Our Auditing Office operates in accordance with the regulations and contributes to corporate governance in ways that prevent fraud and enable new opportunities. The main purpose of internal audit is to assist the board of directors and managers in the following issues:
Internal Audit Procedures
The Auditing Office is subordinate to the board of directors and staffed with the appropriate number of competent auditors. Each year, the Auditing Office plans its audit focus and frequency based on a number of factors including: regulatory requirements, internal incidents and external risk assessments. The audit plan is then submitted to the board of directors for approval and reported to the authorities before execution. To maximize the benefit of internal audit practices, Compal uses worksheets to document every step of every audit and supports its findings with relevant proof. Audits may be carried out by way of document review or on-site inspection. All findings are raised and communicated with the inspected department immediately and discussed for possible improvements, while all facts are completely disclosed in an audit report. Monthly audit reports and quarterly tracking reports are submitted to the President, the Chairman and independent directors for review. The Chief Auditor is requested to report audit progress in Audit Committee meetings and board of directors meetings, so that the management may have a better understanding of existing problems, the improvement progress and results, and take corrective actions in a timely and appropriate manner.
Compal's internal auditors are being assigned to attend seminars and training courses organized by professional institutions for continuous skill enhancement. They have satisfied the minimum training hours required by law. 100%-owned overseas subsidiaries involved in production activities are also included in the Company's audit plan based on each subsidiary’s revenue contribution, importance, operational characteristics and employee allocation.
Internal control self-assessment reports prepared by Compal and subsidiaries are reviewed on a yearly basis. These reports, along with internal control defects and abnormalities discovered during internal audits, are presented to the board of directors and the President for an overall assessment of the effectiveness of internal controls and provide the basis for the Company's Declaration of Internal Control System.
Establishment, implementation and maintenance of internal control systems are the responsibilities of the board of directors and managers. Compal has established an internal control system based on "Regulations Governing Establishment of Internal Control Systems by Public Companies" and ensured its effectiveness in delivering goals such as efficiency (in terms of profit, performance and asset protection), financial reporting and compliance.
The Company performs self-assessments on its internal control system on a yearly basis. The purpose of this assessment is to ensure the effectiveness of the Company's self-monitoring practices and its ability to respond to changes in the environment in a timely manner. The self-assessment covers the design and execution of all types of internal control systems within the Company, and the findings help the Company adjust its internal control system for better quality and more efficient internal audit.
The Company has established a set of self-assessment procedures and methods as part of its internal control system and executes them accordingly. Detailed operating procedures are shown in the following chart:
Internal control system self-assessment procedures
Compal is an international conglomerate and faces multiple and often changing risks such as local regulations, competitors and natural disasters. It is the responsibility of every Compal employee to overcome these challenges and maintain a sustainable operation. One of the purposes of risk management is to discover in advance any risk factors that might adversely affect operations, which the Company may then apply appropriate assessments and treatments to transfer risks and mitigate or prevent losses. Another purpose is to enable timely detection and warning of changes in the internal and external environment, thereby allowing employees worldwide to execute risk management practices within their areas of responsibility in a timely manner. The Company has established its own financial, sales and accounting systems and a system for monitoring financial and business information of its subsidiaries in accordance with "Regulations Governing the Establishment of Internal Control Systems by Public Companies." The Company has also set up relevant guidelines for supplier management, customer relations, R&D, human resources, financial affairs, credit/endorsement/guarantee arrangements with affiliated businesses, and acquisition/disposal of key assets. These policies, risk assessment standards and procedures serve as a guideline by which employees may abide for risk assessment and management. Dedicated personnel has been appointed in every department to manage, control, minimize and prevent risks of the Company.
The Internal Control System developed by Compal is implemented on two levels: the Overall Level and Operating Level. The Operating Level incorporates five main elements (Control Environment, Risk Assessment, Controls, Information and Communication, and Supervision), which have been implemented in every transaction cycle. In addition, Compal has enhanced management of corporate risks by adopting practices such as risk detection, evaluation, reporting, response and prevention based on the latest Regulations Governing the Establishment of Internal Control Systems by Public Companies, Corporate Governance, internal audit theories, practices, and codes.
In an attempt to protect the Company's competitive advantages and intellectual properties, the IT Department created a set of information security protocol and prevention procedures in accordance with Compal's "Information Security Management System" and the government's regulations on information security. In doing so, we hope to protect the interests of the Company, customers and employees while maintaining competitiveness. By following the Plan-Do-Check-Act (PDCA) management cycle, we continue to improve our information security system, fulfill contractual obligations and ensure the security of customers' information.
In order to fulfill our commitment to "sustainable operations and customer satisfaction," Compal has assembled an "Information Security Committee" to serve as the highest governing body of information security within the Company. The committee is responsible for coordinating issues concerning information security projects, policies, goals and resources, as well as enforcing information security policies, conveying information security awareness, and ensuring participation from all employees for the protection of information security.
All Compal employees have been subjected to information security training to promote their awareness on this subject. The training also gives employees an understanding of the Company's information security system, familiarizes them with the procedures for handling confidential information, and reminds them of the importance of maintaining confidentiality, integrity and usability of key information assets. Employees of the IT and R&D Departments are audited on a regular basis; information security meetings are held to discuss and share experiences as needed.