GEN 3.3.13

(1) An Authorised Person must establish and maintain an internal audit function with responsibility for monitoring the appropriateness and effectiveness of its systems and controls.
(2) The internal audit function must be independent from operational and business functions.