投資人關係

Organization and Operation of Internal Audit

Organization and Operation of Internal Audit
Item Review Download
Organization of the Group Audit Division
Review Download
The Group-wide Audit Structure
Review Download
Audit focus for the financial group
  • Capital adequacy
    • Consolidated capital adequacy ratio

    • Capital adequacy ratios for subsidiaries


  • Financial statements
    • Confirmation for consolidated financial statements (balance sheets and income statements) of Holding

    • Analysis for financial structure and profitability


  • Asset quality
    • Report on non-performing assets

    • Evaluation and classification of asset quality

    • Provision adequacy


  • Large exposures
    • Large exposures management and its adequacy

    • Management and controls over large exposures


  • Transactions with stakeholders and firewalls
    • Profiles and controls over Interested parties transactions

    • Firewall mechanism

    • Guidelines for employees of subsidiary companies

    • Guidelines for shared premises and equipment

    • Joint marketing

    • Information sharing across subsidiaries and protection of customers' interests


  • Internal management
    • Establishment of compliance system and its practice

    • Audit practices within subsidiaries

    • The integrated information platform and security control over key information

    • Management and tracking for major issues and deficiencies


Functioning of the internal audit system
  • Targets for Audit
    • Audits on the financial holding company

      General audit shall be conducted at least once a year while thematic audit shall be at least conducted every six months. A thematic audit shall only be waived If a general audit conducted covers the audit items and scope of a thematic audit with no material defects found.

    • Special audits on subsidiaries

      Scope: at least financial, risk management, compliance aspects and other key issues
      Frequency: at least once every six months

    • Ad-hoc and reinforcement audits

      These audits are carried out to for specific business activities, issues and instructions of the competent authority
      (Note: Aforementioned audit tasks shall be conducted by auditors)


  • Audit responsibilities
    • Verification and approval of business and operation guidelines

      Revision and amendment for guidelines/rules of business and operation, compromising business nature and its content, involve parties from Compliance, Internal Audit and Risk Management. The key points that IA assesses are whether the process/procedure is robust, the control mechanism is reasonable and effective. In addition, the Audit Division will also observe how the current procedures are being carried out, in order to identify any lack of control or excessive processes that compromise the overall efficiency. Any exceptional (or abnormal) transactions that are spotted and being treated market practices among peers, the Audit Division would also engage other relevant departments and explore ways of rectification for such practices.

    • Management over subsidiaries

      The Audit Division reviews documents submitted by subsidiaries, such as board meeting minutes, independent audit reports, financial inspection reports, audit plans from subsidiaries that deployed with internal audit unit, and findings raised from previous internal audit reports and therefore supervises subsidiary companies taking remedial actions.

    • Supervision of self-assessment for internal control system

      IA will monitor the establishment and implementation of self-assessment process/procedure and override self-assessment reports for departments/subsidiaries.

    • Performance appraisal of subsidiaries' internal audits

      All internal audit units of each subsidiary shall be evaluated by Audit Division based on how their audit tasks, self-assessment are implemented and supervised, supported by the result of the Audit Division's field audits. Besides, a satisfactory survey shall be conducted among business units of each subsidiary company in addition to aforementioned evaluation as the consolidated performance appraisal for the audit unit of a subsidiary, to be sent to the Board of the parent company and that of subsidiary as an aid for personnel performance appraisal.

    • Coordination of inspections by financial supervisory authorities

      The Audit Division is responsible for contacting and coordinating various departments within the company during inspections by the financial supervisory authority.

    • Tracking and management of discrepancies

      Audit Division will supervise and track down improvement or remedial actions, either by mean of written report or conducting a field check, for any areas of improvement or any opinions made or weaknesses spotted by competent authorities, such as Financial Supervisory Commission, internal auditor or self-assessment and therefore report to competent authorities.

    • Reporting and notification

      The Audit Division reports the audit status to the Board and audit committee at least on a quarterly basis. It is required by the competent authority to report or publicize the following information:
      - The information on the name and years of service of its internal auditors
      - The company's audit plan and the status of its execution
      - Audit findings regarding weaknesses in the internal control system and progress of subsequent improvements
      - Summary of internal audits and special audits

    • Providing consultation services for any units/departments

      The Audit Division will respond with proper solutions or suggestions to any queries raised by any department or subsidiary of the company regarding internal control or validity of their practices.


We are sorry, your browser does not support.

Please upgrade to the latest version of Internet Explorer, Google Chrome, Mozilla Firefox, or Apple Safari.