103
PART III: FINANCIAL HIGHLIGHTS AND RISK MANAGEMENT
INTERNAL AUDIT OPERATIONS
The Board of Auditors performs audit activities in
order to discover whether or not the operations
of the Bank’s Head Office departments,
domestic and overseas branches, consolidated
subsidiaries, information technology (IT)
departments are conducted in line with the
Banking Law and other legal regulations,
together with the internal legislation, strategies,
policies, principles and targets of the Bank;
regarding the accuracy of the fiscal data, the
competency of the implementations for the
protection of the assets, the effectiveness of the
internal controls and risk management systems;
within the framework of the relevant legislation,
at the firms which the Bank gets support
services from. In addition, inspection and
investigation are performed on the fraudulent
and non-complying (with the legislation)
transactions of the staff members and on the
fraud, scam or forgery made by third parties
against the Bank.
The Audit Board conducts audit activities
(on-site, centralized, information systems and
process audits) with a risk-based auditing
approach.
On-site auditing is made at the departments,
branches, consolidated subsidiaries and at the
firms which the Bank gets support services
from, in line with the Bank’s targets and
strategies and within the scope of the risk-
based annual audit plan prepared considering
the resources of the Audit Board.
Within the scope of the centralized auditing; by
early detecting the conditions with potential
risks in the branches and departments,
computer-aided remote auditing techniques
(e-auditing techniques) are used for taking
measures on time.
Within this framework of the auditing activities
on the information systems and the processes;
the auditing of the controls on the information
systems and the banking processes is made.
In addition, the accuracy of the data used
in the Internal Capital Adequacy Evaluation
Process Report, the adequacy of the systems
and processes and the issue whether the
data, systems and processes give accurate
information and chance to make analysis or not,
are audited by the Head of Audit Board within
the framework of the procedures and principles
that will be determined.
In consequence of the audits, inspections
and investigations made by the Audit Board;
proposals are made for the correction of the
detected issues, for taking measures in order
not to face again with the similar situations, for
enhancing the processes and for improving the
internal control system, and the actions taken
regarding these issues are followed-up.
The Audit Board only provides an advisory
service on the issues requested by the Bank
and this does not mean these issues are being
approved.
The Audit Board makes contributions to the
professional development of the auditors via
training opportunities provided inside and
outside the Bank and supports them to obtain
the required certifications. By this means, at the
same time, the Department tries to provide the
well qualified and educated human resources to
the Bank.
INTERNAL CONTROL OPERATIONS
Internal Audit; as per the regulation on “Banks’
Internal Systems and Internal Capital Adequacy
Evaluation Process”; the Internal Control system
is structured to make sure that: (i) the Bank’s
assets are protected, (ii) the Bank’s activities
are carried out effectively and efficiently in
conformity with the Banking Law and other
relevant legislations, the Bank’s internal
policies and rules, and banking practices, (iii)
the accounting and financial reporting system’s
reliability and integrity is maintained, and (iv)
information is promptly obtained.
Within the framework of the check points
prepared with a risk oriented approach, “on-
site” or “from the center” control activities
are regularly carried out in all branches of the
Bank in and outside the country, and in the
Headquarters departments.
Under the supervision and control of the Audit
Committee, activities are carried out in order to
control the operational procedures for carrying
out activities, bank’s communication channels,
information systems, financial reporting systems
and business processes. In order to prevent the
risks Bank’s financial and operational activities
involve, and to decrease them to acceptable
levels, necessary controls were established.
Auto-control mechanisms are established in
all processes and systems to be activated,
with a proactive approach covering risks that
have not been previously encountered or
defined. Controls are made on the functional
separation of tasks, and distribution of duties
and responsibilities, for defining, measuring and
preventing the Bank risks.
Processes are reevaluated with a proactive
approach, necessary measures are taken.
Rules and procedures of the internal control
activities are updated in line with the Laws,
Regulations, International Internal Audit
Standards and developing needs, and thus
activities are carried out to increase the
effectiveness of the control activities and
decrease operational risks.
In conformity with the targets and strategies
of the Bank; changing needs, risks and
technological developments are tracked, and
necessary adjustments are made to make sure
that the internal control system is effective and
functional. In this context, activities continue
with the aim of increasing the internal control
culture in the Bank.
COMPLIANCE DEPARTMENT ACTIVITIES
The Compliance Department directly reporting
to the Audit Committee carries out activities in
order to fulfill the responsibilities stipulated in
the legislation issued by the Financial Crimes
Investigation Board (MASAK) within the scope of
“Prevention of Laundering of Criminal Proceeds
and Terrorism Financing”, and to comply with
the international rules and principles on the
same issue.
ASSESSMENT OF THE INTERNAL SYSTEMS AND 2015 OPERATIONS
