The fact that the Financial Supervisory Commission of Taiwan frequently imposes administrative requirements and enforcement on Taiwan’s banks, financial holding companies, insurers and so forth, obviously indicates poor corporate governance in these financial institutions. Therefore, after an in-depth examination of the internal control system of financial institutions in Taiwan, its current approach and organizational structure, this thesis aims at outlining an internal corporate governance paradigm that will address the existing problems. Through examining the history of internal controls, I firstly identify three main principles for a well-functioning internal control system in financial institutions, which are internal checks, risk control, and the delegation of authorization and duties. Then, taking the “Three Line of Defense” principle in banks for example, the focus of the present research will shift to the analysis of the three basic objectives of internal controls: effectiveness and efficiency of operations, preparation and disclosure of reporting, and compliance with applicable rules and regulations. Subsequently, based on the findings that compliance should be the core objective of internal controls, I will discuss the concept of legal compliance and risk management and their cross-relationship with the internal control system. In this regard, I propose that governance, risk management, and compliance (“GRC”) should be an essential foundation of a system designing and the “PDCA Cycle” could serve as a feasible methodology for continuous improvement of internal control systems. This thesis also identifies the limitations of the current internal control system as a result of imperfect execution and proposes that financial institutions should adopt a strong organizational structure with specified roles to fully reap the effectiveness of the internal control system. Furthermore, considering the large scale of modern financial institutions and the diversity of business activities conducted, supervisory and operational roles should be segregated. After surveying internal control system and related best practices, I will deliver three key proposals for improvement: first, reinforcing the position of the supervisory and monitory board in the financial institutions, which will impose upon the board of directors the ultimate responsibility of ensuring the establishment and maintenance of an appropriate and effective internal control system, and at the same time improving the function of the independent director system; second, other than managing the businesses’ daily operations, the management should also play a main role in reinforcing good culture in financial services and continually educating personnel regarding policies, procedures, and ethical standards in place; lastly, this thesis submits that since an effective internal control system is essential to good corporate governance, the burden of ensuring that it works effectively should not only rest on the shoulders of the management, but also on all employees.