Member States shall require investment firms, where appropriate
and proportionate in view of the nature, scale and complexity of
their business and the nature and range of investment services
and activities undertaken in the course of that business, to
establish and maintain an internal audit function which is
separate and independent from the other functions and activities
of the investment firm and which has the following responsibilities:
(a) to establish, implement and maintain an audit plan to
examine and evaluate the adequacy and effectiveness of the
investment firm's systems, internal control mechanisms
and arrangements;
(b) to issue recommendations based on the result of work
carried out in accordance with point (a);
(c) to verify compliance with those recommendations;
(d) to report in relation to internal audit matters in accordance
with Article 9(2).