Internal Audit

INTERNAL AUDIT UNIT (IA)

The Internal Audit (IA) of Bank CIMB Niaga assists the Bank in achieving its objectives through systematic and disciplined approach in evaluating and improving the successful accomplishment of the Bank’s objectives; the effectiveness of governance processes, internal control and risk management processes, including the implementation of the sustainability principle; the Bank’s decision-making and supervision, including providing an independent perspective to the Board of Directors and Board of Commissioners on the adequacy of control and compliance with applicable regulatory provisions; reputation and credibility to the Bank’s stakeholders; the Bank’s ability to serve the public’s interests.

The IA provides independent, risk-based assurance, advisory, insight, and foresight services that are designed to increase value and improve the Bank’s operations.

INTERNAL AUDIT CHARTER

IA has an Internal Audit Charter as a guideline in carrying out its duties and responsibilities. The Internal Audit Charter contains the objectives, internal audit professional practice principles, vision and mission, structure, position and authority, duties and responsibilities, the scope of assignment, independence and objectivity, professionalism, impartiality, rights, obligations, and responsibilities of the Head of IA (Chief Audit Executive), and the IA code of ethics.

The Internal Audit Charter is a form of compliance with OJK Regulations and OJK Circular Letters, related to the Implementation of the Internal Audit Function in Commercial Banks, the Establishment and Guidelines for Preparing Internal Audit Charters, Financial Conglomerates, Implementation of Information Technology by Commercial Banks, Implementation of Risk Management for Commercial Banks and Sharia Business Units, Standard Guidelines for Internal Control Systems for Commercial Banks, Governance Implementation for Commercial Banks and Sharia Business Units, Personal Data Protection Law, Bank Indonesia Consumer Protection, as well as best practices referring to GIAS (Global Internal Audit Standards) from the IIA (The Institute of Internal Auditors).

The Internal Audit Charter was last updated on 28 November 2024 and has been approved by the President Director and the Board of Commissioners. The Internal Audit Charter regulates the implementation of audits as well as guidelines to ensure:

  1. Effectiveness, efficiency, and adequacy of internal control system, risk management, and sustainable governance.
  2. Reliability, effectiveness, and integrity of information management processes and systems, including relevance, accuracy, completeness, availability, and confidentiality of data.
  3. Compliance with applicable laws and regulations.
  4. Quality of the organization’s performance.
  5. Interaction with various governance groups has been running as it should.
  6. Important financial, managerial, and operational information must be accurate, reliable, and timely
  7. Resources are obtained economically, utilized efficiently, and protected adequately
  8. Programs, plans, and targets are achieved well.
  9. Quality and continuous improvement are inherent in the Bank’s control processes.
  10. Opportunities to improve the Bank’s management controls, profitability, and reputation are identified and disclosed in the audit.

PARTY WHO APPOINTS AND DISMISSES HEAD OF IA (CHIEF AUDIT EXECUTIVE)

IA is chaired by the Chief Audit Executive, who is appointed and dismissed by the President Director with the approval of the Board of Commissioners and based on the recommendation from the Audit Committee. Currently, the Chief Audit Executive is Antonius Gunadi, who has been in office effectively since 3 January 2017, based on Decree No. 024/HROB/HRS/XII/2016. The appointment was reported to OJK in letter No. 008/DIR/ XII/2016 dated 19 December 2016.

STRUCTURE AND POSITION OF IA IN THE ORGANIZATION

In line with OJK Regulation No. 1/POJK.03/2019 dated 28 January 2019 on Implementation of the Internal Audit Function in Commercial Banks and OJK Regulation No. 56/POJK.04/2015 dated 29 December 2015 on Establishment and Guidelines to Prepare the Internal Audit Charter, IA is directly responsible to the President Director and, in the matrix, to the Board of Commissioners through the Audit Committee.

PROFILE OF HEAD OF IA (CHIEF AUDIT EXECUTIVE)

Antonius Pramana Gunadi

Chief Audit Executive

Age/Gender

:

50/Male

Nationality

:

Indonesia

Domicile

:

Jakarta

Legal Basis of Appointment

:

024/HROB/HRS/XII/2016

Educational Background & Professional Certifications

:
  • Bachelor of Economics, Tarumanagara University

  • Certified Internal Auditor, the Institute of Internal Auditors

  • Certificate, Business Analytics: From Data to Insights, the Wharton School

  • Certificate, Sustainability Leadership Program, University of Cambridge - Institute for Sustainability Leadership

Work Experiences

:
  • Audit Director at Citibank (2013-2016)

  • Head of Internal Audit at PT Bank Internasional Indonesia (2010-2013)

  • Head of Internal Audit at PT Bank Barclays (2009-2010)

  • Head of Internal Audit at ABN Amro Bank (2005-2009)

  • Auditor at Ernst & Young (2003-2005)

  • Auditor at KPMG Indonesia (1998-2002)

  • Auditor at Coopers & Lybrand (1996-1998)

Legal Basis of Appointment

:

024/HROB/HRS/XII/2016

EDUCATION AND/OR TRAINING OF INTERNAL AUDIT UNIT

Training / Workshop / Conference / Seminar Organizing Institute Time and Location
Risk Management Certification Briefing Level 7 BSL Jakarta,
27 March 2024
Risk Management Certification Level 7 LSP BSMR Jakarta,
4 April 2024
CIMB Leading Leaders Development Programme - Creating the Future IMD Estonia,
22-26 April 2024
Sharia Certification Level 3 – 2024 : Strengthening Governance in Fulfilling Shari Principles LND CIMB Niaga Jakarta,
26 July 2024
Pendalaman SNI ISO 37001:2016 (ISO SMAP) TUV Nord Jakarta,
14 October 2024
Senior Leader- Conference 2024 CIMB Niaga & Daily Meaning Bogor,
5-6 December 2024

DUTIES AND RESPONSIBILITIES OF IA

As stated in the Internal Audit Charter, IA has the following duties and responsibilities:

  1. Assisting the President Director and Board of Commissioners in supervision by operationally defining the planning, implementation, or monitoring of audit results.
  2. Analyzing and assessing finance, accounting, operations, and other activities through audit.
  3. Identifying all opportunities to improve and increase efficient use of resources and funds.
  4. Providing suggestions for improvements and objective information about the activities examined in all management activities.
  5. Preparing and implementing an annual audit plan based on a comprehensive risk assessment-based methodology. The annual audit plan and budget allocation are approved by the President Director and the Board of Commissioners by taking into account recommendations from the Audit Committee.
  6. Collaborating with the Audit Committee.
  7. Testing and evaluating the implementation of internal control and risk management systems in accordance with company policies.
  8. Executing audit activities and providing assessments on the efficiency and effectiveness in finance, accounting, operations, human resources, marketing, information technology, and other activities.
  9. Providing suggestions for improvement and objective information regarding activities examined at all levels of management.
  10. Preparing and submitting audit reports to the President Director and the Board of Commissioners. As well as preparing internal audit reports related to the implementation of the fulfillment of sharia principles and submitting them to the President Director, Board of Commissioners, and Sharia Supervisory Board.
  11. Can perform special audit, if necessary.
  12. Periodically reporting to the Board of Directors and Board of Commissioners through the Audit Committee regarding the objectives, authority, and responsibilities, as well as the performance of IA activities compared to the plans. Reporting also includes exposing significant risks and control issues.
  13. Preparing semester reports on the Implementation Report and Internal Audit Results to OJK for a summary of audit activities and significant audit findings no later than 1 month after the end of the period.
  14. Monitoring the implementation of follow-up on audit findings and recommendations. All significant audit findings will remain in "open" status until the findings are resolved. This includes informing the Audit Committee regarding Management Acceptance of Risk.
  15. Informing the status of corrective actions regarding audit findings and audit recommendations to the Board of Directors and Board of Commissioners through the Audit Committee.
  16. Informing the Anti-Fraud Management unit about indications of fraud discovered by the IA.
  17. Preparing measurements to assess the success of performance and achievement of IA goals.
  18. Preparing and storing adequate audit working papers in accordance with applicable regulations.
  19. Implementing and delivering Quality Assurance and Improvement Programs (QAIP) which covers all aspects of IA activities. The QAIP includes evaluating IA compliance with the definition of Internal Audit and Standards, as well as evaluating whether the auditor implements the code of ethics. QAIP also assesses the efficiency and effectiveness of IA activities and identifies opportunities for improvement.
  20. Reporting specifically to OJK regarding IA's findings that may significantly disrupt CIMB Niaga's business continuity. Reports must be submitted no later than three days after discovery.
  21. Reporting to OJK regarding the results of the external review containing opinions on IA's work result and compliance with PFAIB, as well as improvements that can be made.
  22. Submitting other reports to the OJK as requested by the OJK.
  23. In terms of implementing the Integrated Governance and with CIMB Niaga's role as the Main Entity that already has an established IA, the implementation of Integrated IA tasks is carried out by the existing IA with the following responsibilities:
    1. Auditing at Financial Services Institutions (FSI) either individually, joint audits, or based on reports from IA FSI.
    2. Monitoring and evaluating the implementation of Integrated IA in each member of the CIMB Indonesia Financial Conglomeration, coordinating with all IA members of the CIMB Indonesia Financial Conglomeration according to their functions, and compiling the results of the implementation of Integrated IA from each member of the CIMB Indonesia Financial Conglomeration, periodically (every semester).
    3. Preparing and submitting reports on the implementation of the duties and responsibilities of Integrated IA to the Director appointed to supervise FSI in the Financial Conglomeration, Director of Compliance of Main Entity and Board of Commissioners of Main Entity.

INTERNAL AUDITOR CODE OF ETHICS

The Chief Audit Executive and all IA employees are required to follow the CIMB Niaga Code of Ethics and Code of Conduct, as well as the CIMB Niaga Internal Auditor Code of Ethics, which is based on and refers to the Institute of Internal Auditors' Code of Ethics. Every year, all IA members receive a refresher on the Code of Ethics and sign a statement about it.

The CIMB Niaga Internal Auditors Code of Ethics is as follows:

  1. Demonstrating Integrity
    Internal Auditors demonstrate integrity in their work and behavior, including demonstrating honesty and professional courage, the organization’s ethical expectations, as well as lawful and ethical behavior.
  2. Maintaining Objectivity
    Internal auditors maintain an impartial and unbiased attitude when performing internal audit services and making decisions, by paying attention to individual objectivity, maintaining objectivity, as well as disclosing impairments to objectivity, if any.
  3. Demonstrating Competency
    Internal auditors apply knowledge, skills, and abilities to successfully fulfill their roles and responsibilities, including having competence, undertaking ongoing professional development.
  4. Exercising Due Professional Care
    Internal Auditors apply due professional care in planning and performing internal audit services, taking into account conformity with GIAS, professional care, professional skepticism.
  5. Maintaining Confidentiality
    Internal Auditors use and protect information appropriately. Internal auditors are not authorized to disclose information without clear authority, except in accordance with Bank Policy regarding the provision of information/data/documents to external parties.