Audit firms carry out annual audits on a risk-oriented basis.
Within six months after a licence holder’s financial year ends, audit firms assess the risk situation to which it is exposed, and submit this assessment to FINMA using a standardised/predefined form. The risk analysis covers all audit fields with a view to determining net risk from a combination of the different risk factors and in accordance with the business activities.
A standard audit strategy is generally applied for supervised institutions in FINMA Supervisory Category 5. Here, the frequency and depth of the audit to be performed are determined by the net risk exposure in the respective audit fields. For supervised institutions in FINMA Supervisory Category 4, FINMA can exercise greater influence on the audit fields to be assessed by defining the audit strategy individually in a dialogue with the audit firm.
Once an audit firm has completed a regulatory audit of a licence holder, it communicates the findings and recommendations to FINMA in the form of a standardised report. The report also contains general information about the conduct of the audit, a declaration of independence on the part of the audit firm, and further information about the business activities and organisation of the audited institution.
In exceptional circumstances, FINMA can appoint an audit mandatary. Potential candidates for this role are approved audit firms and independent third parties with relevant experience and specialist knowledge.
Submission of Auditing Circular