Establishment of the Company’s Internal Control Structure

Internal Control ensures that a healthy internal control environment is established and coordinated within the Company, and that the company’s activities are carried out regularly, efficiently and effectively in accordance with the management strategy and policies, within the framework of current legislation and rules.

Your company may have established an existing internal control system due to legal regulations, but this does not mean that the system is working effectively. An ineffective internal control structure carries with it many operational risks and the possibility of loss.

In this context, if there are infrastructures for functional separation of duties, sharing of authority and responsibilities, establishment of a reconciliation order, placing auto-control and systemic controls in processes, and defining and monitoring the risks exposed, deficiencies will be eliminated and if not, it will be designed. It will be ensured that inspection activities are carried out at the center and on-site with control methods for the risks determined by the Internal Control personnel with a risk-oriented working approach. In addition to this, efforts to ensure emergency management and business continuity will be carried out within the scope of this project. The controls of the central controls and sales places will be carried out according to the determined control points and control report forms. The controls will be divided into five scopes;

Compliance Checks

  • It will be ensured that control mechanisms and control points are established by considering the risk and cost aspects of the transactions carried out in the company.

Authorization and Approval Controls

Consensus Checks

  • Control points for end-of-day reconciliation will be established in monetary relations between the Company’s own branches and other payment institutions (including banks).

Abusive Controls

  • Abuse scenarios will be created at the center, heap data will be drawn, scenarios will be implemented and risky transactions will be determined.


  • Investigations will be organized for issues such as risky transactions and erroneous operations that occur during the sales process or during the controls made from the center.

Control Reports

  • In order to strengthen the internal control environment in the sales places, control reports will be sent to the managers on a daily, weekly or monthly basis by the internal control personnel. It is aimed to assist in risk management by sending reports such as loans extended the previous day, loans that will expire risk-limit, loans that cannot be collected.

Compliance of internal control activities with legal and internal regulations, practices and ethical rules will also be audited and presented as a GAP analysis. In this context, the road map will be notified to the company for the elimination of deficiencies.

An application will be included in the project that will be developed for internal control as an additional service. The workflow designs of the application below will be prepared and made ready for the software if desired.

  • Member workplace/sales place vs. audit planning
  • Headquarters Unit audit planning
  • Information systems audit planning
  • Process control plans
  • Accounting audit planning
  • Audit planning of other activities
  • Notifying and scheduling upcoming inspections
  • Receiving target realization reports

It is assumed that the control process will be completed as follows.

  • Automatic and manual finding creation
  • Transfer of findings not resolved from the previous check
  • Creating the Control Report and Evaluation Chart, assigning and responding to the person at the relevant unit
  • Response of the Unit Manager to the member workplace/sales place
  • Creation of Unit Information Summary, (English Executive Summary if requested) Forms
  • Investigation final checks and finding closure
  • Top authority reporting process

Developing/Improving the Company’s Risk Management Unit Activities

An ideal risk management unit and system will be established by compiling from the best practices in the industry. Through this system;

  • Risk management policies, procedures and application procedures will be prepared.
  • Studies will be conducted to measure quantifiable risks using statistical models.
  • The necessary warning infrastructure will be prepared by evaluating the results of risk measurements.
  • Compliance with the “Company Risk Limits” will be monitored, reports and necessary notifications will be made in case of excess.
  • Scenario analysis and stress tests will be carried out
  • Legal reports on risk management will be made
  • Rating/Skoring models will be developed for creditor customers, and models will be monitored and verified.
  • Developments in legal and international regulations and best practices will be followed.
  • Support and consultancy services will be provided to the Board of Directors and senior management in order to create added value for the company.