Internal Control

        SLM Corporation Public Company Limited (“the Company”) gives importance to internal control systems both at the executive level and operational level efficiently. Therefore, the Company clearly define the duties and authority of workers and executives in writing. There is a control over the use of the Company’s assets to generate benefit, and separation of duties of workers, followers, controllers, and evaluator separately to achieve proper balance and audit between each other.

        The Audit Committee has performed its duties in accordance with the Audit Committee Charter approved by the Board of Directors, and has supported the Company to have a good corporate governance system in order to be transparent, have morals and ethics, create confidence for shareholders and stakeholders. The Audit Committee has the scope of duties and responsibilities to review and consider the financial statements, disclosures in Financial Reports and connected transactions and transactions that may have conflicts of interest to be accurate, complete, reliable. In addition, the Audit Committee has reviewed the internal control system with the internal auditors every quarter, and has coordinated with the auditor and the management to supervise the operation to be in accordance with the relevant laws and regulations. As well as evaluating the performance and compensation of the internal control system audit service providers, and selection, nomination, appointment, and remuneration of the auditor including performing other duties as assigned by the Board of Directors.

        Monitoring the sufficiency assessment of the Company’s internal control system, the Board of Directors has considered the COSO framework which covers all 5 aspects as follows: (1) internal control, (2) risk assessment, (3) control activities, (4) information and communication systems, and (5) monitoring systems; and report the assessment of internal control system to the Board of Directors’ meeting at least once a year. And disclosure the results of the assessment in the annual registration statement (56-1) and the annual report of the Company.

        In the past years, the Company has assessed various risks along with regular supervision to prevent potential risks. Including the preparation of operating regulations to prevent risks that may occur. And a risk management committee’s established to supervise and encourage employees to gain knowledge and realize the importance of risk management as well as to analyze and monitor changes in the environment that may affect the Company in order to determine appropriate risk response measures.