EDIT Kuliah 4 Isu Strategis Risiko Audit 20 Mei 2023
EDIT Kuliah 4 Isu Strategis Risiko Audit 20 Mei 2023
EDIT Kuliah 4 Isu Strategis Risiko Audit 20 Mei 2023
•Referensi :
•Presentasi Kimeu, Jones Jones Musyoki
(INTERNAL AUDIT CONFERENCE :INTERNAL AUDIT & RISK
ENVIRONMENTS),Mombasa Continental Beach Resort, Wednesday 20th August,
2014
Pemahaman Risiko (Understanding Risk) ?
Dynamic IT
Industry
Reputation
Security of confidential
Information
17
Risiko dapat terjadi karena faktor2:
IA IA Practices Analisis,
Knowledge penilaian/evalua
& Skills
& Procedures
si, rekomendasi,
(Praktik2 & komsultasi dan Mendukung
Computer, prosedur2 IA informasi/atensi organisasi
Software & terbaik /Management
Standar IA sesuai melaksanakan
Standar tanggungjawab
nya akuntabel
Waktu & Profesi & Mendorong
Dukungan Menjunjung Penerapan IC
Anggaran Tinggi Kode & Risk Mgt yg
Etik AI efektif
Reputasi
Integritas &
Kejujuran
IIA Standards: Risk Management
2010—Planning
( International Internal Audit Standards Board, September 2012)
The chief audit executive must establish a risk-based plan to determine the
priorities of the internal audit activity, consistent with the organization’s
goals.
Interpretation:
The CAE is responsible for developing a risk-based plan. The CAE takes into
account the organization’s risk management framework, including using
risk appetite levels set by management for the different activities or parts
of the organization. If a framework does not exist, the CAE uses his/her
own judgment of risks after consideration of input from senior
management and the board. The CAE must review and adjust the plan, as
necessary, in response to changes in the organization’s business, risks,
operations, programs, systems, and controls.
Ref : Bob Rudloff, CIA, CFE, CRMA Vice President, Internal Audit MGM Resorts
International 7
IIA Standards: Risk Management
2010—Planning
The internal audit activity must evaluate the effectiveness and contribute to the
improvement of risk management processes.
•2120.A1 – The internal audit activity must evaluate risk exposures relating to the
organization’s governance, operations, and information systems.
•2120.A2 – The internal audit activity must evaluate the potential for the
occurrence of fraud and how the organization manages fraud.
•2120.C1 – During consulting engagements, internal auditors must address risk
consistent with the engagement’s objectives and be alert to the existence of other
significant risks.
•2120.C2 – Internal auditors must incorporate knowledge of risks gained form
consulting engagements into their evaluation of the organization’s risk
management processes.
•2120.C3 – When assisting management in establishing or improving risk
management processes, internal auditors must refrain from assuming any
management responsibility by actually managing risks.
Ref : Bob Rudloff, CIA, CFE, CRMA Vice President, Internal Audit MGM
Resorts International 8
Peran AI dlm Manajemen Risko (ROLE OF
INTERNAL AUDIT in Risk Management)
Ref : Bob Rudloff, CIA, CFE, CRMA Vice President, Internal Audit MGM
Resorts International
RISK AUDIT (RISIKO
AUDIT)
Audit risk consists of several components (Risiko Audit
meliputi beberapa komponen):
1.The first is the likelihood that a material misstatement will be
made. (Pertama adalah kemungkinan suatu kesalahan pelaporan
atau penyajian informasi yang material dibuat atau dilakukan oleh
auditi)
2. the risk that the misstatement will not be caught by internal
controls, and (risiko dimana kesalahan pelaporan atau pernyataan
yang keliru tersebut tidak dapat dideteksi dengan internal control)
3. the misstatement will not be caught by an auditor.
(dan kemudian kesalahan pelaporan tersebut tidak dapat
dideteksi oleh seorang auditor)
Ref : Bob Rudloff, CIA, CFE, CRMA Vice President, Internal Audit MGM26
Resorts International
AUDIT RISK ASSESSMENT
Ref : Bob Rudloff, CIA, CFE, CRMA Vice President, Internal Audit MGM
Resorts International
Contoh isu-isu dari 9 aspek
Dlm rangka curah pendapat Identifikasi Risiko
Kecurangan/Risiko Audit –best practices
Procedures
Business Operations
Complexity of the operation Process breakdowns
Monitoring and
Attitude toward controls
enforcement
and procedures
29
People Financial Performance
Pressure to meet
Competency expectations
Changes in operating
Delegation of authority margins
DEBRIEF
31
BEST PRACTICE – Risk Based Internal Audits
(RBIA)
RISK UNIVERSE
External Environment
35
RISK UNIVERSE (Cont.)
36
RISKS AT 3 LEVELS
37
STRATEGIC /CORPORATE RISKS
• Organization structure
• Resource Allocation
• Governance
• Reputation
38
STRATEGIC RISKS (Cont.)
Organization structure
•Organization charts and reporting lines
•Authority and Responsibility
•Segregation of duties (SOD)
39
STRATEGIC RISKS (Cont.)
Resource Allocation
•Budgeting and planning
•Goal /Objective setting
•Timelines
•Metrics & Measurement
40
STRATEGIC RISKS (Cont.)
Governance
•Culture
•Ethical behavior
•Board effectiveness
•Succession planning
•Tone at the top
41
STRATEGIC RISKS (Cont.)
Reputation
•Image and Branding
•Stakeholder Relations
42
FINANCE RISK
• Finance/Budget Management
• Financial Reporting
• Internal Controls
• Accounting
43
Contoh2 Risiko Keuangan
(FINANCE RISK )
Finance/Budget Management
•Cash forecast
•Liquidity
•Cash flow Management
•Analytics
Financial Reporting
•Financial Statement close process
44
FINANCE RISK (Lanjutan)
Internal Controls
•Transaction management (Initiation, approval,
recording and custody)
Accounting
•Application of accounting regulations, rules and
procedures
45
CONTOH RISIKO OPERASIONAL
(OPERATIONAL RISK)
• Infrastructure
• People
• Process
• Technology
46
OPERATIONAL RISK (Lanjutan)
Infrastructure
•Capability
•Office Space
•Assets
•Tools
•Physical Security
•Business Continuity
47
OPERATIONAL RISK (Lanjutan)
People
•Leadership – board
/management expertise
•HR – responsibility &
accountability
•Health & Safety • Mindset
•Risk-reward alignment • Buy-in--consensus
• Balance between revenue driven
•Performance Management and control driven
• Competitor pressure
•Empowerment • Communication
48 • Sustaining vigilance
OPERATIONAL RISKS - PEOPLE
Supports or
undermines strategy
…..alignment <within/out> of
attitude, goals
People Risk …..strong ERM
…….within risk appetite
……scandals and collapses
OPERATIONAL RISK (Menyangkut risiko
proses)
Process
•Fraud
•Policies and Procedures
•Outsourcing
•Third Party Fraud
•Business processes
50
OPERATIONAL RISK (Menyangkut
Teknologi)
Technology
•Integrity
•Accuracy
•Availability /Timeliness
•Relevance
•Restricted Access
51
COMPLIANCE RISKS
• Regulatory risks
• Contractual commitments (contract)
• Policies and procedures
• Code of Business Conduct
52
ENVIRONMENTAL RISKS