The Organization and Operation of Internal Audit

Organization

The internal audit unit is subordinate to the Board of Directors, with one internal auditor and one deputy auditor, which meet the qualifications set by the Financial Supervision and Administration Commission. The auditor and the deputy shall participate in continue education each year, provide timely improvement suggestions to ensure the continuous and effective implementation of various systems, and assist the management to achieve the company's development goals.

 

Operation

• The annual auditing poan is proposed according to the risk assessment. After the Board of Directors passes the plan, the auditing will be performed and the internal audit reports and follow-up reports will be issued. After submission, the reports will be submitted to independent directors and supervisors for review, as well as oral report to the Board of Directors to the present directors.

• The self-assessment form for the effectiveness of internal control of each unit is reviewed every year in accordance with regulations, and the self-assessment form and audit report results are summarized to provide the basis for the issuance of the internal control statement, which is published in the annual report and public brochure in accordance with the regulations.

The annual internal audit plan, the information of the auditors, the implementation of the annual audit plan, the lack of internal control and the improvement of abnormal matters, etc. shall be reported in accordance with the regulations of the competent authority.



Informaiton Security Policy
The Company's information security organization operation mode adopts PDCA (Plan-Do-Check-Act) cycle management to ensure the achievement of reliability goals and continuous improvement.

1. Planning stage (Plan): Focus on information security risk management, establish a complete information security management system, establish and reduce company information security threats and losses from the following aspects;

• Personnel information security management and education and training
• Host computer information security management
• Data Security Management
• Network information security and virus prevention management
• Security Control of Network Device Access
• Information Security Management of Outsourced Information Units
• Physical Environment Information Security Management

2. Implementation phase (Do): establish a multi-layer information security protection and hierarchical backup mechanism, integrate and internalize the information security control mechanism into daily operations such as software and hardware maintenance and operation, systematically monitor information security, and maintain the Company's important assets confidentiality, integrity and availability.
3. Audit stage (Check): Actively monitor the effectiveness of information security management, and conduct information security index measurement and quantitative analysis based on the audit results.
4. Action stage (Act): Based on review and continuous improvement, implement supervision and audit to ensure the continuous effectiveness of information security regulations; regularly review and implement improvement actions including information security measures, education and training, and publicity to ensure that the Company's important Confidential information is not disclosed.