SYSC 6.2 Internal audit
A common platform firm and a management company5 must, where appropriate and proportionate in view of the nature, scale and complexity of its business and the nature and range of its financial services and activities,5 undertaken in the course of that business, establish and maintain an internal audit function which is separate and independent from the other functions and activities of the firm and which has the following responsibilities:
5- (1)
to establish, implement and maintain an audit plan to examine and evaluate the adequacy and effectiveness of the firm's systems, internal control mechanisms and arrangements;
- (2)
to issue recommendations based on the result of work carried out in accordance with (1);
- (3)
to verify compliance with those recommendations;
- (4)
to report in relation to internal audit matters in accordance with SYSC 4.3.2 R.
[Note:
article 8 of the MiFID implementing Directive and article 11 of the UCITS implementing Directive]5
2Other firms should take account of the internal audit rule (SYSC 6.2.1 R) as if it were guidance (and as if should appeared in that rule instead of must) as explained in SYSC 1 Annex 1.3.3 G3.
1The term 'internal audit function' in SYSC 6.2.1 R (and SYSC 4.1.11 G) refers to the generally understood concept of internal audit within a firm, that is, the function of assessing adherence to and the effectiveness of internal systems and controls, procedures and policies.The internal audit function is not a controlled function itself, but is part of the systems and controls function (CF28).4
2