Milli Re 2025 Annual Report

Internal Audit The Internal Audit Directorate of Milli Re was established on 1 January 2005 and commenced its activities as of 1 April 2005. Internal audit activities are conducted within the framework of the Regulation on Internal Systems in Insurance and Private Pension Sectors published in the Official Gazette no. 31670 dated 25 November 2021, and the Milli Re Internal Audit Bylaw approved by the Board of Directors. Adhering to independence and impartiality principles, the Internal Audit Directorate operates directly under the Board of Directors and reports the audit results to the Board of Directors via the Audit Committee. This structure supports effective governance, accountability and transparency principles in line with Global Internal Audit Standards. The fundamental objectives of the Internal Audit Directorate include assessing the compliance of the Company’s operations with the applicable legislation, the Company’s internal guidelines, management strategies and policies; assuring the effectiveness and adequacy of internal control and risk management systems and contributing to the achievement of the Company’s targets. In this context, developing insights and recommendations aimed at preventing and detecting errors, fraud and irregularities, as well as enhancing processes and adding value constitute an integral part of internal audit activities. Internal Audit activities are planned and carried out with a risk-based approach. Within this framework, priority is assigned to units and processes that are considered to be of high risk with the aim of increasing the effectiveness and productivity of audit activities. Each December, an Internal Audit Plan is prepared for the following year taking into consideration the last audit dates of the units, current risk assessments and senior management’s opinions, and submitted to the Board of Directors for approval. In 2025, audits of 10 departments at the Company and 4 processes were completed in line with the Internal Audit Plan approved by the Board of Directors. The audits evaluated the compliance of the activities with specific policies, procedures and legislation; analyzed the risks associated with processes; and tested the effectiveness and adequacy of control points. Furthermore, assessments were conducted regarding adherence to legislation and Company policies, oversight of authority and limit usage, as well as information security and operational safety measures. The audit activities were conducted using methods such as data collection, inquiry and verification, on-site inspection, reperformance, recalculation, and analytical review. Based on the findings, recommendations for process improvement and strengthening the enterprise risk management structure were reported to the Board of Directors. Internal audit activities are planned and carried out with a risk-focused approach. 46 MİLLİ RE 2025 Annual Report