Internal Audit


Internal Audit function at CIMB Niaga is performed by the Internal Audit (IA) Unit. As the third line of defence, IA’s main duties are to ensure that the Bank’s management and operations are in compliance with all prevailing rules and regulations and support the Bank’s interests and objectives. IA is also responsible for ensuring the adequacy and proper implementation of the internal control process.

IA’s role is to provide independent and objective assurances and consulting services that will add value and improve the Bank’s operations. IA assists the Bank in achieving its objectives by evaluating and improving the effectiveness of Risk Management, Internal Control, and Governance Processes.


The Chief Audit Executive is appointed and dismissed by the President Director with the approval from the Board of Commissioners based on the Audit Committee recommendation. The Chief Audit Executive appointment is also reported to BI and OJK.

In 2019, the Chief Audit Executive of CIMB Niaga was Antonius Pramana Gunadi, who has effectively served since 3 January 2017 based on Decree No. 024/HROB/HRS/XII/2016. The appointment was reported to BI and OJK, based on letter No. 008/DIR/XII/2016 dated 19 December 2016.


Antonius Pramana Gunadi

Chief Audit Executive

Age: 45 Years

Citizen: Indonesian

Domicile: Jakarta

Legal Basis for Appointment: SK No. 024/HROB/HRS/XII/2016 dated 16 December 2016

Education: Bachelor’s degree in Accounting from Universitas Tarumanagara (1996)

Work Experience:
1. Audit Director of Citibank (2013-2016)
2. Chief Audit Executive of Bank Internasional Indonesia (2010-2013)
3. Chief of SKAI of Barclays Indonesia (2009-2010)
4. Head of SKAI of ABN Amro Bank Indonesia (2005-2009)
5. Auditor at Ernst & Young (2003-2005)
6. Auditor at KPMG (1998 – 2002)
7. Auditor at Coopers & Lybrand Public Accounting Firm (1996 – 1998)

Organizational Membership: Bank Internal Auditor Association (IAIB) – Head of Membership and Organization for the 2017-2020 period


Training/Workshop/Conference/Seminar Organizer Time and Place
Risk Management Certification (Refreshment) Badan Sertifikasi Manajemen Risiko 8 March 2019
Jakarta, Indonesia
Sustainability Finance Training Program CIMB Niaga 2 May 2019
Jakarta, Indonesia
Project Transformation Leadership CIMB Niaga 29 – 30 August 2019
Jakarta, Indonesia
2019 Roundtable for Chief Audit Executive The Institute of Internal Auditors Indonesia 24 September 2019
Jakarta, Indonesia
Regional Audit Planning Session CIMB Niaga 3 – 4 October 2019
Jakarta, Indonesia
Seminar Big Data Analytics (pembicara) CPA Australia 4 December 2019
Jakarta, Indonesia


CIMB Niaga’s Internal Audit Charter was last updated on 28 May 2019 and was approved by the President Director and the Board of Commissioners. The IA Charter is a guideline for IA, and contains the IA’s professional practice principles, vision and mission, goals, authority, responsibilities, functions and scope of work, independency, objectivity, professionalism, impartiality, rights & obligations of the IA Unit Head (Chief Audit Executive) as well as the IA code of ethics.

The Internal Audit Charter was established in compliance with POJK No. 56/POJK.04/2015 regarding the Establishment and Guidelines for the Internal Audit Unit Charter, POJK No. 18/POJK.03/2014 dated 18 November 2014 regarding the Implementation of Integrated Governance for Financial Conglomerations, and POJK No. 1/POJK.03/2019 dated 28 January 2019 regarding Implementation of the Internal Audit Function in Commercial Banks , as well as best practices that refer to the IPPF (International Professional Practice Framework) standards from the IIA (The Institute for Internal Auditors).

The Internal Audit Charter regulates the audits implementation and contains guidelines to ensure:

  1. Risks have been identified and managed appropriately.
  2. Interactions with various governance groups have been well managed.
  3. Key financial, managerial and operational information is accurate, reliable and timely.
  4. Employee actions are in accordance with all prevailing policies, rules and regulations.
  5. Resources are economically acquired and used efficiently and are adequately protected.
  6. Programs, plans and goals are properly achieved.
  7. The concept of quality and continuous improvement has been embedded in CIMB Niaga’s control processes.
  8. Regulations with a significant impact on CIMB Niaga, are properly acknowledged and addressed.
  9. Opportunities to improve CIMB Niaga’s management, profitability and reputation are identified and disclosed throughout the audit.


In accordance with POJK No. 1/POJK.03/2019 dated 28 January 2019 regarding the Implementation of the Internal Audit Function in Commercial Banks (PPFAIB) and POJK No. 56/POJK.04/2015 regarding the Establishment and Guidelines for the Internal Audit Unit Charter, as an independent control unit, IA reports directly to the President Director and in a matrix to the Board of Commissioners through the Audit Committee, with the following structure:


In accordance with the Internal Audit Charter, the duties and responsibilities of CIMB Niaga’s IA are as follows:

  1. Assist the task of the President Director and the Board of Commissioners in conducting supervision by outlining operational aspects of planning, implementation, or monitoring of audit results.
  2. Making analysis and valuation in finance, accounting, operations, and other activities through auditing
  3. Identify all possibilities to improve and increase the efficient use of resources and funds
  4. Provide recommendations for improvements and information on the activities examined in all management activities
  5. Preparing and implementing an annual audit plan based on a comprehensive risk assessment-based methodology. The annual audit plan and budget allocation are approved by the Board of Directors, the Board of Commissioners through the Audit Committee.
  6. Conduct audit activities and provide an assessment of the efficiency and effectiveness of finance, accounting, operations, human resources, marketing, information technology area and other activities.
  7. Periodically report to the Board of Directors and the Board of Commissioners through the Audit Committee regarding the objectives, authorities, and responsibilities, as well as the performance of SKAI activities compared to the planning. Reporting also includes significant risk exposures and control issues.
  8. Preparing semester report regarding mplementation of the key points of audit results to the Financial Services Authority, no later than 1 month after the end of the period
  9. Following up on audit findings and recommendations. All significant audit findings will remain “unfinished” until the findings are resolved.
  10. Informing the status of corrective actions regarding audit findings and recommendations from the audit results to the Board of Directors and the Board of Commissioners through the Audit Committee.
  11. Informing the Anti-Fraud Management unit of any fraud indications identified by Internal Audit.
  12. Preparing criteria for the assessment of IA performance and target achievement.
  13. Creating and maintaining appropriate working papers in accordance with the prevailing regulations
  14. Implementing Quality Assurance and Improvement Programs (QAIP) covering all aspects of Internal Audit activities. The QAIP includes an evaluation of Internal Audit compliance regarding the definition of Internal Audit and Standards, as well as an evaluation of whether the auditors have followed the code of conduct. The QAIP also assesses the efficiency and effectiveness of Internal Audit activities and identifies opportunities for improvement.
  15. Reporting specifically to OJK any IA findings that could significantly disrupt the business sustainability of CIMB Niaga. Commerce Reports must be submitted at the latest 3 days after being found.
  16. Reporting to OJK any external audit results that disclosed an opinion on IA’s performance and compliance with SPFAIB and any room for improvements. 18. In terms of Integrated Governance implementation, and the role of CIMB Niaga as the Primary Entity with an already established Internal Audit Unit.
  17. In terms of Integrated Governance implementation and the role of CIMB Niaga as the Main Entity that has an Internal Audit Unit, the implementation of the Integrated IA duties are carried by the existing IA with the following responsibilities:
    • Performing audits of financial service institutions on an individual entity basis, on a collective basis, or based on reports from the financial services institution IA.
    • Monitoring and evaluating the implementation of Integrated IA in each member of CIMB Indonesia Financial Conglomerate; coordinating with the IAs of the CIMB Indonesia Financial Conglomerate members based on functions; and compiling the results of the Integrated IA from each member of the CIMB Indonesia Financial Conglomerate.
    • Preparing and submitting a performance report covering the roles and responsibilities of the Integrated IA to the assigned Director perform supervisory functions on the Financial Services Institution in a financial conglomerate, the Compliance Director of the Main Entity and the Board of Commissioners of the Main Entity.


In performing its duties, the Chief Audit Executive and all IA employees must adhere to the Bank’s Code of Ethics and Conduct, and Bank’s Auditor’s Code of Conduct. Bank Auditors’ Code of Conduct is prepared in accordance with and refers to the SPFAIB and IPPF Code of Conduct:

  1. Integrity
    Internal Audit Integrity develops a sense of trust and thus provides a basis for confidence in the assessments that it provides.
  2. Objectivity
    Internal Audit must demonstrate high professional objectivity when collecting, evaluating, and communicating information regarding the activities or processes being audited. Internal Auditors conduct balanced assessments regarding all existing facts without being influenced by their own or others interests.
  3. Confidentiality
    Internal Audit maintains the confidentiality of information received and is not authorized to disclose it without clear authority, except in accordance with the Bank's policy related to providing information / data / documents to outside parties.
  4. Competency
    Internal Audit applies the knowledge, skills and experience needed in providing IA services.