VKF_FRAE_2018_uyg11

112 Part III: Financial Highlights and Assessment of Risk Management STATUTORY AUDITOR’S REPORT Türkiye Vakıflar Bankası T.A.O. To: General Assembly of Shareholders; This audit report was prepared pursuant to the provision of Article 31 of Türkiye Vakıflar Bankası T.A.O.’s Articles of Incorporation. The Bank is open to public scrutiny, and external audits are undertaken routinely by the Banking Regulation and Supervision Agency (“BRSA”) and also by the independent auditor as per the Article 30 of the Bank’s Articles of Incorporation. In the current period, the Bank’s assets increased by 22% and reached TL 331,355,641 thousand, while the loans, constituting a significant 67% in the assets, reached TL 221,546,517 thousand growing by 20%. The deposits – in the pursuit of broadening the base – is up by 16% amounting for TL 179,407,907 thousand. Demand deposits is up by 20%, while savings deposits increased by 34%, amounting to TL 87,822,090 thousand. As a consequence of these growing figures, our Bank’s profit increased by 11.57%, higher than the sector average, and reached TL 4,154,322 thousand. An important parameter for the banking sector, the Capital Adequacy Ratio, rose by 147 basis points YoY, attaining 16.99%. Continuing to support to the economy with strong funding sources and structure, the Bank opened 38 new branches reaching a 951 branches and 16,767 employees in total. As for continuous development, higher participation rates were observed in intensive on-the-job trainings, and domestic and international training programs organized by external institutions. The financial information related with the annual activities of the Bank are presented in conformity with the procedures and principles in force under the Banking Law numbered 5411, Turkish Commercial Code numbered 6102, Capital Markets Law numbered 6362, generally accepted accounting principles, relevant legislation and the Regulation on Internal Systems. The internal audit of the Bank is performed by the Audit Board, Internal Control and Risk Management Departments. It was concluded that the Bank had an annual audit plan with regard to on-site audits conducted in the Bank covering domestic branches, international branches, Head Office departments and consolidated subsidiaries; and that such audits were conducted within the framework of the audit standards including the control of (i) operational transactions regarding Bank’s operations; (ii) the Bank’s communication channels and information systems, (iii) financial reporting systems, (iv) implementation of business processes; and (v) compliance. Within the framework of the Auditing Activities, in general terms and briefly: Within the Scope of the audits conducted on-site; Studies on the risks that the Bank is exposed to, relevant controls, priority areas, matters that will be considered, and the magnitude of risks, are carried out by audit functions in particular are submitted to the Audit Committee for approval. Promptly after the start of audit activities at Branches/Departments, auditors evaluate the data involved in the work schedule of branches/departments, while activities are systematically carried out regarding risky fields and audit areas. Within the scope of centralized audit activities; The Bank’s transactions and processes are periodically checked by risk control matrices, and certain risk points are monitored throughout the year by the central audit team using predefined daily, weekly and monthly inquiries. Findings are inspected in detail by the auditors who are already working on-site at branches/departments, and the conclusions on the inspection of physical documents are reported through the centralized audit system. Within the scope of management statement efforts; Regarding information systems and banking processes, i) all the functions within the Bank carry out activities to enhance the effectiveness of systemic or manual control points prepared for reconciliation of their activities; ii) findings are communicated to the departments where there is lack of control (if any) so that they take action for relevant issues; iii) the management statement is prepared in order to provide assurance for the current situation and the activities carried out within this framework, by evaluating the effectiveness, adequacy and compliance of the information systems and banking processes in the audit period for relevant controls; and iv) any act of fraud is reported during the audit period if the Bank employees at any level ever get involved in fraudulent activities. Within the scope of the audits conducted on information systems; Taking into account the banking processes as well, information systems (such as applications, systems, servers, databases) used in these processes were audited. Cobit processes were taken into consideration during the audit, and documentation on information systems and control mechanisms were shared with the audit company. The design and operational effectiveness of the procedures were tested and assessed in terms of their significance. The actions taken for the findings discovered in penetration tests were monitored. Within the scope of the Regulation Regarding Banks’ Procurement of Support Services; Audits and assessment were made to check whether the companies providing the Bank with support services comply with the stipulated terms and conditions. Within the scope of compliance controls; It was concluded that; amendments to law were tracked and efforts undertaken regarding the Bank’s compliance. Transactions performed in the Bank were inspected by using programs and controlled in line with the legislation of the Financial Crimes Investigation Board (MASAK). All these matters are shared with the Bank’s senior management. It was consequently observed that the Bank’s audit mechanisms function efficiently and strict attention is paid to keep any risky and fraudulent transactions under control through continuous on-site and centralized audits performed by internal control departments as well as on-site and centralized audits performed by the Bank’s internal auditors, in addition to the external audits, along with external audits. In 2018, the issues identified by the internal control departments were presented also in the Management Statement which was prepared in compliance with the Communiqué of BRSA and submitted to the aforementioned Organization after being approved by the Board of Directors. Respectfully, Hasan TÜRE Member of the Audit Board Yunus ARINCI Member of the Audit Board