CENTRAL AUDIT ACTIVITIES AS A CONTINUOUS AUDIT APPROACH IN THE TURKISH BANKING SECTOR: A CASE STUDY ABOUT FRAUDS IN SAVINGS ACCOUNTS

Yıl 2020, , 254 - 275, 28.01.2020

İsmail Kaban

https://doi.org/10.14783/maruoneri.676406

Cited By: 5

Öz

Developments in information technology constitute the core of a fundamental transformation of internal audit approaches. The traditional concept of internal audit on periodic and traditional auditing with the inclusion of concepts such as data mining, artificial intelligence, and machine learning is replaced by modern continuous, risk-focused auditing. Recently, in sectors that have high transaction volume such as banking, continuous audit activities combined with data mining applications have become prominent in effectively managing fraud risk. In this study, an example of the examination process related to savings account fraud in Turkey has been presented by providing basic information about the central audit activities applied as a continuous audit approach in the banking sector. The banking transactions used as data in this fraud auditing were generated realistically and at random. Data mining techniques have been applied to these transactions to detect fraud risks.

Anahtar Kelimeler

Internal Audit, Banking, Continuous Audit, Central Audit, Data Analytics

TÜRKİYE BANKACILIK SEKTÖRÜNDE BİR SÜREKLİ DENETİM YAKLAŞIMI OLARAK MERKEZDEN DENETİM: MEVDUAT HESAPLARINDAKİ HİLELER ÜZERİNE BİR VAKA ÇALIŞMASI

Öz

Bilgi teknolojilerinde yaşanan gelişmeler iç
denetim yaklaşımları üzerinde köklü bir dönüşümün çekirdeğini teşkil
etmektedir. Veri madenciliği, yapay zekâ ve öğrenen makinalar gibi kavramların
etkisi ile periyodik ve rutin denetimler üzerine kurgulanan geleneksel denetim
anlayışının yerini sürekli ve risk odaklı modern denetim anlayışının
aldığı görülmektedir. Son dönemde bankacılık gibi yüksek işlem yoğunluğu
ihtiva eden sektörlerde suistimal risklerinin etkin olarak yönetilmesi için
veri madenciliği uygulamaları ile harmanlanan sürekli denetim faaliyetleri
öne çıkmaktadır. Bu çalışmada bankacılık sektöründe bir sürekli denetim
yaklaşımı olarak uygulanan merkezden denetim faaliyetleri hakkında temel
bilgiler sunularak Türkiye özelinde örnek bir mevduat suistimal vaka denetimi
sürecine yer verilmiştir. Suistimal denetiminin gerçekleştirileceği
işlemler gerçeğe uygun bir şekilde rastlantısal olarak üretilmiştir. Bu
işlemler üzerinde veri madenciliği teknikleri uygulanarak hile
risklerinin tespiti yapılmıştır.

Anahtar Kelimeler

İç Denetim, Bankacılık, Sürekli Denetim, Merkezden Denetim, Veri Analitiği

Kaynakça

• Albrecht, Steve W., Albrecht, Chad O., Albrecht, Conan C. & Zimbelman, Mark F. (2012). Fraud Examination. USA: South-Western, Cengage Learning.
• Associaiton of Certified Fraud Examiners (ACFE) (2006). Report to the nations on occupational fraud and abuse. Retrieved from https://www.acfe.com/uploadedFiles/ACFE_Website/Content/documents/2006-rttn.pdf
• Associaiton of Certified Fraud Examiners (ACFE) (2016). Report to the nations on occupational fraud and abuse 2016 global fraud study. Retrieved from https://www.acfe.com/rttn2016/docs/2016-report-to-the-nations.pdf
• Bhambri, V. (2011). Application of data mining in banking sector. International Journal of Computer Science and Technology, 2 (2), 199-202.
• Bierstaker, J. L., Burnaby, P. & Thibodeau, J. (2001). The impact of ınformation technology on the audit process: an assessment of the state of the art and ımplications for the future. Managerial Auditing Journal, 16 (3), 159-164.
• Bologa, A. R., Bologa, R. & Florea, A. (2013). Big data and specific analysis methods for insurance fraud detection. Database Systems Journal, 4 (4), 30-39.
• Buoni, A. (2012). Fraud Detection in The Banking Sector. Turku: TUCS.
• Chartered Instıtute of Internal Audıtors (CIIA) (2014). Risk Based Internal Auditing. London. Retrieved from https://global.theiia.org/standards-guidance/topics/Documents/201501GuidetoRBIA.pdf
• Chitra, K. & Subashini, B. (2013). Data mining techniques and its applications in banking sector. International Journal of Emerging Technology and Advanced Engineering, 3(8), 219-226.
• Coderre, D. (2007). Recommendations for an effective continuous audit process. Internal Auditor, 17, 1-7.
• Coderre, D. (2008). Internal Audit: Efficiency Through Automation. New Jersey: John Wiley & Sons.
• Çatıkkaş, Ö. & Çalış, Y. E. (2010). Hile denetiminde proak¬tif yaklaşımlar. Muhasebe ve Finansman Dergisi, 45, 146-156.
• Debreceny, R., Lee, S. L., Neo, W. & Shuling Toh, J. (2005). Employing generalized audit software in the financial services sector: challenges and opportunities. Managerial Auditing Journal, 20(6), 605-618.
• Earley, C. E. (2015). Data analytics in auditing: opportunities and challenges. Business Horizons, 58(5), 493-500.
• Garanti Bank (GB) (2016). 2015 annual report. İstanbul. Retrieved from https://www.garantibbvainvestorrelations.com/en/images/pdf/Garanti-Bank-2015-Annual-Report.pdf
• Giles, S. (2012). Managing Fraud Risk: A Practical Guide for Directors and Managers. United Kingdom: John Wiley & Sons.
• Golden, T. W., Steven L. S. & Mona, M. C. (2006). A Guide To Forensic Accounting Investigation. New York: John Wiley & Sons.
• Hillison, W., Pacini, C., Sinason, D., Carson, J. M. & Marlett, D. C. (2000). The insurance firm internal auditor as fraud-buster. CPCU Journal, 53(3), 168-180.
• İç Denetim Koordinasyon Kurulu. (İDKK) (2013). Kamu Iç Denetim Rehberi. Ankara.
• Liang, D., Lin, F. & Wu, S. (2001). Electronically auditing EDP systems: With the support of emerging information technologies. International Journal of Accounting Information Systems, 2 (2), 130-147.
• Marks, N. (2010). Continuous auditing reexamined. ISACA Journal, 1, 1-5
• Marks, N. (2015). Modern Risk-Based Internal Auditing. Internal Auditor-Middle East, June 2015, 16-18.
• Memiş, M. Ü. & Tüm, K. (2011). Sürekli denetim süreci ve iç denetim ile ilişkisi. Erciyes Üniversitesi İktisadi ve İdari Bilimler Fakültesi Dergisi, 37, 145-162.
• Mengi, B. T. (2012). Hile denetiminde yetkinliklerin değerlendirilmesi - hile karosu. Mali Çözüm Dergisi, 114, 113-128.
• Musa, H. (2017). The risk of fraud and the role of internal audit. Internal Auditor-Middle East, March 2017, 30-33.
• O'reilly, A. (2006). Continuous auditing: Wave of the future?. Corporate Board, 27(160), 24-26.
• Önce, S. & İşgüden, B. (2012). İç denetim faaliyetinin gelişen ve değişen bilgi teknolojileri ortamı açısından değerlendirilmesi: IMKB–100 örneği, Yönetim ve Ekonomi Araştırmaları Dergisi, 17, 38-70.
• Özbek, Ç. (2012). İç Denetim, Kurumsal Yönetim, Risk Yönetimi, Iç Kontrol. İstanbul: Türkiye İç Denetim Enstitüsü Yayınları.
• Prıcewaterhousecoopers (PWC) (2012). Internal audit 2012 - asia pasific supplement. Hong Kong. Retrieved from https://www.pwc.com/sg/en/advisory/assets/publication-internal-audit-2012asiapac.pdf
• Rahman, R. A. & Anwar, I. S. K. (2014). Effectiveness of fraud prevention and detection techniques in malaysian islamic banks. Procedia-Social and Behavioral Sciences, 145, 97-102.
• Ramamoorti, S. & Dupree, J. (2010). Continuous controls monitoring can help defer fraud. Financial Executive, 26(2), 66-67.
• Rezaee, Z., Sharbatoghlıe, A., Elam, R. & Mcmickle, P. L. (2002). Continuous auditing: building automated auditing capability. Auditing: A Journal of Practice and Theory, 21(1), 147-163.
• Searcy, D. L., Woodroof, J. B. & Colson, R. H. (2003). Continuous auditing: leveraging technology. CPA Journal, 73(5), 46-48.
• Tang, F., Norman, C. S. & Vendrzyk, V. P. (2017). Exploring perceptions of data analytics in the internal audit function. Behaviour & Information Technology, 36(11), 1125-1136.
• Teeter, R. A., Alles, M. G. & Vasarhelyi, M. A. (2010). The remote audit: a research framework. Journal of Emerging Technologies in Accounting, 7(1), 73-88.
• The Chartered Instıtute of Management Accountants (CIMA) (2009). Fraud risk management a guide to good practice. London. Retrieved from https://www.cimaglobal.com/Documents/ImportedDocuments/cid_techguide_fraud_risk_management_feb09.pdf.pdf
• The Institute of Internal Auditors, The American Institute of Certified public accountants and Association of Certified Fraud Examiners (IIA-AICPA-ACFE) (2008). Managing the Business Risk of Fraud: A Practical Guide. Florida. Retrieved from https://www.acfe.com/uploadedFiles/ACFE_Website/Content/documents/managing-business-risk.pdf
• The Instıtute of Internal Audıtors. (IIA) ((2009). Internal Auditing and Fraud. Florida.
• The Instıtute of Internal Audıtors. (IIA) (2011). Global Technology Audit Guide (GTAG) 16: Data Analysis Technologies. Florida.
• The Instıtute of Internal Audıtors. (IIA) (2015). Global Technology Audit Guide (GTAG) 3: Continuous Auditing: Coordinating Continuous Auditing And Monitoring To Provide Continuous Assurance. Florida.
• The Instıtute of Internal Audıtors. (IIA) (2016). International Standards For The Professional Practice of Internal Auditing-Standards. Florida.
• The Instıtute of Internal Audıtors (IIA). (2019). Fraud and internal audit -assurance over fraud controls fundamental to success. IIA Position Paper. Florida. Retrieved from https://global.theiia.org/about/about-internal-auditing/Public%20Documents/Fraud-and-Internal-Audit.pdf
• Halkbank (HB). (2009). 2008 annual report. Ankara. Retrieved from https://www.halkbank.com.tr/images/channels/English/investor_relations/financial_info/Annual_reports/halkbank2008_1.pdf
• Halkbank (HB). (2016). 2015 annual report. İstanbul. Retrieved from https://www.halkbank.com.tr/images/channels/English/investor_relations/financial_info/Annual_reports/2015_annual_report.pdf
• The Institute of Internal Audit - Turkey (TİDE) (2016). Sawyer’s Iç Denetçiler Için Rehber, Cilt 2: Iç Denetim Süreçleri ve Yöntemleri. İstanbul.
• İşbank (İB) (2016). 2015 annual report. İstanbul. Retrieved from https://www.isbank.com.tr/EN/about-isbank/investor-relations/publications-and-results/annual-reports/Documents/Isbank_2015.pdf
• Vakıfbank (VB) (2016). 2015 annual report. İstanbul. Retrieved from https://www.vakifbank.com.tr/documents/finansal/Annual_Report_2015.pdf
• Uzun, A. K. (2002). Muhaberat teftişinden e-posta denetimine. TİDE İç Denetim Dergisi, 5, 37-38.
• Uzun, A. K. (2009). Şirketlerde iç kontrollerin yeterliliğinde iç denetimin rolü. Active Bankacılık ve Finans Dergisi, 62, 1-8.
• Vona, L. W. (2008). Fraud Risk Assessment: Building A Fraud Audit Program. New Jersey: John Wiley & Sons.
• Ziraat Bank (ZB). (2008). 2007 annual report. Ankara. Retrieved from https://www.ziraatbank.com.tr/en/Investor-Relations-ZB/Financials/Documents/AnnualReport2007.pdf
• Ziraat Bank (ZB). (2016). 2015 annual report. Ankara. Retrieved from https://www.ziraatbank.com.tr/en/Investor-Relations-ZB/Financials/Documents/AnnualReport2015.pdf