Aulia Natasya Irfani Ampri (1406533680)

Huda Aulia Arifin (1406533781)

Yosua Sihombing (1306408712)
Corporate Governance - A (Week #12)
Lecturer: Desi Adhariani, Ph.D / Prof. Sidharta Utama, Ph.D, CFA

The Role of Internal Auditor in the CG framework

“Internal auditors are the eyes and ears of management”

Introduction
Before 2000s, internal auditor is not seen as an important part of a company - many
of them actually come from people who were disliked by their own division. This condition is
much different compared to current situation. Nowadays, internal auditor importance
escalates as corporate governance is viewed as an object determining the success of a firm.
This essay elaborates on the importance of internal auditor in corporate governance
framework and is structured as follows. First, the essay will focus on the frameworks on
strengthening governance through internal audit. Second, this essay analyze internal auditor
relationship with the external auditor. Furthermore, we see the internal audit collaboration to
Enterprise Risk Management and at the end, we present the Financial Authority Regulation
regarding the audit charter.

Strengthening CG through Internal Audit

Internal audit can be a strategic part on
the corporate governance framework if the
firm know to look for from the increasing
expectation. Researcher have found strong
correlation between effective governance and
profitable business opportunity. Internal audit
play a vital role by fostering integrated, well-
planned, and progressive governance
program.
As can be seen by the graphics on the
right, there are seven dimensions on various
elements that affect firm’s corporate
governance. The paper discussed each of the
points by examples of actions internal audit
should take to meet stakeholder’s expectation. Here are the essence of this Crowe
Governance Framework:
1. Board of Directors and Committee
Internal audit must be able to provide information to the board regarding corporate situation
2. Legal and Regulatory
Internal audit must verify that the organization has identified requirements and looks for
opportunities to leverage compliance as well as capabilities in the long term
3. Business Practices and Ethics
Business practices are the operational tactics for firm to achieve its purpose and strategy.
Internal audit must review code of conduct, monitor compliance, participate in whistleblower,
and monitoring organizational ethics
4. Disclosure and Transparency
Internal audit must actively participate in disclosure committee and make sure that all of the
material things are disclosed
5. Enterprise Risk Management
Internal audit must ensure that business strategy is linked to the ERM process and that the
process owners throughout the business
6. Monitoring
Internal audit must understand why monitoring activity taken place, facilitate implementation
of common risk monitoring methodology, and perform strategic-level corporate governance
audit.
7. Communication
Internal audit must participate in ongoing conversation with general counsel, CFO, and other
senior management officer

External - Internal Auditor Relationship

Internal auditing is an independent, objective assurance and consulting activity

designed to add value and improve an organisation’s operations. It helps an organisation
accomplish its objectives by bringing a systematic, disciplined approach to evaluate and
improve the effectiveness of risk management, control, and governance processes.” Internal
audit is an important part of a company’s governance and assists boards and executive
management in the effective operation of the organisation. Internal audit acts as a catalyst
for improving an organisation’s effectiveness and efficiency by making recommendations
based on objective analyses and assessments of data and processes. In a company who
implement the three-line defense, Internal Audit is on the third defense after the Senior
Management control the company’s activities.
If Internal Audit design to add value and help the organization to accomplish the
objectives, external auditor shall express an opinion whether the financial statements are
prepared, in all material respects, in accordance with the applicable financial reporting
framework. The external auditor’s responsibilities are: (i) To identify and assess the risks of
material misstatement of the financial statements, whether due to fraud or error, design and
perform audit procedures responsive to those risks, and obtain audit evidence that is
sufficient and appropriate to provide a basis for the auditor’s opinion and (ii) To obtain an
understanding of internal control relevant to the audit in order to design audit procedures that
are appropriate in the circumstances, but not for the purpose of expressing an opinion on the
effectiveness of the entity’s internal control.
Interaction and cooperation between the internal auditors and external auditors
should help the governing body obtain a more comprehensive view of operations and risks
whilst eliminating areas of possible duplication of audit effort. The standards for both internal
and external audit require effective information sharing and coordination. The external
auditor has sole responsibility for the audit opinion expressed, and that responsibility is not
reduced by the external auditor’s use of the work of the internal audit function.

The Role of Internal Audit in ERM

Committee chairs and chief audit executives should have the place in the strategic
planning discussion because they need to know the big picture of the strategy in order to
control the execution of the strategy. ERM (Enterprise risk management) is considered to be
one of the two cornerstones of internal auditing, so in making strategic planning, a company
should also include those in charged with enterprise risk management.
Lately, only small amount of ERM division is involved growth initiatives actions such as
merger and acquisition, JV/strategic alliance, new product or services, new geographic
markets.
The 4 step approach of internal audit to give assurance and consulting services for
strategic area, those are:
● Obtain a clear understanding of risk management
● Become well versed in appropiate internal audit roles related to the
organization’s risk management program
● Assess the skill set of existing internal audit staff with the skills necessary to
successfully fulfill the desired internal auditing role in risk management.
● Seek to position the internal audit function as a valued partner with executive
management and the board in helping to make the organization’s risk
management success

Risk management defined by COSO (Commitee of sponsoring organizations of the

treadway commission) is a process, effected by an entity’s board of directors, management
and other personnel applied in a strategy setting and accross the enterprise, designed to
identify potential events that may affect the entity, and manage risk to be within its risk
appetite, to provide reasonable assurance regarding the achievement of entity objectives.
Why ERM needs to be implied in internal control because the 2nd components of
internal control is similar to ERM:
● Control environment
● Risk assessment (ERM)
● Control activities
● Information and communication
● Monitoring
Specific ERM opportunities to involve in internal audit include:
● Educate and train audit commitees and management on risk and risk management
concepts
● Provide assurance on the core internal audit roles described in an IIA position paper
● Seek opportunities to perform more risk management consulting services in support
of whoever is managing the risk management program and formally communicate
the results of those consulting services to the audit commitee and management
● Evaluate strategic risks by determining whether management has (1) identified key
strategic risks, (2) developped prudent risk responses (3) established sufficient
monitoring of strategic risk
● Develop internal audit teams so that they have the right level of skills and experience
related to risk management
● Use third-party and other internal resources to supplement internal audit ERM skills

Skills needed for internal audit has these 5 skills, those are:
- Business and industry knowledge
- Risk management expertise/knowledge
- Understanding of the COSO guidance and other risk framework, benchmarks
and methodologies
- Good communications skills (facilitating, negotiation, interviewing)
- Analytical skills
Challenge for internal auditor:
- Perception that this is beyond the scope of internal auditing
- Lack of management support
- Lack of coordination or clarity of roles with other risk and control units
- Lack of knowledge within internal auditing od risk management practices
and techniques
- Need for training for internal audit staff
In order for internal audit seen as a strategic partner, internal audit must fulfill this criteria:
- Credible à must have knowledge
- Trustworthy à open communication and willingness to help improve the
organization’s risk management process before offering criticismWilling to step
up to the challenge

POJK No. 56 /POJK.04/2015 - Internal Audit Charter

This Financial Authority Regulation talks about internal audit charter. The rule
highlights the structure, qualifications, and punishments for those who does not comply to
the charter. Here, public firms are obliged to have internal audit charter which highlights the
duties, ethical conducts, and limits of the firm operational activity. The regulation is created
to protect the financial market

Conclusions
Internal auditor plays an important part in the firm for assessing management
performance and report the information obtained to those in charged so that they can make
the best decision for the firm. Internal auditor is an independent, strategic unit which assess
various activity of the firms, from the process of monitoring preparation financial information
disclosure to make sure that the operational activity is done accordingly.
 Internal auditor has various correlation with various part of the management and is
the third line of defense in the three-line of defense internal control framework. Enterprise
risk management must incorporate internal auditor so that they can assist process owners
with understanding, assessing, designing, and documenting results as well as monitoring
them. The Financial Service Authority highlights the importance of internal auditor by
obliging the listed firms to make an Internal Audit Charter.

Sources
● 1● Crowe Horwarth (2011), Strengthening Corporate Governance
. with Internal Audit

● 2● Boyle, James F., Douglas M., (2013) The role internal audit in
. ERM, Internal Auditing; Jul/Aug, 2013.

● 3● ECIIA. Position paper. Improving Cooperation Between Internal

. and External Audit

● POJK No. 56 /POJK.04/2015 -

http://www.ojk.go.id/id/regulasi/Documents/Pages/POJK-tentang-
Pembentukan-dan-Pedoman-Penyusunan-Piagam-Unit-Audit-
Internal/SALINAN-
POJK%20%2056.%20Pembentukan%20dan%20Pedoman%20Penyu
sunan%20Piagam%20Unit%20Audit%20Internal.pdf)