58
Report of the Audit Committee on Internal
Systems of the Bank
Pursuant to the framework of the Regulation on the Internal
Systems of Banks, the Audit Committee was established by
the Bank’s Board of Directors to execute the auditing and
monitoring functions of the Board. The Director of Internal
Systems, appointed by the Board of Directors, coordinates
the Internal Systems Departments in accordance with the
requirements of the Banking Law, Internal Systems Regulation,
and other relevant rules and regulations, and works under
the supervision of the Bank Audit Committee. Although the
functions, duties and responsibilities related to internal auditing
are wholly separate from those related to internal control and
risk management within the Bank, the Inspection Council,
the Internal Control Department and the Risk Management
Department all work in conjunction with one other.
The primary objective of A&T Bank’s internal systems policies
is to increase shareholder value by balancing risk and return
in banking activities. Internal auditing and risk management
activities must start before, rather than after, risks are assumed.
The Audit Committee believes in the necessity of building and
operating an efficient and sufficient internal systems structure
appropriate for the Bank’s activities and characteristics
under ever-changing conditions. Accordingly, A&T Bank has
established the systems required for a strong and controlled
expansion.
The global economic crisis has revealed various application
errors in internal auditing and risk management; and have
put the importance of effective risk management and internal
auditing into sharp focus.
The Inspection Council and the Internal Control Department
plan and execute their activities with a risk-based approach that
focuses on minimizing operational risk as well as conforming
the Bank’s activities to both internal rules and external
legislation, all while increasing efficiency and service quality.
Reports on audit results are delivered to relevant executives in
a timely manner to ensure that any weaknesses are eliminated
without delay.
The Inspection Council and the Internal Control Department
continued their activities apace in 2013. The “Self-Assessment
Application,” implemented in 2010 to raise awareness of
internal controls among head office departments’ staff and
branch personnel while improving efficiency and effectiveness
in internal auditing functions, has continued its operation in
2013.
In addition to standard audits carried out every year, A&T Bank
has also prioritized its business processes; to this end, the
Bank conducts “Business Processes Risk Analyses” within the
framework of the “Management Declaration” and carries out
process and information systems audits.
A&T Bank has also focused on establishing an effective
information security framework. The Bank continued its daily
monitoring efforts in order to identify user activities carried out
during the previous work day, report any unusual activities and
take timely measures as required.
The Risk Management Department is responsible for analyzing,
identifying, measuring, monitoring, reporting and controlling
risks. It also establishes and applies risk management policies,
guidelines and rules in compliance with principles approved
by the Board of Directors. Risk analysis reports related to
credit, market and operational risks are submitted to the Audit
Committee, Senior Management and the Board of Directors on
a monthly basis to be evaluated and taken into consideration
during the decision-making process.