APPROVEDResolution as of April 16, 2014 No. 5Board of Directors, JSC NC KTZ

INTERNAL AUDIT SERVICE CHARTERJSC National Company Kazakhstan Temir Zholy

1. General

1. This Internal Audit Service Charter (the Charter) defines the status of Internal Audit Service (the Service), its objectives, activities, rights and responsibilities, basic requirements for the structure and qualifications of its employees, procedures for appointing head and employees of the Service, applicable disciplinary sanctions, as well as authority of head of the Service, and interaction of the Service with the Board of Directors, the executive body of JSC National Company Kazakhstan Temir Zholy (the Company), subsidiaries/affiliates of the Company and other organizations.

2. The Charter is based on the Code of Ethics Service, quality standards and standards of internal auditors’ activity established by the Institute of Internal Auditors Inc.

3. The Board of Directors of the Company determine the number, list of employees and their terms of service, appoint and dismiss head and employees of the Service after a preliminary approval from the Audit Committee of the Board of Directors (the Audit Committee) is obtained.

4. Head of the executive body of the Company (the Executive Body) enters into an employment contract with head and employees of the Service based on a resolution adopted by the Board of Directors in accordance with labor laws of the Republic of Kazakhstan.

5. The Board of Directors approves/defines proceedings of the Service, evaluates its activities, amount and terms of remuneration and bonuses for head and employees of the Service after a preliminary approval/review of the Audit Committee is obtained.

6. Social support, guarantees and compensation for employees of the Service is provided in accordance with internal regulations of the Company approved by the Board of Directors.

7. Job description, rights and responsibilities of head and employees of the Service are determined in the relevant instructions developed on the basis of this Charter, employment contracts, internal regulations and approved by Chairman of the Board of Directors or on his behalf by Chairman of the Audit Committee.

8. In its activities the Service is guided by laws of the Republic of Kazakhstan, the Articles of Association, resolutions of the Company’s bodies, this Charter, annual

1

audit plan approved by the Board of Directors, and other internal regulatory documents of the Company.

9. Proceedings and rules for planning and implementing the activities of the Service are also regulated by internal regulations developed in accordance with principles and provisions of Standards and the Code of Ethics and approved by the Board of Directors and/or approved by the Audit Committee.

10. In this Charter the following terms and definitions are used1:

Internal audit Activities aimed to provide independent and objective guarantees and advice to improve performance of an organization. Internal audit system helps the organization achieve its goals by assessing and improving effectiveness of risk management, control and corporate governance processes through a systematic and consistent approach.

Internal control Any action of the Executive Body, the Board of Directors and other parties aimed at managing risks and increasing the likelihood of achieving goals and objectives.

Code of Ethics The Code of Ethics of the Institute of Internal Auditors (IIA) includes the Principles relating to the profession and practice of internal audit, and the Rules of Conduct describing the behavior of internal auditors. The Code of Ethics is applied to both individuals and entities that provide internal audit services. The purpose of the Code of Ethics is to promote high ethical standards in the global community of professional internal auditors.

Consulting services Advice and recommendations, and etc. provided to the Board of Directors, the Executive Body, structural divisions and subsidiaries/affiliates of the Company (the Customer), with their nature and content agreed with the Customer. Such advice and recommendations are aimed to assist and improve corporate governance, risk management and control, with the Service not being responsible for managerial decisions.

Conflict of interest Conflict of interest is a situation where an internal auditor who is a trusted person has a competing professional or personal interest. Such competing interests may prevent the internal auditor from performing his duties impartially.

Corporate Governance The Board of Directors-established processes and organizational structures aimed to inform, manage and

1 Terms and definitions are interpreted in accordance with the International Professional Standards on Internal Auditing of the Institute of Internal Auditors Inc.)

2

monitor activities of the organization to assist it in achieving its objectives.

Fraud Any illegal action characterized by mispresentation, conceal or abuse of trust. Fraudulent actions do not include those that are made under force or threat. Individual and entities commit fraud to receive money, property or services, evade the payment of money or provision of services or for personal or commercial gain.

Independence A condition when the internal audit service perform its duties impartially.

Objectivity A mental attitude allowing an internal auditor to impartially carry out an assignment in such a way that he is confident in the final result and seeks no compromise with its quality. Objectivity requires that the internal auditor’s audit-related opinion is not subordinate to opinion of others.

Guarantee An objective analysis of the available audit evidence to make an independent assessment of corporate governance, risk management and control processes in the organization. (Example: financial audit, performance audit, compliance audit, system security audit, and due diligence engagements).

Practicality Internal audit benefits the organization (and its stakeholders) if it gives objective and competent assurance and improves the efficiency and effectiveness of risk management, control and corporate governance processes.

Risk A potential event (or coincidence) in the future which, if realized, may have a significant negative impact on long-term and short-term goals of the Company. Risk is measured by assessing the consequences and the likelihood of an event.

Head of Internal Audit Service

The Board of Directors-appointed person responsible for internal audit in the organization, effective management of internal audit in accordance with the Audit Regulations and Definition of Internal Audit, the Code of Ethics and Standards, and having relevant professional certification and qualifications.

Risk management Activities aimed to identify, evaluate, manage and monitor potentially negative events or situations to provide reasonable assurance that the organization will achieve its objectives.

Standard An official professional regulation published by the

3

Institute of Internal Auditors, setting requirements for internal audit on a wide range of issues, as well as on the assessment of internal audit performance

2. Status

11. Subordinate and accountable to the Board of Directors organizationally the Service is a body of the Company which function is to organize and implement internal audit in the Company.

12. The Service is supervised by the Audit Committee in accordance with internal regulatory documents governing the Audit Committee.

13. The Service is administratively subordinate to the Executive Body of the Company. Administrative subordination implies that the Executive Body is responsible for the relevant working conditions to be created for the head and employees of the Service, remuneration, publication of the Service-related resolutions on the basis of decisions of the Board of Directors; receiving reports from the Service2; overseeing the compliance with labor regulations; registration of secondment and annual leave orders, as well as other actions that are in the scope of the Service in accordance with this Charter and other regulatory documents of the Company. The Executive body may not use administrative subordination to influence the independence and objectivity of the Service.

14. To properly implement and provide an objective and independent judgment in the execution of objectives and functions the Service shall be free from the influence of any person.

15. To be independent and objective the Service complies with the requirements of Standards relating to criteria of organizational independence and objectivity.

16. The Service is impartial and unbiased in its work and prevents the occurrence of a conflict of interest.

17. The performance of the Service is assessed in accordance with requirements of this Charter and other regulatory documents governing the Service.

18. Head and employees of the Service are subject to provisions of internal regulations of the Company, with the exception of the documents that may not be applied in accordance with the status of the Service, the Articles of Association of the Company and this Charter.

3. Mission and objectives

19. The Service assist the Board of Directors and Executive Body in performing their duties to achieve strategic goals set for the Company.

2 Audit reports based on results of auditing assignments

4

20. Key objective of the Service is to provide independent and objective guarantees and advice to the Board of Directors aimed at improving the risk management systems, internal control and corporate governance in the Company.

4. Objectives and function

21. Key objectives of the Service are to:1) assess and assist in improving the internal control system;2) assess and facilitate the improvement of the risk management system;3) assess the risk of fraud and effectiveness of fraud risk management in the

Company;4) assess and promote the improvement of corporate governance system in the

Company;5) assess the reliability, entirety, objectivity of the accounting system and

reliability of financial reporting;6) assess compliance with the laws of the Republic of Kazakhstan and

regulatory documents of Samruk-Kazyna (the Fund) (compliance control);7) assess whether the Company’s resources and the methods used to ensure the

safety of the Company’s assets are rational and efficient;8) provide a methodological support for the internal audit service, audit

commissions of the Company’s subsidiaries and affiliates.22. To achieve the objectives the Service has been assigned in accordance with

the established procedure the functions as follows:1) to assess risks and adequacy and effectiveness of internal control over risks

in corporate governance, operational (production and financial) activities of the Company and its informational systems, in particular:

- the ability to achieve strategic goals of the Company; - reliability, completeness, objectivity of the accounting system and reliability

of financial statements and other information relating to the Company’s financial and business operations, including consolidated statements;

- efficiency and effectiveness of the Company’s activities and adopted programs;

- rationality and efficiency of use of the Company’s resources and the methods used to ensure the safety of the Company’s property (assets);

- compliance of control systems with laws, regulations, internal regulatory documents, instructions of authorized and supervisory bodies, decisions of the Company’s bodies and their execution (compliance control).

2) to assess the adequacy and effectiveness of the internal control system in the Company in accordance with the established procedure;

3) to assess the corporate risk management system in the Company;

5

4) to assess the risks of fraud and the effectiveness of fraud risk management in the Company3;

5) to assess whether the Company applies fully and effectively the risk assessment methodology and risk management procedures;

6) to assess whether the relevant bodies and divisions of the Company receive effectively risk and internal control-related information;

7) to assess (analyze) the corporate governance system, including the implementation and compliance with the adopted principles of corporate governance, relevant ethical standards and values in the Company in accordance with the established procedure;

8) to audit the Company’s information systems in accordance with the established procedure;

9) to oversee the compliance with laws of the Republic of Kazakhstan, international agreements, internal regulations of the Company, as well as the implementation of instructions of authorized and supervisory bodies, decisions of the Company’s bodies and assess the systems created to meet these requirements;

10) to assess the adequacy of measures applied by the Company’s divisions to achieve the goals within the framework of the Company’s strategic goals;

11) to draw up internal regulatory documents to guide the activities of the Service, in accordance with Standards and decisions/recommendations of the Fund;

12) to advise the Board of Directors, the Executive Body, the Company’s structural divisions and subsidiaries and affiliates as to how to organize and improve internal control, risk management, corporate governance and internal audit (including internal regulatory documents and drafts) , as well as other issues within the competence of the Service;

13) to perform unscheduled audit assignments initiated by the Chairman or members of the Board of Directors on the basis of a relevant decision of the Board of Directors;

14) to oversee that the Company implements recommendations of the external auditor;

15) to implement subsequent control over the implementation of recommendations given by the Service in accordance with the established procedure;

16) to exchange information and coordinate activities with other internal and external parties of the Company and its subsidiaries and affiliates whose service are to provide guarantees and advice;

17) to inspect subsidiaries/affiliates of the Company upon a decision of the Board of Directors or on behalf of the Chairman of the Board of Directors4;

3 Identification and investigation of fraud is not a primary function of the Service. Employees of the Service may be involved in the investigation of fraud as consultants / observers and are not responsible for making managerial decisions based on the results of investigations.

4 For the Service to assess the activities of subsidiaries and affiliates provisions of paragraph 22 of this Charter also apply to the Company’s subsidiaries and affiliates.

6

18) to interact and coordinate with control bodies of subsidiaries and affiliates to plan and audit and inspect, including supervision5 and methodological support for internal audit services, audit commissions of the Company’s subsidiaries and affiliates;

19) to perform other functions assigned to the Service, within its competence.23. Based on audit results the Service develops the appropriate

recommendations, including proposals to improve the existing systems of internal control and risk management, processes, principles and methods of business, and comments on any matters within the competence of the Service.

24. In the process of performing its objectives and functions the Service interacts in accordance with the established procedure with all structural subdivisions of the Company, as well as other organizations in accordance with laws of the Republic of Kazakhstan.

5. Restrictions

25. To comply with the principles of independence and objectivity in the course of exercising its functions the head and employees of the Service shall not:

1) be involved in any activity that may subsequently be subject to internal audit or engage in the audit of any activity or function during the audit period.

2) exercise any function in the Company which is not related to the activities of the Service in accordance with this Charter;

3) participate in any activity that might affect the impartiality of evaluation of the head and employees of the Service or be perceived as causing such damage;

4) be members of committees or other working groups/commissions established by the Company having the right to sign. In such working groups the head and employees of the Service shall be engaged only as consultants without the right to vote.

5) supervise the actions of employees of structural divisions of the Company and its subsidiaries and affiliates, except for cases when such employees are appointed in accordance with the established procedure to participate in the audit procedures;

6) use confidential information in personal interests or in any other manner that is inconsistent with laws of the Republic of Kazakhstan or is capable of causing damage to the Company;

7) accept gifts and use services that may damage the independence, objectivity and impartiality of internal audit or which may be perceived as causing such damage.

6. Qualification requirements

26. The Head of the Service has:

5 To plan auditing, set qualification requirements for personnel, engage personnel, assess the activities of audit service in affiliates (by decision of the Board of Directors of the Company).

7

1) higher professional education in accounting and auditing and/or finance and/or economics and/or jurisprudence, and additional specialized training;

2) experience of at least seven years in audit and/or accounting and/or finance;3) experience of at least five years at managerial positions and/or internal audit

service of organizations of the Fund;4) knowledge of international financial reporting standards;5) knowledge and understanding of the Code of Ethics and Standards;6) knowledge of normative legal acts of the Republic of Kazakhstan, including

auditing, accounting, taxation.27. In terms of additional special training the minimum requirements for the

head of the Service are: a mandatory qualification certificate of auditor issued in accordance with the Law of the Republic of Kazakhstan On Auditing and/or the certificate in the field of internal audit of the CIA, and/or the certificate of the ACCA, and/or DipIFR diploma, and/or the certificate of the international professional accountant CIPA, and/or a CIMA diploma Business Performance Management, and/or a DipCPIA diploma issued by the Institute of Certified Financial Managers (UK).

Knowledge of Kazakh and foreign language(s) is also preferable.28. The employee of the Service has:1) higher professional education in economics and finance and/or accounting

and auditing and/or informational technology and/or technical and/or legal;2) experience of at least three (3) years in auditing and/or accounting and/or

finance and/or informational technology and/or technical support relevant to the profile of the company, and/or legal support;

3) knowledge of the Code of Ethics and Standards and the skills to apply them;4) knowledge of the normative legal acts of the Republic of Kazakhstan,

including on auditing, accounting, taxation.It is also preferable to have a certificate and/or qualification in audit and/or

accounting and financial management and/or IT technologies, knowledge of Kazakh and foreign languages.

29. The head and employees of the Service are appointed by the Board of Directors upon recommendation of the Audit Committee after a competitive selection and testing (or interview) with the participation of Chairman of the Audit Committee or a member of the Audit Committee (authorized by the Chairman of the Audit Committee) and/or Chairman of the Board of Directors.

7. Rights and powers of the Service

30. The Service has the rights and powers to realize its key objectives and functions as follows:

1) to have access to personnel, production and other facilities, to all documentation and any other information requested in connection with internal audit,

8

including data and information which is a commercial and official secret of the Company;

2) to access accounting data (accounting programs, etc.) on an ongoing basis in a passive mode, i.e. without the right to enter and correct;

3) to request and receive materials, including drafts of documents submitted to the Fund, the Board of Directors, the Executive Body of the Company for approval and receive all orders/minutes of the said bodies of the Company;

4) to initiate an additional audit (unplanned) if it may impact the results of an ongoing audit, upon consent of the Chairman of the Audit Committee;

5) to exchange information and coordinate activities with other internal and external parties which provide guarantees and advice to ensure the adequate coverage and minimize duplication;

6) to develop action plans and perform certain tasks as instructed by the Board of Directors or the Chairman of the Board of Directors to engage employees of structural units as independent experts, as well as specialists of other legal entities (with the exception of persons who participated in the audit of a preceding calendar year) to obtain advice on specific issues;

7) to consult and send written requests to the Fund, to a subsidiary/affiliate, other organizations and structural divisions of the Company on matters within the competence of the Service;

8) to engage independent consultants according to the established procedure or to use the co-sourcing to perform the audit fully or partially if employees of the Service do not have sufficient knowledge and skills, unless the audit requires an assessment of the risk of fraud and assessment of fraud risk management;

9) to engage in IT-audit the employees of the Service and IT specialists of other companies of the Fund, upon consent with interested parties;

10) to set an independent budget of the Service and submit to the Audit Committee and/or the Board of Directors6;

11) to participate in the preparation and implementation of the Company’s programs and projects in accordance with competence and authority of the Service in compliance with Standards;

12) to participate in programs aimed at training, retraining, raising the level of professional skill of the Company’s employees and certification programs for internal auditors;

13) to exercise other rights and powers that comply with laws of the Republic of Kazakhstan, the Articles of Association of the Company, this Charter, internal regulations of the Company and the Standards.

31. The head of the Service has the following powers:

6 An independent budget of the Service is part of the budget of the Company; It states the expenses of the Service in the planned period for the items specified in internal normative document which regulates the formation and approval of the budget of the Service. The word independent here is understood as the absence of restrictions on the part of the Executive Body with the aim of influencing the activities of the Service, except when the applicable restriction is related to limits and regulations established by the Board of Directors, the Fund and supervisory bodies.

9

1) to participate in the executive body-organized meetings and events to improve internal control, risk management and corporate governance and other matters within the competence of the Service without the right to agree on decisions of the executive body;

2) to directly address to the Chairman and members of the Board of Directors and the Audit Committee, members of the Management Board, as well as to the management of subsidiaries and affiliates regarding the activities of the Service;

3) to make recommendations to the Board of Directors as to the number, terms of office, the appointment procedure, as well as to dismissal, proceedings, amount and terms of remuneration and bonuses, organizational and technical support for the Service;

4) to initiate a meeting of the Board of Directors and/or the Audit Committee on matters within the competence of the Service;

5) to provide the interaction of the Service with other external parties which render guarantee-related services to the Company;

6) to apply to state bodies and other legal entities in connection with activities of the Service;

7) to rotate the duties of the employees of the Service to prevent the emergence of a conflict of interest, as well as to ensure the exchange of work experience (from time to time or as appropriate);

8) to exercise other powers provided for by the Company’s internal control system and take decisions on all matters within the competence of the Service.

8. Responsibility of the Service and its head

32. The Service is responsible to timely and qualitatively perform its functions and tasks assigned and observe professional standards and attitude7 in its activities and the Code of Ethics.

33. In accordance with the established procedure employees of the Service bear personal responsibility for qualitative and timely execution of functions in accordance with job descriptions, employment contracts and laws of the Republic of Kazakhstan, as well as to comply with Standards, the Code of Ethics and internal regulatory documents regulating the activity of the Service.

34. Employees of the Service shall timely inform the head of the Service of any situations related to an event or potential event of a violation of independence and/or objectivity by an internal auditor expressed in particular in the form of a conflict of interest or limitation of the powers of the internal auditor.

35. The head of the Service in the established manner bears personal responsibility for qualitative and timely execution of functions and tasks assigned to the Service in accordance with this Charter, the laws of the Republic of Kazakhstan,

7 A professional attitude does not mean the infallibility of internal auditors and the obligation to provide absolute guarantees of no violation or inconsistency.

10

the employment contract, job descriptions and other internal documents of the Company.

36. The duties and responsibilities of the head of the Service:1) to effectively manage the Service and ensure its usefulness for the Company

in accordance with the efficiency and utility criteria established by the Standards;2) to develop a medium term Strategic Plan of the Service;3) to ensure a timely preparation of the risk-oriented annual audit plan of the

Service, overseeing its implementation and timely correction. The annual audit plan of the Service is submitted to the Audit Committee and the Board of Directors for consideration no later than December 1 of the year preceding the planned one;

4) to ensure that internal documents of the Company and methodological recommendations on internal audit and other documents related to the activities of the Service are developed;

5) to apply unified basic principles and internal audit procedures approved (recommended) by the Sole Shareholder of the Company in the activity of the Service;

6) to ensure the compliance of reports with internal regulatory documents on the organization of internal audit and the Standards;

7) to communicate the results of audit to persons who can ensure their qualitative consideration;

8) to develop and implement the Program for guaranteeing and improving the quality of internal audit, covering all activities of the Service and providing for internal and external evaluation of the Service;

9) to implement organizational measures aimed at preventing potential and existing conflicts of interest and prejudice towards the object of audit by the Service or its individual employees during the planning and implementation of the activities of the Service;

10) to submit reports on the activities of the Service to the Board of Directors and the Audit Committee in accordance with the provisions of this Charter;

11) to plan and timely consider the issues of the Service within the framework of the annual work plan of the Audit Committee and the Board of Directors;

12) to exchange information and coordinate the activities with other internal and external parties providing guarantees and advice to ensure adequate coverage and minimize duplication;

13) to evaluate from time to time the compliance of functions, rights, powers and responsibilities of the Service with the purposes and tasks of internal audit specified by the Charter and bring the results of such an evaluation to the attention of the Audit Committee and the Board of Directors;

14) to take measures to increase professional training of the employees of the Service.

9. Imposition of penalties

11

37. Violation of labor discipline, failure to perform or improper performance of the duties assigned to an employee by the decision of the Board of Directors a disciplinary penalty is applied to the head and employees of the Service in the established manner.

38. The material liability of the head and employees of the Service and the procedure for compensating the damage (if any), as well as procedures for imposing disciplinary sanctions is in accordance with laws of the Republic of Kazakhstan and internal regulations of the Company.

10. Provision of information to the Board of Directors, the Audit Committee

39. Annually, by December 1 of the year preceding the planned year, the Service submits an annual audit plan to the Audit Committee and the Board of Directors for consideration. The Service implements the approved annual audit plan and submits reports on its implementation in accordance with provisions of this Charter.

40. The Service shall provide the Board of Directors and the Audit Committee with the reports as follows:

1) quarterly: no later than the 25th day of the month following the reporting quarter;

2) annually: no later than the 15th day of the second month following the reporting year.

41. Reports on the work of the Service are preliminarily reviewed by the Audit Committee which gives recommendations to the Board of Directors.

42. The audit-related reports compiled by the Service and proving inappropriate actions (inactivity) of employees of the Company and/or the Executive Body are submitted to the Audit Committee and the Board of Directors immediately.

43. The Head of the Service shall ensure that the information submitted to the Board of Directors and the Audit Committee is analyzed in terms of its entirety and accuracy.

44. Audit reports and reports on the activities of the Service are compiled in accordance with requirements of internal regulatory documents governing the organization of internal audit.

45. The Audit Committee and the Board of Directors consider reports on the activities of the Service and make decisions in accordance with the established procedure and the powers of the Audit Committee and the Board of Directors.

46. The Head of the Service shall regularly communicate to the Board of Directors the progress of coordination and supervision by the Executive Body of other control and management functions (risk management, internal control, security, business continuity, external audit, etc.).

47. The Head of the Service timely informs the Audit Committee on any situation related to an event or potential event of a violation of independence and/or

12

objectivity of the internal auditor expressed, inter alia, in the form of a conflict of interest or restriction of the rights and powers of the Service.

11. Interaction with the Executive Body

48. Relations of the Service with the Executive Body are based on the principle of independence since the level of organizational and functional independence of the Service has a direct impact on the objectivity of internal auditors.

49. Based on results of its activities the Service submits an assessment of the quality of adopted managerial decisions implemented by heads of various levels of the Company, to the Executive Body.

50. In cooperation with the Executive Body the Service:1) draws an annual audit plan taking into account proposals of the Executive

Body in respect of audit and consultations;2) submits the annual audit plan approved by the Board of Directors for the

purpose of informing the Executive Body;3) submits an audit report/opinion drawn up based on the results of an audit or

advisory activity, to the Executive Body;4) discusses and submits proposals on improving internal control, risk

management and corporate governance, to the Executive Body.51. The Executive body:1) ensures that an effective internal control environment is in place that

promotes full and unhindered performance of functions, the achievement of the goals and objectives and the maximum usefulness of the Service for the Company;

2) assists the Service in engaging employees of the Company’s structural units or affiliates as independent experts to consult in respect of specific issues;

3) timely reviews reports of the Service, develops and approves action plans to implement the adopted recommendations of the Service and reports on their implementation;

4) ensures that the budget of the Service approved by the Audit Committee/Board of Directors is included in the budget of the Company, in accordance with the established procedure;

5) ensures the use of co-sourcing of any activity in an internal audit upon consent of the Board of Directors, , in accordance with the established procedure;

6) provides administrative (organizational and technical) support to the Service.

52. The Executive Body shall not interfere with the activities of the Service.

12. Assessment

53. The performance of the Service is assessed to ensure compliance of the Service with the Definition of Internal Audit, Standards, the Code of Ethics, and to

13

determine the efficiency and effectiveness of internal audit and to identify areas for improvement.

54. Procedure and requirements for the assessment of the Service, its head and employees are established by the internal regulatory documents of the Service, taking into account the requirements of the Standards, recommendations and established corporate standards of the Fund designed for assessing the effectiveness of the Service, as well as internal regulatory documents of the Company.

55. External (independent assessment) of activities is carried out at least once every 5 years by an independent external expert or in the form of a self-assessment with and independent external confirmation.

14