In general, internal control is understood as a process for the board of directors and management to achieve three objectives: effectiveness and efficiency of management, reliability of financial reporting, and compliance with laws. However, despite the fact that financial companies have internal control systems under the Act on the Corporate Governance of Financial Companies, financial accidents, large and small, frequently occur, pointing out the problem of unclear responsibility and lack of effectiveness of the internal control system. Given that the concept of internal control in the COSO report has been developing into an enterprise risk management system as it expands to risk management, I think it is necessary to introduce the concept of "enterprise internal control system" in line with the Act on the Corporate Governance of Financial Companies. In addition, it should be considered that the board of directors of a financial company is responsible for determining the basic policy on the establishment and maintenance of an enterprise internal control system, as well as the provision that the CEO of a financial company is responsible for implementing the basic policy on the establishment and maintenance of an enterprise internal control system. As an additional legislative task to enhance the internal control system under the Act on the Corporate Governance of Financial Companies, first, it is necessary to introduce the responsibilities map to augment the operation and effectiveness of internal control like the Senior Managers and Certification Regime of UK. Second, to ensure legal and institutional consistency of the internal control system, it is necessary to introduce compliance officers under the Commercial Act to the Act on the Corporate Governance of Financial Companies. Third,I think it would be desirable to introduce a whistleblower system through the revision of Act on the Corporate Governance of Financial Companies, given that many of the internal control violations are violations of compliance.