PASHA BANK ANNUAL REPOT 2024

Internal Control Unit The Internal Control Unit is responsible for establishing and maintaining an effective, efficient, and healthy internal control environment, taking into account the dynamic and evolving structure of the Bank. The Unit supports the effective and efficient execution of the Bank’s activities in alignment with its management strategies and policies, and in compliance with applicable legislation and regulatory requirements. It also conducts audits to ensure that all control activities across the Bank are carried out in accordance with the standards. The internal control model, based on the three lines of defense principle, relies on primary controls being designed by the business units in line with the relevant risks. The Internal Control Unit has performed secondary controls for all functions in line with a specific methodology, considering the scope and sample size. As part of its activities concerning the Head Office business units, the activities of the units were closely monitored and studies were conducted to ensure that primary controls were carried out in a timely, complete, and accurate manner. In order to ensure that IT activities are carried out securely and in compliance with legal regulations and the Bank’s internal policies, continuous monitoring activities have been conducted, the designed controls have been integrated into the Unit’s operations within the framework of the defined methodology and tools. The Annual Control Plan of the Internal Control Unit was updated in line with the Bank’s strategic objectives and was put into effect with the approval of the Audit Committee. The results of the activities determined according to the Bank’s operational activities, needs, and risks have been periodically reported to the Audit Committee and Senior Management. Recommendations have been developed regarding identified deficiencies and areas for improvement, and action plans have been created, and the implementation of these plans was closely monitored. Control activities designed for this purpose were conducted by internal control personnel competent and experienced in their areas. By closely monitoring national and/ or international developments in the field of auditing, necessary updates have been made to the Bank›s internal control practices. In addition to periodic controls, spot checks and control activities have also been carried out based on specific needs. Documents pertaining to the Internal Control Unit have been revised and/or updated annually to ensure compliance with legal regulations. During the same year, as required by legal regulations, process update and testing activities were conducted within the scope of Management Statement works. The Internal Control Unit has conducted risk and control analyses regarding new products, services, and application changes, and has provided strategic feedback to the relevant units. Additionally, using control declaration forms implemented by the Internal Control Unit and key control results prepared by business units responsible for first level controls, the effectiveness of the general control environment was assessed and second level controls were realized. Moreover, asset confirmation studies were performed; Validation Report for ICAAP Report was prepared and business continuity tests were attended as an observer. On the other hand, asset reconciliation studies have been carried out, a Validation Report regarding the ISEDES Report has been prepared, and participation in business continuity tests has been ensured in the capacity of an observer. Throughout the year, various training programs were undertaken to support the professional development of the Internal Control Unit team, enhancing both individual and corporate competencies. During the year, international certifications were obtained in the fields of personal data management and business continuity management, taking into account the minimum mandatory training durations required by law for the IS Internal Control Officer. The Internal Control Unit remains committed to diligently continuing its efforts to establish and sustain an internal control system that is compliant with legal regulations and the Bank’s policies, while ensuring impartiality, transparency, and effectiveness. 113 Information on Management and Corporate Governance Principles