MILLI RE 2023 ANNUAL REPORT

The internal control system has an important role in protecting the assets of the Company and maintaining its activities within the framework of effective, efficient, compliant and reliable principles in accordance with the Law, the relevant legislation and the internal policies of the Company. The Company’s internal control activities are carried out by the Internal Control Department reporting to the Audit Committee in accordance with the Regulation on Internal Systems in Insurance and Private Pension Sectors. In addition, within the scope of compliance controls carried out by the Internal Control Department, all activities planned and carried out by the Company and new transactions and products are ensured to comply with the law and other relevant legislation, organizational policies and insurance practices. The duties and responsibilities imposed on the compliance officer by the provisions of the Law on Prevention of Laundering Proceeds of Crime and the applicable legislation based on this Law are fulfilled by the Internal Control Department personnel assigned exclusively as Compliance Officer. Within the scope of internal control activities, it is aimed to establish the Company’s control environment, identify control points and provide reasonable assurance to ensure the reliability, integrity and timely availability of information in the Company’s accounting and financial reporting system. The Internal Control Department checks that minimum transactions for the execution of the Company’s activities, effective communication channels, service procurements that are extensions or complementary to the main services, work carried out within the scope of business continuity management and plan, and tests for the measures taken are carried out. In addition, internal control activities designed to cover the financial reporting system and compliance controls are carried out in accordance with internal and external legislation. Control activities cover the entire business processes and operations of the Company. Workflows, duties and responsibilities, authorities and limits defined in writing regarding the Company’s activities are updated periodically in parallel with changing conditions and risks and announced to employees. The processes related to business and information technologies and the risks on these processes have been defined in writing by the IT Department and controls have been established for these risks. Control activities are carried out according to the frequency of business processes and in accordance with the principles set out in the annual Internal Control Plan. All findings identified as a result of the controls and recommendations regarding the actions to be taken to eliminate the findings are reported by the Internal Control Department to the Audit Committee and the General Manager through Internal Control Reports. In addition to the actions performed by the Internal Control Department within the framework of the authorization definitions of the users determined in accordance with the principle of segregation of duties on the systems, the audit logs of critical transactions are checked instantly and daily through reports received through the log recording system. Development and change requests of users on systems based on their business requirements or solution requests in respect of malfunctions arising in systems are monitored through Help Desk Service and critical issues that may affect the financial statements or that could lead to legal risks are given the priority. In case of detection of any adverse situation within control activities, urgent action is taken in order to perform necessary adjustments and take preventive measures. Internal control activities are carried out through the risk and control points included in the work flow chart of the related department, and the controls in the IT department are carried out based on COBIT standards. In this context, transactions in respect of reinsurance processes, accounting transactions, payments, processes in respect of fulfillment of legal obligations, transactions in respect of debt collection, accounting periods, and preparation of financial statements; marketing, processes related to reporting and information systems are controlled by considering practice frequencies of related processes. In this respect, it is ensured that preventive and supplementary measures are taken and implemented immediately, appropriate and applicable solutions that will improve processes and operations are put into practice. INTERNAL CONTROL 36 MİLLİ RE