Basic HTML Version
VAKIFBANK ANNUAL REPORT 2013
89
Moreover, Audit Board provides consultancy
services regarding the issues of improving and
enhancing the Bank processes and related
controls performed on these processes, of
actualizing the possible efficiency increases,
and on the other issues that the Bank
demands.
Audit Board Department makes contribution
on the professional development of the
auditors via training opportunities provided
in and outside the Bank and supports them
to obtain the required certifications. By this
means, at the same time, tries to provide the
Bank with the qualified and educated human
resources.
Internal Control Operations
Internal Control; Internal Control Department,
reporting to the Audit Committee, conducts
its activities within the scope of the
“Banking Law” and the “Regulation on the
Internal Systems of the Banks,” with the
aim of ensuring that; the Bank assets are
protected; the Bank operations are carried
out in an effective and efficient manner and
in compliance with the Banking Law, other
relevant legislation, the Bank’s policies and
rules and the Banking practices; the data
obtained from the accounting and financial
reporting system is reliable, complete and
punctually.
Internal Control System; is structured within
the frame of the international standards on
auditing, in a manner that covers the Bank’s
all domestic and overseas branches, Head
Office units, consolidated subsidiaries, and all
operations.
Internal Control Activities; include the
inspections of the operational transactions to
carry out the Bank operations, of the bank’s
communication channels and information
systems, of the financial reporting systems, of
the business process implementations and of
the consistency.
In the Internal Control Activities; the Bank
put emphasis on proactive and preventive
approach and within this scope, the
effectiveness of the Internal Control System
was monitored through financial, operational
and other control points and ensured that the
necessary measures were taken for system
development and in the manner that covered
the risks which were new or not encountered
previously or undefined.
Internal Control System structured in order
to keep the risks of the Bank’s financial and
operational activities at a minimum level and
under control and to prevent them when
necessary. Internal Control System is revised
in line with the Internal Control Activities
conducted at the Bank and in line with the
procedures, rules and needs that determine
these activities.
Control programs for the Branches; are
prepared within the framework of the
risk-based control approach, by taking into
account the changes in transaction volumes,
loans, deposits, failure and tracking numbers,
and also the results of the previous control
period. In the internal control program, the
priority is given to the branches with intensive
operational failures and high risks, and
working time allocated for these branches is
differentiated.
Opinions, recommendations together with
the deficiencies detected as a result of the
Internal Control Activities are primarily shared
and evaluated with the employees performing
these activities. Therefore, it is ensured that
both the efficiency of the Internal Control
System is increased by taking preventive and
supplementary measures and the control
process and related activities are improved. In
the Internal Control Reports, the issues with
no improvement together with the opinions
and the recommendations regarding the
process improvements are presented and by
sharing these reports with the relevant units
and the Senior Management, it is ensured that
the necessary measures are taken.
With the aim of actualizing all operations of
the Bank (carried-out/planned to be carried-
out), new transactions and the new products,
the compliance of the new projects of the
Bank’s business units with the Bank’s internal
policies and rules is assessed within the
frame of the Banking Law and other relevant
legislation. Possible risks, implementations
and existing business processes are evaluated
and moreover, after making controls on the
competency and suitability of the control
points in the changing or recently formed
processes, the opinions are presented.
Findings detected during the Internal Control
Activities, which caused responsibility, which
were noncompliant with the legislation,
which were bearing high level of risks,
which were considered as misconduct or
fraudulent and which caused Bank losses,
were communicated to the Audit Board
Department.
Internal Audit Operations
Board of Auditors performs audit activities;
in order to discover whether or not the
operations of the Bank’s Head Office
departments, domestic and overseas
branches, consolidated subsidiaries,
information technology (IT) departments
are conducted in line with the Banking
Law and other legal regulations, together
with the internal legislation, strategies,
policies, principles and targets of the Bank;
regarding the accuracy of the fiscal data, the
competency of the implementations for the
protection of the assets, the effectiveness of
the internal controls and risk management
systems; within the framework of the relevant
legislation, at the firms which the Bank gets
support services from.
In addition to this, inspection and investigation
are performed on the fraudulent and non-
complying (with the legislation) transactions
of the staff members and on the fraud, scam
or forgery made by third parties against the
Bank.
Audit Board conducts audit activities (on-site,
centralized, information systems and process
audits) with a risk-based auditing approach.
On-site auditing; is made at the departments,
branches, consolidated subsidiaries and at the
firms which the Bank gets support services
from, in line with the Bank’s targets and
strategies and within the scope of the risk-
based annual audit plan prepared considering
the resources of the Audit Board.
Within the scope of the centralized
auditing; by early detecting the conditions
with potential risks in the branches and
departments, computer-aided remote auditing
techniques (e-auditing techniques) are used
for taking measures on time.
Within the scope of the auditing activities on
the information systems and the processes;
the auditing of the general controls on
the information systems and the banking
processes is made.
In consequence of the audits, inspections
and investigations made by the Audit Board;
Proposals are made for the correction of the
detected issues, for taking measures in order
not to face again with the similar situations,
for enhancing the processes and for improving
the internal control system, and the actions
taken regarding these issues are followed-up.
ASSESSMENT of THE INTERNAL SYSTEMS AND 2013 operatıons