A RESEARCH ON THE INTERNAL CONTROL COMPLIANCE ACTION PLANS CREATED BY THE MUNICIPALITIES IN TURKEY IN ACCORDANCE WITH COSO MODEL TÜRKİYE’DE BELEDİYELERİN COSO MODELİ UYARINCA OLUŞTURDUKLARI İÇ KONTROL UYUM EYLEM PLANLARI ÜZERİNE BİR ARAŞTIRMA

Within the scope of the study, firstly, conceptual explanations related to the internal control structure, COSO and internal control action plans are made. Afterwards, regarding the research part of the study, population and sample of it is presented. While the population consists of metropolitan municipalities working in the Turkish local government system, the sample consists of metropolitan municipalities that publish internal control compliance action plans on their websites. In this context, while the number of the population is 30, the number of the sample is 16 and the sample representation rate of the population is 53%. Within the scope of the research, the internal control compliance action plans of the municipalities are examined in detail and what actions they take in accordance with the standards are determined on 1264 actions specified in the reports. According to the data obtained as a result of the study, it is observed that the municipalities have developed internal control compliance action plans with standard content in accordance with laws and regulations and planned actions in 79 sub-components. It is concluded that these actions are compatible among municipalities and comply with internal control standards.


INTRODUCTION
The Turkish public administration system has a structure that adopts improving itself at varying speeds in line with global developments. Both in the Ottoman Empire period and during the Republican era and afterwards, public administration understanding has experienced and is experiencing significant changes in various fields according to the interests of the changing governments. It is noteworthy that with the 2000s, the strategic management approach gained importance in the Turkish public administration system in parallel with the world. In this context, Public Finance Management and Control Law No. 5018, adopted in 2003, has been adopted to systematize public financial management in the Turkish public administration system (Kamu Mali Yönetimi, 2003). In order to make financial management systematic, concrete reports such as strategic plan, annual report, performance criteria have been transformed into a mandatory practice by public administrations. In addition to these practices, which reveal the strategic management approach, in the process, the way of developing the internal control application in the public administration system has been opened.
The internal control application is still at a level which has recently been learned, studied and implemented in the Turkish public administration system. Although the Public Internal Control Standards Communiqué was published in 2007, the implementation of internal control applications in the public administration is becoming concrete today (COSO, 2013). Within this scope, institutions are expected to develop Action Plans for Compliance with Public Internal Control Standards. These internal control action plans are developed in accordance with the COSO Model.
The field examined by this study on the subject is to make an assessment on the internal control action plans of the municipalities, which are the most prominent local administration with their authority, budgets and personnel structures in the Turkish local administration system. In accordance with 123, 126 ve 127th articles of the Constitution of the Republic of Turkey, there is a public administration structure in the form of central and local administration in Turkey. In addition, local governments have been established to provide local joint services (The Constitution of the, 1982). If we descend further regarding the issue, in Turkey, municipalities are the most prominent ones among local governments operating within the regionalism. Therefore, in Turkey, the management of municipalities which perform many local quality services with a professional and strategic understanding directly affects the quality of the services that the cities will receive. Based on this fact, it is aimed to conduct an investigation on the internal control action plans put forward by the municipalities in the study.
In the study, the questions for which answers are sought to analyze the internal control action plans of the municipalities are as follows; 1. Based on which models and regulations are internal control action plans prepared by the municipalities? 2. What are the similarities and differences between the internal control action plans prepared by different municipalities? 3. What kind of actions are planned according to the control components in the internal control action plans prepared by the municipalities?

COSO INTERNAL CONTROL MODEL, GENERAL INFORMATION
Standardization is a long-standing managerial tool for creating a target and added value for both private and public institutions. The presence of standard applications allows for comparison, measurement and intervention when necessary. In this context, the motivation of protecting the business assets, obtaining and sharing reliable information, establishing effective and productive activities in private organizations or in general profit-making enterprises has started to be achieved through the implementation of internal control management plans. Enterprises participating in this mechanism or implementing it at certain stages have been able to track their activities in the short term, maintain their assets in the medium term and create added value thanks to the formation of accurate -reliable information in the long term.
Süleyman Demirel Üniversitesi Vizyoner Dergisi, Yıl: 2020, Cilt: 11, Sayı: 28, 753-769 ISSN: 1308-9552 Süleyman Demirel University Visionary Journal, Year: 2020 Especially, the increase in technological interaction has accelerated mobility and increased the demands of people. These demands are not only for the private sector but also start to revert to the public sector. People have started to expect different services from public authorities and insistently followed up on these issues. At this stage, the internal control application comes first among the administrative tools which come to the rescue of public authorities. There are principles published by different institutions in different versions regarding the application of internal control. These applications have been revised depending on various needs and demands or new models have been introduced. When the internal control models developed from 1990s to the present are examined, it is seen that Anglo-Saxon countries are approaching the subject from a wide perspective (Türedi, Koban and Karakaya, 2015: 96).
In particular, the USA, Canada and the UK have carried out various studies within the scope of internal control models. However, COSO model has become the most accepted and widely used regulation among these regulations. COSO is an organization name that makes arrangements within the scope of internal control applications. Due to the accounting scandals that appeared in the early 1980s, Fraudulent Financial Reporting Commission (commonly known as the Treadway Commission) established COSO, which is still active today (Karakaya, 2016: 160). According to the findings of the Treadway Commission, the most efficient way to prevent financial scandals is through the establishment of a unique internal control structure of the enterprises. Within this scope, COSO has not only been limited to producing an internal control model, but has also introduced corporate risk management regulations, which are widely accepted. This model, which has been developed as a result of the commission studies, has started to be called the COSO Internal control model (Singleton and Singleton, 2010: 9). The 5 independent organizations that established COSO are listed below. After this development, in 1992, AICPA (The American Institute of Certified Public Accountants) started to adapt to the COSO Model with the regulation numbered SAS 78 (Statement on Auditing Standard) (SAS 78 Consideration of Internal Control in a Financial Statement Audit). All these developments allowed the COSO model to be recognized and accepted on a wider basis. Ultimately, COSO has taken its current form as a uniform application model for the internal control structure (Karakaya, 2016: 161). Today, the 2013 version of the COSO internal control model is used as the current version. A new revision or update has not yet been introduced. It is possible to bring more than one comment and definition regarding the COSO internal control model. However, it would be appropriate to convey COSO's own definition in order to ensure that the subject remains within its limits and to provide the most general framework. Namely, internal control is a large structure which is influenced by the management board, top management and other employees of a business and provides a reasonable assurance that the basic objectives of the business are met (COSO, 2013).
Since internal control doctrines and principles are originally designed for businesses, this scope is preferred in the main concepts included in the definition. All concepts included in the definition may be modified or revised due to the expanding internal control model applications. For instance, instead of the "board of management" of a public institution, the concept of "top administrative managers" may be replaced. Regarding the general acceptance of the COSO internal control model and its use by various institutions, INTOSAI, known as The International Organization of Supreme Audit Institutions (International Court of Accounts Association), has set up the internal control standards which it has developed to be implemented in the public administration, based on the components of the COSO model (COSO, 2013).
The main issue to be maintained here is that the internal control model will add value to the organization and provide a reasonable assurance service in certain aspects. Another definition to be conveyed at this point will be the definition of the International Institute of Internal Auditors. According to the definition of the International Institute of Internal Auditors (IIA), internal control is "Control, management, the precautions / measures taken by the supervisory board and other eligible units in order to manage and identify risks and increase the probability of achieving goals and objectives. Management plans, organizes and directs adequate measures to be taken to provide Süleyman Demirel Üniversitesi Vizyoner Dergisi, Yıl: 2020, Cilt: 11, Sayı: 28, 753-769 ISSN: 1308-9552 Süleyman Demirel University Visionary Journal, Year: 2020 a reasonable assurance for achieving goals and objectives (TİDE, 2004: 27). The objectives of the internal control structure established in the institutions on the subject are summarized as follows (Holmes and Overmyner, 1975: 126).
 Protection of assets,  Protection against unsuitable expenses,  Protection against inappropriate resources and debts,  Ensuring the reliability and accuracy of business and financial activities,  Ensuring the effectiveness of the institution,  Ensuring and measuring the organization's commitment to established policies In particular, the perspective brought by the COSO model is that different responsibility units have been created from different sources regarding internal control applications. Although these units may vary by institution, they are generally expressed as follows (COSO, 2004); According to the COSO approach, the elements (components) of the internal control structure are as follows and the details are described below as items;  Control environment,  Risk Assessment,  Control Activities,  Information and Communication,  Monitoring.

Control Environment
The control environment component is expressed as the most basic component of the COSO internal control model. In general, it can be defined as the internal environment in which the internal control application will be applied. In this respect, the control environment consists of business management and employees' behaviours and attitudes towards the internal control structure, management principles, organizational structure of the business, procedures and personnel policies to be followed in granting powers and responsibilities (Türedi, et al., 2015: 100).
The control environment is the attitude and behavior of the management, board of management and inspectorate regarding the importance of internal control. The control environment provides the structure and discipline necessary for the realization of the main objectives of the internal control structure. The control environment consists of the following elements (TİDE, 2004: 28); The principles of control environment suitable for COSO Internal Control structure can be listed as follows (COSO, 2013);Süleyman Demirel Üniversitesi Vizyoner Dergisi, Yıl: 2020, Cilt: 11, Sayı: 28, 753-769 ISSN: 1308-9552 Süleyman Demirel University Visionary Journal, Year: 2020  Honesty and commitment to moral values,  The manner of work of management and its philosophy,  Authority and responsibility,  Business structure,  Policies and Practices of Human Resources,  Responsibility for supervision of the internal control system by the board of management.
It may be useful to point out the following matter regarding the control environment; in businesses with an effective internal control environment, practitioners' / employees' being qualified, being honest, acting in accordance with professional ethics and understanding the importance of the control environment is a supportive factor.

Risk Assessment
In general terms, risk can be defined as the event(s) which will adversely affect businesses in the process of reaching their goals (COSO, 2013).
When examining / analyzing the risk assessment process of the business, the independent auditor determining the risk within the institution determines how business management identifies risks related to the preparation of financial statements, how it estimates the importance of the risk, how it predicts the probability of the risks, and how and what decisions it takes to manage risks (SPK, 2011).
The risk assessment which comes after the determination of the risk allows the examination of the events (risks) that may affect the objectives of an enterprise. Business management deals with the possible risks which may occur in terms of their probability of occurrence and effects. In the risk assessment process, both methods searching qualities (feature) and numerical methods are generally used.
According to COSO, the principles for risk assessment are as follows (COSO, 2013);  Objective / Goal Setting  Identification of risks, Analysis of the level of risk  Assessing the risk of cheating in achieving goals  Identification and evaluation of changes in risks which will affect the internal control structure

Control Activities
In general terms, control activities are policies and methods created and implemented to meet current or potential risks and to achieve business objectives (Karakaya, 2016:163).

Information and Communication
In the implementation of the COSO Internal control model, the information and communication component is of great importance in obtaining the correct information and transferring it to those concerned. Various elements such Süleyman Demirel Üniversitesi Vizyoner Dergisi, Yıl: 2020, Cilt: 11, Sayı: 28, 753-769 ISSN: 1308-9552 Süleyman Demirel University Visionary Journal, Year: 2020 as fast communication, fast data and information transfer, fast adaptation brought by the information age are at the focal point of all management models. Information and communication systems enable the transfer of targets, risks to the targets and control activities to all officials within the control environment in a timely and appropriate manner. Control reports required by the board of management or top management can also be obtained through the information communication component (Karakaya, 2016:164).
Information and communication principles suitable for COSO Internal Control structure can be listed as follows (COSO, 2013);  Acquisition / creation and evaluation of information  Intrabusiness information communication processes  Outside business information communication processes

Monitoring/Observation
Monitoring is the stage where both the effective and productive progress of the internal control structure in its internal processes and the impact of the organization on the value added processes are monitored and observed. At this stage, the whole process can be reviewed and possible interventions can be allowed.
Issues such as whether the activities of the company are carried out in line with the objectives in accordance with the mission, whether the necessary controls are envisaged within the framework of risk management principles, whether these controls are applied, whether the communication is clear and sufficient or not is determined and evaluated (BÜMKO: 2014).
In this context, whether the internal control structure is working effectively and as planned is monitored by effective and continuous internal audit studies. Internal audit reports, including the effectiveness, deficiencies and weaknesses of internal control, and the recommendations of the auditor to prevent identified setbacks, are presented to top management. Thus, top management can eliminate the disadvantages / weaknesses of the internal control structure by implementing the measures related to the determined deficiencies (Kaval, 2005:136).
The main principles of monitoring in the COSO model are (COSO, 2013):  Identification and implementation of continuous and one-off review activities,  Evaluating and sharing the deficiencies related to internal control.

INTERNAL CONTROL APPLICATION AND INTERNAL CONTROL ACTION PLAN
In Turkey, internal control practices, which were implemented and paid attention to only by private sector enterprises until 2003, have started to be examined by the public sector as of this date. The Public Finance Management and Control Law No. 5018, adopted in 2003, defined the functioning of the internal control system and the roles and responsibilities of the agencies in the system, and assigned the Ministry of Finance to guide the public administrations by setting standards -methods regarding internal control processes and providing coordination in this field. Based on this task, the Ministry of Finance published the Public Internal Control Standards Communiqué in the Official Gazette dated 26 December 2007 and numbered 26738 (Ağmaz, 2017: 77).

With "Public Internal Control Standards Communiqué" prepared by Ministry of Finance based on INTOSAI Public
Internal Control Standards Guide and European Union Internal Control Standards besides the COSO model, the regulation of internal control standards for the public sector in Turkey has thus entered into force (Ağmaz, 2017: 78).
In the different article 55 of the Public Finance Management and Control Law No. 5018, internal control is defined as follows: "… A set of financial and other controls, including internal audit, with the organization, method and process established by the administration to ensure that the activities are carried out in an effective, economic and efficient manner in accordance with the objectives of the administration, determined policies and legislation, the assets and resources are protected, the accounting records are kept accurately and completely, and the financial and management information is produced in a timely and reliable manner ..." (Kamu Mali Yönetimi, 2003). Süleyman Demirel Üniversitesi Vizyoner Dergisi, Yıl: 2020, Cilt: 11, Sayı: 28, 753-769 ISSN: 1308-9552 Süleyman Demirel University Visionary Journal, Year: 2020 Within the framework of the specified Law, internal control departments have been established within the public institutions and organizations, and public institutions have also attempted to establish the infrastructure for the functioning of the internal control (Yaman, 2008: 30). IACB -Internal Audit Coordination Board, Internal Audit and Internal Control Center Harmonization Offices, which are responsible for monitoring and coordination of internal control and internal audit practices in public administration, are strengthened by their capacity and competencies (Uzun 2009: 60).
When the drafts of the internal control action plan within the scope of the related law are analyzed, it is seen that it matches the COSO internal control structure on the basis of the main components. This is an expected situation. Because in the context of internal control applications, COSO is a model that has reached wide acceptance and has proven itself in creating added value. When the sub-components of public internal control applications linked to main components are examined, it is seen that regulators are not only limited to COSO but also benefit from other internal control structure models.
Internal control action plans, which should be prepared under the supervision of the Ministry of Finance within the scope of current practices, are binding on all public institutions. The law did not make any exceptions at this point. Public Internal Control Standards consist of 5 main components, namely Control Environment, Risk Assessment, Control Activities, Information-Communication and Monitoring, 18 Standards and 79 General Conditions in accordance with other international regulations. (COSO, 2017).

POSITIONS AND IMPORTANCE OF MUNICIPALITIES IN TURKISH LOCAL GOVERNMENT SYSTEM
According to Eryilmaz, local governments function as a school of democracy. In addition, they are indispensable institutions in ensuring efficiency and productivity in local services (Eryılmaz, 2013: 171). The first municipal administration in the Turkish public administration system was established in Istanbul in the period of the Ottoman Empire in 1855 (Oktay, 2011: 17). The establishment of this municipality called Istanbul Şehremaneti has paved the way for the establishment of municipal administrations first in Istanbul and then in other cities of the country. In the following process, provincial special administrations and village administrations were added to the municipalities. The number of local governments increased or decreased in various periods in the Turkish local government system. Today, three local government administrations in Turkey provide local services across the country. The administration, which carries out the smallest service, is the village. Village administrations are established to fulfill local quality services of settlements with a population of less than two thousand (Village Law, 1924). The local government administration, which produces larger-scale services than the village administrations, are provincial special administrations. In Turkey, there is no provincial special administration in places where there is a metropolitan municipality administration, and they operate service in areas with provincial municipalities outside metropolitan municipality. The duties of the provincial special administrations cover the provincial boundaries and some duties are within the municipal boundaries, while some duties are for rural areas outside the municipal boundaries (Provincial Special Administration, 2005). In Turkey, among the local governments, municipalities are the local government administrations which stand out more than village and provincial special administration and provide local quality services at the widest scale. Municipalities have differentiations among themselves as metropolitan municipality, metropolitan sub-provincial municipality, provincial municipality, district municipality and town municipality. Decision making bodies of municipalities with administrative and financial autonomy, like other local governments, are acceded by election and have a separate legal entity (Municipal Law, 2005). When the numbers of local governments in Turkey are analyzed, it is seen that the total number of municipalities is 1.389, the number of provincial special administrations is 51 and the number of village administrations is 18.292 (E-İçişleri, 2020).
Given the provincial special administrations, villages and municipalities in the Turkish local administration system, it can be said that municipalities are the most prominent local government administration in terms of authority, budget, personnel and others. Provided that they are local, municipalities solve the economic, social and physical problems of the cities on a large scale. For instance, municipalities provide many services such as zoning regulation, transportation, environmental health, waste collection, green areas, dwelling production, sports activities, services for young people, social services, services for the elderly, cultural and art activities and Süleyman Demirel Üniversitesi Vizyoner Dergisi, Yıl: 2020, Cilt: 11, Sayı: 28, 753-769 ISSN: 1308-9552 Süleyman Demirel University Visionary Journal, Year: 2020 protection of the historic fabric of the city (Municipal Law, 2005). In addition to solving the problems of the cities, the responsibility of constructing their future is also the responsibility of the municipalities at the highest level. For this reason, it can be seen as an important subject that municipalities are managed with a professional and strategic understanding as much as possible. Within this scope, it is an issue to work on the implementation of practices aimed at dominating the strategic and professional management approach in municipalities. Therefore, this study aimed to conduct a research on the internal control action plans put forward by the municipalities.

RESEARCH METHOD AND SAMPLE
The aim of the study is to make an evaluation on the internal control action plans put forward by the municipalities and to find answers to the questions mentioned in the introduction. Documentary scanning method is used as research method. According to Karasar, documentary scanning is to collect data by examining the existing records and documents. Documentary scanning method involves the processes of finding, reading, taking notes and evaluating. Here all data explaining the researched case in the most clear way are in the scope of documentary scanning (Karasar, 2012: 183). Within the scope of the research, internal control action plans prepared by the municipalities and made available on the internet are examined.
Metropolitan municipalities working in the Turkish local government system are selected as the population. The reason for the election of metropolitan municipalities is that in Turkey, they are local government administrations that produce the largest scale of service, provide services to the entire city, have the highest budgets and have a strong human resource. The number of them is 30. The sample within the population is the metropolitan municipalities that publish internal control compliance action plans on their websites. The number of these is 16. In this context, the sample's representation rate of the population is 53% and it is thought to provide a meaningful representation. The metropolitan municipalities that make up the sample are: There is no historical restriction in the internal control compliance action plans prepared by the metropolitan municipalities and published on their websites. Because these are seen to be published in different years. In this context, as the purpose of the research is to determine what actions the metropolitan municipalities put forward within the framework of internal control standards, it is studied to determine the actions that are generally revealed in these plans. The data compiled on the subject can be seen in the tables below. The internal control components put forward by the municipalities in each table are compiled with sub-components. Thus, the general conditions of the standards included in the reports of the municipalities and what actions the municipalities plan to meet these conditions can be seen.

ACTIONS PLANNED BY THE MUNICIPALITIES THAT COMPOSE THE SAMPLE ON THE INTERNAL CONTROL COMPLIANCE ACTION PLANS
In this part of the study, the standards of internal control compliance action plans are presented in detail. In addition, the internal control compliance actions of the metropolitan municipalities which included in the sample were expressed in all lines.

2.1.
The mission of the administration should be determined in writing, announced and adopted by the personnel.

2.2.
To ensure the realization of the mission, the tasks to be carried out by the administrative units and sub-units should be defined and announced in writing.

2.3.
A task distribution chart covering the duties of the personnel and their authority and responsibilities related to these duties should be established and notified to the personnel.

2.4.
The administration and its units should have an organizational chart, and a functional distribution of tasks should be determined accordingly. 2.5. The organizational structure of the administration and its units should be such as to demonstrate the basic authority and diffusion of responsibility, accountability and appropriate reporting relationship. 2.6. The managers of the administration should determine the procedures for sensitive tasks in the conduct of the activities and announce them to the personnel. 2.7. Managers at all levels should establish mechanisms to monitor the outcome of the assigned tasks.

2.1.
Making announcements on the boards, corporate websites, strategic plans, activity reports and e-mails.

Preparing instructions and job descriptions and
transmitting them to the personnel. 2.3. Units' making a task distribution schedule and transmitting it to their personnel. 2.4. By being made organization charts, announcing them on the corporate website, in the activity report, in the strategic plan. 2.5. Creating instructions and forms on the subject within the units by considering the hierarchical structure. 2.6. Making definitions by the units on sensitive tasks related to their work areas and announcing them to the personnel. 2.7. Establishing in-house information management systems and preparing the periodic performance measurement programs.

3.
Competence and Performance of Personnel: Administrations should ensure the compatibility between the competence and duties of the personnel, and take measures to evaluate and improve performance.

3.1.
Human resources management should be aimed at ensuring the realization of the goals and objectives of the administration. 3.2. The director and personnel of the administration should have the knowledge, experience and ability to carry out their duties efficiently and effectively. 3.3. Professional competence should be given importance and the most appropriate personnel should be selected for each task.

3.4.
With the recruitment of personnel, the principle of merit must be observed in the advancement and promotion of its duties and its individual performance must be taken into consideration. 3.5. Required training needs should be determined for each task, training activities to meet these needs should be planned and carried out every year and updated when necessary. 3.6. The adequacy and performance of the personnel should be evaluated at least once a year by the manager to whom it is connected and the results of the assessment should be discussed with the personnel. 3.7. According to the performance evaluation, measures should be taken to improve the performance of the personnel whose performance is inadequate, and rewarding mechanisms should be developed for the high performing personnel.

3.1.
Determining the human resource needs according to the activities and employing qualified personnel, training the existing personnel. 3.2. Creating a human resource inventory in accordance with the norm staffing standards, providing in-service training to the personnel. 3.3. Determining the minimum professional qualification criteria according to the positions, recruiting specialist personnel according to the need, being careful in the employment commissions. 3.4. Developing a system for measuring the individual performance of the personnel, applying written and oral examinations in recruitment and promotion. 3.5. Creating a training program in accordance with the needs, updating the in-service training directive, providing the training of the experts of the subject, looking at the questionnaires and the results of the business analysis in determining the training need. 3.6. Establishing personnel performance directive, determining individual performance criteria for each position. 3.7. Including low-performance personnel in the gap analysis and training, preparing directives to reward high-performance personnel, and selecting personnel of the month in certain periods.

Name of the Standard
General Conditions of the Standard General Actions of Municipalities 3.8. Important issues regarding human resources management such as personnel recruitment, relocation, appointment to senior positions, training, performance assessment, employee rights should be determined in writing and announced to personnel.

3.8.
Making announcements in order to ensure transparency in studies on the subject, creating a personnel handbook and guide on the subject.

Delegation of Authority:
The authorities and limits of delegation of authority in administrations should be clearly defined and reported in writing. Taking into account the importance and risk of the delegated authority, delegation of authority should be made.

4.5.
Ensuring that the person who took over the authority reports to the person he / she has taken over his / her authority, making end of mont evaluation meeting regarding the delegated authorities, creating a report set regarding the use of authority.
Source: Table was prepared by the authors by making use of the internal control compliance action plans of the metropolitan municipalities which are examined within the scope of the research.
In Table 1 about control environment, it is seen that municipalities are planning actions on ethical values and honesty; mission, organizational structure and tasks; competence and performance of personnel; delegation of authority. These actions are carried out in order to provide the internal control environment of the institution.

Planning and Programming:
Administrations should establish and announce plans and programs that contain their activities, goals, objectives and indicators, and the resources they need in order to achieve them, and ensure that their activities comply with plans and programs.
1.1. Administrations should prepare a strategic plan with participative methods in order to establish their missions and visions, to determine strategic goals and measurable targets, to measure, monitor and evaluate their performance.

1.2.
Administrations should prepare a performance program which includes the programs, activities and projects they will carry out and their resource needs, performance targets and indicators. 1.3. Administrations should prepare their budgets in accordance with their strategic plans and performance programs. 1.4. Managers should ensure that the activities comply with the objectives and targets set by the relevant legislation, strategic plan and performance program. 1.5. Within the framework of their duties, managers should set special targets in accordance with the objectives of the administration and announce them to their personnel. 1.6. The objectives of the administration and its units should be specific, measurable, achievable, relevant and periodic.

1.1.
Preparation of these reports to be prepared in the future by participative methods. 1.2. Producing performance program and budget preparation guide, each unit's forming a work team within itself, organizing performance program preparation trainings. 1.3. Organizing budget preparation trainings, electing a strategy development representative within each unit. 1.4. Preparing reports which show the relationship of the results of the unit's annual business plan with the strategic plan and performance programs, releasing the annual reports to the public, and the managers' making periodic checks. 1.5. Preparing the executive target declaration, determining the branch manager responsible for the realization of the targets, publishing visuals showing the targets in the units, organizing meetings to reach the targets 3 times a year. 1.6. Measuring the targets in periods, determining the methods and examples related to goal setting.

2.
Identification and assessment of risks: Administrations should evaluate and determine the measures to be taken by making systematic analyzes and defining the internal and external risks which may prevent the realization of the goals and objectives.

2.1.
Administrations should systematically identify risks directed towards their goals and objectives every year. 2.2. The probability and possible effects of risks should be analyzed at least once a year. 2.3. Action plans should be developed by determining the measures to be taken against risks.

2.1.
Preparing a risk management strategy document within the municipality, taking the administrators into training on risk management, establishing a risk assessment commission, determining a risk determination representative from each unit, creating risk reports within the units.

2.2.
Preparing a risk assessment report, performing a risk analysis, presenting the risk probabilities and the results of the risks determined by the risk branch managers to the unit chief, evaluating the internal audit reports in the risk reports. 2.3. Updating the risk management strategy document, determining the responsibilities for risks above the acceptable level, creating a risk action plan. Source: Table was prepared by the authors by making use of the internal control compliance action plans of the metropolitan municipalities which are examined within the scope of the research. Vizyoner Dergisi, Yıl: 2020, Cilt: 11, Sayı: 28, 753-769 ISSN: 1308-9552 Süleyman Demirel University Visionary Journal, Year: 2020 In Table 2 about risk assessment, it is seen that municipalities are planning actions on planning and programming; identification and assessment of risks. These actions are carried out in order to provide the risk assessment of the institution.

2.1.
Administrations should establish written procedures on their activities, financial decisions and transactions.

2.2.
Procedures and related documents should include the stages of the activity or financial decision and the start, implementation and finalization of the transaction.

2.3.
Procedures and related documents should be up-todate, comprehensive, compliant with legislation and understandable and accessible to the relevant personnel.

2.1.
Determining the procedures about the process, information form and work flow chart, implementation steps and checklists, preparing the instructions to reduce personnel resources errors.

2.3.
Determining responsible persons about the subject and editing job descriptions, publishing the operational procedures prepared by the units on the internet portal, editing the work flow charts of the related documents.

3.Segregation of Duties:
In order to reduce the risk of error, deficiency, inaccuracy, irregularity and corruption, the tasks of approving, implementing, recording and controlling financial decisions 3.1. The tasks of approving, implementing, recording and controlling each activity or financial decision and transaction should be assigned to different persons. 3.2. The managers of the administrations, where the segregation of duties due to the insufficient number of personnel cannot be fully implemented, should be aware of the risks and take the necessary measures.

3.1.
According to the risk records, determining and implementing the segregation of duties principle for highrisk tasks, establishing a management information system to prevent unauthorized access, determining personnel according to the principle of segregation of duties in the work flow chart.

3.2.
In cases where the attendant to act is not present, determining the personnel to be assigned from other administrations, providing employment in the number of missing personnel, recording the situation in the risk control matrix and providing assurance for additional controls.

4.Hierarchical Controls:
Managers should systematically check that business and transactions are in line with procedures.

4.1.
Managers should make the necessary checks to ensure that procedures are implemented effectively and continuously.

4.2.
Managers should monitor and approve the work and operations of the personnel, and give the necessary instructions to eliminate errors and irregularities.

4.1.
Developing forms when inappropriate, repetitive and problematic processes are detected, establishment of continuous monitoring system within the unit, identifying control processes such as "initials", "favorable opinion", "checklist" and "physical count". 4.2. Making the controls into tables, preparing periodic reports on the subject, determining the approval processes of the managers regarding the actions.

5.Continuity of Activities:
Administrations should take the necessary measures to ensure the continuity of the activities.

5.1.
Necessary precautions should be taken against the reasons affecting the continuity of the activities such as lack of personnel, temporary or permanent resignation, transition to new information systems, changes in method or legislation and extraordinary situations.

5.2.
If necessary, deputy personnel should be duly appointed. 5.3. It should be ensured by the manager that the personnel resigning prepare a report including the status of their work or transactions and the necessary documents and give this report to the assigned personnel.

5.1.
Determining the standards regarding the assignment of attorney and delivery of documents in paper and electronic environment to the person who handed over his duty to take over, performing rotation in certain periods in-house, use of in-service training. 5.2. Ensuring that the deputy personnel have the qualifications to be sought for the duty in the directive to be prepared for proxy procedures. 5.3. Preparing a directive that will ensure that all the personnel resigning and their information and documents are submitted to the administration, transferring of documents and information to the newcomer with the duty transfer report form. Vizyoner Dergisi, Yıl: 2020, Cilt: 11, Sayı: 28, 753-769 ISSN: 1308-9552 Süleyman Demirel University Visionary Journal, Year: 2020.

Name of the Standard
General Conditions of the Standard General Actions of Municipalities 6.Information Systems Controls: Administrations should develop the necessary control mechanisms to ensure the continuity and reliability of information systems.
6.1. Controls that will ensure the continuity and reliability of information systems should be determined and implemented in writing. 6.2. Authorizations should be made to enter and access data and information to the information system, and mechanisms should be established to prevent, detect and correct errors and irregularities. 6.3. Administrations should develop mechanisms to ensure information management. 6.1. Establishing a control team on the subject, forming a written circular on the subject, the unit managers' performing the checks of the information systems in certain periods. 6.2. Identifying the authorized persons on access to data and information, determining the authority levels in automation systems, establishing the information security procedure, determining the criteria for authorizations. 6.3. Preparing an action plan for the control activities related to the current system, developing the hardware and software infrastructure for the establishment of the system, creating a work program for the development process.
Source: Table was prepared by the authors by making use of the internal control compliance action plans of the metropolitan municipalities which are examined within the scope of the research.
In Table 3 about control activites, it is seen that municipalities are planning actions on control strategies and methods; determination and documentation of procedures; segregation of duties; hierarchical controls; continuity of activities; information systems controls. These actions are carried out in order to control the activities of the institution.

1.Information and Communication:
Administrations should have a suitable information and communication system in order to monitor the performance of their units and employees, to function properly in decision making processes and to ensure efficiency and satisfaction in service delivery.

Administrations should have an effective and continuous information and communication system that includes lateral and vertical internal communication and external communication.
1.2. Managers and personnel should be able to access necessary and sufficient information in a timely manner to fulfill their duties. 1.3. The information must be accurate, reliable, complete, useful and understandable. 1.4. Managers and relevant personnel should have timely access to performance program and budget implementation and other information on resource use. 1.5. The management information system should be designed in such a way that it can produce the necessary information and reports required by the management and offer the opportunity to make analysis. 1.6. Managers should report their expectations to the personnel within the scope of their duties and responsibilities within the framework of the mission, vision and objectives of the administration. 1.7. The lateral and vertical communication system of the administration should ensure that the personnel can convey their evaluations, suggestions and problems.
1.1. Establishing a system for receiving feedback, organizing meetings for the development of vertical communication, using systems such as written, verbal, email, website between units, developing the communication flow chart. 1.2. Establishing a corporate information pool, establishing an electronic document management system, opening access to information and documents which are not confidential, transferring paper documents to electronic environment. 1.3. The units' regularly updating their documents and information, ensuring the accuracy of the information within the scope of the Identification of Cross Control Elements action. 1.4. Development and authorization of software on the subject, announcement of relevant information on the website. 1.5. Revising the report prepared in the unit for the top manager, providing training to the personnel on creating and reporting information, and integrating new modules into the Management Information System. 1.6. Organizing meetings at the level of units. 1.7. Establishing personnel suggestion boxes, rewarding personnel by preparing reward directive, establishing a request and suggestion system via the internet portal, conducting survey studies, making e-mail usage more common in communication channels.

2.
Reporting: The administration's goals, objectives, indicators and activities with their results should be reported in line with the principles of transparency and accountability.

2.1.
Administrations should publicly disclose their goals, objectives, strategies, assets, obligations and performance programs every year.

2.2.
Administrations should disclose the results of the first six months of their budgets, expectations and targets for the second six months with the activities. 2.3. Activity results and evaluations should be shown and announced in the administration annual report.

2.4.
For the oversight of the activities, the horizontal and vertical reporting network should be determined in writing within the administration, and the unit and personnel should be informed about the reports that should be prepared regarding their duties and activities.

2.1.
In general, this field is left blank.

2.2.
Publishing said reports on the corporate website. 2.3. In general, this field is left blank. 2.4. Preparing a written text for making the mentioned information, making announcements about the subject at the meetings, branch managers' submitting reports to the heads of the departments in 6-month period. Demirel Üniversitesi Vizyoner Dergisi, Yıl: 2020, Cilt: 11, Sayı: 28, 753-769 ISSN: 1308-9552 Süleyman Demirel University Visionary Journal, Year: 2020

Recording and Filing
System: Administrations should have a comprehensive and up-todate system where jobs and transactions, including all incoming and outgoing documents, are recorded, classified and filed.

3.1.
The recording and filing system should include incoming and outgoing documents with internal communication, including those in electronic media.

3.2.
The recording and filing system should be comprehensive and up-to-date, accessible and monitored by the manager and personnel. 3.3. The recording and filing system should ensure the security and protection of personal data. 3.4. The recording and filing system should comply with the specified standards. 3.5. Incoming and outgoing documents should be recorded on time, classified according to standards and kept in accordance with the archive system. 3.6. An archive and documentation system should be created in accordance with the determined standards, including registration, classification, protection and access of the administration's business and transactions. In Table 4 about information and communication, it is seen that municipalities are planning actions on information and communication; reporting; recording and filing system; reporting errors, irregularities and corruption. These actions are carried out in order to provide information and communication within the institution. In Table 5 about monitoring activites, it is seen that municipalities are planning actions on evaluation of internal control and internal audit. These actions are carried out in order to monitoring activities within the institution.

Name of the Standard
General Conditions of the Standard General Actions of Municipalities

Evaluation of internal control:
Administrations should evaluate the internal control system at least once a year.
1.1. The internal control system should be evaluated by continuous monitoring or a special assessment or by using these two methods together. 1.2. The process and method should be determined regarding the deficiencies of internal control and determination, reporting of inappropriate control methods and taking necessary measures. 1.3. The units of the administration should be involved in the evaluation of the internal control. 1.4. In evaluating internal control, opinions of managers, requests and complaints of persons and / or administrations, and reports prepared as a result of internal and external audit should be taken into consideration. 1.5. As a result of the evaluation of the internal control, the measures to be taken should be determined and implemented within the framework of an action plan.

1.1.
Evaluating the internal control system at least once a year within the organization, preparing year-end internal control report, conducting the internal control perception survey for the personnel, Continuous monitoring of the internal control system by the unit.

Establishing relevant sections in the Internal Control
Annual Report, conducting a survey on the issue, taking into account the internal auditor recommendation report. 1.3. Involving the people concerned with the cover letter, spending authority's following the internal control system, discussing this issue in the self-assessment meetings. 1.4. Continuous monitoring by the municipal unit responsible for monitoring, evaluation of suggestions and complaints submitted to the website, and reporting of the evaluations made with the unit managers. 1.5. Preparing the Internal Control Compliance Action Plan, revising the action plan at regular intervals.

2.Internal audit:
Administrations should ensure a functionally independent internal audit activity.

2.1.
The internal audit activity should be carried out in accordance with the standards set by the Internal Audit Coordination Board. 2.2. An action plan, including the measures deemed necessary by the administration as a result of internal audit, should be prepared, implemented and monitored.

Appointing among candidates having Public Internal
Auditor Certificate, preparing internal audit unit directive, determining internal audit principles and rudiments.

CONCLUSION AND EVALUATION
Municipalities are the most important units both in the administrative sense and in the production of services within the scope of local governments. Municipalities, which are in first-order contact with the citizens and are constantly monitored in this respect, have to comply with various central practices while managing their processes. Internal control action plans, which are the main subject of the study, are the regulations that emerged within this scope. The authority to organize and monitor the internal control action plan which is under the responsible of the Ministry of Finance within the framework of the Law No. 5018 is one of the main standards among the duties of municipalities. At this point, the action plan determined by the competent authorities and created based on the COSO internal control model consists of 18 sub-components connected to 5 main components. These subcomponents are obtained by extending the components included in the COSO internal control model in accordance with public administrations. As a result of the examinations related to the internal control action plans for the metropolitan municipalities in the sample, the following conclusions are reached.
The control environment component is the most basic component of the COSO internal control model. It is the main step in which awareness of internal control is introduced, placed and developed. The presence of internal control awareness in the corporate culture takes place at the control environment stage. There are 4 different subcomponents and standards related to the control environment component. These are a) ethical values and honesty, b) mission, organizational structure and tasks, c) competence and performance of personnel, d) delegation of authority. When the sub-components related to the said component are also taken into consideration, it is seen that the municipalities turn towards very different activities especially in terms of establishing a corporate culture about the internal control model. In this context, great importance is attached to in-house trainings as the most important activity and it is planned to organize trainings at every management level. It is predicted that managers from all levels participate in ethical meetings within the institution. In accordance with the transparency principle, the reports made by the institution are planned to be published in the relevant channels. Within the framework of strategic plans, mission and vision definitions have been made and it has been decided to share them with relevant persons. Authority and task mechanisms have been established and planned to be shared with those concerned (internal and external stakeholders). Accordingly, the establishment of in-house information management systems is considered. Again, within the framework of the sub-standards related to the main component of the control environment, the human resources policies of the municipalities have been revised and it is decided to carry out permanent staff studies. In this way, it is assumed that the presence of qualified manpower and possible needs will be determined. "Human", the main performer of the internal control environment, has been evaluated in all aspects.
The risk assessment component is the second most basic component of the COSO internal control model. It is the step where risk perceptions regarding internal control processes are managed and decisions are made. There are 2 different sub-components related to the risk assessment component. These are a) identification and assessment of risks and b) planning and programming. When sub-components related to the said component are also taken into consideration, it is seen that municipalities are planning multi-dimensional studies within the scope of risk assessment standards. Within the scope of the relatively new risk management for municipalities, the introduction of corporate risk management processes by each unit is considered. In addition to the risk action plans carried out on the basis of units, emphasis is placed on corporate risk management moves which enable holistic risk management. Within the scope of strategic management plans, management of risk perception and determination of risk levels are planned. Again, simulation of the planning and programming stages of the institution is considered within the scope of strategic planning. Performance determination and budgeting stages are determined based on units.
The control activities component is the third most basic component of the COSO internal control model. It is the stage where the internal control structure and activities are controlled and the decision of revised management practices is taken when deemed necessary. In one aspect, it is the process by which control audit of internal control practices is carried out. There are 6 sub-components and standards related to control activities. These are a) control strategies and methods, b) determination and documentation of procedures, c) segregation of duties, d) hierarchical controls, e) continuity of activities, and f) information systems controls. It has been determined that many different actions have been taken by the municipalities since the standards related to the control activities are the stage where the efficiency and productivity of the functioning of the internal control structure are determined. Control strategies and methods which concern each management level have been identified. Based on the risk management maps made during the risk assessment stage, it has planned to identify the risk steps which can be accepted and Süleyman Demirel Üniversitesi Vizyoner Dergisi, Yıl: 2020, Cilt: 11, Sayı: 28, 753-769 ISSN: 1308-9552 Süleyman Demirel University Visionary Journal, Year: 2020 which need to be prevented. In this way, corporate risk management targets of municipalities can be determined. The determination of the procedures for controlling the internal control structure and performing the control activities is also considered at this stage. It is included in the program to identify the authorized and responsible persons regarding the control management procedures and to make notifications to the relevant units. In this way, an effective set of control activities has been prepared.
The information and communication component is the fourth most basic component of the COSO internal control model. It organizes the process of acquiring and transmitting information that occurs or is likely to emerge at every stage of the internal control structure within the municipality. There are 4 sub-components and standards related to the component. These are a) information and communication, b) reporting, c) recording and filing system, and d) reporting errors, irregularities and corruption. The motivation for the creation and transfer of information to the relevant authorities is dominant in every process from the establishment of the internal control structure to its operation and continuing its activities. Thanks to information, which is the main input for decision making processes and service formation for municipalities, added value is created. For this reason, various arrangements have been made within the framework of internal control action plans and different actions have been foreseen. In this framework, corporate information systems have been established and it has been considered to transfer the correct information to the right person at the right time. It is assumed that the presence of parallel information channels will be eliminated in this way. Thanks to electronic information and document systems, it is planned to process information on online platforms. In this way, it is assumed that an institutional archive will be gained in information and document management. Thus, it is thought that loss of information can be prevented. It is also assumed that error and cheating cases will be minimized. The aim of minimizing cheating and error element, which is one of the first stage tasks of the internal control structure, has been treated appropriately.
The monitoring component is the fifth component of the COSO internal control model. It consists of standards to which a general evaluation of the internal control structure is aimed. These are a) evaluation of internal control, b) internal audit. It is the stage where the internal control structure required by the legislator for all municipalities is evaluated in all aspects. Municipalities plan to make internal control structures assessments every year within the scope of monitoring standards. They consider making arrangements for internal audit officers to provide reasonable assurance about internal control structures. In this context, it is aimed to create internal control action plans and forward them to the Ministry of Finance. It is also decided to share the related plans in all channels.
In the reports examined in the study, actions are planned to be carried out according to the internal control elements. However, it is not easy to make clear conclusions about which of these actions are implemented. Therefore, as a continuation of this study, other studies can be produced and this time it can be determined which of these actions were carried out by the municipalities according to their internal control compliance action plans. Thus, the implementation status of these plans and their contribution to the institution can be evaluated.