1 Peran Internal Auditor Peran Internal Auditor Sebagai Sebagai Konsultan & Katalis Konsultan & Katalis YPIA -2005 YPIA -2005
Dec 29, 2015
1
Peran Internal Auditor Peran Internal Auditor SebagaiSebagai
Konsultan & KatalisKonsultan & Katalis
YPIA -2005YPIA -2005
2
What is Internal Audit? Making improvements for the company.
The testing of controls and functions of a business to see how efficiently it functions.
To make improvement and to evolve.
Ensuring that fraud is minimized, and most importantly that controls are in place.
………………………
3
Institute of Internal Auditors DefinitionInstitute of Internal Auditors Definition
“Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance process.”
“Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance process.”
4
Coso definition of Internal Control :Internal control is a process effected by an entity'sboard of director management and other personnel,designed to provide reasonable assuranceregarding the achievement of objectives in thefollowing categories :1. Effectiveness and efficiency of operations2. Reliability of financial reporting3. Compliance with applicable laws and regulations
5
Peran Internal AuditorPeran Internal Auditor
1. Sebagai WATCHDOG1. Sebagai WATCHDOG
2. Sebagai CONSULTANT2. Sebagai CONSULTANT
3. Sebagai CATALYST3. Sebagai CATALYST
6
The 3 roles of Internal AuditorsThe 3 roles of Internal Auditors
1. Watchdog : We watch and Warn1. Watchdog : We watch and Warn– The watchdog role involves observing, counting.and The watchdog role involves observing, counting.and
rechecking to ensure that operations are complying with rechecking to ensure that operations are complying with
the laws, regulations and policies of the organization.the laws, regulations and policies of the organization.– The favorite audit process of the watchdog is the The favorite audit process of the watchdog is the
compliance audit. The compliance audit focuses on system compliance audit. The compliance audit focuses on system
variation ( errors, omissions, delays and fraud)variation ( errors, omissions, delays and fraud)– Compliance auditing is a way of identifing varition in the Compliance auditing is a way of identifing varition in the
system so an improvement can be put in placesystem so an improvement can be put in place
7
The 3 roles of Internal AuditorsThe 3 roles of Internal Auditors (continued)(continued)
2. CONSULTANT : We advise and Participate2. CONSULTANT : We advise and Participate– Partner to ManagementPartner to Management– Scope of Works : Economy, Efficiency, Scope of Works : Economy, Efficiency,
Effectiveness (3 E's Audit)Effectiveness (3 E's Audit)– The focus of the consultant is on the conservation of The focus of the consultant is on the conservation of
the organization's resources and helping managers the organization's resources and helping managers
manage.manage.
8
The 3 roles of Internal AuditorsThe 3 roles of Internal Auditors (continued)(continued)
3. CATALYST : We Lead and move others within 3. CATALYST : We Lead and move others within
the policy set by senior managementthe policy set by senior management– The Catalyst seeks long term impact on the organization The Catalyst seeks long term impact on the organization
by focusing the audit on the long term values of the by focusing the audit on the long term values of the
organizationorganization
9
Watchdog, Consultant, Catalyst ???Watchdog, Consultant, Catalyst ???
Ce f f i i e n t
effe
tive
high
highlow
low
1. Catalyst2. Consultant3. Watchdog
1. Watchdog2. Consultant3. Catalyst
1. Watchdog2. Consultant3. Catalyst
1.Catalyst2.Consultant3. Watchdog
10
Building a World-Class Audit Function
TECHNOLOGY/TECHNOLOGY/KNOWLEDGEKNOWLEDGE
METHODOLOGYMETHODOLOGY
MISSIONMISSION
ELEMENTSELEMENTS TRADITIONALTRADITIONAL INNOVATIVEINNOVATIVE
World-ClassWorld-ClassAudit FunctionAudit Function
• Better Assurance• Better Ideas• Lower Costs• Greater Value
PEOPLEPEOPLE
STAKEHOLDER NEEDS Departmental Mission Statement Co-Developed Relationship
RISK ANALYSIS Financial Risk Business Risk
PROCESS ANALYSIS Transaction-Based Business Process
TOOLS Personal Productivity Knowledge Management
DATA ANALYSIS Data Retrieval Continuous Auditing/Artificial Intelligence
REPORTING Findings and Recommendations Business Insight
ANALYTICS Financial Ratios Key Performance Indicators
COMPLIANCE Test-Based Control Self Assessment
IT CAPABILITIES Stand-Alone IT Audits Integrated Audit Strategy
RISK MANAGEMENT Reactionary Risk Analysis Comprehensive Framework
SKILLS Auditor Business Advisor
ACQUIRE Campus Recruits Experienced Hires
DEVELOP Internal Audit Career Path Rotational/Prerequisite for Leadership
DEPLOY Reactive Task Management Virtual Project Teaming
MANAGE Input-Oriented (Hours) Results-Oriented (Value)
EXPERTISE Audit Generalist Subject Matter Expert
ACQUIRE Data, Information Synthesized Information and Experience
SHARE Event-Driven Continuous
COMMUNICATE Remote Access (Give) Virtual (Share)
TECHNOLOGY Independent Tools Interactive Knowledge Sharing
Internal Audit Relevance and Importance to Constituents
IA
Regulators & Audit Committee
Focus on RiskBusiness Units Focus on Value
Executive Management Focuses On:
RiskValueCost Efficiency (do more with
less)
12
Meeting the Challenge of Stakeholder Expectations
Regulators and Audit Committee Effective Risk Mitigation Compliance Reliable Opinions
Business Units Process Improvement Business Enhancement Best Practices and Benchmarking
Executive Management ROI Enhanced Business Unit
Performance Risk Management
Continuum of Value
Resources
Methodology
People
Knowledge
Technology
Traditional IA Progressive IA
Value
High
Low
14
KetrampilanKetrampilan (skill) yang dibutuhkan untuk di miliki oleh internal auditor berdasarkan Standards for the Professional Practice of Internal Auditing :
Ketrampilan (skill) yang dibutuhkan untuk di miliki oleh internal auditor berdasarkan Standards for the Professional Practice of Internal Auditing :
• Problem solving
• Ketrampilan berkomunikasi
• Komunikasi audit
• Statistika
• Executing and evaluating the solution
• Problem solving
• Ketrampilan berkomunikasi
• Komunikasi audit
• Statistika
• Executing and evaluating the solution
15
Berdasarkan Code of Conduct menurut the Institute of Internal Auditors, internal auditor diharapkan untuk memiliki prinsip-prinsip :
Sikap (attitude)
• Integrity• Objectivity• Confidentiality• Competency
16
17
Consulting engagementsContentsConsulting engagementsContents• Definition of consulting services
• Independence and objectivity in consulting engagements
• Due professional care in consulting engagements
• Scope of work in consulting engagements
• Communicating the results of consulting engagements
• Documentation requirements for consulting engagements
• Definition of consulting services
• Independence and objectivity in consulting engagements
• Due professional care in consulting engagements
• Scope of work in consulting engagements
• Communicating the results of consulting engagements
• Documentation requirements for consulting engagements
18
Definition of Consulting ServicesDefinition of Consulting Services
• The Glossary in the Standards defines “consulting services” as follows:
“Advisory and related client service activities, the nature and scope of which are agreed upon with the client and which are intended to add value and improve an organization’s operations. – Examples include counsel, advice, facilitation, process
design, and training.”
• The Glossary in the Standards defines “consulting services” as follows:
“Advisory and related client service activities, the nature and scope of which are agreed upon with the client and which are intended to add value and improve an organization’s operations. – Examples include counsel, advice, facilitation, process
design, and training.”
19
Categories of Consulting ServicesCategories of Consulting Services• Possible categories could include:
– Formal consulting engagements – planned and subject to written agreement.
– Informal consulting engagements – routine activities, such as, participation on standing committees, limited-life projects, ad-hoc meetings, and routine information exchange.
– Special consulting engagements – participation on a merger and acquisition team or
– system conversion team.– Emergency consulting engagements – participation on a
team established for recovery or maintenance of operations after a disaster or other extraordinary business event or a team assembled to supply temporary help to meet a special request or unusual deadline.
• Possible categories could include:– Formal consulting engagements – planned and subject
to written agreement.– Informal consulting engagements – routine activities,
such as, participation on standing committees, limited-life projects, ad-hoc meetings, and routine information exchange.
– Special consulting engagements – participation on a merger and acquisition team or
– system conversion team.– Emergency consulting engagements – participation on a
team established for recovery or maintenance of operations after a disaster or other extraordinary business event or a team assembled to supply temporary help to meet a special request or unusual deadline.
20
Independence and Objectivity in Consulting EngagementsIndependence and Objectivity in Consulting Engagements• Independence and objectivity may be impaired if assurance
services are provided within one year after a formal consulting engagement. – Steps can be taken to minimize the effects of impairment by:
• assigning different auditors to perform each of the services; • establishing independent management and supervision; • defining separate accountability for the results of the projects; and • disclosing the presumed impairment. • Management should be responsible for accepting and implementing
recommendations.
• Care should be taken, particularly involving consulting engagements that are ongoing or continuous in nature, so that internal auditors do not inappropriately or unintentionally assume management responsibilities that were not intended in the original objectives and scope of the engagement.
• Independence and objectivity may be impaired if assurance services are provided within one year after a formal consulting engagement. – Steps can be taken to minimize the effects of impairment by:
• assigning different auditors to perform each of the services; • establishing independent management and supervision; • defining separate accountability for the results of the projects; and • disclosing the presumed impairment. • Management should be responsible for accepting and implementing
recommendations.
• Care should be taken, particularly involving consulting engagements that are ongoing or continuous in nature, so that internal auditors do not inappropriately or unintentionally assume management responsibilities that were not intended in the original objectives and scope of the engagement.
21
Due Professional Care in Consulting EngagementsDue Professional Care in Consulting Engagements• The internal auditor should exercise due professional
care in conducting a formal consulting engagement by understanding the following:– Needs of management officials, including the nature, timing, and
communication of engagement results.– Possible motivations and reasons of those requesting the service.– Extent of work needed to achieve the engagement’s objectives.– Skills and resources needed to conduct the engagement.– Effect on the scope of the audit plan previously approved by the
audit committee.– Potential impact on future audit assignments and engagements.– Potential organizational benefits to be derived from the
engagement.
• The internal auditor should exercise due professional care in conducting a formal consulting engagement by understanding the following:– Needs of management officials, including the nature, timing, and
communication of engagement results.– Possible motivations and reasons of those requesting the service.– Extent of work needed to achieve the engagement’s objectives.– Skills and resources needed to conduct the engagement.– Effect on the scope of the audit plan previously approved by the
audit committee.– Potential impact on future audit assignments and engagements.– Potential organizational benefits to be derived from the
engagement.
22
Scope of Work in Consulting EngagementsScope of Work in Consulting Engagements
• Internal auditors should reach an understanding about the objectives and scope of the consulting engagement with those receiving the service. – Any reservations about the value, benefit, or possible
negative implications of the consulting engagement should be communicated to those receiving the service.
– Internal auditors should design the scope of work to ensure that professionalism, integrity, credibility, and reputation of the internal audit activity will be maintained.
• Internal auditors should reach an understanding about the objectives and scope of the consulting engagement with those receiving the service. – Any reservations about the value, benefit, or possible
negative implications of the consulting engagement should be communicated to those receiving the service.
– Internal auditors should design the scope of work to ensure that professionalism, integrity, credibility, and reputation of the internal audit activity will be maintained.
23
Communicating the Results of Consulting EngagementsCommunicating the Results of Consulting Engagements• Communication of the progress and results of
consulting engagements will vary in form and content depending upon the nature of the engagement and the needs of the client.– Reporting requirements are generally determined by those
requesting the consulting service and should meet the objectives as determined and agreed to with management.
– However, the format for communicating the results of the consulting engagement should clearly describe the nature of the engagement and any limitations, restrictions, or other factors about which users of the information should be made aware.
• Communication of the progress and results of consulting engagements will vary in form and content depending upon the nature of the engagement and the needs of the client.– Reporting requirements are generally determined by those
requesting the consulting service and should meet the objectives as determined and agreed to with management.
– However, the format for communicating the results of the consulting engagement should clearly describe the nature of the engagement and any limitations, restrictions, or other factors about which users of the information should be made aware.
24
Documentation Requirements for Consulting EngagementsDocumentation Requirements for Consulting Engagements• Internal auditors should document the work performed
to achieve the objectives of a formal consulting engagement and support its results.– However, documentation requirements applicable to assurance
engagements do not necessarily apply to consulting engagements.
• Auditors are encouraged to adopt appropriate record retention policies and address related issues, such as, ownership of consulting engagement records, in order to protect the organization adequately and to avoid potential misunderstandings involving requests for these records.– Situations involving legal proceedings, regulatory requirements, tax
issues, and accounting matters may call for special handling of certain consulting engagement records.
• Internal auditors should document the work performed to achieve the objectives of a formal consulting engagement and support its results.– However, documentation requirements applicable to assurance
engagements do not necessarily apply to consulting engagements.
• Auditors are encouraged to adopt appropriate record retention policies and address related issues, such as, ownership of consulting engagement records, in order to protect the organization adequately and to avoid potential misunderstandings involving requests for these records.– Situations involving legal proceedings, regulatory requirements, tax
issues, and accounting matters may call for special handling of certain consulting engagement records.
25
Peran Internal Auditor Peran Internal Auditor SebagaiSebagai
Konsultan & KatalisKonsultan & Katalis YPIA -2005YPIA -2005
Thank YouThank You