VKF_FRAE_2017

PART III: FINANCIAL HIGHLIGHTS AND RISK MANAGEMENT 122 VakıfBank Annual Report 2017 STATUTORY AUDITOR’S REPORT Statutory Auditor’s Report To the General Assembly of Shareholders of Türkiye Vakıflar Bankası T.A.O: This audit report was prepared pursuant to the provision of Article 44 of Türkiye Vakıflar Bankası T.A.O. Articles of Incorporation. While the Bank is open to public scrutiny, the Bank’s external auditing is made routinely by the Court of Accounts and the Banking Regulation and Supervision Agency (“BRSA”), and also by the independent auditor as per the Article 43 of the Bank’s Articles of Incorporation. In the current period, the Bank’s assets increased by 27% and reached TL 270,571,710 thousand. The loans, with a significant portion of 68% in the assets, reached TL 183,971,615 thousand, increasing by 25% while the deposits – with a broadened base – reached TL 155,277,122 thousand increasing by 25%. Demand deposits increased by 23% while savings deposits increased by 21% and reached TL 65,323,825 thousand. As a consequence of these growing figures, our Bank’s profit increased by 38% higher than the sector, and reached TL 3,723,383 thousand. Capital Adequacy Ratio that is important for the sector increased by 136 basis point compared to the last year and reached 15.52%. The Bank continued its support to the economy with its strong funding source and structure. VakıfBank opened seven new branches while increasing the total number of its branches to 927, and the number of employees to 16,097. Moreover, in line with the issue on providing continuous training to the employees, it was observed that the employees attended internal on-the-job training sessions as well as domestic and international training programs organized by institutions other than the Bank. The included financial data related with the annual activities of the Bank was reflected in compliance with the procedures and principles in force within the framework of the Banking Law numbered 5411, Turkish Commercial Code number. 6102, Capital Markets Law numbered 6362, generally accepted accounting principles, relevant legislation and the Regulation of Internal Systems. Internal auditing of the Bank: is performed by the Audit Board Department, Internal Audit and Risk Management Departments. It was concluded that: the Bank had an annual audit plan with regard to the on-site audits conducted in the Bank covering domestic branches, international branches, Head Office departments and consolidated subsidiaries; and these audits were conducted within the framework of the audit standards including the inspection of the operational transactions to carry out the Bank operations, of the Bank’s communication channels and information systems, of the financial reporting systems, of the implementations for the business processes and of consistency. Within the framework of the auditing activities, in general terms and briefly: Within the scope of the audits conducted on-site; It was concluded that, the internal audit departments, primarily detected the risks the Bank encountered, performed controls related with these risks, determined the fields that necessitate priority, specified the details that had to be taken into account and performed risk assessments; Furthermore, it was concluded that, after the regularity of the audit was determined, it was submitted to the approval of the Audit Committee; Upon the starting of the audit process in the branches/departments, the data included in the audit program determined for the branches/departments was in a short time assessed by the auditors conducting the audit and the audit process was systematically conducted on the risky matters and on the fields subject to the audit; Within the scope of preparing the management statement; Regarding the information systems and banking processes; I) all Bank departments carry out activities to increase the effectiveness of systemic or manual control points prepared for reconciliation of their activities; II) findings are communicated to the departments, where there is lack of control (if any), to take action for the relevant issues; III) the management statement is prepared in order to provide assurance for the current situation and the activities carried out within this framework, evaluating the effectiveness, adequacy and compliance of the information systems and banking processes in the audit period for the relevant controls; and IV) all fraud is reported during the audit period if the Bank staff at any level ever gets involved in any fraud, Within the scope of the audits made on the information systems; it was concluded that, taking into account the banking processes as well, the auditing of the information systems (such as applications, systems, servers, databases) which were used in these processes, was made, taking into consideration the framework of the Cobit processes, during the audit, it was monitored if the information systems and related documentation and their control mechanisms were given to audit company, the procedures regarding the testing and assessment of the controls within the framework of the importance principle of design and operating effectiveness, were monitored during the audit, the actions taken for the findings discovered in consequence of the leak testing, were monitored during the audit, Within scope of the Regulation Regarding Banks’ Procurement of Support Services; Audit and assessment was made to check whether the companies, that provide the Bank with support services, comply with the stipulated terms and conditions, Within the scope of the consistency controls; it was concluded that; the legislative amendments were monitored and practices were performed to find out whether the Bank complies with these amendments or not; transactions carried out in the Bank were inspected through the programs and controlled in line with the Financial Crimes Investigation Board (MASAK). All these issues were shared with the Bank’s Senior Management. As a consequence; it was observed that the Bank’s audit mechanisms function efficiently and strict attention was paid to keep any risky and fraudulent transactions under control through the continuous on-site audits performed by the internal control departments as well as on-site and centralized audits performed by the Bank’s internal auditors, in addition to the external audits. In 2017, the issues identified by the internal control departments were presented in the Management Statement which was prepared in compliance with the Communiqué of BRSA and submitted to the aforementioned Organization after being approved by the Board of Directors. Yours sincerely, Yunus ARINCI Hasan TÜRE Audit Member Audit Member