CTRL 1.2.4 What is a firm’s internal controls and assurance framework?

(1) An authorised firm’s governing body must establish an internal controls and assurance framework made up of the firm’s internal control and assurance functions.
Note In relation to an authorised firm’s internal controls and assurance framework, see Chapter 6.
(2) The following controlled functions are the internal control and assurance functions:
(a) the risk management function (see rule 1.2.12);
(b) the compliance oversight function (see rule 1.2.13);
(c) the internal audit function (see rule 1.2.14);
(d) the actuarial function (see rule 1.2.15).
(3) The internal controls and assurance framework must provide reasonable assurance on the effectiveness and efficiency of the firm’s operations, the reliability of its financial reporting and the extent of its compliance with applicable laws and regulations.
Derived from QFCRA RM/2020-4 (as from 1st July 2021)