Information Systems Audit

Home

Information Systems

Information technology (IT) is extensively utilized across multiple sectors, particularly in the banking industry. The rise of digital services and the shift toward “from institution to home” service models have accelerated digitalization, making the majority of financial and regulatory transactions dependent on IT systems.

In today’s environment, where money and personal data are digitized, organizations have adapted to the mobile economy, performing thousands of transactions in seconds through advanced information systems.

This reliance on technology has also created a dependency for both organizations and employees: service delivery to clients is contingent on uninterrupted access to IT systems. This highlights not only the critical importance of information systems for organizational operations but also the necessity of auditing these systems to ensure their reliability and integrity.

Information technology audits in Türkiye are conducted in accordance with the regulations issued by the Banking Regulation and Supervision Agency (BDDK), ensuring that IT systems within financial institutions operate securely, efficiently, and in compliance with applicable standards.

Murat ŞAHİN

IT Consultant

Businesses Subject to Independent Audit of Information Systems in the Capital Markets

Under the Capital Markets legislation, entities subject to independent IT audits are defined in Article 30 of the Communiqué on Independent IT Audit (III-62.2). The requirements are as follows:

  • Borsa İstanbul A.Ş., İstanbul Settlement and Custody Bank A.Ş., Central Registry Agency (MKK), stock exchanges, market operators, organized marketplaces, central clearing institutions, central custody institutions, and data storage organizations are required to undergo an independent IT audit annually.

  • Partially and Fully Authorized Brokerage Firms, as well as portfolio management companies with a minimum paid-in capital requirement exceeding 5 million TRY, must conduct an independent IT audit every two years.

  • Portfolio management companies with a minimum paid-in capital of 5 million TRY or less, along with the Capital Markets Licensing Registry and Training Agency (SPL), are required to perform an independent IT audit every three years.

These requirements ensure that critical information systems within capital market institutions operate reliably, securely, and in compliance with regulatory standards.

Information Technology Management & IT Audit

Information Technology Management

In recent years, the storage and utilization of information in electronic environments has become widespread, creating the need for organizations to address both technological requirements and specialized expertise. Companies that fail to invest in innovative technologies or lag behind current developments face competitive disadvantages. Today, organizational growth is closely linked to the effective use of information technology (IT). Furthermore, operational and service-related costs can be significantly reduced through IT, while simultaneously enhancing service quality.

The strategic importance of IT within organizations has led to its integration into corporate structures, increasing the presence of IT personnel across institutions. IT staff can generally be categorized into four main groups, often aligned with human resources departments:

  • Administrative Staff: Coordinators, department heads, group managers, managers and assistant managers, supervisors and assistant supervisors, clerks.

  • Software Staff: System programmers, analyst programmers, specialist programmers, application developers, database administrators, system analysts, and database management system specialists.

  • Operations Staff: Operations supervisors, system operators, data entry operators, assistant operators, communication specialists, and network operators.

  • Hardware Staff: Maintenance engineers, maintenance technicians, and technician assistants.

Information Systems Audit

According to the Banking Regulation and Supervision Agency (BDDK), IT audit is defined as:

“A process that encompasses the evaluation of information system elements—including processes, activities, software, and hardware—related to banking operations, as well as the assessment of internal controls established within these systems, culminating in the formulation of opinions and reporting.”

In broader terms, IT audit involves the systematic examination of the technologies and information systems employed by an organization. This includes reviewing research, development, methodologies, and management practices, identifying control points, evaluating the current state of implemented systems, and determining opportunities for improvement. The IT audit process ensures that information systems operate effectively, securely, and in alignment with organizational objectives.

Bu Site Size Daha İyi Bir Hizmet Verebilmek İçin KVKK Kapsamında Çerezler Kullanır.

OK