77
Corporate Governance
Audit Committee’s Assessments on the Operation
of Internal Control, Internal Audit and Risk
Management Systems and Its Activities in the
Reported Period
Internal Audit
The İşbank Board of Inspectors reports to the Board of Directors via Audit Committee and is responsible for the auditing activities.
By adopting ethical principles stated by banking and internal auditing regulations and “International Standards for the Professional
Practice of Internal Auditing”, the İşbank Board of Inspectors audits the activities of the Bank’s Head Office divisions (including internal
control, risk management and corporate compliance divisions), domestic and foreign branches and the subsidiaries, in accordance with
the Bank’s mission, strategies and policies, as well as relevant laws and regulations. Furthermore, the Board of Inspectors performs the
Bank’s processes and information systems audits. The Board of Inspectors also carries out preparatory inquiries, fraud examinations and
investigations when necessary.
Having been certified to be in conformance with the international quality standards, the İşbank Board of Inspectors combines the Board’s
fundamental audit experience with advanced technology in a modern, risk-focused approach to perform its duties. The Board’s auditing
functions are carried out by on-site inspections as well as remotely by using data mining and fraud detection technologies with its 195
inspectors and assistant inspectors.
Depending on their content and priority, audit reports are submitted to the Board of Directors, Audit Committee, senior management
and related Head Office divisions. In the meantime, corrective measures taken by the relevant Head Office divisions are monitored by the
Board of Inspectors. The Board of Directors monitors activities of the Board of Inspectors through monthly reports presented via the Audit
Committee.
During 2015, the Board undertook audits of 459 domestic branches, 5 overseas branches, 4 Head Office divisions and 10 subsidiaries.
In addition to their audit-related activities, members of the İşbank Board of Inspectors also participated as internal consultant in major
projects that the Bank is involved in.
Banking processes and IT audits are conducted annually by the members of The Board of Inspectors in accordance with the “Regulation on
Bank Information Systems and Banking Processes Audit to be Performed by External Audit Institutions” that is published by Turkish Banking
Regulation and Supervision Agency. Both consolidated and unconsolidated financial statements’ preparation process have been evaluated
and validated during the financial reporting process audit.
According to the results of the banking processes and IT audits conducted in 2015, there has been;
- no material weakness in the internal controls over the main banking processes ensuring the Bank to perform efficiently, reliably and
continuously,
- no material finding about the integrity, availability, consistency and reliability of the data reported in consolidated and unconsolidated
financial statements.
With the help of the risk focused audit plan, The Board audited a considerable portion of İşbank’s entire credit portfolio in 2015. The remote
auditing activities of the Board has enabled to monitor the major risks especially in loans and human resources regularly and has provided
with the ability to counteract before the risks increase further.
Internal Control
All units carry out their activities coherently at İşbank, being aware of the fact that a healthy internal control system established and
operated in an uninterrupted manner suitable for the purpose is the common and main responsibility of all employees.
Besides enabling accountability at İşbank, it is important to also have specialized employees carry out activities on the basis of honesty
and commitment to ethical values, with high awareness of responsibility. Risks that may occur while carrying out activities, are regularly
monitored according to changing circumstances, as necessary controls are established in order to prevent risks or decrease risks to
reasonable levels. Necessary communication systems were established in order to provide all relevant parties in the corporation with the
qualified information required to perform activities in a manner that will support corporate targets. All relevant parties and the Board of
Directors, in particular, continuously and regularly monitor if internal control components exist and function well while all parties make sure
that the internal control system is operated well and sustainably.
