Basic HTML Version
VAKIFBANK
2011
ANNUAL REPORT
112
Evaluation of the Operation of Internal Systems and
Operations During the Period
Internal Audit Operations
During the year, the auditing operations were conducted as on-site audit, centralized control and information
technologies implementation audits in line with the Internal Audit Plan for 2011.
During 2011, 496 branches, 98 subsidiary branches, 10 affiliates, 63 Head Office departments, two overseas branches
and two overseas affiliates were audited to ascertain whether or not the operations are performed in line with the
Banking Law and other statutory regulations and the Bank’s strategies, policies, principles and objectives. The issues
suggested by the auditors with the reports issued at the conclusion of audits and communicated to Executive Vice
Presidents and/or to Head Office departments, authorized by the Presidency to take corrective measures, were
monitored in accordance with Article 32 of the Regulation on the Banks’ Internal Systems. All processes of the reports
issued for branch audits during 2011 were carried out through the Web Based Reporting System.
During the year, emphasis was given on centralized auditing works in line with the BRSA regulations and within the
scope of risk-oriented periodic audit vision. As part of centralized auditing works, the system used by the centralized
audit team was improved in 2011 and the new structure to ensure the centralized monitoring of all auditing results,
and priority was given to branches and departments with risk concentration. Internal control staff, besides the
auditors, were enabled to access to centralized control findings related with the branch they serve at, via audit portal
prepared by the centralized control team and regularly updated, and thus the effectiveness of the coordination of
internal audit and internal control was enhanced.
Under the information technologies implementation audit, the Bank’s credits, deposits and credit cards processes were
audited and the audit reports issued at the conclusion of auditing have been delivered to the Executive Vice Presidents
in order to correct the deficiencies and improper practices and to take necessary measures.
Efforts were made to overcome the deficiencies found during audits and to liquidate or collateralize Bank losses
arising out of operational risks. Furthermore, necessary audit/examination reports were issued on the responsible staff
and presented for the information of the Executive Management together with the suggestions on the prevention of
similar risk-bearing operations.
All activities, new operations and products developed or planned by the Bank have been evaluated in terms of
compliance with the Banking Law, other legislation, Bank’s internal policies and rules and the banking trends,
according to the compliance audits, and the conclusions were reported.
In 2012, the Risk Map Project will be launched and accordingly the audit frequencies and auditing terms of branches
will be determined, more frequent and specific audits will be conducted at risk-involving branches and the Bank
will be enabled to interfere to the branches with increasing risk coefficient in a more rapidly and effective manner.
Besides, early warning system planned to be developed against risks to be experienced during branch and department
audits will support immediate actions of intervention. Centralized audit team is carrying on its studies on the early
warning system to be developed against risks to be experienced during branch and department audits.
Internal Control Operations
Internal Control Unit, reporting to the Audit Committee, is carrying on its operations to ensure the protection of the
Bank’s assets, the performance of Bank operations in regular, efficient and effective manner and in compliance with
the Banking Law and other legislation, Bank’s policies and rules as well as the banking practices and the release of
information by the financial reporting system in a reliable, whole and timely manner.
The Bank’s internal control operations are performed within the scope of the “Regulation on the Banks’ Internal
System” issued by the BRSA and by covering the Bank’s domestic and overseas branches and Head Office
departments, consolidated subsidiaries and all Bank operations.
The internal control system, consisting of systems, principles and methods specified by the Internal Control
Department, is configured to ensure that the financial and operational risks identified as regards to the Bank’s
operations are kept at a manageable level. Within this context, the implementation procedures, work flows, duty