BY-LAW ON THE WORKING PROCEDURES AND PRINCIPLES OF INTERNAL AUDITORS

SECTION ONE

Purpose, Scope, Legal Basis and Definitions

Purpose

Article 1 – (1) The purpose of this by-law is to regulate the number of internal auditors for each public administration; their qualifications, appointment, working procedures and principles, certification and grading, and other relevant issues.

Scope 

Article 2 – (1) This by-law encompasses the internal audit activities and internal auditors of the public administrations included in the Charts (I), (II) and (IV) annexed to Public Financial Management and Control Law No. 5018, Banking Regulation and Supervision Board, Savings Deposit Insurance Fund, and local administrations.

Legal Basis

Article 3 – (1) This by-law has been prepared pursuant to the Article 65 of the Public Financial Management and Control Law, No 5018.

Definitions

Article 4 – (1) The following terms included in this By-law are defined as follows;

a) Audit manuals: The manuals related to internal audit activity to be issued by the Internal Audit Coordination Board, which constitute the basis for the audit manuals to be prepared by the internal audit units of public administrations, 

b) Auditing standards:  The “Public Internal Auditing Standards” determined by the Internal Audit Coordination Board in accordance with international internal auditing professional implementation standards,

c) Code of ethics:  The “Professional Code of Ethics” to be followed by internal auditors and to be determined by the Internal Audit Coordination Board in accordance with generally accepted international code of ethics,

d) Economic:    In order to attain the planned outcomes or outputs of an activity,  minimizing the cost of the resources that are utilized,

e) Effectiveness: The relationship between the planned and realized effect of an activity; to what extent it meets its objective and its appropriateness,

f) Internal audit:  An independent and objective consultancy and ensuring an objective assurance activity, performed in order to improve and add value to the activities of the public administrations by evaluating whether the resources are managed in conformity with the principles of effectiveness, economy and efficiency, and by providing guidance,

g) Internal control: All of the financial and other controls covering the internal audit as well as organization, method and process constituted by the administration so as to ensure that the activities are performed in an efficient, effective and economic manner in compliance with the purposes of the administration, defined policies and legislation, the assets and resources are reserved, accounting records are kept accurately and completely, financial and management information are generated timely and in a reliable manner,

h) Quality assurance and development program: The program for the evaluation of all the aspects of the internal audit conducted by the internal audit unit and the Internal Audit Coordination Board in the concerned public administration; monitoring and improving its conformity with the standards and code of ethics,

i) Public administration: Administrations stated in the Charts I, II and IV, annexed to the Public Financial Management and Control Law No. 5018 and the local administrations,

j) Law: Public Financial Management and Control Law No. 5018,

k) Board: Internal Audit Coordination Board,

l) Risk: Circumstances or events that might prevent public administrations from attaining their institutional goals and strategic objectives and performing their duties, or that might cause unexpected damages,

m) Risk analysis:          Evaluation of the risks related to the public administrations, their resources and their assets,

n) Risk management: Management which ensures that decisions in the direction of reducing the effects of the possible damages are taken based on the data through the systematic evaluation of potential risks,

o) Head of public administration: Respectively, in ministries the undersecretary, in the Ministry of National Defence the Minister, in other public administrations the highest administrator, in special provincial administrations the governor and in municipalities the mayor,

p) Efficiency: Maximizing the outcomes or outputs of an activity by means of the resources utilized.

SECTION TWO

Internal Audit Activity

Purpose of the internal audit activity

Article 5 – (1) Internal audit activity aims to ensure that the activities of the public administrations are planned and performed in accordance with the goals and policies, development plan, programs, strategic plans, performance programs and the legislation; that the resources are used in an effective, economical and efficient manner;  and that the information is reliable, complete and timely available. As a result of internal audit activity in order to secure the assets belonging to the public administrations, the efficiency of the internal control system and to minimise the risks, the internal audit activity provides recommendation to the administration about defining risks which might negatively affect the activities of the public administration, taking necessary measures, and about continuously revising and if possible quantifying these risks.

(2) Besides providing objective assurance, internal audit renders an independent and impartial consultancy service in order to assist the administrations in developing primarily their risk management, control and management processes. The consultancy service denotes providing recommendation oriented towards the systematic and regular evaluation and development of the activity and operation processes of the administration which aims at realizing its objectives.

(3) Providing objective assurance, is the provision of sufficient assurance within and outside the institution that there is an efficient internal audit system within the institution; that the risk management, internal control system and operation processes of the institution function efficiently; that the information produced is accurate and complete; that their assets are secured; that the activities are realized in an effective, economical, efficient and in conformity with the legislation.

Scope of Internal Audit Activity

Article 6 – (I) Operations and activities of the public administrations including their foreign and field services are subjected, with a continual and disciplined approach, to internal audit within the scope of audit plans and programs and in accordance with the auditing standards.

Areas covered by internal audit

Article 7 – (1) Internal audit covers the following areas;

a) Examination and evaluation of the sufficiency and efficiency of the internal control system of the public administration.

b) Providing recommendations for risk management; and examination of the implementation and efficiency of the risk assessment and risk management methods,

c) Carrying out performance evaluations with an aim to ensure the effective, economical and efficient utilization of the resources; and making recommendations to the administrations,

d) Auditing of the conformity of the activities and operations of the administration with the legislation, defined objectives and policies,

e) Examination of the accuracy and reliability of the accounting records and financial statements,

f) Checking the accuracy, reliability and timeliness of the information produced; as well as all kinds of reports, statistics and financial statements that are publicised,

g) Revising the management and system reliability of the electronic information system and e-Government services.

Implementation of Internal Audit

Article 8 – (1) Internal audit to be conducted in the public administrations encompasses the following audit practices;

a) Compliance audit: Examination of the conformity of the activities and operations of the public administrations with the relevant law, regulation, by-law and other legislation.

b) Performance audit: Evaluation of the effectiveness, economy and efficiency of the planning, implementation and control stages of the activities and operations taking place at all levels of the management.

c) Financial audit: Evaluation of the accuracy of the accounts and operations related to the revenues, expenditures, assets and liabilities; as well as the reliability of the financial system and statements.

d) Information technology audit: Evaluation of the continuity and reliability of the electronic information systems of the audited unit.

e) System audit: Evaluation of the activities of and internal control system of the audited unit by analysing with an approach contributing to the organizational structure, detecting deficiencies, examining their quality and conformity and measuring the sufficiency of resources and the methods applied.

(2) Internal audit shall be conducted as risk-based, in a way to cover one or several of the audit practices stated in the paragraph (1). Furthermore, an activity or subject may be taken within the scope of audit in all units.

Public internal auditing standards and code of ethics

Article 9 – (1) Internal auditors are obliged to comply with the auditing standards and code of ethics determined by the Board. These standards and rules shall be determined taking into account the generally accepted international standards and rules.

Internal audit manuals

Article 10 – (1) The Board prepares, improves and updates the audit manuals which define the procedures and principles regarding the preparation of the audit manuals that internal auditors will take as a basis in the internal audit activities.

(2) Internal audit units prepare their own audit manuals based on the subjects within their field of duty, in accordance with the procedures and principles published by the Board, and submit a copy to the Board.

(3) Despite their guiding nature, audit manuals do not limit the audit capabilities of internal auditors and they do not pose an obstacle to the development of internal audit practices.

(4) Internal audit unit annually examines the efficiency and sufficiency of the audit manuals in terms of planning, programming, realization and management of internal audit activities, according to the quality assurance and development program, and delivers its opinion in this respect, to the Board.

Relation with internal control

Article 11 – (1) Internal audit provides information, makes evaluations and give recommendations to the management in relation to the adequacy, efficiency and functioning of the internal control system.

(2) Internal auditors can not be included in the processes of regulating or implementing the internal control system, or the choice of internal control measures.  The head of public administration shall be responsible for establishing and maintaining an efficient internal control within the public administration. The head of public administration may obtain the opinions of internal auditors with regard to internal control principles and the establishment of the internal control system.

Responsibility of the head of public administration

Article 12 – (1) The head of public administration is responsible for the following, in the fulfilment of internal audit activities:

a) Takes all the necessary measures for internal auditors to perform all their duties in an independent way.

b) Provides the necessary conditions to internal auditors in their activities of defining the risks which might negatively affect the activities of the administration.

c) Ensures that an effective communication is established among the units in order to provide the internal auditors with the necessary information and documents about the subjects within the scope of internal audit.

d) Evaluates the subjects that are proposed to be corrected or improved in the internal audit reports and takes the necessary measures.

e) Compares the information obtained from the internal control process with the information obtained from internal audit, and defines the measures for the effective, economical and efficient use of the resources, in consultation with internal auditors when necessary.

f) Takes the necessary measures for improving the professional competencies of internal auditors.

g)  Takes the necessary measures in the event that while performing their duties, the independence and partiality of internal auditors are jeopardized or violated.

h) Considers the quality of internal audit activity, develops quality control and improvement program for this purpose, monitors the performances of the internal auditors during their duties.

i) Ensures effective, economical and efficient utilization of internal audit resources.

j) Takes the necessary measures with regard to the performance of the transactions related to the unit budget and the provision of professional equipment and materials necessary for the personnel.

SECTION THREE

Duties, Authorities and Responsibilities of

Internal Audit Unit and Internal Auditors

Internal Audit Unit

Article 13 – (1) Internal audit unit directly affiliated to the head of administration may be established by taking the structure and number of personnel of public administrations and upon the approval of Internal Audit Coordination Board. In the event that the number of internal auditors is more than five, head of public administration shall appoint one of the auditors so as to ensure the coordination. This appointment shall be notified to the Board.

(2) Internal audit unit, in accordance with this By-law, shall prepare its own directives. The nature and period of the consultancy and similar duties outside the scope of the plan and program to be assigned to the internal auditors shall be clearly set out in the directive in accordance with the standards.

(3) The directive shall be reviewed at least once annually in terms of the planning, programming, management and execution of internal audit activities. The directive and amendments thereon shall be approved by the head of public administration and a copy shall be sent to the Board.

(4) Internal audit unit shall regularly inform the head of administration on the activities of the unit and notify the Board on the hesitations with regard to the implementation of Board decisions.

Assignment of Internal Auditor

Article 14 – (1) Internal audit assignments of internal auditors within and outside the scope of the program shall be performed by the head of administration.

Duties of the Internal Auditor

Article 15- (1) The internal auditor shall be responsible for the following duties:

a) To evaluate the management and control structures of the public administrations based on objective risk analyses.

b) To carry out examinations and make recommendations in terms of effective, economical and efficient utilization of the resources.

c) To perform the ex-post legal compliance audit.

d) To monitor and evaluate the conformity of expenditures of the administration and its decisions and operations related to the financial transactions with the goals and policies, development plan, programs, strategic plans and performance programs.

e) To carry out the system audits of financial management and control processes and make recommendations on these issues.

f) To make recommendations regarding the improvements within the framework of audit results and to monitor these.

g) During the audit or depending on audit results; in the occurrence of a situation which requires an investigation, to inform the highest administrator of the concerned administration.

h) To audit the accuracy of the data produced by the public administration.

i) To provide assistance in determination of the performance indicators and to evaluate the applicability of the performance indicators when deemed necessary by the head of public administration.

k) To inform the head of public administration on situations constituting a crime.

Authorities of the Internal Auditor

Article 16 – (1)The internal auditor, regarding the fulfilment of his/her duties, possesses the authorities defined below:

  a) To demand the submission and denotation of all kinds of data, records and documents as well as cash amounts, valuable papers and other assets including those available in electronic format related to the issue of audit.

 b) As one of the requirements of internal audit activities; to take the assistance of the personnel working in the audited unit and request written and verbal data.

c) To benefit from the tools, equipment and other facilities required by the audit activities.

d) To notify the head of public administration regarding the attitudes, behaviours and actions which hinder the audit. 

Responsibilities of Internal Auditors

Article 17 – (1) The internal auditor, during the fulfilment of his/her duties, abides by the following issues:

a) To act in compliance with the legislation, designated auditing standards and professional code of ethics.

b) To improve his/her professional knowledge and skills continuously.

c) To inform the internal audit unit regarding the cases that exceed his/her authority and capacity in the course of internal audit activities. 

d) In the occurrence of cases which hinder the impartial and independent performance of the assigned duty, to notify such case to the internal audit unit.

e) To base the audit reports on evidence and to be objective in his/her evaluations.

 f) To protect the confidentiality of the data he/she has obtained during the audit.

Number of Internal Auditors for each Public Administration

Article 18 – (1) Number of internal auditors in public administrations; considering the duties to be fulfilled by the administrations, resources they utilize, characteristics of the central, field and foreign organizations, total number of the personnel, necessity of audit and the cost of it; has been identified in the annexed list. Public administrations notify their need for additional internal auditors to the Board.

SECTION FOUR

Qualifications, Appointment, Promotion of Internal Auditors and Termination of Their Tenures

Qualifications of Internal Auditors

Article 19- (1) It is essential for those who will be appointed to internal auditor positions to meet the following requirements apart from those stated in Article 48 of Civil Servants Law No. 657:

a) to have graduated from higher education institutions providing at least four-year education or from an equivalent education institution abroad whose equivalence is accepted by Higher Education Board.

b) to have fulfilled the following service period requirements:

1) to have worked minimum five years as audit officer in public administrations, including the period worked as assistant expert, on condition that s/he has passed the competency exam held after entering profession through special competitive exam.

2) to have worked minimum eight years as expert, including the period worked as assistant expert, on condition that s/he has passed the competency exam held after entering profession through special competitive exam.

3) to have worked minimum eight years as instructor with the title of PhD, including the period worked as researcher.

4) to have worked minimum eight years as directors or with higher titles.

c) to possess the knowledge, qualification and presentation skills required by the profession.

ç) to hold a résumé which is in line with internal audit code of ethics.

d) to have scored minimum fifty points in Public Personnel Foreign Language Test (KPDS) or Inter-Universities Foreign Language Test (ÜDS) in one of the languages of English, German or French two years prior to the deadline for application to internal auditor candidate selection exam.

e) to pass the exams to be held in accordance with the principles of the relevant by-law.

(2) The Board is authorized to eliminate the hesitations with regard to evaluation of the duties that may be considered as assistance and the periods together with the periods stated in sub-paragraph (b) in the first paragraph.

Training of the Internal Auditor

Article 20 – (1) Internal auditors, when necessary, shall receive in-service training which will be carried out by the Ministry of Finance under the coordination of the Board.

Appointment as an Internal Auditor

Article 21 – (1) In the ministries and affiliated administrations, internal auditors shall be appointed by the minister upon the proposal of head of public administration and in other administrations by the head of administration from among the certificated candidates and termination of their tenures shall be realized following the same procedure.

Grading of Internal Auditors                                  

Article 22 – (1) Public Internal auditor certificate is graded taking into account the seniority order and requirements of the concerned cadre as well as competency, professional knowledge and representation ability of the internal auditor upon the proposal of the internal audit unit and approval of the head of public administration. Internal audit unit carries out its evaluations in accordance with the arrangements of the Board taking into account the activities of internal auditors, their participation to in-service trainings, success and employment records.     

(2) Certificate grades of internal auditors shall be taken into consideration in the determination of the personal rights of public internal auditors and their career planning.

(3) Where grading is not performed although the seniority order and requirements of the concerned cadre are available, justifications pertaining to such case shall be reported to the relevant internal auditor and the Board in writing.    

Assignment according to the certificate grade

Article 23 – (1) Internal audit activities shall be classified by internal auditor in terms of the units, subjects and processes of the public administration. It is by principle that the audit areas and implementations of internal auditors are changed. Audit areas and implementations in which the internal auditor will be assigned according to his/her certificate grade and experience and seniority he/she has gained in the course of his/her work shall be set out in the directives of internal audit units.   

Termination of the Internal Auditor Position

Article 24– (1) Internal auditor position is terminated when:

a) He/she resigns by his/her own will

b) He/she is appointed or elected to another position

c) It has been documented in a report that he/she has performed acts which do not comply with the profession of internal auditor and his/her certificate has been annulled upon the discussion of this report by the Board.

 (2) In such case which is stipulated in sub-paragraph (c) of paragraph (1), notwithstanding the requests of the concerned persons, they are re-appointed to a cadre in their institutions appropriate to their careers or professions and they can not be appointed as internal auditors again.

SECTION FIVE

Independency, Impartiality and Assurance of Internal Auditors

Independency of Internal Auditors

Article 25 – (1) Internal auditors shall act in an independent way in the performance of their duties regarding the internal audit activities.

 Impartiality of Internal Auditors

Article 26 – (1) Internal auditors shall maintain their impartiality when carrying out their duties.

(2) While carrying out their duties, internal auditors conclude an opinion without compromising on the quality of audit and being affected by others’ opinions and influences.

(3) Head of public administration, while assigning internal auditors, takes into consideration the issues which may impair the impartiality of internal auditors.

 (4) When internal auditors encounter a situation which may impair their independency or impartiality in the performance of their activities; the concerned internal auditor immediately forwards the situation to the internal auditor who is assigned with the duty of coordination and in the event that no assignment has been done with regard to coordination, to the head of public administration in writing.

(5) Internal auditors can not perform internal audit activity in administrative units where they were employed previously unless at least one year has elapsed.

Assurance of the Internal Auditors

Article 27 – (1) Internal auditors cannot be assigned or forced to perform duties apart from those stated in this By-law and directives of internal audit unit.

(2) Without prejudice to the second paragraph of Article 24, internal auditors may under no condition be assigned to another duty against their own will.

SECTION SIX

Internal Auditor Certificate, Professional Competency and Training

The Public Internal Auditor Certificate

Article 28– (1) Those who have been found successful in the written examination, which is performed after the internal auditor candidate training provided by the Ministry of Finance, are given an grade (A) internal auditor certificate which shows their score and which is graded from the level A-1 to A-4 every 3 years. First grading of the certificate shall be performed after completion of 5 years in the profession of internal auditor.

(2) Internal auditors are encouraged to participate in the international internal audit certificate examinations.

 Grading of the Certificate

Article 29 – (1) Public internal auditor certificate is replaced by a one higher grade certificate provided that sixty points are accumulated in a three-year-period.   In the event of an inability to get sufficient amount of points in a three-year-period, total points of the last three years are taken into consideration in the following years. 

(2) An internal auditor who has one of the internationally approved certificates of CIA (Certified Internal Auditor), CISA (Certified Information System Auditor), CCSA (Certified Control Self Assessment) and CGAP (Certified Government Auditing Professional) is awarded one higher grade certificate just for once.

Scoring system in Certificate Grading

Article 30 – (1) As of the date on which they have taken office, in the event that the internal auditors score the minimum of sixty points according to the below-defined-fields and weights for their each three-year-activity; their certificates are progressed to a higher stage.   

Internal auditors may collect;

a) Up to twenty five points, from the in-service trainings in which he/she has participated,

b) Up to thirty five points, from his/her reports and studies,

 c) Up to ten points, from his/her published articles and books, 

d) Up to ten points, from his/her employment record, success and letter of commendations,

e) Up to ten points, from the activities which he/she has participated as a trainer,

f) Up to ten points, from his/her command of foreign language.

(3) Furthermore, the internal auditor is given ten points for each master and doctoral degree program in the relevant evaluation period just for once. The scoring with regard to certificate grading shall be performed by the head of public administration upon the proposal of the internal auditor who is assigned with the duty of coordination and in the event that no assignment has been done with regard to coordination, scoring shall be performed directly by the head of public administration. The Board shall separately regulate the issues related to the certificate grading.  

Professional Competency and Diligence

Article 31 – (1) Internal auditors have to possess and improve the professional competency required by their duties. Professional competency expresses the state of having certain knowledge and skills required by the profession and the ability of collecting, examining, evaluating and reporting sound data and evidence related to the audit issues. Internal auditors, when carrying out their duties, display due attention and diligence expected from a competent internal auditor with common sense.  

(2) Internal auditors should possess the relevant knowledge on the risks and controls of information technologies and also the existing computer assisted audit techniques.

(3) Head of public administration shall take the necessary measures to ensure that internal auditors improve themselves professionally and pursue the advancements and also to increase their motivation to work.   

Responsibility to maintain professional competency

Article 32 – (1) Internal auditors are responsible for developing and improving themselves on the following issues:

a) To know and apply internal audit methods and techniques.

b) To possess the knowledge on accounting principles and standards as well as management accounting and financial management.

c) To know the legislation related to his/her field of duty and put this knowledge in practice.

d) To possess the knowledge that will allow to evaluate the significant deviations from the targets of the public administrations and the results of such deviations.

e) To possess good communication skills.

f) To be able to clearly express the goal of the internal audit activity, evaluations on the findings, audit results and recommendations in writing and verbally.

 g) To have the capacity to be able to distinguish the issues which will require a detailed examination or investigation from the resulting outcomes of the information, documents and findings obtained in the course of the internal audit activities.

h) To have the knowledge to improve management and internal control systems and to bring solutions regarding the functioning of these systems.

i) To have the adequate knowledge on the issues of performance audit and evaluation of performance indicators.

j) To possess knowledge on risk analysis, assessment and management.

k) To have the necessary knowledge to analyse the data and the obtained results by using statistical methods.

l) To possess knowledge on the functioning of the automated systems in the public administrations.

In-Service Training

Article 33 – (1) Internal auditors are provided with minimum one hundred hours of in-service training every three years. Thirty hours of this period is provided by the Ministry of Finance under the coordination of the Board. In accordance with the arrangements of the Board related to the field of training, the remaining hours are programmed by the internal audit units considering the requirements of the concerned public administrations.

(2) When deemed necessary, internal audit units perform courses, seminars and similar activities at least once a year through building cooperation with the professional institutions, universities, other agencies and institutions that carry out activities in the field of science. In-service training activities are included in internal audit plan and program.

(3) In-service training programs are communicated to the internal auditors at least one month in advance.

(4) Public administrations provide a minimum of one-week orientation training for those who have taken office as internal auditors.

(5) The Board may arrange preparation courses for international internal audit certificate examinations with an aim to enhance the professional competency of internal auditors.

Information Technology Audit Training

Article 34 – (1) A separate training shall be provided under the coordination of the Board to the group that is established among the internal auditors working in public administrations considering the needs with a view to ensure the software, hardware and information technologies are sufficient, they are used efficiently, they are secure against unauthorised access, access to information and records are under control and audited within a single system.

(2) Procedures and principles on the establishment and training of these groups shall be determined by the Board.

Training Abroad

Article 35 – (1) The principles regarding the training and internship of internal auditors in foreign countries shall be determined within the provisions of relevant legislation by the Board.

SECTION SEVEN

Assessment of the Risks

Performing Risk Based Internal Audit

Article 36 – (1) It is by principle that internal audit activities are carried out as risk based. Through the continuous measurement and assessment of possible risks to which the public administrations may be exposed, risk based internal audit plan and program shall be prepared. Internal audit shall be carried out in accordance with this plan and program.  

(2) Giving priority to the most risky areas in public administrations and taking into account the internal audit facilities, one or more internal audit implementations shall be included in the program.

(3) High risk areas for the public administration shall be determined consequent to the risk assessments. By also considering the recommendations of the head of public administration, internal audit unit includes in the audit program the risks associated with the public administration that can not be accepted and has the audit program approved by the head of public administration. This approval shall not mean an intervention to decide that the audit program shall be prepared as risk based, which risks are high and which are low or which shall be included in the program. After the approval of the program, special internal audit outside the scope of the program may be performed in the event that significant risk areas are detected or it is recommended by the Board.  

(4) Audit Manual which is prepared as risk based shall be developed and updated by the Board.

(5) The Board shall determine the risk assessment methods to be used for the execution of risk based internal audit activities; and procedures and principles regarding the risk assessment taking into account the international practices.

Assessment of the risks

Article 37 – (1) The administration shall be responsible for the development and implementation of the strategies necessary for the identification and control of risks.

(2) All activities of public administrations shall be subjected to a comprehensive risk analysis by their internal audit units in accordance with the arrangements of the Board. The results of these analyses shall be assessed and the risks that may affect the services of public administrations shall be listed through weighing in accordance with the proportion and significance of risks.

(3) Internal audit plan and programs related to the implementations shall be prepared according to these assessment results with priority given to highest risk areas and subjects. During the preparation of audit programs, the issues that the head of public administration observes as risky and requests that it should be prioritised as well as the number of internal auditors, working period and facilities shall be taken into account and maximum efficiency is aimed through giving priority to areas and subjects most at risk.

(4) Since new units and activities, restructuring projects, significant changes in organisation and human resources involve a high level of risk, they shall be given priority in inclusion to audit program. 

(5) At the end of each year, current risks according to the audit results shall be reviewed in meetings to be held in audited units.

Responsibility of the internal auditor in risk assessment

Article 38 – (1) The internal auditor shall assess significant risks that may affect the objectives, activities and assets of public administration.

SECTION EIGHT

Planning, Performing and Reporting of Internal Audit

Internal audit plan

Article 39 – (1) In order to ensure the effective, economical and efficient execution of internal audit activities, internal audit plan shall be prepared for three-year periods through discussions with the unit administrators and by taking into consideration the internal audit strategic plan prepared by the Board so as to cover the scope of audit, the areas and subjects to be audited, required labour force and other resources. This plan shall be reviewed according to annual risk assessment results and modified when necessary.  

Internal audit program

Article 40 – (1) Prioritizing the areas and subjects with highest risk and taking into account the cost of audit, an internal audit program that is in concordance with the internal audit plan shall be prepared through discussions with the administrators and when necessary, with employees. In internal audit programs which will be prepared not to cover more than a period of one year, the areas and subjects to be audited, the names of internal auditors shall be determined and scheduled. The prepared internal audit program shall be approved by the head of public administration.

(2) The Board shall determine the procedures and principles regarding the preparation of internal audit plan and program.

Work planning

Article 41 – (1) Before starting auditing, the internal auditor shall have meetings with the head of relevant unit and other personnel on the issues of the goal of audit, scope of audit, methods to be used in audit, estimated audit time, personnel to assist the audit, expectations from employees during the audit, expectations of the administration from the audit and the issue of reporting of audit results.

(2) The internal auditor shall prepare his/her work plan according to the outcome of these meetings and shall start performing the audit activity. The audits shall be carried out in accordance with this working plan.

Execution of audit

Article 42 – (1) The internal auditor shall execute the audit activity through benefiting from audit manuals. The internal auditor is obliged to identify, examine and assess sufficient and reliable information and documents in order to reach the audit objectives specified in the audit program and work plan.

Reporting Principles

Article 43 – (1) The results of the audit activity shall be recorded with the report to be issued. The internal auditor shall state his/her opinion in the report and if the internal auditor has not reached a conclusion as to the audit opinion, he/she shall clearly indicate the pertaining reasons. Internal audit reports shall be written as short, clear, easily understandable and in a non-repetitive manner. Reports shall be prepared in a coherent manner, as based on sufficient evidence and according the reporting standards determined by the Board.

(2) Other issues related to types of reports and reporting standards shall be regulated through the directives of internal audit units in accordance with the arrangements by the Board. 

Submission of Reports

Article 44 – (1) The internal auditor submits the audit report to the head of audited unit to be responded within a certain period. Heads of unit shall respond to the report by obtaining the opinions of employees and relevant persons when necessary and sends the respond to the internal auditor.

(2) If there is disagreement between the internal auditor and the head of audited unit concerning the significance and level of risks, the internal auditor shall include his/her evaluation on this situation in the audit report.

(3) If the internal auditor and the head of audited unit share the same opinion as to the significance and level of risks, an agreement shall be reached so that measures shall be taken within a reasonable period.

(4) The internal auditor shall submit his/her report to the head of public administration by including the opinion of the public administration together with the responds as well as his/her report summary covering the scope of internal audit, risks identified during the audit activity, possible effects of the risks, general evaluation on the results of the audit activity and recommendations on the elimination or minimization of the risks.

(5) Upon the evaluation of the reports by the head of public administration, they shall be submitted to the relevant units and strategy development unit for due action.  

(6) Whether the measures stated in the audit report are taken shall be monitored by the head of public administration.

Transactions to be carried out based on internal audit reports

Article 45 – (1) The procedures and principles regarding the evaluation of the internal auditors’ reports by the internal audit units within the scope of quality assurance, submittal of these reports to relevant authorities and the elimination of possible conflicts of opinion shall be defined through directives of internal audit units in accordance with the arrangements of the Board.

(2) Transactions carried out on the report by the administrative units or grounds for not performing transactions shall be submitted to the internal audit unit so as to be notified to the internal auditor.

(3) Internal audit reports and the transactions carried out on these reports shall be submitted to the Board within two months starting from the date when the report was submitted to the head of public administration.

Unit Activity Report

Article 46 – (1) The annual activity report shall include; internal audit activities including those performed outside the program, the performance of internal audit unit, findings and recommendations of the internal audit unit, the reasons for not approving or implementing recommendations if any, the training of internal auditors, consultancy services provided to the administration and information regarding results of other activities.

(2) General evaluation of management and control system of the relevant public administration, significant risks, management and control problems and the relevant recommendations shall be included in the activity report. Unit activity report shall be submitted to the Board until the end of February.

SECTION NINE

Monitoring of Internal Audit

Evaluation of internal audit

Article 47– (1) With an aim to increase the efficiency of internal audit, the audit activities may be evaluated through a questionnaire to be carried out in the audited units.

Follow-up of internal audit results

Article 48– (1) A follow-up system shall be established in the internal audit unit in order to monitor the implementation of internal audit reports.

(2) As regards the issue of audited activities, heads of the units shall take the measures related to the recommendations in the audit report. In case of a failure to take measures, internal audit unit shall notify the head of public administration.

Internal audit general report

Article 49 – (1) The Board shall evaluate the internal audit reports and submit the results to the Minister of Finance by consolidating them into an annual report; and publicise on the internet, through media or in writing.

SECTION TEN

Various and Final Provisions

Evaluation of Complaints

Article 50 – (1) The issues alleged by the denunciations and complaints conveyed to internal audit units are taken into account in the risk analyses, and taken into consideration within the audit planning and audit. The issues where the identity of the person who claimed the complaint is known and the subject of complaint is clear and that should be examined urgently shall be notified to the head of public administration.

Joint work with the internal auditors of other public administrations

Article 51 – (1) As regards the issues that concern more than one public administration, the issues related to the joint work of internal auditors shall be regulated by the Board. 

Detection of Corruption

Article 52 – (1) The internal auditor shall carry out the audit activity with the knowledge, skills and experience that enable him/her to detect evidence of corruption. The internal auditor immediately conveys his/her findings of corruption and the evidence obtained to the head of public administration.

Internal audit activity abroad

Article 53 – (1) Procedures and principles related to the internal audit of public administrations’ unit that are in foreign countries shall be regulated by the Board.

Transition to administrative duties and return to the internal auditor position

Article 54 – (1) Internal auditors shall act in accordance with the professional code of ethics determined by the Board and public internal audit standards in terms of their appointment to administrative duty and return to internal auditor position.

Elimination of hesitations and assurance of unity in practice

Article 55 – (1) The Board shall be authorised to implement this By-law, to carry out the necessary arrangements to eliminate the hesitations that may arise in the course of internal audit activity and to ensure unity in practice.

Those to be appointed as internal auditors according to the Law

PROVISIONAL ARTICLE 1 – (1) In accordance with the Provisional Article 5, sub-paragraphs (c), (d) and (e)  of the Law, those who are appointed as internal auditors shall be given an  Grade (A) internal auditor certificate to be validated starting from the date of their appointment. Internal auditors appointed in this manner shall be subject to the certificate grading defined in the By-law.

(2) Those who are appointed as internal auditors shall receive a three-month training on the implementation of the system foreseen by the Law, to be given by the Ministry of Finance under the coordination of the Board and on the set dates.

Entry into Force

Article 56 – (1) This By-law shall enter into force on its date of publication.

Execution

Article 57 – (1) Provisions of this By-law shall be executed by the Council of Ministers.