AUDIT INTERN

PENGERTIAN AUDIT INTERN Pemeriksaaan yang dilakukan oleh bagian audit intern perusahaan terhadap laporan keuangan dan catatan keuangan perusahaan mengenai ketelitian (accuracy); dapat dipercaya (reliability);efisiensi dan pengendalian intern pada perusahaan

Bab_23 InternalAudit Pemeriksaan intern (internal audit) pemeriksaan yang dilakukan oleh bagian internal audit perusahaan, baik terhadap laporan keuangan dan catatan akuntansi, maupun ketaatan terhadap kebijakan manajemen puncak yang telah ditentukan, peraturan pemerintah dan ikatan profesi yang berlaku Menurut Institute of Internal Auditor (Boynton, 2001:980) internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operation. It helps an organization accomplish its objectives by ringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes Menurut Milton Stevens Fonorrow (1989) internal auditing is an appraisal, by trained company employees, of the accuracy, reliability, efficiency and usefulness of company records and internal control (suatu penilaian, yang dilakukan oleh pegawai perusahaan yang terlatih, mengenai ketelitian, dapat dipercayainya efisiensi dan kegunaan dari catatan (akuntansi) perusahaan dan pengendalian intern yang terdapat dalam perusahaan Auditing_2&Prak/D3-AK/rn

DEFINITION of INTERNAL AUDITING (IIA) It is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

Bab_23 InternalAudit DEFINITION “Internal Audit" is an independent examination of a quality system It measures the effectiveness of an organisation's quality management system. It is a documented and systematic tool It should be done periodically by independent and qualified people “Audit" itself is a checking system, NOT a quality assessment “Internal Audit" is an independent examination of the arrangements for ensuring quality, e.g. quality assurance structures, mechanisms and procedures, and of the effectiveness of these arrangements. One of the most important objectives of an internal quality audit is measuring the effectiveness of an organisation's quality management system. A documented and systematic tool, used by management and done periodically by independent, qualified people to verify and evaluate an organisation’s commitment to the principles of Good Manufacturing Practice (GMP) as well as compliance to regulatory requirements. An organisation that is highly committed to GMP will not only meet the regulatory requirements but far exceed them. its purpose is to report to the management on the adequacy of the operation of existing quality management system. Principle benefit of audit is that it promotes enhancement through self-reflection. “audit" itself is a checking system, it is NOT a quality assessment, because no judgment is made by the auditing group of the actual quality which has been provided by the company. The focus is on continuous improvement through self-evaluation and local control for monitoring and enhancing its own quality. It also helps the management in communicating their policies and the workers understand and do their jobs well. As a communication tool of management policies. All personnel have to understand and do their jobs well Auditing_2&Prak/D3-AK/rn

TUJUAN AUDIT INTERN Membantu menajemen dalam melaksanakan tanggung jawabnya dengan memberikan analisa, penilaian, saran dan komentar mengenai kegiatan yang diperiksanya.

KEGIATAN YANG DILAKUKAN AUDITOR INTERN Bab_23 InternalAudit KEGIATAN YANG DILAKUKAN AUDITOR INTERN Menelaah dan menilai kebaikan, memadai tidaknya dan penerapan sistem pengendalian manajemen, pengendalian internal dan pengendalian operasional, mengembangkan pengendalian yang efektif dengan biaya yang murah Memastikan ketaatan terhadap kebijakan, rencana dan prosedur yang telah ditetapkan manajemen Memastikan pertanggungjawaban harta perusahaan dan perlindungan dari kemungkinan adanya pencurian, kecurangan dan penyalahgunaan Memastikan pengelolaan data organisasi dapat dipercaya Menilai mutu pekerjaan setiap bagian Menyarankan perbaikan operasional dalam rangka meningkatkan efisiensi dan efektifitas Auditing_2&Prak/D3-AK/rn

BENEFITS OF IA Tells you the health of a quality system Bab_23 InternalAudit BENEFITS OF IA Tells you the health of a quality system Identify the root of a problem and plan for corrective and preventive actions with timeline Achieve better allocation of resources Able to avoid potentially big problem Learn what an auditors look for Continuous improvement Tells you the health of the quality system : It serves as a benchmark of current performance against which future improvements are compared. An audit will show the existing system and practices. It enables the organisation to achieve consistent performance throughout the various departments or sites. Identify root of the problem and plan for corrective and preventive actions (CAPA) with timeline: Avoiding of potentially big problems. Minimise the chances of “if we have known it earlier….”. Better allocation of resources. Redesignation of job functions and management of resources. Able to avoid potentially big problems (continuous improvement principle). Having a structured internal audit program helps to identify, avoid and/or minimise problems. It also serves as a mean for future improvement. Learn what an auditor looks for : Standard or expectations are communicated during the audit. In addition, ideas and solutions to problems can be shared between the auditors and auitees. A qualified auditor should be able to explain the rationale behind the requirements. Each audit is an opportunity to learn about the quality system of a company as well as the various approaches in meeting the GMP expectations. You will finally know whether you comply: Compliance brings many benefits in terms of company’s reputation, productivity and resources management. Auditing_2&Prak/D3-AK/rn

HAL YANG HARUS DILAKUKAN AUDITOR INTERN Menelaah dan menilai kebaikan dan memadai tidaknya penerapan sistem pengendalian manajemen, SPI, dan pengendalian operasional lainnya Memastikan ketaatan terhadap kebijakan, prosedur dan rencana yang ditetapkan manajemen Memastikan seberapa jauh harta perusahaan dipertanggungjawabkan dan dilindungi Memastikan pengelolaan data dapat dipercaya Menilai mutu pekerjaan tiap bagian Menyarankan perbaikan operasional dalam rangka meningkatkan efisiensi dan efektifitas

KODE ETIK INSTITUTE OF INTERNAL AUDIT (IIA) Bab_23 InternalAudit KODE ETIK INSTITUTE OF INTERNAL AUDIT (IIA) Tujuan Kode Etik IIA  memperkenalkan budaya etis dalam profesi internal auditing 2 Komponen kode etik : Principles Berkaitan dengan profesi dan praktik internal auditing Rules of Conduct Menjelaskan norma perilaku seorang internal auditor Alat bantu untuk menginterpretasikan principles kedalam praktek dan dimasukkan sebagai pedoman perilaku etis internal auditor Auditing_2&Prak/D3-AK/rn

INSTITUTE of INTERNAL AUDITORS ETHICAL PRINCIPLES Integrity Confidentiality Objectivity Competency

BAGAIMANA MEMILIKI DEPARTEMEN AUDIT INTERN YANG EFEKTIF ? Audit intern harus memiliki kedudukan yang independen dalam organisasi perusahaan Departemen Audit Intern harus mempunyai job description Departemen Audit intern harus mempunyai internal audit manual Harus ada dukungan dari top manajemen Departemen Audit Intern harus memiliki orang orang yang profesional, capable, bersikap obyektif, mempunyai integritas dan loyalitas yang tinggi Audit intern harus dapat bekerja sama dengan akuntan publik

RELATIONSHIP of INTERNAL and EXTERNAL AUDITORS Differences The external auditor is responsible to financial statement users. The internal auditor is responsible to management.

RELATIONSHIP of INTERNAL and EXTERNAL AUDITORS Similarities Competency Methodology Objectivity Audit risk model

PERSAMAAN AUDIT INTERN dan AUDIT EKSTERN Bab_23 InternalAudit PERSAMAAN AUDIT INTERN dan AUDIT EKSTERN Latar belakang pendidikan dan pengalaman kerja dibidang akuntansi, keuangan, perpajakan, manajemen dan komputer Membuat audit plan dan program audit secara tertulis Prosedur audit dan hasil audit didokumentasikan dalam kertas kerja Staf audit melakukan Continuing Professional Education (Pendidikan Profesi Berkelanjutan) Mempunyai Audit Manual (pedoman pelaksanaan pemeriksaan), Kode Etik dan Sistem Pengendalian Mutu Auditing_2&Prak/D3-AK/rn

TEMUAN AUDIT (Audit Finding) dan LAPORAN INTERNAL AUDIT TEMUAN AUDIT Bab_23 InternalAudit TEMUAN AUDIT (Audit Finding) dan LAPORAN INTERNAL AUDIT TEMUAN AUDIT  memberitahukan manajemen mengenai kelemahan pengendalian internal (jika dibiarkan dapat menimbulkan terjadinya kecurangan -fraud & collusion- yang merugikan perusahaan) LAPORAN dari IAD: Objective Clear (jelas) Concise (singkat tapi padat) Constructive (membangun) Timely (tepat waktu) Auditing_2&Prak/D3-AK/rn

TEMUAN AUDIT (Audit Finding) dan LAPORAN INTERNAL AUDIT MAJOR DEFICIENCY FINDINGS Kelemahan SPI perusahaan yang mengakibatkan hambatan bagi organisasi untuk mencapai tujuan yang ditetapkan MINOR DEFICIENCY FINDINGS Kelemahan dalam SPI perusahaan, walaupun tidak menghambat tujuan perusahaan tapi bila tidak diperbaiki dapat merugikan perusahaan

KRITERIA DEFICIENCY FINDING YANG HARUS DILAPORKAN Cukup significant Didukung oleh fakta Objective Relevan dan masuk akal Menurut Lawrence B. Sawyer (1996), Deficiency Finding adalah :  suatu hal yang salah, atau yang akan menjadi salah (secara intrinsik tidak salah, tetapi memerlukan perbaikan)

PENGEMBANGAN TEMUAN AUDIT Bab_23 InternalAudit PENGEMBANGAN TEMUAN AUDIT Hasil pemeriksaan internal auditor disimpulkan dan didokumentasikan dalam: List of Findings Kesimpulan  berupa masalah/kelemahan yang ditemukan atau hal yang memerlukan perhatian manajemen: Findings Positif  tidak ada masalah yang ditemukan, atau menyebutkan kebaikan pengendalian intern yang perlu diterapkan dibagian lain Findings Negatif  memberitahukan kepada menajemen masalah yang ditemukan yang memerlukan tindakan perbaikan dari manajemen untuk mencegah kerugian Auditing_2&Prak/D3-AK/rn

FINDING YANG BAIK CRITERIA: Bab_23 InternalAudit FINDING YANG BAIK CRITERIA: Ukuran/standar yang diikuti (kondisi yang seharusnya ada) STATEMENT of CONDITION: Kenyataan/kondisi yang terjadi di perusahaan EFFECT: Akibat dari kenyataan yang terjadi di perusahaan (efek negatif berupa penyimpangan, efek positif berupa hasil yang lebih baik dari standar yang ditentukan) CAUSE: Penyebab terjadinya kondisi tsb. di perusahaan dan bagaimana terjadinya Auditing_2&Prak/D3-AK/rn

PENGEMBANGAN REKOMENDASI dari TEMUAN Bab_23 InternalAudit PENGEMBANGAN REKOMENDASI dari TEMUAN Recommendation  menjelaskan apa yang harus dilakukan untuk mengatasi kelemahan/masalah yang diuraikan dalam findings Kendala menyusun laporan : Audit supervisor menyusun kembali konsep laporan yang telah dibuat oleh auditor in-charge, dengan gayanya sendiri Auditor in-charge sengaja menyusun laporan seadanya (mengandalkan perbaikan dari audit supervisor dan audit manager) Terlalu banyak waktu untuk menyusun laporan Kualitas konsep laporan yang buruk Menurut Sawyer, 3 cara untuk memperbaiki report writing process : Menentukan standar minimum yang dapat diterima Komunikasikan standar tersebut kepada staf melalui training Melakukan pengeditan oleh bagian independen atau perbandingan laporan dengan standar Auditing_2&Prak/D3-AK/rn

PENGEMBANGAN REKOMENDASI dari TEMUAN Rekomendasi yang efektif harus memenuhi prinsip: Komprehensif Spesifik Disusun yang baik Mudah dijalankan Beralasan

HAL PENTING DALAM MENYUSUN REKOMENDASI YANG BAIK Clear Simply Understandable & economical Complete Brief & concise Coherent Forceful Variety

STANDAR PELAPORAN Ikatan Akuntan Indonesia belum mengeluarkan standar pelaporan bagi auditor intern, oleh karena itu laporan auditor intern harus mengacu pada standar of reporting yang diterbitkan oleh The Institute of Internal Auditor (IIA)

LAPORAN AUDIT INTERN Semua hasil pekerjaannya harus dilaporkan pada manajemen mengenai hal penting apa yang terjadi yang memerlukan perbaikan dari manajemen Auditor Intern harus menyampaikan laporan yang: Objective Clear (jelas) Concise (padat) Constructive (membangun) Timely (tepat waktu)

Laporan Informal (Informal Report) Bab_23 InternalAudit Laporan Informal (Informal Report) Disampaikan secara lisan (tapi tetap didukung oleh data/bukti/ catatan ringkas) atau tertulis, jika internal auditor menemukan hal penting yang perlu dilaporkan kepada manajemen agar dilakukan tindakan perbaikan Informal Report secara tertulis: Bentuk pendek (memo 1 halaman) Bentuk panjang (summary report dengan penjelasan detail) (Contoh) Laporan Internal Auditor, mencakup: Summary Foreword Purpose Scope Opinion Findings, kriteria  Summary, Standard, Facts, Effect dan Cause Recommendation Jelas, mudah dimengerti, logis dan menarik Auditing_2&Prak/D3-AK/rn

MANAGING IA

FLOW CHART OF IA Bab_23 InternalAudit As management tools, IQA should be done properly based on PDCA (plan, do, check and action) principle Auditing_2&Prak/D3-AK/rn

RESOURCES FOR IA Considerations should be given to the following: Bab_23 InternalAudit RESOURCES FOR IA Considerations should be given to the following: Resources Audit techniques Processes to achieve and maintain the competency of auditors and to improve their performance Competency and availability of auditor Available time for auditing When identifying resources for the audit program, consideration should be given to the following: Financial resources necessary to develop, implement, manage and improve audit activities Audit techniques Processes to achieve and maintain the competence of auditors, and to improve auditor performance The availability of auditor and technical expert having competence appropriate to the particular audit program objectives Time availability for auditing activities if done by internal group. Auditing_2&Prak/D3-AK/rn

IA PLANNING OBJECTIVES The planning of IA consists of : Bab_23 InternalAudit IA PLANNING OBJECTIVES The planning of IA consists of : Authority for administering the IA program Establishing IA program Objectives Responsibility Procedure and guidance 1. Authority for the internal audit program The Good Manufacture Practice require an organisation to: have an established internal audit program and conduct regularly document the results of internal audit ensure those responsible for the area audited are made aware of the results schedule internal audits on the basis of the status and importance of the activity/area being audited conduct follow-up audit activities to verify and record the implementation and effectiveness of any corrective action taken   2. Establishing the internal audit program  2.1. Objectives of an internal auditing program Objectives should be established for an internal audit program, to direct the planning and conduct the audits. These objectives can be based on consideration of: to meet requirements for GMP certification or other management system standard to verify conformance with contractual requirements to obtain and maintain confidence in the capability of a supplier to contribute to the improvement of the management system  2.2. Responsibility of internal audit program The responsibility for managing an internal audit program should be assigned to one or more individuals with a general understanding of audit principles, of the competence of auditors and the application of audit techniques. They should have management skills as well as technical and business understanding relevant to the activities to be audited. Those assigned the responsibility for managing the internal audit program should: establish the objectives of the audit program establish the responsibilities and procedures, and ensure resources are provided ensure the implementation of the internal audit program ensure that appropriate audit program records are maintained, and monitor, review and improve the internal audit program.  2.3 Procedure and guidance of audit program Audit program procedure should address the following: Planning and scheduling audit Assuring the competence of auditors and audit team leader Selecting appropriate audit team and assigning their roles and responsibilities Conducting audit Conducting audit follow-up, if applicable Maintaining audit program records Monitoring the performance and effectiveness of the audit program Reporting to top management on the overall achievements of the internal audit program Auditing_2&Prak/D3-AK/rn

IA IMPLEMENTATION The implementation of IA program consists of : Bab_23 InternalAudit IA IMPLEMENTATION The implementation of IA program consists of : Scheduling audit Implementation of audit program Audit record and report 1. Scheduling audit Audits should be planned on a regular basis so that each activity is audited at least once in the audit cycle. High risk areas should be audited more often to ensure conformance. Special circumstances or unplanned audit can also be carried out as a result of : a particular problem has arisen (such as product recalls, repeated quality rejection), to establish the source of the problem and document any corrective actions. customer complaints following the implementation of actions defined in a corrective action report following the identification of additional or amended procedures for maintain or improve product quality GMP inspections announced by the Regulatory Authority Around 2 – 4 weeks prior to the audit schedule, the audit team will have a briefing meeting to determine: audit procedures, such as the sampling and tracking methods to be used; the issues to be followed up; preparing the audit plan and visit program additional/follow up documents required; and the individuals/groups to meet during the visit. Result of the above briefing will be informed to the relevant auditees, Quality Control Manager, and Production Manager, so they can prepare before the audit schedule will be carried out. The length of the internal audit will depend on the issues identified by the Audit Team and should be approved by management. 2. Audit program implementation The implementation of an internal audit program should address the following : communicating of an internal audit program to relevant party coordinating and scheduling audit and other activities relevant to audit program establishing and maintaining a process for the evaluation of the auditors and their continual professional development ensuring the selection of audit team providing necessary resources to the audit team ensuring the conduct of audit according to the audit program ensuring the control of records of the audit activities ensuring review and approval of audit report, and ensuring their distribution to the auditees ensuring audit follow-up, if applicable.  3. Internal audit program’s record and report Records of internal audit should be maintained to demonstrate the implementation of the internal audit program, and should included the following : records related to individual audits, such as: audit plan audit report Non-conformity report corrective and preventive action report, and audit follow-up, if applicable. records related to audit personal covering subjects such as auditor competence and performance evaluation audit team selection, and maintenance and improvement of competence records should be retained and suitably safeguarded results of audit program review Auditing_2&Prak/D3-AK/rn

Bab_23 InternalAudit IA MONITORING Implementation of audit program should be monitored at appropriate intervals and reviewed to assess whether its objectives have been met and identified opportunities for improvement. Auditing findings should be reported to the management. 1. Monitoring the audit program Performance indicators should be used to monitor characteristics such as : The ability of the audit teams to implement the audit plan Conformity with audit program and schedules, and Feedback from auditees and auditors 2. Reviewing the audit program The audit program review should consider, for examples: Result and trends from monitoring Conformity with procedures Evolving needs and expectation of interest parties Audit program records Alternative or new auditing practices, and Consistency in performance between audit teams in similar situations Results of audit program reviews can lead to corrective and preventive actions and the improvement of the audit program Auditing_2&Prak/D3-AK/rn

AUDITING ACTIVITIES

OVERVIEW OF AUDIT ACTIVITES Bab_23 InternalAudit OVERVIEW OF AUDIT ACTIVITES Planning and scheduling audit Conducting document review Preparing for on-site activities Conducting audit Audit program procedure should address the following: Planning and scheduling audit Assuring the competence of auditors and audit team leader Selecting appropriate audit team and assigning their roles and responsibilities Conducting audit Conducting audit follow-up, if applicable Maintaining audit program records ·        Monitoring the performance and effectiveness of the audit program ·        Reporting to top management on the overall achievements of the internal audit program Prepare audit report Conducting follow-up Auditing_2&Prak/D3-AK/rn

AUDIT ACTIVITIES Forming an audit team and assign roles and responsibility and agreed on the scope Conducting document review Preparing for the on-site audit activities Review documents (SOPs, audit findings, corrective action/preventive action, etc.), check the integrity of the quality system and various controls are effective Preparing audit plan Assigning work to the audit team Preparing work documents (eg. audit checklists, sampling plans, forms for recording information; questionnaires)

AUDIT DOCUMENTATION Audit plan Bab_23 InternalAudit AUDIT DOCUMENTATION Audit plan should be sent to auditee prior to audit activity findings from the last audit should be also mentioned Audit note should include an audit questionnaire all records and comments during the audit Audit documentation does not need to be complicated, normally there are 3 kind of documents : The audit plan, The audit plan is sent to the department being audited a few days prior, it should include the date of the audit, the planned time, duration, auditors names, location (if relevant) and the policies and procedures that will be used during the audit. It should also mention any non-conformances that were found during last audit. The audit notes, The notes are the auditor's questions that will be asked during the audit. It should include references to particular policies and procedures and what will be asked during the audit. The same document should be used to record the findings and any comments during the audit. The audit report. The audit report is the official document used to report the findings of the audit. This document should include details of the audit, date, auditors names, policies and procedures and findings against them. It should include if it passed audit and any non-conformances or observations found. If non-conformance are found a date should be established for completion of corrective actions. The audit report is normally signed by the auditor and the department manager. Audit report is an official document to report the audit findings Auditing_2&Prak/D3-AK/rn

EXAMPLE OF AN AUDIT CHECKLIST General format for an audit checklist

EXAMPLE OF AN AUDIT CHECKLIST

INTERNA: AUDIT QUESTIONAIRES IA MONITORING INTERNA: AUDIT QUESTIONAIRES Area audited : ______________________ Date: __________________ Question (QSR-GMP Reference) Response 1. Does the company have a work instruction to operate the machine?   2. How is the machine being cleaned and maintained? 3. Are personnel trained to use the machine? 4. How often is the equipment being calibrated and cleaned? 5. When is the last breakdown of the machine? Are there any product being affected?

AUDITING ACTIVITIES (1) Conducting on-site audit activities Conduct opening meeting Good communication during the audit Roles of escort and observer Steps in conducting on site audit: Interviews with different personnel Carry out both horizontal and vertical audits. Focus on safety and quality of product. Use “Trace-back” method

AUDITING ACTIVITIES (2) Generating audit findings Either conformity or non-conformity Sort out isolated or systemic deficiencies Isolated deficiency: Tends to happen randomly; no meaningful pattern; rarely happens Systemic deficiency: Could be connected to a particular process, product, material, person or organisation; shows pattern; happens more than once

ISOLATED VERSUS SYSTEMIC DEFICIENCY NON CONFORMANCE DEFICIENCIES ISOLATED SYSTEMIC Latex gloves rip SOP contains an error Wrong expiration date written on a reagent bottle Batch record is poorly written so instruction can be confusing Operator or lab technician spills a sample Area management does not reinforce requirement to continually record information properly Pressing machine of eye shadow burns out Preventive maintenance program does not include liquid filling machine motor

AUDIT MONITORING The audit finding can be classified into 2 groups: Compliance : Satisfactory /Adequate Outstanding Non-compliance : Critical deficiency Major deficiency Minor deficiency

AUDIT REPORT Objectives Audit scope Identification of audit team leader and members Date and place where the on-site audit activities were conducted Audit criteria and findings Conclusions

AUDIT REPORT Various formats can be used depending on auditee (vendors, management or auditee) Usually include name and location of auditee, date of audit, audit plan, audit observations, classification of non-compliances, recommendations or expectations Should write against a standard Focus on deficient conditions and not people Include any positive observations Keep the audit report simple and clear

AUDIT REPORT: AN EXAMPLE No GMP.Ref Findings of IA Grading Location Auditee Auditor 1. 2.1.1 Production and QC departments are headed by the same person Critical Human Resources Abas Budi 2. 4.3 Monitoring of temperature in a warehouse Major or Minor Warehouse Tuti May Lin 3 11.1 Inadequate control over sub-contractor Production Herman Ida

CONCLUSIONS Nobody likes to be audited……….. Bab_23 InternalAudit CONCLUSIONS Nobody likes to be audited……….. It is a means to have continuous improvement Especially when it involves giving your company the license to manufacture or shutdown. But, if you are prepared and have a basic quality system in place, you see it as a way for continual improvement. Auditing_2&Prak/D3-AK/rn