Governance, Risk and Compliance Services

An effective internal audit function and internal audit process is one of the fundamental elements for corporate governance, and it evaluates whether the systems are working properly, the efficiency and reliability of the processes, and whether the legal requirements are fulfilled. Co-sourcing for internal audit activities and out-sourcing may reduce your internal audit and leverage industry knowledge and global internal audit resources. With our expert team who are experienced in internal auditing and having professional certificates, we assist you in the following matters:

• Performing deep and broad internal audit activities involving professionals who have experience in accounting, finance, tax and technology with industrial knowledge,
• Creation of a risk-based internal audit plan and risk assessment,
• Co-sourcing and outsourcing for the internal audit activity,
• Providing internal audit trainings (theoretical trainings and pilot audits and on-the-job training).

Internal Auditing is a consulting activity designed to provide independent assurance, improve the organization's operations, and add value. Internal audit helps the organization achieve its objectives by providing a systematic and disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. With our expert team, who are experienced in internal auditing and having professional certificates, we assist you in the following matters:

• Determining the position of the internal audit function in the organization,
• Establishing the audit committee and establishing the reporting relationship of the internal audit function with the senior management,
• Determining the internal audit methodology and preparing the standard documents to be used,
• Establishing audit committee regulation, internal audit regulation, job descriptions and working principles,
• Risk assessment and creation of a risk-based internal audit plan,
• Providing internal audit trainings (theoretical trainings and pilot audits and on-the-job training).

In today's complicated and rapidly changing business world, company executives are under increasing pressure to reduce risks and take necessary action in their daily activities. The internal control system of an company plays an important role in achieving the objectives of the institution and is at the top of the agenda of the managers. With our expert team, who are experienced in internal control and process analysis and have professional certificates, we assist you in the following matters:

• Evaluating your processes from a risk and control perspective, determining the risks on the processes and the existing controls designed to reduce this risk,
• Documentation of controls and creation of risk control matrices,
• Evaluation of the design and implementation of existing controls,
• Identifying control deficiencies and areas for improvement over processes by comparing them with KPMG's global database and best practices,
• Supporting the creation/development of workflow charts, policies and procedures,
• Creation of job descriptions and authorization / approval matrix.

Entities that operate their internal audit units in accordance with "International Standards" can have an effective internal control environment, advanced risk management processes and a self-confident Board of Directors. However, in order to move from an "adequate internal audit unit" to an "internal audit unit at international standards", it is necessary for management and internal audit unit managers to achieve a balancing harmony within the framework of the topics of “positioning, human resources / team and processes”. We are performing the assessment of quality assurance of your company's existing internal audit function by using leading quality control and benchmarking techniques with our expert team, which has extensive industry experience in internal audit quality assurance assessment. We assist in the performing of quality assurance assessment by making independent and objective evaluations in determining the position of the existing internal audit functions in in line with international standards; its position in Turkey, in the world and in your industry.

The Sarbanes-Oxley Act was signed on July 30, 2002 to cover publicly traded companies in the United States, with the aim of improving controls over companies' financial reporting. With the said law, the identification, documentation and evaluation of risks and controls over the financial reporting of companies were made obligatory. With our expert team, experienced in SOX and have professional certificates, we offer you to help in the following points.

• Drawing flow charts, writing procedures and identifying control points,
• Identifying and testing risks and existing controls for financial reporting,
• Documenting the test results.

Companies are faced with several risks on the way to achieving their goals. Knowing these risks and integrating them into company strategies and decision-making processes makes it possible to achieve the goals. As KPMG Turkey, we support our clients in establishing and maintaining a risk management program to identify and manage risks that may prevent them from achieving their goals. With our expert team, experienced in Enterprise risk management and are in possession of professional certificates, we offer you to help in the following points:

• Determining the fundamental risk strategy and risk analysis methodology,
• Analysis of the effectiveness and maturity level of enterprise risk management activities,
• Establishing a company-wide enterprise risk management program and framework,
• Performing enterprise risk assessment,
• Creation of enterprise risk inventories and risk maps,
• Implementation of practices for monitoring enterprise risks on systems,
• Identifying key risk indicators,
• Providing enterprise risk management trainings,
• Creation of risk committee regulation by supporting the risk committee structuring,
• Creation of risk committee report format,
• Preparing risk management guide and determining the risk management organizational structure, roles and responsibilities.

During the preparation of the corporate governance principles compliance report, we support our clients to ensure that the relevant report complies with the SPK (Capital Market Boards of Turkey) and BDDK (Banking Regulation and Supervision Agency) regulations. With our team experience in corporate management, we offer you to help in reporting the following points:

• Statement of compliance with corporate governance principles,
• Shareholders,
• Public disclosure and transparency,
• Stakeholders,
• Board of Directors.

It is highly important for companies to ensure the same product and service quality at all points where companies contact with their customers (dealer, distributor, store, agency, etc.), to control compliance with local and global regulations and internal regulations of companies, to monitor the performance of contact points and to monitor them financially. As KPMG Turkey, we support our customers to have the best experience at the points where they contact with their customers and to highlight their risky areas. We hereby advice in regard to following matters along with our experienced team in dealer and distributor auditing:

• Identifying process / systematic risk areas that affect dealer and distributor profitability,
• Evaluating the adequacy of control points on risks,
• Evaluating / determining dealer and distributor selection principles,
• Determining dealer and distributor management processes and sharing responsibilities,
• Establishing performance-enhancing incentive and bonus systems for dealers and distributors,
• Establishing and evaluating reporting systems for dealer and distributor channels,
• Designing and making operational, reporting of return / wastage processes,
• Designing and implementing cost-reducing controls
• Evaluating business profitability and cost analysis,
• Performing compliance management against current legal regulations, global requirements, and internal regulations.

Global organizations are exploring innovative ways to achieve their corporate goals in a rapidly evolving and often complex risk environment. Many organizations are starting to monitor their processes, processes, systems and control points within the organization from a Continuous Auditing (CA) and Continuous Monitoring (CM) perspective. Thus, technology-based applications are becoming a more practical and necessary alternative for managing performance and key risk/control areas.

Continuous Auditing (CA) is done by internal and external auditors over a period of time or continuously by collecting evidence and indicators for processes and IT systems. It provides efficiency in cases such as automating existing time-consuming manual processes, reducing waiting times for data and detecting errors early. Unlike traditional auditing, possible errors are detected instantly.

Continuous monitoring (CM) monitors the control gaps that are known and may occur within the Institution from the point of view of the Management. CM enables management to gain greater visibility into the organization while maintaining top performance. Thus, it also has a deterrent effect as it is constantly monitored. Implementing Continuous Monitoring (CM) and Continuous Auditing (CA) is more than implementing a technology-based audit. As KPMG Turkey, we support you in designing an CM / CA framework that supports your strategic management objectives;

• Performance monitoring panel, key risk indicators and reporting design and implementation with CA and CM approach,
• Optimizing continuous monitoring of controls, operations and performance indicators,
• Evaluating anti-fraud processes,
• Supporting the integration of governance, risk and compliance,
• Designing / setting up more complex data analysis initiatives.

The use of unlicensed software may result from highly complex license agreements or the company's lack of processes for transferring and managing software. The better you are at managing software usage, the better you will be with licensing and maintenance revenue.

With our experienced team in software license auditing, we help you in the following matters:

• Periodically measuring the effectiveness of software asset management processes and controls,
• Understanding and proactively managing software license rights,
• Managing financial risks,
• Increasing efficiency by organizing software assets,
• Reducing the software maintenance costs,
• Low technology risks, interruptions, and associated costs,
• Reducing the losses caused by misuse,
• Configuration of preferable commercial license terms to match current and future needs.

With the increasing competitive environment, Company shareholders need to manage the uncertainties they face with a proactive approach. Governance, risk and compliance services is an integrated framework that combines governance, risk, compliance and assurance functions to achieve a consistent and holistic approach across the enterprise.

With our expert team, who are experienced and have professional certificates, we help you in the following matters:

• Drawing up a risk management roadmap that is specific to the institution,
• Understanding and proactively managing software license rights,
• Decision making by promoting a risk-aware culture and addressing layers of assurance
• Getting more efficiency from ERP systems,
• Monitoring corporate risks with systems with technological infrastructure,
• Designing segregation of duties rules and resolving relevant violations, if any.

Needs:

• Mature business processes that support your company's growth goals,
• Effective management and prioritization of your company project portfolio
• Comparison of your business processes with international best practices
• Independent assessment of the current situation of business processes
• The steps we follow together with the process maturity analysis.
• Analysis: Collection of the necessary data by examining the steps that make up the process and the employee/technology relationship in the process in detail.
• Evaluation: Comparison of best practices and KPMG international examples
• Roadmap: Result of the analysis, creating a roadmap that includes projects and actions for the needs of the company
• Implementation: Optionally, supporting companies in the implementation and management of projects included in the roadmap

Nowadays, with the rapid change in technology and needs, companies need change and development. At this point, continuous improvement of business processes and organization is one of the most important tools for companies to be successful.

As KPMG, with our expert teams, we first examine the current status of all or a certain part of the business processes and identify areas open for improvement. We support the redesign of processes, considering the development areas and opportunities identified in the processes. In the design phase of processes, we make use of KPMG's international methodologies and good practices. We help increase process efficiency and improve the process by optimizing work steps and the number of employees and provide services in the use of a performance management system within the scope of process management and the determination of process key performance indicators. With the increasing environment, Company stakeholders need to manage the uncertainties encountered with a proactive approach. Governance, risk and compliance services is an integrated framework that combines governance, risk, compliance and assurance functions to achieve a consistent and integrated approach across the institution.

Needs:

• Developing the business processes in line with the company's strategic goals
• Analysis of existing business processes and identifying the areas open for improvement
• Increase of the work and process efficiency
• Improvement of processes so that business processes and company operations reach the expected maturity
• Transformation of processes in line with changing and developing company goals
• Identification of digitalization opportunities for processes

Solutions:

• Providing fast and easy development opportunities by comparing business processes with best practices
• Evaluation of the effects of process owners on the process
• Researching the applicability of new technologies and determining the technology roadmap
• Creation of flows for improved processes

Your Needs:

• Obtaining the ideal result with limited resources in the sectoral competitive environment
• Minimizing business steps with low added value by means of digitalization services
• Increasing the efficiency of processes

Our Solutions:

• Analysis of current process steps and bottlenecks in processes
• Implementing new integrations and improving process performance through technology
• Reducing the time spent on repetitive, rule-based tasks with low added value and enabling employees to focus on value-added tasks
• Ensuring the efficiency of the organization and optimizing the number of employees

In an effective corporate performance management structure, it is aimed to reduce company targets to employees. With the change in technology and needs, the performance management culture of companies also changes. In this context, it is aimed to reduce company targets to employees in an effective performance management structure.

KPMG Performance Management System

• Determining and integrating company / department / employee goals
• Sharing best practices regarding targets with companies
• Determination of measurement criteria and frequencies
• Designing reward and bonus systems for specified goals
• Establishing monitoring and follow-up mechanism for senior management

Institutionalization

Institutionalization is the key to sustainable growth and organizational development; It is on the agenda of both regulatory agencies and investors. The following issues are significant for obtaining competitive advantage:

• Decreasing dependency on people in processes
• Ensuring the continuity of operations
• Sustainability of the company's growth and reliable corporate image
• As KPMG Turkey, within the scope of corporate development services, we provide the following services for the diagnosis and improvement of critical development areas for the company.

Evaluating inefficiencies in business processes is an important step for companies to grow. Delays in identifying areas for improvement may adversely affect the growth, reputation, or business continuity of companies.

Your needs:

• Your strategic plan and goals are up-to-date and accurate
• Determining the maturity level of business processes, prioritizing your projects
• Evaluation of the suitability of the System and Information Technologies infrastructure to your company's needs
• Establishing the correct and effective organizational structure
• Identifying improvement areas in your supply chain / factory operation and creating action plans
• Identifying processes dependent on people and making these processes dependent on the system

Our solutions:

• Performing maturity analysis of existing business processes
• Making assessments using KPMG's international methodologies and good practices
• As a result of the evaluation, creating a road map that includes current and potential development areas, risks and actions to be taken.

Corporate governance is the management of companies with an accountable and transparent approach to ensure the highest benefit for all stakeholders.

Our solutions:

• Establishing / improving the committee structure and working principles of the Board of Directors,
• Company organization and top management structuring
• Co-sourcing and outsourcing for the internal audit activity,
• Analysis of compliance with corporate governance principles, planning and management of the institutionalization process
• Establishment of policies and procedures