Internal Audit Service

The main task of the Internal Audit Service is to carry out internal audit – independent and objective assurance and consulting activities aimed at improving the Company’s operations and facilitating the achievement of the Company’s goals by applying a systematic, consistent approach to assessing and improving the effectiveness of internal control, risk management and corporate governance.

The IAS is also tasked with the following tasks:

1) assisting the Executive Body and employees of the Company in developing and monitoring the implementation of procedures and measures to improve risk management, internal control and corporate governance systems;

2) coordination of activities with the Company’s external auditor, as well as with persons providing consulting services in the field of risk management, internal control and corporate governance;

3) preparation and submission to the Board of Directors and the Audit Committee of quarterly reports on the results of the IAS activities and the implementation of the annual audit plan (including information on significant risks, deficiencies, results and effectiveness of measures to eliminate identified deficiencies, results of the assessment of the actual state, reliability and effectiveness of the risk management system, internal control and corporate governance);

4) verification of compliance by members of the Board of the Company and its employees with the provisions of the legislation of the Republic of Kazakhstan and internal documents relating to insider information and the fight against corruption, and compliance with ethical requirements;

5) monitoring the implementation of recommendations of the external auditor;

6) providing consultations to the board of directors, the executive body, and structural divisions on issues of organizing and improving internal control, risk management, corporate governance, and organizing internal audit (including issues of developing internal regulatory documents and projects in these areas), as well as on other issues within the competence of the internal audit service.

Internal audit functions

In accordance with the main objectives, the IAS carries out the following functions in the established manner:

1) develops and regularly reviews the strategy of the IAS;

2) periodically, at least once a year, based on the analysis and assessment of the strategy, objectives and risks of the Company and the audit universe, the Internal Audit Service develops a risk-oriented Annual Audit Plan (hereinafter referred to as the AAP) for the upcoming calendar year, including proposals from the Board of Directors and the Executive Body, and submits it for review and approval to the Audit Committee and the Board of Directors;

3) performs audit assignments to provide assurance services and consulting services in accordance with the risk-oriented GAP of the IAS and communicates these to stakeholders;

4) develops, as necessary, recommendations and agrees on plans for corrective and (or) preventive actions of audit participants based on the results of the audit engagement;

5) periodically, based on the results of the reporting period (quarter), submits for consideration and approval to the Board of Directors a report on the activities of the Internal Audit Service, previously reviewed by the Audit Committee, including information on the implementation of the Internal Audit Service's GAP (including information on significant risks, deficiencies, results and effectiveness of measures to eliminate identified deficiencies, results of the assessment of the actual state, reliability and effectiveness of the risk management system, internal control and corporate governance);

6) monitors and confirms the Company's implementation of the recommendations of the Internal Audit Service issued and (or) accepted in the established manner within the framework of corrective and (or) preventive action plans, and also, within the framework of periodic reports, provides the Board of Directors with information on the progress and quality of the implementation of corrective measures (preventive actions) based on the results of audit assignments and (or) recommendations of the Internal Audit Service;

7) monitors the Company's compliance with the recommendations/instructions of the Company, the external auditor and other government inspection bodies adopted in the established manner within the framework of corrective and/or preventive action plans, and also provides the Board of Directors with information on the progress and quality of the implementation of corrective measures within the framework of periodic reports;

8)monitors the implementation of recommendations of the external auditor, authorized (supervisory) government bodies, independent evaluators and (or) consultants within the framework of corrective and (or) preventive action plans provided by the Executive Body on issues of assessing the effectiveness of internal control systems, risk management and corporate governance, information technology and information security;

9) interacts with external auditors, authorized (supervisory) government bodies, independent assessors and (or) consultants within the competence of the Internal Audit Service on issues of assessing internal control systems, risk management, corporate governance, internal audit, information technology and information security;

10)summarizes and analyzes the results of internal and external audits, systematizes violations, errors and omissions in the work of the structural divisions of the Company identified during audits, in order to evaluate the internal control system;

11) carries out, within the framework of the audited business process, an assessment of the risks of fraud and how the Company manages the risk of fraud;

12) develops internal documents regulating the activities of the Internal Audit Service in accordance with the requirements of the International Standards of Internal Auditing and the requirements of JSC Baiterek National Management Holding (hereinafter referred to as the Holding);

13) considers requests on issues within the competence of the IAS;

14) As part of the provision of consulting services, it formulates recommendations and/or proposals for stakeholders on issues of organizing and improving internal control processes, risk management, and corporate governance, as well as on other issues within the competence of the Internal Audit Service. Consulting services are provided by the Internal Audit Service based on the results of control procedures while maintaining the independence and objectivity of the Internal Audit Service, excluding the adoption of management decisions;

15) within the limits of his competence, participates (if necessary) as a consultant in the review of draft internal documents to assess their compliance with the requirements of legal acts, the appropriateness, sufficiency and effectiveness of the provided internal control procedures;

16) interacts with the Holding's Internal Audit Service on matters of activity planning, including risk assessment, the formation of an audit universe for the purpose of planning

audit work and the development of a strategy for the Company's Internal Audit Service that contributes to the achievement of strategic goals;

17) carries out, in the established manner, jointly with the Holding’s IAS (synergistic) audit assignments on the Company’s activities in accordance with the General Audit Procedure approved by the Board of Directors;

18) provides the Holding's Internal Audit Service with audit reports and draft quarterly reports for analysis and subsequent informing of the Holding's authorized bodies on significant, material risks and discoveries of the Company's Internal Audit Service;

19)in exceptional cases, in the absence of factors that negatively affect independence and objectivity, on behalf of the Audit Committee and (or) the Board of Directors and (or) the Holding, the Internal Audit Service carries out unscheduled audit assignments on individual aspects of the Company's activities, and also participates in internal investigations, special audits and other unscheduled projects only by decision, instruction, or agreement of the (Chairman) of the Board of Directors and (or) the Audit Committee;

20) confirms the accuracy of the actual values of key performance indicators and the correctness of the calculation of the amount of remuneration of the members of the Executive Body of the Company;

21) takes measures for continuous professional training and advanced training of the Company’s IAS employees;

22) carries out other functions within the competence of the Internal Security Service.