Role of Internal Audit
Internal audit functions within MUFG seek to verify the adequacy and effectiveness of internal control systems from a standpoint independent of the operating functions. This includes monitoring the status of risk management and compliance systems, which are critical to the maintenance of sound and appropriate business operations. Internal audit results are reported to senior management. An additional role of internal audit is to make suggestions to help improve or rectify any issues or specific problems that are identified.
Group Internal Audit Framework
The holding company has instituted MUFG’s internal audit policy to define the policy, function, and organizational position of internal audits. Separate internal audit divisions have been created within the holding company and certain subsidiaries. Through close cooperation and collaboration among the internal audit divisions of the holding company and these subsidiaries, these internal audit divisions provide coverage for the Group and also support the board of directors in monitoring and overseeing all MUFG operations.
In addition to having primary responsibility for initiating and preparing plans and proposals related to internal audits of the Group, the internal audit division at the holding company monitors and, as necessary, guides, advises, and administers the internal audit divisions of subsidiaries and affiliated companies.
The internal audit divisions within the major subsidiaries conduct audits of the respective head office and branch operations of these companies. In addition, each of these internal audit divisions undertakes direct audits of their respective subsidiaries, and monitors and oversees the separate internal audit functions established within them. This helps to evaluate and verify the adequacy and effectiveness of internal controls within MUFG on a consolidated basis.
Implementing Effective and Efficient Internal Audits
To ensure that internal audit processes use available resources with optimal effectiveness and efficiency, the internal audit divisions implement risk-focused internal audits in which the nature and magnitude of the associated risks are considered in determining audit priorities and the frequency and depth of internal audit activities. The internal audit divisions ensure that audit personnel attend key meetings, collect important internal control documents and access databases to facilitate efficient off-site monitoring.
Reports to the Internal Audit Committee
The holding company has an audit committee within its board of directors as required by the Companies Act of Japan, and each of the major subsidiaries has an Audit & Supervisory Committee or a voluntarily established internal audit and compliance committee.
Within each of the holding company and the major subsidiaries, the internal division reports to the committee on important matters including the results of the internal audits and basic policies for planning internal audits.
FOCUS: Enhancing the Quality of Internal Audits
Affected by the introduction of international financial regulations and the emergence of new risk factors, the operating environment surrounding MUFG is rapidly changing. With this in mind, a variety of initiatives are being carried out by the internal audit divisions within the Group to constantly upgrade their auditing structure. For example, we hold periodic training sessions for internal audit division members under such themes as the latest cyber security countermeasures and financial regulation trends, with external specialists serving as lecturers. We also encourage employees to acquire such international certificates as Certified Internal Auditor (CIA) and Certified Information Systems Auditor (CISA), with the aim of enhancing the specialist skills of members of these divisions and accumulating relevant expertise.