Internal Audit Charter
Article 1: Purpose and Scope
The purpose of this document is to establish a framework for the organization, roles, authorities, responsibilities and implementation standards of the Internal Audit Unit ("Internal Audit Unit") of Çates Elektrik Üretim A.Ş. ("Company"). This document regulates the active cooperation and interrelationship between all units and operations of the Company and the Internal Audit Unit.
Internal audit is an independent and objective assurance and consultancy activity that aims to add sustainable value for the development of processes and operations. The internal audit activity evaluates the effectiveness of the Company's governance, risk management and internal control processes and aims to contribute to their improvement in order for the Company to achieve its objectives.
Article 2: Role
The internal audit activity is established by the Company's board of directors ("Board of Directors"). The responsibilities of the internal audit activity are defined by the Board of Directors directly or through the Company's audit committee ("Audit Committee") in its oversight role.
The Company's shareholders reserve the right to be audited by their own auditors alone and, where appropriate, together with the Company's Internal Audit Department. In such cases, the shareholder's responsible auditors shall notify the Audit Committee, the Company's general manager ("General Manager") and the Company's internal audit manager ("Internal Audit Manager") of the scope, duration and other details of the work reasonably in advance of the commencement of the relevant audits. In addition, the shareholder's auditor shall share the final audit reports with the Audit Committee, the General Manager and the Internal Audit Manager.
Article 3: Professionalism
The internal audit activity is managed in accordance with the International Institute of Internal Auditors' mandatory guidance, the Definition of Internal Auditing, Professional Ethics and Standards. These mandatory guidelines constitute the basic principles for the professional practice of internal audit and the evaluation of the effectiveness of the performance of the internal audit activity.
In addition, the internal audit activity acts in compliance with all published policies and procedures of the Company.
Article 4: Authorization
The internal audit activity is authorized to access all records, documents, information and physical areas of the company related to the audits without any restriction, provided that it is fully responsible for their confidentiality and security within the framework of the audits it performs. Although not limited to audits, the authorization of access also includes the following information:
(i) Early Detection of Risk Committee reports and other risk reports
(ii) Independent and external audit reports.
(iii) All necessary access authorizations ("read" authorizations) for IT systems. All company employees assist the internal audit activity within the framework of their roles and responsibilities. The internal audit activity has unrestricted access to the Board of Directors.
Article 5: Organization
The Internal Audit Manager reports functionally (audit results, etc.) to the Board of Directors through the Audit Committee and administratively to the General Manager.
Article 5: Organization
The Internal Audit Manager reports functionally (audit results, etc.) to the Board of Directors through the Audit Committee and administratively to the General Manager.
The Board of Directors;
(i) Approves the Internal Audit Charter.
(ii) Approves the internal audit plan.
(iii) Approves the internal audit budget and resources.
(iv) Receives information from the Internal Audit Manager on internal audit activities.
(v) Approves the appointment and dismissal decisions of the Internal Audit Manager.
(vi) Approves the remuneration and rights of the Internal Audit Manager.
Evaluates whether scope and resource restrictions are imposed by the company management during the internal audit activity. It may fulfill some of these duties through the Audit Committee.
Article 6: Independence and Objectivity
In order to ensure the independence and objectivity required for internal audit activities, audit scope, audit procedures, frequency, timing and the content of audit reports are excluded from all guidance and influence by other units of the Company. The internal audit activity cannot assume direct operational responsibility or authority.
The internal audit activity acts in accordance with the principle of the highest level of professional objectivity in information gathering, evaluation and communication activities within the framework of the audits conducted. Internal auditors shall not be unduly influenced by their own or others' personal views and interests while forming a balanced and objective opinion in all relevant situations.
The Internal Audit Manager confirms the independence of the internal audit activity to the Board of Directors at least once a year. The Internal Audit Manager shall report to the Audit Committee and the Board of Directors any situations in which he/she believes that his/her independence and objectivity have been compromised.
Article 7: Duties and Responsibilities
The internal audit activity is generally responsible for assessing the adequacy and effectiveness of the organization's governance, risk management and internal control processes in order to help the company achieve its stated goals and objectives. This responsibility includes the following elements:
(i) Evaluating and improving the effectiveness of the Company's risk management, control and governance processes and providing independent and objective assurance to the Board of Directors regarding the Company's management.
(ii) Assessing risk factors that may pose an obstacle to the achievement of the strategic objectives of the organization.
(iii) Assessing the reliability and integrity of all company information identified, measured, classified and reported.
(iv) Assessing the compliance of the Company's established systems and processes with policies, plans, procedures, laws and official regulations.
(v) Confirming that the Company's assets are appropriately safeguarded.
(vi) Assessing that the Company's resources are used in accordance with the principles of efficiency and effectiveness.
(vii) Assessing that operations are carried out as planned and confirming that the results are in line with the defined goals and objectives.
(viii) Assessing and providing assurance on governance processes.
(ix) Assessing the effectiveness of risk management processes.
(x) Overseeing the quality performance of external audit activities and their coordination with internal audit.
(xi) Providing consultancy on governance, risk management and control activities appropriate to the organization.
(xii) Periodically reporting the purpose, authority, responsibility and performance of internal audit activities within the scope of the audit plan.
(xiii) Conducting ethical reviews using the auditor's initiative against misconduct encountered during audits or when assigned by the Board of Directors, Ethics Committee or management. Being responsible for the ethical reviews and investigations of the Company, except for the different disposition of the Board of Directors.
(xiv) Fulfilling the control issues, including significant risks, governance and fraud issues, and other duties requested by the Board of Directors, Audit Committee and management.
Article 8: Internal Audit Plan and Budget
At least once a year, the internal audit plan submitted by the Internal Audit Manager is reviewed by the Board of Directors and management. The internal audit plan is approved by the Audit Committee and the Board of Directors. The internal audit budget is approved by the Audit Committee.
Article 9: Reporting and Oversight
Written internal audit reports are prepared by the Internal Audit Manager or the internal auditor authorized by the Internal Audit Manager as a result of each internal audit engagement and submitted to the Board of Directors, Audit Committee and other parties deemed appropriate.
The internal audit activity is responsible for the follow-up of audit findings according to the completion dates specified in the report. It shares the latest status of the findings with the Board of Directors and the Audit Committee periodically or upon request.
Article 10: Quality Assurance and Development Program
The internal audit activity maintains the quality assurance and development program covering all internal audit activities. Within the scope of the program, the compliance of the internal audit activity with the mandatory guidelines of the International Institute of Internal Auditing and the effectiveness and efficiency of the internal audit activity are evaluated and areas for improvement are identified.
The Internal Audit Manager communicates the continuous internal and external evaluation activities related to the quality assurance and improvement program to the Board of Directors and management.
Article 11: Enforcement and Review
The Internal Audit Charter enters into force on the date of approval by the Board of Directors. This document is reviewed by the Internal Audit Unit. This document may be amended only upon the proposal of the Audit Committee and the approval of the Board of Directors.