> Add bookmark
> Add to print list
> Print page

My Bookmarks
    My Notes
    My Print List

      Audit Committee's Assessments on the Operation of Internal Control, Internal Audit and Risk Management Systems and Its Activities in the Reported Period

      Internal Audit

      The İşbank Board of Inspectors reports to the Board of Directors via Audit Committee and is responsible for the auditing functions. The İşbank Board of Inspectors fulfills the duty of inspecting and supervising the activities of all the Bank’s Head Office divisions, including internal control, risk management and corporate compliance divisions, domestic and foreign branches and the subsidiaries, in accordance with the Bank’s mission, strategies and policies, as well as relevant laws and regulations. Furthermore, the Board of Inspectors performs the auditing of the Bank’s processes and information systems. The Board of Inspectors also carries out preparatory inquiries, fraud examinations and investigations when necessary.

      Having been certified to be in conformance with the international quality standards, the İşbank Board of Inspectors combines the Board’s deep-rooted audit traditions with advanced technology in a modern, risk-focused approach to perform its duties, with its 191 inspectors and assistant inspectors. The Board’s auditing functions are carried out by on-site inspections as well as by remotely making use of the Bank’s data processing infrastructure.

      Depending on their content and priority, the reports of the results of the Board’s inspections are classified and submitted to the Board of Directors, the Audit Committee, the Senior Management and related Head Office units. In the meantime, the measures taken related to identified issues are monitored by the Board of Inspectors. The Board of Directors keeps track of the performance of the Board of Inspectors through monthly reports presented via the Audit Committee.

      During 2011, The Board undertook 452 branches, 2 Head Office divisions, 6 subsidiaries, 8 process audits as well as information systems audit in accordance with COBIT. In addition to their audit-related activities, members of the İşbank Board of Inspectors also undertake duties on major projects that the Bank is involved in.

      With the help of the risk focused inspection programs, the Board could audit a considerable portion of İşbank’s entire credit portfolio in 2011. The remote auditing activities of the Board has enabled the Bank to monitor the major risks especially in loans and human resources regularly and given the Bank the ability to counteract before the risks grow further.

      Internal Control

      The Bank’s internal control system is structured so as to make it possible for all financial and operational risks identified as being related to the Bank’s activities can be kept continuously under control and at reasonable levels. Within the framework of the internal control system, the internal control activities, policies and procedures that shape these activities are reviewed continuously at every level of the Bank and renewed according to the current requirements, as a result, the integration of the internal control activities and the internal control system of the Bank can be achieved.

      İşbank’s activity-related work-flows incorporate all of the necessary steps and appropriate controls. Segregation of duties, transaction conduct and approval authorizations and limits, systemic controls, post-transaction controls and other process related controls all work together to ensure that the Bank’s activities and transactions are continuously carried out effectively, correctly, systematically and securely by all the levels of the personnel. This operational and internal control structure also plays an important role on the reliable and efficient operation of the processes and controls of the accounting and financial reporting systems.

      The main framework of the internal control activities structured within the internal control system consists of operational controls, information and communication systems and financial reporting systems controls and compliance controls.

      The Internal Control Division operates under the direction of and reports to the Board of Directors. It aims to provide the maximal contribution to ensure that the internal control structure that makes up the Bank’s control infrastructure always functions in compliance with the related laws, regulations and standards in a sound, strong and effective way. Internal Control Division is responsible for examining, controlling, monitoring and evaluating the Bank’s activities and reporting its findings to the parties concerned. Division activities are structured as to comprise the Head Office divisions, branches, subsidiaries that are subject to consolidation and the institutions from which the Bank takes support services.

      The findings, opinions and recommendations resulting from internal control activities are shared and evaluated at first with those performing the activities and the related process owners. This contributes to the implementation of adequate and practicable solutions for improving internal control processes and activities. All of these proceedings are continuously and closely monitored by the internal controllers and their managers as well as by those responsible for the conduct of the activities. The evaluations made about the operations are reported to Senior Management. The results of the internal control activities are also continuously evaluated and followed by the Board of Directors and the Audit Committee.

      Internal Control Division’s activities include on-site review of all domestic and overseas branches at least once a year and performing tests on each of the control points in the workflows of Head Office Divisions. Control activities are also performed at the Information Technologies Divisions and these activities are COBIT based. The reviews, being performed both at the Divisions and at the Branches, are supported by computer assisted control and monitoring activities. In 2011, all of İşbank’s activities were controlled in accordance with the Division’s targets.

      As a result of the Internal Control Division’s activities in the year 2011, it can be concluded that the internal control system and the internal control activities of the Bank at all levels and operations depend on reasonable controls and function productively and effectively in line with the Bank’s goals and objectives.

      Compliance

      Compliance is the foremost duty and responsibility of all managers and employees of the Bank at any level. The coordination of functions and activities regarding compliance executed in the Head Office Divisions and Branches of the Bank is managed through the corporate compliance activities conducted within the Corporate Compliance Division, which reports to the Board of Directors.

      Corporate Compliance Division operates with the purpose to provide maximum contribution in order to manage the compliance risk and control this risk in an appropriate and efficient manner and in this regard to execute and manage the activities of the Bank continuously in compliance with the relevant laws, regulations and standards.

      The necessary researching, analyzing, monitoring, assessing, informing, conducting, coordinating and reporting activities regarding compliance issues are conducted within the Corporate Compliance Division, which consists of three sub-units, namely, Regulatory Compliance, Banking Activities Compliance and Anti-Money Laundering Compliance.

      The duties and responsibilities of the Compliance Officer as stated in the Prevention of Laundering Proceeds of Crime Law and other related regulations in effect are fulfilled by the Head of Corporate Compliance Division, who is the legal “Compliance Officer” of the Bank as well. The activities regarding the prevention of laundering of criminal proceeds and finance of terror in the Bank are executed in an express and efficient manner within the context of related legislations and the Bank’s Policy and the Compliance Program, which have been prepared in accordance with these legislations.

      The Bank’s Compliance and Compliance Risk Management Policy and Prevention of Laundering Criminal Proceeds and Terrorism Financing Policy are stated in “Investor Relations / Corporate Governance” link at the Bank’s website www.isbank.com.tr in English and Turkish.

      The results of the activities regarding compliance are also regularly monitored and evaluated by the senior management and the Board of the Bank.

      Risk Management

      Besides banking activities, both financial and non-financial risks encompassing the whole group are required to be analyzed, monitored and reported from the standpoint of group risk management in addition to that of banking-specific risk management principles. This aspect of risk management, beyond regulatory requirements has become an industry standard for corporate governance.

      The risk management process, organized within the framework of advanced risk management methodologies and favors a common risk management culture throughout the establishment, is structured to emphasize “good corporate governance”, assuring independency of units responsible for monitoring and controlling risk from executive functions, so that risk definition, measurement, analysis, monitoring, reporting and control functions are carried out within the same framework.

      A general assessment of risk by categories suggests that the most significant risk the Bank was exposed to in 2011 was credit risk, just as was also the case in 2010. This was followed by market risk, especially interest rate risk. In 2011, capital allocation was done for nonfinancial operational risk according to framed policy beside financial risk.

      The process of risk management and the functions involved in that process are among the highest-priority responsibilities of the İşbank Board of Directors. Acting through the Risk Committee, which reports to the Board of Directors, the Bank Credit Committee and the Assets & Liabilities Committee together with the Risk Management Division in its capacity as a functional component of risk management are engaged in efforts to bring the Bank into compliance with Basel II capital adequacy rules. Sub-committees of the Risk Management Division are Asset-Liability Management Risk Unit, Credit Risk and Economical Capital Unit, Operational Risk, Model Validation and Subsidiary Risk Unit.


      Prof. Dr. Savaş Taşkent
      Member of the Board and the Audit Committee
      Füsun Tümsavaş
      Chairman of the Audit Committee



      Add note     Cancel