Thai Oil Public Company Limited Internal Audit Charter (Translation) 1
Amendment Records Title: INTERNAL AUDIT CHARTER Issue No./ Revision No. Date Amended Sections Reasons for Amendment 01/00 23/09/09 All New Charter has been created. 2
Content Quality Manual Number: IASA-QQM-02 Quality Manual Name: INTERNAL AUDIT CHARTER Details Page 1. Definition 4 2. Objectives 4 3. Code of Ethics and Qualifications of Internal Auditors 5 4. Independence 7 5. Authority 8 6. Duties and Responsibilities 8 7. Reporting and Internal Audit Follow-Up 10 8. Quality Assessment 11 3
1. Definition Company means Thai Oil Public Company Limited and/or Thaioil Group of companies Audit Committee means the Audit Committee of Thai Oil Public Company Limited Managing Director means the Managing Director of Thai Oil Public Company Limited Senior Management means Managing Director, Deputy Managing Director, Assistant Managing Director of Thai Oil Public Company Limited or the equivalent Employee means an employee of Thai Oil Public Company Limited Audit Unit means a department according to the organizational structure of the Company that acts as the auditor Head of the Audit Unit means Managing Director of Thaioil Group of companies and /or manager of the audit unit Internal Audit Department means the Internal Audit Department of Thai Oil Public Company Limited Internal Auditor means internal auditor in the Internal Audit Department of Thai Oil Public Company Limited Head of Internal Audit Department means Manager of the Internal Audit Department of Thai Oil Public Company Limited Internal Audit means a review of the management system in the audit unit to provide fair and objective assurance and consulting services in order to add value and improve the organization s overall operational efficiency 2. Objectives The Internal Audit Charter was created with the purpose of defining and establishing the authority and responsibility of those who are involved in internal auditing as guidelines in performing their tasks. 4
The Internal Audit Department is responsible for reviewing the management system within the audit unit and appraising its internal control systems, and other relevant units of the Company, to ensure that the Company achieves its operational objectives in an efficient and effective manner with adequate and appropriate internal control, promoting the Company s good corporate governance and supporting the Audit Committee in effectively and efficiently carrying out its engagements under the Professional Practice Standards of Internal Auditing established by the Institute of Internal Auditors (IIA). 3. Code of Ethics for Internal Auditors 3.1. Internal auditors shall observe the following code of ethics as follows: 3.1.1. Integrity - Shall perform their work with honesty, diligence, and responsibility. - Shall observe the law and make disclosures expected by the law and the profession. - Shall not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the profession of internal auditing or to the organization. - Shall respect and contribute to the legitimate and ethical objectives of the organization. 3.1.2. Objectivity - Shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those activities or relationships that may be in conflict with the interests of the organization. - Shall not accept anything that may impair or be presumed to impair their professional judgment. - Shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review. 5
3.1.3. Confidentiality - Shall keep all information gained in the course of their audit work confidential and shall not disclose it before permission is granted from authorized personnel unless it is expected by the law and the profession. - Shall be prudent in the use and protection of information acquired in the course of their duties. - Shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization. 3.1.4. Competency - Shall engage only in those services for which they have the necessary knowledge, skills, and experience unless provided with advice or support to have adequate capacity in performing auditing engagements. - Shall perform internal auditing services in accordance with the International Standards for the Professional Practice of Internal Auditing. - Shall continually improve their proficiency and the effectiveness and quality of their services. 3.2. Qualifications 3.2.1. Head of Internal Audit - Minimum Bachelor s Degree and - Minimum experience of 6 years and has attended training courses related to internal auditing or has a minimum experience of 8 years in a field relevant to internal auditing from outside of the Company. 3.2.2. Internal Auditor - Minimum Bachelor s Degree and - Minimum experience of 3 years and has attended training courses related to internal auditing or has a minimum experience of 4 years in a field relevant to internal auditing from outside of the Company. 6
3.2.3. Knowledgeable, competent, and proficient in the auditing functions. 3.2.4. Knowledgeable in risk management, internal controls, able to assess the possibility and impact of operational risk factors. 3.2.5. Have sound understanding of good corporate governance. 3.2.6. Have general knowledge in accounting, finance, IT, law, rules, regulations, and requirements related to internal auditing. 3.2.7. Able to analyze issues of concern observed from the information received during audit assignments. 3.2.8. Skilled in communicating verbally, preparing summaries and reports. 3.2.9. Initiative, observant, and resourceful. 3.2.10. Have good interpersonal skills. 3.2.11. Polite, humble, respectful, and open to others opinions. 3.2.12. Continuously develops knowledge and skills related to internal auditing. 4. Independence 4.1. The Internal Audit Department functionally reports to the Audit Committee and administratively reports to the Managing Director. 4.2. The Internal Audit Department shall be independent of activities not related to internal auditing and can fairly expressing opinions and reporting any compliance with the Professional Practice Standards of Internal Auditing. 4.3. Internal auditors shall not be involved in carrying out activities that are not related to the internal audit functions or which may affect the auditors fairness and objectivity including: 4.3.1. Perform any operational duties for outside audit department function. 4.3.2. Initiate or approve accounting transactions external to audit department. 4.3.3. Direct the activities of any employee not employed by the audit department, except to the extent of employees, whohave been 7
appropriately assigned to auditing teams or to otherwise assist the internal auditors. 4.4. Internal auditors shall disclose details of matters affecting their independence and objectivity, as well as any conflicts of interest to the Head of Internal Audit. 5. Authority Head of Internal Audit and internal auditors have the authority to perform the following functions: 5.1. To audit cash without prior notification to the audit unit. 5.2. To audit relevant financial documents, assets, IT system, and other activities including books, accounts, supporting documents for general ledgers, correspondence, and reports with prior notification to the head of the audit unit. 5.3. To obtain assistance of personnel in the audit department in providing information, explanation, documents or any evidence for the audit activity. 5.4. To obtain assistance of external internal audit specialists where considered necessary, ensuring that the Company s hiring procedures are observed. 6. Duties and Responsibilities The Internal Audit Department is responsible for the Company s internal audit with the following duties and responsibilities: 6.1. To determine the Internal Audit Department s objectives, goals, scope of responsibility, and operational guidelines including preparing annual manpower, training, and budget plans. 6.2. To formulate long-term and annual audit plans based on the activity s risk level. 6.3. To evaluate the adequacy of the Company s internal control system to assure the Audit Committee and the senior management that activities have adequate and proper internal control so that the risks can be managed at a controllable level. 8
6.4. To review, evaluate, and advise to improve the Company s operational process related to risk management, internal control, and corporate governance. 6.5. To audit operational process according to the annual audit plan approved by the Audit Committee and the policy received from the Audit Committee. 6.5.1. To review and report the reliability and completeness of finance and non-finance records. 6.5.2. To review systems that significantly affect the operations and report if the activities are in line with relevant policy, plan, legal and regulatory requirements that have been stipulated. 6.5.3. To review the means of safeguarding assets, and the efficiency, effectiveness, and economy of the usage of available resources and to verify the existence of such assets. 6.5.4. To review compliance with Securities and Exchange Law, SET regulations, as well as rules, regulations, requirements, commands, standards, policies, plans, or laws related to the Company s business. 6.5.5. To review the efficiency and effectiveness of enterprise risk management and the adequacy and effectiveness of internal control for the prevention of internal fraudulent activities. 6.5.6. To review the accuracy, efficiency and effectiveness of information regarding financial and internal control reporting. 6.5.7. To review evidence pertaining to transactions that might significantly affect the Company s performance results, such as a conflict of interest, fraudulent activities, an irregular activity, or significant deficiency in the internal control system. 6.6. To report the audit result with recommendations to the audit unit for performance improvement and further report to the senior management and the Audit Committee. 6.7. To follow up on the audit result to ensure that remedial action has been taken by concerned individuals. 9
6.8. To provide advice, proposing constructive ideas valuable for the Audit Committee, senior management, and head of the audit unit regarding risk management, internal control, and corporate governance. 6.9. To provide advice and recommendation regarding internal control system for the Company s future business process. 6.10. To liaise with other auditing agencies such as auditors and other relevant governing organizations to enhance the efficiency of the audit and decrease operational redundancy. 6.11. To perform other functions related to internal auditing beyond the specified annual audit plan as assigned by the senior management and the Audit Committee. 7. Reporting and Follow-Up on Audit Result 7.1. Internal auditors shall prepare a report on audit result, summarizing key observations, arisen or plausible impact, and recommendations for the head of the audit unit s acknowledgement after the completion of the audit assignment so that the head of the audited unit can proceed with improving the internal control system in a timely manner. 7.2. Head of Internal Audit reports the audit result, summarizing key observations and recommendations to senior management and the Audit Committee at least once every quarter. 7.3. In the case of failures having been observed, any actions shall be taken as follows: 7.3.1. In the case of failures resulting from non-compliance with stipulated operational guidelines but of a minor nature, an internal auditor shall notify the personnel in the audit unit so that remedial action can be taken and followed up accordingly. 7.3.2. In the case of failures resulting from non-compliance with stipulated operational guidelines and might cause serious damage to the Company, Head of Internal Audit shall immediately notify the head of the audit unit and senior management, providing recommendation for improvement and following up on the audit unit s progress in remedying such 10
failures. The Audit Committee shall be notified at the first opportunity of any such case. 7.3.3. In the case of failures resulting from the audit unit s lack of system that is in line with the Company s policy, Head of Internal Audit shall notify the head of the audit unit so that remedial action can be taken and report to the senior management. 7.4. In the case of the head of the audit unit and the internal auditor or Head of Internal Audit disagreeing on matters of concern arising from audit work or on recommendation for improvement, Head of Internal Audit shall bring the matter to the senior management s attention for consideration. If failure to reach an agreement continues, Head of Internal Audit shall bring the matter to the Audit Committee to consider and provide further recommendation for relevant units. 7.5. In the case of the audit result showing significant suspected fraudulent activities, Head of Internal Audit shall report the audit result together with evidence to Managing Director and/or senior management for further action according to the Company s procedures. Such matters shall be reported to the Audit Committee at the first opportunity. 7.6. In the case of suspected fraudulent activities by senior management having been observed, the Audit Committee shall be notified immediately. 7.7. Annual audit plan shall be prepared together with senior management and presented to the Audit Committee for consideration and approval in December of every year. 7.8. Head of Internal Audit shall ensure that the system for the follow-up of actions taken based on the audit result is in place and report the follow-up result to ensure that the head of the audit unit has effectively taken remedial actions. Observations from the audit and the follow-up shall be reviewed and approved by the head of the main audit unit and relevant persons prior to reporting. 8. Quality Assessment 8.1. Head of the audit unit shall evaluate the quality of the audit after every audit completion for system improvement. 11
8.2. Quality assessment of the auditing of management and operational functions is scheduled to be carried out by independent external auditors at least every 5 years. Head of Internal Audit shall present the audit quality assessment report to senior management and the Audit Committee for acknowledgement. 12