Prudential Regulation Authority Rulebook

2.1

This Chapter only applies to a small non-directive insurer.

2.2

A firm must take reasonable care to establish and maintain such systems and controls as are appropriate to its business.

2.3

A firm must take reasonable steps to establish and maintain adequate internal controls.

2.4

A firm must have in place an effective risk-management system.

2.5

A firm’s risk-management system must ensure that the firm’s governing body is furnished with the information it needs to contribute to identifying, measuring, managing and controlling risks which relate to the safety and soundness of firms.

2.6

A firm must establish and maintain appropriate systems and controls for managing operational risk that can arise from inadequacies or failures in its processes and systems (and, as appropriate, the systems and processes of third party suppliers, agents and others).

2.7

A firm must establish and maintain appropriate systems and controls for the management of its IT system risks.

2.8

A firm must establish and maintain appropriate systems and controls for the management of the risks involved in expected changes.

2.9

A firm must provide for an effective internal audit function.

2.10

The internal audit function must monitor the appropriateness and effectiveness of the firm’s systems and controls.

2.11

The internal audit function must provide independent assurance to the firm’s governing body, audit committee or an appropriate senior manager of the integrity and effectiveness of the firm’s systems and controls.