The Internal Audit Unit (“IA”) serves to exercise control over our business activities. For this reason and as governed by the prevailing capital market regulations, the IA is directly responsible to the President Director.
Internal Audit Charter
To strengthen the duties and responsibilities of the IA, the IA Charter explicitly describes the vision, mission, structure, status, duties, responsibilities and authority of the IA, the requirements of auditors and the President Director’s and Audit Committee’s approval of the content of the Audit Charter, with reference to the international standards for the Professional Practice of Internal Auditing issued by the Institute of Internal Auditors (“IIA”). As part of its commitment to the Internal Audit Charter, in 2011, the IA repositioned itself to align with the current organizational format and to enhance its role in support of our business.
Internal Audit Duties and Responsibilities
The strengthening of IA’s position is a strategic activity, intended to formulate the unit’s contribution to our operations. It was executed through a reformulation of IA’s organization in line with its role as a provider of business assurance and internal consulting services. Meanwhile, IA’s strategy and objectives were articulated in the 2011 program of audit and non-audit activities, which was itself the realization of IA’s interpretation of the company’s business direction. This formulation is broadly conveyed in the IA Master Plan 2009-2014.
The IA’s activities are based on a commitment that IA’s mission should be executed methodologically. This means that each stage of auditing and internal consulting, consisting of preparation, implementation and follow-up monitoring must be standardized and measured. Therefore, at the preparation stage, the main reference is risk-based audit methodology, which stipulates that auditable units must be based on a risk rating of the business processes of said units: the higher the risk, the greater need for auditing. Accordingly, in every audit plan, the first thing that should be taken into account is the auditable risk rating based either on the risk register mapped out by the Company or on the professional judgment of IA itself. In order to facilitate this risk-based audit paradigm, IA has been equipped with a management tool, namely Audit Management Systems (“AMS”), which is an online application system for documenting the implementation of risk-based audits since the beginning of 2009. The IA’s role was strengthened by increasing quality assurance on our operations through audit and nonaudit activities. The auditing is dedicated to ensuring that any business risks that may arise can be immediately addressed through effective internal controls. If there are deficiencies and/or uncontrollable risks in the control of any business process, they will be subjected to a substantive test which is a further test of the audit object and is designed to go in depth into the root cause of the issue. For this reason, in 2011, the scope of the audit has included high-risk business areas such as quarterly and year-end financial reporting, the process of disclosure of the Company information required by the capital market authorities on a quarterly and annual (Annual Report) basis, revenue assurance, management of infrastructure readiness and quality, ensuring service progress, and ensuring synergy in the Telkom Group audit process. In addition, as a result of our IDX and NYSE listings, IA regularly and consistently performs tests and assurance on the effectiveness and adequacy of our Internal Control Over Financial Reporting (“ICOFR”). We have undergone an ICOFR audit annually since 2006.
We successfully addressed various material weaknesses in our ICOFR in 2008 and have maintained this status until 2011. To support audit operations and spread awareness of the importance of internal control for our business unit, each unit has undertaken a Control Self-Assessment (“CSA”) of the internal controls for which it is responsible. The IA periodically evaluates the results of these CSAs to assess the adequacy of the controls and recommend remedial actions either on their design or their implementation.
In 2011, we fully implemented the International Financial Reporting Standards (“IFRS”), for all of our transactions and financial reporting. The IA actively supported the preparations for and coordination of the switch to IFRS by reviewing our financial reporting and providing consultations on IFRS-based financial operations.
The following stage involves internal consulting service activities. In 2011, internal consulting focused on the operations of the company which can be categorized as management of infrastructure (production equipment), products, trading and supporting operations, including identifying group financial reporting risk (“GFRR”), formulating subsidiary business processes and human
capital management. Internal consulting is more of a pre-emptive solution to ensure that business operations continue to comply with the prevailing regulations.
As part of a Company with a strong commitment to successful GCG, the IA has an important role to play in the whistleblower mechanism which is the domain of the Audit Committee and the Executive Investigative Committee (“EIC”), wherein the Head of IA was appointed as secretary of the EIC. The whistleblower mechanism serves to accommodate any ‘whistleblowing’ by employees and forward such input to management. In turn, if the Audit Committee and EIC judge that certain whistleblower feedback needs to be investigated further, IA will take action to follow it up as part of its audit engagements. The results of such activities are reported to the President Director and reported to the Audit Committee.
The auditees are also informed of the results so that they can be followed up and remediated.
To ensure that auditees respond adequately to the results of auditing and internal consulting, follow-up activities are monitored. Follow-up activities in the field are usually carried out by the auditees and monitored by IA. For this purpose, the follow up is restricted to significant business process areas and subject to agreed deadlines. During 2011, another focus for IA has been to monitor the follow up of deficiencies discovered in 2010. These monitoring activities have been documented properly. To retain and build our complement of competent auditors who are capable of playing the roles consistent with the scope of IA’s activities in line with the growth of our business, in 2011, the IA introduced a number of important initiatives, including:
Ensuring that our auditors were intensively involved in our preparation for the full adoption of IFRS in Telkom in 2011 through training, internships, seminars and workshops;
Having our auditors participate in the direct assistance program organized by PwC;
Providing opportunities to participate in training and/or seminars related to our operations; and
Providing certificated continued learning opportunities, both local and international.
Since 2007, the IA has been led by Tjatur Purwadi, SE, MM, an employee who has pursued a career in engineering design. He became involved in organizing and improving our accounting policy and eventually served as Vice President of Financial and Logistics Policy before becoming Head of the Internal Audit Unit.