MILLIRE_2019_Annual Report

Milli Re Annual Report 2019 83 Activities and Major Developments Related to Activities Financial Status Risks and Assessment of the Governing Body Unconsolidated Financial Statements Together with Independent Auditors’ Report Thereon Consolidated Financial Statements Together with Independent Auditors’ Report Thereon General Information Financial Rights Provided to the Members of the Governing Body and Senior Executives Research & Development Activities Information Technologies Risk This risk expresses the probable losses arising in Information Technology (IT) processes, assets and resources that constitute the entire hardware, applications and communication channels used in operations, due to internal and external problems occurring in operations and processes such as strategy management, cost management, human resources management, risk management, incident and problem management, information security, back up process, procurement process, supplier selection and assessment, user identification and access management, critical resources management, data security, integrity and availability, acquisition and modification of software and hardware, test and version management, service quality and continuity, business continuity, disaster and configuration management, environmental and physical factors management. Risks related to Company’s information technologies are measured and assessed based on Control Objectives for Information and Related Technologies (COBIT), which is an international framework for IT management, as well as other internationally accepted practices, in accordance with the provisions stated in Information Technology Risk Management Application Principles. On the other hand, Disaster Management process, defined with the purpose of governing and monitoring sub-risks in relation to Business Continuity and IT Continuity, is carried out in accordance with the provisions of related legislation. An internal training is organised and a test study is performed annually within the context of Disaster Management. In this regard, for business processes and information systems a test study was performed in Disaster Office on 14 December 2019, providing connections through the Company’s servers located in Disaster Centre located outside of Istanbul. According to the results of this study which was performed by displaying and entering the data, it was confirmed that IT resources related to critical processes and data stored in these resources were accessible in conformity with recovery point objectives. All findings obtained as a result of measurement of the above as far as Fire and Natural Disasters Insurance is concerned, there has been increase in the premium production especially from the commercial and industrial risks due to the exchange rate movements and inflation mentioned risks, analyses and assessments in respect of these findings are regularly reported by Internal Control and Risk Management Department to General Manager, Risk Committee and Board of Directors, as well as to Subsidiaries Division of İşbank. If the impact and probability levels of the risks are found “High”, the Board of Directors determines an action plan regarding the necessary actions.