Beruflich Dokumente
Kultur Dokumente
12.00 13.00
12.00 Lunch break
Lunchbreak
2 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Agenda Workshop Hari 2
Time Discussion Topic
DiscussionTopic
08.00 08.30 Exercise1 Mapping RiskandBusinessProcess
11 30 12.00
11.30 12 00 Exercise 6 Reporting
Exercise6
3 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Fasilitator
Munir M. Ali
Munir adalah seorang konsultan senior dengan pengalaman yang luas dalam
pengelolaan keuangan yang mencakup peran pengawasan pada akuntansi, pajak,
perencanaan keuangan publik dan analis pada perusahaan publik. Selama karirnya
di bidang keuangan,
keuangan Munir juga terlibat dalam berbagai tugas manajerial atau
strategis seperti restrukturisasi finansial, pembiayaan proyek, perencanaan pajak
dan pengembangan bisnis. Sebagai konsultan, Munir juga membantu beberapa
Perusahaan BUMN dan Perusahaan Swasta dalam mengembangkan dan
mengimplementasikan Sistem Keuangan dan Akuntansi.
Lebih dari 20 tahun pengalaman di bidang audit internal dan penilaian resiko;
Berpengalaman dalam peningkatan pengembangan fungsi keuangan dan
akuntansi
Sebagai Partner in Charge yang bertanggung jawab pada Sarbanes-Oxley
Testing di berbagai perusahaan selama 4 tahun;
Berpengalaman dalam Proyek Pengembangan Manual Akuntansi dan
Anggaran selama 3 tahun;
Sebagai Partner in Charge dalam Proyek Pengembangan Standar Operasional
Prosedur dan Standar Akuntansi selama 2 tahun;
Sebagai
S Partner in Charge
C dalam Proyek Pembangunan Sistem
S Informasi
f dan
Pengelolaan Keuangan berbasis Web (FMIS).
5 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Jurita Suharto
Jurita adalah seorang konsultan senior dengan pengalaman audit di berbagai
macam proses bisnis dan instritusi finansial, telekomunikasi, manufaktur, dan lain-
lain. Dia memulai karirnya di Prasetio Utomo dan Co Arthur Andersen sebagai
Auditor dengan pengalaman di berbagai macam jenis industri yang luas dan
melanjutkan ke Prasetio Strategic Consulting Andersen Group, dengan fokus di
bidang financial information systems and business process audit
6 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Maria Rosario Tan
Rosario Tan adalah seorang manajer senior dengan pengalaman audit dalam
berbagai proses bisnis dan produk pada lembaga keuangan, telekomunikasi,
perusahaan manufaktur dan lainnya. Dia memulai karirnya sebagai Auditor di
A th
Arthur A d
Andersen/Andersen
/A d M il selama
Manila l 16 tahun
t h sebelum
b l pindah
i d h kek
Perusahaan Telekomunikasi Co terkemuka Manila sebagai Kepala Manajemen
Risiko.
7 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
RBIA Methodology Overview
The Standards The mandatory element under the
International Professional Practices Framework
Internal Audit is independent and objective assurance designed to add value to improve an
organizations operation. It help organization to accomplished objective by bringing
systematic, discipline approach to evaluate and improve the effectiveness of risk
management controls and governance process
management,
Mandatory
IPPF =
Non mandatory
Strongly
recommended
9 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Organization of The Protiviti Way
Protivitis Internal Audit Methodology
Standard &
Frameworks
IIA Standards & Professional Frameworks
O
Oversight
i ht I i ht
Insight F
Foresight
i ht
Stakeholder
Periodic Reporting & Issue Tracking to Management and Audit Committee
Reporting
Add Value
Return on Internal Audit Investment
10 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
1. Pemahaman Risiko dan Kontrol
Apa Itu Risiko?
Definisi Risiko:
Peristiwa di masa depan yang akan berdampak pada tujuan strategis
Kesalahan umum ?
Kompilasi daftar kejadian risiko pada beberapa proses
Pernyataan negatif dari suatu tujuan perusahaan.
12 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Identifikasi insiden
Event adalah insiden atau kejadian yang berasal dari sumber internal atau eksternal
yang mempengaruhi pelaksanaan strategi atau pencapaian tujuan.
13 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Definisi Internal Control
14 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Internal Control Perubahan Pandangan
Dari Ke
15 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Deskripsi Kontrol Panduan Umum
Penggambaran yang cukup mengenai kapan, dimana, siapa, kepada siapa, apa, bagaimana dan
berapa banyak (5W2H)
Jika terdapat kontrol yang mencakup beberapa risiko, tempatkan deskripsi kontrol hanya sekali
pada bagian dari alur proses bisnis di mana kontrol tersebut benar-benar dilakukan.
Jika terdapat kaitan dengan proses bisnis lain, narasi harus dilengkapi dengan referensi yang
jelas.
16 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Deskripsi Kontrol
17 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
2. Apa itu RBIA ?
Risk Based Internal Auditing (RBIA)
Links internal
auditing to the
Methodology overall risk
management
framework
Provide assurance
to the Board that the
risk management
process are
managing risk
effectively in relation
to the risk appetite
19 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Langkah langkah Implementasi RBIA
20 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Langkah langkah Implementasi RBIA
Tahap 1: Menilai kematangan risiko
Memperoleh gambaran sejauh mana dewan direksi dan manajemen menentukan, menilai, mengelola
dan memantau risiko. Ini memberikan indikasi keandalan daftar risiko untuk tujuan perencanaan audit.
Merencanakan penugasan audit dan konsultasi untuk jangka waktu tertentu, dengan mengidentifikasi
p
dan memprioritaskan semua area di mana manajemen
j memerlukan keandalan yyang
g obyektif,
y , termasuk
di dalamnya proses manajemen risiko, pengelolaan risiko utama, dan pencatatan & pelaporan risiko.
Melaksanakan audit individu berbasis risiko untuk memberikan jaminan pemangku kepentingan
21 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Keuntungan RBIA untuk Pelaporan BOD
22 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Internal Audit Infrastructure
Infrastructure
Stakeholder
Periodic Reporting & Issue Tracking to Management and Audit Committee
Reporting
Add Value
Return on Internal Audit Investment
24 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Nilai Tambah dan Ekspektasi Stakeholder
Audit Eksternal
25 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Internal Audit Charter & Kebijakan
Menyusun
y peraturan dan SOP untuk aktivitas Internal
p
Audit yang lebih luas dan kompleks
26 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Struktur Organisasi dan Sumber Daya Manusia
27 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Metodologi, Proses dan Teknologi
28 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Website IIA
www.globaliia.org/standards-guidance
29 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Risk Assessment and Planning
Risk Assessment and Planning
Stakeholder
Periodic Reporting & Issue Tracking to Management and Audit Committee
Reporting
Add Value
Return on Internal Audit Investment
31 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Risk Assessment and Planning (Contd.)
Strategic Operational Financial Compliance
32 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Identify Audit Universe
Strategic Operational Financial Compliance
Ref Unit Bisnis Level 0 Ref Level 1 Ref Level 2 Ref Level 3
Segmen bisnis Kategori bisnis utama Aktivitas kunci Proses inti
34 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Audit Universe: Fungsi dan unit dalam PLN
35 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Risk Rank Audit Units Business Process
Strategic Operational Financial Compliance
Ukuran Kompleksitas
36 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Contoh Parameter Risiko Makro yang digunakan oleh PLN
Rencana Investasi
Anggaran Kontrak
Anggaran Operasi
Sewa Pembangkit
Total Asset
Pendapatan
COP
PRR
Jumlah Pelanggan
Luas area Operasional Auditee
Susut Distribusi
Saidi (menit/pelanggan)
( p gg )
Saifi (kali/pelanggan)
Gangguan Penyulang (kali per 100 kms)
Area yang belum diperiksa di 2014
KWH Salur
Realisasi Pembayaran Kontrak
37 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Identify Business Risks
Strategic Operational Financial Compliance
Memahami strategi bisnis, tujuan dan sasaran yang ada dalam rencana
strategis organisasi
38 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Risks Universe PLN 2014
39 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Prioritize Business Risks
Strategic Operational Financial Compliance
40 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Understand Entity Level Control Environment
Strategic Operational Financial Compliance
Memahami
M h i Pengendalian
P d li IT
41 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Risks Profile by MRO
42 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Map Risks, Determine Final Risk Assessment and Create the Audit Plan
Buat rencana Audit Internal dengan melakukan scoping dan minta otorisasi
Memantau perubahan bisnis dan dampak potensial terhadap rencana audit yang disetujui
Catatan: Tingkat Risiko tinggi, moderate dan rendah belum dimapping ke bisnis unitnya oleh MRO (block warna coklat)
44 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Audit Universe: Proses Bisnis berdasarkan APQC
Ref Unit Bisnis Level 0 Ref Level 1 Ref Level 2 Ref Level 3 Ref
Segmen bisnis Kategori bisnis utama Aktivitas kunci Proses inti Resiko
45 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Project Execution
Pelaksanaan Proyek
Protivitis Internal Audit Methodology
Standard &
Frameworks
IIA Standards & Professional Frameworks
Stakeholder
Periodic Reporting & Issue Tracking to Management and Audit Committee
Reporting
Add V
Value
l
Return on Internal Audit Investment
47 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
1. Engagement Planning
Engagement Planning:
Memahami Aktivitas & Tujuan dan Melakukan Penilaian Risiko Awal
49 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Melakukan Preliminaryy Risk Assessment
IIA Standard
S 2210 1 Internal Auditor must conduct
2210.A1
a preliminary asessment of the risks relevant to the
activityy under review
50 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Memprioritaskan Risiko
Risiko
Signifikasi
Inherent
I h t Likelihood
Lik lih d
Faktor
Faktor-faktor
faktor yang akan mempengaruhi scoping
Efektivitas kontrol
Toleransi risiko (kesediaan untuk menerima risiko)
Sejauh mana risiko dapat dikelola
Sejauh mana proses dan kontrol yang relevan diaudit
51 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Beberapa pertanyaan untuk Risk Assessment
Apakah sudah mempertimbangkan kesalahan yang signifikan, kecurangan,
pelanggaran, dan eksposur lainnya ketika mengembangkan perencanaan tujuan?
Apakah sudah menilai auditable area (unit bisnis, proses, lokasi) menggunakan
kriteria sebagai berikut
Ti k t perputaran
Tingkat t k
karyawan K
Kompleksitas
l k it sistem
i t
52 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Example of Preliminary Risk Assessment
R t Cause
Root C d i Preliminary
dari P li i A
Assessmentt
Vendor bid price greater than OE There are complait from lost vendor
53 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Example Effect of Preliminary Risk Assessment 2
R t Cause
Root C F
From Preliminary
P li i Assessment
A t
Significant payment prepaid tax art 22 Tax penalties from tax assessment
Audit Scoping/Objective
E i ti Audit
Existing A dit Scoping
S i Suggested Audit Scoping
planning, calculation, reporting and compliance to tax 1. Ensure the tax planning of prepaid tax art 22 is properly managed
regulation but did not specify the audit objective
2. Ensure the tax assessment is properly managed
3. Ensure the completeness and accuracy of income tax calculation
4. Ensure compliance with existing tax regulation
54 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Engagement Planning:
Merencanakan Penugasan
55 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Plan Project
j
St d d 2200 Internal
IIA Standard I t l Auditors
A dit mustt develop
d l and
d
documant a plan for each engagement. Including the
engagements objectives, scope, timing and resource allocation
56 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
2. Walkthrough - Understand &
Analyze Activity
Understand & Analyze Activity
58 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Understand & Analyze Activity
CA
Process Decision Softcopy
Hardcopy
3
Control
Flow activity
60 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Process/ sub-processes
p documentation ((Contd))
61 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Process/ sub-processes
p documentation ((Contd))
62 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Contoh Business Process Model (Flowchart)
63 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Mendokumentasikan kontrol
Hanya mendokumentasikan kontrol yang relevan dengan risiko sesuai
lingkup proses
Dokumentasi kegiatan pengendalian harus mencakup:
Who
Siapa fungsi yang melakukan aktivitas pengendalian?
What
Apa itu aktivitas pengendalian (yang menggambarkan ini adalah orang yang
kompeten dengan proses yang sama di perusahaan dan dapat memahami
bagaimana aktivitas pengendalian bekerja)?
When
K
Kapan/
/ seberapa
b sering
i aktivitas
kti it pengendalian
d li dilakukan?
dil k k ?
Evidence
Apa bukti yang akan tersedia untuk mengkonfirmasi kontrol tersebut ?
64 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Segregation of Duties
C - Custody of assets
A - Authorization of transactions
R - Recording of transactions
p aspek
Setiap p CAR harus independen
p dari y
yang
g lain
S - Supervision by management
65 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Contoh Segregation of Duty Matrix Analisis
Skenario I
Skenario II
66 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Contoh Segregation
g g of Duty
y Matrix Analisis
(lanjutan)
Sk
Skenario
i III
Aktivitas
Pemilik Proses Persetujuan Pencatatan Pengawasan
Accounting
Manager
67 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Siapkan Risiko dan Kontrol Matrix
Tujuan proses
Nomor risiko dan deskripsi
Nomor kontrol dan deskripsi
Pemilik kontrol
Sifat
Sif kontrol
k l
Frekuensi
Manual atau Otomatis
Preventif atau Detektif
Primer atau Sekunder
Penilaian efektivitas pengendalian: Awal & Akhir
68 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
3. Walkthrough - Evaluate Design
Effectiveness
Evaluate Design Effectiveness
Libatkan spesialis IT dan spesialis lainnya dengan pengetahuan proses / industri yang lebih baik jika diperlukan
Gunakan tujuan pengendalian umum saat mendokumentasikan dan mengevaluasi proses bisnis keuangan:
Kelengkapan Kejadian
Ketepatan
Alokasi Hak dan kewajiban
Penilaian
Penyajian dan pengungkapan Kepatuhan terhadap kebijakan keuangan
M l
Melaporkan
k seluruh
l h defisiensi
d fi i i kontrol
k t l namun tetap
t t menyerahkan
hk kepada
k d manajemen
j untuk
t k menentukan
t k tindakan
ti d k
apa atau langkah-langkah perbaikan yang harus diambil
70 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Evaluate Design Effectiveness
71 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Penilaian Efektivitas Kontrol
72 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Assessment
ssess e o of Co
Control
o Effectiveness
ec e ess
Test of Control
Effectiveness
Operating
Design
Effectiveness
Test of Design
Test of
(TOD)
Eff ti
Effectiveness (TOE)
73 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Assessment
ssess e o of Co
Control
o Effectiveness
ec e ess
TOD
effectiveness
Yes No
TOE not
Perform TOE
performed
74 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Karakteristik desain
Kontrol yang efektif harus:
Relevan dengan risiko sedang dikaji
Dilakukan cukup sering
Dilakukan oleh personel dengan pengetahuan dan pengalaman yang
memadai
Dilakukan independen independen sesuai pedoman SOD (Gunakan
pendekatan CARS)
Mampu mengidentifikasi dan memperbaiki kesalahan dalam kegiatan
operasional secara tepat waktu
e dasa a informasi
Berdasarkan o as yayang
g te
terpercaya
pe caya
Efisien
75 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
4. Test of Operating Effectiveness
Test of Operating Effectiveness
Gunakan ukuran sampel yang ditentukan dalam SOP untuk kontrol manual
77 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Test of Operating Effectiveness
St d d 2300 - Internal
IIA Standard I t l auditors
dit mustt identify,
id tif analyze,
l
evaluate, and document sufficient information to achieve the
engagements objectives.
78 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Rencana Pengujian
Pengujian rencana yang baik:
Dapat menguji berbagai kontrol
Mengidentifikasi populasi untuk pengujian
Menentukan metode pemilihan sampel, dan bila perlu, menentukan
sumber laporan / data yang akan digunakan sehingga data sampel
diambil dari sumber-sumber yang valid
p
Menentukan ukuran sampel
Menjelaskan setiap langkah yang auditor harus lakukan
79 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Jenis Pengujian
Nature Explanation Documentation Requirements Examples
Inquiry Ascertain whether a Who was interviewed, when the Interview key personnel to
control is in place by interview took place and understand the controls
asking specific oral or information they provided surrounding a particular
written questions process
Observation Direct viewing of control Who, when & what was observed Automated: Observe all field
being performed edit check works when
invalid data entered
Manual: Security of blank
check stock
Inspection/ The inspection of records, Who, when & what. Details of Select a sample of contracts
Examination documents, items tested. Level of detail must and verify that key controls
reconciliations, and be sufficient to support conclusion were performed:
reports for evidence that a and allow someone else to re- Contract was signed
control has been properly perform your test. (Validity)
applied. All key fields were
completed (Completeness)
Re- The repetition of a control What & how. Details of items Recalculating a bank
performance performed by an tested. Level of detail must be reconciliation, tracing back
employee or a computer sufficient to support conclusion to bank statements, and
or system. and allow someone else to re- general ledger balance
perform your test.
80 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Mendokumentasikan Hasil Pengujian
Kertas kerja harus :
Mengidentifikasi penugasan dan menggambarkan isi atau tujuan dari
kertas kerja
Diparaf dan diberi tanggal oleh auditor yang melakukan pekerjaan
dan mengandung bukti supervisory review
Berisi jumlah indeks atau referensi
Memasukan atribut hasil pengujian (sebaiknya "ya" atau "tidak")
dengan komentar yang diperlukan
Kesimpulan dari pekerjaan yang dilakukan
Sumber data harus diidentifikasi secara jelas.
81 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Example Test of Control Template
Dokumen PR
DokumenPR Supporting Document
SupportingDocument Testing Atribut
TestingAtribut
Approvingofficer
No. diPR Kesimpulan DocumentReference
Jenis (b) b.PRdiapproveolehpejabatberwenang.
Deskripsi TanggalPR No.PR NilaiPR Deskripsi Nilai a.InformasididalamPRlengkapdansesuaidenganOE
Dokumen
82 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
5. Validate Findings
Validate Findings
84 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Validate Findings
St d d 2320 - Internal
IIA Standard I t l auditors
dit mustt base
b conclusions
l i and
d
engagement results on appropriate analyses and evaluations.
85 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Drafting the Preliminary Finding
86 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Pernyataan Kondisi
What is (what we found)
Nyata
y
Spesifik
Obyektif
87 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Pernyataan Kriteria
What should be
Positif
Terukur
Kriteria Pernyataan
y yang
y g Lemah :
Pengguna tidak perlu memiliki akses yang luas pada sistem
untuk melakukan pekerjaan mereka.
Pernyataan
P t K it i yang Kuat
Kriteria K t:
Akses pengguna pada sistem harus dibatasi sesuai dengan
pekerjaan masing-masing
88 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Pernyataan Konsekuensi
89 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Pernyataan Penyebab
91 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
6. Report Results
Report Results
Ikuti SOP Audit Internal dan menentukan apakah ada konflik kepentingan di saat menyiapkan
Laporan Audit.
Periksa
P ik ulang
l l
laporan k kertas
ke k t kerja
k j
Diskusikan semua laporan dengan manajemen yang terkena dampak sebelum melaporkan kepada
Komite Audit Manajemen Senior
Mengkomunikasikan revisi informasi jika laporan akhir mengandung kesalahan atau kelalaian yang
signifikan
93 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Report Results
St d d 2400 - Internal
IIA Standard I t l auditors
dit mustt communicate
i t ththe
engagement results.
94 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Format Laporan
Sampul Memo (termasuk distribusi laporan)
Sampul (termasuk restriction yang diperlukan)
Daftar isi
Ringkasan eksekutif
Latar Belakang
Ringkasan Masalah
Rincian Masalah
Lampiran dan informasi pendukung lainnya
Ruang Lingkup
Tata Cara
Tujuan
95 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Saran Pelaporan
96 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
7. Follow Up and Monitoring
Follow-Up on Findings and Oversight / Insight / Foresight
98 CONFIDENTIAL: This document is for internal use only and may not be copied nor distributed to another third party.
Thank You