[ Main contents start here ]

Internal Audit

Role of Internal Audit

Internal Audit evaluates and improves the effectiveness of governance, risk management and control processes with high proficiency and independence, thereby contributing to enhancement of MUFG Group's value and to achievement of ”MUFG Way”.
“MUFG Group” means Mitsubishi UFJ Financial Group, Inc. and its subsidiaries.

What is Internal Audit?

Every business organization faces various risk elements. For example, clerical errors could occur in paper work and there could be cyberattacks when using a network environment. Internal Audit assesses the consequences of risks surrounding the company and evaluates whether each division is taking appropriate actions in accordance with the risk level.
Furthermore, risks would include not only mistakes and accidents but also apply to situations where the company could not achieve the goals and objectives as originally set.


Major procedures of an internal audit are as follows;

Internal audit mainly consists of this cycle;
  • Develop an annual audit plan to select audits to be conducted in a fiscal year
  • Examine audited divisions through inquiry, observation, inspection, and re-performance, for example, inspecting submitted documents and performing interviews
  • Report internal audit results to senior management and announce them to audited divisions
  • Follow up on whether audited divisions are addressing issues timely
1. Planning of internal audit
Assess every risk surrounding MUFG Group, develop an internal audit plan focused on high-risk areas and assign auditors to each internal audit.
2. Examination
Review evidence based on the internal audit plan in order to achieve internal audit objectives. Collect audit evidence and then analyze and evaluate etc. the collected evidence, inspecting submitted documents and performing interviews.
3. Communication of internal audit results
Communicate (feed-back) results of preliminary and actual examination to audited divisions and if recommendations are issued, provide concrete instruction whether they should respond and deadline etc.
Furthermore, report such results to appropriate bodies.
4. Follow-up
Check issue implementation status of audited divisions and report the progress to appropriate bodies.

Internal Audit covers all parts of MUFG Group's business activities, discussing and evaluating management / operation framework and business implementation in the scope of legality, rationality and efficiency, beyond checking compliance with defined procedures and legal regulations.
In addition, Internal Audit provides instructions and recommendations for operational improvement of audited divisions and reports these to senior management, thereby contributing to safeguarding and development of the assets of MUFG Group.

Three Lines of Defense Framework

The risk management shall be conducted by various divisions inside a company, such as divisions in charge of each risk category, a compliance division, and an internal audit division, etc.
Among others, financial institutions have had a keen awareness of the problem behind the risk management structure that mainly depends on divisions in charge of each risk category, reflecting on lessons learned from past financial crises, and reviewed roles and responsibilities of each division in the risk management.
Reflecting this background, the concept of “Three Lines of Defense” was invented and roles and responsibilities of each division in the risk management were defined, classifying divisions within an organization into “the 1st Line of Defense”, “the 2nd Line of Defense” and “the 3rd Line of Defense”.
  • The 1st Line of Defense (the business division, client-facing divisions) undertakes risks within the extent of risk exposure assigned and is responsible and accountable for identifying, evaluating and controlling business risks.
  • The 2nd Line of Defense (the risk management division, compliance division etc.) ensures that risks are identified and managed by the 1st Line of Defense.
  • The 3rd Line of Defense (the internal audit division) independently evaluates the efficiency of governance, risk management, and control processes implemented by the 1st and 2nd Lines of Defense.
Internal Audit plays an essential part of risk management through ongoing communication with the 1st and 2nd Lines of Defense, while maintaining independence.

Group Internal Audit Framework

MUFG Group has internal audit functions at the holding company level as well as subsidiaries ensuring proficiency and independence through effective collaboration.
Internal audit division in the holding company receives reports from main directly-owned subsidiaries on the performance and results of internal audits and status of other business and provides instruction and evaluation as needed.

Reports to the Internal Audit Committee

The holding company has an audit committee within its board of directors and each of the major subsidiaries has an Audit & Supervisory Committee or  committee similar to it.


Within each of the holding company and the major subsidiaries, Internal Audit reports to the committee on important matters including governing principles in the internal audit plan, the progress status and results of the internal audits.

Internal Audit Framework

MUFG Internal Audit Activity Charter

MUFG has developed and published the MUFG Internal Audit Activity Charter to define the mission and purpose, responsibility, and organizational position of internal audits.