Within four months after the financial year ends, audit firms perform an assessment of the risk situation to which the institution is exposed, and submit the resulting audit strategy to FINMA electronically using a standard form. Here, the frequency and depth of the audit to be performed are determined by the net risk exposure in the audit fields. The audit firm implements the audit strategy on site at the premises of the supervised institution.
Once an audit firm has completed a regulatory audit of a licence holder, it communicates the findings and recommendations to FINMA in the form of a standardised report. The report contains general information about the conduct of the audit, a declaration of independence on the part of the audit firm, and further information as requested by FINMA. It is submitted electronically using a standard form.