MILLIRE_2019_Annual Report

Milli Re Annual Report 2019 32 Internal control system has an important role in ensuring continuation of the Company’s operations within efficiency, productivity, compatibility and reliability principles. The purpose of the internal control system is to ensure that the Company assets are well protected, activities are carried out efficiently and effectively and in compliance with regulations, Company policies, rules, and precedents of insurance business, to enable reliability and integrity of accounting and financial reporting system, and prompt accessibility of data. In this regard, internal control activities are designed to encapsulate transactions in respect of Company’s operational activities, communication channels, information systems, financial reporting system and conformity controls. Internal control activities are carried out in accordance with the provisions of “Regulation in respect of Internal Systems of Insurance, Reinsurance and Pension Companies” published in the official gazette dated 21 June 2008 and numbered 26913 and in compliance with Company’s related internal regulations. “Control Centre” has been structured through “Internal Control and Risk Management Department” which was established in order to perform internal control activities, and “Control Environment” has been structured through assignment of Company employees within the scope of these activities. The Control Group consists of 24 people, of whom 3 are located in the control centre and 21 are located in the control environment. Activities Conducted from Control Centre Workflows, duties and responsibilities, authorities and limits related to Company activities are documented and communicated to all employees; they are reviewed and updated in line with the changing conditions and risks. The personnel have complete, accurate and up to date information associated with their duties and responsibilities. Control activities cover the entire business processes and operations of the Company. Business processes and the processes related to information technologies, risks related to these processes are identified in a written form, and controls for the identified risks are established. Control activities are carried out according to the frequency of business processes and in accordance with the principles set out in the annual Internal Control Plan. Findings ascertained as a result of controls, assessments in respect of these findings and recommendations regarding the actions to be taken for the elimination of findings are monthly reported to General Manager by Internal Control and Risk Management Department via Internal Control Reports. The outcomes of internal control activities are also monitored regularly by the Board of Directors. Authority identifications of system users are conducted in accordance with “segregation of duties” principle. Besides, actions that are performed by users within these authorisations, log records of actions in respect of critical transactions are controlled through reports received from log management system instantly and on a daily basis, and conformity to segregation of duties principle is reviewed systematically. Moreover, following the approval of the relevant business unit, transactional authorities that users requested INTERNAL CONTROL