The Law on Public Financial Management and Control No. 5018, along with the secondary and tertiary level regulations issued in accordance with this law, envisages the establishment of an internal audit system in public administrations in line with internationally recognized standards. Internal audit, which is one of the most important elements of the new public financial management and control system, plays a crucial role in providing assurance and advisory services to management for the effective, economical, and efficient use of resources and the functioning of internal controls. Designed as an activity that adds value to management, the internal audit system aims to enhance the effectiveness of internal control, provide reliable information to the public, achieve cost-effectiveness, efficiency, and productivity in public services, and ensure compliance with international approaches in management and audit.
What is Internal Audit?
In Law No. 5018, internal audit is defined as "independent, objective assurance and consulting activities designed to add value and improve the operations of a public administration by evaluating whether resources are managed in accordance with the principles of economy, efficiency, and effectiveness and to provide guidance." Internal audit activities are systematically, continuously, and diligently conducted in accordance with generally accepted international standards to assess and enhance the effectiveness of an organization's management and control structure, financial transactions, risk management, and management and control processes.
What are the Key Characteristics of Internal Audit?
- Compliance with International Standards
- Functional Independence
- Professional Principles
- Value-Adding
- Assurance Provision
- Quality Assurance
What Sets Internal Audit Apart?
- It is conducted using modern techniques and tools instead of traditional methods.
- It is planned and executed based on risk.
- It adheres to written rules and universal standards.
- It is future-oriented, not focused on the past.
- It is carried out in alignment with strategic priorities.
- It is systematic and continuous.
- It provides objective assurance.
- It encompasses all types of audits.
What is the Fundamental Approach of Internal Audit?
- Internal audit differs significantly from traditional practices by shifting from:
- Seeking compliance with regulations to improving the administration.
- Searching for errors to highlighting and disseminating best practices.
- Focusing on compliance to encompassing all types of audits.
- A past-oriented perspective to a future-oriented one.
- An individual and transaction-based focus to a systemic and process-oriented approach.
- Routine audits to risk-based auditing, allowing for substantial differentiation from conventional practices.
What is the Purpose of Internal Audit?
- The purpose of internal audit is to:
- Provide assurance for activities.
- Objectively provide information.
- Aim to offer recommendations for the improvement and continuous enhancement of activities through consultancy.
What are the Types of Internal Audit?
Compliance Audit:
Involves the examination of whether the activities and transactions of public administrations comply with relevant laws, regulations, directives, and other legislation.
System Audit:
Analyzes the activities and internal control system of the audited unit by contributing to the organizational structure, identifying deficiencies, investigating quality and adequacy, and evaluating the resources and methods employed in a systematic, prioritized, and systematic manner.
Performance Audit:
Evaluates the effectiveness, economy, and efficiency of activities carried out at all levels of management during the planning, implementation, and control stages.
Financial Audit:
Assesses the accuracy of accounts and transactions related to income, expenses, assets, and liabilities and evaluates the reliability of financial systems and statements.
Information Technology Audit:
Evaluates the continuity and reliability of the audited unit's electronic information systems.
Who is an Internal Auditor?
In accordance with Law No. 5018, internal audits in public administrations are conducted by internal auditors. To be appointed as an internal auditor in public administrations, one must have a "Public Internal Auditor Certificate" issued by the Internal Audit Coordination Board.
An internal auditor is a certified professional who, in a professional manner, contributes to achieving the institution's objectives, the effective, economical, and efficient use of resources, and provides advisory and assurance services to management. Internal auditors, who are independent in their duties, adhere to the "Public Internal Audit Standards" and the "Code of Ethics for Public Internal Auditors" within the framework of internationally recognized audit standards set by the Internal Audit Coordination Board (IACB).
What are the Responsibilities of an Internal Auditor?
The responsibilities of internal auditors, as specified in Law No. 5018, include:
a) Assessing the management and control structures of units based on objective risk analyses.
b) Conducting examinations related to the effective, economical, and efficient use of resources and making recommendations.
c) Conducting post-expenditure compliance audits.
d) Examining and evaluating the conformity of units' expenditures, financial transactions, decisions, and actions with objectives, policies, development plans, programs, strategic plans, and performance programs.
e) Conducting system audits of financial management and control processes and providing recommendations in these areas.
f) Providing recommendations for improvements based on audit results.
g) Reporting to the top executive if circumstances warrant an investigation during or based on audit results.
What are the Powers of an Internal Auditor?
- An internal auditor has the following powers in the performance of their duties:
- Requesting the presentation and demonstration of all kinds of information, documents, and records, including electronic data, as well as cash, valuable documents, and other assets related to the audit subject.
- Seeking assistance from employees of the audited unit as necessary for internal audit activities and requesting written and oral information.
- Utilizing tools, equipment, and other resources necessary for the audit.
- Reporting any attitudes, behaviors, or actions that hinder the audit to the top executive.
What is the Internal Audit Process?
The internal audit process is carried out in accordance with the following steps:
Planning: Involves defining the audit universe, identifying audit areas, defining risk criteria and rating risks, prioritizing audit areas, allocating audit resources, and preparing and approving the internal audit plan and program.
Audit Execution: Begins with a preliminary assessment and includes defining audit objectives, collecting information/preliminary research, and conducting an opening meeting.
Reporting: Upon completion of the audit, a closing meeting is held with the participation of management and officials. Audit results are reported, taking into account the findings obtained and the views and recommendations of management and officials. The reporting of audit results is done in accordance with the reporting standards specified in the Public Internal Audit Guide.
Monitoring and Evaluation: Following the internal audit activity, the corrective actions and recommendations proposed by internal auditors are implemented by the audited unit within the specified periods, as reported or in the action plan. The implementation of the measures is monitored by the top executive. The top executive can also fulfill this duty through the Internal Audit Unit if necessary. The actions taken or the reasons for not taking action based on the reports during the examination and audit or the reasons for not taking action are sent to the top executive or, in the case of authorization, to the Internal Audit Unit.
What You Need to Know About the Internal Audit Unit:
- The Internal Audit Unit, while being administratively under the direct responsibility of the top executive, does not have a hierarchical relationship with other units due to its distinct function.
- The Internal Audit Unit is not an entity that investigates complaints or reports that constitute a crime. However, within the framework of evaluating risks and preventing misuse, it can conduct examinations within the limits determined by the Internal Audit Coordination Board (IACB) and, upon the request of the top executive, regarding complaints and reports.
- The Internal Audit Unit does not compete with other units that conduct inspection, investigation, and external audit activities. It collaborates with these units in preventing misuse and providing documents and information related to criminal acts.
- Since the compliance and quality of internal audit activities are at stake, there is the possibility of submitting complaints and comments about audit activities and auditors to the Internal Audit Unit Presidency and the IACB for evaluation and assessment.