In May 2006, the Banking Regulation and Supervision Agency of Turkey (BRSA) mandated that all banks operating in Turkey must adopt COBIT’s best practices when managing IT-related processes. COBIT was the selected framework because its control objectives are internationally recognized and considered to be effective at controlling IT-related processes. Upon this adoption, many organizations soon realized that the use of COBIT provided many additional benefits, including more controlled IT processes that are integrated with business processes.
Besides the use of COBIT the Banking Regulation and Supervision Agency of Turkey (BRSA) mandated that all banks must comply wıth Basel II Regulatıons and document their banking processes. Here are some of the articles of the Banking Law No. 5411 that makes the ARIS Solution 'the solution':
Internal control system
Article 30- Within the scope of internal control system, banks shall (i) ensure the execution of their activities in compliance with the legislation, internal regulations and baking ethics; (ii) secure the integrity and reliability of accounting and reporting systems and timely accessibility of information through continuous control activities to be complied with and performed by the personnel at any level; (iii) ensure the functional distribution of the duties and the sharing of powers and responsibilities the fund payments, the reconciliation of bank’s transactions, protection of assets and control of liabilities; (iv) identify and evaluate any risk encountered and prepare the infrastructure required for managing such risks; and (v) establish an adequate information exchange network. Internal control activities shall be carried out by the internal control department and the internal control personnel to work under the board of directors.
Risk management system
Article 31- Within the scope of risk management system, banks shall establish, implement and report risk policies within the framework of the principles set by the Board. Risk management activities shall be performed by the risk management department and personnel to work under the board of directors.
Internal audit system
Article 32-Banks shall establish internal audit systems that involve all their units, branches and undertakings subject to consolidation. In this context, bank auditors shall investigate the conformity of the banking activities to the legislation, articles of association, internal regulations and banking principles.
We are working around the clock to market ARIS GRC solution. If you have any ideas, or any experiences you would like to share in regards to GRC in banking industry we would like to hear.
Kindest Regards,
Serter Baltaci
