INTERNAL AUDIT DEPARTMENT

Artificial Intelligence-Powered Technological Control and Fraud Models

IT Control Unit, and Finance and Business Units Audit Unit

In 2020, the Internal Audit Department completed the process and management statement audits in line with the audit plan approved by the Board of Directors. Management statement works and support service provider audits were conducted by the Department for the seventh time in 2020. In regard to the referenced efforts, KKB’s 2020 Management Statement Report and Management Statement Report Related to the Risk Center Operations Carried Out by KKB were prepared successfully. The reports were shared with the independent audit company and TBB Risk Center.

As part of the audit plan prepared with a risk-based methodology in 2020, an audit for the Critical Controls Regarding the Remote Working Period was carried out. The audit was completed by assessing the risks that the institution may be exposed to during the remote working period and making necessary analyses. The project for the renewal of Risk Center Practices management screens has ended after the completion of its 1st and 2nd phases. Necessary audits were carried out to ensure that the screens deployed at the end of the project work effectively. The Department completed the audit of 26 IT and business processes and one support service process (including System Security, Software Development Life Cycle, Demand, and Change Management, Continuity Management, Data Management, Performance and Capacity Management, and Operations Center processes) based on KKB’s service continuity and information security requirements. In addition, detailed reviews and audits were carried out in line with specific audit requests from the BRSA and various public institutions.

Using technology effectively in every aspect of its operations, the Internal Audit Department monitors findings, and actions through automatic reporting via the GRC system. Monitoring results are reported monthly to KKB and TBB Risk Center administrations.

Member Audit Analysis and Coordination Unit

The Risk Center Member Audit Tracking System, which has ensured centralized management of member audits since 2016, continued to serve all member organizations and independent audit companies via e-signature verification and two-factor identity authentication infrastructure.

As a result of analysis and evaluation studies made by the Unit, the risk performance of member organizations can be tracked. With the rising awareness, the maturity level in terms of the security, integrity, and authenticity of Risk Center data increased in the eyes of member organizations.

In 2020, the Internal Control Department performed risk analyses and previous period comparisons with respect to 30 audits conducted by independent audit firms at member institutions. The results of the audits were shared with the Risk Center administration.

In accordance with the circular published by TBB Risk Center in 2017, the Internal Control Department’s member inspection team conducted on-site studies in relation to risk analysis of six Risk Center member organizations in 2020. Besides, the Department developed an early warning system that analyzes the risk structures of members and end users according to various criteria based on an analytical model. A major part of the efforts to develop a system involving advanced technological solutions including artificial intelligence has been completed. The Unit supports the efforts to update the best practices guideline prepared in previous years to raise awareness in the sector while continuing with monitoring and steering activities to ensure compliance with the guideline.

In 2020, Findeks Web Service Data Security Analyses following a data-security-focused methodology were carried out at 15 Findeks member organizations.