a qar application in turkey and sharing the experiences stefano perazzini
DESCRIPTION
A QAR Application in Turkey and Sharing the Experiences Stefano Perazzini. Özge Aşçıoğlu İstanbul 09/11/2007. AGENDA. Overview of UniCredit Overview of Yapı Kredi Bank Our Vision Why are companies interested in Quality of Internal Audit? Requirements of IIA What is QAR - PowerPoint PPT PresentationTRANSCRIPT
1
A QAR Application in Turkey and Sharing the Experiences
Stefano PerazziniÖzge Aşçıoğlu
İstanbul 09/11/2007
2
AGENDA
Overview of UniCredit Overview of Yapı Kredi Bank Our Vision Why are companies interested in Quality of Internal
Audit? Requirements of IIA What is QAR Internal and External Assessments Why Deloitte Work plan Phase 1 _ Quick Check Phase 2 _ Remediation (performed by KFS Internal Audit) Phase 3 _ Detailed Review by Deloitte Phase 4 _ Assessment and Benchmark with Best Practices Phase 5 _ Overall Conclusion and Final Report
3
UNICREDIT
UniCredit at a Glance
• UniCredit Group is one of the largest banking and financial services organisations in Europe with a network of 9,000 branches and strong local roots in 23 countries.Its international network is made of branches, representative offices and small banking subsidiaries in 50 countries worldwide.
• In Europe we are one of the leaders in terms of business size and we can leverage on a unique strategic positioning.The Group is, in fact, leader in one of the richest areas of Europe: Bavaria, Austria and Italy as well as in Central and Eastern Europe, an area featuring fast rates of economic growth and the fastest growth rates for banking revenues.
4
UNICREDIT
5
OVERVIEW OF YAPI KREDİ BANK
Yapı Kredi Bank at a Glance• One of the most dynamic and experienced institutions in Turkey
created from the successful legal merger on the 2nd of October 2006,
• With total assets of YTL47.8 billion (approx. USD34.7 billion) as of June 2007
• As per ownership structure, 80.2% of Yapı Kredi is controlled by Koç Financial Services A.Ş. (“KFS”) – the 50/50% joint venture between UniCredit and Koç Group
• the Bank serves its over 13 million customers through approx 650 branches throughout the country and various alternative distribution channels
• strong domestic presence including domestic financial subsidiaries; Yapı Kredi owns subsidiary banks in the Netherlands, Russia and Azerbaijan.
6
YKB ORGANIZATION CHART
LOGISTICS AND COST MANAGEMENT
LOGISTICS AND COST MANAGEMENT
INTERNAL CONTROLINTERNAL CONTROL
CORPORATE IDENTITY AND COMMUNICATION
CORPORATE IDENTITY AND COMMUNICATION
Board of DirectorsBoard of Directors
GMGM
LEGALLEGAL
COOCOO
OPERATIONSOPERATIONS ORGANIZATIONORGANIZATION
ALTERNATIVE DISTRIBUTION CHANNELS
ALTERNATIVE DISTRIBUTION CHANNELS
ITITHRHR
COMPLIANCE OFFICE
FINANCIAL PLANNING, ADMINISTRATION AND
CONTROL (CFO)
FINANCIAL PLANNING, ADMINISTRATION AND
CONTROL (CFO)CREDIT CARDS AND CONSUMER
LENDING
CREDIT CARDS AND CONSUMER
LENDING
CORPORATEBANKING
CORPORATEBANKINGRETAIL BANKINGRETAIL BANKING
PRIVATE BANKING AND
INTERNATIONAL
PRIVATE BANKING AND
INTERNATIONALTREASURYTREASURY
AUDIT COMMITTEE
CREDIT COMMITTEE
MANAGEMENT COMMITTEES
CREDIT MANAGEMENTCREDIT MANAGEMENT
INTERNAL AUDITINTERNAL AUDIT
RISK MANAGEMENT
RISK MANAGEMENT
COMMERCIAL BANKING
COMMERCIAL BANKING
7
INTERNAL AUDIT DEPARTMENT ORG CHART
BOARD OF DIRECTORS
Internal Audit Department
Standards, Methodologies and Support SectionAssistant
Strategic Planning and Audit Coordination Unit
Investigation Section
IT Audit
Credit Risk Audit Section
Market Risk Audit
Operational Risk Audit Section
External Audit Relations
Netw ork Audit Unit
Marmara Region Audit 1Section
Marmara Region Audit 2 Section
West and Southw est Region Audit Section
Central and Southeast Region Audit Section
Domestic and Foreign Subs Audit Unit
LEASING NETHERLAND N.V.
INVESTMENT AZERBAIJAN
FAKTORING MOSCOW
PORTFOLIO MGMNT INSURANCE
RETIREMENT
8
INTERNAL CONTROL UNIT ORG CHART
BOARD OF DIRECTORS
Internal Control BU
Fraud Prevention and Anti Money Laundering Section Remote Control Section
Credits
Credit Cards
Treasury
Financial and Administration Affairs
Branches and Operations
IT Controls
9
OUR VISION
Our vision is to become “A World Class” Internal Audit Function at KFS level in order to satisfy expectations coming from various stakeholders and counterparties: Audit Committee, Board of Directors, Top Management, Shareholders, Supervisory Bodies, External Auditors, etc.
10
WHY ARE COMPANIES INTERESTED IN QUALITY OF INTERNAL AUDIT?
• IIA Standards require companies to have an “independent” quality assessment every five years, effective since January 2002
– Increased responsibility of, and focus on, Audit Committees
– Audit Committee increasing their reliance on IA for regulatory requirements, risk management
– Increased focus on corporate governance and fraud prevention
• More focus on audit activities from executive management and regulators
11
REQUIREMENTS OF THE INSTITUTE OF INTERNAL AUDITORS
1310 Quality Program Assessments• The internal audit activity should adopt a process to monitor
and assess the overall effectiveness of the quality program. The process should include both internal and external assessments.
1311 Internal Assessment
• It should include ongoing reviews of the performance of internal audit activity and periodic reviews performed through self assessments or by other persons within the organization with the knowledge of internal auditing practices and the standards.
1312 External Assessment• “External assessments, such as quality assessment reviews,
should be conducted at least once every five years by a qualified, independent reviewer or review team from outside the organization.”
12
WHAT IS QAR
• A Quality Assurance Review (QAR) is a strategic
assessment of an internal audit function, including its infrastructure, staff experience, and performance relative to business goals, "best practices", and applicable standards.
• QAR evaluates compliance with the Standards, the internal audit activity and audit committee charters, the organization’s risk and control assessment, and the use of successful practices.
13
INTERNAL AND EXTERNAL ASSESSMENTS
Internal
Ongoing and Periodic
External
Full QAR
14
ONGOING
• CONTINUOUS MONITORING
• CAE SUPERVISION
• AUDITEES’ FEEDBACK
• AUDIT OF THE AUDIT PROCESS
• SELF-ASSESSMENT
• OTHER COMPETENT PERSONS
PERIODIC
INTERNAL ASSESSMENTS
15
• Certified Audit Professional • Well versed in the Standards
and leading practices• Reasonable experience at
management level• Results to be shared with the
Audit Committee and Top Management
• Non-reciprocal assessment
• Self-assessment with external validation
QUALIFIEDINDEPENDENT
REVIEWER
ALTERNATIVEMETHODS
EXTERNAL ASSESSMENTS
KFS Audit applied this External Assessment KFS Audit applied this External Assessment KFS Audit applied this External Assessment KFS Audit applied this External Assessment
16
PlanningHuman Resources Information Technology
Supporting Processes Production Processes
Vision, values, &strategic objectives
Vision, values, &strategic objectives
Constitution of a team of experts
Constitution of a team of experts
Electronic management system
of work files
Electronic management system
of work files
Mapping of company risks
Mapping of company risks
Collaboration with the audited entity
Collaboration with the audited entity
Structureand organisation
(Processes / Methods)
Structureand organisation
(Processes / Methods)RecruitmentRecruitment
Specific applications and technologies
Specific applications and technologies
Knowledge of internal audit clients
expectations
Knowledge of internal audit clients
expectations
Needs for expertise evaluation and
responses to main issues
Needs for expertise evaluation and
responses to main issues
Communication / Reporting to audited
entities
Communication / Reporting to audited
entities
Resource managementResource management Training and personal development
Training and personal development Internal audit planInternal audit plan
Follow upFollow up
Communication / Reporting to management
Communication / Reporting to management
Activity measurementActivity measurement Internal communication Work ProgramWork Program
Communication / Reporting to audit
committee
Communication / Reporting to audit
committee
Individual evaluations Tests and analysisTests and analysis
Communication with external auditors and other control entities
Communication with external auditors and other control entities
Work documentationWork documentation
Engagement supervision
Engagement supervision
Internal audit clients satisfaction
measurement
Internal audit clients satisfaction
measurement
Remuneration
Database of best practices
Information on objectives and
expectations for each mission
Information on objectives and
expectations for each mission
PerformanceCommunication
and reports
Coordination with external auditors and other control entities
Coordination with external auditors and other control entities
Resources assignment
Resources assignment
The elements in a shaded color frame appear in the IIA (Institute of Internal Auditors) professional standardsThe elements in a shaded color frame appear in the IIA (Institute of Internal Auditors) professional standards
THE STRUCTURAL ELEMENTS OF A QAR ON INTERNAL AUDIT FUNCTION
Activity organization and management
Need forimprovement
PerfectibleSatisfying Not applicableNeed forimprovement
PerfectibleSatisfying Not applicable Out of scope
17
WHY
• Deloitte has a sound background in performing Strategic Quality Assessment of Internal Audit activities for European and global companies. They have been providing the Internal Audit community with services to enhance its overall performance since they initiated their Internal Audit Services practice more than 20 years ago.
18
DELOITTE TEAM
JEAN-PIERRE GARITTE
Quality Assurance Partner
OKTAY AKTOLUN
Delivery Partner
EVREN ALTUNAY
Engagement Director
NACİYE KURTULUŞ
Assistant Manager
TUBA İNCİ
Manager
19
WORK PLAN
• Phase I / Quick Check - January 8th – January17th– High level review of risk assessment approach, Internal Audit
Charter and entire audit process is performed– Interview with one of the members of the Audit Committee– Results are discussed with Senior Management of the Internal
Audit Department
• Phase II / Remediation - January 17th –May 30th– Internal Audit Department based on the quick review results re-
designed process, improved documentation standards and initiated other improvement activities as necessary
• Phase III / Detailed Review - June 4th- July 14th– An in-depth review of the Internal Audit function is performed
and a representative sample of Internal Audit projects is tested– Specific survey formats for KFS are developed and results of
them are reviewed to address unique needs and objective of this project
20
WORK PLAN
• Phase IV / Assessment and Benchmark with Best Practices - June 4th- July 14th– Charter, mission statements, organizational structure, span
of controls, personnel credentials and education levels, training policies, performance appraisal process, and recruiting policies are reviewed
– Risk assessment, quality control, self auditing and follow up activities are analyzed
– Comparisons / benchmarking with leading practices on superior performance areas
• Phase V / Overall Conclusion and Final Report – July 15th - July 23rd– Main strengths and weaknesses are identified and gap
analysis between current situation and IIA standards is formalized
– Opportunities for improvement are identified and recommendations are issued
21
PHASE II REMEDIATION (PERFORMED BY KFS INTERNAL AUDIT)
• Based on the project timeline, approximately 20 volunteer auditors are involved in several sub-projects that were completed succesfully by the end of May, 2007.
22
PHASE III DETAILED REVIEW BY DELOITTE AND PHASE IV ASSESSMENT AND BENCHMARK WITH BEST PRACTICES
• Performed interviews including board members, audit committee members, top management, external auditors, corporate audit and internal auditors
• Conducted two separate surveys; one to clients (audit committee, board members and auditees) and the other to the internal audit staff.
• Examined working papers of selected sample audits• Reviewed Risk Assessments and Audit Plans• Reviewed IA Charter and regulation• Examined communication with auditees, Audit Committee,
external auditors and management• Reviewed electronic document management systems• Facilitated participation to web-based IIA Benchmark
questionnaire GAIN and analyzed the results• Examined KFS IA Dept based on Deloitte methodology that
describes processes and sub-processes according to the IIA standards.
23
PHASE V OVERALL CONCLUSION AND FINAL REPORT
• KFS Internal Audit generally conforms to the Standards for the Professional Practice of Internal Auditing prescribed by the Institute of Internal Auditors.
• Other possible results:– Does not confirm– Partially confirms
24
LIST OF ORGANISATION WITH COMPLETED EXTERNAL ASSESSMENTS
25
IN THE PRESS
26
PROJECT TEAM
THANK YOU FOR YOUR ATTENTION