Internal Audit and Process Improvement Policy

Hosted Technology adopts a systematic internal audit and continuous improvement approach to ensure the effectiveness, efficiency and compliance of its processes. This policy regulates periodic controls, risk management and process improvement activities.

The purpose of this policy is to ensure the independence of internal audit activities and strengthen the continuous improvement culture.

The policy covers audit planning, risk assessment, audit execution, finding reporting and improvement tracking processes.

Internal audit activities are planned systematically:

• Annual Audit Plan: Annual audit plan is prepared with a risk-based approach
• Scope Determination: All critical processes and units are included in the audit scope
• Resource Planning: Necessary resources and time for audit are planned
• Independence: Independence of audit teams is guaranteed

The plan is approved and monitored by senior management.

Audit priorities are determined with a risk-based approach:

• Risk Identification: Potential risks in all processes are identified
• Risk Analysis: The probability and impact of risks are evaluated
• Risk Prioritization: High-risk areas are prioritized
• Control Assessment: The effectiveness of existing control mechanisms is evaluated

The risk matrix is updated regularly.

Audits are conducted with standard methodology:

• Pre-Audit Preparation: Audit scope and approach are detailed
• Field Work: Documentation review, interviews and tests are conducted
• Finding Collection: All findings are documented objectively
• Analysis and Evaluation: Findings are analyzed and root causes are determined

Continuous communication is maintained with those being audited throughout the audit process.

Audit results are reported and tracked:

• Audit Report: Findings, recommendations and risk levels are reported in detail
• Management Presentation: Results are shared with senior management
• Action Plans: Corrective action plan is prepared for each finding
• Follow-up Audits: Implementation of actions is checked regularly

Critical findings are addressed urgently.

Process improvement is managed systematically:

• Improvement Opportunities: Opportunities are identified from audit and operational work
• Root Cause Analysis: The root causes of problems are investigated
• Improvement Projects: Priority improvements are managed as projects
• Impact Measurement: The impact of improvements is measured and reported

Continuous improvement culture is adopted by all employees.

Roles are defined in internal audit and improvement processes:

• Internal Audit Director: Responsible for audit strategy and team management
• Audit Team: Conducts audit activities
• Process Owners: Responsible for remediation of findings and improvements
• Senior Management: Evaluates audit findings and provides support

Independence of the audit team is maintained.

This policy is reviewed once a year:

• Audit methodology and tools are updated
• Risk management approach is evaluated
• Effectiveness of improvement processes is measured

Policy Owner: Internal Audit Director
Last Update: October 12, 2025