Board of Directors, JSC NC KTZ

APPROVED

Resolution as of April 16, 2014 No. 5

Board of Directors, JSC NC KTZ

INTERNALAUDITSERVICECHARTER

JSCNationalCompanyKazakhstanTemirZholy

1. General

1. This Internal Audit Service Charter (the Charter) defines the status of Internal Audit Service (the Service), its objectives, activities, rights and responsibilities, basic requirements for the structure and qualifications of its employees, procedures for appointing head and employees of the Service, applicable disciplinary sanctions, as well as authority of head of the Service, and interaction of the Service with the Board of Directors, the executive body of JSC National Company Kazakhstan Temir Zholy (the Company), subsidiaries/affiliates of the Company and other organizations.

2. The Charter is based on the Code of Ethics Service, quality standards and standards of internal auditors’ activity established by the Institute of Internal Auditors Inc.

3. The Board of Directors of the Companydetermine the number, list of employees and their terms of service, appoint and dismiss head and employees of the Service after a preliminary approval from the Audit Committee of the Board of Directors (the Audit Committee) is obtained.

4. Head of the executive body of the Company (the Executive Body) enters into an employment contract with head and employees of the Service based on aresolution adoptedby the Board of Directors in accordance with labor laws of the Republic of Kazakhstan.

5. The Board of Directors approves/defines proceedings of the Service, evaluates its activities, amount and terms of remuneration and bonuses for head and employees of the Service after a preliminary approval/reviewof the Audit Committee is obtained.

6. Social support, guarantees and compensation for employees of the Service is provided in accordance with internal regulations of the Company approved by the Board of Directors.

7. Job description, rights and responsibilities of head and employees of the Service are determined in the relevant instructions developed on the basis of this Charter, employment contracts, internal regulations and approved by Chairman of the Board of Directors or on his behalf by Chairman of the Audit Committee.

8. In its activities the Service is guided by laws of the Republic of Kazakhstan, the Articles of Association, resolutions of the Company’s bodies, this Charter, annual audit plan approved by the Board of Directors, and other internal regulatory documents of the Company.

9. Proceedings and rules for planning and implementing the activities of the Service are also regulated by internal regulations developed in accordance with principles and provisions of Standards and the Code of Ethics and approved by the Board of Directors and/or approved by the Audit Committee.

10. In this Charterthe following terms and definitions are used[1]:

Internal audit / Activities aimed to provide independent and objective guarantees and advice to improveperformance of an organization. Internalaudit system helps the organization achieve its goals by assessing and improving effectiveness of risk management, control and corporate governance processes through a systematic and consistent approach.
Internal control / Any action of the Executive Body, the Board of Directors and other parties aimed at managingrisksand increasing the likelihood of achieving goals and objectives.
Code of Ethics / The Code of Ethics of the Institute of Internal Auditors (IIA) includes the Principles relating to the profession and practice of internal audit, and the Rules of Conduct describing the behavior of internal auditors. The Code of Ethics is applied to both individuals and entities that provide internal audit services. The purpose of the Code of Ethics is to promote high ethical standards in the global community of professional internal auditors.
Consulting services / Adviceand recommendations, and etc. providedto the Board of Directors, the Executive Body, structural divisions and subsidiaries/affiliates of the Company (the Customer),with their nature and content agreed with the Customer.Such advice and recommendations are aimed to assist and improve corporate governance, risk management and control,with the Service not beingresponsible for managerial decisions.
Conflict of interest / Conflict of interest is a situation where an internal auditor who is a trusted person has a competing professional or personal interest. Suchcompeting interests may prevent the internal auditor from performing his duties impartially.
Corporate Governance / TheBoard of Directors-established processesand organizational structures aimed to inform, manage and monitor activities of the organization to assist it in achievingits objectives.
Fraud / Any illegal action characterized by mispresentation, conceal or abuse of trust. Fraudulent actions do not include those that are made under force or threat. Individual and entitiescommit fraud to receive money, property or services, evadethe payment of money or provision of services or for personal or commercial gain.
Independence / A condition when the internal audit service perform its duties impartially.
Objectivity / Amental attitude allowingan internal auditor to impartially carry out an assignment in such a way that he is confident in the final result and seeks no compromise with its quality. Objectivity requires that the internal auditor’s audit-relatedopinion isnot subordinate to opinion of others.
Guarantee / An objective analysis of the available audit evidence to make an independent assessment of corporate governance, risk management and control processes in the organization. (Example: financial audit, performance audit, compliance audit, system security audit, and due diligence engagements).
Practicality / Internal audit benefits the organization (and its stakeholders) if it gives objective and competent assurance and improves the efficiency and effectiveness of risk management, control and corporate governance processes.
Risk / A potential event (or coincidence) in the future which, if realized, may have a significant negative impact on long-term and short-term goals of the Company. Risk is measured by assessing the consequences and the likelihood of an event.
Head of Internal Audit Service / TheBoard of Directors-appointedperson responsible for internal audit in the organization, effective management of internal audit in accordance with the Audit Regulations and Definition of Internal Audit, the Code of Ethics and Standards, and having relevant professional certification and qualifications.
Risk management / Activities aimed to identify, evaluate, manage and monitor potentiallynegative events or situations to provide reasonable assurance that the organization will achieve its objectives.
Standard / An official professional regulation published by the Institute of Internal Auditors, setting requirements for internal audit on a wide range of issues, as well as onthe assessmentof internal auditperformance

2. Status

11. Subordinate and accountable to the Board of Directorsorganizationallythe Service is abody of the Company which function is to organize and implement internal audit in the Company.

12. The Service is supervised by the Audit Committee in accordance with internal regulatory documents governing the Audit Committee.

13. The Service is administratively subordinate to the Executive Body of the Company.Administrative subordination impliesthat the Executive Body is responsible for the relevant working conditions to be created forthe head and employees of the Service, remuneration, publication of the Service-relatedresolutions on the basis of decisions of the Board of Directors; receiving reports from the Service[2];overseeingthe compliance with labor regulations; registration of secondmentand annual leave orders, as well as other actions that are in the scope of the Service in accordance with this Charter and other regulatory documents of the Company. The Executive body may not use administrative subordination to influence the independence and objectivity of the Service.

14. To properly implement and providean objective and independent judgment in the execution of objectives and functionsthe Service shallbe free from the influence of any person.

15. To be independent and objective the Service complies with the requirements of Standards relating to criteria of organizational independence and objectivity.

16. The Service is impartial and unbiased in its work and prevents the occurrence of a conflict of interest.

17. The performance of the Service is assessed in accordance with requirements of this Charter and other regulatory documents governing the Service.

18. Head and employees of the Service are subject to provisions of internal regulations of the Company, with the exception of the documents that may not be applied in accordance with the status of the Service, the Articles of Association of the Company and this Charter.

3. Mission and objectives

19. TheService assist the Board of Directors and Executive Body inperforming their duties to achievestrategic goalsset for the Company.

20. Key objective of the Service is to provide independent and objective guarantees and advice to the Board of Directors aimed at improving the risk management systems, internal control and corporate governance in the Company.

4. Objectives and function

21. Keyobjectives of the Service are to:

1) assess and assist in improving the internal control system;

2) assess and facilitate the improvement of the risk management system;

3) assess the risk of fraud and effectiveness of fraud risk management in the Company;

4) assess and promotethe improvement of corporate governance system in the Company;

5) assess the reliability, entirety, objectivity of the accounting system and reliability of financial reporting;

6) assess compliance with the laws of the Republic of Kazakhstan and regulatory documents of Samruk-Kazyna (the Fund) (compliance control);

7) assess whether the Company’s resources and the methods used to ensure the safety of the Company’s assetsare rational and efficient;

8) provide a methodological support for the internal audit service, audit commissions of the Company’s subsidiaries and affiliates.

22. To achieve the objectives the Service has been assigned in accordance with the established procedurethe functions as follows:

1) to assess risks and adequacy and effectiveness of internal control over risks in corporate governance, operational (production and financial) activities of the Company and its informational systems, in particular:

-the ability to achieve strategic goals of the Company;

-reliability, completeness, objectivity of the accounting system and reliability of financial statements and other information relating to the Company’s financial and business operations, including consolidated statements;

-efficiency and effectiveness of the Company’s activities and adopted programs;

-rationality and efficiency of use of the Company’s resources and the methods used to ensure the safety of the Company’s property (assets);

-compliance of control systems with laws, regulations, internal regulatory documents, instructions of authorized and supervisory bodies, decisions of the Company’s bodies and their execution (compliance control).

2) to assess the adequacy and effectiveness of the internal control system in the Companyin accordance with the established procedure;

3) to assess the corporate risk management system in the Company;

4) to assess the risks of fraud and the effectiveness of fraud risk management in the Company[3];

5) to assesswhetherthe Companyapplies fully and effectivelythe risk assessment methodology and risk management procedures;

6) to assess whether the relevant bodies and divisions of the Company receive effectively risk and internal control-related information;

7) toassess (analyze) the corporate governance system, including the implementation and compliance with the adopted principles of corporate governance, relevant ethical standards and values in the Companyin accordance with the established procedure;

8) to audit the Company’s information systemsin accordance with the established procedure;

9) to overseethe compliance with laws of the Republic of Kazakhstan, international agreements, internal regulations of the Company, as well as the implementation of instructions of authorized and supervisory bodies, decisions of the Company’s bodies and assessthe systems created to meet these requirements;

10) to assess the adequacy of measures applied by the Company’s divisions to achieve the goals within the framework of the Company’s strategic goals;

11) to draw up internal regulatory documents to guide the activities of the Service, in accordance with Standards and decisions/recommendations of the Fund;

12) to advise the Board of Directors, the Executive Body, the Company’s structural divisions and subsidiaries and affiliates as to how to organize and improve internal control, risk management, corporate governance and internal audit (including internal regulatory documents and drafts) , as well as other issues within the competence of the Service;

13) to perform unscheduled audit assignments initiated by the Chairman or members of the Board of Directors on the basis of a relevant decision of the Board of Directors;

14) to oversee that the Companyimplements recommendations of the external auditor;

15) to implement subsequent control over the implementation of recommendations given by the Service in accordance with the established procedure;

16) to exchange information and coordinate activities with other internal and external parties of the Company and its subsidiaries and affiliates whose service are to provide guarantees and advice;

17) to inspect subsidiaries/affiliates of the Company upona decision of the Board of Directors or on behalf of the Chairman of the Board of Directors[4];

18) to interact and coordinate with control bodies of subsidiaries and affiliatesto plan and audit and inspect, including supervision[5]and methodological support for internal audit services, audit commissions of the Company’s subsidiaries and affiliates;

19) to perform other functions assigned to the Service, within its competence.

23. Based on audit results the Service develops the appropriate recommendations, including proposals to improve the existing systems of internal control and risk management, processes, principles and methods of business, and comments on any matters within the competence of the Service.

24. In the process of performing its objectives and functions the Serviceinteracts in accordance with the established procedure with all structural subdivisions of the Company, as well as other organizations in accordance with laws of the Republic of Kazakhstan.

5. Restrictions

25. To comply with the principles of independence and objectivity in the course of exercising its functions the head and employees of the Service shall not:

1) be involved in any activity that may subsequently be subject to internal audit or engage in the audit of any activity or function during the auditperiod.

2) exerciseany function in the Company whichis not related to the activities of the Service in accordance with this Charter;

3) participate in any activity that might affect the impartiality of evaluation of the head and employees of the Service or be perceived as causing such damage;

4) be members of committees or other working groups/commissions established by the Company having theright to sign. In such working groups the head and employees of the Service shall be engaged only as consultants without the right to vote.

5) supervise the actions of employees of structural divisions of the Company and its subsidiaries and affiliates, except for cases when such employees are appointed in accordance with the established procedure to participate in the audit procedures;

6) use confidential information in personal interests or in any other manner that is inconsistent with laws of the Republic of Kazakhstan or is capable of causing damage to the Company;

7) accept gifts and use services that may damage the independence, objectivity and impartiality of internal audit or which may be perceived as causing such damage.

6. Qualification requirements

26. The Head of the Service has:

1) higher professional education in accounting and auditing and/or finance and/or economics and/or jurisprudence, and additional specialized training;

2) experience of at least seven yearsin audit and/or accounting and/or finance;

3) experience of at least five yearsat managerial positions and/or internal audit service of organizations of the Fund;

4) knowledge of international financial reporting standards;

5) knowledge and understanding of the Code of Ethics and Standards;

6) knowledge of normative legal acts of the Republic of Kazakhstan, including auditing, accounting, taxation.

27. In terms of additional special trainingthe minimum requirements for the head of the Service are: a mandatory qualification certificate of auditor issued in accordance with the Law of the Republic of Kazakhstan On Auditing and/or the certificate in the field of internal audit of the CIA, and/or the certificate of the ACCA, and/or DipIFR diploma, and/or the certificate of the international professional accountant CIPA, and/or a CIMA diploma Business Performance Management, and/or aDipCPIAdiploma issued by the Institute of Certified Financial Managers (UK).

Knowledge of Kazakh and foreign language(s) is also preferable.

28. The employee of the Service has:

1) higher professional education in economics and finance and/or accounting and auditing and/or informational technology and/or technical and/or legal;

2) experience of at least three (3) yearsin auditing and/or accounting and/or finance and/or informational technology and/or technical support relevant to the profileof the company, and/or legal support;

3) knowledge of the Code of Ethics and Standards and the skills to apply them;

4) knowledge of the normative legal acts of the Republic of Kazakhstan, including on auditing, accounting, taxation.

It is also preferable to have a certificate and/or qualification in audit and/or accounting and financial management and/or IT technologies, knowledge of Kazakh and foreign languages.

29. The head and employees of the Service are appointedby the Board of Directors upon recommendation of the Audit Committee after a competitive selection and testing (or interview) with the participation of Chairman of the Audit Committee or amember of the Audit Committee (authorized by the Chairman of the Audit Committee) and/or Chairman of the Board of Directors.

7. Rights and powers of the Service

30. The Service has the rights and powers to realize its key objectives and functions as follows:

1) to have access to personnel, production and other facilities, to all documentation and any other information requested in connection with internal audit, including data and information which is a commercial and official secret of the Company;

2) to access accounting data (accountingprograms, etc.) on an ongoing basis in a passive mode, i.e. without the right to enter and correct;

3) to request and receive materials, including drafts of documents submitted to the Fund, the Board of Directors, the Executive Body of the Company for approvaland receive all orders/minutes of the said bodies of the Company;

4) to initiate an additional audit (unplanned) if it may impact the results ofan ongoing audit, upon consent of the Chairman of the Audit Committee;

5) to exchange information and coordinate activities with other internal and external parties which provide guarantees and advice to ensure the adequate coverage and minimize duplication;