Home FCA Handbook SYSC SYSC 6 SYSC 6.2 Internal audit
You are viewing SYSC 6.2 Internal audit as of . SYSC 6.2 Internal audit was last updated on 23/10/2025.

SYSC 6.2 Internal audit

23/10/2025R

A firm that is a common platform firm or a management company or an operator of an electronic system in relation to lending management company must, where appropriate and proportionate in view of the nature, scale and complexity of its business and the nature and range of its financial services and activities or (if it is a common platform firm) its designated investment businessundertaken in the course of that business, establish and maintain an internal audit function which is separate and independent from the other functions and activities of the firm and which has the following responsibilities:

  1. (1)

     to establish, implement and maintain an audit plan to examine and evaluate the adequacy and effectiveness of the firm's systems, internal control mechanisms and arrangements;

  2. (2)

     to issue recommendations based on the result of work carried out in accordance with (1);

  3. (3)

     to verify compliance with those recommendations;

  4. (4)

     to report in relation to internal audit matters in accordance with SYSC 4.3.2 R or (if it is a common platform firmSYSC 6.1.3-AR and SYSC 6.1.3-BR.

[Note: article 11 of the UCITS implementing Directive]

03/01/2018G

Other firms should take account of the internal audit rule (SYSC 6.2.1 R) as if it were guidance (and as if should appeared in that rule instead of must) as explained in SYSC 1 Annex 1 3.3 R(1).

23/10/2025G

  1. (1)

     This guidance is relevant to an SMCR firm required to establish and maintain an internal audit function under SYSC 6.2.1R.

  2. (2)

     Taking account of the nature, scale and complexity of its activities, the firm should have appropriate procedures to ensure that the removal or any other disciplinary sanctioning of the head of the internal audit function does not undermine the independence of the internal audit function.

  3. (3)

     In the FCA's view, it will be appropriate, in many cases, for the removal or any other disciplinary sanctioning of the head of the internal audit function to require the approval of a majority of the management body, including at least a majority of its members who do not perform any executive function in the firm.

23/10/2025G

  1. (1)

     The term 'internal audit function' in SYSC 6.2.1R (and SYSC 4.1.11G), and for a common platform firm in SYSC 6.2.1R, refers to the generally understood concept of internal audit within a firm, that is, the function of assessing adherence to and the effectiveness of internal systems and controls, procedures and policies.

  2. (2)

     [deleted]

  3. (3)

     For an SMCR firm that is a PRA-authorised person,the internal audit function is a PRA controlled function (SMF5). For an enhanced scope SMCR firm it is an FCA controlled function (SMF5).