One of the main goals of modern corporate governance approach is the good management of risks that institutions may be subject to. Risk Management System, therefore was established for this purpose in our institution.
Under the corporate governance approach, Risk Management Framework has been developed for the minimization or elimination of weaknesses and threats against our companies assets and processes. Based on our Risk Management Procedures, assessment of the potential threats and weaknesses that our institution may be subject to is performed, risk values are calculated and necessary risk management actions are conducted through an application software.
A value adding and efficiency enhancing internal audit system is maintained for our institution based on risk based internal auditing approach. With this system, it is provided that the internal audits are performed for each and every department in our institution and corrective and preventive actions have been taken for the issues spotted during these audits.
Our internal control system is analyzed annually by the help of an internal control system matrix developed based on an internal control system named COSO. With this matrix, internal control systems of each and every department are assessed in details and hence awareness of each department is increased.
In our institution, in addition to the existing data and information protection tools and systems, Data Loss PreventionSystem (DLP) was built to prevent especially the CDS records and other critical information from being transferred outside of our institution without being authorized and permitted.
A Performance Management System was established in our institution for the integration of performance and risk management systems. For this purpose, approximately 80 main performance indicators were developed and their risk levels were defined in compliance with four dimensions (financial, client, internal processes and labor force) based on Balanced Scorecard approach. With these indicators, it is made possible to either monitor the improvements on performance and risk levels daily and monthly, report situations in which tolerance and risk indicator levels are exceeded or take necessary corrective and preventive actions.
In compliance with the international frameworks, standards and practices like ISO, COBIT, PCI, ITIL and COSO, Information Security Awareness Trainings are given and potential risks are presented in examples to our employees for making them aware on the existing threats and weaknesses.
Hourly and daily “consistency checks” are performed for the CDS records under the scope of the legislation regulating our institution. Automated security reports that are running on the CDS and other applications are used in these control checks. Corrective and preventive actions are taken immediately right after an inconsistency is spotted in these reports.
On the other hand, in order to protect our institution against risks, following insurances are purchased for physical assets;Insurance against Damage, Insurance against Crime, Professional Liability Insurance and Managers Liability Insurance.