Академический Документы
Профессиональный Документы
Культура Документы
Angela Simatupang
Jakarta 3 May 2019
https://global.theiia.org/standards-guidance
https://iia-indonesia.org/ 1
The International Professional
Practices Framework (IPPF) is the
conceptual framework that organizes
authoritative guidance promulgated
by The IIA. A trustworthy, global,
guidance-setting body, The IIA
provides internal audit professionals
worldwide with authoritative
guidance organized in the IPPF as
mandatory guidance and
recommended guidance.
2
• Mandatory guidance is developed following an
established due diligence process, which
includes a period of public exposure for
stakeholder input.
5
Applicability and Enforcement
of the Code of Ethics
• This Code of Ethics applies to both entities and individuals that perform
internal audit services.
• For IIA members and recipients of or candidates for IIA professional
certifications, breaches of the Code of Ethics will be evaluated and
administered according to The IIA’s Bylaws, the Process for Disposition
of Code of Ethics Violation, and the Process for Disposition of
Certification Violation.
• The fact that a particular conduct is not mentioned in the Rules of
Conduct does not prevent it from being unacceptable or discreditable,
and therefore, the member, certification holder, or candidate can be
liable for disciplinary action.
6
Breach of Ethics
7
Code of
Ethics
Principles
8
Integrity Objectivity Confidentiality Competency
1.2. Shall observe the law and make disclosures expected by the
law and the profession.
10
Considerations for Implementations
• Standard 2000 – Managing the Internal Audit Activity, the CAE must
ensure that the internal audit activity achieves the purpose and fulfills
the responsibility included in the internal audit charter and that its
individual members conform with the Code of Ethics and the Standards.
As the leader of the internal audit activity, CAE should cultivate a culture
of integrity by acting with integrity and adhering to the Code of Ethics.
• The CAE also establishes policies and procedures to guide the IA activity,
according to Standard 2040. When these are implemented, the internal
audit activity is able to show diligence and responsibility.
11
Considerations for Demonstrating
Conformance
12
Rules of Conduct
Internal auditors:
2.1. Shall not participate in any activity or relationship that may
impair or be presumed to impair their unbiased assessment.
This participation includes those activities or relationships
that may be in conflict with the interests of the organization.
2.2. Shall not accept anything that may impair or be presumed to
impair their professional judgment.
2.3. Shall disclose all material facts known to them that, if not
disclosed, may distort the reporting of activities under
review.
13
Considerations for Implementations
Individual auditors are responsible for their personal conformance with the
Code of Ethics. It is vital for the leader, to uphold the Code of Ethics principles
and rules of conduct, setting the tone for the value of ethics among the team.
If CAE is responsible for any functions other than the IA activity, assurance
engagements related to those functions must be overseen by a party outside
the IA activity (S 1130.A2). If any of the IA activity’s assurance and consulting
work is outsourced or cosourced, CAE is still responsible for enforcing
mandatory guidance of the IPPF, including that auditors must be objective and
that potential impairments to objectivity must be declared.
14
Considerations for Demonstrating
Conformance
15
Rules of Conduct
Internal auditors:
3.2. Shall not use information for any personal gain or in any
manner that would be contrary to the law or detrimental to
the legitimate and ethical objectives of the organization.
16
Considerations for Implementations
Policies and Procedures S 2330 – Documenting Information
Information security policies to protect require CAE to control access to
data acquire, use, and produce. engagement records, in part by
developing requirements for retaining
•Collect only the data required to the records, regardless of the medium in
perform the engagement and use it which each record is stored.
only for the intended purposes.
S 2440.A2 requires CAE to assess the
•Protect information from intentional or potential risk of releasing assurance
unintentional disclosure through the engagement results and to restrict the
use of controls. use of assurance engagement results,
•Eliminate copies of or access to such except required by laws or regulations.
data when it is no longer needed. Training
Periodically assess and confirm need for Discuss the principles, rules, policies, and
access to areas and databanks containing expectations related to confidentiality.
confidential information and confirm Leader to set the tone for the value of
access controls working effectively. ethics among the team.
17
Considerations for Demonstrating
Conformance
18
Rules of Conduct
Internal auditors:
4.1. Shall engage only in those services for which they have the
necessary knowledge, skills, and experience.
19
Considerations for Implementation
CAE responsibilities relevant to IA competency are detailed in S 1210: Proficiency,
S 1210.A1, S 2030: Resource Management, S 2050: Coordination and Reliance.
• Develop staffing strategy to regularly assess the competencies of individual
auditors, IA activity, and assurance & consulting service providers relies.
• Inventory skills & experience of individual auditor, align with competencies
needed, identify any gaps. Address deficiencies by providing training &
mentorship, rotating IA staff, and/or hiring external service providers.
• To support individual auditors in fulfillment of Rule 4.3: continual improvement of
proficiency & effectiveness and quality of services — develop P&P that include
regularly reviewing individual performance. Encourage educational and training
opportunities (e.g., attendance at professional conferences and pursuit of relevant
professional certifications).
• To promote the continual improvement of the IA activity, implement quality
assurance and improvement program (covered by the 1300 series of standards).
Additionally, CAE may use The IIA’s Competency Framework to benchmark the
maturity of the internal audit activity and work toward its progress over time.
20
Considerations for Demonstrating
Conformance
Demonstrate conformance through a documented assessment of auditors
competencies and assurance & consulting service providers relies.
Conformance may also be evidenced through a documented IA plan, an inventory
of competencies needed to fulfill the plan, and related gap analysis.
Demonstrate a culture supportive of competency and the continual improvement
of proficiency, effectiveness, and quality through evidence that:
• Engagements have been properly resourced and supervised.
• Feedback has been solicited from IA stakeholders and sufficiently considered.
• Performance reviews of internal auditors have been conducted regularly.
• Opportunities for training, mentoring, professional education have been
provided.
• A quality assurance and improvement program is active.
• IA services performed in conformance with the IPPF’s Mandatory Guidance.
21
Established in 1941, The Institute of Internal Auditors (IIA)
is an international professional association with global
headquarters in USA.
The IIA is the internal audit profession's global voice,
recognized authority, acknowledged leader, chief advocate,
and principal educator. Members work in internal auditing,
risk management, governance, internal control, information
technology audit, education, and security.
More than 200,000 members worldwide.
Representation in more than 165 countries
About The mission of The Institute of Internal Auditors provides
dynamic leadership for the global profession of internal
22 22
IIA Global Certifications
Certified Internal Auditor® (CIA®)
The IIA’s premier designation for more than 40 years, the CIA sets the standard for excellence
within the profession. Earning the CIA is an important step toward demonstrating your core
internal audit skills and knowledge. As the only globally recognized internal audit certification,
becoming a CIA is the optimum way to communicate knowledge, skills, and competencies to
effectively carry out professional responsibilities for any internal audit, anywhere in the world.
CPEA credential demonstrates one’s understanding of The Certified Process Safety Auditor
today’s ever changing environmental, health and safety
(CPSA) credential demonstrates one’s
regulations. The CPEA designation is fully accredited by
the Council of Engineering and Scientific Specialty Boards
understanding of important Process Demonstrate your organizational, ethical, and internal
(CESB). CPEAs qualify for Professional Membership status Safety elements and regulations for all audit leadership skills by obtaining the Qualification in
with the American Society of Safety Engineers (ASSE). industries with processes that involve Internal Audit Leadership® (QIAL®), the premier
explosive materials and hazardous waste. designation for internal audit executives.
23 23
Your speaker today
• Senior Partner and Head of Consulting practice at RSM in Indonesia.
• Member of the Global Board of Directors of RSM International.
• Appointed as member of The Institute of Internal Auditors’ (“The IIA”) International Internal Audit Standards Board.
• Member of the RSM Asia Pacific Risk Consulting Committee.
• Vice President at Institute of Internal Auditors Indonesia
• Member of Audit Committee, Risk Monitoring Committee, and Integrated Corporate Governance Committee
at one of the 10 largest bank in Indonesia.
• Appointed to represent Indonesia by Indonesia Financial Services Authority (OJK) as
Corporate Governance Expert that represent Indonesia in the ASEAN CGS.
• Bachelor of Economy from Trisakti University, and holds a Master of Commerce in International Business
and Management of Technology from The University of Sydney, Australia.
• Hold several professional certifications which among others include Certified Internal Auditor (CIA) and Certification
in Risk Management Assurance (CRMA) issued by The Institute of Internal Auditors , Certified in Risk & Information
Systems Control (CRISC) issued by ISACA (Information Systems Audit and Control Association), Certified GRC
Professional (GRCP) and Certified GRC Auditor (CGRA) issued by OCEG.
• Member team that develop the Indonesia Code of Good Corporate Governance, the Indonesia Code of Good Public
Governance, and the Indonesia Whistleblowing System Guidance.
Angela Simatupang
(angela.simatupang@rsm.id)
24 24
Thank You
Terimakasih
25