Internal audit should be allowed to apply a risk based approach when doing the annual audit; this leaves the internal audit function with the possibility to either perform a more in-depth review in case of major changes of the model, or to perform a high-level review or applying a focus on a specific area of the entire modelling process. The reporting requirements in either case remain unchanged and in line with the RTF.
The implementation of the criteria 'proportionate' is deemed unnecessary.
It leaves both, the internal audit function and the competent authorities with the need to define and evaluate 'proportionate' which is not possible to define ultimately. Interpretations which may vary should be avoided.
Furthermore, the other adjectives 'adequate' and 'effective' are considered as comprehensive to also describe the quantitative and qualitative requirements of the internal audit function