16.2.5 University principles on corruption and bribery
Boğaziçi University Principles on Corruption and Bribery
Boğaziçi University has clearly demonstrated its commitment to combating organised crime, corruption and bribery through written principles and procedures. The university's Ethical Principles page clearly states the ethical principles that all stakeholders must comply with, and transparency and accountability are supported in all areas. Compliance with these principles is regularly monitored by the university's Ethics Committees. In addition, the university follows certain quality standards in institutional functioning with ISO 9001:2015 certificate. It is subject to internal and external audits within the framework of these standards, which ensures transparency and accountability.
Boğaziçi University's internal control system provides assurance that the university's income, expenses, assets and liabilities are managed effectively, economically and efficiently, and that it operates in accordance with the laws and other regulations. This system is designed to prevent corruption and irregularities, and all financial decisions and transactions are regularly audited. The internal audit unit of the University is obliged to notify the senior management in case of any possible corruption.
Offences related to corruption, bribery and organised crime are subject to criminal investigation and prosecution in accordance with the Higher Education Law No. 2547 and the Law No. 3628 on Declaration of Assets, Anti-Bribery and Anti-Corruption. In addition, the university's financial reports and internal control systems are subject to the audit of the Court of Accounts.
Related Links:
- Boğaziçi University Ethical Principles
- Boğaziçi University Internal Control System Principles Implementation Circular
- Boğaziçi University Circular on Preliminary Financial Control Procedures
- Boğaziçi University Department of Administrative and Financial Affairs Duties and Working Directive
- 2024 Boğaziçi University Administrative Activity Report
- Boğaziçi University Budget Implementation System
- ISO 9001:2015 Certificate and Internal Audit
- Public Financial Management Legislation
- Audit Authorisation of the Court of Accounts
- Higher Education Law No. 2547
- Law No. 3628 on Declaration of Property, Anti-Bribery and Corruption
- Action Plan for Compliance with Internal Control Standards
- Article 5 of the Court of Accounts Law
- Constitution of the Republic of Turkey Article 160
2024 Sustainability Report SDG-16 (Related Section)
Anti-Corruption and Anti-Bribery Principles
Boğaziçi University clearly demonstrates its commitment to combating organised crime, corruption and bribery through written principles and procedures. The Ethical Principles page of the University clearly states the ethical rules that all stakeholders must comply with, and the principles of transparency and accountability have been adopted in all areas.
Ethical Principles and Audit Mechanisms
- Ethics Committee Monitoring: Ethics committees ensure the adoption of ethical standards in academic and administrative processes. They examine and evaluate complaints about violations of ethical rules, and report the detected violations to the university administration or relevant units.
- Quality Standards: The University applies ISO 9001:2015 quality standards in its institutional functioning and is subject to internal and external audits that ensure transparency and accountability within this framework.
Internal Control System and Financial Audit
- Boğaziçi University's Internal Control System ensures that income, expenses, assets and liabilities are managed effectively, economically and efficiently.
- The system is designed to prevent corruption and irregularities and all financial decisions and transactions are regularly audited.
- The Internal Audit Unit of the University is obliged to inform the senior management in case of any possible corruption or irregularity.
Legal Framework
- Violations related to corruption, bribery and organised crime are subject to criminal investigation and prosecution within the scope of Higher Education Law No. 2547 and Law No. 3628 on Declaration of Assets, Anti-Bribery and Anti- Corruption.
- The University's financial reports and internal control systems are subject to regular audits by the Court of Accounts.
These principles and mechanisms demonstrate Boğaziçi University's commitment to combating corruption and bribery and ensure that all processes within the institution operate in a transparent and accountable manner.
Click here to view the relevant legislation:
https://sgdb.bogazici.edu.tr/node/73/kamu-mali-yonetim-mevzuati
https://sgdb.bogazici.edu.tr/ic-kontrol/ilgili-mevzuat
Anti-Corruption and Anti-Bribery Principles
Click here for Internal Control Standards Compliance Action Plan:
INTERNAL CONTROL STANDARDS COMPLIANCE ACTION PLAN
Boğaziçi University Internal Control Standards Compliance Action Plan has been prepared to ensure that all structures and personnel comply with internal control standards and create an effective internal control system. Internal control is a process that supports the university to achieve its goals, ensures effective and efficient use of resources, increases accountability and ensures compliance with legislation.
The main components of the plan can be summarised as follows:
1.Control Environment: Adopting corporate ethical values, clarifying the job descriptions of units and personnel, and establishing a strong organizational structure
2.Risk Assessment: Identifying and managing internal and external risks that may prevent the administration from achieving its goals
3.Control Activities: Defining processes, establishing procedures and developing control mechanisms
4.Information and Communication: Ensuring internal and external information flow, improving reporting processes and establishing an effective communication network
5.Monitoring: Regular evaluation of the internal control system and establishment of functionally independent internal audit mechanisms by administrations
This action plan is implemented with the participation of all relevant units. The effective implementation of the plan enables the organization to achieve a more transparent, accountable and sustainable management approach.
|
Standard Code No |
Public Internal Control Standard and General Requirement |
Current Status |
Action Code No |
Foreseen Action or Actions |
Responsible Unit or Working group |
Collaboration Unit |
Output/Result |
Completion Date |
||||||||
|
CES 1 |
||||||||||||||||
|
CES 1.1 |
The internal control system and its functioning should be owned and supported by managers and staff. |
Although the internal control system is supported by the Manager, there is a lack of information and training on the functioning and binding nature of the system. |
1.1.1 |
An internal control brochure will be prepared, printed and shared with all employees. In addition, the internal control compliance action plan will be turned into a book and shared with the units. |
SGDB All units |
All Unit Managers |
Internal Control Brochure and Booklet |
July 2015 |
||||||||
|
1.1.2 |
In order to raise awareness of internal control, the action plan will be published on the internal communication channel (portal) and Boğaziçi University corporate website. |
Corporate communication office |
All Unit Managers |
Internal Control Compliance Action Plan |
July 2015 |
|||||||||||
|
1.1.3 |
In order to increase and maintain internal control awareness, informative meetings on internal control will be held with managers and employees on the administration action plan and its current status. |
SGDB |
All Unit Managers |
Information Meetings on Internal Control Awareness |
2015 To be Repeated in the Second Semiannual Period |
|||||||||||
|
1.1.4 |
The "Internal Control System Assessment Form", which is Annex 4 of the TCA Regularity Audit Guidelines, will be sent to all units to draw attention to the controls in terms of responsibility in this area. |
SGDB Internal control unit |
All Unit Managers |
Evaluation Form/Awareness Raising |
December 2016 |
|||||||||||
|
CES 1.2 |
The managers of the administration should set an example for the staff in the implementation of the internal control system. |
The managers of our university carry out control activities within the framework of existing legislation and general practices and direct their personnel according to the current situation. |
1.2.1 |
Regular monitoring and evaluation meetings will be organized within the units and it will be ensured that these meetings are recorded with the standard minutes to be developed and the decisions of the meetings are followed up. |
All Unit Managers SGDB |
All Unit Managers |
Meeting Procedure |
Continuous |
||||||||
|
1.2.2 |
The monitoring and steering committee will question the realization of the actions envisaged by the internal control action plan, determine the need for revision and report the necessary information on internal control to the senior management every 4 months. |
SGDB İYK |
All Unit Managers |
Meeting Standards |
Continuous |
|||||||||||
|
1.2.3 |
Internal Control Expectations and Good Practice Examples Implementation Training will be organized. |
In-service training branch directorate |
SGDB |
Training Program / Internal Control Awareness Raising |
December 2016 |
|||||||||||
|
CES 1.3 |
Ethical rules must be known and followed in all activities. |
While the Code of Ethics exists, actions should be taken to raise awareness and recognition. |
1.3.1 |
It will be ensured that ethical rules are determined in the form of written approved codes (administrative, academic) and printed as a guide and announced to all personnel. |
SGDB |
All Unit Managers |
Ethics Guide |
December 2016 |
||||||||
|
1.3.2 |
The code of ethics will be posted in common areas and bulletin boards where those who receive services from Boğaziçi University can easily access it. It will be announced electronically. |
SGDB |
All Unit Managers |
Announcement of the Code of Ethics |
||||||||||||
|
1.3.3 |
Programs and activities will be organized to raise ethical awareness during Ethics Week and Ethics Day on May 25. |
SGDB |
All Unit Managers |
Training and Programs |
May 2016 |
|||||||||||
|
1.3.4 |
Ethical rules will be conveyed to newly recruited employees during orientation trainings. |
In-Service Training Branch Directorate |
All Unit Managers |
Orientation Training Form |
December 2016 |
|||||||||||
|
CES 1.4 |
Integrity, transparency and accountability in activities should be ensured. |
Activities are carried out within the framework of the principle of honesty in accordance with existing legal regulations. |
1.4.1 |
A report on "Boğaziçi University Financial Transparency Practices" will be written. |
SGDB |
All Unit Managers |
Financial Transparency Practices Report |
August 2016 |
||||||||
|
1.4.2 |
In order to realize the principles of public and impartiality, transparency and accountability in accordance with the provisions of the legislation, announcements regarding all activities will be published on the web page of the institution, and in this context, web arrangements will be made effective and up-to-date. |
Corporate Communications Office |
SGDB Internal Control Unit |
Announcement of Information Required to be Disclosed to the Public |
In accordance with the Announced Schedule |
|||||||||||
|
CES 1.5 |
The administration's staff and service providers must be treated fairly and equally. |
The administration should treat its staff and those it serves fairly and equally, and should be in a position to demonstrate this in writing. |
1.5.1 |
Necessary work will be carried out to create/revise a service standard inventory. The prepared inventory will be announced through the website and bulletin boards. |
SGDB Senior Management |
Service Standards Inventory |
December 2015 |
|||||||||
|
1.5.2 |
Within the scope of service delivery procedures and principles, systems will be developed to evaluate the complaints and suggestions of service beneficiaries, and satisfaction surveys will be conducted periodically for service users and personnel. |
SGDB |
All Unit Managers |
Survey Forms/Survey Evaluation Results |
December 2015 |
|||||||||||
|
1.5.3 |
It will be ensured that the suggestions/complaints included in the applications to be made for the standard will be evaluated by the Ethics Committee as well as the relevant unit. |
Ethics Committee |
Department of Personnel |
December 2015 |
||||||||||||
|
CES 1.6 |
All information and documents related to the activities of the administration must be accurate, complete and reliable. |
Although the operations and transactions are carried out in accordance with the legislation, there are areas for improvement in terms of accurate, complete and reliable reporting of information on the activities carried out. (There is such software for academic units) |
1.6.1 |
Necessary personal development training needs will be identified in order to improve interpersonal relations and management skills, and these trainings will be provided to staff and managers. |
In-service training branch directorate SGDB |
All Unit Managers |
Training Needs Analysis |
Continuous |
||||||||
|
1.6.2 |
A working group will be established to determine the needs and alternative costs of the Electronic Document Management System so that all information and documents related to the activities of the Administration can be accessed electronically. |
EBYS Working Group |
All Unit Managers |
Software |
December 2016 |
|||||||||||
|
CES 2 |
||||||||||||||||
|
CES 2.1 |
The mission of the administration should be determined in writing, announced and adopted by the personnel. |
The mission of Boğaziçi University was determined within the scope of strategic planning studies. Efforts should be made to ensure that the mission is adopted by the employees and announced to the public. |
2.1.1 |
In order to ensure that its mission is adopted by all units, announcements will be made through written and various communication tools (such as annual report, web page). |
Corporate Communications Office
SGDB |
Information Technology Department |
Increased sense of belonging with the Mission Statement |
|||||||||
|
CES 2.2 |
The tasks to be carried out by the administrative units and sub-units to ensure the realization of the mission must be defined and announced in writing. |
Job descriptions should be prepared to meet the standard and attention should be paid to this issue in job allocations. |
2.2.1 |
It will be ensured that the tasks in line with the mission are put in writing and that these job descriptions are accessible electronically. |
SGDB BIM |
All Unit Managers |
Written Job Descriptions |
December 2016 |
||||||||
|
CES 2.3 |
A distribution of duties chart covering the duties of the personnel in the administrative units and their authorities and responsibilities related to these duties should be prepared and communicated to the personnel. |
Assignments are not made in writing and are not communicated to employees. |
2.3.1 |
Efforts will be made to ensure that the distribution of duties in the units is made in writing and employees will be notified through standard forms to be developed. |
Unit Managers |
All Unit Managers |
Task Notification Form |
July 2016 |
||||||||
|
2.3.2 |
Process analysis studies of the units will be carried out and process studies will be continued on the basis of the work done. |
SGDB All units |
All Unit Managers |
Process Drawings and Process Analyses |
December 2015 |
|||||||||||
|
CES 2.4 |
There should be an organizational chart of the administration and its units and accordingly a functional distribution of duties should be determined. |
The organizational chart of Boğaziçi University has been created. Organizational charts of the units on the basis of tasks have not been created. |
2.4.1 |
It will be ensured that the organizational charts will be kept up to date on the basis of tasks in the units. These schemes will be announced at the unit entrances. |
All Unit Managers |
SGDB |
Unit Organization Chart |
December 2015 |
||||||||
|
2.4.2 |
The duties and authorities of the units will be reviewed and the job descriptions that cause task conflicts will be brought in line with the legislation and duplicate tasks will be eliminated. |
Department of Personnel |
All Unit Managers |
Job Descriptions |
July 2016 |
|||||||||||
|
CES 2.5 |
The organizational structure of the administration and its units should be such that it shows the basic distribution of authority and responsibility, accountability and appropriate reporting relationship. |
The organizational structure, basic authority and responsibility distribution of our university and its units have been established and maintained within the framework of the laws in force. |
2.5.1 |
An organizational structure and distribution of tasks will be established in which responsibility and accountability can be established. |
Department of Personnel |
All Unit Managers |
Job Descriptions |
July 2016 |
||||||||
|
2.5.2 |
Mechanisms will be developed to ensure that all kinds of information and documents that will be needed by the units of our university are classified, accessible, up-to-date and reliable within the framework of appropriate reporting principles. |
BIM |
General Secretariat |
Information System |
July 2016 |
|||||||||||
|
CES 2.6 |
The managers of the administration should determine the procedures for sensitive tasks in the execution of activities and announce them to the staff. |
At the institutional level, no systematic and holistic study has been conducted to identify sensitive tasks. Work will be initiated in this direction. |
2.6.1 |
Sensitive tasks will be identified and announced to all employees with a directive. Responsible for sensitive tasks, risks and consequences of failure to fulfill the tasks will be tabulated. Sensitive tasks will also be prioritized in risk studies. |
All Unit Managers |
SGDB |
Sensitive Tasks Directive |
January 2016 |
||||||||
|
CES 2.7 |
Managers at all levels should establish mechanisms to monitor the outcome of assigned tasks. |
While the outcome of assigned tasks is monitored, there is no monitoring standard set. |
2.7.1 |
In accordance with the meeting procedure to be prepared, unit managers, heads of departments and responsible deputy general secretaries will be ensured to hold monitoring meetings. Meeting results will be monitored through the Electronic Document Management System. |
Monitoring and Steering Committee
SGDB Internal Control Unit |
All Unit Managers |
Monitoring Meeting |
July 2015 |
||||||||
|
2.7.2 |
The reports already prepared by each unit manager for the work carried out in their unit will be standardized. |
Monitoring and Steering Committee
SGDB Internal Control Unit |
All Unit Managers |
Establishment of Monitoring System |
July 2016 |
|||||||||||
|
CES 3 |
||||||||||||||||
|
CES 3.1 |
Human resources management should be aimed at ensuring the realization of the goals and objectives of the administration. |
Studies are carried out within the university in terms of contemporary human resources management. |
3.1.1 |
Training programs will be organized on relevant legislation, developing and diversifying communication technologies and personal development. The effectiveness of the training will be measured by exams to be held before and after the training. |
In-Service Training Branch Directorate PDB |
All Unit Managers |
Increased knowledge and moral motivation |
|||||||||
|
3.1.1 |
|
|||||||||||||||
|
CES 3.2 |
The managers and personnel of the administration should have the knowledge, experience and ability to carry out their duties effectively and efficiently. |
Although the managers and staff of the administration have the knowledge, experience and ability to carry out their duties effectively and efficiently, studies should be carried out to identify the deficiencies and determine the needs in this direction. |
3.2.1 |
While preparing job descriptions, the minimum qualifications and competencies required for the job will also be determined and included in the job description form. |
PDB |
SGDB Internal Control Unit |
Job Descriptions Minimum Qualifications and Competencies |
July 2016 |
||||||||
|
3.2.2 |
The qualifications and competencies of existing human resources will be reviewed, gap analyses will be conducted between the current and required situation, and training needs will be identified. |
In-Service Training Branch Directorate
PDB |
All Unit Managers |
Gap Analysis |
December 2015 |
|||||||||||
|
3.2.3 |
Internal Control Expectations and Good Practice Examples Implementation Training will be organized. |
In-Service Training Branch Directorate |
SGDB |
Training Program / Internal Control Awareness Raising |
December 2015 |
|||||||||||
|
3.2.4 |
Ethical rules will be conveyed to newly recruited employees during orientation trainings. |
In-Service Training Branch Directorate |
All Unit Managers |
Orientation Training Form |
December 2015 |
|||||||||||
|
3.2.5 |
Necessary personal development training needs will be identified in order to improve interpersonal relations and management skills, and these trainings will be provided to staff and managers. |
In-Service Training Branch Directorate SGDB |
All Unit Managers |
Training Needs Analysis |
December 2015 |
|||||||||||
|
3.2.6 |
Training programs will be organized on relevant legislation, developing and diversifying communication technologies and personal development. The effectiveness of the training will be measured by exams to be held before and after the training. |
In-Service Training Branch Directorate Department of Personnel |
All Unit Managers |
Increased knowledge and moral motivation |
December 2015 |
|||||||||||
|
3.2.7 |
Risk training will be organized to increase risk awareness. |
In-Service Training Branch Directorate |
All Unit Managers |
Risk Awareness |
December 2015 |
|||||||||||
|
3.2.8 |
Training programs will be organized on topics such as communication, meeting organization and time management. |
In-Service Training Branch Directorate |
All Units |
Education Program |
December 2015 |
|||||||||||
|
3.2.9 |
Training on Budget and Performance Program Preparation will be organized. The success level of the training will be measured by exams before and after the training. |
In-Service Training Branch Directorate |
All Units |
Education Program |
December 2015 |
|||||||||||
|
CES 3.3 |
Emphasis should be placed on professional competence and the most appropriate personnel should be selected for each task. |
Professional competence is emphasized and the most suitable personnel are selected for each task. Actions under requirements 3.1 and 3.2 will improve compliance with this requirement. |
||||||||||||||
|
CES 3.4 |
The principle of merit must be followed in the recruitment, advancement and promotion of personnel and their individual performance must be taken into consideration. |
Recruitment of personnel and other personnel movements at our university are carried out within the framework of the relevant legislation (Law No. 2547, Law No. 657 and secondary regulations). |
3.4.1 |
Work will be initiated to establish a performance evaluation system and to maintain it within the scope of automation. In addition, career and merit principles will be applied in the employment of our university personnel within the framework of the provisions of the relevant articles in the relevant personnel laws. |
General Secretariat
SGDB
PDB
|
All Unit Managers |
Performance Evaluation System |
July 2016 |
||||||||
|
CES 3.5 |
The training needs for each task should be determined, training activities to meet these needs should be planned and carried out every year and updated when necessary. |
Training needs are determined by the In-Service Training Branch Directorate by collecting training requests from the units every year to determine the training needs. |
3.5.1 |
3.2.2 Within the scope of 3.2.2, it will be ensured that training needs analyses and requests are made by considering qualifications and competencies. In addition, it will be ensured that the training needs analysis in the in-service training directive to be prepared will be arranged by taking these criteria into account. |
In-Service Training Branch Directorate |
All Unit Managers |
Training Needs Analysis |
December 2016 |
||||||||
|
CES 3.6 |
The competence and performance of the personnel should be evaluated at least once a year by their manager and the results of the evaluation should be discussed with the personnel. |
With the implementation of the performance evaluation system related to condition 3.4, the necessary actions for this condition will be implemented. |
3.6.1 |
A directive/regulation on the performance evaluation system will be prepared and shared with all employees. |
PDB SGDB |
All Unit Managers |
Performance Evaluation Legislation |
With the completion of action 3.4.1 |
||||||||
|
3.6.2 |
Performance evaluation results will be shared with the relevant personnel and the results of the evaluation will be discussed with the personnel's manager. |
PDB |
All Unit Managers |
Performance Evaluation System |
With the completion of action 3.4.1 |
|||||||||||
|
CES 3.7 |
Measures should be taken to improve the performance of personnel whose performance is found to be inadequate according to the performance evaluation, and rewarding mechanisms should be developed for personnel with high performance. |
Institutional arrangements for rewarding personnel are needed. |
3.7.1 |
A rewarding regulation will be prepared and shared with all employees. In addition, this system will be integrated with the performance evaluation system. |
PDB |
All Unit Managers |
Reward Regulation |
December 2016 |
||||||||
|
3.7.2 |
Training needs will be identified for employees whose performance is found to be inadequate as a result of the evaluation and employees will be provided with these trainings. Personnel whose performance evaluation is inadequate despite receiving training will be subject to rotation. |
PDB |
All Unit Managers |
Including the results of the Performance Evaluation System in training needs analysis |
With the completion of action 3.4.1 |
|||||||||||
|
CES 3.8 |
Important issues related to human resources management such as staff recruitment, relocation, appointment to higher positions, training, performance evaluation, personal rights should be determined in writing and announced to the staff. |
The works and procedures established by Boğaziçi University for this requirement are carried out in accordance with the legislation. Therefore, no action has been developed. Meeting this requirement will be further improved with the realization of the actions in the conditions on the basis of this component.
|
||||||||||||||
|
CES 4 |
||||||||||||||||
|
CES 4.1 |
Signature and approval authorities in workflow processes must be identified and announced to the staff. |
Process studies have started and are targeted to be completed during the action plan period. |
4.1.1 |
While preparing the process flow charts, it will be ensured that the signature and approval authorities are shown in accordance with the directive. |
General Secretariat
All Units |
All Unit Managers |
Including authorization and approval steps in process flow charts |
July 2016 |
||||||||
|
CES 4.2 |
Delegations of authority must be determined in writing and notified to the relevant persons, indicating the limits of the delegated authority within the framework of the principles determined by the senior manager. |
The institution has a directive on signature authorities. It will be harmonized with delegations of authority. |
4.2.1 |
The signature authorities and delegation of authority directive will be reviewed, revision needs will be identified and shared with all employees. In the following period, the directive will be reviewed regularly every year in parallel with the emerging needs. |
General Secretariat
PDB
|
Registry Branch Directorate |
Directive |
Every year |
||||||||
|
4.2.2 |
The Directive for the delegation of authority to be made in writing in a way to determine the limits of the authority to the person who is delegated authority will be complied with. |
General Secretariat PDB |
All Unit Managers |
Delegation of Authority Form |
Continuous |
|||||||||||
|
CES 4.3 |
Delegation of authority should be consistent with the importance of the delegated authority. |
Delegations of authority at our university are designed and implemented in line with the importance of the delegated authority. |
4.3.1 |
In the delegations of authority to be made; responsibilities and limits of authority will be clearly defined, the delegated authority will be ensured to be compatible with the duties of the person to be delegated and will be notified to the relevant personnel in writing. In addition, authorizations will be made according to the importance of the decisions and risks to be taken. |
General Secretariat
PDB |
All Unit Managers |
Principles of Delegation of Authority |
Every year |
||||||||
|
CES 4.4 |
The personnel to whom authority is delegated must have the knowledge, experience and ability required by the task. |
At our university, it has been adopted that the personnel delegated with authority are selected from those who have the knowledge, experience and skills required by the task. |
4.4.1 |
Delegation of authority will be made to the most appropriate person or persons among the same level and authorities, taking into account the hierarchy and risk factor. |
General Secretariat
PDB |
All Unit Managers |
Principles of Delegation of Authority |
Every year |
||||||||
|
CES 4.5 |
The personnel to whom authority is delegated should inform the delegated authority periodically about the use of the authority, and the delegated authority should seek this information. |
The personnel to whom authority is delegated do not provide information on the use of authority in a systematic and demarcated manner; information flow is maintained verbally but not based on any reporting. |
4.5.1 |
In delegations of authority, information flow will be ensured between the transferee and the delegator, and the duration and limits of the delegation of authority and the periods in which the delegate will provide feedback will be included in the approval of the delegation of authority. |
General Secretariat
PDB |
All Unit Managers |
Delegation of Authority Principles and Reporting Standards |
Every year |
||||||||
|
2- RISK ASSESSMENT |
||||||||||||||||
|
Standard Code No |
Public Internal Control Standard and General Requirement |
Current Status |
Action Code No |
Foreseen Action or Actions |
Responsible Unit or Working group members |
Collaboration Unit |
Output/Result |
Completion Date |
||||||||
|
RAS 5 |
||||||||||||||||
|
RAS 5.1 |
Administrations should prepare strategic plans through participatory methods in order to establish their mission and vision, set strategic goals and measurable objectives, measure, monitor and evaluate their performance. |
Current situation meets the standard. Therefore, no action has been developed. |
||||||||||||||
|
RAS 5.2 |
Administrations should prepare a performance program that includes the programs, activities and projects they will carry out, their resource requirements, performance targets and indicators. |
Performance programs could not be prepared regularly every year. It should be ensured that they are prepared in the future. |
5.2.1 |
Guidelines for performance-based budget preparation will be prepared and shared with departments. |
SGDB Budget Performance Program Directorate |
All Unit Managers |
Guide |
December 2015 |
||||||||
|
5.2.2 |
Trainings will be organized for the preparation of the performance program and determination of performance indicators. |
ASAM Budget Performance Program Directorate |
All Unit Managers |
Education Program |
May 2016 |
|||||||||||
|
RAS 5.3 |
Administrations should prepare their budgets in accordance with their strategic plans and performance programs. |
Personnel assigned to budget preparations in the units are not identified. Activities are not divided into projects. Costs of activities or projects cannot be monitored. |
5.3.1 |
Personnel responsible for budget preparation in each unit will be identified and performance-based budget preparation training will be organized for the personnel responsible for budget preparation. |
SGDB |
All Unit Managers |
Education Program |
May 2016 |
||||||||
|
5.3.2 |
The activities identified in the performance program will be projected and project training will be provided. |
SGDB |
All Unit Managers |
Form |
May 2016 |
|||||||||||
|
RAS 5.4 |
Managers should ensure that activities comply with the objectives and targets set by the relevant legislation, strategic plan and performance program. |
Compliance with the budget and goals and objectives should be ensured and efforts should be made in this regard. |
5.4.1 |
Evaluation meetings will be held annually with unit managers under the coordination of the Strategy Development Department to assess the compliance of activities with the legislation, strategic plan and performance programs. |
SGDB |
All Unit Managers |
Information System |
January 2016 |
||||||||
|
RAS 5.5 |
Managers should set specific objectives in line with the objectives of the administration within the framework of their areas of duty and announce them to their staff. |
Managers should set some targets within the framework of their areas of responsibility. Efforts should be made to harmonize these objectives with the strategic objectives of the administration and to monitor them. |
5.5.1 |
Unit managers will evaluate unit performance targets within the scope of the strategic plan and unit performance program, inform their staff about their unit performance targets, and informational meetings will be held on these issues. |
All Unit Managers |
Monitoring and Steering Committee |
Unit targets and target assessment results |
January 2016 |
||||||||
|
RAS 5.6 |
The objectives of the administration and its units should be specific, measurable, achievable, relevant and timely. |
Current situation meets the standard. Concrete indicators for achieving targets have been developed through the performance program. Improvement will be ensured within the scope of RDS 5.4 and 5.5. |
||||||||||||||
|
RAS 6 |
||||||||||||||||
|
RAS 6.1 |
Administrations should systematically identify risks to their goals and objectives each year. |
The organization has not carried out a study to identify risks that may prevent the achievement of goals and objectives. |
||||||||||||||
|
6.1.1 |
Trainings on Court of Accounts Audit and Regularity Audit within the framework of Law No. 6085 will be organized. |
In-Service Training Branch Directorate |
All Unit Managers |
Education Program |
December 2015 |
|||||||||||
|
6.1.2 |
Risk officers will be identified in each unit, and a risk coordinatorship and risk assessment board will be established. |
SGDB |
Monitoring and Steering Committee |
Risk Coordination and Evaluation Board |
December 2015 |
|||||||||||
|
6.1.3 |
Unit Risk Officers will report the developments regarding the existing risks within the scope of the activities carried out by their units to the Monitoring and Steering Committee through instant (if applicable) and quarterly Risk Monitoring Forms. |
Monitoring and Steering Committee |
Risk Monitoring Form |
Quarterly Periods (starting December 2016) |
||||||||||||
|
6.1.4 |
Corporate Risk Management Directive will be prepared and shared with all employees. |
Monitoring and Steering Committee SGDB |
All Unit Managers |
Directive |
December 2016 |
|||||||||||
|
RAS 6.2 |
The likelihood of risks materializing and their likely impact should be analyzed at least once a year. |
No systematic risk analysis and assessment studies have been conducted for implementation |
6.2.1 |
Unit risk officers will hold regular meetings once a year to assess risks and update impact probability analyses. |
Internal Control Unit |
All Unit Managers |
Minutes of the meeting |
December 2016 |
||||||||
|
RAS 6.3 |
Measures to be taken against risks should be determined and action plans should be created. |
There is no action plan prepared before. An action plan should be prepared by the relevant units for the probability of realization and elimination of risks to the goals and objectives of the organization. |
6.3.1 |
Units will systematically analyze the risks related to the objectives and targets in the strategic plan and performance programs once every six months and prepare appropriate risk action plans for the management of risks. |
All units |
Monitoring and Steering Committee |
Risk Action Plan |
As of Semi-annual Periods (starting December 2016) |
||||||||
|
6.3.2 |
The prepared action plan will be submitted to the Monitoring and Steering Committee. Monitoring and Steering Committee The risk action plan decided by the Risk Management Committee will be submitted to the senior management for approval. After approval, the action plan will be implemented. |
All unit managers ASAM |
Monitoring and Steering Committee |
Risk Action Plan approval and implementation process |
December 2016 |
|||||||||||
|
3- CONTROL ACTIVITIES |
||||||||
|
Standard Code No |
Public Internal Control Standard and General Requirement |
Current Status |
Action Code No |
Foreseen Action or Actions |
Responsible Unit or Working group members |
Collaboration Unit |
Output/Result |
Completion Date |
|
CAS 7 |
||||||||
|
CAS 7.1 |
Appropriate control strategies and methods (regular review, control by sampling, comparison, approval, reporting, coordination, verification, analysis, authorization, supervision, examination, monitoring, etc.) should be determined and implemented for each activity and its risks. |
There are no written prescribed control strategy methods. There is a need to conduct risk analyses for written procedures for activities. In addition, process work has started and needs to be completed. |
7.1.1 |
With the completion of process studies, control strategies will be developed for risky areas on process maps. |
SGDB HRWG |
All Unit Managers |
Process Maps |
December 2016 |
|
7.1.2 |
With the completion of the process studies, the institutional service standards inventory will be prepared/revised in accordance with the processes. |
SGDB |
All Unit Managers |
Service Standards Inventory |
December 2016 |
|||
|
7.1.3 |
After the preparation of the service standards inventory, regular checks will be carried out on the samples to be identified. |
SGDB |
All Unit Managers |
Service Standards Inventory |
Every 6 months (starting December 2016) |
|||
|
7.1.4 |
Control points and control activities will be defined for risks, these will be included in the risk action plan, and regular review and updating of control activities and control points will be ensured. |
SGDB |
All Unit Managers |
Risk Monitoring Report |
Every 6 months7(starting December 2016) |
|||
|
CAS 7.2 |
Controls should include, where necessary, pre-process control, process control and post-process control. |
While legal controls are in place for the activities carried out, there is a need to improve systematic control activities before and after the transaction. |
7.2.1 |
Control systems and processes will be structured to cover pre-process control, process control and post-process controls, and the issues required for the preparation and implementation of the budget, which will form the basis for the management of financial resources, the creation of the investment program, the proper execution and monitoring of expenditures will be planned. |
SGDB |
All Unit Managers |
Impact Analysis Report |
Every 6 months (from December 2016) |
|
CAS 7.3 |
Control activities should include periodic control and safeguarding of assets. |
Movables and immovables are tracked in accordance with the legislation. |
7.3.1 |
Movable record management system (KBS) will be implemented. |
General Secretariat SGDB |
All Unit Managers |
September 2015 |
|
|
7.3.3 |
The current status of immovables (administrative, legal, physical, etc.) will be regularly reported to the senior management every year. |
Immovable property unit |
Department of Construction Works SGDB |
Real Estate Current Situation Report |
January 2016 |
|||
|
CAS 7.4 |
The cost of the identified control method should not exceed the expected benefit. |
There is a need for cost analysis for the control methods developed. |
7.4.1 |
Cost analyses will also be made for the risks identified within the scope of risk studies and control activities to be developed based on process studies. |
SGDB |
All Unit Managers
|
Cost determination of control activities |
Continuous (from December 2016) |
|
CAS 8 |
||||||||
|
CAS 8.1 |
Administrations should establish written procedures for their activities and financial decisions and transactions. |
Process management studies are ongoing in our organization. Written procedures are being developed for the activities currently carried out. |
8.1.1 |
"Institutional legislation" will be created for all activities and financial decisions and transactions (This legislation will be up-to-date, comprehensive and understandable and accessible by the relevant personnel) A web application will be developed with INTRANET. |
SGDB BIM |
All Unit Managers |
Procedure Study |
December 2016 |
|
8.1.2 |
Legislative changes concerning the organization will be shared with employees as announcements on the intranet system. |
Legal Consultancy
Directorate of Strategy Planning and Management Information Systems |
BIM |
Follow-up of Legislative Amendments |
December 2015 |
|||
|
8.1.3 |
Process Control Models will be established on the basis of activities and processes will be clearly identified in all activities. Software for managing processes through an electronic database will be researched. |
SGDB |
BIM |
Process control model |
December 2016 |
|||
|
CAS 8.2 |
Procedures and related documents should cover the stages of initiation, implementation and finalization of the activity or financial decision and transaction. |
Process indexes have been prepared within the organization and work is being carried out to complete the process studies. |
8.2.1 |
The work flow charts to be prepared by our university and its affiliated units will cover the stages of initiation, implementation and finalization of the activity or financial decision and transaction and will be kept up to date in a way to be understandable by the relevant personnel. |
Strategy Development Department |
All Unit Managers |
Flowcharts |
Continuous (from December 2016) |
|
CAS 8.3 Procedures and related documents must be up-to-date, comprehensive, compliant with legislation, and understandable and accessible by relevant personnel. There is a need to carry out the necessary work for the standard.
|
8.3.1 |
All documents will be made accessible through the intranet system and document management system to be developed to create corporate memory. |
Strategy Development Department |
Directorate of Strategy Planning and Management Information Systems |
Electronic Document Management System |
Continuous (from December 2016) |
||
|
8.3.2 |
The review procedure for reviewing and updating procedures will be updated. |
Strategy Development Department |
All Unit Managers |
Review Procedure |
December 2016 |
|||
|
CAS 9 |
||||||||
|
CAS 9.1 |
The tasks of approving, implementing, recording and controlling each activity or financial decision and transaction should be assigned to different persons. |
Within the framework of the legislation in force, the tasks of approving, implementing, recording and controlling each activity or financial decision and transaction are carried out by different persons. |
9.1.1 |
All units will work to identify sensitive tasks and a sensitive tasks directive will be published. |
SGDB |
All Unit Managers |
Sensitive Tasks Directive |
December 2016 |
|
9.1.2 |
Responsibility allocations will be reviewed to ensure that tasks identified as sensitive are not concentrated in the same individuals. Key tasks and responsibilities will be distributed among different people to reduce the risk of error or fraud in operations. |
All Unit Managers |
All Unit Managers |
Sensitive Tasks List |
December 2016 |
|||
|
CAS 9.2 |
Managers of administrations where the principle of separation of duties cannot be fully implemented due to insufficient staff should be aware of the risks and take necessary measures. |
Although the principle of separation of duties is generally respected, problems may arise due to insufficient staff. |
9.2.1 |
The issues to be taken into consideration within the scope of the Separation of Duties Principle will be announced to the units by Internal Circular. |
General Secretariat |
All Unit Managers |
Circular |
December 2016 |
|
9.2.2 |
In case it is not possible to assign different personnel for the tasks of approving, implementing, recording and controlling the activity or financial decision and transaction, necessary measures will be taken by the unit managers to mitigate the risks to be encountered, (e.g: In case there is no technical staff for tenders, such as procurement from another expenditure unit) |
General Secretariat
Strategy Development Department
|
All Unit Managers |
Assignment Letters |
December 2016 |
|||
|
CAS 10 |
||||||||
|
CAS 10.1 |
Managers should exercise the necessary controls to ensure that procedures are implemented effectively and consistently. |
Necessary controls are carried out by managers through existing legal regulations and procedures. Efforts should be made to improve this area. |
10.1.1 |
Managers will comply with the principle of separation of duties in the organizational structure and identify hierarchical control points in order to mitigate the risks identified by the control procedures to be prepared and to carry out appropriate oversight activities. In addition, effective reporting techniques will be developed for these controls in line with the work flow chart and standards by the units of work and transactions within the framework of delegation of authority and assignments. |
General Secretariat
Strategy Development Department |
All Unit Managers |
Executive Control Processes |
December 2016 |
|
CAS 10.2 |
Managers should monitor and approve the work and transactions of the personnel and give necessary instructions to eliminate errors and irregularities. |
Managers monitor and approve the work and transactions of the personnel and give necessary instructions to eliminate errors and irregularities. Current situation meets the standard. |
||||||
|
CAS 11 |
||||||||
|
CAS 11.1 |
Necessary measures should be taken against reasons affecting the continuity of activities such as staff shortage, temporary or permanent resignation, transition to new information systems, changes in methods or legislation, and extraordinary circumstances. |
Who is responsible for which activities, who is in charge of which activities |
11.1.1 |
As changes are made in the laws concerning the activities of the University, continuity in control activities will be ensured by making changes and updates in procedures and methods. |
Legal Consultancy |
All Unit Managers |
Legislation Tracking Procedure |
December 2016 |
|
11.1.2 |
Efforts will be made to establish a rotational working system within the unit. |
Department of Personnel |
All Unit Managers |
Operation System |
December 2016 |
|||
|
CAS 11.2 |
Where necessary, substitute personnel should be duly assigned. |
When necessary, substitute personnel are assigned according to the nature of the task, duly and in accordance with the provisions of the legislation. Actions should be developed to improve the current situation in this area as well. |
11.2.1 |
A directive will be prepared according to the personnel legislation for the assignments to be made by the units of our university to the duties that do not require a permanent appointment. According to this directive, a list of duly substitute personnel who can replace each personnel / task will be prepared and a standard form will be prepared and applied. |
Department of Personnel |
All Unit Managers |
Procedures and principles for assigning substitute staff |
December 2016 |
|
CAS 11.3 |
It should be ensured by the manager that the personnel who leave their duties prepare a report including the status of their work or transactions and the necessary documents and submit this report to the assigned personnel. |
Procedures for transfers to be made by departing personnel have not been determined. Personnel temporarily leaving their posts are not notified of their replacement. Personnel who temporarily leave their posts or change their jobs do not transfer their work to the personnel who will carry out the task. |
11.3.1 |
The procedure for the transfers to be made by the personnel leaving the duty shall be determined and written as a directive. |
Department of Personnel |
All Unit Managers |
Resignation Directive |
December 2016 |
|
CAS 12 |
||||||||
|
CAS 12.1 |
Controls to ensure the continuity and reliability of information systems should be determined and implemented in writing. |
A set of rules should be established by preparing a directive in this direction and shared with employees and this area should be controlled. |
12.1.1 |
Information systems directive will be prepared and announced to all employees. |
Information Technology Department |
All Unit Managers |
Information Systems Directive |
December 2016 |
|
12.1.2 |
Mechanisms will be put in place to prevent unlicensed and unauthorized program installation on the computers of the institution. |
Information Technology Department |
All Unit Managers |
Information Systems Security |
December 2016 |
|||
|
CAS 12.2 |
Authorizations should be made for data and information entry into and access to the information system, and mechanisms should be established to prevent, detect and correct errors and irregularities. |
In the information management systems used in the organization, data entry, querying and reporting on the basis of modules are operated as user-defined. Access authorizations are defined for all users and unauthorized access is prevented. Control activities should also be established in this area and its currency should be continuously checked. |
12.2.1 |
In the information systems directive, authorization lists will be made on the basis of users according to position. |
Information Technology Department |
All Unit Managers |
Information Systems Authorization List |
December 2016 |
|
12.2.2 |
User definitions will be reviewed and the system will require the user to change passwords in certain periods. |
Information Technology Department |
All Unit Managers |
Continuous (from December 2016) |
||||
|
12.2.3 |
User names and passwords will be reviewed and the access authorizations of the personnel who leave their jobs will be removed. |
Information Technology Department |
All Unit Managers |
Continuous (from December 2016) |
||||
|
12.2.4 |
While preparing the dismissal procedure, an article will be added about the approval of the departing personnel from the IT department before dismissal. |
Information Technology Department |
Department of Personnel |
Continuous (from December 2016) |
||||
|
CAS 12.3 |
Administrations should develop mechanisms to ensure information governance. |
In different subjects at our university |
12.3.1 |
Boğaziçi University Information Technologies Strategy Document will be prepared and the information technologies inventory will be kept up-to-date. |
Information Technology Department |
All Unit Managers |
Information Technologies Needs Assessment Study |
Continuous (from December 2016) |
|
12.3.2 |
Helpdesk will be established and units will be able to communicate their IT malfunction, maintenance and repair requests through this system and system monitoring will be set to a certain standard. |
Information Technology Department |
All Unit Managers |
Helpdesk Program |
December 2016 |
|||
|
4- INFORMATION AND COMMUNICATION |
|||||||||
|
Standard Code No |
Public Internal Control Standard and General Requirement |
Current Status |
Action Code No |
Foreseen Action or Actions |
Responsible Unit or Working group members |
Collaboration Unit |
Output/Result |
Completion Date |
|
|
ICS 13 |
|||||||||
|
ICS 13.1 |
Administrations should have an effective and continuous information and communication system covering horizontal and vertical internal and external communication. |
There are deficiencies and shortcomings in internal and external, horizontal and vertical communication. Corporate e-mail addresses have been defined for all employees of the organization. Existing addresses are used effectively. Efforts should be made to establish an intranet portal and to create forums for business development and organize surveys on which employees can participate. |
13.1.1 |
An intranet environment will be created for the staff and employee satisfaction surveys will be organized on the intranet portal and reported to the management. |
Department of Personnel
Information Technology Department |
All Unit Managers |
Employee Satisfaction Survey Results |
December 2016 |
|
|
13.1.2 |
In order to measure and increase the quality of the services provided by Boğaziçi University, a service satisfaction survey menu will be created on the institution's website for service recipients, and survey results will be reported to senior management by the relevant units. |
Information Technology Department |
Corporate Communications Office |
Service Survey Analyses |
December 2016 |
||||
|
13.1.3 |
Work will be carried out to create forums on the portal. |
Information Technology Department |
All Units |
Portal and Unit Web Page |
December 2016 |
||||
|
ICS 13.2 |
Managers and staff should have timely access to the necessary and sufficient information to fulfill their duties. |
Managers and staff have access to the information they need to fulfill their duties. However, improvements are needed to make the process more effective and functional. |
13.2.1 |
Efforts will be made to announce legislative changes to all units and employees regularly and quickly. |
SGDB Legal Consultancy |
All Units |
Legislation Tracking System |
December 2016 |
|
|
13.2.2 |
With the data compiled as an input to the activities of the academic and administrative units within the university, a data map will be prepared for the results and their timing. |
Information Technology Department All Unit Managers |
Monitoring and Steering Committee |
Information System |
December 2016 |
||||
|
ICS 13.3 |
Information must be accurate, reliable, complete, useful and understandable. |
The information and reports produced with the information technology infrastructure used are continuously updated in line with the needs and subjected to accuracy checks. In addition, it can be ensured that the information to be used is useful in line with report development requests. Under the current condition, these activities are considered to provide reasonable assurance and no action has been developed. |
|||||||
|
ICS 13.4 |
Managers and relevant staff should have timely access to the performance program and other information on the implementation of the budget and use of resources. |
All users can access and monitor appropriation information and remaining budget amounts on the system. Reasonable assurance cannot be provided since a performance program is not currently prepared within the Administration. Performance program preparations will be started. |
13.4.1 |
Senior Management and University units will develop a software program to ensure timely access to information on implementation of the performance-based budget |
Strategy Development Department |
All Units |
Performance Based Budget Circular and Performance Monitoring System |
December 2016 |
|
|
ICS 13.5 |
The management information system should be designed in such a way that it can produce the necessary information and reports required by the management and provide the opportunity for analysis. |
No action has been developed as the current situation provides reasonable assurance. |
|||||||
|
ICS 13.6 |
Managers should inform the staff about their expectations within the framework of the mission, vision and objectives of the administration within the scope of their duties and responsibilities. |
The mission, vision and objectives of the administration can be accessed through various channels. However, it is necessary to establish a system where managers communicate their expectations for these objectives and the duties of the staff in fulfilling these expectations. |
13.6.1 |
Following the publication of the performance program, senior management will inform managers of their concrete expectations for that year. |
General Secretariat SGDB |
All Units |
Expectations Report |
February 2016 |
|
|
13.6.2 |
Managers will create work plans for the targets under their responsibility in the performance program. |
General Secretariat SGDB |
Strategy Development Department |
Target Business Plan |
March 2016 |
||||
|
13.6.3 |
Managers will create and communicate in writing to employees the distribution of tasks related to the business plans approved by senior management. |
All Units |
Strategy Development Department |
Target Business Plan |
February 2016 |
||||
|
ICS 13.7 |
The horizontal and vertical communication system of the administration should enable staff to communicate their evaluations, suggestions and problems. |
The institution does not organize regular manager and staff meetings. There is a need to improve the horizontal and vertical communication system to enable staff to communicate their evaluations, suggestions and problems. |
13.7.1. |
The system where the employees of the institution can convey their opinions, suggestions and problems will be made effective. In addition, this system will be integrated with the portal/intranet. |
Department of Personnel |
Information Technology Department |
Information System |
March 2016 |
|
|
13.7.2 |
A system will be established on the portal/intranet where employees can share their ideas for business development. |
Information Technology Department |
All Directorates |
Information System |
March 2016 |
||||
|
13.7.3 |
Boğaziçi University Corporate Communication Strategy document will be prepared and shared with all employees of the institution. |
Strategy Development Department |
All Unit Managers |
Corporate Communication Strategy |
December 2016 |
||||
|
ICS 14 |
|||||||||
|
ICS 14.1 |
Administrations should disclose their objectives, targets, strategies, assets, liabilities and performance programs to the public every year. |
There are areas open for improvement. Studies should be carried out in this regard. |
14.1.1 |
The performance program and the activity report showing its results will be published. |
In-Service Training Branch Directorate |
All Unit Managers |
February of the following year |
||
|
14.1.2 |
According to the Prime Ministry's Guideline No. 2007/4 on the Websites of Public Institutions, Boğaziçi University's website will be reviewed, as well as the documents that should be available and published on the websites of public institutions. |
Internal Control Unit |
SGDB |
Corporate Website |
December 2015 |
||||
|
ICS 14.2 |
Administrations should disclose to the public the results of the implementation of their budgets for the first six months, expectations and targets for the second six months and their activities. |
The financial expectations report is prepared to meet the standard and shared with the public through the website. With the preparation of the performance program, improvements will be made in this area. |
|||||||
|
ICS 14.3 |
Activity results and evaluations should be presented and announced in the administrative activity report. |
Annual reports are prepared in accordance with the legislation and internal regulations and published on the organization's website. Current situation meets the standard. |
|||||||
|
ICS 14.4 |
The horizontal and vertical reporting network within the administration should be determined in writing for the purpose of oversight of activities, and units and personnel should be informed about the reports to be prepared in relation to their duties and activities. |
No reporting and information needs (Information Inventory Analysis) study has been conducted on the Agency's mission and working regulations or processes and workflows. An analysis (Information Inventory Analysis) of the information produced and that can be produced in the Agency through existing work stock, software or workflows has not been conducted. Gap analysis on information and reporting and a Corporate Information Management Strategy based on this has not been conducted. |
14.4.1 |
Gap analysis on information and reporting and a Corporate Information Management Strategy based on this analysis will be conducted. |
Strategy Development Department |
All Unit Managers |
Corporate Information Management Strategy |
December 2016 |
|
|
ICS 15 |
|||||||||
|
ICS 15.1 |
The recording and filing system should cover incoming and outgoing documents, including those in electronic media, and intra-administrative communication. |
There is a procedure for the management of the institutional archives. The institution has a procedure for document and paperwork management. No action has been developed as the current situation provides reasonable assurance. |
|||||||
|
ICS 15.2 |
The recording and filing system must be comprehensive and up-to-date, accessible and traceable by managers and staff. |
With the Circular No. 2005/7 issued by the Prime Ministry on 24.03.2005, the Standard File Plan studies and the recording and filing system were started. The recording and filing system is updated by the relevant unit within the framework of the changing laws and is regularly announced to the managers and staff. Since the current situation meets the standard, no action has been developed. |
|||||||
|
ICS 15.3 |
The recording and filing system should ensure the security and protection of personal data. |
Recording and filing system and security and protection of personal data |
15.3.1 |
Mechanisms will be developed to take necessary measures to ensure the security of confidential information and documents in the recording and filing system. |
Information Technology Department |
General Secretariat |
Security Policy |
December 2016 |
|
|
15.3.2 |
Authorizations will be determined by the Management and these authorizations will be defined in EBYS upon completion of the project. |
General Secretariat |
Information Technology Department |
Security Policy |
December 2016 |
||||
|
ICS 15.4 |
The recording and filing system must comply with established standards. |
The recording and filing system is carried out in accordance with the legislation and internal regulations. However, implementation errors may occur due to lack of training. |
15.4.1 |
Regular trainings will continue to be organized for all users on the standard file plan and its implementation. |
In-Service Training Coordination. |
All Unit Managers |
Improvement in Recording and Filing System |
In accordance with the Training Calendar |
|
|
ICS 15.5 |
Incoming and outgoing documents must be recorded in a timely manner, classified in accordance with standards and kept in accordance with the archive system. |
Procedures for recording incoming and outgoing documents have been determined. Procedures for the classification of incoming and outgoing documents have been determined. Procedures for the storage of incoming and outgoing documents have been determined. With the transition to the EBYS system, these procedures will be monitored electronically. Since the current situation provides reasonable assurance, no action has been developed. |
|||||||
|
ICS 15.6 |
An archive and documentation system must be established in accordance with established standards, including the recording, classification, protection and access of the administration's business and transactions. |
The archives are classified in accordance with the Agency's documentation classification. Procedures for necessary destruction and organization have been determined and implemented. Protection and security measures for all archives are adequate. Authorization and rules for units to access archives are defined. Authorization and rules for individuals to access archives are defined. No action is foreseen as the current situation meets the standard. |
|||||||
|
ICS 16 |
|||||||||
|
ICS 16.1 |
Methods for reporting errors, irregularities and corruption should be determined and announced. |
Errors, irregularities and corruption are reported. However, a systematic method for this has not been determined and announced to the staff. |
16.1.1 |
In order to identify fraud, irregularity and corruption risks for Boğaziçi University and to fulfill appropriate control and monitoring activities; hierarchical control points will be identified and notification methods will be determined. Information meetings will be held for the staff about these activities and procedures will be prepared in this direction. |
Strategy Development Department |
Monitoring and Steering Committee |
Directive on methods for preventing and reporting errors, irregularities and corruption |
December 2015 |
|
|
ICS 16.2 |
Managers should conduct adequate investigations into reported errors, irregularities and fraud. |
There is no directive prepared. The necessary evaluation is made by the manager within the framework of the legislation. |
16.2.1 |
16.1.1. The duties and responsibilities of managers on this issue will be specified in the directive to be prepared with the action envisaged in 16.1.1. |
Strategy Development Department |
All Unit Managers |
Directive on the prevention and reporting of errors, irregularities and corruption |
December 2015 |
|
|
ICS 16.3 |
Employees who report errors, irregularities and corruption should not be treated unfairly and discriminatorily. |
Assurance is provided to the personnel within the framework of the legislation. With the directive to be prepared, the personnel will also be informed in this direction. |
16.3.1 |
The personal rights of those who report allegations of irregularities and corruption and those who are reported negatively will be protected. |
Strategy Development Department |
All Unit Managers |
Directive on the prevention and reporting of errors, irregularities and corruption |
December 2015 |
|
|
5- MONITORING |
||||||||
|
Standard Code No |
Public Internal Control Standard and General Requirement |
Current Status |
Action Code No |
Foreseen Action or Actions |
Responsible Unit or Working group members |
Collaboration Unit |
Output/Result |
Completion Date |
|
MS 17 |
||||||||
|
MS 17.1 |
The system of internal control should be assessed either through continuous monitoring or through a special assessment, or both. |
Actions are needed to regulate the monitoring and evaluation of the internal control system. |
17.1.1 |
A monitoring and evaluation function will be defined under the internal control unit and the system will be controlled through the Court of Accounts Internal Control System Evaluation Form. |
Internal Control Unit |
Monitoring and Steering Committee |
Monitoring and Evaluation System |
At certain time intervals (starting July 2015) |
|
17.1.2 |
Surveys and face-to-face interviews will be conducted at periodic intervals to cover managers and employees regarding the functioning of the Internal Control System. Complaints regarding internal and external activities will be evaluated and the compliance of annual activity reports with the goals and objectives set in the strategic plan will be monitored. On the other hand, internal and external audit reports will also be taken into consideration and all data to be generated within this scope will be subjected to a general evaluation within the system. |
Monitoring and Steering Committee
Internal Control Directorate |
All Unit Managers |
Internal Control Evaluation Form |
November 2015 |
|||
|
17.1.3 |
The functioning of the internal control system will be evaluated and reported to the senior management in 6-month periods. |
Monitoring and Steering Committee
Internal Control Directorate |
All Unit Managers |
Internal Control Follow-up Report |
1 in 6 months |
|||
|
MS 17.2 |
The process and methodology for identifying and reporting deficiencies in internal control and inappropriate control methods and taking necessary measures should be determined. |
The process and methodology for identifying and reporting deficiencies in internal control and inappropriate control methods and taking necessary measures have not been determined. |
17.2.1 |
Monitoring and evaluation of the internal control system will be carried out within the framework of Internal Control Self-Assessment Report, Annual Assessment Report, in order to ensure that Internal Control keeps pace with the changing objectives, environment, resources and risks. |
Monitoring and Steering Committee
Internal Control Directorate |
All Unit Managers |
Internal Control Self-Assessment Report, Annual Assessment Report |
December 2015 |
|
MS 17.3 |
The participation of the units of the administration in the evaluation of internal control should be ensured. |
Internal control system is not evaluated. |
17.3.1 |
An evaluation survey will be organized at the end of each year to evaluate the internal control system. |
Internal Control Directorate |
All Unit Managers |
Survey Analysis and Survey Analysis Report |
December 2015 |
|
17.3.2 |
Under the coordination of the Rector and the Secretary General, a general assessment of Internal Control at the institutional level will be made with the participation of the decision-making and managerial staff of the units, and the findings and additional control measures to be taken will be reported. |
Monitoring and Steering Committee
Internal Control Directorate |
All Unit Managers |
Evaluation of the Internal Control System |
December 2015 |
|||
|
MS 17.4 |
In the assessment of internal control, the opinions of managers, requests and complaints of individuals and/or administrations, and reports issued as a result of internal and external audits should be taken into consideration. |
With the implementation of the internal control compliance action plan, actions in this direction will also be implemented. |
17.4.1 |
In the meetings to be held with the participation of all units under the coordination of the Rector and Secretary General, the opinions and evaluations of the unit managers will be obtained, and the process of evaluating the requests and complaints submitted to the suggestion and complaint box to be created on the web page will be ensured with common sense and participation. In addition, the reports issued as a result of internal and external audits will be evaluated together with the relevant unit manager. |
Monitoring and Steering Committee
Internal Control Directorate |
All Unit Managers |
Evaluation of the Internal Control System |
Every six months starting December 2015 |
|
MS 17.5 |
Measures to be taken as a result of the assessment of internal control should be determined and implemented within the framework of an action . |
With the implementation of the action plan, a monitoring system should be established and developments in this direction should be followed. |
17.5.1 |
The evaluations to be made for the internal control system, the action plan will be updated by taking the information of the senior management due to legislative changes that may arise in the field of internal control or structural changes in the organization and its implementation will be ensured in all units. |
Monitoring and Steering Committee
Internal Control Directorate |
Relevant Unit Managers |
Action Plan Updates |
Every six months starting December 2015 |
|
MS 18 |
||||||||
|
MS 18.1 |
Internal audit activity should be conducted in accordance with the standards set by the Internal Audit Coordination Board. |
The organization has an internal audit unit and an internal auditor. |
18.1.1 |
Internal audits will continue to be conducted on a risk-based basis within the framework of the Internal Audit Plan and Program to be prepared by the Internal Audit Unit. Internal audit activities will continue to be carried out periodically in accordance with the standards. |
Internal Audit Unit |
Monitoring and Steering Committee |
Control Activities |
Continuous |
|
MS 18.2 |
An action plan including the measures deemed necessary to be taken by the administration as a result of internal audit should be prepared, implemented and monitored. |
The action to be prepared based on internal audit reports will be shared with the relevant units after the approval of the senior manager. |
18.2.1 |
An action plan will be prepared for the measures to be taken and actions to be taken by the administration in parallel with the prepared audit reports and a system will be established to monitor the action plan. |
Senior Manager
Monitoring and Steering Committee |
Internal Audit Unit |
Internal Audit Action Plan |
Continuous |
|
18.2.2 |
An action plan will be prepared by the units regarding the deficiencies in the external audit reports and will be implemented after the approval of the senior manager. |
All Directorates |
Internal Audit Unit |
External Audit Action Plan |
Continuous |
|||
