Internal Audit System

Role of Internal Auditing

The Audit Department (the Group's internal audit department), verifies and evaluates the effectiveness and appropriateness of internal management systems and internal controls, including compliance and risk management, from a standpoint independent of the executive divisions, with the aim of ensuring the sound and appropriate operation of business and contributing to the achievement of management goals, and makes recommendations for correcting and improving issue points.

Group Internal Audit System

In order to ensure that internal audits can be conducted using uniform methods and standards within the Company, the Company and its subsidiaries have established the "Basic Rules for Internal Audits" to be followed when establishing policies and rules.

The members of the Audit Department of the Company are generally assigned concurrently to the Audit Departments of the Bank of Yokohama and Higashi-Nippon Bank. This establishes a system for efficient and effective internal audits on a group-wide basis and conducts consistent internal audits, thus strengthening the internal audit function. The Company's Audit Department conducts internal audits of each department and consolidated subsidiary based on the basic internal audit plan formulated each fiscal year, and reports the results and the status of the executive departments' responses to issues to the Group Management Audit Committee, the Board of Directors, and the Audit and Supervisory Board.

In order to conduct more effective internal audits, we collaborate with auditors, accounting auditors, and departments in charge of internal control functions by periodically exchanging information.

Efforts to Improve Internal Auditing Performance and Efficiency

In order to be forward looking in preventing the materialization of risks, which fluctuate due to changes in the internal and external environment, and in order to effectively and efficiently allocate limited audit resources to audit targets, our Audit Department conducts riskbased audits by assessing risks inherent in departments and operations subject to internal audits (risk assessment) and by determining audit targets, frequency, and depth according to the results. In addition, for audit areas that require advanced expertise, such as cybersecurity, we are working to enhance the sophistication of internal audits by conducting joint audits with external organizations as necessary.

Furthermore, in order to maintain and improve audit quality, in addition to securing diverse specialized personnel, we work to enhance internal audit resources for the entire group, such as by formulating a training plan for auditing staff and by systematically working on personnel development.