Internal Audit

Corporate Governance

Internal Audit

The company's internal audit is an independent unit that reports directly to the board of directors. In addition to reports on routine meetings of the board of directors, a report shall also be made to the chairman every month or as required.

 

The internal audit rules clearly provide that an internal audit shall perform internal control over the company's operating procedure, issue reports about the design of such control, whether routine practice is appropriate and the result and efficiency. The scope covers all activities of the company as well as its subsidiaries.

 

The main task of an audit is to execute the audit plan approved by the board of directors. This audit plan has been established based on identified risks and requires project audit or review in accordance with needs. Combining the above general audit and project execution will provide the management with the status of internal control function and operation, and provides management with another channel to timely understand existing or potential efficiencies.

 

The internal audit reviews the self inspection performed by each department, including verifying whether such procedures have been executed and reviewing documents to ensure the quality of execution. The self inspection results will be consolidated and reported to the board of directors.

 

The internal audit unit of the Acter consisted of 3 auditors that including 1 supervisor. The appointment or dismissal of the chief internal auditor is approved by the audit committee and is submitted to the board of directors for a resolution; the appointment, dismissal, evaluation and review, salary and compensation of internal auditors shall be submitted to the relevant supervisor or chairman of the board for processing in accordance with the company's approval authority.

Communications of Independent Directors with Internal Auditor and CPAs

 

The company established an audit committee, which is composed of all independent directors. The company's internal auditor shall faithfully implement the annual audit plans and submit the audit report to the independent directors. If there is any doubt or instruction, independent director will inquire or inform the internal auditor through electronic communication. This procedure provides independent directors with sufficient overview of the company's internal audit and internal control. The company's chief internal auditor also regularly presents internal audit reports at the audit committee meetings. If there is any special circumstance, the chief internal auditor will immediately notify the audit committee. The company holds a Closed door meeting between the chief internal auditor and the independent directors at least once a year. The communication mechanism between the independent directors and the chief internal auditor works well and effectively.

Communication matters between the company's chief internal auditor and the independent directors

Date Communication matters Execution results
Jan. 25, 2024   
Closed-door Meeting
  1. 2023 self-assessment of the internal control system
  2. 2023 special audit implementation status
  3. 2024 Annual work plan
  1. No comments
Feb. 26, 2024   
Audit committee
  1. Internal audit activities report (2023/10~2023/12)
  2. 2023 Statement of the internal control system
  1. No comments. Submit to the board of directors after approval
May 09, 2024   
Audit committee
  1. Internal audit activities report (2024/01~2024/03)
  1. No comments.
Aug. 08, 2024   
Audit committee
  1. Internal audit activities report (2024/04~2024/06)
  1. No comments
Nov. 08, 2024   
Audit committee
  1. Internal audit activities report (2024/07~2024/09)
  2. 2024 Risk management reports
  3. 2025 Annual audit plans
  4. To amend the company’s “Other Management Control Activities - Management of Sustainable Information.”
  1. No comments. Submit to the board of directors after approval
Oct. 01, 2024 Communication via e-mail or phone call
  1. In the points of personal data protection management and execution testing steps, it is mentioned that "personnel entering and exiting the data center must register for control." Is there electronic access control in place that requires a card swipe to enter, or is registration alone sufficient? If someone enters without registering or forgets to register, how can we know someone has entered?
  1. The data center is equipped with electronic access control, and entry requires card swiping (only IT staff have cards). Non-IT personnel (e.g., vendors performing system maintenance or repairs) must be accompanied by IT staff and fill out a "Data Center Access Log." The data center is also monitored by a surveillance system.
Nov. 01, 2024 Communication via e-mail or phone call
  1. Subsidiary (Thailand): The abnormal ratio of procurement indicators (purchase request date > delivery deadline) seems high. What improvement measures can be taken? Regarding issue 3, the phenomenon may extend the company's warranty period by 8 months. Is it possible to maintain the original acceptance date?
  1. Out of 18 anomalies, 14 are concentrated in four projects (which share the same delivery deadlines, causing a higher anomaly rate). After reviewing recent purchase orders, the delivery deadlines have been adjusted based on actual execution needs.
  2. The warranty period starts from the "date of acceptance" and is based on the duration specified in the contract. For projects of similar scale, clients typically complete the acceptance process about 3 to 6 months after completion and start the warranty period from the date of acceptance. In this case, the client intentionally delayed the acceptance process by requesting further modifications, prolonging the payment and the issuance of the warranty. The subsidiary in Thailand has since stopped taking projects from this client.
Nov. 29, 2024 Communication via e-mail or phone call
  1. The internal control deficiency tracking report in Thailand mentions that it's expected to apply for the remaining 5% warranty payment from the client in early November 2024. How did it turn out?
  1. The warranty claim was submitted to the client on November 22, 2024, and we are currently awaiting their reply for confirmation. Related billing information is attached.
Date Communication matters Execution results
Jan. 13, 2023   
Closed-door Meeting
  1. Audit implementation and tracking status in the fourth quarter of 2022
  2. 2022 self-assessment of the internal control system
  3. 2023 Annual work plan
  1. No comments
Feb. 24, 2023   
Audit committee
  1. Internal audit activities report (2022/10~2022/12)
  2. 2022 Statement of the internal control system
  1. No comments. Submit to the board of directors after approval
May 10, 2023   
Audit committee
  1. Internal audit activities report (2023/01~2023/03)
  1. No comments.
Aug. 10, 2023   
Audit committee
  1. Internal audit activities report (2023/04~2023/06)
  1. No comments
Nov. 08, 2023   
Audit committee
  1. Internal audit activities report (2023/07~2023/09)
  2. 2023 Risk management reports
  3. 2024 Annual audit plans
  4. To amend the company’s “Subsidiary Management Policy.”
  1. No comments. Submit to the board of directors after approval
Feb. 01, 2023 Communication via e-mail or phone call
  1. Are there any ways to completely resolve the issues occurring in the subsidiary, including discrepancies in income and expenditure control and flaws in procurement documentation? If the regulations are too strict, should they be relaxed? If there are gaps in execution, how can management be strengthened? For company operations, having a deficiency is relative to having risk. Finding the optimal balance between regulations and implementation is a creative opportunity for us and could also be one of the good ways to assist company growth.
  1. In terms of internal control and management systems, the group is generally consistent. Regarding income and expense management, each company submits a monthly Income and Expense Statistics form to the headquarters for approval, which is then reviewed by the CEO. The report has addressed measures for abnormal reasons (such as differences in income and expenses exceeding 10%) and filled in projected invoice amounts and payment expenditures for the next three months. If there are any additional instructions from the CEO after review, each department will provide a response. Flaws in procurement documentation are minor oversights identified during the procurement process (most documents adhere to the established system), and it will be strictly required that the subsidiary company effectively implements execution according to the internal control system.
Nov. 02, 2023 Communication via e-mail or phone call
  1. Based on the investigation of old data, it was found that a risk assessment standard form was issued by the company in October 2022. The structures of the two forms are similar, with only some adjustments made to the internal evaluation parameters. May I know if the adjustment values in this new report were derived from a general survey, expert consultation, or self-study by the department? Will this risk report be included in the future sustainability report?
  1. The risk assessment standard form covers the overall business operations of the company, so the framework is generally consistent. However, it is adjusted annually based on the past two years’ incidents and potential risks associated with operational activities of the group. This assessment standard is developed by the audit unit and presented to the management for review and confirmation. The risk assessment standard form is used as the basis for developing the annual audit plan and serves to incorporate risk events into audit work that requires enhanced monitoring or attention, thus it will not be included in the sustainability report. The main focus of the sustainability report is on risk management operations, including risk management processes, organizational structure and responsibilities, risk identification, and response strategies (such as market, credit, cybersecurity, legal, climate change risks), which are similar to the report on risk management to be presented to the board of directors.
Date Communication matters Execution results
Jan. 22, 2022   
Closed-door Meeting
  1. Audit implementation and tracking status in the fourth quarter of 2021
  2. 2021 self-assessment of the internal control system
  3. 2022 Annual work plan
  1. No comments
Feb. 24, 2022   
Audit committee
  1. Internal audit activities report (2021/10~2021/12)
  2. 2021 Statement of the internal control system
  1. No comments. Submit to the board of directors after approval
May 06, 2022   
Audit committee
  1. Internal audit activities report (2022/01~2022/03)
  2. To amend the company’s “Information Cycle.”
  1. No comments. Submit to the board of directors after approval
Aug. 05, 2022   
Audit committee
  1. Internal audit activities report (2022/04~2022/06)
  1. No comments
Nov. 04, 2022   
Audit committee
  1. Internal audit activities report (2022/07~2022/09)
  2. 2023 Annual audit plans
  1. No comments. Submit to the board of directors after approval
Aug. 02, 2022 Communication via e-mail or phone call
  1. What is the audit unit’s organization and responsibility related to the supervision of subsidiaries? How often and how is the supervision of subsidiaries inspected?
  1. The company and its subsidiaries that are public companies have allocated qualified and appropriate number of internal auditors.
  2. The audit unit of the subsidiary submits the “audit report” to the auditing office of the ultimate parent company for review every month in accordance with laws and regulations.
  3. Subsidiary supervision is divided into planned audit (according to the annual audit plans) and special audit (selected according to the nature of business and management needs or according to the instructions of the company’s executive)
  4. Through the internal control self-assessment, the effectiveness of the design and implementation of the group’s internal control system is measured to implement the self-monitoring mechanism.
  5. In response to legal regulations and company management needs, coordinate and solve process or operational problems among the various units of the group, and propose proposals.
Date Communication matters Execution results
Feb. 25, 2021   
Audit committee
  1. Internal audit activities report (2020/10~2020/012)
  2. 2020 Statement of the internal control system
  1. No comments. Submit to the board of directors after approval
May 06, 2021   
Audit committee
  1. Internal audit activities report (2021/01~2021/03)
  1. No comments.
Aug. 05, 2021   
Audit committee
  1. Internal audit activities report (2021/04~2021/06)
  1. No comments. Submit to the board of directors after approval
Nov. 06, 2021   
Audit committee
  1. Internal audit activities report (2021/07~2021/09)
  2. 2022 Annual audit plans
  1. No comments. Submit to the board of directors after approval
Aug. 04, 2021 Communication via e-mail or phone call
  1. What is the basis and scope of the amendment of Internal Audit Implementation Rules?
  2. The Internal Audit Implementation Rules specified the responsibilities of auditors are to compare and analyze the operating performance of the company, review the operating results, and take effective countermeasures to improve operating efficiency. However, reviewing the operating results and taking effective countermeasures should be the responsibility of the “managerial officers,” and it is recommended to revise the statement of this article.
  1. The Rules is amended with reference to the control directions of each operating activity of the internal control system, and is the basis for the implementation of audit.
  2. In practice, the audit unit regularly provides “performance index details” before the meeting for the managerial officers to refer to, as a reference for their countermeasure implementation and improvement. Therefore, the content is amended to “Compare and analyze the company’s operating performance indicators for each unit to review operating results and take effective countermeasures.”
Nov. 01, 2021 Communication via e-mail or phone call
  1. Whether climate risk should be included in the risk assessment scale? Because there is a global consensus on the topic of climate crisis, in the ESG annual report, climate risk is an essential item that must be disclosed, and major factories such as TSMC have required third-party manufacturers to save energy by 20%. It has become an operation-related risk that manufacturers must face. If they fail to meet the standard, they will be disqualified as a supplier. In the initial stage, it may only be for the manufacturing industry. Sooner or later, the service industry will also be included.
    It is suggested that Acter can also incorporate this risk management into its normative projects. Homeopathically review the current and follow-up energy use status, including self-use (electricity and oil used by offices or subsidiaries, etc.) or providing customer (energy efficiency of projects), formulate regulations of energy conservation, carbon reduction and environmental protection, as an internal basis for the company to follow and cope with the next wave of ESG.
  1. The environmental protection issue has been disclosed in the CSR report, and the TCFD framework is used to identify climate risks and opportunities. Measurement indicators and target management has been established based on the identification results.
  2. The quality insurance & safety department is the management unit, responsible for promoting the ISO 14001. In accordance with PDCA, a systematic management method was set up to maintain the consistency of environmental protection goals and implementation strategies, and to establish pollution prevention and improvement mechanisms. At the same time, promote ISO 50001 to improve energy and resource efficiency.
  3. The general administration division regularly reports on climate change results to the board of directors.
Date Communication matters Execution results
Feb. 27, 2020   
Audit committee
  1. Internal audit activities report (2019/10~2020/01)
  2. 2019 Statement of the internal control system
  1. No comments. Submit to the board of directors after approval
May 07, 2020   
Audit committee
  1. Internal audit activities report (2020/02~2020/03)
  1. No comments.
Aug. 05, 2020   
Audit committee
  1. Internal audit activities report (2020/04~2020/06)
  1. No comments. Submit to the board of directors after approval
Nov. 06, 2020   
Audit committee
  1. Internal audit activities report (2020/07~2020/09)
  2. 2021 Annual audit plans
  1. No comments. Submit to the board of directors after approval
Date Communication matters Execution results
Feb. 26, 2019   
Audit committee
  1. Internal audit activities report (2018/10~2019/01)
  2. 2018 Statement of the internal control system
  1. No comments.
May 09, 2019   
Audit committee
  1. Internal audit activities report (2019/02~2019/03)
  1. No comments.
Aug. 12, 2019   
Audit committee
  1. Internal audit activities report (2019/04~2019/06)
  1. No comments.
Nov. 08, 2019   
Audit committee
  1. Internal audit activities report (2019/07~2019/09)
  2. 2020 Annual audit plans
  1. No comments.
Date Communication matters Execution results
Feb. 23, 2018   
Audit committee
  1. Internal audit activities report (2017/10~2017/12)
  2. 2017 Statement of the internal control system
  1. No comments.
May 10, 2018   
Audit committee
  1. Internal audit activities report (2018/01~2018/03)
  1. No comments.
Aug. 09, 2018   
Audit committee
  1. Internal audit activities report (2018/04~2018/06)
  1. No comments.
Nov. 09, 2018   
Audit committee
  1. Internal audit activities report (2018/07~2018/09)
  2. 2019 Annual audit plans
  1. No comments.
Date Communication matters
Feb. 23, 2017   
Audit committee		 Internal audit activities report (2016/10~2017/01)
2016 Statement of the internal control system
May 11, 2017  
Audit committee		 Internal audit activities report (2017/02~2017/03)
Aug. 10, 2017  
Audit committee		 Internal audit activities report (2017/04~2017/06)
Nov. 09, 2017  
Audit committee		 Internal audit activities report (2017/07~2017/10)
2018 Annual audit plans
Date Communication matters
Feb. 25, 2016   
Audit committee		 Internal audit activities report (2015/10~2016/01)
2015 Statement of the internal control system
May 11, 2016  
Audit committee		 Internal audit activities report (2016/02~2016/03)
Aug. 10, 2016  
Audit committee		 Internal audit activities report (2016/04~2016/06)
Nov. 08, 2016  
Audit committee		 Internal audit activities report (2016/07~2016/09)
2017 Annual audit plans
Date Communication matters
Jan. 23, 2015  
Audit committee		 Internal audit activities report (2014/11~2014/12)
Feb. 26, 2015  
Audit committee		 Internal audit activities report (2014/12~2015/01)
2014 Statement of the internal control system
Apr. 28, 2015  
Audit committee		 Internal audit activities report (2015/02~2015/03)
Jul. 30, 2015  
Audit committee		 Internal audit activities report (2015/03~2015/06)
Nov. 10, 2015  
Audit committee		 Internal audit activities report (2015/07~2015/09)
2016 Annual audit plans

Communication matters between CPAs and the independent directors

 

The CPAs report matters relating to the annual or semi-annual audited (reviewed) financial statements to the audit committee meeting. In the meetings, independent directors are given sufficient opportunities to communicate with the CPAs. In addition, the CPAs also discuss and communicate with the company's governing unit and the independent directors on Key Audit Matters of the financial report. On the other hands, the company holds a Closed door meeting between the CPAs and the independent directors at least once a year. The most recent annual communication matters between the CPAs and the independent directors are as follows:

Date Communication matters Comments
2024/01/25 Closed door meeting between the CPAs and the independent directors No comments
2024/01/25 2023 Key Audit Matters of the financial report No comments
2024/02/26 Consolidated financial reports of 2023 No comments
2024/05/09 Consolidated financial statements for three months ended March 31, 2024 No comments
2024/08/08 Consolidated financial statements for six months ended June 30, 2024 No comments
2024/11/08 Consolidated financial statements for nine months ended September 30, 2024 No comments


Communication matters over the years