PASHA BANK ANNUAL REPOT 2024

ASSESSMENTS OF THE AUDIT COMMITTEE ON THE ACTIVITIES OF INTERNAL SYSTEMS PASHA Bank’s internal audit, internal control, risk management and compliance departments assume the responsibility to report to the Board of Directors in compliance with the “Regulation on Internal Systems and Internal Capital Adequacy Assessment Process of Banks “as well as the provisions of the “Regulation on Program of Compliance with Obligations of Anti‑Money Laundering of Proceeds of Crime and Combatting the Financing of Terrorism, and conduct their activities in line with these regulations. The internal systems organization of the Bank consisting of Internal Audit, Internal Control, Compliance, and Risk Management Departments that operate in line with the BRSA and The Financial Crimes Investigation Board (MASAK) directives reports to the Board of Directors through the Audit Committee and the Risk Management Committee. Internal Audit Department In consideration of the evolving and changing activities of the Bank, legislative amendments, and the risk assessment report and risk matrix results prepared for the year 2023, the risk-based internal audit plan prepared as of the previous year-end was approved by the Audit Committee following the approval of the Board of Directors and implemented. Audit activities in 2024 were realized for the operational areas specified in the audit plan which covers the effectiveness of the Bank’s internal control environment and risk management systems. Throughout the year, the primary activities of such internal systems departments were monitored and reported in accordance with this plan. Decisions taken during the Audit Committee meetings were forwarded to the relevant departments of the Bank by the Bank’s Internal Audit Department. Risk analysis studies for support service institutions were created in line with the views of the internal systems departments, and the periodic evaluation reports and audit reports issued on the relevant organizations were submitted to the Board of Directors. The Internal Audit Unit, in conjunction with the Internal Control Unit, conducted audits based on the ‘Management Statement’ of the Bank within the scope of the Banking Regulation and Supervision Agency’s Regulation dated 31 December 2021 and numbered BSD 31706, on Independent Audit of Information Systems and Business Processes, during the period and submitted its report primarily to the Audit Committee and subsequently to the Board of Directors. In addition to the banking processes and information systems controls, the audit of the support service institutions was also carried out by the Internal Audit Department within the scope of the Management Declaration study. Audit results were reviewed by the Audit Committee and the results were presented to the Board of Directors. The Internal Audit Department operates as a whole in the form of an inherent supervision and audit function with respect to the banking and information systems processes and risk management, internal control and compliance practices, and examines and audits units periodically on the basis of risk. It also assumes an objective and independent consulting function in terms of the management of all applications and processes of the bank in parallel with best practices. It provides Board of Directors with assurance that the Bank’s operations are conducted in accordance with laws and other relevant legislation, as well as on such matters as the effectiveness and adequacy of the internal control environment and risk management systems. It offers opinions and recommendations for the effective and efficient utilization of bank resources. Internal Audit Unit conducted audits according to the prescribed audit plan for 2024 and submitted 9 audit reports to the Board of Directors through the Audit Committee. Members of the Internal Audit Unit continued their training activities in 2024. In this context, the Internal Audit team members participated 109 hours of trainings related with their areas. 112 PASHA Bank 2024 Annual Report