Basic Policy on Internal Controls for Financial Reporting

Basic Policy on Internal Controls for Financial Reporting

In applying the internal control evaluation and reporting system stipulated in Article 24-4-4 of the Financial Instruments and Exchange Act, the Company has established the following basic policy and practice regarding internal controls to ensure the reliability of financial reporting.
All internal controls mentioned in this basic policy refer to internal controls related to financial reporting.

1. Basic Policy

Based on the "Implementation Standards for the Evaluation and Audit of Internal Controls Related to Financial Reporting" (Financial Services Agency, Business Accounting Council), the control environment will be established and documented, and the effectiveness of the establishment and operation of internal controls will be evaluated, with the results being disclosed each fiscal year in the form of an internal control report.

2Purpose of internal control and details of initiatives

(1) Effectiveness and efficiency of operations
In order to appropriately identify, assess, mitigate, and respond to potential risks in our operations, we will work to carry out our operations efficiently and effectively by reviewing, standardizing, and clarifying our business rules and procedures.

(2) Reliability of the report
We recognize and manage risks in business processes related to financial reporting, and establish, operate, and evaluate systems to prevent fraud and errors, thereby preparing accurate and error-free financial statements and providing transparent and reliable financial information to investors and other stakeholders.

(3) Compliance with laws and regulations related to business activities
Each employee will strive to understand laws and regulations, our company's internal rules and code of conduct, and carry out their duties accordingly. At the same time, we will work to create a system that allows the organization to properly check the status of compliance with laws and regulations.

(4) Preservation of assets
We will manage and preserve assets to ensure that their acquisition, use, and disposal are carried out appropriately, following proper procedures and approvals, in order to prevent unauthorized or misused use of assets and the loss of property and social credibility.

3Establishment of internal control and evaluation system

(1) Internal Control Department
The internal control management department, which oversees a series of planning, operations, and management related to internal control, will be designated as the Management Group of the Management Headquarters.
The roles of the Internal Control Division are as follows:
- Compile the "Internal Control Reporting System Implementation Guidelines" for each fiscal year, which include details such as the schedule for internal control evaluations, the processes and locations to be evaluated, and the base amounts for monetary significance, and notify the relevant parties of the details.
- To ensure that the Company's internal control functions effectively and achieves its objectives more effectively, the person in charge will review and initially evaluate the status of system development, formulation of related regulations, and operation, and will be responsible for encouraging improvements.
・Prepare, maintain and operate internal control documents (job descriptions, flow charts, risk control matrices, etc.) and support management's evaluation and disclosure of financial reports by striving to maintain the effectiveness of internal controls related to financial reporting and to continually improve them.

(2) Internal Audit Department
The roles of the Internal Audit Department are as follows:
・Manage the overall progress of the establishment and operation of internal controls, and provide support and monitoring as appropriate.
- Promote the efficiency and stable operation of the evaluation system, and provide suggestions and guidance for improvements to address deficiencies.
- As part of internal audit work, we will ensure compliance with business operations and check compliance with laws and regulations.
- Conduct a final evaluation of internal controls.

(3) Responses to internal control procedures and deficiencies
The General Manager of the Administration Division shall approve procedures for internal controls and responses to deficiencies, and shall report any matters that the General Manager of the Administration Division deems important to the President and the Board of Directors.

4Establishment of internal control and evaluation system

(1) Scope of assessment of internal controls
In principle, the scope of assessment of internal controls to be established shall be as follows. However, the scope shall be finalized in consultation with the audit firm based on the implementation standards.

1. Scope of evaluation of company-wide internal controls and business processes related to company-wide financial statements and financial reporting Evaluation of company-wide internal controls (internal controls that affect the entire company and have a significant impact on overall financial reporting) and business processes related to company-wide financial statements and financial reporting will be carried out by the entire company.
2. Scope of assessment of business processes other than those related to financial settlement and financial reporting
   The scope of evaluation of business processes other than those related to financial settlement and financial reporting is as follows:
   ◼ The business locations subject to evaluation will be the entire company.
   ◼ Account items that are closely related to the company's business objectives will be evaluated as business processes, and important business processes will be individually selected for evaluation.

(2) Documentation of the assessment of internal controls
Based on the scope selected in the previous paragraph, the assessment of internal controls shall be documented as follows:

1. General Control
   Document enterprise-wide control activities related to the control environment, risk assessment and response, control activities, information and communication, monitoring, and IT response.
2. Business processes related to financial settlement and financial reporting
   ◼ Document control activities in the preparation of financial reports, etc.
   ◼ Document individual control activities for critical business processes.
3. IT controls
   Document control activities related to IT in general and the functions of individual application systems.

(3) Method of evaluating internal controls

1. Assessment of company-wide internal controls We examine the company-wide control environment, organizational structure, management decision-making process, and other factors that have a significant impact on overall financial reporting, thoroughly consider risks both inside and outside the organization, and assess the status of their construction and operation.
2. Evaluation of internal controls related to financial statements and financial reporting
   Evaluate whether controls are functioning properly to ensure the reliability of financial closing procedures and financial reporting.
3. Evaluation of internal controls related to business processes
   Evaluate the effectiveness of risk management and control activities in each business process and check for any deficiencies. Use business process descriptions, flowcharts, and risk control matrices for the evaluation.
4. IT controls
   ◼ IT General Controls (ITGC)
   Evaluate overall controls to ensure the reliability and safety of the IT environment, including development, maintenance, operation, management, security, and access management of IT systems.
   ◼ IT Application Controls (ITAC)
   Evaluate whether various tasks using IT systems are performed accurately and appropriately, and whether business data is processed and recorded correctly.

5. Determining the effectiveness of internal controls

The internal control department will verify that control activities are functioning effectively.

6. Preparation of Internal Control Report

The Internal Control Management Department will issue an internal control report summarizing the results of the evaluation of the effectiveness of our internal controls.
It will be prepared and approved by the Board of Directors.

7 Education/Training

In order to properly implement internal control, the internal control division shall
The necessary education and training shall be provided to personnel who review and evaluate the utilization situation.

8. Revision and abolition of this policy

Any revision or abolition of this policy will be resolved by the Board of Directors.

Enactment date: September 18, 2025
IZAWA TOWEL CO.,LTD.
President and CEO Shoji Izawa