Internal Audit &

Enterprise
Governance
Presented by:
Alexander Santober
Almas Sahid D
Mutqinah Hanifah
 Tonight’s Agenda

1. Relationship with Audit Committee

2. Relationship with Management
3. Relationship with External Auditors &
Other Stakeholders
1. Relationship with Audit
Committee
 “
4
Role of The Audit Commitee

A significant step in initially organizing an internal audit function in a

new enterprise is to obtain authorization and approval by the enterprise’s
audit committee of the board of directors. An audit committee also
approves internal audit’s overall plans for continuing activities through the
current period and beyond.
As one of the several operating committees established by the board, the
audit committee has a unique role compared to other board committees.
= > The fall of Enron
 Audit Committee Organization
and Charters
An audit committee is an operating component of the
board of directors with responsibility for internal controls
and financial reporting oversight. Audit committee members
must be independent directors with no connection to
enterprise management.
There are no size restrictions, but a full board with 12 to
16 members will often have a 5- or 6-member audit
committee.
Because all members of the board can be held legally
liable through their actions on any issue, and a board and its
committees enact most of its formal business through
resolutions, which become matters of enterprise record. The
enterprise of the board’s various committees, including the
audit committee, is established through such a resolution.
Audit committee charter is a formal commitment by the board audit
committee to ensure the integrity of financial statements and to
supervise the internal and external audit functions.
The purpose of a board audit committee charter is to define the
audit committee’s responsibilities regarding:
• Identification, assessment, and management of financial risks and uncertainties
• Continuous improvement of financial systems
• Integrity of financial statements and financial disclosures
• Compliance with legal and regulatory requirements
• Qualifications, independence, and performance of independent outside auditors
• Capabilities, resources, and performance of the internal audit department
• Full and open communication with and among the independent accountants, management,
internal auditors, counsel, employees, the audit committee, and the board
Formats vary from one enterprise to another, but audit committee charters generally
include:
1. Purpose and power of audit committee
2. Audit committee composition
3. Meetings schedule
4. Audit committee procedures
5. Audit committee primary activities
a. Corporate governance
b. Public reporting
c. Independent accountants
d. Audits and accounting
e. Other activities
6. Discretionary activities
a. Independent accountants
b. Internal audits
c. Accounting
d. Controls and systems
e. Public reporting
f. Compliance oversight responsibilities
g. Risk assessments
h. Financial oversight responsibilities
i. Employee benefit plans investment fiduciary responsibilities
7. Audit committee limitations
 Audit Committee's Financial Expert and
Internal Audit

A major audit committee criticism in those pre-SOx days after

the fall of Enron was that many board members serving on audit
committees did not appear to understand financial and internal control
issues.

Role Responsibilities

Membership Authority

Operations Education

Communications
 In many situations, the CAE and internal audit may be a
unique thread of corporate governance continuity, and internal audit can
help the audit committee in this new era through a three-step approach:

Step 1. Through a report and presentation, provide a detailed

summary of current internal audit processes for risk
assessments, planning and performing audits, and
reporting results through audit reports.

Step 2. Working with human resources and other resources,

present plans to the audit committee to assist in
launching the Sox-required ethics and
whistleblower program.

Step 3. Develop detailed plans for reviewing and assessing

internal controls in the enterprise.
 Audit Committee Responsibilities for
Internal Audit

These charters are often very specific regarding relationships with internal audit
and typically require the audit committee to:
▪ Review the resources, plans, activities, staffing, and organizational structure of
internal audit.
▪ Review the appointment, performance, and replacement of the CAE.
▪ Review all audits and reports prepared by internal audit together with
management’s response.
▪ Review with management, the CAE, and the independent accountants the
adequacy of financial reporting and internal control systems.
The review should include the scope and results of the internal audit program
and the cooperation afforded or limitations, if any, imposed by management on
the conduct of the internal audit program.
 (a) Appointment of the Chief Audit Executive

(b) Approval of Internal Audit Charter

(c) Approval of Internal Audit Plans and Budgets

(d) Audit Committee Review and Action on Significant Audit Findings

 Audit Committee and Its External
Auditors
External auditors are still allowed to provide tax services as
well as certain de minimis service exceptions, but they are prohibited from
providing these nonaudit services contemporaneously with their financial
statement audits:
• Bookkeeping and other services related to the accounting records or
financial statements of the audit client
• Financial information technology design and implementation
• Appraisal or valuation services, fairness opinions, or contribution-in-kind
reports
• Internal audit outsourcing services
• Management function or human resource support activities
• Broker or dealer, investment advisor, or investment banking services
• Legal services and other expert services unrelated to the audit
• Any other services that the Public Company Accounting Oversight Board
determines to be not permitted
 Other Audit Committee Roles

In this post-SOx world, the audit committee often may receive

questions regarding various accounting and auditing matters. Internal audit
can offer to act as somewhat of a secretary to the audit committee in
documenting and handling these issues, many areas where internal audit can
help the audit committee in handling some of its new SOx-related
administrative chores.
Even for a very large corporation, the audit committee may consist of
perhaps six persons, in a smaller corporation, the committee typically consists
of only two members.
SOx rules require that the audit committee must act
independently. Under SOx, the audit committee takes on an important role,
which internal audit is in perhaps one of the best positions to help facilitate.
The CAE has open access to the audit committee through
presentations at regular meetings and confidential one-on-one meetings.
2. Relationship with
Management
a. Objectivity, Independence, and relationships
with management

a. Development and Maintenance of Good

relationships

a. Participative Auditing

a. Conflict Management and Resolution

“ a. Objectivity, Independence, and
relationships with management

Obyektivitas didefinisikan sebagai sikap yang tidak

memihak yang memungkinkan auditor internal untuk
melakukan keterlibatan sedemikian rupa sehingga
mereka percaya pada produk kerja mereka dan bahwa
tidak ada kompromi atas kualitas yang dibuat
“ b. Development and Maintenance of
Good relationships

auditor internal mengembangkan dan memelihara

hubungan kerja yang baik dengan klien mereka dengan
mengadopsi banyak teknik yang sama yang digunakan
manajer yang efektif dengan bawahan mereka. teknik ini
termasuk wawancara secara efektif, mendengarkan
dengan baik, berkomunikasi secara terbuka, dan
memperlakukan klien dengan hormat setiap saat
“ c. Participative Auditing

auditor internal harus berhati-hati untuk menjaga

obyektivitas mereka selama audit,naun ada banyak
peluang untuk mengundang dan mendorong partisipasi
dari keterlibatan keterlibatan. Peneliti F E Mints
merekomendasikan beberapa metode kolaborasi untuk
memungkinkan klien memiliki minat dalam perikatan
audit.
d. Conflict Management and Resolution
 3. Relationship with
External Auditors & Other
Stakeholders
 Acquisition of External Audit Services

External and internal auditors pursue different objectives,

own a different accountability, possess different
qualifications, and engage in different activities. But they
have mutual interests that call for coordination of their
talents for the benefit of the enterprise
Although the board, through its audit committee, normally
bears the responsibility for the acquisition of external audit
services, The Chief Audit Executive should provide the
technical and specialized knowledge to assist in this
process, including some or all of the following:
• Participation as a member of the selection team
• Recommendation of criteria to be used in the selection
process
• Identification of regulatory or other requirements that
should be considered
• Evaluation of proposed external auditor fees

Finally, the Chief audit executive should also be involved in

monitoring the work of the external auditors and should
advise the audit committee and the board about the
independence and the quality of technical services provided
Coordination of Internal and External
Audit Activities

Coordination between external and internal auditors is

important because of the potential to increase the
economy, effectiveness, and efficiency of the total
audit activity for the enterprise.
Neither form of auditing can replace the other.
But in many ways, they impinge on each other. If the
two types of audits are uncoordinated, there will be
overlaps and duplication that unnecessarily increase
audit costs and confuse audit responsibilities

Efficiency is enhanced when each group’s audit results

are made available to the other group, on time, and as
needed
“
❖ OJK Regulation No.56 / POJK.04 / 2015 concerning
Establishment and Guidelines for Preparation of
Internal Audit Charter Article 8 section d "coordinates
its activities with the activities of external
auditors“
 Preparation for External Audits

To satisfy SAS 65 requirements, Chief Audit Executive should

document the following material in preparation for reviews by
external auditors:
a)Understanding the Internal Audit Functions
• Organizational status within the entity
• Application of professional standards
• Audit plans
• Access to records; any scope limitations
b)Assessing Competency and Objectivity
• Educational level and professional experience
• Professional certification and continuing education
• Audit policies, programs, and procedures
• Practices regarding assignment of internal auditors
• Supervision and review of internal audit activities
• Quality of [workpaper] documentation, reports, and recommendations
• Evaluation of Internal auditor performance [regarding] SAS No.65
requirements
34
 Relationships with Regulators and
Other Stakeholders

In addition to regulators, other stakeholders may include, but are not

limited to, other assurance providers, legislators, interest and advocacy
groups, the media (print, broadcast, internet), non-govermental
organizations (NGOs), and donors.

There are no one-size-fits-all guidelines for interacting with these

stakeholders; it is incumbent on the CAE and members of the internal
audit staff to understand their organization’s - and their country’s -
requirements and protocols for releasing audit information and
otherwise communicating with these types of external entities

Disclosure laws vary by jurisdiction, so consultation with the

organization’s legal representatives should be undertaken before the
release of any information related to internal audit activities
THANKS!
Any questions?