Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Project Management

Remediation (performed by KFS Internal Audit)

advertisement 
A QAR Application in Turkey and Sharing the
Experiences
Stefano Perazzini
Özge Aşçıoğlu
İstanbul 09/11/2007
1
AGENDA














Overview of UniCredit
Overview of Yapı Kredi Bank
Our Vision
Why are companies interested in Quality of Internal Audit?
Requirements of IIA
What is QAR
Internal and External Assessments
Why Deloitte
Work plan
Phase 1 _ Quick Check
Phase 2 _ Remediation (performed by KFS Internal Audit)
Phase 3 _ Detailed Review by Deloitte
Phase 4 _ Assessment and Benchmark with Best Practices
Phase 5 _ Overall Conclusion and Final Report
2
UNICREDIT
UniCredit at a Glance
• UniCredit Group is one of the largest banking and financial services
organisations in Europe with a network of 9,000 branches and strong
local roots in 23 countries.
Its international network is made of branches, representative offices
and small banking subsidiaries in 50 countries worldwide.
• In Europe we are one of the leaders in terms of business size and we
can leverage on a unique strategic positioning.
The Group is, in fact, leader in one of the richest areas of Europe:
Bavaria, Austria and Italy as well as in Central and Eastern Europe, an
area featuring fast rates of economic growth and the fastest growth
rates for banking revenues.
3
UNICREDIT
4
OVERVIEW OF YAPI KREDİ BANK
•
•
•
•
•
Yapı Kredi Bank at a Glance
One of the most dynamic and experienced institutions in Turkey
created from the successful legal merger on the 2nd of October
2006,
With total assets of YTL47.8 billion (approx. USD34.7 billion) as of June
2007
As per ownership structure, 80.2% of Yapı Kredi is controlled by Koç
Financial Services A.Ş. (“KFS”) – the 50/50% joint venture between
UniCredit and Koç Group
the Bank serves its over 13 million customers through approx 650
branches throughout the country and various alternative distribution
channels
strong domestic presence including domestic financial subsidiaries;
Yapı Kredi owns subsidiary banks in the Netherlands, Russia and
Azerbaijan.
5
YKB ORGANIZATION CHART
AUDIT COMMITTEE
CREDIT COMMITTEE
Board of
Directors
INTERNAL AUDIT
INTERNAL CONTROL
COMPLIANCE OFFICE
RISK
MANAGEMENT
GM
MANAGEMENT
COMMITTEES
COO
CORPORATE IDENTITY
AND COMMUNICATION
PRIVATE
BANKING AND
INTERNATIONAL
RETAIL BANKING
CREDIT CARDS
AND CONSUMER
LENDING
CORPORATE
BANKING
COMMERCIAL
BANKING
OPERATIONS
ORGANIZATION
ALTERNATIVE
DISTRIBUTION CHANNELS
FINANCIAL PLANNING,
ADMINISTRATION AND
CONTROL (CFO)
LEGAL
LOGISTICS AND COST
MANAGEMENT
HR
IT
TREASURY
CREDIT MANAGEMENT
6
INTERNAL AUDIT DEPARTMENT ORG CHART
BOARD OF DIRECTORS
Internal Audit Department
Assistant
Standards, Methodologies and Support Section
Strategic Planning and Audit Coordination Unit
Investigation Section
IT Audit
Credit Risk Audit Section
Netw ork Audit Unit
Marmara Region Audit 1Section
Domestic and Foreign Subs Audit Unit
LEASING
NETHERLAND N.V.
INVESTMENT
AZERBAIJAN
FAKTORING
MOSCOW
PORTFOLIO MGMNT
INSURANCE
Marmara Region Audit 2 Section
West and Southw est Region Audit Section
Market Risk Audit
Central and Southeast Region Audit Section
RETIREMENT
Operational Risk Audit Section
External Audit Relations
7
INTERNAL CONTROL UNIT ORG CHART
BOARD OF DIRECTORS
Internal Control BU
Fraud Prevention and Anti Money Laundering Section
Remote Control Section
Credits
Credit Cards
Treasury
Financial and Administration Affairs
Branches and Operations
IT Controls
8
OUR VISION
Our vision is to become “A World Class” Internal Audit Function
at KFS level in order to satisfy expectations coming from
various stakeholders and counterparties: Audit Committee,
Board of Directors, Top Management, Shareholders,
Supervisory Bodies, External Auditors, etc.
9
WHY ARE COMPANIES INTERESTED IN QUALITY OF
INTERNAL AUDIT?
• IIA Standards require companies to have an “independent” quality
assessment every five years, effective since January 2002
– Increased responsibility of, and focus on, Audit Committees
– Audit Committee increasing their reliance on IA for regulatory
requirements, risk management
– Increased focus on corporate governance and fraud prevention
• More focus on audit activities from executive management and
regulators
10
REQUIREMENTS OF THE INSTITUTE OF INTERNAL
AUDITORS
1310 Quality Program Assessments
• The internal audit activity should adopt a process to monitor and
assess the overall effectiveness of the quality program. The process
should include both internal and external assessments.
1311 Internal Assessment
• It should include ongoing reviews of the performance of internal audit
activity and periodic reviews performed through self assessments or
by other persons within the organization with the knowledge of
internal auditing practices and the standards.
1312 External Assessment
• “External assessments, such as quality assessment reviews, should be
conducted at least once every five years by a qualified, independent
reviewer or review team from outside the organization.”
11
WHAT IS QAR
• A Quality Assurance Review (QAR) is a strategic assessment of
an internal audit function, including its infrastructure, staff
experience, and performance relative to business goals, "best
practices", and applicable standards.
• QAR evaluates compliance with the Standards, the internal
audit activity and audit committee charters, the organization’s
risk and control assessment, and the use of successful
practices.
12
INTERNAL AND EXTERNAL ASSESSMENTS
External
Internal
Full QAR
Ongoing and Periodic
13
INTERNAL ASSESSMENTS
ONGOING
• CONTINUOUS
MONITORING
• CAE
SUPERVISION
• AUDITEES’
FEEDBACK
PERIODIC
• AUDIT OF THE AUDIT
PROCESS
• SELF-ASSESSMENT
• OTHER COMPETENT
PERSONS
14
EXTERNAL ASSESSMENTS
QUALIFIED
INDEPENDENT
REVIEWER
•
•
•
•
ALTERNATIVE
METHODS
Certified Audit Professional
Well versed in the Standards and
leading practices
Reasonable experience at
management level
Results to be shared with the Audit
Committee and Top Management
• Non-reciprocal assessment
• Self-assessment with
external validation
KFS Audit applied this External Assessment
15
THE STRUCTURAL ELEMENTS OF A QAR ON INTERNAL
AUDIT FUNCTION
Supporting Processes
Activity organization
Human Resources
and management
Production Processes
Information
Technology
Planning
Electronic
management system
of work files
Mapping of company
risks
Information on
objectives and
expectations for each
mission
Communication /
Reporting to audited
entities
Knowledge of
internal audit clients
expectations
Collaboration with
the audited entity
Communication /
Reporting to
management
Internal audit plan
Needs for expertise
evaluation and
responses to main
issues
Communication /
Reporting to audit
committee
Performance
Communication
and reports
Vision, values, &
strategic objectives
Constitution of a
team of experts
Structure
and organisation
(Processes / Methods)
Recruitment
Specific applications
and technologies
Resource management
Training and
personal development
Database of best
practices
Activity measurement
Internal communication
Coordination with
external auditors and
other control entities
Work Program
Communication with
external auditors and
other control entities
Individual evaluations
Resources
assignment
Tests and analysis
Internal audit clients
satisfaction
measurement
Remuneration
Satisfying
Satisfying
Perfectible
Perfectible
Need for
for
improvement
improvement
Not
Not applicable
applicable
Work documentation
Out of scope
16
The elements in a shaded color frame appear in the IIA (Institute of Internal Auditors) professional standards
Engagement
supervision
Follow up
WHY
• Deloitte has a sound background in performing Strategic
Quality Assessment of Internal Audit activities for European
and global companies. They have been providing the Internal
Audit community with services to enhance its overall
performance since they initiated their Internal Audit Services
practice more than 20 years ago.
17
DELOITTE TEAM
JEAN-PIERRE GARITTE
Quality Assurance Partner
OKTAY AKTOLUN
Delivery Partner
EVREN ALTUNAY
Engagement Director
NACİYE KURTULUŞ
TUBA İNCİ
Assistant Manager
Manager
18
WORK PLAN
• Phase I / Quick Check - January 8th – January17th
– High level review of risk assessment approach, Internal Audit
Charter and entire audit process is performed
– Interview with one of the members of the Audit Committee
– Results are discussed with Senior Management of the Internal Audit
Department
• Phase II / Remediation - January 17th –May 30th
– Internal Audit Department based on the quick review results redesigned process, improved documentation standards and
initiated other improvement activities as necessary
• Phase III / Detailed Review - June 4th- July 14th
– An in-depth review of the Internal Audit function is performed and
a representative sample of Internal Audit projects is tested
– Specific survey formats for KFS are developed and results of them
are reviewed to address unique needs and objective of this project
19
WORK PLAN
• Phase IV / Assessment and Benchmark with Best Practices - June 4thJuly 14th
– Charter, mission statements, organizational structure, span of
controls, personnel credentials and education levels, training
policies, performance appraisal process, and recruiting policies are
reviewed
– Risk assessment, quality control, self auditing and follow up activities
are analyzed
– Comparisons / benchmarking with leading practices on superior
performance areas
• Phase V / Overall Conclusion and Final Report – July 15th - July 23rd
– Main strengths and weaknesses are identified and gap analysis
between current situation and IIA standards is formalized
– Opportunities for improvement are identified and recommendations
are issued
20
PHASE II REMEDIATION (PERFORMED BY KFS INTERNAL
AUDIT)
• Based on the project timeline, approximately 20 volunteer auditors are
involved in several sub-projects that were completed succesfully by
the end of May, 2007.
21
PHASE III DETAILED REVIEW BY DELOITTE AND PHASE IV
ASSESSMENT AND BENCHMARK WITH BEST PRACTICES
• Performed interviews including board members, audit committee
members, top management, external auditors, corporate audit and
internal auditors
• Conducted two separate surveys; one to clients (audit committee,
board members and auditees) and the other to the internal audit
staff.
• Examined working papers of selected sample audits
• Reviewed Risk Assessments and Audit Plans
• Reviewed IA Charter and regulation
• Examined communication with auditees, Audit Committee, external
auditors and management
• Reviewed electronic document management systems
• Facilitated participation to web-based IIA Benchmark questionnaire
GAIN and analyzed the results
• Examined KFS IA Dept based on Deloitte methodology that describes
processes and sub-processes according to the IIA standards.
22
PHASE V OVERALL CONCLUSION AND FINAL REPORT
• KFS Internal Audit generally conforms to the
Standards for the Professional Practice of Internal
Auditing prescribed by the Institute of Internal
Auditors.
• Other possible results:
– Does not confirm
– Partially confirms
23
LIST OF ORGANISATION WITH COMPLETED EXTERNAL
ASSESSMENTS
24
IN THE PRESS
25
PROJECT TEAM
THANK YOU FOR YOUR ATTENTION
26
Related documents
Evolution of an Automated Internal Audit Management System
Evolution of an Automated Internal Audit Management System
Big Data As Complementary Audit Evidence
Big Data As Complementary Audit Evidence
Audit Poster - BSG Colonoscopy Audit
Audit Poster - BSG Colonoscopy Audit
Lutz Internal Audit Director 10 22 2015
Lutz Internal Audit Director 10 22 2015
LGFMA Presentation - Internal Audit Program Model
LGFMA Presentation - Internal Audit Program Model
Title: Audit
Title: Audit
CIS 349 – Information Technology Audit and Control
CIS 349 – Information Technology Audit and Control
Download
advertisement