome – Independent Directors acknowledged the report with no comments.	Independent Directors expressed no objections or additional comments.
2024-08-08 Audit Committee	Independent Directors Chief Audit Executive	1. Report on audit activities from Apr. to Jun. 2024. 2. Communication outcome – Independent Directors acknowledged the report with no comments.	Independent Directors expressed no objections or additional comments.
2024-11-01 Tripartite Meeting (Independent Directors, Audit Executive, and External Auditors)	Independent Directors Chief Audit Executive External Auditors	1. Review approach, scope, and type of auditor’s report. 2. Key audit matters. 3. Execution of 2024 audit plan. 4. Planning of 2025 audit plan. 5. Communication outcome – Independent Directors acknowledged the report with no comments.	Independent Directors expressed no objections or additional comments.
2024-11-01 Audit Committee	Independent Directors Chief Audit Executive	1. Report on audit activities from Jul. to Sep. 2024. 2. Communication outcome – Independent Directors acknowledged the report with no comments.	Independent Directors expressed no objections or additional comments.
2024-12-13 Audit Committee	Independent Directors Chief Audit Executive	1. Report on audit activities from Oct. to Nov. 2024. 2. Communication outcome – Independent Directors acknowledged the report with no comments.	Independent Directors expressed no objections or additional comments.