96
İŞBANK
ANNUAL REPORT 2012
Internal Audit
The İşbank Board of Inspectors reports to the Board of Directors. The İşbank Board of Inspectors audits the activities of the Bank’s head office
units (including internal control, risk management and compliance units), domestic and foreign branches and the subsidiaries, in accordance
with the Bank’s mission, strategies and policies, as well as relevant laws and regulations. Furthermore, the Board of Inspectors performs the
Bank’s processes and information systems audits. The Board of Inspectors also carries out preparatory inquiries, fraud examinations and
investigations when necessary.
Having been certified to be in conformance with the international quality standards, the İşbank Board of Inspectors combines the Board’s
deep-rooted audit traditions with advanced technology in a modern, risk-focused approach to perform its duties, with its 200 inspectors.
The board’s auditing functions are carried out by on-site inspections as well as remotely by using the state of the art data mining and fraud
detection technologies.
Depending on their content and priority, audit reports are submitted to the Board of Directors, Audit Committee, senior management and
related Head Office units. In the meantime, corrective measures are monitored by the Boards of Inspectors. The Board of Directors monitors
activities of the Board of Inspectors through monthly reports presented via the Audit Committee.
During 2012, The Board undertook 375 branches, 7 head office units and 5 subsidiaries audits. In addition to their audit-related activities,
members of the İşbank Board of Inspectors also undertake duties on major projects that the Bank is involved in.
Banking processes and IT audits are conducted annually by the members of The Board of Inspectors in accordance with the “Regulation on
Bank Information Systems and Banking Processes Audit to be Performed by External Audit Institutions” that is published by Turkish Banking
Regulation and Supervision Agency (BRSA).
According to the results of the banking processes and IT audits conducted in 2012, as of December 31, 2012 there has been,
• no material weakness in the internal controls over the main banking processes ensuring the Bank to perform efficiently, reliably and
continuously,
• no material finding about the integrity, availability, consistency and reliability of the data reported in both consolidated and
unconsolidated financial statements.
With the help of the risk focused audit plan, The Board could audit a considerable portion of İşbank’s entire credit portfolio in 2012. The remote
auditing activities of the Board has enabled the Bank to monitor the major risks especially in loans and human resources regularly and has
given the Bank the ability to counteract before the risks increase further.
Internal Control
Internal Control system of İşbank is designed and operated in a way to ensure the protection of assets of the Bank, the continuation of the
Bank’s activities in compliance with the laws and other related regulations, banking conventions, internal rules and policies; in an effective
and efficient way and to provide the reliability and integrity of accounting and financial reporting systems and to enable the availability of
information in a timely manner. The continuous integrity of all of İşbank’s operations is enabled by the internal control system.
At the time of planning and operation of Banking activities, the main framework of the internal control activities that are carried out by all of
İşbank personnel with a sense of high responsibility are structured on the control of operations, the control of communication channels and
information systems, control of financial reporting system and compliance controls. The Internal Control Division operates under the direction
of and reports to the Board of Directors. It aims to provide the maximal contribution to ensure that the internal control structure that makes
up the Bank’s control infrastructure always functions in compliance with the related laws, regulations and standards in a sound, strong and
effective way. Internal Control Division is responsible for examining, controlling, monitoring and evaluating the Bank’s activities and reporting
its findings to the parties concerned. Control and monitoring activities by the Internal Control Division are carried out by on site activities and/
or from a central location, these controls are structured to comprise the Head Office divisions, internal and external branch operations and
subsidiaries that are subject to consolidation
The results of internal control activities together with opinions and recommendations that will increase effectiveness and efficiency are
shared with those responsible for the related processes and this contributes to the implementation of solutions. All of these proceedings
are continuously and closely monitored by the internal controllers and their managers as well as by those responsible for the conduct of the
activities. The evaluations made about the operations are reported to Senior Management. The results of the internal control activities are
also continuously evaluated and monitored by the Board of Directors and the Audit Committee.
In the strong control environment of İşbank, all employeesworkwith a high sense and responsibility of control. The Board of Directorsmonitors
and promotes the internal control system so that it functions in line with the goals of the Bank in an efficient and effective way. The potential
risks and their probable effects have been assessed and the necessary controls to mitigate the risks or keep them at an acceptable level have
been implemented. There is a healthy communication environment which provides the access to information to implement internal control
activities that support corporate goals and which enables all employees to be informed about their internal control duties and responsibilities.
The existence and healthy operation of internal control components aremonitored and developed continuously and orderly by all the relevant
parties. It is concluded that İşbank’s internal control system is dependable and operates effectively in line with the regulations and parallel
with the goals and targets of the Bank.
Audit Committee’s Assessments on the Operation of Internal Control,
Internal Audit and Risk Management Systems and Its Activities in the
Reported Period
1...,88,89,90,91,92,93,94,95,96,97 99,100,101,102,103,104,105,106,107,108,...300