OF THE OPERATIONS OF INTERNAL CONTROL, INTERNAL AUDIT AND RISK MANAGEMENT SYSTEM

The Audit Committee convened seven times in 2022 to oversee the effectiveness and adequacy of the Bank’s internal control, internal audit and risk management. All of the heads of internal systems units attended all meetings and informed the Committee on their activities. Furthermore, managers of other related departments of the Bank also attended the meetings upon the Committee’s invitation to discuss specific agenda items, when deemed necessary.

Via the reporting made throughout the year, the Committee oversaw the operation of accounting and reporting systems in line with the applicable regulations, and the integrity of the resulting information. The Audit Committee carried out the necessary preliminary assessments for the selection of external audit companies, rating companies, appraisal companies and support services providers by the Board of Directors and regularly monitored the activities of those companies.

The Committee informed the Board of Directors about the following activities of the internal systems units every six months:

• The Committee reviewed the results of continuous risk assessment of the Internal Audit Department, annual internal audit plans, quarterly prioritizations, and plan revisions. The Committee verified that the scopes of planned and conducted audits covered the Bank’s current and planned operations and resulting risks. The Committee reviewed conformity to the plans on a quarterly basis.
• Throughout the year, the Committee regularly received information about all critical and material findings covered in the audit reports, along with the action plans set and unmet deadlines. When needed, the Committee invited the responsible units to the meetings and closely monitored whether actions were taken for timely remedy of the findings.
• Via quarterly activity reports, the Committee reported to the Board of Directors its assessment of target achievement status of the audit plan, audit results, results of examinations and investigations, level and adequacy of the Committee members’ professional education, the outcomes of quality assurance activities, and other undecided and material issues.
• The Audit Committee reviewed the results of the Internal Control Unit’s activities and assessed whether these activities adequately covered the Bank’s processes within the frame of applicable legislation and internal policies. The Committee also examined the results attained by the Committees for which it acts as the secretary by way of routine controls and other activities covered in the Unit’s process examination procedure. The Internal Control Unit reported the material issues identified with controls to the Audit Committee throughout the year. The Unit also informed the Audit Committee about the quarterly activity reports presented to the Board of Directors. The Audit Committee monitored the measures taken by the relevant unit heads in relation to the activities and their adequacy.
• The Committee oversaw the results of the compliance activities carried out across the Bank and its subsidiaries through the Compliance Department’s reports and presentations, and ensured that material issues were submitted to the Bank’s senior management and/or Board of Directors. The Audit Committee was informed about the amendments made to the legal, regulatory or supervisory frameworks related to Compliance and Ethics, as well as their implications for the Bank and its subsidiaries. The Audit Committee also followed up the training and awareness raising programs on topics falling under the responsibility areas of the Compliance Department and the current progress of the training sessions within the scope of these programs. The Committee also monitored the key recommendations resulting from the tests conducted to verify the execution of risk mitigation measures and controls in terms of the management of compliance risks, and the current status of actions taken in relation to these recommendations.
• The Risk Management Department reviewed the risk appetite core metrics for capital adequacy, profitability, liquidity and funding, and metrics and limit thresholds by types of risks for monitoring and managing market, counterparty credit, structural interest rate, structural exchange rate, credit, liquidity and operational risks on consolidated and unconsolidated bases and submitted them for the approval of the Risk Management Committee, Risk Committee and the Board of Directors. It reported the realizations in relation to approved risk appetite core metrics and limits to the Audit Committee on a quarterly basis. The Department conducted stress tests and scenario analyses along with internal calculations on the basis of risk types within the frame of ICAAP (Internal Capital Adequacy Assessment Process) and stress test reports pursuant to the regulations published by the BRSA. It presented the validations performed for models and parameters used in ICAAP studies to the Audit Committee. The Department monitored compliance of the risk models used by the Bank with the internal ratings-based (IRB) approach, assessed their use by the Bank and submitted the credit risk models monitoring report drawn up accordingly to the Audit Committee. The Risk Management Department provided information about its activities and professional training and competencies of the employees through quarterly activity reports. It presented risk review reports on market, counterparty credit, structural exchange rate and interest rate, liquidity and non-financial risks to the Audit Committee. The Department followed up important regulatory changes and regulatory framework governing risk management and provided regular and continuous information flow to the Audit Committee.