Tang Eng Iron Works

Operation of Audit Organization

Internal Audit

The purpose of internal audit

Check and evaluate the effectiveness of the design and implementation of the internal control system, measure the effectiveness and efficiency of the operation, and check the compliance with the company's rules and regulations; provide timely suggestions for improvement, track the implementation situation, assist the management in fulfilling its responsibilities, and improve management performance for the above.

Members of Audit Organization

The Company has set up an audit office to perform auditing tasks, and the audit office is staffed with an audit supervisor and two auditors who meet the qualification requirements set by the FSC. The appointment and dismissal of the audit supervisor must be approved by the Audit Committee and submitted to the Board of Directors for review.
The appointment, dismissal and evaluation of internal auditors are determined in accordance with Article 3, Item 6 of the Company's "Code of Corporate Governance Practices", which states, "The appointment, dismissal, evaluation and salary compensation of the Company's auditors shall be submitted by the Audit Supervisor and approved by the chairman of the board of directors in accordance with the relevant regulations of the Company.
In addition to reporting regularly to the Audit Committee on the audit activities, the Audit Supervisor also attends the report of the Board of Directors as a non-voting participant.

Scope of Internal Audit

The scope of internal audit includes all kinds of operating activities of the whole company, checking and evaluating the appropriateness and effectiveness of the internal control system, and assessing the performance quality of the operating activities.

Work Focus of Internal Audit

Audit work includes audit planning, information inspection and evaluation, communication of results, and post-hoc follow-up.
The Audit Office prepares an annual internal audit plan for submission to the Audit Committee and the Board of Directors for consideration in accordance with the laws and regulations and risk assessment results.
In order to perform the audit effectively, the internal auditors shall prepare audit procedures for individual cases, including at least the purpose of the audit, the checking procedures to be performed, and the scope and extent of random checks.
Audit procedures are prepared prior to the start of the audit, and necessary corrections are made during the audit process.
The internal auditors shall notify the audited unit of the audit purpose and items, the audit period, and the information to be prepared within an appropriate period of time before the audit is carried out. However, sensitive audit cases may be conducted without prior notice.
The auditors may access to all files in the course of their work, and the inspected entity shall not refuse or conceal them. Files of a confidential nature should be reported and approved before they can be accessed.
At the end of the on-site audit, the internal auditors should fully communicate with the supervisor of the audited unit regarding the audit results, provide an opportunity for clarification and explanation, and obtain the improvement plan of the audited unit and its expected completion date if necessary.
The internal auditors should submit an audit report as soon as possible after the completion of the on-site audit. The report should be objective, concise and constructive, and its contents usually include the purpose and scope of the audit, the facts found and the suggestions for improvement.
Internal auditors should follow up on the findings and recommendations in the audit reports to ensure that appropriate improvement actions have been taken by the relevant units in a timely manner.
Audit reports, working drafts and sample inspection data are bound and stored properly for at least 5 years in accordance with regulations. Audit workpapers, audit files, sample inspection information, and audit reports are handled as confidential documents and may not be loaned or transferred without the approval of the audit supervisor.

Actual Operation Status

Based on the results of the risk assessment, the internal audit unit has formulated the audit plan for the year 2026. This plan includes critical transaction cycles such as sales and receivables, procurement cycles, control operations related to significant financial activities such as derivative transactions, prevention of insider trading, acquisition or disposal of assets, and related-party transactions. Additionally, it encompasses the management of information security checks, the sustainable information, the Compensation Committee, the Audit Committee, and the proceedings of the Board of Directors. These vital audit areas have been identified as necessary audit items in the annual audit plan.
The internal audit plan for the year 2026 was reviewed by the Audit Committee on December 12, 2025, and subsequently approved by the 20^th Board of Directors at its 10^th meeting on December 29, 2025. The plan will be diligently executed as scheduled, with the possibility of conducting special audits and case-specific examinations as needed.
The auditor who performs the auditing operation assesses the internal control and submits an audit report on the planned auditing items, including the perfection of the rules and regulations, the actual operation execution, the correctness of the data, the operation timeliness and results, and presents the audit results and improvement suggestions.

The Audit Office is required to report to the FSC through the Internet information system in accordance with the prescribed format as follows:

Before the end of each fiscal year, report the audit plan for the following year.
By the end of January each year, report the auditors' names and training information.
Within two months after the end of each fiscal year, report on the implementation of the annual audit plan for the previous year.
Within five months after the end of each fiscal year, report any deficiencies in the internal control system and any improvements in abnormalities identified by the internal audit of the previous year.
If there is a change in the internal audit supervisor, report the reason for the change and the content of the change within 2 days from the date of occurrence of the fact.

Each year, the internal units are supervised to conduct internal control self-assessment at least once, and then reviewed by the auditing unit, and the improvement of internal control deficiencies and irregularities found by the auditing unit are used as the main basis for the effectiveness of the internal control system and the issuance of the statement of internal control system.

The statement of internal control system is approved by the board of directors, signed by the chairman and the general manager, and published on the website designated by the FSC and in the annual report and public explanatory statement within three months after the end of the fiscal year.

Whistleblowing System

Whistleblowing Channel

Tel.:(07)802-3855

Fax:(07)802-2619

E-mail:teia@mail.tangeng.com.tw

Address: No. 4, Yanhai 2nd Rd., Xiaogang Dist., Kaohsiung City (Received by the Audit Office)

Basis

To implement honest management, prevent internal fraud, and effectively handle whistleblowing cases, the Company has set out the key points for handling whistleblowing cases in accordance with Article 23 of the "Ethical Corporate Management Best Practice Principles". The term "whistleblower case" in this point refers to a specific complaint submitted to the Company in writing or in verbal words by a practitioner, shareholder, vendor, or member of the public who suspects or discovers a violation of laws, regulations, or ethical standards of conduct in the execution of business or the conduct of business by a director, manager, practitioner, appointee (such as an appointed accountant, attorney, consultant, etc.), or a person with substantial control over the Company.

Admissibility Principles

The report shall be in writing and shall contain the specific content of the report and the contact information. The company allows anonymous reporting. Contact methods may include any method such as phone, address, fax number or email address.

In the case of a verbal report, a record shall be made containing the subject matter of the report and contact information, and read aloud to the person making the report or make it read, and asked for his or her signature or seal to confirm, and then proceed accordingly.

Admissibility Unit

All reports received by the Company are referred to the Audit Office.

If the prosecution involves a director or manager or above, the matter shall be reported to the Audit Committee, which may refer the matter to an audit unit or an outside professional for investigation, and the investigation report shall be submitted to the Audit Committee for review and report to the Board of Directors.

Other cases of complaints and representations shall be submitted by the receiving unit to the Administration Department for unified registration and then registered and handed over to the responsible unit for processing.

Whistleblowing Case Handling Procedures

After the Company receives the report, the Audit Office will conduct an investigation, and notify the relevant units to cooperate with the investigation if necessary and, depending on the circumstances of the case, invite the informant for an interview or send staff to investigate the case and make a written record; the units assisting in the investigation should cooperate with the investigation procedures and provide documents and information. At the end of the preceding investigation procedure, the Audit Office shall report the results and opinions of the investigation to the Chairman of the Board of Directors. If the investigation reveals any material irregularities or the Company is in danger of being materially damaged, a report shall be made immediately and sent to the independent directors.

Confidentiality

The case shall be kept confidential and the personal information of the informant and the documents of the informant shall not be leaked without authorization.

If a whistleblower is a practitioner, the company shall not subject him/her to improper disposal measures due to whistleblowing, except for those who intentionally fabricate facts and set up false accusations to harm reputation or credit, and should be held legally responsible.

Reward and Punishment Measures

For those who have reported the wrongdoing, the Company shall be rewarded by the manager's department if the person who reported the wrongdoing is an internal employee of the Company and the loss is reduced after the report is found to be true.

Anyone found to have violated the Company's rules and regulations shall be reported by the manager's department for punishment according to the severity of the case.

Project Preservation

The records of the acceptance of prosecution cases, investigation process, investigation results and related documents shall be kept for more than five years.