For a Safe Tomorrow – July 2021

This bulletin is available for download as a PDF.

Some Tools for Institutions to Sustain Longevity 

Risk management, internal control, internal audit, process improvement, development of internal procedures and business culture and similar concepts are important for companies, or rather all institutions, and are important components of efficiency, effective working and institutionalization. With the COVID-19 pandemic that the world and our country have been in since the first quarter of 2020, decreasing production, sales and demand, increasing global competition and new business methods will require companies to work more efficiently and at lower costs in the future. 

Let us explain some of the reasons: 

An entrepreneur establishes a business with the resources he has in line with his own business idea and business model. If the business he founded is successful, he will need additional capital, labor and resources to grow his business. While trying to meet his financial needs with opportunities such as borrowing from financial institutions, getting new partners and incentives, in addition to the profit he obtained, he now begins to meet his labor needs with professionals outside the family. 

At this point, the entrepreneur gradually starts to transfer the daily work to the professional employees and takes on more strategic functions such as direction and control. As the company grows, it fulfills this role by taking part in the board of directors. As the company gets bigger, professional people can be included in the board of directors. When the company goes public, independent persons can be recruited to the board of directors as required by capital market regulations, and specialty committees such as audit committee and risk committee can be established in the board of directors. In fact, in the future of the company, the entrepreneur may choose to leave the board of directors and remain only as a member of the general assembly. With this method, the entrepreneur can experience similar processes in more than one company.  

What are the reasons for all this? Essentially, by employing professionals, the entrepreneur needs reassurance that things are going well in the company as he wishes, by delegating certain powers and responsibilities to his professional employees through the board of directors, and by moving himself into a more strategic strategic position within the company. In other words, a significant part of the management functions (we can list them as planning, organizing, leadership and control) will now be transferred to professional managers and the entrepreneur will undertake more vision-related and strategic functions. So how can the entrepreneur or shareholder get the assurance that things are going well in the company? 

Some of the managerial tools for this can be listed as follows: A good governance structure within the company, management reporting system, corporate governance, independent audit, internal audit, corporate risk management system, internal control system, procedures, workflows in a written manner, assurance and consulting services received from outside the company, and the like. 

These services can be covered to a large extent from within the company, or by outsourcing (through outsourcing and co-sourcing). All these aim to ensure that the company survives in future generations. If we consider the issue from another angle, ensuring accountability with a good governance system, that is, a balanced distribution of rights and responsibilities within the organization (especially between the general assembly, the board of directors and senior management), will be another assurance of sustainability. 

In order for the established companies not to terminate their activities within the same generation or after a few generations, it should be established on solid foundations and then supported by the above-mentioned corporate tools. When we look at successful companies, we can also add a solid corporate culture, the importance given to expertise, reliable recruitment and performance evaluation systems, the importance given to the sense of employee loyalty, customer satisfaction and the like. 

Another issue is the prevention of fraud and abuse in companies. According to the 2020 International Report of the International Association of Fraud Investigators: A Global Study on Occupational Fraud and Abuse:

• Organizations lose 5% of revenue to fraud each year. 
• Causing total losses of more than $3.6 billion and on average $1.5 million for each incident.
• Typical fraud case last 14 months before detection.
• In 86% of cases, “asset misappropriation” is the most common form of fraud, while “financial statement fraud” is the least common type of fraud of all cases. 

The businesses that encounter the most cases of fraud are those with 1,000-9,999 employees. On the other hand, the median loss amount is higher in companies with 100 or less employees.

These issues are especially important for small and medium-sized enterprises (SMEs) with 100 or fewer employees, according to the fraud statistics. Around 95% of all businesses in Turkey are SMEs and these businesses provide around 70% of total employment. 

In addition, the weaknesses of SMEs are financing and technology problems, qualified personnel, opening up to new markets, taxation and financial issues, low productivity, branding, lack of value-added production, inadequacy of innovation capacity and institutional infrastructure. 

In addition to the work of professional organizations such as ACFE and USUID (ACFE Turkiye) in the prevention of fraud, raising awareness in this area and determining good practice standards, companies are on the issues of detection, prevention, investigation, and reporting of fraud with certificates such as CFE (Certified Fraud Examiner). It should be noted that employing experts who have proven their competence also plays an important role. 

• According to the results in the report, the rate of fraud and abuse in small businesses is higher than in large institutions.
• The fraud and abuses that have emerged are mostly detected through the ethics reporting hotline.

At this stage of globalization, it is very difficult for companies to survive by addressing only the domestic market. When we look at the figures in the 2020 export reports of the Turkish Exporters Assembly (TIM), the export figures, which have a large share in the revenues of the sectors, clarify this issue. 

Export Registration Figures on Sectoral Basis as of 31.05.2020 

Export Registration Figures on Sectoral Basis as of 31.05.2020 

It is possible to say that companies of all sizes have at least one competitor, or can be at any time. Even the customs and incentive policies of countries to protect their own domestic markets may not protect companies against competition as much as before. For this reason, it has become inevitable for companies to increase their own productivity and strengthen their corporate decision-making processes by learning the methods, corporate services, and value-added tools used by their international competitors. 

Therefore, according to the 2020 International Report of the International Association of Fraud Investigators: A Global Study on Occupational Fraud and Abuse, the above-mentioned enterprise risk management system, internal control system, internal audit, well-functioning procedures, development and improvement of processes, the right corporate resource planning (Enterprise Resource Planning / ERP) selection, hiring qualified employees with the right human resources system, and similar tools, structures and systems to manage companies’ fraud risk, reduce the number of cases, shorten detection time, etc. It will increase their competitiveness and institutional resilience by providing support in situations. It is useful to pay special attention to these services. 

We can give the following examples, which have resulted in company bankruptcy as a result of corruption and irregularities due to internal control weakness and lack of internal control in international companies, which have occurred at different times: Enron, Worldcom, Parmalat, Libor, Credit Swiss, Royal Bank of Scotland, Madoff, Lehman Brothers, Xerox, Waste Management, Sunbeam, Cendant, Tenet Healthcare, Deutsche Asset Management, Healthsouth, Sprint, Imclone Systems. New ones are added to this list every day. 

We need to take preventive measures and take the above-mentioned steps to value risk mitigation against possible internal fraud cases, so that the saying there is no lock preventing the thief do not hold true.

The article was first published on ACFE (Association of Certified Fraud Examiners) Türkiye Web Page. 15.10.2020  

Internal Audit of Medical Products Import and Export Company 

As Teolupus, we are proud and happy to complete a new internal audit project. All business processes of our customer operating in the field of import and export of medical supplies were audited. Compliance with the legislation, company procedures, COSO corporate risk management framework, COSO internal control framework and generally accepted accounting principles are taken as criteria in the internal audit conducted according to international internal audit standards. In the internal audit, which was carried out considering the characteristics of the sector as well as the current business processes, the internal audit report containing assurance and consultancy recommendations for the purpose of managing risks and increasing corporate value was delivered to our client.  

Enterprise Resource Planning (ERP) Business Talk 

A conversation titled Enterprise Resource Planning (ERP) was held as part of Teolupus Business Talks. The participants were informed in the business talk workshop with the presentation made by Mr. M. Göker Sarp about the introduction and dynamics of ERP, its usage areas, benefits, its role in institutionalization, its role in internal control and its contribution to efficiency. 

Tourism, Water Sports and Accommodation Facility Internal Audit 

In the internal audit report, which was prepared as a result of the evaluation of the operational, financial and regulatory business processes of our customer in the tourism sector, improvement suggestions were included in order to minimize the risks in the processes. The internal audit carried out in the tourism sector, where travel restrictions and compliance with health regulations are important during the COVID-19 pandemic, provided added value in terms of highlighting the company’s qualified service. 

Remote Auditing 

As people around the world continue to work from home during the COVID-19 pandemic, internal auditors are adapting to the challenges of their virtual run. Successful remote audit requires acknowledging that remote auditing is different from conventional on-site auditing. In other words, it is impossible for auditors to simply change their physical location while trying to keep everything the same and expect to manage successfully without in-person access. Instead, auditors must embrace and acknowledge the unique benefits and challenges of working remotely. 

Under the current circumstances, one of the keys to successful remote audit is to determine in advance whether a particular task is suitable for remote audit. Not all audits are equally suitable for remote audit. For example, a financial statement audit is a better candidate for a remote audit than a review of the physical security audits of the facility. The first consists primarily of documentation review and data analysis, while the second requires not only on-site testing of controls, but also the auditor’s presence for the audit. 

Regardless, auditors should evaluate the relevance of the engagement on a case-by-case basis with an open mind. Here are some key points to weigh between remote audit and on-site audit: 

• Cost savings 
• Audit resources (location, remote audit experience, number of auditors required, availability, and so on) 
• Transaction types
• Types of evidence that can be obtained remotely based on technology capabilities 
• Security of communications and data transfers 
• Timing 

Before audit reviews, internal audit should first review the engagements. In line with the International Institute of Internal Auditors’ (IIA) Practice Guide 2210: Engagement Objectives, internal auditors “must have a full understanding of why the engagement is being performed and what the organization aims to achieve.” 

In any crisis situation, it is quite possible that management’s perception of key risks in certain areas has changed, so objectives need to be reconsidered to ensure they are appropriate based on current risks and needs. 

In addition to assessing whether the engagement is suitable for remote execution, the auditors themselves should be considered. During the COVID-19 pandemic, many auditors are left with no choice but to stay off the field and do their best under unusual circumstances. Remote work procedures benefit auditors in terms of schedule flexibility, reducing travel, and allowing them to work where they are comfortable and access technology. However, the fact that the auditor is more comfortable performing the audit on-site can potentially affect the quality of the procedures performed. 

During this time when many auditors are required to work from home, there are many steps they can take to increase the success of remote audits. Communicating regularly with colleagues and clients and being open to flexibility in their approach to work can help many auditors overcome the challenges of status changes.

Internal Audit Techniques for Members of the Profession 

A webinar with the title “Internal Audit Techniques for Professionals” was prepared and presented by the ISMMMO (Istanbul Chamber of Certified Public Accountants) internal audit committee within the scope of ISMMMO awareness meetings on April 28, 2021. The webinar with the moderator Aysel Hatipoğlu, speakers Filiz Yücesoy Eren and Teolupus Partner Alp Buluç was broadcast on ISMMMO TV Youtube channel. 

11 Risks to Watch in 2021 

The following 11 risks identified in The IIA’s On Risk 2021 report have been selected from a wide range of risks likely to impact organizations in 2021. These risks, listed below, are generally accepted regardless of an organization’s size, industry, complexity, or type:

• Cybersecurity: Whether organizations are adequately prepared to manage cyber threats that can cause business disruption and reputational damage. 
• Third party: Organizations’ ability to select and monitor third party relationships. 
• Board information: Whether boards are confident that they receive complete, timely, transparent, accurate and relevant information. 
• Sustainability: The maturation of environmental, social and governance (ESG) awareness and the ability of organizations to strategize to address long-term sustainability issues. 
• Disruptive innovation: Whether organizations are ready to adapt and/or take advantage of the disruption. 
• Economic and political volatility: The challenges and uncertainties that institutions face in a dynamic and potentially volatile economic and political environment. 
• Organizational governance: The role of organizational governance style in achieving goals. 
• Data governance: General strategic data management of organizations: collection, use, storage, security and disposal of data. 
• Talent management: The challenges organizations face in identifying, acquiring, developing and retaining the right talents to achieve their goals. 
• Culture: Whether organizations understand, monitor, and manage the approach, incentives, and actions that lead to desired behavior. 
• Business continuity and crisis management: Organizations’ ability to prepare, respond and recover.

Theiia
Acfetr
Teolupus

Bu gönderi şu adreste de mevcuttur: Türkçe