Basic HTML Version
88
Statutory Auditor’s Report
To the General Assembly of Shareholders of Türkiye Vakıflar Bankası T.A.O;
This audit report was prepared pursuant to the provision of Article 44 of Türkiye Vakıflar Bankası T.A.O. Articles of Incorporation.
While the Bank is eligible for the auditing performed by the Supreme Audit Institutions, the Bank’s external auditing is made routinely by Court of
Accounts and Banking Regulation and Supervision Agency (“BRSA”), and also by the independent auditor as per the Article 43 of the Articles of
Incorporation.
In the current period, 115 new branches were opened and the total number of domestic branches of the Bank reached 856. In addition to this, total
number of employees of the Bank reached 14,943 with the recruitment of 2,114 new employees – through the exams made in the related year – who
were employed in the various departments and branches of the Bank for the assistant auditors, assistant financial analyst, assistant associate and
employee positions.
Moreover, in line with the issue on providing continuous training to the employees, it was observed that the employees attended internal on-the-job
training sessions as well as domestic and international training programs organized by institutions other than the Bank.
The included financial data related with the annual activities of the Bank was reflected in compliance with the procedures and principles in force within
the frame of the Banking Law n. 5411, Turkish Code of Commerce n.6102, Capital Markets Law n.6362, generally accepted accounting principles,
relevant legislation and the Regulation of Internal Systems.
Internal auditing of the Bank: is made by the Audit Board Department, Internal Control and Risk Management Departments.
It was concluded that: the Bank had an annual audit plan with regard to the on-site audits conducted in the Bank covering 856 domestic branches, 3
overseas branches, Head Office units and consolidated subsidiaries, and these audits were conducted within the frame of the audit standards including
the inspection of the operational transactions to carry out the Bank operations, of the bank’s communication channels and information systems, of the
financial reporting systems, of the implementations for the business processes and of the consistency.
Within the frame of the auditing activities, in general terms and briefly: Within the scope of the audits conducted on-site; it was concluded that,
the internal audit units, primarily detected the risks the Bank encountered, performed controls related with these risks, determined the fields that
necessitate priority, specified the details that had to be taken into account and performed risk assessments.
Furthermore, it was concluded that; after the regularity of the audit (yearly for the Head Office Departments, overseas branches and subsidiaries and
monthly for the branches) was determined, it was submitted to the approval of the Audit Committee, upon the starting of the audit process in the
Branches/Departments, the data included in the audit program determined for the branches/departments was in a short time assessed by the auditors
conducting the audit and the audit process was systematically conducted on the risky matters and on the fields subject to the audit.
Within the scope of the centralized audits; it was concluded that; the Bank’s transactions and processes were controlled periodically with the
determined risk control matrixes; specific risk points were monitored daily, weekly and monthly during the year through the inquiries created by the
central audit team; detected findings were analyzed in detail at the branches/departments by the auditors on the field and the conclusions reached
after the control of the physical documents were reported via the central audit system.
Within the scope of the management statement activities; it was concluded that; with regard to the information systems and banking processes,
by performing tasks for increasing the effectiveness of the control processes through manual and systematic control points covering the operations
of all the departments, the findings were presented to the related departments with the aim of setting action plans for the control deficiencies; the
management statement, after being evaluated regarding its effectiveness, competency and consistency in terms of audit period, was prepared with the
purpose of ensuring safety regarding the current situation and audit activities conducted; during audit period, even if it was not at an important level, all
the abuses (if any) involved by the Bank personnel were reported.
Within the scope of the audits made on the information systems; it was concluded that taking into account the banking processes as well, the auditing
of the information systems (such as; applications, systems, servers, databases etc.) which were used in these processes was made, taking into
consideration the frame of the Cobit processes, during the audit, it was monitored whether or not the information systems, related documentation and
their control mechanisms were set, the procedures regarding the testing and assessment of the controls within the frame of the importance principle of
design and operating effectiveness, were monitored during the audit, the actions taken for the findings discovered in consequence of the leak testing,
were monitored during the audit, Within the scope of the regulation with regard to the procurement of support service by the Banks; it was concluded
that; the assessments were performed regarding the compliance of the firms which the Bank purchased support services from, with the specified terms
and conditions, Within the scope of the consistency controls; it was concluded that; the legislative amendments were monitored and practices were
performed to find out whether the Bank complies with these amendments or not; transactions carried out in the Bank were inspected through the
programs and controlled in line with the Financial Crimes Investigation Board (MASAK).
Within the scope of the Risk management processes; it was concluded that; the audit practices were performed for the Bank’s internal and external
reporting systems which had impacts on the bank’s capital adequacy ratio.
All these issues were shared with the Bank’s Senior Management.
As a consequence; it was observed that the Bank’s audit mechanisms function efficiently and strict attention was paid to keep any risky and fraudulent
transactions under control through the continuous on-site audits performed by the internal control units as well as on-site and centralized audits
performed by the Bank’s internal auditors, in addition to the external audits. In 2013, the issues identified by the internal control units were presented
in the Management Statement which was prepared in compliance with the Communiqué of BRSA and submitted to the aforementioned Organization
(BRSA) after being approved by the Board of Directors.
Yours sincerely,
Mehmet HALTAŞ
Yunus ARINCI
“A” Group Audit
“C” Group Audit