Otoritas Jasa Keuangan

Business Integrity Workshop

The IIA’s Code of Ethics

Angela Simatupang
Jakarta 3 May 2019

https://global.theiia.org/standards-guidance
https://iia-indonesia.org/ 1
The International Professional
Practices Framework (IPPF) is the
conceptual framework that organizes
authoritative guidance promulgated
by The IIA. A trustworthy, global,
guidance-setting body, The IIA
provides internal audit professionals
worldwide with authoritative
guidance organized in the IPPF as
mandatory guidance and
recommended guidance.

Conformance with the

principles set forth in
mandatory guidance is
required and essential for the
professional practice of
internal auditing.

2
 • Mandatory guidance is developed following an
established due diligence process, which
includes a period of public exposure for
stakeholder input.

• Authoritative guidance developed by an IIA

Guidance- international technical committee following
appropriate due process. Technical
setting committees are those committees and boards
reporting to the Professional Guidance
Processes Advisory Council (International Internal
Auditing Standards Board, Professional Issues
and Due Committee, Global Ethics Committee, and
Public Sector Committee).
Diligence • The IPPF Oversight Council is designed to
evaluate and advise on the rigor of The IIA's
Standards and Guidance-setting process,
which will increase the confidence of internal
audit stakeholders around the world.
The Code of The purpose of The
Institute's Code of
Ethics states the Ethics is to promote Internal auditing is an
independent, objective
principles and an ethical culture in
the profession of assurance and
consulting activity
expectations internal auditing.
designed to add value
governing the and improve an
organization's
behavior of operations. It helps an
A code of ethics is organization accomplish
individuals and necessary and its objectives by
organizations in appropriate for the
profession of
bringing a systematic,
disciplined approach to
the conduct of internal auditing, evaluate and improve
founded as it is on the effectiveness of risk
internal the trust placed in management, control,
and governance
auditing. its objective
assurance about processes.
governance, risk
management, and
control.
4
 1. Principles that are relevant to the
profession and practice of internal
auditing.
2. Rules of Conduct that describe
behavior norms expected of internal
The Institute's auditors. These rules are an aid to
Code of Ethics interpreting the Principles into
practical applications and are intended
include two to guide the ethical conduct of
essential internal auditors.
components "Internal auditors" refers to Institute
members, recipients of or candidates for
IIA professional certifications, and those
who perform internal audit services within
the Definition of Internal Auditing.

5
Applicability and Enforcement
of the Code of Ethics
• This Code of Ethics applies to both entities and individuals that perform
internal audit services.
• For IIA members and recipients of or candidates for IIA professional
certifications, breaches of the Code of Ethics will be evaluated and
administered according to The IIA’s Bylaws, the Process for Disposition
of Code of Ethics Violation, and the Process for Disposition of
Certification Violation.
• The fact that a particular conduct is not mentioned in the Rules of
Conduct does not prevent it from being unacceptable or discreditable,
and therefore, the member, certification holder, or candidate can be
liable for disciplinary action.

6
Breach of Ethics

The IIA has established the following process in

Process For an effort to provide fairness to all members or
Disposition of non-members facing certification-related
Code of Ethics discipline for violations of The IIA’s Code of
Violation Ethics, certification candidate handbook, test
center rules and procedures, and any other
related rules or policies.

Process For The process provides notice to an individual

Disposition of accused of a violation and an opportunity to
Certification respond to a complaint before action is taken.
Violation

7
Code of
Ethics
Principles

8
 Integrity Objectivity Confidentiality Competency

The integrity of Internal auditors Internal auditors Internal auditors

internal auditors exhibit the highest respect the value and apply the knowledge,
establishes trust and level of professional ownership of skills, and experience
thus provides the objectivity in information they needed in the
basis for reliance on gathering, evaluating, receive and do not performance of
their judgment. and communicating disclose information internal audit
information about the without appropriate services.
activity or process authority unless there
being examined. is a legal or
Internal auditors professional
make a balanced obligation to do so.
assessment of all the
relevant
circumstances and
are not unduly
influenced by their
own interests or by
others in forming
judgments.
9
Rules of Conduct
Internal auditors:

1.1. Shall perform their work with honesty, diligence, and

responsibility.

1.2. Shall observe the law and make disclosures expected by the
law and the profession.

1.3. Shall not knowingly be a party to any illegal activity, or

engage in acts that are discreditable to the profession of
internal auditing or to the organization.

1.4. Shall respect and contribute to the legitimate and ethical

objectives of the organization.

10
Considerations for Implementations

• Standard 2000 – Managing the Internal Audit Activity, the CAE must
ensure that the internal audit activity achieves the purpose and fulfills
the responsibility included in the internal audit charter and that its
individual members conform with the Code of Ethics and the Standards.
As the leader of the internal audit activity, CAE should cultivate a culture
of integrity by acting with integrity and adhering to the Code of Ethics.

• The CAE also establishes policies and procedures to guide the IA activity,
according to Standard 2040. When these are implemented, the internal
audit activity is able to show diligence and responsibility.

• Effectively managing the internal audit activity includes proper

engagement supervision and periodic reviews of internal auditors’
performance, which provide opportunities to discuss how integrity may
be challenged and applied in real situations.

11
Considerations for Demonstrating
Conformance

• As part of sustaining integrity, the CAE should maintain a

quality assurance and improvement program and should
report on the results of the program, including instances of
nonconformance, to senior management and the board, in
accordance with the 1300 series of standards.

• This evidence, along with internal audit policies and

procedures, also demonstrate that the CAE’s management of
the internal audit activity supports its integrity.

• Through a quality assurance and improvement program, the

CAE’s conformance with the integrity principle and rules of
conduct may be independently validated.

12
Rules of Conduct
Internal auditors:
2.1. Shall not participate in any activity or relationship that may
impair or be presumed to impair their unbiased assessment.
This participation includes those activities or relationships
that may be in conflict with the interests of the organization.
2.2. Shall not accept anything that may impair or be presumed to
impair their professional judgment.
2.3. Shall disclose all material facts known to them that, if not
disclosed, may distort the reporting of activities under
review.

13
 Considerations for Implementations
Individual auditors are responsible for their personal conformance with the
Code of Ethics. It is vital for the leader, to uphold the Code of Ethics principles
and rules of conduct, setting the tone for the value of ethics among the team.

To help manage threats to objectivity, as required by Standard 1100 –

Independence and Objectivity, CAE may create relevant policies and procedures,
i.e. policy about receiving gifts, favors, and rewards; and may require internal
auditors to complete a form disclosing potential conflicts of interest and
impairments to objectivity, and should consider these disclosures when
assigning internal auditors to engagements.

If CAE is responsible for any functions other than the IA activity, assurance
engagements related to those functions must be overseen by a party outside
the IA activity (S 1130.A2). If any of the IA activity’s assurance and consulting
work is outsourced or cosourced, CAE is still responsible for enforcing
mandatory guidance of the IPPF, including that auditors must be objective and
that potential impairments to objectivity must be declared.

14
Considerations for Demonstrating
Conformance

• To demonstrate support for the rules related to the objectivity

principle, the CAE may provide evidence of relevant policies
and procedures for the internal audit activity, the requirement
for internal auditors to attend meetings or trainings about
objectivity, and documentation of the rationale for allocating
resources to the internal audit plan, including consideration of
potential impairments.

• To prevent violations of the objectivity principle and rules of

conduct, the CAE’s typically retains forms signed by internal
auditors and outsourced and cosourced providers to
document their consideration and disclosure of any potential
conflicts of interest or impairments to objectivity.

15
Rules of Conduct
Internal auditors:

3.1. Shall be prudent in the use and protection of information

acquired in the course of their duties.

3.2. Shall not use information for any personal gain or in any
manner that would be contrary to the law or detrimental to
the legitimate and ethical objectives of the organization.

16
 Considerations for Implementations
Policies and Procedures
Information security policies to protect
data acquire, use, and produce.
•Collect only the data required to
perform the engagement and use it
only for the intended purposes.
•Protect information from intentional or
unintentional disclosure through the
use of controls.
•Eliminate copies of or access to such
data when it is no longer needed.
Periodically assess and confirm need for
access to areas and databanks containing
confidential information and confirm
access controls working effectively.
S 2330 – Documenting Information
require CAE to control access to
engagement records, in part by
developing requirements for retaining
the records, regardless of the medium in
which each record is stored.
S 2440.A2 requires CAE to assess the
potential risk of releasing assurance
engagement results and to restrict the
use of assurance engagement results,
except required by laws or regulations.
Training
Discuss the principles, rules, policies, and
expectations related to confidentiality.
Leader to set the tone for the value of
ethics among the team.
17
Considerations for Demonstrating
Conformance

The CAE may demonstrate support of internal audit

confidentiality through evidence of policies, processes,
procedures, and training materials implemented to cover
confidentiality as it applies to the internal audit activity and the
organization.

Regarding the release of engagement results, reports, or related

information, the CAE demonstrates conformance with the
confidentiality principle and rules of conduct by documenting
and retaining records of disclosures approved by legal counsel, if
applicable, and by senior management and the board.

18
Rules of Conduct
Internal auditors:

4.1. Shall engage only in those services for which they have the
necessary knowledge, skills, and experience.

4.2. Shall perform internal audit services in accordance with the

International Standards for the Professional Practice of
Internal Auditing.

4.3. Shall continually improve their proficiency and the

effectiveness and quality of their services.

19
 Considerations for Implementation
CAE responsibilities relevant to IA competency are detailed in S 1210: Proficiency,
S 1210.A1, S 2030: Resource Management, S 2050: Coordination and Reliance.
• Develop staffing strategy to regularly assess the competencies of individual
auditors, IA activity, and assurance & consulting service providers relies.
• Inventory skills & experience of individual auditor, align with competencies
needed, identify any gaps. Address deficiencies by providing training &
mentorship, rotating IA staff, and/or hiring external service providers.
• To support individual auditors in fulfillment of Rule 4.3: continual improvement of
proficiency & effectiveness and quality of services — develop P&P that include
regularly reviewing individual performance. Encourage educational and training
opportunities (e.g., attendance at professional conferences and pursuit of relevant
professional certifications).
• To promote the continual improvement of the IA activity, implement quality
assurance and improvement program (covered by the 1300 series of standards).
Additionally, CAE may use The IIA’s Competency Framework to benchmark the
maturity of the internal audit activity and work toward its progress over time.
20
 Considerations for Demonstrating
Conformance
Demonstrate conformance through a documented assessment of auditors
competencies and assurance & consulting service providers relies.
Conformance may also be evidenced through a documented IA plan, an inventory
of competencies needed to fulfill the plan, and related gap analysis.
Demonstrate a culture supportive of competency and the continual improvement
of proficiency, effectiveness, and quality through evidence that:
• Engagements have been properly resourced and supervised.
• Feedback has been solicited from IA stakeholders and sufficiently considered.
• Performance reviews of internal auditors have been conducted regularly.
• Opportunities for training, mentoring, professional education have been
provided.
• A quality assurance and improvement program is active.
• IA services performed in conformance with the IPPF’s Mandatory Guidance.

21
 Established in 1941, The Institute of Internal Auditors (IIA)
is an international professional association with global
headquarters in USA.
The IIA is the internal audit profession's global voice,
recognized authority, acknowledged leader, chief advocate,
and principal educator. Members work in internal auditing,
risk management, governance, internal control, information
technology audit, education, and security.
More than 200,000 members worldwide.
Representation in more than 165 countries
About The mission of The Institute of Internal Auditors provides
dynamic leadership for the global profession of internal

the IIA auditing.

The IIA has 3 primary objectives: (1) Advocacy: To be the
recognized voice for the internal audit profession; (2)
Globalization: To develop and sustain the internal audit
profession globally through appropriate infrastructure,
coordination, support, and communication; (3) Service: To
provide exceptional service to IIA members.
Advocating for the Profession: A seat on the Standing
Advisory Group of the PCAOB; Permanent observer status
on INTOSAI; Respond to various regulators (Basel
Committee on Banking Supervision, SEC, OSC, SOX)

22 22
 IIA Global Certifications
Certified Internal Auditor® (CIA®)
The IIA’s premier designation for more than 40 years, the CIA sets the standard for excellence
within the profession. Earning the CIA is an important step toward demonstrating your core
internal audit skills and knowledge. As the only globally recognized internal audit certification,
becoming a CIA is the optimum way to communicate knowledge, skills, and competencies to
effectively carry out professional responsibilities for any internal audit, anywhere in the world.

Certification in Risk Management Assurance™ (CRMA®)

The CRMA focuses on the key elements to unlocking internal audit’s full potential, and validates
one’s ability to provide advice and assurance on risk management to audit committees and
executive management.

CPEA credential demonstrates one’s understanding of
today’s ever changing environmental, health and safety
regulations. The CPEA designation is fully accredited by
the Council of Engineering and Scientific Specialty Boards
(CESB). CPEAs qualify for Professional Membership status
with the American Society of Safety Engineers (ASSE).
The Certified Process Safety Auditor
(CPSA) credential demonstrates one’s
understanding of important Process
Safety elements and regulations for all
industries with processes that involve
explosive materials and hazardous waste.
Demonstrate your organizational, ethical, and internal
audit leadership skills by obtaining the Qualification in
Internal Audit Leadership® (QIAL®), the premier
designation for internal audit executives.

23 23
Your speaker today
• Senior Partner and Head of Consulting practice at RSM in Indonesia.
• Member of the Global Board of Directors of RSM International.
• Appointed as member of The Institute of Internal Auditors’ (“The IIA”) International Internal Audit Standards Board.
• Member of the RSM Asia Pacific Risk Consulting Committee.
• Vice President at Institute of Internal Auditors Indonesia
• Member of Audit Committee, Risk Monitoring Committee, and Integrated Corporate Governance Committee
at one of the 10 largest bank in Indonesia.
• Appointed to represent Indonesia by Indonesia Financial Services Authority (OJK) as
Corporate Governance Expert that represent Indonesia in the ASEAN CGS.
• Bachelor of Economy from Trisakti University, and holds a Master of Commerce in International Business
and Management of Technology from The University of Sydney, Australia.
• Hold several professional certifications which among others include Certified Internal Auditor (CIA) and Certification
in Risk Management Assurance (CRMA) issued by The Institute of Internal Auditors , Certified in Risk & Information
Systems Control (CRISC) issued by ISACA (Information Systems Audit and Control Association), Certified GRC
Professional (GRCP) and Certified GRC Auditor (CGRA) issued by OCEG.
• Member team that develop the Indonesia Code of Good Corporate Governance, the Indonesia Code of Good Public
Governance, and the Indonesia Whistleblowing System Guidance.

Angela Simatupang
(angela.simatupang@rsm.id)

24 24
 Thank You
Terimakasih

25