The Internal Control Department is focused on guaranteeing the efficiency and effectiveness of operations in light of the type and nature of the activities undertaken by KKB. Accordingly, the Department is in charge of planning, implementing, and coordinating internal control activities including those related to information systems, business processes, financial reporting systems, and compliance with laws. Its responsibilities include evaluating the effectiveness of internal control systems and thus protecting KKB’s assets; implementing control activities efficiently, effectively, and in accordance with applicable laws, internal policies, and rules; ensuring the reliability and integrity of accounting and financial reporting systems as well as prompt availability of information; and developing internal control systems and internal control activities in a manner to eliminate and prevent risks.

The audit trails middleware structure, which was developed for the end-to-end interpretation and centralization of the audit trails of new products and critical infrastructures starting from 2017, paved the way for the Smart Control System pilot applications in 2020. As a result of this pilot study, which enabled the evaluation of automation and artificial intelligence algorithms’ positive impact on internal control activities, relevant activities are planned to be moved to this platform in 2021.

Information Systems Control Unit

Information Systems Control Unit executes control activities for the information systems processes within KKB pursuant to existing legislation and KKB’s internal procedures. The identified violations are recorded on the governance application; relevant action plans are regularly monitored. Additionally, the unit conducts verification studies within the institution in relation to the obligations of the ISO 27001, ISO 22301, ISO 20000, and ISO 14001 certifications.

Business Processes and Financial Control Unit

Business Processes and Financial Control Unit executes control activities related to all business and financial processes other than the information systems processes within the scope of applicable legislation and KKB procedures. Breaches and violations detected as a result of the control activities are managed by creating a finding and action plan on the governance application in use.