A service enterprise's internal audit unit shall, based on the results of the risk assessment, prepare an annual audit plan which, except as otherwise required by the competent authority, shall include matters to be audited monthly; the internal audit unit shall scrupulously implement the annual audit plan, so as to assess its internal control system, and prepare audit reports annexed with working papers and relevant materials.
A service enterprise shall include at least the following as audit items in its annual audit plan for each year:
Each annual audit plan of a financial service enterprise as defined in the Financial Consumer Protection Act shall also include management of the protection of financial consumers, in addition to the audit items of the preceding paragraph.
- Matters relating to compliance with applicable laws, regulations, and bylaws.
- The control activities for major financial or business activities, such as for acquiring or disposing of assets, engaging in derivatives transactions, management over making endorsements/guarantees for others, and management of related party transactions.
- Supervision and management over subsidiaries.
- Management of the preparation process of financial statements, including management of application of the International Financial Reporting Standards and procedures for professional accounting judgments and processes for making changes in accounting policies and estimates.
- Inspection of information and communications security.
Each annual audit plan of a service enterprise that is a public company, or that is designated by the competent authority, shall also include management of the procedure for board of directors meetings, in addition to the audit items of the preceding two paragraphs.
Each annual audit plan of a service enterprise whose stock is already listed or traded over-the-counter at securities firms shall also include management of the operations of the remuneration committee, in addition to the audit items of the preceding three paragraphs.
The annual audit plan of a service enterprise that has established an audit committee pursuant to the provisions of the Securities and Exchange Act shall also include the management of audit committee meeting operations.
If a service enterprise is a financial institution as defined in the Money Laundering Control Act, its annual internal audit plan shall include prevention of money laundering, countering of terrorism financing, and management of compliance with applicable laws and regulations.
A service enterprise shall have its annual audit plan, and any amendments thereto, passed by the board of directors.
Where a service enterprise has established the position of independent director, when it submits its annual audit plan for deliberation by the board of directors pursuant to the preceding paragraph, the board of directors shall take into full consideration each independent director's opinion; when an independent director has an objection or reservation, the objection or reservation shall be recorded in the minutes of the meeting of the board of directors.
The audit reports, working papers, and relevant materials under paragraph 1 shall be retained for no less than 5 years.