2012 Annual Report
Home Page Introduction Management and Corporate Governance Practices Financial Information and Risk Management Türkçe

Audit Committee's Assessment of the Operation of the Internal Audit, Internal Control, and Risk Management Systems

The internal audit, internal control and risk management activities at Ziraat Bank are carried out by the Board of Auditors and Internal Control and Risk Management Group, which have segregated duties and responsibilities, are organizationally independent from each other, but work in coordination.

Set up to cover all units, branches and the Bank’s subsidiaries subject to audit, the organization aims to ensure complete and secure pursuance of banking activities, realization of long-term profit targets, reliable financial and administrative reporting, and minimization of unexpected risks that might negatively affect the Bank’s reputation and financial stability.

OPERATION OF THE INTERNAL AUDIT SYSTEM

The Board of Auditors adopts a risk-focused approach to auditing and controls compliance of the activities carried out by all of the Bank’s head office units, domestic and international branches, and subsidiaries under its control with the law and other applicable legislation, as well as the Bank’s internal strategy, policy, principles and targets, including internal control and risk management. The Board of Auditors keeps the Bank’s Senior Management informed and pursues its efforts in a manner to contribute to the decision-making processes of the Senior Management.

Having 174 members and working in line with the international internal audit standards, the Board of Auditors, during 2012, audited and evaluated the effectiveness and efficiency of transaction steps that make up the primary processes, and the secondary processes, besides auditing the compliance of the Bank’s activities with the processes that they are governed by. In addition, the Bank’s IT Inspectors audited the processes identified in the Regulation on Bank Information Systems and Banking Processes published by the Banking Regulation and Supervision Agency (BRSA) in line with the Bank’s implementations.

Apart from on-site audits that are conducted using the reporting structure integrated into the Bank’s system, the Centralized Audit Team, which operates under the Board of Auditors and produces a dissuasive effect in terms of establishing actual irregularities and of preventing possible irregularities with the scenario analyses implemented, continues to increase its contributions to the activities of the Board of Auditors owing to these characteristics.

During the audits carried out, inspectors continued to make determinations and give recommendations, which are designed to give an introduction to regionally important sectors, and to ensure rapid decision-making regarding existing and/or potential risks and opportunities involving the loan book, in particular.

In addition, the members of the Board of Auditors strived to build up the personnel’s practical knowledge through on-site trainings given in branches in 2012. On the other hand, the inspectors have the opportunity to conduct audit in different units periodically and thereby to constantly build on their professional knowledge and experience; they were also given training at certain intervals to support their personal and professional development. Along the line, the Bank continued in 2012 to implement the training catalogue, which is formulated by identifying the training programs for each member of the Board of Auditors in any seniority, and opportunities were created for the members of the Board of Auditors to take part in numerous extramural meetings, conferences and workshops during the reporting period.

Having made it a principle and a goal to make significant contributions to the Bank’s qualified and high-quality human resource, the Board of Auditors provided an intensive transition of its members to administrative duties during 2012; hence, the Bank’s experienced members who have been involved in the examination and inspection of the Bank’s various domestic and international branches, regional offices and Head Office units continued to offer administrative service to our Bank’s different units in various geographies. On the other hand, the recruitment process has been completed for assistant inspectors, who will begin working by early 2013 according to the plans.

The Board of Inspectors continues to evaluate the organizational changes at the Bank, the modules introduced in lending decisions and the systematic differences arising from the launch of centralized allocation structures, and Operations Center, and keeps working on the planned changes regarding the audit system.

In the period ahead, the Board of Auditors will continue to be guided by a high sense of responsibility and duty in the execution of the internal audit plan to be devised in line with the targets and policies determined by the Bank’s Senior Management and within the frame of the modern approach to audit; in the reporting of their outcomes to the Board of Directors via the Audit Committee, and in monitoring the precautions to be adopted based on audit reports.

INTERNAL CONTROL AND RISK MANAGEMENT GROUP

OPERATION OF THE INTERNAL CONTROL SYSTEM

Internal control activities are organized so as to cover the activities of the Bank’s domestic and international branches, regional branches and head office units under the Regulation on Banks’ Internal Systems issued by the BRSA, and are constantly revised in line with the Bank’s requirements.

Control programs for branches are devised quarterly within the frame of the branches’ risk map prepared by the risk management department. They take into consideration 135 different criteria including, among others, branch scales, transaction volumes, changes in the amount of lending and results of the previous control period, as well as the control schedule of the Board of Inspectors. These programs are enforced upon approval of our Committee. Controls are carried out on an average of 950 branches in every quarter within the scope of the program.

The control intervals of head office units are determined in view of the units’ functions and risk exposure, their job descriptions and impact on the Bank’s balance sheet, and are revised in line with the needs.

Pursuant to the provision under Article 9/3 of the Regulation on the Bank’s Internal Systems that reads “Internal control system is organized to cover the bank’s domestic and international branches, head office units, consolidated partnerships and all of its activities”, internal control activity at all of our branches abroad are conducted in accordance with the annual control plans that are approved by our Committee.

Findings contained in the reports resulting from the control activities conducted are categorized under certain headings, and are shared with relevant units and the Senior Management.

As a result of the switch to the new service model at the Bank, introduction of centralized allocation structure in retail loans and of new modules in other types of loans, and centralization of operations, manual transactions have been substantially migrated to the system, and work is ongoing for integrating the transactions that are still performed manually to the system. Given that centralized controls will increase along with the systematic controls introduced under these implementations, the operational workloads of Internal Controllers assigned to the field are expected to be alleviated.

On-site Internal Controllers continued in 2012 to conduct examinations regarding matters established during the control activities and deemed to require further examination. Necessary action to be taken by the Bank based on the preliminary examination reports so issued were put into life forthwith and transactions doubted to be subject to abuse were shared with the Board of Auditors for ensuring that necessary examinations/investigations are undertaken.

In addition to the above, compliance control activities are also carried out by the internal control function within the frame of Article 18 of the Regulation on the Banks’ Internal Systems. In this frame, all of the past and planned activities of the Bank, as well as new products and transactions are controlled in terms of their compliance with the Law and other applicable legislation, internal policies and guidelines, and established banking practices. Furthermore, legislation issued or modified by the Bank is also reviewed within the scope of compliance controls and resulting opinions are shared with the related units.

Besides control activities, recommendation reports continued to be issued, which are aimed at improving the processes related to the activities carried out at the Bank by Internal Controllers and at prevention of possible risks. The objectives of this implementation are to prevent risks by identifying them in advance, improving processes so as to achieve alignment with the competitive environment and customer satisfaction, and taking cost-saving measures.

Besides the activities mentioned above that can be considered as basic duties, Internal Controllers are encouraged to take on administrative duties; along this line, 37 Internal Controllers were transferred to administrative positions during 2012, thus continuing to supply qualified human resource to the Bank’s administrative personnel. In addition, it was decided to hire 36 assistant internal controllers from outside the Bank to be trained to replace the internal controllers who have been transferred to administrative duties, and to sustain the dynamic nature of the internal controller staff.

In brief, internal control activities are being carried out in harmony with the Bank’s primary targets and strategies with respect to scope and implemented method. However, a proactive structure has been adopted to ensure immediate alignment with the changed strategy and conditions upon the altered risk perception and transition to the new service model. This proactive structure contributed to the execution of the Bank’s activities at a level above the industrial norms and in alignment with internal and external regulations, as well as competitive conditions.

OPERATION OF THE RISK MANAGEMENT SYSTEM

The fundamental approach to risk management activities carried out at the Bank is to achieve the best possible practices in risk management functions by inculcating a culture of risk-awareness throughout the Bank and by continuously improving both the system and the human resources. Maximum attention is given to ensuring that the risk management activities that take place are conducted with the coordinated participation of all units that are involved in every activity associated with each category of risk.

Risk management activities cover the main headings of credit risk, market risk, operational risk and balance sheet risks (interest rate risk arising from banking accounts and liquidity risk), and have the ultimate objective of achieving compliance with international best practices.

Under credit risk management activities, work is undertaken for defining, measuring, monitoring and reporting credit risk, employing methods that are in alignment with Basel II. In this context, legal reporting process started using the Basel II Standardized Method as of 01 July 2012. The amount at credit risk is reported to the BRSA monthly on a solo basis, and quarterly on a consolidated basis. Efforts are ongoing at the Bank for measuring creditworthiness in connection with advanced measurement methods. In this frame, work is being carried out on the outcomes of scoring models used for different loan portfolios. Validation is carried out using statistical methods to measure the accuracy and performance of these scoring models. Furthermore, credit risk limits that are approved by the Board of Directors are monitored, and work is in progress to conduct scenario analyses and stress testing for the non-performing loans ratio.

Under the operational risk management activities, operational risks are defined, classified, measured and analyzed. Operational risk loss database in Finart environment allows tracking incidents of operational risk. Risks arising from information technology and actions taken are followed up. An Operational Risk Map is being prepared for use in the Internal Control audit program for the purpose of establishing the risk levels of the Bank’s branches. In addition, risk exposure assessments are conducted for companies providing outsourced support services within the frame of the BRSA’s regulations in force.

Within the scope of market and balance sheet risk management activities, market risk, liquidity risk, and interest rate risk arising from banking accounts are measured, analyzed, limited, reported and monitored, and the analyses made are supported with stress tests.

For determining the shareholders’ equity amount that is aligned with the loss our Bank might sustain due to its risk exposure, capital adequacy assessment is made using the economic capital approach and the results are reported to the senior management.

Results of the analyses made under risk management activities and risk indicators are reported to the Board of Directors and our Committee at six-month intervals, and to executive units and internal system units at monthly, weekly and daily intervals.

The new operating period will see continued activities under all risk categories on the basis of internationally accepted advanced risk management techniques, as well as execution of these activities as an integral part of the Bank’s strategic decision-making processes.

                                              

               


Feyzi ÇUTUR
Member of the Audit Committee  

Muharrem KARSLI
Chairman of the Board of Directors
Member of the Audit Committee