INTERNAL AUDIT UNIT (IA)
The Internal Audit (IA) of Bank CIMB Niaga assists the Bank in achieving its objectives through systematic and disciplined approach in evaluating and improving the successful accomplishment of the Bank’s objectives; the effectiveness of governance processes, internal control and risk management processes, including the implementation of the sustainability principle; the Bank’s decision-making and supervision, including providing an independent perspective to the Board of Directors and Board of Commissioners on the adequacy of control and compliance with applicable regulatory provisions; reputation and credibility to the Bank’s stakeholders; the Bank’s ability to serve the public’s interests.
The IA provides independent, risk-based assurance, advisory, insight, and foresight services that are designed to increase value and improve the Bank’s operations.
INTERNAL AUDIT CHARTER
IA has an Internal Audit Charter as a guideline in carrying out its duties and responsibilities. The Internal Audit Charter contains the objectives, internal audit professional practice principles, vision and mission, structure, position and authority, duties and responsibilities, the scope of assignment, independence and objectivity, professionalism, impartiality, rights, obligations, and responsibilities of the Head of IA (Chief Audit Executive), and the IA code of ethics.
The Internal Audit Charter is a form of compliance with OJK Regulations and OJK Circular Letters, related to the Implementation of the Internal Audit Function in Commercial Banks, the Establishment and Guidelines for Preparing Internal Audit Charters, Financial Conglomerates, Implementation of Information Technology by Commercial Banks, Implementation of Risk Management for Commercial Banks and Sharia Business Units, Standard Guidelines for Internal Control Systems for Commercial Banks, Governance Implementation for Commercial Banks and Sharia Business Units, Personal Data Protection Law, Bank Indonesia Consumer Protection, as well as best practices referring to GIAS (Global Internal Audit Standards) from the IIA (The Institute of Internal Auditors).
The Internal Audit Charter was last updated on 28 November 2024 and has been approved by the President Director and the Board of Commissioners. The Internal Audit Charter regulates the implementation of audits as well as guidelines to ensure:
- Effectiveness, efficiency, and adequacy of internal control system, risk management, and sustainable governance.
- Reliability, effectiveness, and integrity of information management processes and systems, including relevance, accuracy, completeness, availability, and confidentiality of data.
- Compliance with applicable laws and regulations.
- Quality of the organization’s performance.
- Interaction with various governance groups has been running as it should.
- Important financial, managerial, and operational information must be accurate, reliable, and timely
- Resources are obtained economically, utilized efficiently, and protected adequately
- Programs, plans, and targets are achieved well.
- Quality and continuous improvement are inherent in the Bank’s control processes.
- Opportunities to improve the Bank’s management controls, profitability, and reputation are identified and disclosed in the audit.
PARTY WHO APPOINTS AND DISMISSES HEAD OF IA (CHIEF AUDIT EXECUTIVE)
IA is chaired by the Chief Audit Executive, who is appointed and dismissed by the President Director with the approval of the Board of Commissioners and based on the recommendation from the Audit Committee. Currently, the Chief Audit Executive is Antonius Gunadi, who has been in office effectively since 3 January 2017, based on Decree No. 024/HROB/HRS/XII/2016. The appointment was reported to OJK in letter No. 008/DIR/ XII/2016 dated 19 December 2016.
STRUCTURE AND POSITION OF IA IN THE ORGANIZATION
In line with OJK Regulation No. 1/POJK.03/2019 dated 28 January 2019 on Implementation of the Internal Audit Function in Commercial Banks and OJK Regulation No. 56/POJK.04/2015 dated 29 December 2015 on Establishment and Guidelines to Prepare the Internal Audit Charter, IA is directly responsible to the President Director and, in the matrix, to the Board of Commissioners through the Audit Committee.

PROFILE OF HEAD OF IA (CHIEF AUDIT EXECUTIVE)

Antonius Pramana Gunadi
Chief Audit Executive
Age/Gender |
: | 50/Male |
Nationality |
: | Indonesia |
Domicile |
: | Jakarta |
Legal Basis of Appointment |
: | 024/HROB/HRS/XII/2016 |
Educational Background & Professional Certifications |
: |
|
Work Experiences |
: |
|
Legal Basis of Appointment |
: |
024/HROB/HRS/XII/2016 |
EDUCATION AND/OR TRAINING OF INTERNAL AUDIT UNIT
Training / Workshop / Conference / Seminar | Organizing Institute | Time and Location |
---|---|---|
Risk Management Certification Briefing Level 7 | BSL | Jakarta, 27 March 2024 |
Risk Management Certification Level 7 | LSP BSMR | Jakarta, 4 April 2024 |
CIMB Leading Leaders Development Programme - Creating the Future | IMD | Estonia, 22-26 April 2024 |
Sharia Certification Level 3 – 2024 : Strengthening Governance in Fulfilling Shari Principles | LND CIMB Niaga | Jakarta, 26 July 2024 |
Pendalaman SNI ISO 37001:2016 (ISO SMAP) | TUV Nord | Jakarta, 14 October 2024 |
Senior Leader- Conference 2024 | CIMB Niaga & Daily Meaning | Bogor, 5-6 December 2024 |
DUTIES AND RESPONSIBILITIES OF IA
As stated in the Internal Audit Charter, IA has the following duties and responsibilities:
- Assisting the President Director and Board of Commissioners in supervision by operationally defining the planning, implementation, or monitoring of audit results.
- Analyzing and assessing finance, accounting, operations, and other activities through audit.
- Identifying all opportunities to improve and increase efficient use of resources and funds.
- Providing suggestions for improvements and objective information about the activities examined in all management activities.
- Preparing and implementing an annual audit plan based on a comprehensive risk assessment-based methodology. The annual audit plan and budget allocation are approved by the President Director and the Board of Commissioners by taking into account recommendations from the Audit Committee.
- Collaborating with the Audit Committee.
- Testing and evaluating the implementation of internal control and risk management systems in accordance with company policies.
- Executing audit activities and providing assessments on the efficiency and effectiveness in finance, accounting, operations, human resources, marketing, information technology, and other activities.
- Providing suggestions for improvement and objective information regarding activities examined at all levels of management.
- Preparing and submitting audit reports to the President Director and the Board of Commissioners. As well as preparing internal audit reports related to the implementation of the fulfillment of sharia principles and submitting them to the President Director, Board of Commissioners, and Sharia Supervisory Board.
- Can perform special audit, if necessary.
- Periodically reporting to the Board of Directors and Board of Commissioners through the Audit Committee regarding the objectives, authority, and responsibilities, as well as the performance of IA activities compared to the plans. Reporting also includes exposing significant risks and control issues.
- Preparing semester reports on the Implementation Report and Internal Audit Results to OJK for a summary of audit activities and significant audit findings no later than 1 month after the end of the period.
- Monitoring the implementation of follow-up on audit findings and recommendations. All significant audit findings will remain in "open" status until the findings are resolved. This includes informing the Audit Committee regarding Management Acceptance of Risk.
- Informing the status of corrective actions regarding audit findings and audit recommendations to the Board of Directors and Board of Commissioners through the Audit Committee.
- Informing the Anti-Fraud Management unit about indications of fraud discovered by the IA.
- Preparing measurements to assess the success of performance and achievement of IA goals.
- Preparing and storing adequate audit working papers in accordance with applicable regulations.
- Implementing and delivering Quality Assurance and Improvement Programs (QAIP) which covers all aspects of IA activities. The QAIP includes evaluating IA compliance with the definition of Internal Audit and Standards, as well as evaluating whether the auditor implements the code of ethics. QAIP also assesses the efficiency and effectiveness of IA activities and identifies opportunities for improvement.
- Reporting specifically to OJK regarding IA's findings that may significantly disrupt CIMB Niaga's business continuity. Reports must be submitted no later than three days after discovery.
- Reporting to OJK regarding the results of the external review containing opinions on IA's work result and compliance with PFAIB, as well as improvements that can be made.
- Submitting other reports to the OJK as requested by the OJK.
- In terms of implementing the Integrated Governance and with CIMB Niaga's role as the Main Entity that already has an established IA, the implementation of Integrated IA tasks is carried out by the existing IA with the following responsibilities:
- Auditing at Financial Services Institutions (FSI) either individually, joint audits, or based on reports from IA FSI.
- Monitoring and evaluating the implementation of Integrated IA in each member of the CIMB Indonesia Financial Conglomeration, coordinating with all IA members of the CIMB Indonesia Financial Conglomeration according to their functions, and compiling the results of the implementation of Integrated IA from each member of the CIMB Indonesia Financial Conglomeration, periodically (every semester).
- Preparing and submitting reports on the implementation of the duties and responsibilities of Integrated IA to the Director appointed to supervise FSI in the Financial Conglomeration, Director of Compliance of Main Entity and Board of Commissioners of Main Entity.
INTERNAL AUDITOR CODE OF ETHICS
The Chief Audit Executive and all IA employees are required to follow the CIMB Niaga Code of Ethics and Code of Conduct, as well as the CIMB Niaga Internal Auditor Code of Ethics, which is based on and refers to the Institute of Internal Auditors' Code of Ethics. Every year, all IA members receive a refresher on the Code of Ethics and sign a statement about it.
The CIMB Niaga Internal Auditors Code of Ethics is as follows:
- Demonstrating Integrity
Internal Auditors demonstrate integrity in their work and behavior, including demonstrating honesty and professional courage, the organization’s ethical expectations, as well as lawful and ethical behavior. - Maintaining Objectivity
Internal auditors maintain an impartial and unbiased attitude when performing internal audit services and making decisions, by paying attention to individual objectivity, maintaining objectivity, as well as disclosing impairments to objectivity, if any. - Demonstrating Competency
Internal auditors apply knowledge, skills, and abilities to successfully fulfill their roles and responsibilities, including having competence, undertaking ongoing professional development. - Exercising Due Professional Care
Internal Auditors apply due professional care in planning and performing internal audit services, taking into account conformity with GIAS, professional care, professional skepticism. - Maintaining Confidentiality
Internal Auditors use and protect information appropriately. Internal auditors are not authorized to disclose information without clear authority, except in accordance with Bank Policy regarding the provision of information/data/documents to external parties.