Article 11
Internal auditing
1.
A CCP shall establish and maintain an internal audit function which is separate and independent from the other functions and activities of the CCP and which has the following tasks:
(a)
to establish, implement and maintain an audit plan to examine and evaluate the adequacy and effectiveness of the CCP’s systems, internal control mechanisms and governance arrangements;
(b)
to issue recommendations based on the result of work carried out in accordance with point (a);
(c)
to verify compliance with those recommendations;
(d)
to report internal audit matters to the board.
2.
The internal audit function shall have the necessary authority, resources, expertise, and access to all relevant documents for the performance of its functions. It shall be sufficiently independent from the management and shall report directly to the board.
3.
Internal audit shall assess the effectiveness of the CCP’s risk management processes and control mechanisms in a manner that is proportionate to the risks faced by the different business lines and independent of the business areas assessed. The internal audit function shall have the necessary access to information in order to review all of the CCP’s activities and operations, processes and systems, including outsourced activities.
4.
Internal audit assessments shall be based on a comprehensive audit plan that shall be reviewed and reported to the competent authority at least on an annual basis. The CCP shall ensure that special audits may be performed on an event-driven basis at short notice. Audit planning and review shall be approved by the board.
5.
A CCP’s clearing operations, risk management processes, internal control mechanisms and accounts shall be subject to independent audit. Independent audits shall be performed, at a least, on an annual basis.