A Good Dream or Bad Dream About Your Turkish Subsidiary: The Impact of Internal Control System

Seda Bayraktar
  • Seda Bayraktar, CPA
  • Partner
  • Accounting Compliance & Reporting
  • E-mail to Seda

Can a multinational company assume that they can do business in emerging markets like Turkey the same way they do in their own country?

Can a multinational company assume that they can do business in emerging markets like Turkey the same way they do in their own country? The experience proves that the answer is “no”. If this is the case, the question is how the Board and CEO of a multinational company will ensure that the internal control system implemented in the subsidiary operates in accordance with the policies and procedures of the head office. 

Boards and CEOs of multinational companies, particularly in North America and Europe acknowledge that globalization is the most critical challenge they face today. In order to remain competitive for long, Western companies should develop strategies for engaging their value chains with emerging markets such as Turkey.

We observe that multinational companies face various local challenges when investing in Turkey. Laws and regulations, accounting and management reporting, costing and pricing strategy, payment methods, communication difficulties, cultural differences, fraud and corruption risks are only few of them. These challenges mainly stem from the unfamiliarity in the local market. Successful companies develop strategies for doing business in emerging markets that are different from those they use at home and often find novel ways of implementing them. 

On the other hand, standards of business conduct become increasingly critical for every multinational companies to establish companywide core values and standards of behaviour. This is where Turkish culture and the way of doing business come into its own. Multinational companies should take a local approach when conveying their global ethics and compliance standards to their Turkish subsidiaries. 

There cannot be just one answer to overcome all these challenges you may face in Turkey but many risks arising from these challenges can be responded through implementing an effective internal control system.

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) defines internal control as a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:

  • Effectiveness and efficiency of operations,
  • Reliability of financial reporting,
  • Compliance with applicable laws and regulations.

Thus, internal controls are very comprehensive and touching the company from the perspectives of operations, financial reporting and compliance with laws and regulations. Establishing an adequate (in other words “risk-based”) system of internal controls at your Turkish subsidiary requires judgment of the board and CEOs in designing, implementing, and conducting internal controls. 

The assurance needed from these internal controls can only be obtained by having:

  • a favourable control environment,
  • ongoing risk assessment,
  • the design, implementation, and maintenance of effective control activities,
  • effective information and communication, and
  • ongoing monitoring of effectiveness of controls.

Internal controls include many components such as entity level controls (e.g. ethics and integrity, management philosophy and operating style, BoD’s oversight responsibility) to risk assessment (e.g. identifying and analysing risks) and control activities (e.g. delegation of authorities, reconciliations, segregation of duties, access rights).  

To establish a risk-based effective internal control system for your Turkish subsidiary could be a really challenging one as this requires a carefully established comprehensive internal control framework. This responsibility, namely developing, operating and monitoring the system of internal control, rests with the Board and management. 

What happens if no proper internal control system is not established? Simply the likelihood of unintentional errors and fraud risks increase significantly. Let me give you some examples regarding the consequences of poor internal controls:

  • Loss of assets and resources
  • Mismanagement of your subsidiary’s operations
  • Loss of consumer confidence and market share
  • Failure on internal audits, external audits or reviews/audits conducted by the authority
  • Failure with compliance with laws and regulations (Sarbanes Oxley Act, the U.S. Foreign Corrupt Practice Act, the U.K. Bribery Act)
  • Unreliable or fraudulent financial statements 

Just image that you are a CEO of a multinational company having a subsidiary in Turkey. One morning you come to your office and find a report on your desk prepared by the compliance team stating that a serious tip was received on suspected kickback payments to the managing director of your subsidiary by a vendor, or you have been informed by the head office CFO that the financial statements reported by your subsidiary contains material errors. How would you really feel  that morning? I bet you will not have a good night, possibly having a bad dream. 
Good internal controls could be one of the best tools in achieving your objectives in your subsidiary. But the consequences of poor internal controls could be devastating.

Choosing the type of your dream rests with you.

Have a good dream!