Founded in 2012, Zorlu Holding’s Enterprise Risk Management Department is responsible for the early detection of risks which could jeopardize the existence, development and continuity of Zorlu Group companies, implementation of necessary measures against detected risks and the management of risks in a centralized structure. In this regard, the Zorlu Holding Risk Policy and Procedure and Enterprise Risk Management Framework were established to govern all Zorlu Group companies.
Zorlu Holding Enterprise Risk Management Policy is summarized below:
Goal Setting | Embedding risk management principles into strategic planning and goal setting processes |
Aligning the strategy and goals set with the Company’s risk appetite | |
Risk Definition | Identifying the risks and opportunities which may affect the Company’s goals with the participation of the entire organization in a coordinated manner and within the framework of a shared perception |
Risk Assessment and Inherent Risk | Assessing the probability of risks and their impact on the Company in case of their occurrence |
Determining the value of risk before the actions taken and control activities, i.e. inherent risk | |
Determining Actions | Addressing the risks in the most appropriate way (Accepting the Risk, Transferring the Risk, Mitigating the Risk, Avoiding the Risk) by taking into consideration the risk appetite and cost/benefit factors |
Determining actions in line with the responses identified and managing the risks proactively | |
Residual Risk and Action Plan Follow-up | Determining the value of risk after the actions taken, i.e. residual risk |
Monitoring the completion process of the activities specified in action plans | |
Reporting and Communication of Risks | Prioritizing the revealed risks and tracking them using the Key Risk Indicators |
Measuring and reporting the key risk indicators which give warnings and all other risks taking into consideration the control points | |
Sharing all activities transparently and ensuring that risk management process is integrated into the decision-making mechanisms with the establishment of a culture of risk awareness across the entire organization |
More information on risk management can be found in the Company’s annual reports.
As is the case for all Zorlu Group Companies, the internal audit of Vestel Group Companies is carried out by the centralized Internal Audit Department operating within Zorlu Holding since 2000. The Internal Audit Department carries out the board approved audit programs in line with the International Internal Audit Standards and legal requirements and shares the results of its audits through both the audit reports prepared after each audit and the annual reports detailing all the audit and control activities conducted throughout the year with the Board of Directors, the Audit Committees where applicable, and the Group CEOs.
In addition to the Internal Audit Department, Financial Audit and Tax Audit Departments were established in 2011 in order to perform financial audits across all Group companies, which commenced their activities in 2012. In the last quarter of 2013, the Internal Audit and Financial and Tax Audit Departments were gathered under the umbrella of Zorlu Holding General Directorate of Audit and Internal Control. In accordance with the changing needs of Zorlu Group, the Tax Audit Department was restructured as Tax Audit Directorate as of 1 December 2015 while the Internal Audit Department was restructured into two distinct Directorates, namely, the Internal Audit Process Oversight and Internal Audit Inspection Oversight as of 1 January 2016. Upon completion of the organizational restructuring in 2017, the General Directorate of Audit and Internal Control was divided into two separate departments, namely the General Directorate of Audit and the General Directorate of Internal Control and the General Directorate of Internal Control became responsible for the internal control activities and began functioning as an independent department as of January 1, 2018.
The purpose, authorizations and responsibilities as well as the operating principles and structure for the internal audit activities have been defined by a series of board-approved documents circulated across Group companies, such as the “Audit Regulation” and the “Internal Audit Working Principles”.
Process audit activities are carried out in line with a board-approved, risk-based annual audit program to evaluate resource usage efficiency, adherence to written rules (laws, regulations, internal policies and directives), and information accuracy, security and reliability. Prior to each audit, internal auditors meet with senior management for risk assessment where the risks which could jeopardize the Company’s targets are positioned on a risk matrix based on their potential impact and probability of occurrence. During audit field work, tests are carried out to evaluate the effectiveness of internal controls which monitor risks with high impact and high probability of occurrence. The results of the observations are shared with the company management in the form of a draft report, and then a final report, including the feedback of the management, is sent to top management. As a result, the department provides consultancy services with reasonable assurance while offering best practices drawing from synergy within the Group. One month after the issue of the final report, actions taken in line with the 4T approach (Treat, Terminate, Transfer, Tolerate) are reported to the Board of Directors.
Internal Audit Department organizes periodic meetings with the Audit Committee throughout the year. In these meetings, participants evaluate planned and actual audits, consultancy and special audits, etc. for the year, share findings, review action plans, follow-up results based on these findings, and review plans for the upcoming period.
The Financial Audit and Tax Audit units have been carrying out their activities at Zorlu Group companies since 2012.
These departments ensure that the Group companies’ balance sheets and income statements used for financial and tax reporting purposes are in conformity with the uniform chart of accounts, tax legislation and audit standards and provide reasonable assurance to the Board of Directors in these areas.
Audit findings are reported to the Company executives and senior management.
When deemed necessary, the Tax Audit Department also provides advisory services with reasonable assurance to Group companies against potential tax risks.
In addition, the Financial Audit team reviews the CMB-compliant financial reports of the listed Group companies and shares its comments with the related departments.
More information on internal audit can be found in the Company’s annual reports.
As is the case for all Zorlu Group Companies, the internal control function for Vestel Group Companies is carried out in a centrally coordinated manner by the Internal Control Department established within Zorlu Holding, which has been serving the Zorlu Group Companies since 2017. The Internal Control Department has assigned a specific internal control team for the Vestel Group Companies.
The purpose, duties and authorities of the Internal Control Department, as well as the operating principles and the applicable professional and ethical rules, have been defined in the documents such as the “Internal Control Regulation” and “Internal Control Handbook” and shared with the relevant managers.
The mission of the Internal Control Department is to coordinate the development and maintenance of an internal control system, which will ensure the effective implementation of a target-driven, consistent and integrated risk management across Group companies and enable the Group companies to share, replicate, disseminate and implement “good practices”.
The Internal Control Department assists managers and employees in determining the areas which require improvement in the processes and internal control system, identifying the necessary steps to be taken, implementing the actions determined and in the regular follow up of the results. It also provides guidance to managers and related employees on these issues. All the relevant managers and employees contribute to the establishment, execution, monitoring and evaluation of the internal control system and in the implementation of the necessary measures.
The Internal Control Department prepares an annual risk-based internal control work plan and carries out its activities with a systematic, continuous and disciplined approach. The risk-based evaluations by the Internal Control Department; requests of the Board of Directors and management; the findings of the Audit Department regarding the internal control activities and corporate risk maps are taken into account in the formulation of the internal control work plan. The annual internal control work plan is submitted to the CEO and the Board of Directors for approval.
During the year, periodic meetings are held between the Internal Control Department and the management. In these meetings, participants evaluate the planned and actual internal control activities for the year, share their findings, assess action plans and follow-up results based on these findings and review plans for the upcoming period.
More information on internal control activities can be found in the Company’s annual reports.