The purpose of the internal audit system is to assist the board of directors(council) and management in checking and assessing whether the internal control system operates effectively, and to provide timely recommendations for improvement so as to ensure the on-going and effective implementation of the internal control system and provide the basis for reviewing and revising internal control system.

Insurance agent companies, insurance broker companies or banks shall plan the organization structure, staffing and functions of internal audit unit and draft internal audit manual.
An internal audit manual shall contain at least the following particulars:
1. Operating process for annual audit plan.
2. Audit and assessment of internal control system to measure the effectiveness and the level of compliance of existing policies and procedures, and the effect on various operating activities.
3. Audit items, time, procedures and methods.
4. Format, handling and preservation of internal audit report.
Insurance agent companies, insurance broker companies or banks shall see to it that all of its internal units carry out self-evaluation and have its internal audit unit review the self- evaluation reports; the self- evaluation reports, together with deficiencies and irregularities found by auditors and improvement actions taken will serve as a basis for the board of directors(council), management, auditors, and compliance officer to evaluate the overall effectiveness of the internal control system and for the issue of a statement on internal controls.

Insurance agent companies, insurance broker companies or banks shall appoint an appropriate number of qualified auditors directly under the board of directors (council) to take charge of the audit operations. Auditors shall not serve concurrently in positions that are in conflict with or will handicap their audit works set out in Article 13 herein and shall report the audit operation to the board of directors (council) and supervisors (board of supervisors) or audit committee at least once every year.
The appointment, dismissal or transfer of auditors of insurance agent companies and insurance broker companies must be passed by the board of directors (council) and reported to the competent authority in a manner designated by the competent authority with confirmation document and record filed and saved.
The appointment, dismissal or transfer of auditors of banks shall be effected in accordance with the Implementation Rules of Internal Audit and Internal Control System of Financial Holding Companies and Banking Industries and reported to the competent authority in a manner designated by the competent authority with confirmation document and record filed and saved.
To put the internal control system into effect, strengthen the professional abilities of the deputy of the auditor and to further improve and maintain the quality of audit and its implementation result, an insurance agent or broker company shall have a deputy in place for auditor.
The provisions in Articles 14 ~ 16 and Article 20 herein shall apply mutatis mutandis to the deputy mentioned in the preceding paragraph.

To ensure that the company maintains proper and effective internal audit system, the duties of auditors in performing the tasks of internal audit shall include at least the following:
1. The audit of business solicitation mentioned in Article 7.
2. The audit of operations mentioned in Subparagraph 1, Paragraph 1 of Article 8.
3. In charge of liaison works when the competent authority performs financial examination and provide related information and assist in the examination works.
4. The audit of financial examination report management.
5. Other matters designated by the competent authority.

The auditors of insurance agent companies, insurance broker companies or banks shall possess one of the following qualifications:
1. Having the qualification of an insurance agent or broker and having actually served as a signatory for at least two years.
2. Having at least five years of experience in supervision works relating to insurance enterprise, an insurance agent company or insurance broker company.
3. Having graduated from a junior college, college, or university and passed a senior civil service examination or an examination equivalent to a senior civil service examination, or the examination of Certified Internal Auditor (CIA), and having at least two years of experience in related business of insurance enterprise, an insurance agent company or insurance broker company or other finance-related businesses.
4. Having at least five years of work experience in related businesses of insurance enterprise, an insurance agent company or insurance broker company.
5. Having at least two years of work experience as an auditor in an accounting firm, or a system analyst in a computer company, or a professional in similar capacity and having received not less than three months of training in insurance business and management in an insurance agent company or insurance broker company; however the number of internal auditor,　auditors with such qualification shall not exceed one half of the company’s total number of internal auditors.
Qualified auditors according to the preceding paragraph shall be free of any record of demerit or more serious offense from employer in the last three years, unless the demerit record was a result of joint and several disciplinary action on account of the violation or offense of a co-worker, and the demerit has been offset by other merits.

The auditors of an insurance agent or insurance broker company shall perform their duties in good faith, and shall be free of the following situations:
1. Act beyond the scope of audit functions or engage in other improper activities, or disclose externally any acquired information, attempt to profit therefrom, or otherwise use the information against the interest of the company.
2. Fail to recuse himself or herself from auditing of cases or businesses within the scope of his or her duties or matters in the past year or in which he or she has personal interests or interest conflicts.
3. Directly or indirectly provide, promise, request, or accept, unreasonable gifts, entertainment, or any other improper benefits in whatever form.
4. Fail to audit items according to the instructions of the competent authority or fail to provide relevant information.
5. Conceal or make false or inappropriate disclosures of any of the company’s business or compliance activities while knowing such activity directly harms the applicant proposer, the insured or the beneficiary.
6. Damage the interests of the company, applicant proposer, the insured or beneficiary due to dereliction of duties.
7. Have other conducts prohibited by laws and regulations or the competent authority

An auditor shall attend the following training:
1. Pre-job training: First-time auditors and auditors of insurance agent companies, insurance broker companies and banks who return to the job after a hiatus of three years or longer shall attend at least 30 hours of audit-related professional courses offered by competent authority-ratified training institutions and pass the tests given by the aforementioned training institutions and receive a course completion certificate therefor before starting the job or within half a year after starting the job.
2. On-the-job training: An internal auditor shall attend at least 12 hours of audit-related professional courses offered by competent authority-ratified training institutions every year, or internal audit courses offered by government agencies, or at least 12 hours of internal audit related courses at an university or higher and receive credits or a course completion certificate therefor.
An internal auditor who has received the certification of Certified Internal Auditor (CIA) may be exempt from the aforementioned training requirements in the year of receiving the certification.
Not less than one half of the training hours that an internal auditor attends as required in the preceding paragraph shall be from insurance agent or broker related professional trainings held by a competent authority-ratified institution.

Auditors shall conduct a routine audit on different management units of the company at least once every year, and a special audit as deemed necessary. However, this requirement does not apply to banks that have been approved to adopt a risk-based internal auditing system by the competent authority in accordance with Implementation Rules of Internal Audit and Internal Control System of Financial Holding Companies and Banking Industries.
Auditors shall include the implementation status of compliance system into the routine audit or special audit of business and management units.

The internal audit report prepared by an auditor for a routine audit shall disclose at least the following information:
1. Scope of audit, summary review of audit, financial and business conditions, regulatory compliance, control and internal management of various businesses, management of customer information confidentiality, training, measures for the protection of consumer interests, and implementation of self-evaluation, and the evaluation of those items.
2. Opinions on material violation, deficiency or fraud that has taken place, and recommendations for punishment of derelict employees.
3. Status of improvement measures taken in response to the examination opinions given or deficiencies identified by the competent authority, independent auditor, internal auditor, or self-evaluation personnel, or matters requiring further improvement efforts as specified in the statement on internal controls.
The internal audit report mentioned in the preceding paragraph and its working papers and related information shall be preserved for at least five (5) years.
Insurance agent companies, insurance broker companies or banks shall, by the end of each fiscal year, deliver its next year's audit plan in writing to the supervisors (board of supervisors) or audit committee for review and make record of the review.
The audit plan mentioned in the preceding paragraph shall contain at least a description of the audit plan, key annual audit items, units to be audited, nature of audit (routine audit or special audit), and frequency of audit and whether the audit plan is in compliance with the requirements of the competent authority. If the audit is a special audit, the scope of audit should also be noted.
Annual audit plan and any revisions thereto must be approved by the board of directors (council).
An auditor shall report matters specified in the second subparagraph of Paragraph 1 hereof to the competent authority after confirming the facts.

Auditors shall continually follow up on any examination opinions or audit deficiencies brought up by the competent authority, independent auditor, or auditors, or self-evaluation, and on matters requiring further improvement as specified in the statement on internal controls, and submit a written report on the status of improvement actions taken to the management, board of directors (council) and supervisors(board of supervisors),or audit committee and include those items as important factors for consideration in determining reward/disciplinary for and performance evaluation of each unit.
Internal audit reports shall be submitted to the supervisors (board of supervisors), or audit committee for review. In addition, a company shall, within five months after the end of each fiscal year, submit a report on the irregularities and deficiencies found in previous year’s internal audits as well as improvement actions taken to the competent authority. However in case a material violation or irregularity is found in an internal audit, the company shall submit the related internal audit report to the competent authority within one month from the end of the audit.

Insurance agent companies, insurance broker companies or banks shall, in a format designated by the competent authority, file with the competent authority information on the name, age, educational background, work experience, years of service, and training of its auditors by the end of January each year.

Insurance agent companies, insurance broker companies or banks shall from time to time check whether there is any violation of Article 15 herein by its auditors, and, upon discovery of any such violation, shall adjust the position of the auditor within one month from the date of discovery.
When filing basic information of auditors under Article 20 herein, insurance agent companies ,insurance broker companies or banks shall check whether or not the auditors have met the requirements set forth in Articles 14 and 16 herein; if not, the auditor shall take remedial actions within two months, failing which, the company shall promptly adjust the auditor’s position.