Auditing of institutions under CISA

FINMA uses regulatory auditors to extend its reach when supervising licence holders in accordance with the Collective Investment Schemes Act (CISA).

Audit firms carry out annual audits on a risk-oriented basis.

Risk analysis and audit strategy

Within six months after a licence holder’s financial year ends, audit firms assess the risk situation to which it is exposed, and submit this assessment to FINMA using a standardised/predefined form. The risk analysis covers all audit fields with a view to determining net risk from a combination of the different risk factors and in accordance with the business activities.

A standard audit strategy is generally applied for supervised institutions in FINMA Supervisory Category 5. Here, the frequency and depth of the audit to be performed are determined by the net risk exposure in the respective audit fields. For supervised institutions in FINMA Supervisory Category 4, FINMA can exercise greater influence on the audit fields to be assessed by defining the audit strategy individually in a dialogue with the audit firm.


Once an audit firm has completed a regulatory audit of a licence holder, it communicates the findings and recommendations to FINMA in the form of a standardised report. The report also contains general information about the conduct of the audit, a declaration of independence on the part of the audit firm, and further information about the business activities and organisation of the audited institution.

Audit mandataries

In exceptional circumstances, FINMA can appoint an audit mandatary. Potential candidates for this role are approved audit firms and independent third parties with relevant experience and specialist knowledge.


Annexes to Auditing Circular

Anhang 15: Risikoanalyse KAG

Updated: 13.07.2018 Size: 0,08  MB
  • Language(s):
  • DE
  • FR
Add to personal download list

Guidelines for Auditing Circular

Audit points

Submission of Auditing Circular

Audits for institutions seeking authorisation

Change of audit firm