For General Trading Company Ltd.

Document No.: RJ-IQ-QMS-

RITAJ 006-24
FOR GENERAL Edition No.: 01
TRADING COMPANY
Revision No.: 01
IMS MANUAL
Issued Date: 09.2024

Cover Page

For General Trading Company Ltd.

Document
Compay's Internal Auditing Policy
Descriptions:

Drafted By:

Prepared By:

Approved By:

THIS DOCUMENT IS A CONFIDENTIAL DOCUMENT. MAKING COPIES, EVEN OF EXTRACTS,

IS NOT PERMITTED WITHOUT THE PERMISSION OF
RITAJ GENERAL TRADING COMPANY.

[email protected] 1
 For General Trading Company Ltd.

INTERNAL AUDITING POLICY

Introduction

At Ritaj General Trading and Contracting Company ("Ritaj"), we recognize the importance
of maintaining a robust internal audit process to ensure the efficiency, effectiveness, and
compliance of our operations. Internal auditing is integral to our commitment to transparency,
accountability, and continuous improvement across all business activities.
This Internal Auditing Policy outlines the structure, scope, and responsibilities of the internal
audit function within Ritaj. It is designed to provide assurance to our management,
stakeholders, and customers that we maintain the highest standards of operational integrity and
financial governance. By regularly reviewing and evaluating our processes, we aim to identify
risks, ensure compliance with laws and standards, and enhance the overall performance of our
business.

1. Purpose and Objectives of Internal Auditing

The primary purpose of internal auditing is to provide an independent, objective evaluation of
Ritaj’s internal controls, risk management, and governance processes. Internal audits offer a
systematic and disciplined approach to assessing the efficiency and effectiveness of operations,
ensuring compliance with applicable laws and standards, and identifying areas for
improvement.
The specific objectives of internal auditing at Ritaj include:
• Ensuring compliance with internal policies, procedures, and relevant regulations
• Evaluating the adequacy and effectiveness of internal controls
• Identifying and mitigating potential risks to the company
• Recommending improvements to enhance operational efficiency and effectiveness
• Safeguarding company assets from misuse, fraud, and inefficiencies
• Ensuring accuracy and reliability of financial and operational reporting

2. Scope of Internal Auditing

Internal audits at Ritaj cover all areas of the business, including but not limited to:

• Financial Audits

Evaluating the accuracy and completeness of financial records, ensuring compliance

with accounting standards and detecting any discrepancies in financial reporting.

• Operational Audits

Assessing the effectiveness and efficiency of operational processes, including

procurement, supply chain management, construction, and project management
activities.

[email protected] 2
 For General Trading Company Ltd.

• Compliance Audits

Ensuring that all business activities are conducted in accordance with relevant laws,
regulations, and industry standards, as well as internal policies and procedures.

• IT Audits

Reviewing the security, reliability, and integrity of information systems, including data
protection, cybersecurity measures, and IT infrastructure management.

• Health, Safety, and Environmental Audits

Ensuring compliance with health and safety regulations, as well as assessing the
effectiveness of environmental management practices within the company’s operations.

• Risk Management Audits

Identifying, analyzing, and evaluating potential risks that may affect the company’s
ability to achieve its objectives, and ensuring that appropriate risk mitigation strategies
are in place.

3. Internal Audit Function and Independence

The internal audit function at Ritaj is independent from the company’s operational management
to ensure objectivity in the auditing process. The Internal Audit Department operates under the
direct oversight of senior management and the Audit Committee, reporting independently of
day-to-day management to avoid conflicts of interest.

• Independence

Internal auditors have no direct operational responsibilities and are not involved in the
development or implementation of controls. This independence allows them to conduct
audits without bias or undue influence, ensuring a fair and accurate evaluation of
business processes.

• Objectivity

Internal auditors maintain objectivity and professional skepticism throughout the audit
process. They assess issues based on evidence and objective criteria, avoiding personal
or organizational biases.

4. Internal Audit Planning and Risk-Based Approach

The internal audit process at Ritaj is structured around a risk-based approach, which means
that audits are prioritized based on the level of risk associated with each area of the business.
Higher-risk areas are audited more frequently or with greater scrutiny, while lower-risk areas
may be subject to periodic reviews.

[email protected] 3
 For General Trading Company Ltd.

• Annual Audit Plan

An annual audit plan is developed to outline the scope, objectives, and schedule of
audits for the year. This plan is based on a thorough risk assessment, considering factors
such as business priorities, changes in regulations, and the results of previous audits.

• Risk Assessment

The risk assessment process involves identifying key risks that could affect the
company’s operations, financial performance, or reputation. Risks may be financial,
operational, legal, or related to compliance, cybersecurity, or health and safety. Internal
audits are prioritized based on the likelihood and impact of these risks.

• Audit Cycle

Ritaj follows a structured audit cycle to ensure comprehensive coverage of all business
areas over time. High-risk areas may be audited annually, while moderate and low-risk
areas may be audited every two to three years, depending on the risk assessment.

5. Internal Audit Process and Methodology

The internal audit process at Ritaj follows a standardized methodology to ensure consistency,
thoroughness, and transparency in all audits. The key stages of the internal audit process
include:

1. Audit Planning

During the planning phase, the internal audit team works closely with management to
understand the business processes, risks, and objectives associated with the area under
audit. An audit plan is developed, outlining the scope, objectives, and timeline of the audit.

2. Fieldwork and Data Collection

The audit team collects and analyzes data, documents, and records relevant to the audit
objectives. This may involve interviews with employees, reviewing financial and
operational reports, and observing business processes in action.

3. Testing and Evaluation

Internal auditors conduct testing of internal controls, procedures, and systems to

evaluate their effectiveness. This may involve sampling transactions, reviewing system
logs, and verifying the accuracy of financial or operational data.

4. Audit Findings and Analysis

Based on the data collected, the audit team identifies areas where internal controls are
inadequate, risks are not effectively managed, or processes can be improved. These

[email protected] 4
 For General Trading Company Ltd.

findings are documented and analyzed to determine their root causes and potential
impact on the company.

5. Audit Report

A formal audit report is prepared, detailing the audit findings, conclusions, and
recommendations for improvement. The report includes an evaluation of the adequacy
of controls, the effectiveness of risk management, and any compliance issues that need
to be addressed.

6. Management Response and Action Plans

The audit findings and recommendations are presented to management for review.
Management is responsible for providing a formal response, which includes corrective
actions and timelines for addressing the audit findings.

7. Follow-Up Audits

A follow-up audit is conducted to ensure that the corrective actions have been
implemented as agreed and that the issues identified in the original audit have been
resolved. This ensures that audit recommendations lead to tangible improvements in
processes and controls.

6. Internal Controls and Risk Management

Internal auditing plays a critical role in evaluating and strengthening the company’s internal
controls and risk management processes.

• Internal Controls Evaluation

Internal audits assess the design and effectiveness of internal controls to ensure that they
are operating as intended. This includes financial controls, operational controls, and
compliance controls. Strong internal controls help prevent errors, fraud, and inefficiencies,
while also ensuring accurate and reliable reporting.

• Risk Management Support

By identifying potential risks and evaluating the adequacy of risk mitigation strategies,
internal audits support the company’s broader risk management efforts. Internal
auditors work closely with the Risk Management Team to ensure that risks are
proactively managed and addressed.

7. Compliance with Laws and Regulations

One of the key objectives of internal auditing is to ensure that Ritaj complies with all applicable
laws, regulations, and industry standards. This includes financial reporting standards, labor
laws, environmental regulations, and health and safety requirements.

[email protected] 5
 For General Trading Company Ltd.

• Regulatory Audits

Internal audits include assessments of the company’s compliance with relevant

regulatory requirements. This helps mitigate the risk of legal or regulatory penalties,
reputational damage, or financial loss due to non-compliance.

• Industry Standards and Certifications

Internal auditors also assess compliance with industry standards, such as ISO
certifications for quality management, environmental management, and health and
safety. Ensuring compliance with these standards helps maintain Ritaj’s competitive
position in the market.

8. Fraud Prevention and Detection

Internal auditing plays a key role in detecting and preventing fraud by identifying weaknesses
in internal controls that could be exploited by employees, vendors, or external parties.

• Fraud Risk Assessment

Internal auditors conduct fraud risk assessments to identify areas of the business that
may be susceptible to fraud. This includes evaluating financial transactions,
procurement activities, and employee access to sensitive information.

• Fraud Detection Techniques

Auditors use various techniques to detect potential fraud, such as data analytics,
transaction monitoring, and reviewing unusual patterns of behavior. Any suspicious
activity is investigated thoroughly, and corrective actions are recommended where
necessary.

• Whistleblower Programs

Ritaj encourages a culture of integrity and transparency by promoting a whistleblower

program, where employees can report suspected fraud or unethical behavior
anonymously. Internal auditors review these reports as part of their fraud detection
efforts.

9. Reporting and Communication of Audit Results

Effective communication of audit results is essential to ensure that management and the Audit
Committee are fully informed of audit findings and recommendations.

• Audit Reports

Internal audit reports provide a clear and concise summary of the audit’s objectives,
findings, and recommendations. The report is shared with senior management and
relevant department heads for review and action.

[email protected] 6
 For General Trading Company Ltd.

• Audit Committee Communication

The Audit Committee is responsible for overseeing the internal audit function and
ensuring that audit findings are addressed appropriately. Regular updates on audit
progress, significant findings, and follow-up actions are provided to the committee.

• Management Response

Management is required to respond formally to audit findings, outlining corrective

actions and timelines for addressing identified issues. These responses are monitored to
ensure timely resolution of any control weaknesses or compliance issues.

10. Confidentiality and Ethical Standards

Internal auditors at Ritaj adhere to strict ethical standards to ensure the integrity of the audit
process.

• Confidentiality

All information obtained during the audit process is treated as confidential. Auditors
are required to respect the privacy and confidentiality of company data and employees'
personal information.

• Code of Ethics

Internal auditors at Ritaj are bound by a code of ethics that emphasizes integrity,
objectivity, confidentiality, and professionalism. They are expected to conduct their
work in an ethical manner and to avoid conflicts of interest.

11. Continuous Improvement of the Internal Audit Function

Ritaj is committed to continuously improving the effectiveness of its internal audit function by
staying current with best practices and emerging trends in auditing.

• Professional Development

Internal auditors receive ongoing training and development to ensure they are equipped
with the latest tools and techniques for conducting audits effectively.

• Use of Technology

Ritaj leverages technology to enhance the internal audit process, including the use of
data analytics, automated reporting tools, and digital platforms for tracking audit
progress.

• Feedback and Benchmarking

Feedback from auditees, management, and the Audit Committee is used to refine and

[email protected] 7
 For General Trading Company Ltd.

improve the internal audit process. Additionally, Ritaj benchmarks its internal audit
practices against industry standards to ensure alignment with best practices.

12. Review of the Internal Auditing Policy

This Internal Auditing Policy will be reviewed annually or as required to reflect changes in
regulations, technology, and business operations. Senior management takes responsibility for
ensuring that this policy continues to align with the company’s objectives and the latest
standards in internal auditing.

Conclusion

The internal auditing function at Ritaj General Trading and Contracting Company is a
cornerstone of our commitment to excellence, transparency, and accountability. By
implementing a comprehensive, risk-based internal audit process, we ensure that our operations
are efficient, compliant, and continuously improving. This policy provides the framework for
maintaining a robust and effective internal audit function that supports the long-term success
of our business.

[email protected] 8