Annual
Report
2021
Report
2021
IT Control Unit and Financial and Business Units Audit Unit
The Internal Audit Department successfully completed its 2021 process and management statement audits in accordance with the audit plan approved by the Board of Directors. In 2021, management statement work and support service provider audits were conducted for the eighth time by the Internal Audit Department. In regard to the referenced efforts, the 2021 KKB Management Statement Report and the Management Statement Report Related to the Risk Center Operations carried out by KKB were prepared and shared with the independent auditor and the TBB Risk Center.
As part of the audit plan prepared with a risk-based methodology in 2021, the Department completed the audit of two departments, six processes, 28 IT and business processes and one external service procurement in addition to three audits requested by the Risk Center. In addition, risks that the institution may be exposed to during the remote working period were evaluated and taken into account during the audits by conducting the necessary analysis. Again, within the scope of the Regulation on Banks’ Information Systems and Electronic Banking Services, the legislation catalog and related controls were updated, and studies were carried out to ensure relevant harmonization, especially with the provisions of electronic banking.
Based on KKB’s service continuity and information security requirements, audits on System Security, the Software Development Life Cycle, Demand and Change Management, Continuity Management, Data Management, Performance and Capacity Management and processes in the Operations Center were carried out periodically as in previous years. In addition, reports regarding Budget Reporting and Financial Affairs were prepared based on continuous checks throughout the year. As well as KKB and Risk Center Product Management and Development processes, other business processes were included in the nine business processes audited as business units.
Using technology effectively in every aspect of its operations, the Internal Audit Department monitors findings and actions with automatic reporting through the GRC system. The results of the monitoring are reported on a monthly basis to KKB and the TBB Risk Center administrations. In addition, the Department continues to carry out its audits effectively with the latest technologies, using the artificial intelligence models and robotic automation processes which it has established.
Member Audit Analysis and Coordination Unit
The Risk Center Member Audit Tracking System, which has ensured centralized management of member audits since 2016, continued to serve all member organizations and independent auditors through e-signature verification and two-factor identity authentication infrastructure.
As a result of analysis and evaluations conducted by the unit, it is possible to track the risk performance of member organizations. On the back rising awareness, the security, integrity, and authenticity of Risk Center data was seen as having a higher level of maturity in the eyes of member organizations.
In 2021, the Internal Control Department performed risk analysis and previous period comparisons with respect to 30 audits conducted by independent auditors at member institutions. The results of the audits were shared with the Risk Center administration and the relevant actions were followed.
In accordance with the circular published by the TBB Risk Center in 2017, the Internal Control Department’s member inspection team conducted on-site inspections at Risk Center member organizations based on risk analysis, and the early warning system, in which the risk structures of members and end users were analyzed in an analytical model, continued to operate based on various criteria. Models created using artificial intelligence are constantly undergoing improvement. We continue our work on the development of general member auditing standards in the sector and ensuring compliance with the legislation.
Within the scope of Findeks Webservice Data Security Analysis in 2021, studies were carried out on 18 different Findeks members with the methodology focused on data security.