Jakarta, 8 Desember 2016
Best Practice Model:
Synergizing Audit, Governance and Risk Mitigation
Facilitator : Ahmad Subagyo
Management
Advance
1
Workshop
SKANDAL KORPORASI
Lehman
Brother Polaroid
Bank Global Bank Century Enron
2 www.ahmadsubagyo.com
RM MULAI MENDAPAT PERHATIAN
SETELAH AKHIR 1990AN
KRISIS KEUANGAN GLOBAL 2008
KEBANGKRUTAN PERUSAHAAN MULTINASIONAL
Praktis
STEWARDSHIP THEORY
AGENCY THEORY
Akademis
Mengapa Risk Management Perlu?
3
BU Operasional
Keuan gan
M a r k e t S
D M
GCG
SPI
Ri si k o
S.P.I
1. Memiliki dokumen pengesahan BH 2. Memiliki ijin usaha
1. SOM Keuangan 2. Pedoman Akuntansi SOM SDM
(PeraturanPerusahaan)
1. Pemeriksaan rutin keuangan 2. Pemeriksaan rutin kepatuhan 3. Pemeriksaan rutin operasional 1. Aspek Kelembagaan
2. Aspek Usaha
3. Aspek Kinerja Keuangan 4. Aspek Tata Kelola 1. Risiko Likuiditas 2. Risiko Kredit 3. Risiko Operasional
KOMPLEKSITAS SISTEM BISNIS
PLANNING
CONTROLLING ACTUATING
ORGANIZING RISK PROFILE
Au dit / As ses
or
Pengawasan Internal melalui Satuan pengendali Internal
PENGAWASAN EKSTERNAL
1. Keuangan 2. Kinerja 3. Kepatuhan
4
BH
Accountability Responsibility Independence Fairness Transparant
SOM Operasional
SOM SPI
Pedoman Manajemen Risiko
L A P O R A N
Proses Bisnis (Business Process) Tata Kelola (1). AD, (2). RKAP, (3). RUPS
Aspek Kelembagaan
1 2 3 4
FR A M EW O R K : R o ad M ap K o rp o ra si
Best Practice Model:
Synergizing Audit,
Governance and Risk
Mitigation
QUASI – SINGLE BOARD STRUCTURE
Basic Understanding of Risk
R isk Ev en t M iti g a si
Residual Risk
Jadi Manajemen Risiko? …….
Apakah Risiko bisa dihilangkan?
Risk Event Asset:
Rp 70 T
Asset:
Rp 100 T
• Risk Appetite
• Risk Tolerance
Merupakan Threat/
Ancaman
Page
8Tujuan Organisasi, Proses Bisnis, Risks
Planning, Organizing, Actuating, Controlling
input proses output
Method: technical, operational, managerial, environmental know- how
Man;
Material;
Machine;
Money.
Marketing :
Value Proposition
Input for others
Risks
Risks
Risks Risks
Chain reactions: slower, more expensive, weaker, harder to control, less efficient, less effective, worse, less value, LESS SAFE etc.
Controlled to be: faster,
cheaper, bigger, smaller,
lower, higher, stronger,
better, more efficient,
more efective, MORE
SAFE etc.
Management Process
Risk
Plan
Organizing
Actuating Controlling
AR GCG Risk Profile
Audit Berbasis Risiko SOP Berbasis Risiko Rencana Bisnis Berbasis
Risiko
Corporate Governance Framework
10
11
Governance Structure
Governance Mechanism
Governance Outcomes
Governance System
Commitment on Governance
www.ahmadsubagyo.com
GOVERNANCE SYSTEM
11
PENGENDALIAN INTERNAL
Three Lines of Defence
Layer III : Pihak Independen yang Menilai Kecukupan
Layer II : Fungsi Oversight
Layer I : Pengendalian
Internal yang melekat pada
proses
• SKAI
• Pihak eksternal (auditor, BPKP, dll)
• Kepatuhan
• Manajemen Risiko
• Keuangan
• SDM
• Kecukupan Organisasi (jobdesc), Sisdur &
Sistem (TI, Akuntansi)
• Pengawasan dari supervisi langsung
• Pengawasan antar fungsi yang terkait dalam alur proses
Layer II berfungsi memantau proses yang dijalankan oleh Layer I, Layer III
berfungsi menilai efektifitas proses (Layer I) dan pengendalian (Layer II)
C G S ys tem: Ex ternal
GCG : commitment- based/self-regulating/
internal system
15
Goal Setting sangat penting???
Definisi Internal control
COSO defines internal control as a “Process” to achieve the following objectives
• Effectiveness and efficiency of operations.
• Reliability of financial reporting
• Compliance with applicable laws and regulations
16
Definisi Audit Internal
“Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an
organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to
evaluate and improve the effectiveness of risk management, control and governance process”.
17
COSO Control Framework Overview
Internal Audits
Messages from Senior Management
Policies and Procedures
Code of Ethics
The process which ensures that relevant information is identified
and communicated in a timely
manner The policies and procedures that
help ensure that actions are identified to manage risk are
executed and timely
The control conscience of an organization. The
“tone at the top”
The evaluation of internal and external factors that impact an
organization’s performance
Business Risk Management
Process Risk Management
Internal Audit Risk Assessment
Disclosure Committee
Delegation of Authority
Approvals
Common Processes and Systems
Segregation of Duties
Account Reconciliations
Information Technology Controls
Code of Ethics
Documented Policies and Procedures
Cultural Assessment
Training
Management Analysis
The process to determine whether internal control is adequately designed, executed effective and
adaptive
Component of effective Internal Control
Control Environment
Information & Communication Control Activities
Corporate Culture Infrastruktur
Monitoring ( On going )
Good Corporate Governance
Risk Assessment
19
EFFECTIVE CONTROL ENVIRONMENT
Sub Component Control Environment
Soft Control
Hard Control 1. Integritas & Nilai Etika 2. Komitment & kompetensi 3. Leadership/Kepemimpinan
1. Struktur Organisasi 2. Sistim & Prosedur
3. Pelimpahan wewenang &
tanggungjawab 4. Kebijakan SDM
Ethical Tone/
Collective Action
Infrastruktur memadai Role Model
Corporate Culture Program
Do The Right Things B/ best
practices
Good Corporate Governance
20
Dampak Control Environment Design
Sub Component Control Environment
Soft Control
Hard Control 1. Integritas & Nilai Etika 2. Komitment & Kompensasi 3. Leadership/Kepemimpinan
1. Struktur Organisasi 2. Sistim & Prosedur
3. Pelimpahan wewenang &
tanggungjawab 4. Kebijakan SDM
Ethical Tone/
Collective Action
Tdk/kurang memadai
Do The Right Things 1. Poor Integrity
2. Poor Competency 3. Poor Risk awarness
1. Integritas 2. Kompetensi 3. Risk Awarness
Memadai
Kepentingan
Peluang
FRAUD Risk
Culture
Good Corporate Governance
21
