VKF_FRAE_2017

123 VakıfBank Annual Report 2017 ASSESSMENT OF THE INTERNAL SYSTEMS AND 2017 OPERATIONS »» INTERNAL AUDIT OPERATIONS The Board of Auditors performs audit activities in order to discover whether or not the operations of the Bank’s Head Office departments, domestic and international branches, consolidated subsidiaries, information technology (IT) departments are conducted in line with the Banking Law and other legal regulations, together with the internal legislation, strategies, policies, principles and targets of the Bank; regarding the accuracy of the fiscal data, the competency of the implementations for the protection of the assets, the effectiveness of the internal controls and risk management systems; within the framework of the relevant legislation, at the companies which the Bank gets support services from. In addition, inspection and investigation are performed on the illegal and non-complying (with the legislation) transactions of the staff and on the fraud, scam or forgery made by third parties against the Bank. The Audit Board conducts audit activities as on-site audit, centralized audit, information systems and process audits) with a risk- based auditing approach. On-site auditing is performed by the audit board at the departments, branches, and consolidated subsidiaries and at the companies which the Bank gets support services from, in line with the Bank’s targets and strategies and within the scope of the risk-based annual audit plan prepared considering the resources of the Audit Board. Within the scope of the centralized auditing; by early detecting the conditions with potential risks in the branches and departments, computer-aided remote auditing techniques (e-auditing techniques) are used for taking measures on time. Within this framework of the auditing activities on the information systems and the processes; the auditing of the controls on the information systems and the banking processes is made. In addition, the accuracy of the data used in the Internal Capital Adequacy Evaluation Process Report, the adequacy of the systems and processes and the issue whether the data, systems and processes enable accurate information and analysis or not, are audited by the Head of Audit Board within the framework of the procedures and principles that will be determined. In consequence of the audits, inspections and investigations made by the Audit Board; proposals are made for the correction of the detected issues, for taking measures in order not to face again with the similar situations, for enhancing the processes and for improving the internal control system and the actions taken regarding these issues are followed-up. The Audit Board only provides an advisory service on the issues requested by the Bank and this does not mean these issues are being approved. The Audit Board makes contributions to the professional development of the auditors via training opportunities provided inside and outside the Bank and supports them to obtain the required certifications. By this means, at the same time, the Department tries to provide the well qualified and educated human resources to the Bank. »» INTERNAL CONTROL OPERATIONS Internal Control: As per the regulation on “Banks’ Internal Systems and Internal Capital Adequacy Evaluation Process”; the Internal Control system is structured to make sure that: I) a healthy internal control environment is created and coordinated, II) Bank’s assets are protected, III) Bank’s activities are carried out effectively and efficiently in conformity with the relevant legislations, policies, rules and banking tendencies, IV) the accounting and financial reporting system’s reliability and integrity is maintained, and V) information is promptly obtained. Within this scope, internal control activities are carried out in all branches of the Bank in and outside the country as well as the Head Office Departments. Branch controls in the country are conducted onsite or from the center within the framework of the control programs organized every year according to risk conditions. Furthermore; real-time controls are performed regarding the transactions performed in the branches. Internal controls for branches outside the country are conducted in accordance with the annual control plan. On the other hand, permanent Controllers carry out control activities in departments where there’s a large amount of operational transactions and in Head Office Departments where it’s necessary. Furthermore, information technology controls are also performed to check whether or not information system activities are carried out securely and in conformity with the guidelines determined by the Bank. Findings and suggestions within the scope of all these control activities are reported and shared with the relevant departments as the actions taken are monitored. The Head of Internal Control: I) controls the distribution of duties and responsibilities, and the functional classification of tasks for identifying, measuring, and preventing the Bank’s risks, II) set up auto-control mechanisms in all processes and procedures to be initialized, in a manner that will cover the previously unknown or unidentified risks, III) set up and enhances systemic controls. Thus activities are carried out to increase the effectiveness of the control activities and minimize operational risks. In conformity with the targets and strategies of the Bank; changing needs, risks, regulations and technological developments are tracked and necessary adjustments and updates are made to make sure that the internal control system is effective and functional. In this context, activities continue with the aim of increasing the internal control culture in the Bank. »» COMPLIANCE DEPARTMENT ACTIVITIES The Compliance Department directly reporting to the Audit Committee carries out activities in order to fulfill the responsibilities stipulated in the legislation issued by the Financial Crimes Investigation Board (MASAK) within the scope of “Prevention of Laundering of Criminal Proceeds and Terrorism Financing”, and to comply with the international principles and rules on the same issue. Within this scope; as per the Regulation on the Compliance Program regarding the