Insurance companies are legally obliged to establish an effective internal control system (ICS) for their entire business that covers all their business operations (see Art. 27 ISA). The ICS covers a company’s internally prescribed processes, methods and measures designed to secure adequate management control, leading to effective business processes, reliable financial reporting and compliance with laws and regulations.
FINMA commissions audit firms to periodically review compliance with the supervisory requirements relating to the ICS. The audit points formulated by FINMA cover the organisation and control mechanisms at entity-level (entity-level controls), data handling and the IT organisation including the ICS structure and processes.
FINMA evaluates and, where necessary, follows up the audit results through a systematic process.