Which statement below defines your current situation best?

Process and Digitalization

  • The digitalization level of your processes is low.
  • Your business processes are inconsistent, and critical processes and controls are dependent on individuals.
  • The tasks in the processes are not properly segregated, there are too many conflicting tasks assigned to one person or more than one person.

Management Reporting and Decision Making

  • You cannot receive management reports on time, the reports are often incorrect, and you think that the data in the reports are inadequate or of poor quality.
  • Financial data is not transparent and understandable.
  • The analysis and reporting process carried out by using excel is slow and contains errors, management reviews cannot be made on reports, and these reports cannot be used effectively in decision-making process.

Existing Controls

  • Since the controls in your institution are not preventive but detective in general, errors and fraud cannot be prevented and cause harm.
  • You observed that the processes and controls that you trust in its existence do not function in fact, or exist, and that the controls assure only a part of the risks.
  • The implementation of the controls is not encouraged by management.
  • Your internal control system is designed, but you suspect it is not working as designed.


  • Your ERP system cannot be used effectively throughout the organization since it is not designed specifically for your business processes.
  • You think that automatic controls are inadequate in the ERP system you use.
  • You want to make sure that only valid and correct data is entered in the fields in your ERP system.
  • Access rights are not defined or missing in the ERP system.
  • You aim to implement an ERP system in your company. You want to design your processes based on the target structure before the ERP installation and make sure that this targeted structure is integrated into your new ERP system properly and completely.

Risk and Control

  • Trust surpasses the “trust-control” balance in your company, and a significant part of the works are carried out based on trust.
  • Since the risks of the organisation are not identified and assessed properly, there is no alignment between risks and controls, thus risks cannot be managed.
  • Approval mechanisms are inadequate, and transactions are generally carried out based on trust and without approval.

Corporate Governance and Departments

  • You want to keep management more accountable for their work.
  • Departments functioning in silos cause errors and problems in processes.

Ethics and Compliance

  • You encounter illegal or unethical behaviour, and you think that the culture of ethics and compliance in the organization is not at the desired level.
  • Occupational fraud (theft of assets, corruption, financial statement frauds) frequently occurs.

Physical Controls

  • Physical controls on assets such as stocks and fixed assets are inadequate, they are not counted properly, and there is no reconciliation with accounting records.

IT Controls

  • You have many IT products, and you think the data flow between these products is not healthy.
  • You want your IT risk inventory to be revised, or you want an independent organization to conduct an inventory of your IT risks and evaluate them.
  • You want to ensure that user access rights are managed by the segregation of duties principle, and access is restricted based on the same principles.
  • You want to receive compliance service within the scope of the CMB Information Systems Management Communiqué.