95

VAKIFBANK

ANNUAL REPORT 2014

ASSESSMENT OF THE INTERNAL

SYSTEMS AND 2014

OPERATIONS

INTERNAL AUDIT OPERATIONS

The Board of Auditors performs audit activities in order to discover whether or not the operations of the Bank’s Head Office departments, domestic and overseas branches,

consolidated subsidiaries, information technology (IT) departments are conducted in line with the Banking Law and other legal regulations, together with the internal legislation,

strategies, policies, principles and targets of the Bank; regarding the accuracy of the fiscal data, the competency of the implementations for the protection of the assets, the

effectiveness of the internal controls and risk management systems; within the framework of the relevant legislation, at the firms which the Bank gets support services from.

In addition, inspection and investigation are performed on the fraudulent and non-complying (with the legislation) transactions of the staff members and on the fraud, scam or

forgery made by third parties against the Bank.

The Audit Board conducts audit activities (on-site, centralized, information systems and process audits) with a risk-based auditing approach.

On-site auditing is made at the departments, branches, consolidated subsidiaries and at the firms which the Bank gets support services from, in line with the Bank’s targets and

strategies and within the scope of the risk-based annual audit plan prepared considering the resources of the Audit Board.

Within the scope of the centralized auditing; by early detecting the conditions with potential risks in the branches and departments, computer-aided remote auditing techniques

(e-auditing techniques) are used for taking measures on time.

Within this framework of the auditing activities on the information systems and the processes; the auditing of the controls on the information systems and the banking processes is

made.

In addition, the accuracy of the data used in the Internal Capital Adequacy Evaluation Process Report, the adequacy of the systems and processes and the issue whether the

data, systems and processes give accurate information and chance to make analysis or not, are audited by the Head of Audit Board within the framework of the procedures and

principles that will be determined.

In consequence of the audits, inspections and investigations made by the Audit Board; proposals are made for the correction of the detected issues, for taking measures in order

not to face again with the similar situations, for enhancing the processes and for improving the internal control system, and the actions taken regarding these issues are followed-

up.

The Audit Board only provides an advisory service in the issues requested by the Bank and this does not mean these issues are being approved.

The Audit Board Chairmanship makes contributions to the professional development of the auditors via training opportunities provided inside and outside the Bank and supports

them to obtain the required certifications. By this means, at the same time, the Department tries to provide the well qualified and educated human resources to the Bank.

INTERNAL CONTROL OPERATIONS

Internal Audit; as per the regulation on “Banks’ Internal Systems and Internal Capital Adequacy Evaluation Process”; the Internal Control system is structured to make sure that: (i)

the Bank’s assets are protected, (ii) the Bank’s activities are carried out effectively and efficiently in conformity with the Banking Law and other relevant legislations, the Bank’s

internal policies and rules, and banking practices, (iii) the accounting and financial reporting system’s reliability and integrity is maintained, and (iv) information is promptly

obtained.

Operational transaction controls on the Bank’s activities, controls on the Bank’s communication channels and information systems, financial reporting system controls, business

process controls and compliance controls are performed. Centralized or on-site control activities are carried out covering all branches of the Bank in and outside country and the

units of the Headquarters. In a manner covering new or unobserved/unidentified risks, necessary controls were organized in order to prevent the risks included in the Bank’s

financial and operational activities and to reduce them to an acceptable level. The Audit Committee regularly monitors the activities and evaluates their effectiveness.

Centralized on-site control activities are carried out covering all branches of the Bank in and outside country and the units of the Head Office. In a manner covering new or

unobserved/unidentified risks, necessary controls were organized in order to prevent the risks included in the Bank’s financial and operational activities and to reduce them to

acceptable level. The Audit Committee regularly monitors the activities and evaluates their effectiveness.

Insufficiencies detected as a result of the Internal Control Activities, opinions and suggestions are evaluated after they are shared with the employees who carry out the activities.

Within this scope, preventive and supplementary measures are taken to increase the Internal Control System’s effectiveness, and to improve the processes and activities. Pending

issues as a result of these activities, and opinions and suggestions to improve the processes are included in the Internal Control Reports while risky issues are shared with the

relevant units and senior management to ensure that necessary actions are taken. Furthermore, the Head of the Audit Committee is informed about the detected issues that cause

losses for the Bank.

Internal Control activities include the inspections of the operational transactions to carry out the Bank operations, of the Bank’s communication channels and information systems,

of the financial reporting systems, of the business process implementations and of the consistency.