AI-CLASS X- UTS- G2- RAZAFINANDRASANA.

AUDIT INTERNAL

MID TERM EXAM

RAZAFINANDRASANA.C

1230117190248

Lecturer

Dr. Drs. Paulus Theodorus Basuki Hadiprajitno, MBA. MSAcc.

ACCOUNTING IUP DEPARTMENT

FACULTY OF ECONOMICS AND BUSINESS
DIPONEGORO UNIVERSITY
SEMARANG
2020
 AI-CLASS X- UTS- G2- RAZAFINANDRASANA.C

a. The internal Audit Preparatory Activities

Internal audit Charter of Telkom Indonesia
1. Structure and position of internal audit units
As stipulated in the applicable capital market regulations, internal audit is an
independent unit to other work units and reports directly to the president director.
2. Internal audit charter
Telkom’s internal audit unit has been equipped with an internal audit charter as a
formal company document, which contains a description of the IA’s vision,
mission, structure, status, duties, responsibilities and authority, including the
requirements of IA’s auditor personnel. The preparation of internal audit charter
is guided by international standards for IA professional practice issued by the
institute of internal auditors, and has been approved by the president director and
the audit committee based on director decree No.Tel.09/PW000/ UTA/ COP-
C0000000/ 2015 concerning the internal audit charter.
3. Vision, mission, duties and responsibilities of internal audit unit
 Vision
As a “Smart Partner” for management, business units/ work units and
subsidiaries in order to achieve the company’s goals and as a driver for
all levels of the company and its subsidiaries to create a culture of
discipline in implementing all the provisions of the laws/ policies/
regulations/ procedures/ business processes that are applicable.
 Mission
 Providing IA services and consulting in a professional, objective
and independent manner for management, business units/ work
units, subsidiaries.
 Provide assurance (assurance) regarding the feasibility of
financial reporting.
 Actively monitor the implementation of internal controls, provide
support in improving the implementation of GCG, and evaluate the
implementation of risk management.

The IA’s vision and mission are implemented in the form of IA’s
activities that are that are carried out systematically, measurably and
in accordance with applicable standards from preparation stage, the
risk-based audit methodology becomes the main guideline which
emphasizes that the determination of auditable units is auditable
based on the level of risk, the higher the risk the higher the need to be
audited. The level of risk from the audit object is based on risks that
have been mapped and determined by the company as well as
professional judgment by the IA itself.

 Duties and responsibilities

 AI-CLASS X- UTS- G2- RAZAFINANDRASANA.C

The risk-based audit paradigm, in carrying out its duties and

responsibilities IA has used the audit management system which is an
application system to document the implementation of risk-based audit
online. IA’s role enhancement is carried out by increasing the quality
assurance of the company’s operations through audit and non-audit
activities. An audit is conducted to ensure that business risks that may
occur can be overcome through effective internal control. If found
ineffectiveness in controlling a business process and or risk that is out of
control, then a substantive test is carried out, that is , further testing of the
audit object in order to explore the root of the problem. In addition, as a
consequence of listing of shares on the Indonesia Stock Exchange (ISE)
and the New York Stock Exchange (NYSE), IA periodically conducts tests
and audits on the effectiveness and adequacy of the implementation of
internal control in the framework of financial reporting according to
Internal Control Over standards Financial Reporting (ICOFR). In order to
support the implementation of audits and raise awareness of the
importance of conducting internal controls for business unit carries out a
Control Self-Assessment (CSA) on internal control for which it is
responsible.
Periodically, IA evaluates the results of the CSA to measure the level of
adequacy and produce recommendations for improvement both in design
and implementation. The next step is to participate in the activities of
internal consulting services. Internal consulting services, among others,
are focused on managing company operations that can be grouped into
infrastructure management (production equipment), products and
services and supporting operations, including identification of Group
Financial Reporting Risk (GFRR), preparation of business processes of
subsidiaries and management HR. this internal consultation activity is
more of a preventative solution in anticipation of keeping the business in
the right direction and heeding the rules and regulations in force.
As part of a company that has a high commitment to the success of GCG,
IA has an important role in the whistleblower mechanism which is the
domain of the audit committee and Executive Investigative Committee
(EIC). Where the head of the IA is appointed as EIC secretary. The
whistleblower mechanism functions to accommodate every complaint by
the employee to be forwarded to management. In turn, if the audit
committee and EIC assess that complaint needs to be investigated
further, the IA will take the role of following up as part of the audit task.
The results of the above activities are reported to the president director
with a copy to audit committee and then the results will be informed to the
audit object to be followed up and made improvements. To ensure that
the audit object has responded sufficiently to the results of the audit and
internal consultations, it is necessary to make further supervision efforts.
Follow up in the field is carried out by the audit object which is then
 AI-CLASS X- UTS- G2- RAZAFINANDRASANA.C

monitored by IA. For this reason, follow-up is limited to significant

business process areas with mutually agreed targets for completion time.
4. Independence of internal audit units
As regulated in the applicable capital market regulations, namely Bapepam-LK
Regulation No.XI.2.7. Internal audit is a unit that is independent of other work
units and reports directly to the president director. Telkom’s head of internal audit
is appointed and dismissed by the president director with the approval of the
board of commissioners. One implementation of the independence of the internal
audit unit at Telkom is that the internal audit report is sent to the president
director and copied to the audit committee (member of the board of
commissioners).
5. Lifting procedures
Unit IA has a role in carrying out the control function of the company’s business
activities. IA is led by a senior vice president of internal audit, who is appointed
and dismissed by the president director with the approval of the board of
commissioners.

Review of internal audit charter Telkom Indonesia

 Mission
From the company’s mission, it can be seen that Telkom has
implemented a risk-based audit. The mission is also carried out
systematically, measured and in accordance with applicable standards
ranging from preparation, implementation to monitoring the results of
follow-up, so as to ensure that the company’s well, an independent and
objective guarantee function by providing advice on best practices.
 Duties and responsibilities
In carrying out its duties and responsibilities IA has used the Audit
Management System (AMS) which is an application system to document
the implementation of risk-based audits online.
In order to support the implementation of audits and raise awareness of
the importance of conducting internal controls for business units, every
quarter, the business unit carries out a Control Self-Assessment (CSA) on
internal control for which it is responsible.
It can be seen that Telkom is very concerned about the company’s control
system issues, starting from using Audit Management (AMS) which is
used online so that it can streamline the documentation of audit
implementation. Not only that, Telkom also applies the highest internal
control system, Control Self-Assessment (CSA). IA evaluates the results
of the CSA to measure the level of adequacy and produce
recommendations for improvement both in design and implementation.

b. The audit program

 AI-CLASS X- UTS- G2- RAZAFINANDRASANA.C

Firstly we should know the definition of audit program. Audit program is a procedure
describing the steps and tests to be performed by the auditor when actually doing
fieldwork.
 Audit program formats and their operations
Depending on the type of planned audit, programs usually follow one of
three general formats:
 A set of general audit procedures
 Audit procedures with detailed instructions for the auditor
 A checklist for compliance reviews

So based on code of ethics and corporate culture, which is mentioned Telkom organizes an
online survey program of business ethics with all employees as the population through portal/
intranet media. So Telkom Indonesia will use a checklist for compliance reviews.

# Internal Control Concern Yes No N/a

1 Does the enterprise have a written code of business X
ethics/business conduct?
2 Is the code distributed to all stakeholders? X
3 Are new stakeholders /employees provided an orientation for the X
code?
4 Does the code assign responsibilities to operating personnel and X
others regarding compliance with it?
5 Are all stakeholders required to acknowledge that they have X
read, understand, and agree to abide to the code?
6 Are training program delivered to all stakeholders regarding X
compliance with code?
7 Does the code address standards that govern personnel X
conduct in their dealings with suppliers and customers?
8 Is there an effective mechanism in place to allow employees and X
other stakeholders to confidentially report suspected violations
of the code?
9 Are there appropriate mechanism to allow employees and other X
stakeholders to find out the results of their reported code-related
concerns?
10 Is there an appropriate mechanism to allow employees and X
other stakeholders to find out the results of their reported code-
related concerns?
11 Is compliance with the code’s provisions a standard used for X
measuring personnel performance at all levels?
12 Is the code consistent with the requirements of the Sarbanes- X
Oxley Act?
13 Are there procedures in place to update the code on a regular X
and periodic basis?
The checklist format audit program was once internal audit’s most common format. Often a
more junior internal auditor would be given an audit program composed of a long list of
 AI-CLASS X- UTS- G2- RAZAFINANDRASANA.C

questions requiring “yes or no or not applicable” responses and would complete these program
steps either through examinations of documents or through interviews.

This table is a checklist-format program for reviewing ethics and business compliance policies.
“Yes and no” responses, when asked in an information-gathering context, are often appropriate.
Audit, the reviewer will be asking questions about whether the entity is or is not doing
something. Yes or no responses are appropriate for this type of audit program, since there is not
a very strong need to investigate corroborative evidence here.

A checklist format audit program has two weaknesses, however. First, while a series of yes or
no type interview responses can cause an experienced auditor to look at problem areas or to
ask other questions, a less experienced auditor may not go beyond the yes and no and dig a bit
deeper into where they might lead. A procedures-oriented audit program better encourages
follow-up inquiries in other areas where the information gathered may raise questions. The
questionnaire format audit program also tends to cause the auditor to miss examining
necessary evidential matter when asking the questions. An inexperienced internal auditor can
too easily check “yes” on the questionnaire without determining, for example, whether that
response is properly supported by audit evidence. An example would be a question regarding
whether some critical document is regularly approved. It is easy to ask the question, receive an
answer of “yes”, and never follow up to see if those documents were actually approved. Each of
these audit program formats will work for different types of reviews, provided the internal auditor
gives some thought to the program questions. The key concern is that all audits should be
supported by an audit program that documents the review steps performed.

I. International Professional Practices Framework (IPPF): is the conceptual framework

that organizes authoritative guidance promulgated by the Institute of Internal Auditors. A
trustworthy, global, guidance-setting body, the IIA provides internal audit professionals
worldwide with authoritative guidance organized in the IPPF as mandatory guidance and
recommended guidance.
 AI-CLASS X- UTS- G2- RAZAFINANDRASANA.C

This figure shows the key components of IPPF, Bundled together into either required or
recommended elements:

 An internal audit mission statement

 Internal audit core principles
 Definition of internal auditing
 International standards for the professional practice of internal auditing
 Implementation and supplemental guidance
 Emerging issues guidance
II. Differences of Statement of Responsibilities of IA and Red Book and IIA Standard
and IPPF:
Internal Auditing is an independent objective assurance and consulting activity
designed to add value and improve an organization’s operations.
Red book requires a periodic evaluation of design, implementation, and effectiveness of
the organization’s ethics-related objectives, programs, and activities.
IPPF organizes the IIA’s authoritative guidance. The IIA provides internal audit
professionals worldwide with authoritative guidance organized in the IPPF as mandatory
guidance and recommended guidance.
III. IIA code of ethics: statement of principles and expectations governing behavior of
individuals and organizations in the conduct of internal auditing.
IIA code of ethics is divided into high-level principles covering internal audit integrity,
objectivity, confidentiality, and competency as well as rules of conduct covering these
same areas.
 AI-CLASS X- UTS- G2- RAZAFINANDRASANA.C

IV. Audit evidence assessment: Internal auditors make assessments about audit issues or
satisfy their audit objectives through detailed reviews of what is called audit evidence.
Audit evidence is one of the international standards on auditing. The process assessing
audit evidence is often a challenge and a source of concerns for many internal auditors.
Internal auditors make assessments about audit issues or satisfy their audit objectives
through detailed reviews of what is called audit evidence.

V. Objectivity in mindset and approach: Objectivity refers to an unbiased mental attitude

of internal auditors. To implement this standard, the CAE will want to understand policies
or activities within the organization and within internal audit that could enhance or hinder
such a mindset. For example, many organizations have standard performance
evaluation and compensation policies, as well as employee conflict of interest policies.
The CAE will want to understand the nature of relevant policies identified and consider
their potential impact on internal audit objectivity. Internal audit will often customize
these organization wide policies to address internal audit roles specifically and may
develop other relevant policies specifically for internal audit, such as policies pertaining
to training requirements.