The purpose of this chapter is to review internal audit and internal control functions in the banking industry by taking into account the international COSO framework. The financial industry is regarded as one of the key elements of a stable economy. It is a well-known fact that financial institutions in general—banks in particular (public or private, foreign or local)—need to have a sound internal system to implement the high principle of ‘maker-checker-supervisor-auditor'. The study examines the application of internal systems in the Turkish banking industry primarily and covers not only the theory, application, and legislative sides, but also organizational structure and development of audit and control activity in the banking sector.
TopIntroduction
The origins of the profession of internal audit date back to the beginning of 1900. Looking at the evolution of internal audit, it is observed that there exist 4 basic audit approaches historically: Control-based audit, process-based audit, risk-based audit and risk-management-based audit. The process from traditional internal audit to risk management-based internal audit has been affected by the changing needs of businesses, the effects of the globalization process on businesses, the technology-based changes experienced, and the changing internal and external environment and accounting-economy-based crises (Pehlivanlı, 2020:13).
Last 20 years witnessed the rise of off-site-audit and remote-audit (e-audit). Before internet and financial technologies became widespread, only onsite audits and control were applicable. However, rise in information technologies made great changes in business models and in return in internal audit / control functions.
The scope of this study is limited to internal audit and internal control activities in banks (and partly other financial institutions) in Turkey. Therefore, independent audit activities are out of scope of this study. Independent auditor examines the sectoral characteristics and sectoral regulations in which the client is operating; besides, he/she examines business accounting policies, business risks, and business internal control structure (Pehlivanlı, 2020:40).
The motivation of this study is attributable to two important factors: Firstly, it is important to note that internal systems of financial institutions have changed considerably after the year 2000 in line with the improvements in financial technologies and change in the style of business and operations in the World and Turkey. Secondly, it is significant to observe the very fact that these changes in the way of doing business and internal audit culture have repercussions on the effectiveness and efficiency of the financial (in particular, the banks) and non-financial industry.
The rest of the chapter is organized as follows: The first part covers general framework pertaining to internal control, internal audit and related literature. Application in banking industy is examined in the second part. The third part briefly analyses regulatory framework for banking particularly. The last part concludes the chapter.