Internal Audit


The Internal Audit Unit (IA) performed the internal control function at CIMB Niaga. IA uses the three lines model to ensure the Bank’s management and operational processes are in line with applicable rules and regulations and support the Bank’s interests and objectives. IA is also responsible for the adequacy and proper operation of internal control processes. IA continues to develop and innovate in using technology and audit tools to conduct audits more effectively and efficiently.


The IA has Internal Audit Charter that serves as the guideline for carrying out its duties and responsibilities. The Internal Audit Charter contains the main principles of Internal Audit’s professional practice, vision and mission, objectives, structure and position, authorities, duties and responsibilities, function and scope of the assignment, independence and objectivity, professionalism, impartiality, rights and obligations of the Head of IA (Chief Audit Executive), as well as the IA code of ethics. The Internal Audit Charter was last updated on 5 June 2021 and has been approved by the President Director and the Board of Commissioners.

The Internal Audit Charter is a form of compliance to:

  1. Financial Services Authority (OJK) Regulations and OJK Circular Letters, on the Implementation of the Internal Audit Function in Commercial Banks, Establishment and Guidelines for the Preparation of Internal Audit Charter, Financial Conglomerates, Operation of Information Technology by Commercial Banks, Implementation of Risk Management for Commercial Banks, Standards Guidelines of Internal Control System for Commercial Banks, Confidentiality and Security of Consumers’ Personal Data and/or Information.
  2. As well as best practices pursuant to IPPF (International Professional Practice Framework) standards from IIA (The Institute of Internal Auditors).

The Internal Audit Charter defines the rules and guidelines for audit practices to ensure:

  1. The effectiveness, efficiency, and adequacy of the internal control system, risk management, and governance continuously.
  2. The reliability, effectiveness, and integrity of the process and information management system, including relevance, accuracy, completeness, availability, and security of data.
  3. Compliance with prevailing laws and regulations.
  4. Quality of the organization’s performance.
  5. Proper interaction with other governance groups.
  6. Critical financial, managerial, and operational Bank information and processes are accurate, reliable, and timely.
  7. Resources are obtained economically, efficiently utilized, and adequately protected.
  8. Programs, plans, and targets are well achieved.
  9. Quality and continuous improvement are inherent in the control process of CIMB Niaga.
  10. Opportunities to improve risk management, profitability, and the reputation of CIMB Niaga are identified and stated in the audits.


IA reports directly to the President Director, and by matrix to the Board of Commissioners through the Audit Committee pursuant to OJK Regulation No. 1/POJK.03/2019 dated 28 January 2019 on the Implementation of the Function of Internal Audit in a Commercial Bank (PFAIB) and OJK Regulation No. 56/POJK.04/2015 dated 29 December 2015 on the Establishment and Guidelines of the Formulation of the Internal Audit Charter.


Antonius Pramana Gunadi

Chief Audit Executive










Legal Basis of Appointment


Decree No. 024/HROB/HRS/XII/2016 dated 19 December 2016


  • Bachelor of Economics, Tarumanagara University

  • Certified Internal Auditor, the Institute of Internal Auditors

  • Certificate, Business Analytics: From Data to Insights, the Wharton School

Work Experiences

  • Audit Director at Citibank (2013-2016)

  • Head of Internal Audit at PT Bank Internasional Indonesia (2010-2013)

  • Head of Internal Audit at PT Bank Barclays (2009-2010)

  • Head of Internal Audit at ABN Amro Bank (2005-2009)

  • Auditor at Ernst & Young (2003-2005)

  • Auditor at KPMG Indonesia (1998-2002)

  • Auditor at Coopers & Lybrand (1996-1998)


  • Certified Internal Auditor (CIA)

  • Certified Anti Money Laundering Specialist (CAMS)

  • Level 5 Certification of Risk Management

Organization Membership

  • Bank Internal Auditors Association (IAIB) – Chairman (2020-2023)

  • Bank Internal Auditors Association (IAIB) – Head of Membership and Organisation Section (2017-2020)


Name of Training/Workshop/Conference/Seminar Organizer Time and Place
Key to Maintaining Objectivity and Professional Skepticism Gartner 9 January 2022
Data Breaches, What’s my Risk? Gartner 10 January 2022
Business Learning Session - New Agile Methodology and Template CIMB Niaga 24 January 2022
Business Learning Session - Non-Fungible Token CIMB Niaga 23 February 2022
Digital Leadership Series #2 - Leveraging on technology to strengthen customer loyalty CIMB 26 April 2022
BMC Strength Based Development Program #1 - Post Assessment Briefing : Clifton Strength Finder Assessment & 360 Degree Assessment Gallup 15 May 2022
Sharing Session ESG and The Role of Internal Audit IIA 7 June 2022
Sustainability Finance: ISO 37001:2016 - AntiBribery Management System Awareness Session for Senior Management CIMB Niaga 17 June 2022
BMC Strength Based Development Program #2 – Leading with Your Strength Gallup 27 June 2022
CIMB Expert Talk Series for Board & Key Management #1: Net Zero Pathways; Managing Risks & Taking Opportunities CIMB 13 July 2022
EPICC Masterclass for BMC BTS 11 August 2022
BMC Leadership Program : Executive Coaching Session CIMB Niaga 12 August 2022
Team Building - Outing Corporate Assurance CIMB Niaga 1 September 2022
Annual Workshop Directorate - Workshop Corporate Assurance CIMB Niaga 1 September 2022
BMC Strength Based Development Program #3 – Strategies for Your Success Gallup 2 September 2022
BMC Leadership Program : Executive Coaching Session CIMB Niaga 12 September 2022
BMC Leadership Program : Executive Coaching Session CIMB Niaga 10 October 2022
IIA National Conference IIA 12 October 2022
BMC/BOC Development Program - Digital Sharing Session : Building The Bank of The Future Thought Machine 31 October 2022


IA assists the Bank in achieving its objectives by evaluating and improving the effectiveness of governance, internal control processes, and risk management. CIMB Niaga’s IA also has to provide independent and objective assurance, consulting, and advisory services that can provide added value and improve the Bank’s operations.

As stated in the Internal Audit Charter, CIMB Niaga’s IA has the following duties and responsibilities:

  1. Assist the President Director and Board of Commissioners in carrying out supervision related to Bank’s operations from planning, implementation, and follow up audit findings.
  2. Undertake the analysis and evaluation of the financial, accounting, operational, and other activities through audit.
  3. Identify all possibilities to improve and enhance efficiency in the use of resources and budget.
  4. Provide recommendations for improvements and objective information on all audited management activities.
  5. Comprehensively prepare and implement the annual audit plan based on the risk-based audit methodology. The President Director and the Board of Commissioners approved the annual audit plan and its budget allocation by considering the Audit Committee's recommendation.
  6. Carry out audit activities and evaluate the efficiency and effectiveness of finances, accounting, operations, human resources, marketing, information technology, and other activities.
  7. Report periodically to the Board of Directors and Board of Commissioners through the Audit Committee on the objectives, authority, and responsibilities, as well as on IA performance against targets. The report also covers significant risk exposures and control issues.
  8. Submit the semester report regarding implementation and audit results to OJK, which consists of a summary of audit activities and significant audit findings no later than one month after the period closed.
  9. Monitor the follow-up actions for audit findings and recommendations. All significant audit findings will be classified as “open” until resolved, including informing the Audit Committee about management’s risk acceptance (if any).
  10. Inform the status of improvements taken on the audit findings and recommendations to the Board of Directors and the Board of Commissioners through the Audit Committee.
  11. Inform Anti-Fraud Management of any indications of fraud uncovered by the audit team.
  12. Prepare the success measurements and achievements of the IA objectives.
  13. Prepare and retain adequate audit working papers in accordance with the applicable regulations.
  14. Conduct and present the Quality Assurance and Improvement Programs (QAIP) covering all aspects of IA activities. QAIP includes the evaluation of IA’s adherence to the definition of Audit Intern and Standards and assessing whether the auditors adhere to the code of ethics. QAIP also evaluates the efficiency and effectiveness of IA activities, as well as identifies potential improvements thereof.
  15. Report specifically to OJK any findings by the IA that could significantly disrupt the business continuity of CIMB Niaga. The report should be submitted no later than three days following the finding.
  16. Report to OJK the results of external reviews that evaluate the working process of IA and its adherence to PPFAIB and possible improvements.
  17. In the case of the implementation of Integrated Governance and CIMB Niaga’s role as the Main Entity that already has an established IA, the duties of the Integrated IA are carried out by the existing IA with the following responsibilities:
    1. Able to carry out audits on Financial Services Institutions (FSI) either individually, collectively, or based on the audit report of the FSI’s IA.
    2. Monitor and evaluate the execution of the Integrated IA in the respective members of CIMB Indonesia’s Financial Conglomerate, coordinate with the IAs of all members of the CIMB Indonesia Financial Conglomerate in accordance with their functions, and compile the results of the Integrated IA from each member of the financial conglomerate, carried out regularly (semesterly).
    3. Prepare and present a report on the execution of the Integrated IA’s duties and responsibilities to the Director responsible for supervising the FSI within the financial conglomerate, the Compliance Director of the Main Entity and the Main Entity’s Board of Commissioners.


The Chief Audit Executive and all IA personnel must adhere to the Code of Conduct of CIMB Niaga and the Code of Ethics of Internal Auditors of CIMB Niaga in carrying out their duties and responsibilities. The Code of Ethics of the Internal Auditors of CIMB Niaga has been formulated pursuant to the code of ethics of The Institute of Internal Auditors as follows:

  1. Integrity
    The integrity of the Internal Auditor builds trust and gives confidence in the assessments it provides.
  2. Objectivity
    Internal auditors must demonstrate high professional objectivity in collecting, evaluating, and communicating information about the activity or process being audited. All relevant facts are considered by internal auditors in a balanced manner, without being influenced by their own or others’ interests.
  3. Confidentiality
    The Internal Auditor maintains the confidentiality of the information received and is not authorized to disclose it except in accordance with the Bank’s policy regarding the provision of data, documents, and/or information to third parties.
  4. Competency
    In order to provide internal auditing services, internal auditors must possess the necessary knowledge, skills, and experience.

Each year, all IA personnel of CIMB Niaga are refreshed on the Code of Ethics and are required to sign a statement of adherence to the Code of Ethics.