Internal Audit
Internal audit system
The purpose of internal audit is to assist the Board of Directors and management in examining and reviewing the internal control system and measuring operational efficiency. The Internal Audit Department of Chunghwa Telecom is under the jurisdiction of the Board of Directors and carries out internal audit activities in accordance with regulations and procedures. At the end of each year, the department formulates the audit plan for the following year based on the results of risk assessment. The plan is then submitted to the Board of Directors for approval and reported to the competent authorities through the online information system for reference.
Internal Audit Organization and Operation of Chunghwa Telecom
- Internal Audit Organization
(1)In order to strengthen corporate governance and enhance internal control and audit systems, the company has established an Audit Department at the Board of Directors level. The department consists of one Chief Audit Executive(CAE), 22 to 24 Senior Auditors/Deputy Senior Auditors, and 3 to 5 Deputy Senior Engineers/Managers.
(2)The appointment and dismissal of the CAE require the approval of the Audit Committee and the resolution of the Board of Directors.
(3)The appointment, evaluation, and compensation of internal audit personnel are carried out in accordance with the "Chunghwa Telecom Corporate Governance Guidelines" and the "Assessment Guidelines for Audit Department Employees". The evaluation is conducted once a year. The appointment, evaluation, and compensation mentioned above are signed by the Audit Supervisor and approved by the Chairman. The relevant regulations have been disclosed in the company's internal regulations section.
- Internal Audit Operation
(1)Audit Scope
The audit scope includes the audit of the effectiveness of internal control systems at both the corporate and operational levels, as well as the review of self-assessments conducted by the managerial departments on their internal control systems.
(2)Audit Targets
The audit targets include all units, affiliated branches, and subsidiaries of the company.
(3)Audit Objectives
The objectives of the audit are to assist the Board of Directors and management in examining and reviewing the deficiencies in the internal control systems, measuring the effectiveness and efficiency of operations, and providing timely improvement recommendations. This is to ensure the continuous and effective implementation of internal control systems and to serve as the basis for reviewing and amending internal control systems.
(4)Audit Methodology
a) The annual audit plan is based on the results of risk assessments and includes the evaluation of digital audit risk alerts to ensure continuous auditing and monitoring.
b) The annual audit operations are divided into planned audits and project audits. Planned audits are conducted periodically and regularly, while project audits are conducted for specific purposes. In addition, if significant risk events occur, surprise audits may be conducted, and they will be included in the audit plan for inspection.
c) Starting from the second half of the year 2022, digital tools such as risk dashboards and Robotic Process Automation (RPA) have been introduced to increase the frequency of risk monitoring and provide more accurate and valuable audit results and recommendations.
d) The audit procedures include the development of audit programs, audit items, timelines, procedures, and methods. When conducting audit operations, auditors require full cooperation and assistance from the audited units. The requested documents and data should be provided in a timely manner and should not be delayed or refused.
e) The review includes reviewing the self-assessment documents of all institutions and subsidiaries of the company, checking the correct execution of operations, examining the quality of internal control operation documents, and integrating the results of audit sampling and review. The findings are reported to the Audit Committee and the Board of Directors.
(5)Audit Report
a) After conducting the audit, the relevant information of the audit process is documented in the audit working papers, and the audit report is prepared.
b) The audit report aims to be objective, clear, concise, constructive, and timeliness.
c) After the audit report is submitted for approval, it needs to be tracked and a follow-up report is prepared to ensure that the relevant departments have taken appropriate measures in a timely manner, until complete improvement is achieved.
d) Monthly audit reports are submitted to the Audit Committee for review by independent directors and reported to the Board of Directors and the Audit Committee at regular meetings.