Upload File

lessons from a fraud case in turkey

prev
next
out of 2
Download Lessons From a Fraud Case in Turkey

Upload: jbascribd

Post on 04-Apr-2018

216 views

Category:

Documents


0 download

Report

TRANSCRIPT

  • 7/29/2019 Lessons From a Fraud Case in Turkey

    1/2

    Copyright 2008 ISACA. All rights reserved. www.isaca.org.

    JO U R N A L ON L I N E

    The Imar Bank Case

    The collapse of the Imar Bank in 2003 was not a big

    surprise to Turkeys f inancial markets. From 1999-2003, more

    than 25 banks were transferred to the Savings Deposit

    Insurance Fund for liquidation. The Imar Bank had been on

    the watch list of the supervisory authority for about 10 years,

    as its loan portfolio, characterized by an exceptionally

    connected lending practice, consisted mainly of loans to

    companies owned by the main shareholder group. The bank

    had severe problems when the licenses of two power

    companies, which provided the cash flow of the main

    shareholder group, were revoked. Depositors ran on the bank

    and this resulted in more liquidity problems. The Banking

    Regulation and Supervision Authority(BRSA) revoked the license of the bank

    because it did not take the required

    measures and failed to fulfill its obligations

    in a timely manner. At that time, all deposits

    were under the coverage of deposit

    insurance. It appeared to be an ordinary

    takeover, as it was a small bank.

    However, the real scale of the problem

    and an unexpected type of fraud were realized when the

    BRSA examined the case to finalize the exact amount to be

    paid to depositors. The examination revealed that there were

    discrepancies between the official deposit balances and actual

    balances. Total deposits of the bank amounted to TL 753million (approximately US $500 million), according to the

    last daily balance sheet prepared and sent to BRSA by the

    bank. However, based on the examination, the real amount

    was much higher than the amount reported. The actual

    amount was TL 8.1 billion (more than US $5 billion)more

    than 10 times the reported amount.

    The examinations revealed that the banks information

    technology (IT) firm, which was a group company that solely

    did business with the bank, had partly deleted and damaged

    the magnetic records of the bank during the takeover. A

    double record-keeping system was discovered: one official,

    one unofficial. That is to say, the bank had a double

    accounting system where the true information existed at thebranch level, but headquarters falsif ied it and then reported it

    to BRSA. All previous onsite examinations were also done

    through the fake records.

    It has been a painstaking struggle for the government to

    clean up the mess. First, information and documents obtained

    from all branches were collected at a single center and

    examinations were initiated for the determination of real

    depositors. Deposits were paid to more than 300,000

    depositors by the insurance fund. However, investors who

    bought government bonds were not paid at that time, because

    those were not deposits and were not covered by the

    insurance. In 2007, a law was enacted by the parliament thatrequires the Treasury to make payments to bond holders.

    In essence, this is an example of a financial fraud where IT

    systems were directly used to hide and manipulate data. There

    is a lot to learn from this costly example, and it shaped the

    actions taken by BRSA in the years since.

    Lessons Learned

    The fraud resulted in lessons learned in the following areas:

    Internal controlsInternal controls are more important for

    financial institutions because they deal with other peoples

    money. In 1998, the Basel Committee set principles for

    internal control. Principle 6 (segregation ofduties), principle 8 (independent monitoring

    of data systems) and principle 11 (internal

    audit) are particularly important in this

    context. Accordingly, there should be

    appropriate segregation of duties and

    personnel should not be assigned

    conflicting responsibilities. An effective

    internal control system requires reliable

    information systems that cover all significant activities of

    the bank to be in place; there should be effective and

    comprehensive internal audits of the internal control system

    carried out by operationally independent, appropriately

    trained and competent staff. In 2006, BRSA published newlegislation, annulling the old one, which regulates internal

    control and the audit of banks in detail.

    Corporate governanceCorporate governance, an essential

    aspect of internal controls, is a set of processes and policies

    that companies direct and control. Considerable attention is

    being given to corporate governance all over the world,

    especially after the collapse of a number of large US firms,

    such as Enron and WorldCom. In Turkey, the new Banking

    Law enacted in 2005 mentions corporate governance 10

    times and includes a section on regulating the basics of

    corporate governance. According to the Banking Law, the

    board of directors should have adequate professional

    experience to be able to satisfy the requirements laid downin the corporate governance provisions of the Banking Law

    and perform the planned activities. Additionally,

    implementation of corporate governance principles is

    considered by BRSA in granting operation permission,

    opening branches, and determining the banks minimum or

    maximum standard ratios.

    External controlsExternal controls may be as important

    as internal controls, and they need to be regulated.

    Generally, the function of the external auditor is to certify

    that the financial statements reflect the true financial

    Lessons From a Fraud Case in TurkeyBy Mustafa Ayaz, CISA

    This is an example of a

    financial fraud where

    IT systems were directly used

    to hide and manipulate data.

  • 7/29/2019 Lessons From a Fraud Case in Turkey

    2/2

    position and performance of the bank. At this point,

    harmonization of accounting rules is very important. Within

    the last couple of years, Turkeys accounting standards have

    become almost completely harmonious with international

    accounting standards and best practices. The quality of

    external audits also depends on the quality of the auditor.

    External auditors are to be licensed by BRSA to conduct

    audits in banks, and any misconduct may lead to

    cancellation of the license.

    IT auditIn essence, the previously mentioned case was anIT-related financial crime. The bank management used the

    subsidiary technology company to conceal the true data of

    the bank. Hence, BRSA has strictly regulated the operation

    of banks outsourcing activities. According to the Banking

    Law and relevant regulations, banks cannot outsource basic

    operations without prior authorization, and outsourcing does

    not discharge the responsibility of the board of directors.

    Another big step is independent IT audit. Independent audit

    companies conduct IT audits in banks operating in Turkey to

    prevent the risks related to repeated information systems or

    double registry systems and test basic application controls.

    Moreover, BRSA is planning to conduct onsite IT audits in

    banks starting in 2008, with a team of 18 ready to go, seven

    of whom already hold the Certified Information Systems

    Auditor (CISA) designation.

    Conclusion

    Technology is developing and changing very rapidly. This

    rapid change leads innovative forgers to come up with newmethods to break the rules. The motto for supervisors should

    be be alert, be up to date.

    Mustafa Ayaz, CISA

    is the senior banking specialist of the information

    management department at BRSA.

    JO U R N A L ON L I N E2

    Information Systems Control Journal is published by ISACA. Membership in the association, a voluntary organization serving IT governance professionals, entitles one to receive an annual subscription tothe Information Systems Control Journal.

    Opinions expressed in the Information Systems Control Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and/or the ITGovernance Institute and their committees, and from opinions endorsed by authors employers, or the editors of thisJournal. Information Systems Control Journal does not attest to the originality ofauthors' content.

    2008 ISACA.All rights reserved.

    Instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. For other copying, reprint or republication, permission must be obtained in writing from theassociation. Where necessary, permission is granted by the copyright owners for those registered with the Copyright Clearance Center (CCC), 27 Congress St., Salem, Mass. 01970, to photocopy articlesowned by ISACA, for a flat fee of US $2.50 per article plus 25 per page. Send payment to the CCC stating the ISSN (1526-7407), date, volume, and first and last page number of each article.Copying for other than personal use or internal reference, or of articles or columns not owned by the association without express permission of the association or the copyright owner is expresslyprohibited.

    www.isaca.org


Learn turkish at an excellent language school in Izmir, Turkey...per Week 20 Lessons 30 Lessons 10 Lessons 20 Lessons 30 Lessons Days Mo-Fr Mo-Fr Mo-Fr Mo-Fr Mo-Fr Hours 9.00-12.30

Financial Statement Fraud - Home - ICPAK · PDF file · 2017-11-03procurement fraud Analysis: Lessons learnt and way ... Case studies- Financial Statement Fraud ... §The Anglo-leasing

Uneconomic trading as transactional fraud: EU compliance … · 2018. 2. 2. · Uneconomic trading as transactional fraud: EU compliance lessons from the US AIGET Dan Harris & Shaun

Identifying and preventing fraud & corruption in ESI funds ... · Identifying and preventing fraud & corruption in ESI funds Building Anti-Fraud measures Lessons learned in the fight

CAG NORMS - PSU AUDIT - CITI BANK FRAUD - LESSONS NEED …

Regional water governance benchmarking project lessons from jordan and turkey

FRAUD RISK MANAGEMENT A Corporate Awakening: Lessons …...> Wiley and Sons Inc > > Doody, H. et al – (2008) Fraud Risk Management – A Guide to Good Practice > Chartered Institute

Gary Giroux What Went Wrong? Accounting Fraud and Lessons ...users.metropolia.fi/~minnak/ipw/Monika Kovarova... · Gary Giroux What Went Wrong? Accounting Fraud and Lessons from the

Lessons from Turkey Seden Yalinkilinc

CHAPTER 2 Section One – Course introduction FRAUD ... · use these fraud cases as valuable sources of information and lessons that can promote fraud prevention and detection through

Women in CS Lessons From Turkey Global Voices Presentation 2014

avoiding home repair fraud: lessons from hurricane katrina · Avoiding Home Repair Fraud: Lessons from Hurricane Katrina In Brief Hurricane Katrina killed thousands of people, disrupted

Lottery Fraud / Nigerian Fraud / 419 Fraud. Different types of Advance Fee Fraud Inheritance Fraud Dating or romancing fraud Online gulf job fraud

Counter Fraud Lessons Learned from the Floods

Lessons from Turkey Integrated Approaches to Land and Water Management

KKB’s Fraud Detection & Prevention System SABAS · 2009. 3. 2. · SABAS “The Power of Data Sharing & Information Exchange In The Fight Against Financial Fraud In Turkey” 1

Risk Management Lessons from Madoff Fraud · 2019-09-27 · Risk Management Lessons from Madoff Fraud∗ Pierre Clauss† Thierry Roncalli‡ Guillaume Weisang§ First version: March

Surveys on social and fiscal fraud: state of the art and lessons for the Belgium Survey

The lessons in this module, “Medicare and Medicaid Fraud ... · The lessons in this module, “Medicare and Medicaid Fraud and Abuse Prevention,” explain Medicare and Medicaid

Deep Recurrent Neural Networks for Fraud Detection on ... · Deep Recurrent Neural Networks for Fraud Detection on Debit Card Transactions Lessons Learned • Don’t use high level

The importance of chert in Central Anatolia: Lessons from the Neolithic assemblage at Çatalhöyük, Turkey

Lessons from the Financial Liberalization Experience of Turkey, 1990 - 2005 A. Erinç Yeldan Bilkent University IDEAs Network

A FULL CIRCLE OF FRAUD Unlearned Lessons from Fraud in the Financial Crisis Peter Goldmann, MSc., CFE White-Collar Crime 101 LLC 21 st Annual ECI Conference

Learned lessons in credit card fraud detection from a ... · Learned lessons in credit card fraud detection from a practitioner perspective ... and methods (e.g. resampling ... Credit

Strong performers and successful reformers - lessons from PISA for Turkey

Impacts of a Fraud Investigation: Lessons Learned

Learned lessons in credit card fraud detection from …di.ulb.ac.be/map/adalpozz/pdf/FraudDetectionPaper_8.pdfLearned lessons in credit card fraud detection from a practitioner perspective

HEALTHSOUTH FRAUD LESSONS LEARNED. ETHICS FIRST Richard M. Scrushy

MDG-F 1680 ENHANCING THE CAPACITY OF TURKEY TO ADAPT TO CLIMATE CHANGE Lessons learnt so far

Women and CS, Lessons Learned From Turkey - Voices 2015

Fraud Auditing in Turkey Thursday 2 6 April 2007 Wayne Anthony Head of Crisis Management Services

CASE STUDIES & LESSONS FROM THE FIELD THE FRAUD … · ACFE Logo are trademarks owned by the Association of Certified Fraud Examiners, Inc. ... This case involved an insurance agent

Fraud Detection in Telecommunications: History and Lessons

LESSONS IN - National Student Clearinghouse · LESSONS IN ACADEMIC FRAUD? When it comes to academic fraud, what you don't know can hurt you... and your clients ... and your reputation

Healthcare Reforms and Pharmaceuticals Lessons from Turkey