THE AUDIT COMMITTEE’S ASSESSMENT OF INTERNAL CONTROL, INTERNAL AUDIT AND RISK MANAGEMENT SYSTEMS AND ACTIVITIES DURING THE REPORTING PERIOD
The organizational structure at TEB in terms of internal control, internal audit and risk management was implemented in accordance with the regulations on “Bank’s Internal Systems and Evaluation of Internal Capital Adequacy of Banks” published on Trade Registry Gazette on 11.07.2014
This structure is appropriate in view of the scope and nature of TEB’s activities and can effectively respond to changing conditions.
The Risk Management Division, the Compliance and Internal Control Center and Internal Audit Group, all reporting to the Board of Directors, independent from each other but working in cooperation, have performed their activities in 2014.
The Board of Directors has taken the necessary measures regarding the approval of important strategies and policies with regard to control activities and the maintenance of effective internal audit and risk management systems.
The internal audit system is organized to cover all activities and units of the Bank. As of year-end, the Group Internal Audit operates with Head of Audit, 3 deputy heads, 8 audit committee manager, 4 supervisor inspectors, fifteen inspectors, 22 assistant inspectors, 19 authorized assistant inspectors, 3 information systems auditor managers, 1 information systems assistant auditor manager, one Audit Support Coordination Manager, one assistant audit support coordination manager, and one executive assistant.
The Board of Directors has taken all necessary measures authorizing the Group Internal Audit to conduct its audit activities without any restrictions and covering TEB’s consolidated subsidiaries and their respective units. In 2014, the Group Internal Audit conducted 119 branch audits and published 2 consolidated branch reports of these audits. Additionally, 21 Head Office unit audits,107 subsidiary audits,6 information technology audits were carried out (37 in total).
Under the Compliance and Internal Control Group, there are Internal Control Department,
Operational Risk and Information Security Department, Customer and Product Security Department and Treasury Front Office.
Internal control activities are organized as an inseparable part of daily activities and cover all areas of basic control. Following the organizational change during the year, Internal Control and Compliance functions are now structured separately. Within the scope of internal control, daily, weekly, monthly and quarterly controls of critical activities at branches and departments of the headquarters are carried out under the Branches Control Department and Headquarters Control Department.
In line with Compliance and Internal Control function and BRSA “Bank’s Internal Systems and Evaluation of Internal Capital Adequacy of Banks” regulation, there Legislation and Compliance Department within Legislation and Compliance function.
The risk management’s goal is to define, measure, monitor risks bank has been exposed to and control them in accordance with risk policies, practices, and limits.
Bank’s and subsidiaries risk management functions are congregated under Group Risk Management. The mission of the Group Risk Management function is to ensure, jointly with audit committee, that the risks undertaken by the Group comply with the TEB’s policies and procedures and meet the Bank’s profitability criteria and rating.
TEB Risk Management has five departments:
At its meeting held on 8 November 2005, the Board of Directors convened to establish an Audit Committee responsible for all companies comprising the TEB Group, in accordance with Article 24 of Banking Law No: 5411 and further resolved that the powers of the Senior Risk Committee, which was established in accordance with Law No: 4389, be taken over by the new committee.
The Audit Committee has gathered 48 times during the course of the year 2014. It monitors all risk in a consolidated format at the group level, establishing mechanisms of control, reviewing all written procedures, ensuring coordination between the Internal Audit Group, the Risk Management Group and the Compliance and Internal Control Centre, as well as working toward the establishment of internal control systems at the Bank and at Group companies which are in essence of the same scope.