Definition of Internal Control:

Art. 1) Internal control is the entire work of monitoring, assessment and reporting carried out by the internal audit organization to determine whether a Company’s activities are in compliance with legal and administrative regulations and the strategies, policies and application directives introduced by the General Shareholders’ Meeting and the Board of Directors.

Internal Control Objectives:

Art. 2) The purpose of the internal control activity is;

1. To detect cases contrary to legal and administrative mandatory rules, and strategies, policies, resolutions and application instructions of the General Shareholders’ Meeting and the Board of Directors.
2. To ensure uniformity and reliability of accounts and the recording system,
3. To ensure information security and necessary access to the required information without any limitations, and
4. To reveal issues emerging due to the hierarchical structure, and adversely affecting the Company’s capacity to operate.

Internal Audit Organization:

Art. 3) Internal control unit consists of sufficient number of auditors attached to the Chairman of the Board. The internal auditor or auditors are the Company’s shareholders or employees. The internal auditor does not participate in the rating activities. In cases of multiple internal auditors, relations between them are coordinated by the Board separately.

Scope of Internal Control:

Art. 4) Internal control covers the following areas in principle:

1. Internal controls related to the corporate structure of the Company,
2. Internal controls on compliance with budgeting, accounting and financial regulations,
3. Internal controls on confidentiality.

Audit on additional areas is possible whenever deemed necessary by the Board of Directors.

Principles of Internal Control:

Art. 5) Audit continuity is essential. Following their observations, the auditor or auditors immediately switch to active control. Other periodic audits and reports are held every 3 months.

The internal auditor or auditors are independent in performing their duties.

The internal auditor or auditors report to the Chairman of the Board and their reports are discussed by the Board. Matters such as the fulfillment of the recommendations contained in the report and the scope of declarations to employees on content of the report are determined by the Board of Directors.

Control Method:

Art. 6)

Internal control is carried out in accordance with the method described below:

1. Internal Control of the Corporate Structure:

These internal audits are generally subject to:

1. Compliance with general legal order and legal regulations,
2. Compliance with the articles of association of the Company,
3. Compliance with General Shareholders’ Meeting resolutions,
4. Compliance with Board of Directors resolutions,
5. Compliance with the Company’s Governance Principles.

2. Internal Control on Compliance with Budget, Accounting and Financial Legislations:

Main titles subject to audit are:

1. Compliance of transactions and records with general accounting principles,
2. Comparison of realized financial results with the budget (work plan) and determination of reasons causing deviations,
3. Determination of timely fulfillment of financial obligations and requirements,
4. Insurance eligibility of fixed assets and other assets,

3. Internal Control on Confidentiality:

Main titles subject to audit are:

1. Compliance with legal and administrative regulations,
2. Overall compliance with business ethics,
3. Compliance with confidentiality provisions in customer agreements,
4. Compliance with Company regulations with respect to hierarchical confidentiality authorization,

Execution:

Art. 7)   These regulations are enforced by SAHA A.Ş. Board of Directors.