Section I Internal Audits |
| Article 11 | A service enterprise shall carry out internal audits to assist the board of directors and management in inspecting and reviewing deficiencies in the internal control system as well as measuring effectiveness and efficiency of operations, and shall make timely recommendations for improvements to ensure the sustained operating effectiveness of the system and to provide a basis for review and correction.
|
Info |
| Article 12 | A service enterprise shall establish an internal audit unit in a direct reporting line to the board of directors and, except as otherwise provided by the competent authority, shall appoint, according to its business size, business condition, management needs, and the provisions of other applicable laws and regulations, qualified persons in an appropriate number as full-time internal auditors and have deputies in place for the internal auditors; the deputies are required to carry out audit work in accordance with these Regulations.
A service enterprise shall establish a chief internal auditor to oversee audit affairs, and who shall possess leadership ability and the ability to effectively oversee audit work. Any appointment or dismissal of the chief internal auditor shall be passed by the board of directors; where it has established the position of independent director, if an independent director has an objection or reservation, the objection or reservation shall be recorded in the minutes of the meeting of the board of directors.
Where a service enterprise has established an audit committee in accordance with the Securities and Exchange Act, any appointment or dismissal of the chief internal auditor shall be subject to the consent of one-half or more of the entire membership of the audit committee and be submitted to the board of directors for a resolution, in which case the provisions of paragraphs 4 and 5 of Article 5 shall apply mutatis mutandis.
Except as otherwise required by provisions governing securities or futures enterprises, a service enterprise shall report any appointment or dismissal of the chief internal auditor, specifying the reason for such a change of position and providing a copy of the minutes of the board of directors meeting, to the competent authority for recordation within 5 days from the date of passage by the board of directors.
The appointment, dismissal, promotion, reward/discipline, rotation, and performance review of any personnel in the internal audit unit shall become effective after being reported by the chief auditor to the board of directors and ratified by the board. However, if a matter involves personnel of other management or business units, the chief auditor shall first request the personnel department to refer the matter to the general manager for consent, and it shall then be reported to the chairperson for ratification.
The requirements for the qualified full-time internal auditors referred to in paragraph 1 shall be as prescribed separately by the competent authority.
|
Info |
| Article 13 | A service enterprise shall include at least the following items in its implementation rules for internal audits:
- Purpose, functions, and responsibilities of the internal audit unit.
- Assessment of the system of internal controls to measure the effectiveness of, and compliance with, the established policies and procedures, and their effects on operational activities.
- A detailed listing of audit items, times, procedures, and methods.
|
|
| Article 14 | A service enterprise's internal audit unit shall, based on the results of the risk assessment, prepare an annual audit plan which, except as otherwise required by the competent authority, shall include matters to be audited monthly; the internal audit unit shall scrupulously implement the annual audit plan, so as to assess its internal control system, and prepare audit reports annexed with working papers and relevant materials.
A service enterprise shall include at least the following as audit items in its annual audit plan for each year:
- Matters relating to compliance with applicable laws, regulations, and bylaws.
- The control activities for major financial or business activities, such as for acquiring or disposing of assets, engaging in derivatives transactions, management over making endorsements/guarantees for others, and management of related party transactions.
- Supervision and management over subsidiaries.
- Management of the preparation process of financial statements, including management of application of the International Financial Reporting Standards and procedures for professional accounting judgments and processes for making changes in accounting policies and estimates.
- Inspection of information and communications security.
Each annual audit plan of a financial service enterprise as defined in the Financial Consumer Protection Act shall also include management of the protection of financial consumers, in addition to the audit items of the preceding paragraph.
Each annual audit plan of a service enterprise that is a public company, or that is designated by the competent authority, shall also include management of the procedure for board of directors meetings, in addition to the audit items of the preceding two paragraphs.
Each annual audit plan of a service enterprise whose stock is already listed or traded over-the-counter at securities firms shall also include management of the operations of the remuneration committee, in addition to the audit items of the preceding three paragraphs.
The annual audit plan of a service enterprise that has established an audit committee pursuant to the provisions of the Securities and Exchange Act shall also include the management of audit committee meeting operations.
If a service enterprise is a financial institution as defined in the Money Laundering Control Act, its annual internal audit plan shall include prevention of money laundering, countering of terrorism financing, and management of compliance with applicable laws and regulations.
A service enterprise shall have its annual audit plan, and any amendments thereto, passed by the board of directors.
Where a service enterprise has established the position of independent director, when it submits its annual audit plan for deliberation by the board of directors pursuant to the preceding paragraph, the board of directors shall take into full consideration each independent director's opinion; when an independent director has an objection or reservation, the objection or reservation shall be recorded in the minutes of the meeting of the board of directors.
The audit reports, working papers, and relevant materials under paragraph 1 shall be retained for no less than 5 years.
|
Info |
| Article 15 | The internal auditors of a service enterprise shall communicate fully with the audited unit about the audit results of the items audited in the annual audit, and shall factually disclose in audit reports any deficiencies and irregularities of the internal control system identified in assessments and, after having presented the reports, shall follow up on the matters and prepare follow-up reports at least on a quarterly basis to be reported to the board of directors until correction is made, to ensure that the relevant departments have taken appropriate corrective actions in a timely manner.
The service enterprise shall include any identified deficiencies and irregularities of the internal control system and the correction thereof, as referred to in the preceding paragraph, as major items of performance evaluation for each department.
The correction of deficiencies and irregularities of internal control system referred to in paragraph 1 shall include all deficiencies identified by the competent authority or a self-regulatory organization in the course of examination, those identified in the course of internal audit operations, those listed in the Statement on Internal Control, and those identified in the course of self-assessment or by CPAs in special audits.
|
|
| Article 16 | After having presented the audit and follow-up reports, a service enterprise shall submit the same for review by each and all supervisors by the end of the month next following the completion of the audit items.
A service enterprise's internal auditors identifying any material event such as a material violation or any likelihood of material loss to the enterprise shall promptly prepare and present a report and notify each and all supervisors. If any of the recommendations regarding any of the aforementioned deficiencies is not accepted by management, resulting in material loss by the service enterprise, the internal auditors shall also prepare and present a report and notify each and all supervisors as well as report to the competent authority.
Where a service enterprise has established the position of independent director, when an action is taken under the two preceding paragraphs, a copy of the submission or notice shall be provided simultaneously to the independent director(s).
After an examination of a service enterprise by its competent authority or an examination on a foreign branch (or subsidiary) by its local competent authority is completed, or after an examination report is received, the internal audit unit of its head office (or parent company) shall, in accordance with the principle of materiality, immediately report to the directors and supervisors, and report to the soonest board meeting. The report shall include the content of any examination communication meetings, any major deficiencies revealed by the examination, any rating downgrade by the competent authority, and any improvement plans demanded by the competent authority with respect to material deficiencies or possible disciplinary measures to be taken.
|
|
| Article 17 | The internal auditors of a service enterprise shall be detached, independent, objective, and impartial, in scrupulously performing their duties, and fulfill the duty of professional care, and report their audit operations to each and all supervisors on a regular basis; in addition, the chief internal auditor shall attend a board of directors meeting to present a report.
The internal auditors shall perform their duties in good faith and shall not do any of the following:
- Conceal or make false or inappropriate disclosures of any of the enterprise's business activities, reporting, or compliance with applicable laws, regulations, and bylaws that they know has caused direct damage to a beneficiary, a customer, or an interested party.
- Cause damage to the right or interest of the enterprise or any beneficiary, customer or interested party through neglect of duty.
- Act beyond the scope of audit functions or engage in other improper activity, or with the intent to gain illegal benefit for him/herself or a third party, violate the auditor’s duties or embezzle company assets.
- Conduct an audit on a department where he/she worked within the past 1 year, provided that this rule does not apply where the competent authority provides otherwise.
- Fail to recluse himself/herself from auditing of cases in which he or she has a personal interest or has a conflict of interest.
- Fail to audit the matters instructed by competent authorities or provide relevant information.
- Provide, promise, request, or accept, directly or indirectly, unreasonable gifts, entertainment, or any other improper benefits in whatever form.
- Any other activity in violation of any law or regulation or otherwise prohibited by the competent authority.
|
|
| Article 18 | The internal auditors of a service enterprise shall pursue continuing training as well as attend internal audit training held by institutions designated by the competent authority, so as to improve their auditing quality and competence.
The internal audit training referred to in the preceding paragraph shall include various professional courses, computerized auditing, and basic legal knowledge.
The number of hours required for the continuing training under paragraph 1 shall be as prescribed separately by the competent authority.
|
Info |
| Article 19 | Except as otherwise required by provisions governing securities firms or futures enterprises, a service enterprise shall report to the competent authority, or an institution designated by the competent authority for recordation the names, ages, educational background, work experience, years of service, and professional training of its internal auditors by the end of January each year in the format and manner required by the competent authority.
|
|
| Article 20 | Securities firms, futures enterprises, securities investment trust enterprises, and securities investment consulting enterprises, shall submit for recordation their annual audit plan, an account of the execution thereof, and a description of the correction of any irregularities identified, respectively to the securities exchange, over-the-counter securities market, central securities depository, futures exchange, securities dealers association, futures industry association, or the Securities Investment Trust and Consulting Association of the R.O.C., in the format and manner and at the time required respectively by each such institution.
Securities finance enterprises, credit rating agencies, and other service enterprises in the securities or futures market designated by the competent authority shall submit their next year's annual audit plan by the end of each fiscal year, and a report on the implementation of their previous year's annual audit plan within 2 months from the end of each fiscal year, to the competent authority for recordation in the format and manner required by the competent authority. They shall also submit to the competent authority for recordation their corrections of any irregularities identified in the previous year's internal auditing within 5 months from the end of each fiscal year.
Securities exchanges, over-the-counter securities markets, central securities depositories, and futures exchanges shall submit to the competent authority for recordation their next year's annual audit plan by the end of each fiscal year, and a report on the implementation of internal audits, any irregularities discovered, and the corrections made, during the previous quarter within 2 months from the end of each quarter.
|
|