index / Investor Relations / Company Profile / Audit Regulations
Internal audit organization and its operation
Purpose of internal audit
The purpose of an internal audit is to examine and assess the adequateness and efficiency of the company’s internal control system through an independent and objective verification/inquiry process to increase UPEC’s added value and improve its operation. Internal audits shall facilitate company supervision and assist the board of directors and the management to accomplish the set objectives.

Internal audit organization
UPEC’s internal audit organization exists as an independent division with a consultation service section and two audit sections as its subordinate divisions. It consists of a total of 12 personnel. Under the current company infrastructure, 5 personnel serve in the consultation service section and the remaining 7 personnel are assigned to the two auditing sections responsible for the auditing of the company’s nine major circulations. The audit division answers to the board of directors directly. The appointment and removal of the chief audit executive may only be carried out with a majority vote from the board of directors. The organizational chart of the audit division is shown as follows:


Internal audit operation
I.  Establishment of “International Audit Regulation”: auditors, auditing targets, auditing plans, audit implementations,     limits of authorities, duties, obligations and methods of communication (with the board’s supervisor and the units     being audited) shall be bound by the internal audit regulation.
◎Auditors: ensure the effective implementation of internal control and improve upon the existing internal control system.     With regards to risk prevention, auditors are responsible for detecting symptoms of potential problems in advance and     for offering suggestions for improvement.
◎Auditing targets: all company divisions and subsidiaries with over 50% of stocks owned by UPEC’s investment     businesses.
◎Auditing plans: establish middle-long term plans, annual plans and monthly plans for auditing operations.
◎Implementation, limits of authorities, duties and obligations of internal audits: auditors have the authority to request     relevant information and reports from the units being audited and they are obligated to keep the process confidential.     Auditors are to perform internal audits within the scope of their duties.
◎Methods of communication: auditors are to communicate with members of the supervisory committee/accountants     regarding work plans and audit contents on a regular basis. In addition, auditors shall ensure effective communication     with the units being audited to facilitate the auditing process.

II. Types of internal audit operations: Compliance audit, Risk audit and Consultation services
    Type 1: Compliance audit
 Objectives:
 ◎To ensure compliance by examining available records and work procedures.
◎To determine the discrepancies between the actual results of various implementations and their     respective standards.
◎To indicate instances of non-compliance.
◎To offer suggestions for improvement regarding specific procedures in to meet company     standards.
Purpose:
 ◎To avoid financial crisis.
◎To ensure regulations have been duly observed.
◎To ensure effective control over the system.
Method:
 ◎Internal audits are to be implemented according to the annual plans submitted to the Securities &     Futures Institute.
◎Auditors are to follow the SOPs established by UPEC regarding the nine major circulations within     the corporation in their implementation of internal auditing. This falls under routine internal     audits.
      
      
    Type 2: Risk audit
 Objectives:
 ◎To obtain accurate intelligence on the complicated market situation and its dynamic     developments.
◎To determine risk indicators to quantify risk items and units for the analysis of the costs for risk     management and control.
◎To effectively plan and implement corporate risk management through systematic thinking to     derive a systematic categorization and analysis of corporate operational risks and design a     working model of risk management strategies to facilitate risk prevention in advance.
Purpose:
 ◎To assist in the effective identification of risks and counter strategies in the process of risk     management.
◎To analyze risks and control costs in order to determine the auditing process, items and resource     distribution.
◎To systematically analyze and categorize risk characteristics and offer solutions for their     management and handling.
Method:
 ◎Implement internal audits for the items/units that are most likely to occur and would have the     greatest impact on the company in accomplishing its goals if occurred.
◎Auditors are to determine the sequence and procedures for internal audits according to the     results of risk quantification and costs of risk managements. This falls under irregular internal     audits.
      
   
 Type 3: Consultation services
 Objectives:
 ◎To assess future situations and market environments to seek out opportunities for optimal     performance.
◎To locate potential problems and offer advice prior to the establishment of visions, strategies and     missions.
◎To control and conduct audits regarding items that may result in serious damage well in     advance.
◎To directly participate in the implementation and promotion of the company’s key strategies and     projects.
Purpose:
 ◎To solve potential corporate crises.
◎To design an effective internal control system that meets situational and environmental     challenges in the future.
◎To enhance corporate strategies, plan execution efficiency and operational performances.
Method:
 ◎Offer consultation services for items that UPEC’s highest level of management is primarily     concerned about. Auditors are to ensure bi-directional communication with the unit/personnel     being audited and actively try to understand their needs to serve them better. Auditors should also     provide services such as consultation, training, process design and marketing promotion     according to the organization’s demands to enhance the added value for auditing process.
◎Auditors shall actively participate and contribute in the promotion and implementation of     corporate visions/strategies and offer advice to prevent potential risks and hazards from     occurring. This falls under internal consultation services in the project.
◎Assist subsidiaries in the establishment of internal control and internal audit systems and     improve their efficiency by introducing better methods and processes.
 

III. Implementation of internal audit:
 Prior to audit:
 ◎Be professionally skeptical (to assist in risk detection).
◎Have a thorough understanding of the guidelines of internal audit implementation.
◎Observe ethical internal auditing practices.
◎Have a good understanding of corporate cultural behaviors and roles (to facilitate     communication).
 During the audit:
 ◎Be aware of internal control concepts and procedures.
◎Be aware of the key elements of a healthy internal control environment.
◎Be aware of the importance and severity of internal control oversights.
◎Be aware of the means of effective control methods in a computer environment.
Post audit:
 ◎Be able to utilize various auditing evidences to create work drafts.
◎Be able to apply analytical review techniques.
◎Be able to conform to relevant laws and stipulations.
◎Be able to analyze, assess and summarize overall audit findings.
◎Be able to complete reports in a concise and efficient manner.