Recent Developments on Internal Auditing Legislation in Public Institutions of Turkey:
A Hospital Case
Kiymet CALIYURT1, Cuneyt AGUN2, Ayse PAMUKCU3
Today, the fundamental aims of business enterprises are to become current throughout the world
and to expand in this competitive environment, and to increase the value and profit of shares. The
realization of the aims of business enterprises depends on making right decisions as well as an
efficent and effective work. Right decisions are only made by means of reliable, true, relevant,
well-timed information. The most effective element in the provision of these information in the
business enterprise is Internal Auditing Department working efficiently.
The function and department of internal control both in public and private institutions have
gradually gained importance. Sarbanes Oxley Law (SOX) , published in 2002 especially after the
fraud experienced and the Section 404 about internal auditing have proven that internal and
external control are the most effective factors in the prevention of fraud at business enterprises.
There are a number of different definitions of the term internal control. For the purposes of
Section 404, the great majority of companies and all the CPA firms use the definition in COSO
(Committee of Sponsoring Organizations of the Treadway Commission)s Internal Control
Integrated Framework. COSOs definition relates to all aspects of internal control, not just that
over financial reporting. The following is from the reports executive summary:
Internal control is broadly defined as a process, effected by an entitys board of directors,management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
effectiveness and efficiency of operations reliability of financial reporting compliance with applicable laws and regulations4
1 Corresponding Author, Associated Prof., Trakya University, Faculty of Business Administration and Economics, Edirne TURKIYE E-mail: firstname.lastname@example.org 2 Lecturer, Havsa Vocational College, Havsa Edirne TURKIYE 3 Ph.D., Marmara University, Faculty of Business Administration and Economics, Department of Accounting and Finance 4 The Institute of Internal Auditors, Sarbanes Oxley Section 404: A Guide for Management by Internal Controls Practitioners, Professional Guidance Setting the Standard, 2nd Edition, January 2008, p.11
Internal control is an integral process that is effected by an entitys management and personnel
and is designed to address risks and to provide reasonable assurance that in pursuit of the entitys
mission, the following general objectives are being achieved:
executing orderly, ethical, economical, efficient and effective operations;
fulfilling accountability obligations;
complying with applicable laws and regulations;
safeguarding resources against loss, misuse and damage.5
The practice of internal control that is widely used at international scope has become an
inseperable part of public`s internal financial control systems. The accounting frauds that appear
lately at international markets have made the examination of internal control system and process
of auditing a current issue once again enabling the reliability of financial reports. Considering
these developments in Turkey, it has become inevitable to make the official regulations of
international standarts about internal control system , internal auditing and risk management.
Especially, in candidate countries of European Union , the necessity of forming an effective
internal auditing system to sustain financial transparency and accountability in the administrative
activities the government has appeared . As a result of this, internal auditing system has been
regulated in the frame of laws and secondary regulations in these countries.
Especially with the help of reforms recently implemented in the field of finance
administration in Turkey, it is aimed at making Turkish public system of Finance Management
suitable for international standarts. At this scope, with the 10.12.2003 dated and 5018 numbered
Public Finance Management and Control Law (Law 5018) coming into effect, not disregarding
the facts and needs of Turkey, and by means of developing principles and methods, aiming at
contributing to the works of public administrations and developing them to form internal
auditing mechanisms for enabling the use of public resources in an economic, effective and
efficient way are intended.
However, problems are being confronted as experienced in the practice of other laws.In
order to bring up the problems ,internal control and the practice of new law have been examined
through applications at a public university hospital adherent to circulating capital using the
internal control techniques. Among the serious problems defined in the natural risks of the public
5 Guidelines For Internal Control Standards For The Public Sector, Internal Control Standards Committee, www.intosai.org, p.6
hospital, there are the important finanacial problem, the treatment costs` being determined by
the state , the delay in the money received from the patient, inability to follow the accounting
process and the Public Procurement Law. Among the problems due to the internal auditing are
that the internal auditors are not trained well enough , the risk-centered internal control is not
considered sufficiently, the internal auditors are not sufficient in number, and the application of
the law has not become prevalent yet.
KEYNOTE: internal audit, accounting, corporate governance, public institutions
CCSA: Certified Control Self Assesment
CGAP: Certified Government Auditing Pofessional
CIA: Certified Internal Auditor
CISA: Certified Information System Auditor
COSO: Committee of Sponsoring Organizations of the Treadway Commission
CPA: Certified Public Accountant
EU: European Union
IIA: Institution of Internal Auditors
Law 5018: Public Finance Management and Control Law
SEC: Security and Exchange Commission
SOX: Sarbanes Oxley Act
USA: United States of America
Corporate governance refers to the method by which an organisation is governed, administrated,
directed or controlled, and the goals for which it is governed (Dellaportas and et.al., 2005: 118) .That has
become one of the most commonly used phrases in the current global business vocabulary. (Solomon,
2007: 11) The development of a common understanding of corporate govenance is generally agreed to
have started with the Cadbury report. (Cadbury Committee, 1992), which identified the principles of good
governance integrity, openness and accountability. The report was the first of several on corporate
governance in the private sector, the most recent contributions being the Higgs report on non-executive
directors (Higgs Report, 2003) and the Smith report on audit committees (Audit Committees Combined
Code Guidance, 2003). In the public sector, the Nolan Report (Nolan and his Committee, 1995) was
particularly important in setting out the principles of public life (Audit Commission, 2003) which based
itself on the principle selflessness, integrity, objectivity, accountability, openness, honesty and
The report made the following general recommendations (those which had general application
across the entire public service).
Principles of public life: The general principles of conduct which underpin public life
need to be restated.
Codes of Conduct: All public bodies should draw up Codes of Conduct incorporating these principles.
Independent Scrutiny: Internal systems for maintaining standards should be supported by independent scrutiny.
Education: More needs to be done to promote and reinforce standards of conduct in public bodies, in particular through guidance and training.
As in private sector, there appear problems in public sector in abiding by the rules.
Problems in public world have more specialites than private sector. Even in the corporate
governance public has following failues: closed culture, poor strategic risk management, poor
working relations, low levels of accountability, lack of clarity, poor leadership, poor information
for decision makers, lack of clarity.
The most important work to be done at public and private sectors is to form the Internal Auditing
Department and to enable its running in order to comply with the laws and internal control
procedures. This subject has become the firstcoming one in business world after the important
scandals are experienced in the 2000`s. According to this part under the heading of Assessment
of Internal Control of Sarbanes Oxley 404 enacted in 2000 ,
Under Section 404 of the Act , management is required to produce an internal control
report as part of each annual Exchange Act rep