Activities
CHAPTER ONE
Purpose, Scope, Basis and Definitions
Purpose and scope
ARTICLE 1 - (1) The purpose of this Directive is to regulate the principles and procedures regarding the operation and management of the Mersin University Internal Audit Unit and the duties, authorities and responsibilities of the internal auditors and the Senior Manager regarding Internal Audit.
(2) This Directive is read and signed by the Senior Manager, the head of the Internal Audit Unit and the internal auditors and kept in the Internal Audit Unit Headquarters.
(3) This Directive covers Internal Audit activities, internal auditors and audited unit personnel.
Legal basis
ARTICLE 2 - (1) This Directive has been prepared in accordance with Article 13 of the Regulation on the Working Principles and Procedures of Internal Auditors.
Definitions
ARTICLE 3 - (1) In this Directive:
a) University: MERSIN UNIVERSITY,
b) Rector: RECTOR OF MERSIN UNIVERSITY,
c) President: HEAD OF THE INTERNAL AUDIT UNIT,
d) Audit Supervision Officer: A senior internal auditor appointed by the head of the Internal Audit Unit to oversee the planning, execution and reporting of each Internal Audit activity in accordance with auditing and reporting standards.
e) Internal Auditor: Internal auditors with certification at all levels who are responsible for carrying out Internal Audit activities within the framework of this Directive and relevant legislation.
f) Internal Audit: An independent, objective assurance and consultancy activity carried out to assess whether resources are managed in accordance with the principles of economy, effectiveness and efficiency in order to add value and improve the work of the Public Administration and to provide guidance.
g) Internal Audit Unit Directorate: The organization consisting of the head of the Internal Audit Unit, internal auditors and office staff,
g) Law: Public Financial Management and Control Law No. 5018,
h) Board: Internal Audit Coordination Board,
i) Senior Manager: Rector of Mersin University,
i) Regulation: Regulation on the Working Principles and Procedures of Internal Auditors, which entered into force with the Council of Ministers Decision No. 2006/10654 dated 26.06.2006,
j) Directive: This Directive,
It expresses.
CHAPTER TWO
Purpose, Scope and Standards of Internal Auditing
Purpose of Internal Audit
ARTICLE 4 - (1) Internal Audit activity aims to ensure that the activities of the Rectorate are planned and carried out in accordance with the objectives and policies, development plan, programs, strategic plans, performance programs and legislation, that resources are used effectively, economically and efficiently, and that information is reliable, complete and available on time by evaluating and improving the effectiveness and adequacy of risk management, internal control and management processes.
Scope of Internal Audit
ARTICLE 5 - (1) The activities and operations of all units of the Rectorate are within the scope of Internal Audit. (2) Internal Audit is carried out in accordance with Internal Audit standards, with a systematic, continuous and disciplined approach, based on the risk level of the activities, processes or units.
Public Internal Auditing Standards and Professional Code of Ethics
ARTICLE 6 - (1) Internal Audit activities are carried out in accordance with the relevant legislation and the Public Internal Audit Standards and the Public Internal Auditors Professional Ethics Rules determined by the Board. In cases where there is no clarity, international auditing standards and ethical rules are taken into account.
CHAPTER THREE
Internal Audit Unit Directorate, Management and Duties
Structure of the Internal Audit Unit
ARTICLE 7 - (1) The Presidency consists of the President, internal auditors and office personnel.
(2) The Presidency carries out its activities directly under the authority of the Chief Executive Officer and cannot be associated with any office or authority other than the Chief Executive Officer.
Duties of the Internal Audit Unit Directorate
ARTICLE 8 - (1) The Internal Audit Unit Directorate carries out the following duties:
a) To supervise all activities and operations of the Rectorate organization,
b) To evaluate whether the Rectorate's resources are managed in accordance with the principles of economy, effectiveness and efficiency, based on objective risk analyses, and to provide guidance and consultancy,
c) To conduct legal compliance audits,
d) To evaluate the effectiveness and adequacy of the Rectorate's risk management, internal control and governance processes,
d) To carry out other operations related to Internal Audit activities.
Duties and powers of the Senior Manager
ARTICLE 9 - (1) The duties and authorities of the Senior Manager regarding Internal Audit are as follows:
a) To approve the Internal Audit plans and programs prepared by the Internal Audit Unit, to assign tasks related to non-programmatic issues that fall within the authority and duty of the Unit, and to make assignments related to the Internal Audit activities to be carried out,
b) To inform the Internal Audit Unit about the units and subjects that it deems necessary to include in the plan and program during the preparation of the Internal Audit plans and programs,
c) To put into effect the Internal Audit directive and directive amendments prepared by the Internal Audit Unit, after obtaining the approval of the Board,
c) To directly appoint the President,
d) To make the scoring regarding the certificate rating upon the proposal of the President,
e) To resolve disputes between the Internal Audit Unit and the audited unit management and to make the final decision,
f) To implement necessary measures and sanctions against managers and personnel of the audited units who exhibit actions or attitudes that prevent or delay the execution of audit activities,
g) Evaluating the Internal Audit reports and sending them to the relevant units and the Strategy Development Department for necessary action,
g) To send the annual Internal Audit activity report prepared by the Internal Audit Unit Directorate and the internal audit reports and the actions taken on them to the Board within two months,
h) To perform other duties assigned by legislation regarding Internal Audit activities.
Responsibility of the Senior Manager
ARTICLE 10 - (1) In carrying out the Internal Audit activities of the Senior Manager:
a) Takes all necessary measures to ensure that internal auditors perform their duties independently,
b) Provides internal auditors with the necessary opportunities to identify risks that may negatively affect the activities of the Rectorate,
c) Ensures effective communication between the Rectorate units in order to provide the necessary information and documents to the internal auditors on matters falling within the scope of Internal Audit activities,
d) Evaluates the issues suggested for correction and improvement by the Internal Auditors in the Internal Audit reports and takes the necessary measures,
d) Compares the information obtained from the internal control process with the information obtained from the Internal Audit and determines the measures for the effective, economical and efficient use of resources, in consultation with the Internal Audit Unit, when necessary.
e) Takes necessary measures to improve the professional competence of internal auditors,
(2) The Senior Manager provides all kinds of contributions specified in the relevant legislation to obtain the highest level of benefit expected from Internal Audit activities.
(3) The senior manager ensures the President's participation in regular meetings with the senior management of the Rectorate.
Appointment of the Head of Internal Audit Unit
ARTICLE 11 - (1) The President is appointed from among the internal auditors with the approval of the senior manager. This appointment is notified to the Board within 10 business days at the latest.
(2) In the absence of the chairman, the senior internal auditor shall act as chairman.
Duties, authorities and responsibilities of the Head of Internal Audit Unit
ARTICLE 12 - (1) The duties and powers of the President are as follows;
a) To manage the Internal Audit unit in accordance with the legislation, auditing and reporting standards and other regulations of the Board.
b) To prepare the Internal Audit directive, Internal Audit plan and Internal Audit program with the participation of internal auditors and submit them to the approval of the senior management.
c) To assign internal auditors within the scope of the program and outside the program.
d) To ensure that internal auditors carry out their activities in accordance with the directive, Internal Audit plans and programs and to take the necessary measures in this direction.
d) To check the compliance of Internal Audit reports with the reporting standards determined by the Board.
e) To establish a follow-up system to monitor the audit results, to monitor whether the issues agreed upon between the audited unit managers and the audit team are fulfilled, and to take action in line with the decision of the senior manager in cases where there is no agreement.
f) To inform the relevant internal auditors about the transactions carried out by the audited unit within the scope of the monitoring activities carried out within the framework of the recommendations and action plans included in the Internal Audit reports and to follow up the monitoring results through the internal auditors.
g) To monitor the quality of the Internal Audit activity in accordance with the regulations of the Board and to establish a quality assurance and development program for this purpose and to monitor the performance of internal auditors.
g) To take corrective and remedial measures regarding external evaluation results.
h) To ensure that internal auditors regularly increase their knowledge and skills in accordance with the in-service training program.
i) If deemed necessary, to ensure that another internal auditor or subject matter expert receives opinion, assistance or service regarding Internal Audit activities.
i) To take the necessary measures and inform the senior management in cases where the independence or impartiality of internal auditors is compromised or violated while performing their duties.
j) To report to the senior management the findings of the internal auditors regarding the situations that constitute administrative and/or criminal offenses and require investigation or preliminary examination.
k) To inform the Board about any hesitations or problems that arise in the implementation of the legislation and Board decisions regarding Internal Audit.
l) To prepare the annual Internal Audit activity report, including the general evaluation of the internal control system, and to present it to the senior management.
m) To carry out transactions related to the Presidency's budget and to act as the spending authority.
n) To provide the professional tools, equipment and materials needed by the Presidency personnel and to take the necessary measures,
o) To propose to the Senior Manager the scoring based on which the internal auditors will be graded,
ö) To review the Internal Audit Directive once a year together with the internal auditors and to submit any proposed changes to the Top Manager for approval,
p) To ensure communication and coordination between the Court of Accounts and the Internal Audit Unit,
r) To ensure the necessary cooperation with other audit units within the framework of the principles determined by the Board,
s) To resolve any conflicts that may arise between the internal auditor and the audit supervisor during the audit activities carried out,
ş) To grant annual, administrative, health and excused leaves to internal auditors and office personnel,
t) To determine and assign internal auditors to participate in meetings, courses, seminars, etc. to be held at or outside the Rectorate.
u) To perform other duties assigned by legislation and other duties assigned by the senior management regarding Internal Audit activities.
Office and administrative staff
ARTICLE 13 – (1) An office is established to carry out the work and transactions related to the activities of the Presidency, and a sufficient number of qualified personnel are assigned to the office.
(2) The nature and scope of administrative duties and the duties, powers and responsibilities of the personnel are determined in writing by the Presidency.
CHAPTER FOUR
Duties, Powers and Responsibilities of Internal Auditors
Duties of the Internal Auditor
ARTICLE 14 - (1) Internal auditors carry out the following duties:
a) To evaluate the management and control structures of public administrations based on objective risk analyses.
b) To conduct studies and make recommendations for the effective, economical and efficient use of resources.
c) To conduct a legal compliance audit after the expenditure.
d) To audit and evaluate the compliance of the administration's expenditures, decisions and savings regarding financial transactions with the objectives and policies, development plans, programs, strategic plans and performance programs.
d) To conduct system audits of financial management and control processes and to make recommendations on these matters.
e) To make suggestions for improvements within the framework of audit results and to follow them.
f) To notify the highest authority of the relevant administration through the President, if a situation requiring an investigation is encountered during the audit or according to the audit results.
g) To check the accuracy of the information produced by the public administration.
g) To assist in determining performance indicators when deemed necessary by the senior manager and to evaluate the applicability of the determined performance indicators.
h) To report the findings regarding the situations constituting a crime to the senior management through the President.
Powers of the Internal Auditor
ARTICLE 15 - (1) Internal auditors have the following powers:
a) To request the presentation of all kinds of information, documents, cash, valuable papers and other assets, including those in electronic media, regarding Internal Audit activities,
b) To receive assistance and request written and verbal information from the employees of the audited unit or the personnel of the unit to which the task is related, as required by Internal Audit activities,
c) To obtain expert assistance or benefit from their opinions on matters required by Internal Audit activities,
d) To benefit from the tools, equipment and other facilities required for Internal Audit activities,
d) To report to the Senior Manager, through the Presidency, those who exhibit attitudes, behaviors and actions that prevent the execution of the duty.
Responsibilities of the Internal Auditor
ARTICLE 16 - (1) The internal auditor shall comply with the following matters while performing his duties.
a) To act in accordance with legislation, auditing standards and ethical rules,
b) To continuously improve professional knowledge and skills,
c) To inform the President in cases that exceed his/her authority and capacity,
d) To report to the President any situation that prevents the impartial and independent performance of the assigned task.
d) To rely on evidence in audit reports and to be impartial in their evaluations,
e) To protect the confidentiality of the information obtained during the audit.
(2) Internal auditors shall act in accordance with the professional ethics rules and public Internal Audit standards determined by the Board when they are appointed to administrative positions and when they return to internal auditing.
CHAPTER FIVE
Independence, Impartiality and Professional Assurance
Independence of the Internal Audit activity
ARTICLE 17 - (1) Internal Audit activities are independent of the daily operations of the Rectorate. Internal auditors perform their duties with complete independence within the scope of the Law, Regulations, and this Directive.
(2) The scope of the Internal Audit activity and audit practices cannot be interfered with, and internal auditors cannot be asked to change their opinions. It is the responsibility of the President and Senior Manager to ensure that internal auditors perform their duties independently and without being influenced by anyone.
(3) The independence of Internal Audit is regularly evaluated by the Board within the scope of the quality assurance and development program.
Objectivity of the Internal Auditor
ARTICLE 18 - (1) Internal auditors act with the principle of impartiality in the performance of their duties. They apply all necessary audit techniques to achieve the audit's specified objectives. They gather all necessary information and documents. They evaluate this information and documents in a way that ensures that every auditor with impartial, sufficient knowledge and experience reaches the same conclusions, and they form their opinions without compromising audit quality or being influenced by the opinions and suggestions of others.
(2) If internal auditors encounter a situation that may impair their independence and impartiality while performing their duties, they shall immediately notify the President in writing.
(3) The President shall take into consideration the issues that may impair the impartiality of the internal auditors when assigning them.
(4) Those appointed to internal audit positions for the first time, or those who have returned to internal audit positions after holding administrative positions, cannot conduct internal audit activities for the work for which they were previously responsible before one year has passed. Audits cannot be conducted for consultancy or similar activities before one year has passed.
Professional Assurance of Internal Auditors
ARTICLE 19 - (1) Internal auditors cannot be assigned or made to perform any duties other than those specified in the Law, Regulation and this Directive.
(2) Internal auditors cannot be assigned to other duties by proxy, delegation or assignment without their consent.
(3) The Presidency's opinion may be sought for those who have previously worked as internal auditors at the Rectorate when they return to the profession.
(4) Internal auditors cannot be assigned to another position against their will, without prejudice to the provisions of the second paragraph of Article 24 of the Regulation.
CHAPTER SIX
Planning Internal Audit Activities
Internal Audit Strategy
ARTICLE 20 - (1) In the preparation and implementation of plans and programs regarding Internal Audit activities, the Public Internal Audit Strategy Document, which will be prepared by the Board every three years and which determines the general strategy of internal audit for the three-year period and will form the basis for the planning and programming of the Internal Audit Units, will be taken as basis.
Risk focus in auditing
ARTICLE 21 - (1) Internal Audit is carried out within the framework of the risk-focused Internal Audit plan and program prepared based on the risks faced by the Rectorate in its work and operations.
(2) The principles and procedures determined by the Board regarding risk assessment shall be followed.
(3) Risks identified by the Rectorate units are subjected to a risk analysis by the Internal Audit Unit. As a result of this analysis, risks are ranked by their rate and severity. Based on the analysis conducted by the Internal Audit Unit regarding significant risks that could affect the institution's objectives, activities, and assets, the Internal Audit plan and related implementation programs are prepared, starting with the highest-risk areas and issues.
(4) New units and activities, restructuring projects, significant changes in the organizational structure and human resources, and inadequate audit frequency are included in the audit program as they may pose high risks.
(5) In the preparation of plans and programs, issues that the Senior Manager deems risky and wants to be given priority are also taken into account.
(6) Based on the audit results, existing risks are reviewed at the end of the year.
Internal Audit plan
ARTICLE 22 - (1) The Internal Audit plan is prepared in accordance with Article 39 of the Regulation.
(2) The Internal Audit Plan is prepared for three-year periods, taking into account the Public Internal Audit Unit Strategy Document and the Rectorate Strategic Plan, prepared by the Board in consultation with the Rectorate unit managers, to include the scope of the audit, the areas and subjects to be audited, the required workforce and other resources, and training activities. This plan is reviewed annually by the Internal Audit Department based on the results of the risk assessment and amended as necessary.
(3) The draft Internal Audit plan, prepared by a team consisting of a sufficient number of internal auditors to be appointed by the President, is discussed with the participation of all internal auditors, and the plan is finalized after the President receives the opinion of the Senior Manager.
(4) This plan prepared by the Internal Audit Unit is submitted to the Senior Manager for approval.
Internal Audit program
ARTICLE 23 - (1) The Internal Audit program is prepared in accordance with Article 40 of the Regulation.
(2) Prioritizing the most risky areas and issues, and taking into account audit costs, an Internal Audit program aligned with the Internal Audit plan is prepared in consultation with the Rectorate's unit managers and, if necessary, with employees. Internal Audit programs, which will be prepared for a period not exceeding one year, will specify the areas and issues to be audited and include a timetable, specifying the names of the internal auditors. Adequate audit resources will be allocated within the program for consulting activities deemed appropriate by the senior manager upon the proposal of the Presidency, among requests from administrative units, and for consulting activities determined by the senior manager.
(3) The procedure in Article 22 of this Directive shall be followed in preparing and finalizing the Internal Audit program.
(4) The prepared Internal Audit program is submitted to the Senior Manager for approval.
(5) Board regulations are taken as basis in the preparation of the Internal Audit plan and program.
CHAPTER SEVEN
Conducting Audit Activities
Assignment
ARTICLE 24 - (1) After the Internal Audit program is approved by the Senior Manager, the duties are notified to the internal auditors in writing by the President, taking into account the timing in the program.
(2) Internal auditors shall notify the Presidency in writing of their starting date, place and end of duty.
Joint studies involving more than one public administration
ARTICLE 25 - (1) In case of joint work of internal auditors of more than one public administration, the provisions of the General Communiqué on Public Internal Audit published by the Board shall be applied.
Audit supervisory officer
ARTICLE 26 - (1) To ensure that each audit assignment is carried out in accordance with the Public Internal Audit Standards and the Public Internal Audit Guide, the President shall assign a senior internal auditor with an A-3 or A-4 certification level as the internal audit program and audit oversight officer. If the internal audit unit lacks a sufficient number of internal auditors with a certification level, the audit oversight activity may be carried out by the President himself or by internal auditors who have attained the A-2 certification level in accordance with Article 30 of the Regulation.
(2) Those assigned as audit supervisors may be assigned to directly audit another Internal Audit activity.
Scope of surveillance activity
ARTICLE 27 - (1) Responsibility for audit supervision;
a) Whether the work plan prepared by the internal auditor is based on adequate risk analysis,
b) Whether the audit tests specified in the task work program are sufficient to achieve the audit objectives,
c) Whether the evidence to support the conclusions reached as a result of the audit is sufficient and whether additional examination is necessary,
d) Whether the tests included in the task work program have been implemented and whether the information forming the basis of the audit results has been recorded,
d) It includes the duty and authority to evaluate whether the report includes applicable recommendations and action plans and to request that necessary corrections be made.
(2) During the audit task execution and reporting phases, the recommendations of the audit supervisor are taken into consideration and necessary work and corrections are made. Any disagreements between the internal auditor and the audit supervisor are resolved by the head of the Internal Audit Unit.
Notification of audit duty
ARTICLE 28 - (1) The President shall provide written notification to the units where the audit will be conducted, including the purpose, scope, date, assigned auditor, expectations of the unit, and any other matters deemed necessary. For process audits involving multiple units, it is sufficient to submit this notification to the unit primarily concerned with the matter.
(2) This notification is not mandatory in cases where confidentiality or counting of cash and other valuable documents is required.
Preparing for and starting the audit
ARTICLE 29 - (1) The preparation phase of audit activities is called "Preliminary Work." During the preliminary work, internal auditors conduct the necessary examination and research on the subject they are assigned to and determine the purpose and scope of the audit.
(2) Internal auditors identify and evaluate existing risks and controls by collecting information about the unit or process to be audited through methods such as meetings, interviews, surveys and on-site observations that they will determine according to the audit subject.
Opening meeting
ARTICLE 30 - (1) During the preliminary work phase, the audit team will hold an opening meeting, attended by the unit manager where the planned Internal Audit activity will be conducted and the required personnel. For process audits involving multiple units, it is sufficient to hold the opening meeting with the unit officials primarily involved in the matter.
(2) In the opening meeting, the audit team, the relevant unit manager and other personnel shall discuss the purpose and scope of the audit, the methods to be used in the audit, the estimated audit duration, the personnel who will assist the audit, the expectations from the employees during the audit, the expectations of the administration from the audit, how the communication between the audit team and the unit will be carried out, the benefits of the audit, the reporting of the audit results and, if requested by the audited unit, the nature of the consultancy activity.
Work plan
ARTICLE 31 - (1) Preliminary work is completed with the preparation of a work plan that outlines all audit steps and the methods to be followed. The work plan, prepared based on the results of interviews with the relevant unit manager and other personnel, includes:
a) The aims and objectives of the audit,
b) Scope of the audit,
c) Methods for obtaining, analyzing and evaluating information during the audit,
c) Estimated audit period is included.
(2) After the work plan is prepared, the audit begins by reaching an agreement with the audit supervisor in accordance with Article 27 of the Directive. Audits are conducted in accordance with this work plan.
Conducting the audit
ARTICLE 32 - (1) The internal auditor conducts the audit activity, also utilizing audit manuals. The internal auditor is responsible for obtaining, reviewing, and evaluating sufficient and reliable information and documents related to the issues identified in the risk and control assessments to achieve the audit objectives specified in the annual audit program and work plan. The tests to be conducted during the audit should be designed to allow for an assessment of the adequacy of internal control practices, and priority should be given to the most risky areas. All tests performed should be documented in "Working Papers," specifying the method used, observations made, documents reviewed, interviews, and other steps.
(2) The work carried out by the internal auditor within the scope of the audit task is reviewed by the audit supervisor in accordance with Article 27 of the Directive before proceeding to the reporting phase. A closing meeting is held after the necessary work and corrections have been made in line with the audit supervisor's recommendations.
Worksheets
ARTICLE 33 - (1) All work carried out during the audit, such as audit preparation, risk and control assessments, tests performed, information and evidence obtained as a result of these, and reporting and monitoring activities, are documented with working papers.
(2) These working papers are used in the follow-up of audit results and in the evaluations made within the framework of quality assurance and development activities.
(3) If necessary, supporting documents may be added to the working papers.
(4) The regulations made by the Board are taken as basis in the preparation of working papers.
Closing meeting
ARTICLE 34 - (1) The audit activities, task results, and findings and recommendations included in the findings forms are discussed at a closing meeting held with the participation of the managers of the audited units. This meeting determines whether there are any significant assessment deficiencies. The discussions held at the meeting are recorded in the minutes.
Reporting of results
ARTICLE 35 - (1) The results of the audit activity are recorded in a report. The internal auditor shall clearly state in the report the opinion reached and, if not, the reasons for not reaching an opinion.
Monitoring audit results
ARTICLE 36 - (1) Recommendations and corrective measures related to the audit results indicated in the reports prepared by the internal auditors as a result of audit activities shall be implemented within the specified timeframe and in accordance with the action plan established within the framework of the agreement reached between the audited unit and the internal auditor. If implementation of the recommendations requires a certain period of time, this shall be stated in the response to the audit report, and the relevant unit shall report periodic developments to the Internal Audit Unit Directorate at least every six months until the matters included in the action plan are completed. The Director shall share with the relevant internal auditors the actions taken or reasons for not taking action by the administrative units based on the report.
(2) The findings and recommendations contained in the reports, the responses to the reports, and any issues on which consensus is not reached within the scope of the action plan, along with the audit team's opinion on these issues, are presented by the President to the Senior Manager. Implementation is carried out in accordance with the decisions made by the Senior Manager within the framework of the evaluation. These practices are also monitored by the Internal Audit Unit.
(3) The Head of the Internal Audit Unit establishes a follow-up system to monitor the implementation of audit reports and, within this scope, the implementation of corrective measures and recommendations included in the reports is ensured.
(4) Managers of the audited units shall take the necessary corrective measures regarding the recommendations contained in the audit reports. If the recommendations in the reports are not implemented and the necessary measures are not taken, the President shall inform the Senior Manager of the necessary actions and those responsible.
CHAPTER EIGHT
Consulting Activities
Nature of consultancy activities
ARTICLE 37 - (1) This refers to the evaluation of the institution's activities and operational processes aimed at achieving its objectives and making recommendations for their development. Consulting activities are services carried out without assuming any administrative responsibility, with the aim of adding value to, facilitating, improving, and providing guidance on administrative activities such as providing opinions on executive matters, providing opinions on comprehensive legislative amendments/drafts, training, analysis, evaluation, determination of performance indicators, control self-assessment, process design, and project assignments.
(2) Consultancy activities are carried out as written and unwritten activities, including emergency and special situations.
(3) Consultancy activities are carried out on the following issues:
a) Design and development of internal control, risk management and governance systems,
b) Participation in commissions established within the Rectorate for legislative changes,
c) Restructuring of the Rectorate units,
d) Participation in domestic and international projects carried out by the Rectorate units,
d) Determination of performance criteria and indicators,
e) Improving the adequacy and effectiveness of the basic business processes of the Rectorate units,
f) Giving opinions on issues concerning the public financial management and control system.
g) Participating in training activities as an instructor if deemed appropriate by the President.
(4) Consultancy activities are activities based on a formal, written audit program that includes a process and outcome, including special circumstances. Consultancy activities may also be conducted outside the program. The nature of the tasks to be conducted outside the program will be determined by the subjects specified in paragraph 3 of this article, taking into account the Rectorate's area of responsibility, and the duration allocated for outside activities in the annual program.
These periods are limited by reserve periods. These periods are determined by the Presidency in a way that does not disrupt the auditor's audit duties within the scope of the program.
(5) Requests from the Rectorate units regarding consultancy activities are forwarded to the Internal Audit Unit through the senior manager.
Principles of carrying out consultancy activities
ARTICLE 38 - (1) Consulting activities are conducted in accordance with Public Internal Audit Standards, based on a memorandum of understanding to be prepared in collaboration with the relevant unit. The memorandum of understanding shall, at a minimum, specify the objectives, scope, and duration of the consulting activity, the mutual roles and responsibilities of the Internal Audit Unit and the relevant unit, the reporting format, and how the results of the task will be monitored. A memorandum of understanding is not prepared for consulting activities that do not involve reporting (training, projects, participation in meetings as an observer, etc.).
(2) The following matters are taken into consideration in the consultancy activities to be carried out by Internal Auditors.
a) The scope of the activity is based on a clearly defined work plan.
b) The activity should not affect the independence and objectivity of the internal auditor.
c) The duration of the activity should be determined by the head of the Internal Audit Unit in a way that will not prevent the internal auditor from scoring the certificate and will not cause permanent disruption of current and future audit duties.
d) Both the head of the Internal Audit Unit and the internal auditor must exercise due diligence in ensuring that an audit cannot be conducted by the same internal auditor within one year of a consultancy activity previously carried out.
d) Internal auditors may provide consultancy services regarding administrative activities for which they were previously responsible.
e) The results of these activities should be reported to the Senior Manager by the President.
(3) The internal auditor has no executive responsibility for consulting and similar activities. The responsibility for the implementation of consulting activities rests with the managers of the relevant units.
CHAPTER NINE
Other Activities
Investigations into corruption and irregularities
ARTICLE 39 - (1) The internal auditor carries out the audit activity with the knowledge, skills and equipment to detect evidence of corruption.
(2) When a finding of corruption or irregularity is reached during the audit task, the findings and the evidence obtained are immediately conveyed to the Senior Manager through the President with a prepared report.
(3) Reports and complaints received by the Senior Manager or the Head of the Internal Audit Unit, those that fall within the scope of the internal auditors' duties, are reviewed, either within the scope of the audit program or outside of it, upon approval from the Senior Manager. Open reports and complaints that do not fall within the scope of the internal auditors' duties are forwarded to the relevant units of the Rectorate through the Senior Manager for review.
(4) Internal auditors also evaluate the ability of the existing internal control system to prevent corruption and irregularities in the examinations conducted within the scope of the program or outside the program upon denunciations and complaints.
(5) Special provisions stipulated in the legislation regarding the submission of reports on criminal acts to the competent authorities are reserved.
CHAPTER TEN
Reporting
Reporting and its principles
ARTICLE 40 - (1) The results of Internal Audit activities are recorded in the report to be prepared.
(2) Internal Audit reports cannot be given outside the institution, except to the Board, without the President's permission.
(3) The results of the audit and inspection reports and the actions taken are monitored by the President.
(4) The following principles are followed in reporting;
a) The report shall state the purpose, scope, results of the audit and the auditor's opinion.
b) Reports are written in a way that is short, clear, easy to understand and avoids repetition.
c) Reports are written in accordance with the standards determined by the Board, based on sufficient evidence, consistently and impartially.
c) An executive summary is included in each report.
d) Before the report is submitted, it is reviewed by the head of the Internal Audit Unit in terms of completeness, accuracy, objectivity, clarity and appropriateness.
e) Document samples that form the basis for the internal auditors' opinion are attached to the report.
f) Examples of good practices observed in the audited unit are included in the reports.
g) If it is later determined that the reports contain a significant error or omission, the President shall notify the parties to whom the report is distributed of the correction note written by the relevant internal auditor.
Audit reports
ARTICLE 41 - (1) Audit reports shall include, as a minimum, the purpose of the audit, its scope, method, findings, applicable recommendations, action plan, significance level of the finding and good practices, if any.
(2) The audit team submits or sends the audit findings to the unit manager subject to audit, to be responded to within a certain period of time.
(3) The findings are finalized in line with the response of the audited unit to the shared findings and the opinions received at the closing meeting.
(4)The manager of the audited unit responds to the report by obtaining opinions from employees and relevant parties when necessary and sends it to the audit team.
(5) The findings and action plans on which the audited unit agrees with the audit team are included in the audit report.
(6) If the IDB President agrees with the audited unit on findings that the audited unit disagrees with and the audit team disagrees with, the findings will be modified in accordance with the IDB President's opinion and included in the audit report. For example, if the audited unit disagrees with the audit team on the significance of a finding, but the IDB President agrees with the audited unit on this matter, the significance level of the finding will be modified in accordance with the IDB President's opinion and included in the audit report.
Regarding findings and action plans on which the audited unit disagrees with the IDB (the IDB President and the audit team), if the IDB disagrees with the audited unit's opinion on this matter, the matter is presented to the senior manager as a matter of disagreement. Action is taken in accordance with the senior manager's instructions.
If the senior manager agrees with the internal audit team regarding the disagreement, an action plan is obtained from the audited unit regarding the disagreement, and the findings are finalized. If the senior manager agrees with the findings but proposes a different proposal regarding the disagreement, the findings are amended accordingly, and an action plan is obtained from the audited unit.
The audit team prepares an audit report, incorporating the responses received from the audited unit and their assessments, and submits it to the Senior Manager through the Presidency. The head of the Internal Audit Unit is responsible for distributing the audit report to the relevant parties.
(7) After the reports are evaluated by the Senior Manager, they are given to the units specified in the report and to the Strategy Development Department as necessary.
(8) The head of the internal audit unit monitors whether the measures specified in the audit report have been taken.
(9) The actions taken or reasons for not taking any action based on the report are sent by the audited units to the Internal Audit Unit to be reported to the audit team.
(10) Internal Audit reports and actions taken on them are sent to the Board by the Senior Manager within two months from the date the monitoring results are finalized.
Audit opinion
ARTICLE 42 - (1) An audit opinion is the general conclusion reached regarding the matters subject to audit, in accordance with the purpose and scope of the task, based on the information and evidence gathered during the audit. This opinion provides the senior manager and the head of the audited unit with information about the general status of the audit area.
(2) The audit opinion formed should in all cases be based on sufficient, reliable and relevant information and should be expressed as positively as possible.
(3) In order to give an audit opinion, it is necessary to determine the tests that need to be performed regarding the issues included in the content of the opinion, both during the preliminary studies and the field work.
Procedures and principles regarding the formation of audit opinions
ARTICLE 43 - (1) One of the important criteria taken into consideration in forming the audit opinion is the number and significance level of the findings.
(2) The Internal Audit Unit assesses the significance level of findings in four categories: Critical, High, Medium, and Low. Within this framework, the following are identified as a result of an audited activity:
a) Critical findings: All findings that would prevent the activity from being carried out or the delivery of the desired output, product, or service are considered in this group. These are findings that, when assessed for their risks and impacts, could result in loss of life or harm to physical integrity, or the cessation of the organization's operations or significant financial losses.
b) High-importance findings: Findings that could cause long-term delays or serious problems in the execution of an activity are considered in this group. These findings, when assessed for their risks and impacts, are likely to disrupt the institution's operations or cause significant financial losses.
c) Medium significance finding: Findings that affect the quality of the activity's outputs and may cause delays and problems in its execution are evaluated in this group.
d) Low significance finding: Findings that do not affect the general functioning of the activity but are intended to provide a better service are evaluated in this group.
(3) The audit opinion to be given for the processes or activities audited in the Rectorate, taking into account the definition and second paragraph of the 42nd article of the Directive and the explanations and rules specified for the codes, based on the basic principles specified in the first and second paragraphs of this article, will be classified as follows with codes 1-5.
a) 1 – Beginning
b) 2 – Limited/Unsystematic
c) 3 – Open to development
c) 4 – Sufficient
d) 5 – Advanced
a) 1-Beginning:
Explanation: The need for internal control has been recognized. There is a haphazard and individualized approach to identifying risks and controls. Control weaknesses are not identified. There are inadequacies in defining responsibilities for controls.
Rules: In order for a “1 – Initial” assessment to be made regarding the audited activity, there must be two or more critical findings.
b) 2 – Limited/Unsystematic
Explanation: While controls are implemented, documentation is lacking. The effectiveness of controls varies depending on the knowledge and motivation of the individuals involved. Control effectiveness is not being evaluated. Control weaknesses are not fully identified and prioritized. Responsibilities for controls are only partially defined.
Rules: In order for a “2 – Limited/Unsystematic” assessment to be made regarding the audited activity, there must be one critical or two or more high significance findings.
c) 3 – Open to development
Explanation: Controls are implemented and adequately documented. The effectiveness of controls is regularly verified. However, this evaluation process is not documented. Management is largely able to monitor controls, but some issues may be overlooked. Employees are aware of their responsibilities regarding controls.
Rules: In order for a “3 – Open to improvement” assessment to be made regarding the audited activity, there must be no findings of critical importance and at most one finding of high importance.
c) 4-Sufficient
Description: An effective risk management and internal control environment exists. A written and regularly conducted control assessment process is in place. Management is able to quickly identify control-related issues and pursue them in a prioritized and consistent manner.
Rules: In order for a “4 – Sufficient” assessment to be made regarding the audited activity, there must be no critical, high or medium level findings.
d) 5-Advanced
Description: Risk and control assessment activities are conducted in an integrated manner at the corporate level. Controls are continuously monitored and implemented with IT support. Root cause analyses are conducted in areas where problems are identified, enabling realistic solutions to be developed. Employees actively participate in the development and improvement of controls.
Rules: In order for a “5 – Advanced” assessment to be made regarding the audited activity, there must be no findings.
(4) If an activity is conducted nationwide and audited within the scope of the audit mandate, an opinion on it must be drawn from a sample sufficient to reflect the overall situation in the country. Otherwise, a misleading opinion may be issued. If, due to a lack of resources, a sample sufficient to reflect the overall situation in the country cannot be drawn, the opinion expressed must be limited to the units tested.
Consulting and review reports
ARTICLE 44 - (1) A consultancy and examination report is prepared in the following cases:
a) Consultancy Report: Reviews and research conducted within the scope of consultancy activities.
b) Inspection Report: Investigations conducted regarding the reporting of corruption and irregularities encountered during the audit.
(2) The following information is included in reports regarding consultancy activities;
a) The purpose, nature, scope of the task, expectations of those requesting consultancy services and the duration of the task,
b) Whether the task is performed within the scope of the annual program or upon a request outside the program,
c) Studies and analyses conducted, methods used, expert advice and assistance received,
d) Determinations, evaluations, opinions and recommendations made as a result of the task,
d) Problems that are outside the scope of duty but are identified regarding internal control, risk management and management processes and are deemed necessary to be reported to senior management,
e) Risk and control information obtained during the task and that can be evaluated in subsequent audits,
f) General evaluation and conclusion.
(3) The following matters are included in the investigation reports prepared regarding irregularities and corruption;
a) Findings, evidence and other information regarding irregularities and corruption,
b) Statements of those whose information was sought,
c) The nature and extent of irregularities and corruption,
d) Conclusions, recommendations, precautions to be taken and other actions to be taken within the framework of the determinations and evaluations,
d) Risk and control information that are determined in connection with the subject of the review and can be evaluated in the preparation of the audit program, and the auditor's opinion on them.
Annual Internal Audit activity report
ARTICLE 45 - (1) As a result of the Internal Audit activities, the Presidency prepares an annual Internal Audit activity report.
(2) The Internal Audit activity report prepared by the Presidency is submitted to the Senior Manager, and this report is sent to the Board by the Senior Manager by the end of February each year.
(3) The Public Internal Audit Guidelines shall be followed in preparing and presenting the Internal Audit activity report.
Review of reports
ARTICLE 46 - (1) Prepared reports are reviewed by the President before being sent to the relevant units. This review will only examine clear non-conformities to legislation, material errors, and other formal deficiencies.
(2) The President's findings regarding the above-mentioned matters are reported to the relevant internal auditor for necessary changes and corrections. The internal auditor makes the necessary corrections within the given timeframe and submits the report to the Presidency.
CHAPTER ELEVEN
Management and Development of Internal Audit Unit Resources
Management of Internal Audit Unit resources
ARTICLE 47 - (1) The President is responsible for managing the resources required for the Internal Audit Unit. The President manages the Internal Audit Unit's budget and provides all resources, including appropriately qualified personnel, required for auditing.
In-service training
ARTICLE 48 - (1) Internal auditors shall receive a minimum of one hundred hours of in-service training over a three-year period. The in-service training provided by the Internal Audit Unit shall be distributed throughout each year to the extent possible. In-service training should also include matters related to administrative developments and changes.
(2) Thirty hours of in-service training are provided by the Ministry of Finance under the coordination of the Board. The remaining time is programmed by the Internal Audit Unit according to the needs of the Rectorate, in accordance with the Board's training regulations.
(3) The Internal Audit Unit may, when necessary, organize courses, seminars, and similar activities in collaboration with professional organizations, universities, and other institutions and organizations active in the scientific field. In-service training activities are included in the Internal Audit plan and program.
(4) In-service training programs are announced to internal auditors at least one month in advance.
(5) Those who start working as internal auditors are given orientation training for not less than one week.
Rating in Internal Auditing
ARTICLE 49 - (1) ) The scoring for the certification is determined by the senior manager upon the President's proposal. The public internal auditor certificate is graded by the Board upon the Senior Manager's proposal, taking into account the internal auditor's competence, professional knowledge, and representational skills, as well as seniority and position requirements. The senior manager makes his/her assessments regarding the scoring in accordance with the Board's regulations, taking into account the internal auditors' work, participation in in-service training activities, and success.
(2) If no rating is made despite the seniority order and staff conditions being met, the reasons for this shall be notified in writing to the relevant internal auditor and the Board.
(3) The regulations to be made by the Board shall be followed in determining the seniority of internal auditors at the same certification level.
(4) Public internal auditor certificate degrees are taken into account in determining the personal rights of internal auditors and in planning their careers.
Assignment appropriate to the certificate degree
ARTICLE 50 - (1) Activities of the Rectorate subject to Internal Audit are classified by the Internal Auditor's Office based on their subject matter and processes. It is essential that the audit and application areas of internal auditors be changed. Internal auditors cannot be assigned to the same audited unit for three consecutive years.
(2) Internal auditors are assigned in accordance with their certification levels and the experience they have gained during their work.
(3) Internal auditors at A-1 and A-2 certification levels conduct compliance audits, financial audits and system audits.
(4) Internal auditors at A-3 and A-4 certification levels additionally conduct performance audits and audit supervision activities.
(5) Information technology audits are conducted by internal auditors who have specialized expertise in this field or who have received sufficient training in this field. The Board may impose additional certification requirements for information technology audits.
(6) Monitoring audits to be conducted regarding the results of the audit must be carried out by internal auditors who have the certification levels applicable to the audit type in question.
(7) In team assignments, the internal auditor with the highest certification level is taken into account.
(8) Consultancy activities are carried out by internal auditors who have reached the A-2 certification level and internal auditors with A-3 and A-4 certification levels, in accordance with Article 30 of the Regulation.
(9) If there is no internal auditor with a sufficient certification level, the audit supervision activity may be carried out by the head of the Internal Audit Unit or internal auditors who have reached the A-2 certification level in accordance with Article 30 of the Regulation.
(10) If the audit activity to be performed covers more than one area or if the scope of duty is broad enough to require the work of more than one internal auditor, the audit may be performed by a group of internal auditors with different certification levels.
(11) In the joint work of internal auditors on matters concerning more than one public administration, the regulations of the Board shall be complied with.
Developing professional competence
ARTICLE 51 - (1) The Chief Executive and the President shall provide a suitable environment for internal auditors to develop their professional qualifications specified in Articles 31 and 32 of the Regulation.
(2) For this purpose, in addition to developing the knowledge, skills and qualifications specified in the Regulation, internal auditors are provided with the necessary opportunities to participate in all kinds of training, conferences and seminars related to Internal Auditing.
(3) The Internal Audit Unit organizes in-service training programs within the framework of Article 33 of the Regulation.
(4) The Chief Executive and the President shall create the necessary facilities and institutional infrastructure for internal auditors to obtain international internal auditor certificates; and ensure that internal auditors receive assistance from experts with the necessary knowledge, skills and experience in the specific areas of expertise they will need while performing their duties.
Quality assurance and development program
ARTICLE 52 - (1) A quality assurance and development program is established to evaluate all aspects of internal audit activities and ensure they are carried out in accordance with public internal audit standards and professional ethics. The relevant regulations of the Board shall be complied with in the development and implementation of the program.
(2) Within the framework of the quality assurance and development program;
a) Compliance of Internal Audit activities with relevant legislation, public Internal Audit standards and professional ethics rules,
b) The extent to which Internal Audit activities support institutional development and improvements,
c) Whether internal auditors utilize best internal audit practices,
d) The professional care and attention shown in carrying out the activities and the professional development levels of the internal auditors,
It is reviewed and evaluated.
(3) Quality assurance and development activities;
a) Continuous internal evaluations carried out within the framework of internal monitoring activities,
b) Annual internal evaluations added to the annual Internal Audit activity report,
c) It consists of external evaluations carried out by the Board every five years.
(4) The results of the evaluation carried out within the framework of quality assurance and development programs are presented to the Senior Manager and published in the annual Internal Audit activity report.
(5) In order to increase the effectiveness of Internal Audit, audit activities can be evaluated through surveys conducted in the audited units.
CHAPTER TWELVE
Other Matters
Responsibility of audited units
ARTICLE 53 - (1) All records, information and documents regarding activities and transactions are regularly kept by the central and provincial units of the Rectorate.
(2) The officials of the audited units are obliged to submit all kinds of information and documents, including those in electronic media, regarding the financial management and control systems and the preparation, implementation, finalization, accounting, reporting of the budget and non-financial transactions and activities to the internal auditors, to provide all kinds of written and verbal information regarding the audit, to take measures to ensure the proper performance of the task and to provide all kinds of assistance and facilities, including the provision of physical conditions and equipment.
(3) The Internal Audit activity is postponed until the end upon the request of the Internal Auditor, except for the use of leaves granted to the officers of the units subject to Internal Audit activity, illness and similar force majeure reasons.
(4) Internal Audit activities do not relieve the audited unit management of their responsibilities regarding the establishment, implementation and development of risk management, control and management processes within their own field of duty.
Relations with the Board
ARTICLE 54 - (1) In Internal Audit activities, the standards, guidelines, principles, procedures and other regulations determined by the Board shall be complied with.
(2) Cooperation with the Board is ensured on issues such as ensuring and maintaining the functional independence of the Internal Audit system, sharing information, resolving differences of opinion, disseminating examples of good practice, and monitoring the implementation of Board decisions.
Relationships with external audit and other audit units
ARTICLE 55 - (1) The necessary cooperation with external audit is provided by the President within the framework of the policies determined by the Board on matters such as audit planning and coordination, preventing duplicate audits, increasing efficiency in auditing, joint training opportunities and mutual access to information and documents related to audit activities.
(2) Relations between the Internal Audit Unit and the Court of Accounts are carried out within the following framework:
a) Communication and coordination between the Court of Accounts and the Internal Audit Unit is ensured by the President.
b) Due to the possibility of their sensitive content, the working papers of the Internal Audit Unit are provided to the Court of Accounts only upon request by the President of the Court of Accounts.
c) The Senior Manager is responsible for the reports prepared by the Internal Audit Unit and submitted to the Senior Manager. When the Court of Accounts requests access to such reports, the request is directed directly to the Senior Manager.
(3) The President ensures the necessary cooperation with other inspection and audit units that carry out inspection, investigation and similar activities within the framework of the principles determined by the Board.
Education and academic study abroad
ARTICLE 56 - (1) Internal auditors may be provided with postgraduate education, examination and internships at home and abroad in order to follow professional and scientific developments, to conduct research on subjects deemed appropriate by the Rectorate and to improve themselves.
(2) Internal auditors, for assignments other than postgraduate education abroad, prepare a report regarding the inspection and internship within 3 months upon their return to the country.
Internal Audit software program
ARTICLE 57 - (1) In the Internal Audit Unit, Internal Audit activities and audit management activities are mainly carried out through the Public Internal Audit Software (İçDen).
(2) Internal Audit reports are sent to the Board via (İçDen) in accordance with the Board's regulations.
ID document
ARTICLE 58 - (1) Internal auditors are given an identity document signed by the Rector and the Senior Manager, stating their title and authority.
Communication, correspondence and file organization
ARTICLE 59 - (1) It is essential that all correspondence, except for the preliminary work during the audit task, the application of tests (field work) and the sharing of findings, be made through the Internal Audit Unit.
(2) Internal auditors keep the temporary duty travel notifications and the letters sent from the Presidency or other units in their special files.
(3) Internal and external correspondence conducted by the Presidency is managed through the electronic document management system. However, for correspondence deemed inappropriate for entry into the electronic document management system due to the nature of the task, an incoming and outgoing document log and an approval log are also kept within the Presidency.
(4) Correspondence between the Presidency and internal auditors may be conducted electronically. Internal auditors shall include their certificate numbers before the numbers they will use in their correspondence with the Presidency and other units.
(5) Each page of the reports sent by the Presidency outside the institution shall be sealed with the Presidency's seal. Otherwise, no seal shall be used in Internal Audit reports.
Signing and reviewing the directive
ARTICLE 60 - (1) This Directive is reviewed annually by the internal audit unit and the changes made in line with the needs are submitted to the senior management for implementation after receiving the approval of the Board.
Cases where there is no provision
ARTICLE 61 - (1) In cases where there is no provision in this directive, the regulatory procedures of the Internal Audit Coordination Board regarding the matter shall be taken into account.
Force
ARTICLE 62 - (1) This Directive shall enter into force when it is approved by the senior manager with the approval of the Board.
Executive
ARTICLE 63 -(1) The provisions of this Directive shall be enforced by the Senior Manager.
Mersin, 18/11/2014
Prof. Dr. K. Süha AYDIN
Rector