Internal Audit


The Internal Audit (IA) is responsible for carrying out internal audit function at CIMB Niaga. As the third line of defense, the main task of IA is to ensure that the Bank’s management and operations in accordance with the prevailing rules and regulations while also to support the interest and objective of the Bank. IA is also responsible to ensuring that internal control processes are adequate and carried out accordingly.

CIMB Niaga’s IA provides assurance, consulting and advisory that are independent and objective that can add value and improve the Bank’s operations. The IA helps the Bank to achieve its objectives by evaluating and increasing the effectiveness of governance, internal control process and risk management. Until end of 2020, IA continues to carry out required innovation in the banking industry and use of methodology and technology that can enhance the effectiveness and efficiency of audit process.


The Internal Audit Charter constitutes a compliance to:

  1. OJK Regulation No. 1/POJK.03/2019 on the Implementation of the Function of Internal Audit in a Commercial Bank, OJK Regulation No. 56/POJK.04/2015 on the Formation and Guidelines of the Formulation of the Internal Audit Charter, and OJK Regulation No. 18/POJK.03/2014 on the Implementation of the Integrated Governance of a Financial Conglomerate.
  2. OJK Circular Letter No. 21/SEOJK.03/2017 on the Implementation of Risk Management in the use of Information Technology by a Commercial Bank, OJK Circular Letter No. 35/SEOJK.03/2017 on the Guidelines on Standard for the Internal Control System of a Commercial Bank, OJK Circular Letter No. 34/SEOJK.03/2016 on the Implementation of Risk Management by a Commercial Bank, and OJK Circular Letter No. 14/SEOJK.07/2014 on the Secrecy and Security of Data and/or Private Information of Bank Customers.
  3. As well as best practices pursuant to the standards of IPPF (International Professional Practice Framework) and IIA (The Institute of InternaI Auditor).

The IA of CIMB Niaga has Internal Audit Charter as the guideline for IA that consist of the main principles of the IA professional practices, vision and mission, objectives, structure and position, authority, duties and responsibilities, function and scope of assignments, independence and objectivity, professionalism, impartiality, rights and obligations of the IA Head (the Chief Audit Executive), and the IA’s code of ethics. The Internal Audit Charter was last updated on 28 May 2019, and was approved by the President Director and the Board of Commissioners.

The Internal Audit Charter defines the rules and guidelines for the audit practices to ensure:

  1. The effectiveness, efficiency and adequacy of the internal control system, risk management and governance on a continuous basis.
  2. The reliability, effectiveness and integrity of the process and information management system including the relevance, accuracy, completeness, availability and security of data.
  3. Compliance towards prevailing laws and regulations.
  4. Quality of the organization performance.
  5. Interaction with other governance group is carried out accordingly.
  6. Critical financial information, managerial and operational of the Bank is accurate, reliable, and timely.
  7. Resources are obtained economically, efficiently utilized and adequately protected.
  8. Programs, plans and targets are well achieved.
  9. Quality and continuous improvements are inherent in the control process of CIMB Niaga.
  10. Opportunities to improve risk management, profitability, and the reputation of CIMB Niaga are identified and stated in the audit.


The Chief Audit Executive is appointed and dismissed by the President Director with the approval of the Board of Commissioners and based on recommendation of the Audit Committee. The appointment of the Chief Audit Executive is also reported to the OJK. In 2020, the Chief Audit Executive of CIMB Niaga is Antonius Pramana Gunadi, effective on 3 January 2017, based on the Decree No. 024/HROB/HRS/XII/2016. The appointment has been reported to the OJK based on Bank’s letter No. 008/DIR/XII/2016 dated 19 December 2016.


As an independent audit unit, IA reports directly to the President Director, and by matrix to the Board of Commissioners through the Audit Committee pursuant to OJK Regulation No. 1/POJK.03/2019 dated 28 January 2019, on the Implementation of the Function of Internal Audit in a Commercial Bank (PFAIB) and OJK Regulation No. 56/POJK.04/2015 dated 29 December 2015, on the Formation and Guidelines of the Formulation of the Internal Audit Charter. The position of IA in the organization is shown in the following structure:


Antonius Pramana Gunadi

Chief Audit Executive










Legal Basis of Appointment


Decree No. 024/HROB/HRS/XII/2016 dated 19 December 2016


  • Degree in Accounting from Tarumanagara University (1996)

Work Experiences

  • Audit Director at Citibank (2013-2016)

  • Chief Audit Executive at Bank Internasional Indonesia (2010-2013)

  • Chief of IA at Barclays Indonesia (2009-2010)

  • Head of IA at ABN Amro Bank Indonesia (2005-2009)

  • Auditor at Ernst & Young Firm(2003-2005)

  • Auditor at KPMG Firm (1998-2002)

  • Auditor at the public accounting firm of Coopers & Lybrand (1996-1998)


  • Certified Internal Auditor (CIA)

  • Certified Anti Money Laundering Specialist (CAMS)

  • Level 4 Certification of Risk Management

Organization Membership

  • Bank Internal Auditors Association (IAIB) – Chairman for 2020-2023

  • Bank Internal Auditors Association (IAIB) – Head of Membership and Organisation Section for 2017-2020

Training of the Chief Audit Executive (Including as Speaker) 2020

Training of the Chief Audit Executive is presented in the Company Profile Section of this Annual Report.


The duties and responsibilities of CIMB Niaga’s IA based on the Internal Audit Charter are as follows:

  1. Assist the duties of the President Director and Board of Commissionners in carrying out their supervision related to Bank’s operations from planning, fieldwork and follow up audit findings.
  2. Undertake the analysis and evaluation of the financial, accounting, operational and other activities through audit.
  3. Identify all possibilities to improve and enhance efficiency in the use of resources and budget.
  4. Provide recommendations for improvements and objective information on all of the audited activities of management.
  5. Prepare and implement the annual audit plan based on the risk-based audit methodology, comprehensively. The annual audit plan and its budget allocation are approved by the Board of Directors and Board of Commissioners by considering the recommendation of the Audit Committee.
  6. Carry out the audit activities and evaluate the effectiveness and efficiency of the Bank’s financial,accounting, operational, human resources, marketing, information technology and other activities.
  7. Report periodically to the Board of Directors and Board of Commissioners through the Audit Committee on the objective, authority, and responsibilities as well as the performances of IA against its planning. The report shall also cover significant risk exposures and control issues.
  8. Submit the semester report regarding implementation and audit result to OJK, which consist of summary of audit activities and significant audit findings, no later than one month after the period closed.
  9. Monitor the follow-up actions taken on the audit findings and recommendations. All significant audit findings will be classified as “open” until they are resolved.
  10. Inform the status of improvements taken on the audit findings and recommendations to the Board of Directors, and the Board of Commissioners through the Audit Committee.
  11. Inform the Anti-Fraud Management of any indication of frauds uncovered by the audit team.
  12. Prepare the success measurements and achievements of the IA objectives.
  13. Prepare and retain adequate audit working papers as in line with the required regulations.
  14. Conduct and present the Quality Assurance and Improvement Programs (QAIP) covering all aspects of IA activities. QAIP includes the evaluation over IA’s adherence to the definition and standards of IA, and evaluation on whether the auditors adhere to the code of ethics. QAIP also evaluates the effectiveness and efficiency of the audit process and identifies potential improvements thereof.
  15. Report specifically to OJK, any findings by IA that can significantly disrupt the business continuity of CIMB Niaga. The report should take no later than three days following the finding.
  16. Report to OJK, the results of external reviews that evaluate the working process of IA and its adherence to PPFAIB and possible improvements thereof.
  17. In the case where implementation of the Integrated Governance and CIMB Niaga’s role as the Main Entity that already established an IA, the duties of the Integrated IA are carried out by the existing IA with the following responsibilities:
    1. Able to carry out audits on Financial Services Institutions (FSI) either individually, collectively, or on the basis of the audit report of the FSI.
    2. Monitor and evaluate the execution of the Integrated IA in the respective members of CIMB Indonesia’s Financial Conglomerate, coordinate with the IAs of all members in the conglomerate in accordance with their functions, and compile the results of the Integrated IA from each member of the financial conglomerate.
    3. Prepare and present the report on the execution of duties and responsibilities of the Integrated IA to the Director responsible for supervising the FSI within the financial conglomerate, the Compliance Director of the Main Entity and the Board of Commissioners of the Main Entity.


The Chief Audit Executive and all personnel of the IA must adhere to the Code of Ethics and Conducts of CIMB Niaga and the Code of Ethics of the Internal Auditors of CIMB Niaga in carrying out their duties and responsibilities. The Code of Ethics of the Internal Auditors of CIMB Niaga has been formulated pursuant to the code of ethics of The Institute of Internal Auditor, as follow:

  1. Integrity
    The integrity of the Internal Audit gives rise to the trust and thereby forms the foundation of confidence for the evaluation that it provides.
  2. Objectivity
    The Internal Audit demonstrates a high level of professional objectivity in the collection, evaluation, and communication of the information that it imparts on the audit process and execution. Internal Audit carries out a balanced assessment on all relevant facts without being influenced by personal interests or those of others.
  3. Confidentiality
    The Internal Audit assures the confidentiality of the information it obtains and is not authorized to divulge this information without clear authority, except in the case where the sharing of information/data/documents to outside parties are fully compatible with Bank policies.
  4. Compentency
    The Internal Audit imparts knowledge, skills and experience that are required to provide the IA services.

Each year, all personnel of CIMB Niaga’s IA are refreshed of the code of ethics, and are required to sign a statement of adherence to the code of ethics.