260 likes | 292 Vues
A QAR Application in Turkey and Sharing the Experiences Stefano Perazzini. Özge Aşçıoğlu İstanbul 09/11/2007. AGENDA. Overview of UniCredit Overview of Yapı Kredi Bank Our Vision Why are companies interested in Quality of Internal Audit? Requirements of IIA What is QAR
E N D
A QAR Application in Turkey and Sharing the ExperiencesStefano Perazzini Özge Aşçıoğlu İstanbul 09/11/2007 1
AGENDA • Overview of UniCredit • Overview of Yapı Kredi Bank • Our Vision • Why are companies interested in Quality of Internal Audit? • Requirements of IIA • What is QAR • Internal and External Assessments • Why Deloitte • Work plan • Phase 1 _ Quick Check • Phase 2 _ Remediation (performed by KFS Internal Audit) • Phase 3 _ Detailed Review by Deloitte • Phase 4 _ Assessment and Benchmark with Best Practices • Phase 5 _ Overall Conclusion and Final Report 2
UNICREDIT UniCredit at a Glance • UniCredit Group is one of the largest banking and financial services organisations in Europe with a network of 9,000 branches and strong local roots in 23 countries. Its international network is made of branches, representative offices and small banking subsidiaries in 50 countries worldwide. • In Europe we are one of the leaders in terms of business size and we can leverage on a unique strategic positioning.The Group is, in fact, leader in one of the richest areas of Europe: Bavaria, Austria and Italy as well as in Central and Eastern Europe, an area featuring fast rates of economic growth and the fastest growth rates for banking revenues. 3
OVERVIEW OF YAPI KREDİ BANK Yapı Kredi Bank at a Glance • One of the most dynamic and experienced institutions in Turkey created from the successful legal merger on the 2nd of October 2006, • With total assets of YTL47.8 billion (approx. USD34.7 billion) as of June 2007 • As per ownership structure, 80.2% of Yapı Kredi is controlled by Koç Financial Services A.Ş. (“KFS”) – the 50/50% joint venture between UniCredit and Koç Group • the Bank serves its over 13 million customers through approx 650 branches throughout the country and various alternative distribution channels • strong domestic presence including domestic financial subsidiaries; Yapı Kredi owns subsidiary banks in the Netherlands,Russia and Azerbaijan. 5
YKB ORGANIZATION CHART Board of Directors AUDIT COMMITTEE CREDIT COMMITTEE INTERNAL AUDIT INTERNAL CONTROL COMPLIANCE OFFICE RISK MANAGEMENT GM COO MANAGEMENT COMMITTEES CORPORATE IDENTITY AND COMMUNICATION OPERATIONS ORGANIZATION ALTERNATIVE DISTRIBUTION CHANNELS FINANCIAL PLANNING, ADMINISTRATION AND CONTROL (CFO) RETAIL BANKING PRIVATE BANKING AND INTERNATIONAL CREDIT CARDS AND CONSUMER LENDING CORPORATE BANKING COMMERCIAL BANKING TREASURY LEGAL LOGISTICS AND COST MANAGEMENT HR IT CREDIT MANAGEMENT 6
OUR VISION Our vision is to become “A World Class” Internal Audit Function at KFS level in order to satisfy expectations coming from various stakeholders and counterparties: Audit Committee, Board of Directors, Top Management, Shareholders, Supervisory Bodies, External Auditors, etc. 9
WHY ARE COMPANIES INTERESTED IN QUALITY OF INTERNAL AUDIT? • IIA Standards require companies to have an “independent” quality assessment every five years, effective since January 2002 • Increased responsibility of, and focus on, Audit Committees • Audit Committee increasing their reliance on IA for regulatory requirements, risk management • Increased focus on corporate governance and fraud prevention • More focus on audit activities from executive management and regulators 10
REQUIREMENTS OF THE INSTITUTE OF INTERNAL AUDITORS 1310 Quality Program Assessments • The internal audit activity should adopt a process to monitor and assess the overall effectiveness of the quality program. The process should include both internal and external assessments. 1311 Internal Assessment • It should include ongoing reviews of the performance of internal audit activity and periodic reviews performed through self assessments or by other persons within the organization with the knowledge of internal auditing practices and the standards. 1312 External Assessment • “External assessments, such as quality assessment reviews, should be conducted at least once every five years by a qualified, independent reviewer or review team from outside the organization.” 11
WHAT IS QAR • A Quality Assurance Review (QAR) is a strategic assessment of an internal audit function, including its infrastructure, staff experience, and performance relative to business goals, "best practices", and applicable standards. • QAR evaluates compliance with the Standards, the internal audit activity and audit committee charters, the organization’s risk and control assessment, and the use of successful practices. 12
INTERNAL AND EXTERNAL ASSESSMENTS External Full QAR Internal Ongoing and Periodic 13
ONGOING PERIODIC INTERNAL ASSESSMENTS • CONTINUOUS MONITORING • CAE SUPERVISION • AUDITEES’ FEEDBACK • AUDIT OF THE AUDIT PROCESS • SELF-ASSESSMENT • OTHER COMPETENT PERSONS 14
QUALIFIED INDEPENDENT REVIEWER ALTERNATIVE METHODS EXTERNAL ASSESSMENTS • Certified Audit Professional • Well versed in the Standards and leading practices • Reasonable experience at management level • Results to be shared with the Audit Committee and Top Management • Non-reciprocal assessment • Self-assessment with external validation KFS Audit applied this External Assessment 15
Out of scope THE STRUCTURAL ELEMENTS OF A QAR ON INTERNAL AUDIT FUNCTION Supporting Processes Production Processes Human Resources Information Technology Planning Performance Communication and reports Activity organization and management Vision, values, & strategic objectives Constitution of a team of experts Electronic management system of work files Mapping of company risks Information on objectives and expectations for each mission Communication / Reporting to audited entities Communication / Reporting to management Structure and organisation (Processes / Methods) Recruitment Specific applications and technologies Knowledge of internal audit clients expectations Collaboration with the audited entity Resource management Training and personal development Database of best practices Internal audit plan Communication / Reporting to audit committee Needs for expertise evaluation and responses to main issues Communication with external auditors and other control entities Coordination with external auditors and other control entities Activity measurement Internal communication Work Program Resources assignment Internal audit clients satisfaction measurement Individual evaluations Tests and analysis Remuneration Work documentation Engagement supervision Need for Need for Satisfying Satisfying Perfectible Perfectible Not applicable Not applicable improvement improvement 16 Follow up The elements in a shaded color frame appear in the IIA (Institute of Internal Auditors) professional standards
WHY • Deloitte has a sound background in performing Strategic Quality Assessment of Internal Audit activities for European and global companies. They have been providing the Internal Audit community with services to enhance its overall performance since they initiated their Internal Audit Services practice more than 20 years ago. 17
WORK PLAN • Phase I / Quick Check - January 8th – January17th • High level review of risk assessment approach, Internal Audit Charter and entire audit process is performed • Interview with one of the members of the Audit Committee • Results are discussed with Senior Management of the Internal Audit Department • Phase II / Remediation - January 17th –May 30th • Internal Audit Department based on the quick review results re-designed process, improved documentation standards and initiated other improvement activities as necessary • Phase III / Detailed Review - June 4th- July 14th • An in-depth review of the Internal Audit function is performed and a representative sample of Internal Audit projects is tested • Specific survey formats for KFS are developed and results of them are reviewed to address unique needs and objective of this project 19
WORK PLAN • Phase IV / Assessment and Benchmark with Best Practices - June 4th- July 14th • Charter, mission statements, organizational structure, span of controls, personnel credentials and education levels, training policies, performance appraisal process, and recruiting policies are reviewed • Risk assessment, quality control, self auditing and follow up activities are analyzed • Comparisons / benchmarking with leading practices on superior performance areas • Phase V / Overall Conclusion and Final Report – July 15th - July 23rd • Main strengths and weaknesses are identified and gap analysis between current situation and IIA standards is formalized • Opportunities for improvement are identified and recommendations are issued 20
PHASE II REMEDIATION (PERFORMED BY KFS INTERNAL AUDIT) • Based on the project timeline, approximately 20 volunteer auditors are involved in several sub-projects that were completed succesfully by the end of May, 2007. 21
PHASE III DETAILED REVIEW BY DELOITTEAND PHASE IVASSESSMENT AND BENCHMARK WITH BEST PRACTICES • Performed interviews including board members, audit committee members, top management, external auditors, corporate audit and internal auditors • Conducted two separate surveys; one to clients (audit committee, board members and auditees) and the other to the internal audit staff. • Examined working papers of selected sample audits • Reviewed Risk Assessments and Audit Plans • Reviewed IA Charter and regulation • Examined communication with auditees, Audit Committee, external auditors and management • Reviewed electronic document management systems • Facilitated participation to web-based IIA Benchmark questionnaire GAIN and analyzed the results • Examined KFS IA Dept based on Deloitte methodology that describes processes and sub-processes according to the IIA standards. 22
PHASE V OVERALL CONCLUSION AND FINAL REPORT • KFS Internal Audit generally conforms to the Standards for the Professional Practice of Internal Auditing prescribed by the Institute of Internal Auditors. • Other possible results: • Does not confirm • Partially confirms 23
IN THE PRESS 25
PROJECT TEAM THANK YOU FOR YOUR ATTENTION 26