Guidelines on Continuing Obligations for Registered Auditors

GUIDELINES ON CONTINUING OBLIGATIONS FOR REGISTERED AUDITORS SC-GL/1-2023 (R1-2026) 1st Issued: 26 June 2023 Revised: 2 March 2026

GUIDELINES ON CONTINUING OBLIGATIONS FOR REGISTERED AUDITORS Effective Date upon 1st Issuance 26 June 20231 Revision Series Revision Date Effective Date of Revision Series Number 1st Revision 2.3.2026 2.3.2026 SC-GL/1-2023 (R1-2026) 1 Save for the requirements in Chapters 6 and 7 which will take effect on 1 July 2024.

CONTENTS Page Chapter 1 1 INTRODUCTION Chapter 2 2 APPLICABILITY Chapter 3 3 DEFINITIONS Chapter 4 5 ANNUAL TRANSPARENCY REPORTING Chapter 5 6 STATISTICS GATHERING AND ANALYSIS EXERCISE Chapter 6 7 CHANGE OF AUDITOR Chapter 7 8 RESIGNATION AND REMOVAL OF AUDITOR Chapter 8 9 CORE PRINCIPLES ON INDEPENDENT OVERSIGHT FOR MAJOR AUDIT FIRMS Chapter 9 10 SUBMISSION PROCEDURE Appendix 1 11 CONTENTS OF THE ANNUAL TRANSPARENCY REPORT

1 Chapter 1 INTRODUCTION 1.01 The Guidelines on Continuing Obligations for Registered Auditors (Guidelines) is issued by the Securities Commission Malaysia (SC) pursuant to section 158 of the Securities Commission Malaysia Act 1993 (SCMA). 1.02 The Guidelines set out the continuing obligations including disclosure requirements that must be adhered to by a registered auditor. 1.03 In addition, the Guidelines also sets out the core principles of good governance practices applicable to Major Audit Firms, in particular, the implementation of an independent oversight function which is integral to ensuring effective governance. Notwithstanding that these principles are mandated for Major Audit Firms only, all other audit firms are encouraged to adopt and comply with these practices, which are intended to enhance the performance of high-quality audits. This is important in strengthening public trust, building long term resiliency in the auditing profession, enhancing the credibility of financial information, ensuring effective protection of stakeholders’ interests and reinforcing good corporate governance in the capital market.

2 Chapter 2 APPLICABILITY 2.01 The Guidelines apply to a registered auditor as defined in paragraph 3.01. 2.02 The Guidelines are in addition to and not in derogation of any other requirements provided for under securities laws or any other guidelines issued by the SC. 2.03 A registered auditor must ensure that all information disclosed or submitted to the AOB is true, complete and accurate. 2.04 Any breach or non-compliance with the Guidelines can result in the SC taking any appropriate action under the securities laws, including requiring a registered auditor to take any corrective measure when there is a breach or non-compliance with the Guidelines.

3 Chapter 3 DEFINITIONS 3.01 Unless otherwise defined, all words in the Guidelines shall have the same meaning as defined in the SCMA. In the Guidelines, unless the context otherwise requires: AOB means the Audit Oversight Board established under the SCMA; applicable quality standards means international quality standards as approved and adopted by MIA; audit firm means a partnership or other legal entity who is registered under section 265 of the Companies Act 2016; MIA means the Malaysian Institute of Accountants established under section 3 of the Accountants Act 1967; MIA By-Laws means By-Laws (On Professional Ethics, Conduct and Practice) of the MIA; Major Audit Firm means an audit firm registered with the AOB that meets the following criteria for two consecutive years as of 31 December of each calendar year: (a) The firm has more than 50 PIE audit clients; and (b) The total market capitalisation of the firm’s PIE clients amounts to above RM15 billion; PIE means the public interest entity specified in Part 1 of Schedule 1 of the SCMA; PLC means public listed companies or corporations listed on the stock exchange; Relevant Audit Firm means an audit firm registered with the AOB that has more than 10 PIE audit clients for two consecutive years as of 31 December of each calendar year;

4 registered auditor means an individual auditor or audit firm registered with the AOB under section 31O of the SCMA.

5 Chapter 4 ANNUAL TRANSPARENCY REPORTING 4.01 A Relevant Audit Firm must issue and publish an Annual Transparency Report (ATR) on its website within four months from the end of the Relevant Audit Firm’s financial year end (Prescribed Timeframe). Guidance to paragraph 4.01 For an AOB registered audit firm that is not a Relevant Audit Firm, the audit firm may issue the ATR within the Prescribed Timeframe on a voluntary basis. 4.02 A Relevant Audit Firm must submit a copy of the ATR to the AOB via email immediately upon publication of the ATR on its website. 4.03 A Relevant Audit Firm must include in the ATR, the information set out in Appendix 1 and any other information as may be required by the AOB from time to time. 4.04 If a Relevant Audit Firm subsequently does not meet the criteria specified under paragraph 3.01, the Relevant Audit Firm– (a) must continue to issue the ATR on the first year in which it does not meet the criteria; and (b) may continue to issue the ATR on the second and subsequent years in which it does not meet the criteria.

6 Chapter 5 STATISTICS GATHERING AND ANALYSIS EXERCISE 5.01 A Relevant Audit Firm must submit to the AOB a Statistics Gathering and Analysis form (SGA Form) prescribed by the AOB together with the submission of a copy of ATR under paragraph 4.02. 5.02 An AOB-registered audit firm, other than a Relevant Audit Firm, must submit the SGA Form as at 30 June of each calendar year to the AOB via email by 15 August of each calendar year.

7 Chapter 6 CHANGE OF AUDITOR 6.01 Before accepting the appointment as an auditor of a PIE, the incoming auditor must undertake the following: (a) Seek professional clearance from the outgoing auditor; and (b) Complete the evaluation for the acceptance of a new audit engagement including relevant risk assessments in accordance with the applicable quality standards. 6.02 The outgoing auditor must provide a written reply to the incoming auditor on any professional reason as to why the incoming auditor should or should not accept the audit appointment, within 14 business days from the receipt of the request. 6.03 If consent is not provided by the PIE audit client for disclosing additional information relating to the professional reason, the outgoing auditor must— (a) inform the incoming auditor of the non-consent in the written reply referred to in paragraph 6.02; and (b) submit a copy of the written reply to the AOB concurrently.

8 Chapter 7 RESIGNATION AND REMOVAL OF AUDITOR 7.01 Upon giving a notice of resignation as auditor to a PIE audit client, the outgoing auditor must submit the following to the AOB: (a) A written notification setting out— (i) the specific reasons and circumstances that gave rise to the resignation; and (ii) any key audit concerns that relate to the PIE audit client’s annual financial statements, within five business days after the issuance of the notice of resignation to the PIE audit client; and (b) A copy of the written reply referred to in paragraph 6.02. 7.02 In the event that a registered auditor is removed by a PIE audit client pursuant to the Companies Act 2016, the registered auditor must notify the AOB of such removal and the reasons of the removal if known to the registered auditor, within five business days upon receipt of the notice of removal from the PIE audit client.

9 Chapter 8 CORE PRINCIPLES ON INDEPENDENT OVERSIGHT FOR MAJOR AUDIT FIRMS 8.01 The establishment of an independent oversight function within a firm is essential for upholding and enhancing governance standards. This is particularly essential for Major Audit Firms given their large partnership structures, multidisciplinary practices, and substantial share of the audit market. 8.02 Towards this end, all Major Audit Firms are required to adopt the following core principles in establishing an independent oversight function to safeguard public interest and maintain confidence in the audit profession: Governance Major Audit Firms must establish a governance structure that is independent from the firm’s executive management team to promote accountability, upholding of audit quality and adherence to professional and ethical obligations by the firm’s executive management team. Oversight Members of the governance structure must exercise independent oversight over the Major Audit Firm’s executive management team for both audit and non-audit functions. Authority Members of the governance structure must have appropriate authority and influence in executing their responsibilities. 8.03 Pursuant to paragraph 8.02, the scope of independent oversight over audit and non-audit functions must include the following: (a) The firm’s business strategy and financial performance; (b) Risk management of the firm; (c) Firm culture and governance relating to ethics; (d) Partner admission and compensation; (e) Complaints against the firm and its partners; (f) Monitoring of lawsuits and regulatory actions against the firm and its partners; (g) Monitoring of the remediation of significant deficiencies arising from internal and external monitoring reviews; and (h) Liaising with the regulators on matters of concern. 8.04 The core principles set out in this Chapter apply to Major Audit Firms with financial year ending on or after 31 December 2026.

10 Chapter 9 SUBMISSION PROCEDURE 9.01 Any submission or notification made under the Guidelines to the AOB must be made via email in the following manner: (a) Documents must be in a text searchable Portable Document Format (PDF); (b) The PDF-text files must be in a readable and proper condition; and (c) In a size of up to 10 MB per e-mail to the respective email addresses below depending on the types of submission: No. Types of submission Email address (i) ATR AOBATR@seccom.com.my (ii) SGA Form AOBSGA@seccom.com.my (iii) Other notification under the Guidelines aobsubmission@seccom.com.my

11 APPENDIX 1 CONTENTS OF THE ANNUAL TRANSPARENCY REPORT This Appendix sets out the minimum information required to be included in the ATR. A. Audit firm’s legal and governance structure

1. A description of the audit firm’s legal and ownership structure that must also include disclosure of the following: (a) Any affiliated firms; and (b) Entities owned or entities in which the audit firm has a beneficial interest.
2. Information about the audit firm’s governance and leadership structure including how they manage the audit practice and the audit firm as a whole.
3. For Major Audit Firms, a disclosure on how the firm has complied with the core principles as set out under Chapter 8.
4. Disclosure of the organisational structure relating to the firm’s system of quality management. The disclosure shall also include the assignment of roles, responsibilities and authority, which is appropriate to enable the design, implementation and operation of the firm’s system of quality management in accordance with the International Standard on Quality Management 1.
5. A description of the network to which the audit firm belongs to and the structural arrangements in the network including the respective responsibilities of the network and the audit firms.
6. A disclosure on partners with substantial interest in the partnership (i.e. partners with more than 10% equity interest in the partnership). The recommended format of disclosure is as follows: Equity interest held (%) Number of partners 10% to 20% More than 20% to 30% More than 30% to 40% More than 40% to 50% More than 50% to 60% More than 60% to 70% More than 70% to 80%

12 More than 80% to 90% More than 90% to 100% If there is no such instance, provide a statement confirming this fact. 7. A disclosure on family relationships between partners undertaking leadership roles or holding a substantial interest in the partnership with other partners of the audit firm. If there is no such instance, provide a statement confirming this fact.

13 B. Measures taken by the audit firm to uphold audit quality and manage risks

1. A description of the audit firm’s system of quality management including measures taken to comply with the requirements of applicable quality standards and any other initiatives to enhance audit quality.
2. A description of how the audit firm holds the partners accountable for audit quality, including how performance on audit quality was assess and the extent to which this affects remuneration.
3. A description of measures taken by the audit firm to ensure auditor independence (e.g. audit firm’s independence policies, independence monitoring, compliance with the MIA By-Laws).
4. A description of measures taken by the audit firm to ensure compliance with the relevant laws and regulations (e.g. adoption of policies that addresses anti-money laundering and anti-corruption practices).
5. A description of how the audit firm establishes, evaluates and monitors compliance with accounting, auditing and applicable quality standards.
6. A description of the audit firm’s risk management process to identify, measure, and mitigate material risk.
7. A disclosure on litigations currently faced by the audit firm. If there is no such instance, provide a statement confirming this fact.
8. A disclosure on any actions that the authorities or regulators have taken on the audit firm or its audit partners during the year. If there is no such instance, provide a statement confirming this fact.
9. A disclosure on instances where the total fees from a PIE audit client and its related entities represent more than 15% of the total fees received by the audit firm together with an explanation on how the independence threats posed by the fee dependency is addressed. If there is no such instance, provide a statement confirming this fact.
10. A disclosure on how the audit firm uses information technology to enhance audit quality.
11. A disclosure on the availability of specialised resources to support the audit engagement team such as the information technology, valuation, tax and actuarial specialists.
12. A disclosure on the audit firm’s sustainability risks and opportunities.

14 C. Information about the audit firm’s indicators of audit quality

1. The statistics relating to indicators of audit quality over a three-year period.
2. The following table lists out the audit quality indicators that must be included in the ATR and other indicators that may be included in the ATR: Audit quality indicators Audit quality indicators that must be included Other audit quality indicators that may be included2 Audit partner3 workload  Ratio of the average number of PIEs per PIE audit partner  Ratio of the average number of entities related to PIEs per PIE audit partner  Ratio of the average number of non-PIEs per PIE audit partner  Average portfolio audit fees per partner  Range or average number of PIE audit clients with the same financial year-end per partner  Other factors that may influence partner workload such as audit team support structure (e.g. directors, principals) Auditor independence  Proportion of fee income derived from audit clients segregated into statutory audit, other assurance services and services provided by the non-audit practice.  Proportion of fee income between audit practice and non-audit practice (e.g. tax, corporate advisory, consulting)  Results of the firm’s ongoing independence monitoring process 2 Audit firms may include other audit quality indicators monitored by the audit firm that have not been listed under this column. 3 This relates to audit partner who is involved in PIE audits.

15 Audit quality indicators Audit quality indicators that must be included Other audit quality indicators that may be included2 Capacity and competence of the audit practice  Headcount of the audit personnel (Partner, Managerial staff, Non￾managerial staff)  Headcount of audit personnel with professional qualifications  Turnover rate for audit personnel  Average years of experience of audit personnel (Partner, Managerial staff, Non￾managerial staff)  Years of experience by staff role (Partner, Managerial and Non￾managerial)  Outsourcing arrangements, where applicable Audit engagement supervision  Staff to partner ratio  Staff to manager ratio  Any other factors monitored by the firm that influence engagement supervision (e.g. time spent by audit partners and managerial level staff on audit engagements) Firm’s investment to uphold audit quality  Hours of training provided by the firm to audit personnel (Partner, Managerial staff, Non￾managerial staff)  Headcount of quality control functions (e.g. training, risk  Any other investments made by the network or local firm to uphold audit quality (e.g. IT systems, audit methodology)

16 Audit quality indicators Audit quality indicators that must be included Other audit quality indicators that may be included2 management, technical functions)  Ratio of quality control staff to audit staff Internal and external monitoring reviews  Number of engagements that were subjected to cold file review by the local firm  Number of engagements that were subjected to cold file review by the firm’s network  Results of monitoring reviews that have been carried out by the local firm or the firm’s network  Results of AOB inspections and compliance reviews by external bodies (e.g. MIA, professional bodies)  Remedial actions taken to address results of monitoring reviews carried out by the local firm or its firm’s network  Remedial actions taken to address results of AOB inspections and compliance reviews by external bodies (e.g. MIA, professional bodies) Where applicable, the method of calculation to derive the results of the audit quality indicators above must be consistent with that used in the SGA Form submitted to the AOB. 3. The relevant explanation on the audit quality indicators to provide sufficient context and understanding of these indicators. D. Other Information

1. A listing of the audit firm’s PIE clients as at the end of the audit firm’s financial year end.