PASHA BANK ENG 20

PASHA Bank’s internal audit, internal control, risk management and compliance departments assume the responsibility to report to the Board of Directors in compliance with the “Regulation on Internal Systems and Internal Capital Adequacy Assessment Process of Banks “as well as the provisions of the “Regulation on Program of Compliance with Obligations of Anti-Money Laundering of Proceeds of Crime and Combating the Financing of Terrorism, and conduct their activities in line with these regulations. The internal systems organization of the Bank consisting of Internal Audit, Internal Control, Compliance, and Risk Management Departments that operate in line with the BRSA and The Financial Crimes Investigation Board (MASAK) directives reports to the Board of Directors through the Audit Committee and the Risk Management Committee. Internal Audit Department The internal audit plan is prepared annually as of the end of previous year, taking into consideration the regulation amendments and the developments and changes in the Bank’s activities. Also in 2020, the internal audit plan was made in line with the risk assessment report and the results of the risk matrix and was put into effect by the Board of Directors’ approval following endorsement of Audit Committee. Audit activities in 2020 were realized for the operational areas specified in the audit plan which covers the effectiveness of the Bank’s internal control and risk management systems. During the year, the main activities of such internal systems departments were audited in accordance with these plans and were reported accordingly. The findings and report requests made during the Audit Committee meetings were forwarded to the relevant departments of the Bank through the Bank’s internal systems departments. Risk analysis studies for support service institutions were created in line with the views of the internal systems departments, and the periodic evaluation reports and audit reports issued on the relevant organizations were submitted to the Board of Directors. The Internal Audit Department, together with the Internal Control Department, has carried out during the year the audits underlying the Bank’s “Management Statement” within the scope of the Circular No. BSD 2010/3 dated 30 July 2010 of the Banking Regulation and Supervision Agency, and submitted its report first to the Audit Committee and then to the Board of Directors. In addition to the banking processes and information systems controls, the audit of the support service institutions was also carried out by the Internal Audit Department within the scope of the Management Statement study. Audit results were reviewed by the Audit Committee and the results were presented to the Board of Directors. The Internal Audit Department operates as a whole in the form of an inherent supervision and audit function with respect to the banking and information systems processes and risk management, internal control and compliance practices, and examines and audits units periodically on the basis of risk. It also assumes an objective and independent consulting function in terms of the management of all applications and processes of the bank in parallel with best practices. It provides Senior Management with assurance that the Bank’s operations are conducted in accordance with laws and other relevant legislation, as well as on such matters as the effectiveness and adequacy of the internal control and risk management systems. It provides opinions and proposals for effective and efficient use of bank resources. Internal Audit Unit performed all audits in accordance with the prescribed audit plan for 2020 and submitted 9 audit reports to the Board of Directors via the Audit Committee. Internal Control Department Internal Control Unit is responsible for securing and coordinating a healthy, competent and efficient internal control environment within the Bank, taking into consideration the evolving and changing nature of the Bank. Internal Control Unit assists the Bank in carrying out its activities efficiently, and effectively in line with the management strategy and policies and within the framework of current regulation and rules. Furthermore, it is supervised that all control activities within the Bank are carried out duly. Within the scope of the internal control model designed in accordance with three lines of defense principles, first level of controls were defined by business units considering their risks. Internal Control Department identified second level controls for all functions within a specified scope and sample. Control activities regularly performed by different departments for operations of Head Office business units were closely monitored and inspections were made to observe they are being performed timely, completely and accurately. Assessments of the Audit Committee on the Activities of Internal Systems Annual Report 2020 PASHA Bank Financial and Risk Management Review 95