Legislative: |
Announced on 2014.03.06 Effective 2015.01.01 |
Content: |
1.These Directions are set forth in accordance with Paragraph 2, Article 26 of the Implementation Rules of Internal Audit and Internal Control System of Financial Holding Companies and Banking Industries to enhance the role and
functions of the internal audit unit of a financial holding company (referred to as “holding company” hereunder) in supervising the company’s overall audit operations.
2.Assessment items (see the attached for key assessment items and additional score items)
(1) Internal audit organization and system
A. Manpower allocation and professionalism
i.Allocate an appropriate number of competent and full-time internal auditors in view of the company’s investment scale, business condition (the number of subsidiaries and their business volume), management needs, and relevant rules and regulations
ii.A control mechanism is in place for the allocation of audit manpower to avoid affecting the independence and effectiveness of audit.
B. Independence
i.The position of chief auditor is equivalent to the rank of vice president, and internal auditors do not hold any other job that is in conflict with or restrains their audit work.
ii.The approval process for internal audit plan, internal audit report or internal audit related sign-offs does not lack independence.
C.Internal reporting mechanism
The internal audit report has been delivered to the supervisors, independent directors or audit committee for review; the audit business report presented to the board of directors is comprehensive and covers all major deficiencies found in the audit.
A.Audit planning:
i.Audit plan: Communicate periodically with compliance and risk management departments to understand the high-risk businesses of the parent company and subsidiaries, and establish the judgment bases and reference information for internal control weaknesses,
and based on which, draw up an audit plan that covers audit items, units to be audited, number of auditors and days needed and audit frequency.
ii.Pre-audit planning: Analyze before the planned audit the risk characteristics and prior internal control incidents of the units to be audited (including parent company and subsidiaries), and based on which, decide audit focus and method.
B.Scope and depth of internal audit
i.Audit rules: Establish audit manual, sampling standards and categorization of control deficiencies in coordination with the business characteristics of subsidiaries, and include the requirements of competent authority in the internal audit items and implement
the audit vigorously.
ii.The appropriateness of division of audit work between holding company and subsidiary: The audit units of the holding company and subsidiary have properly divided the audit work in terms of targets and focus of audit, and ensure that all subsidiaries have
been effectively audited.
C.The comprehensiveness of internal audit results
i.Audit report: The audit report operating procedure is established to specify the retention of audit trail and standards for determining control deficiency, and requires that audit findings are fully revealed in the internal audit report.
ii.The tasks to be performed in a special audit or instructed audit as required by the competent authority have been completed within the given time period and reported to the competent authority in writing.
iii.Self-inspection: Self-inspection of internal control by respective units and subsidiaries is vigorously supervised and trained.
(3)Internal audit management
A.The supervision of subsidiaries
i.Establish internal audit management and communication mechanism between holding company and subsidiaries or set overall audit objectives and supervise the drafting and execution of audit plan, and the completion of audit objectives by subsidiaries.
ii.Dutifully assess the effectiveness of subsidiary’s internal audit operation, review the audit plan presented by the subsidiary, significant deficiencies found in the audit and improvement actions taken, and supervise the improvement of deficiencies.
B.The follow-up of findings uncovered
i.The internal audit unit follows up and reviews on a continuous basis deficiencies found in internal and external audits and recommendations enumerated in the statement on internal control, and report the follow-up and improvement actions to the board of directors
and submit such a report to the supervisors or the audit committee.
ii.The internal audit unit has included the follow-up and improvement actions taken for deficiencies found in internal and external audits and recommendations enumerated in the statement on internal control as important reference in reward/ discipline decisions
and performance review of respective business units.
C.The reporting mechanism
Suspected fraud or significant contingent events have been swiftly reported to the competent authority in a manner stipulated by law, and detailed information on such an event or subsequent actions taken are also reported to the competent authority in writing
within one week.
(4)Other items
i.Professional opinions or enhanced measures on internal control deficiencies found in significant business activities offered by the internal audit unit are adopted.
ii.The internal audit unit plays an active communication role in the competent authority’s financial examination of the holding company and provides complete data and documents in a timely manner as requested by the competent authority.
(5)Significant and subsequent events
In the event there are major incidents not included in the aforementioned assessment items or occurring after the date of assessment, scores would be deducted in view of the severity of such major incidents.
3.Assessment method and frequency
(1)Assessment will be conducted mainly through onsite inspection and by reviewing the internal audit reports submitted by the holding company through the designated reporting system.
(2)The assessment will be conducted once every two years for holding companies in principle.
(3)An internal audit assessment board is set up by the FSC Financial Examination Bureau to review and adjust the standard and the consistency of scoring the performance of all financial holding companies across assessment items.
4.The handling of assessment results
(1)The competent authority would host an internal audit forum for holding companies to publicize the assessment results.
(2)The competent authority would timely commend holding companies that perform well in the internal audit function assessment or have outstanding performance in internal audit and invite them to share their experience. The competent authority would also urge
holding companies to reward meritorious internal audit unit personnel.
(3)The competent authority will meet with a holding company’s chairman and require the chairman to oversee the remedial actions and evaluate the capability of the holding company’s chief auditor if the holding company performs poorly in the internal audit function
assessment and doesn’t correct fully examination deficiencies uncovered by the competent authority in financial examination.
|