THE AUDIT COMMITTEE’S ASSESSMENT OF INTERNAL CONTROL, INTERNAL AUDIT AND RISK MANAGEMENT SYSTEMS AND ACTIVITIES DURING THE REPORTING PERIOD
The organizational structure at TEB in terms of internal control, internal audit and risk management was implemented in accordance with the “Regulations on the Internal Systems of Banks”.
This structure is appropriate in view of the scope and nature of TEB’s activities and can effectively respond to changing conditions.
The Risk Management Division, the Compliance and Internal Control Center and Internal Audit Group, all reporting to the Board of Directors, independent from each other but working in cooperation, have performed their activities in 2013.
The Board of Directors has taken the necessary measures regarding the approval of important strategies and policies with regard to control activities and the maintenance of effective internal audit and risk management systems.
The internal audit system is organized to cover all activities and units of the Bank. As of year-end, the Group Internal Audit operates with Head of Audit, 3 deputy heads, five audit committee manager, seven supervisor inspectors, seventeen inspectors, 32 assistant inspectors, one supervisory commission manager, one Audit Support Coordination Manager.
The Board of Directors has taken all necessary measures authorizing the Group Internal Audit to conduct its audit activities without any restrictions and covering TEB’s consolidated subsidiaries and their respective units. In 2013, the Group Internal Audit conducted 104 branch audits and published 2 consolidated branch reports of these audits. Additionally, 20 Head Office unit audits, 7 subsidiary audits,7 information technology audits were carried out (34 in total).
Under the Compliance and Internal Control Group, there are Internal Control Department, Compliance Department, Operational Risk and Information Security Department, Customer and Product Security Department and Treasury Front Office.
Internal control activities are organized as an inseparable part of daily activities and cover all areas of basic control. Following the organizational change during the year, Internal Control and Compliance functions are now structured separately. Within the scope of internal control, daily, weekly, monthly and quarterly controls of critical activities at branches and departments of the headquarters are carried out under the Branches Control Department and Headquarters Control Department.
The Regulations and Compliance function covers the departments of Regulations and Compliance, parallel to the Internal Systems Regulation of the BRSA.
Operational Risk and Work Continuity Department, Information Technology and Support Services works under the Unit of Operational Risk and Informational Security.
The risk management’s goal is to define, measure, monitor risks bank has been exposed to and control them in accordance with risk policies, practices, and limits.
Bank’s and subsidiaries risk management functions are congregated under Group Risk Management. The mission of the Group Risk Management function is to ensure, jointly with audit committee, that the risks undertaken by the Group comply with the TEB’s policies and procedures and meet the Bank’s profitability criteria and rating.
TEB Risk Management has five departments:
At its meeting held on 8 November 2005, the Board of Directors convened to establish an Audit Committee responsible for all companies comprising the TEB Group, in accordance with Article 24 of Banking Law No: 5411 and further resolved that the powers of the Senior Risk Committee, which was established in accordance with Law No: 4389, be taken over by the new committee.
The Audit Committee has gathered 34 times during the course of the year 2013. It monitors all risk in a consolidated format at the group level, establishing mechanisms of control, reviewing all written procedures, ensuring coordination between the Internal Audit Group, the Risk Management Group and the Compliance and Internal Control Centre, as well as working toward the establishment of internal control systems at the Bank and at Group companies which are in essence of the same scope.