Entity-level controls and internal control system

Entity-level controls and the internal control system (ICS) are key elements in the proper functioning of corporate governance.

Insurance companies are legally obliged to establish an effective internal control system (ICS) for their entire business that covers all their business operations (see Art. 27 ISA). The ICS covers a company’s internally prescribed processes, methods and measures designed to secure adequate management control, leading to effective business processes, reliable financial reporting and compliance with laws and regulations.

FINMA commissions audit firms to periodically review compliance with the supervisory requirements relating to the ICS. The audit points formulated by FINMA cover the organisation and control mechanisms at entity-level (entity-level controls), data handling and the IT organisation including the ICS structure and processes.


FINMA evaluates and, where necessary, follows up the audit results through a systematic process.

2017/02 FINMA Circular "Corporate governance – insurers" (07.12.2016)

Corporate governance, risk management and internal control system at insurers

Updated: 07.12.2016 Size: 0,38  MB
Add to personal download list