1 © 2016 PT KPMG Siddharta Advisory (Registration No: 09.05.1.70.85569), an Indonesian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Document Classification: KPMG Confidential
25 October 2016
KPMG Siddharta Advisory
kpmg.com/id
Unlocking the value of Internal Audit The current and future state of Internal Audit in Indonesia
2 © 2016 PT KPMG Siddharta Advisory (Registration No: 09.05.1.70.85569), an Indonesian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Document Classification: KPMG Confidential
Introductions – with you today
Gary Chia Partner, Risk Consulting (Head of Financial Services and Regulatory Compliance) KPMG Singapore Tel: +65 6213 2071 Email: [email protected]
Antonius Augusta Partner, Head of Risk Consulting KPMG Indonesia Tel: +62 215740877 Email: [email protected]
James Loh Partner, Risk Consulting (Head of Financial Risk Management) KPMG Indonesia Tel: +62215746308 Email: [email protected]
3 © 2016 PT KPMG Siddharta Advisory (Registration No: 09.05.1.70.85569), an Indonesian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Document Classification: KPMG Confidential
Time Topic
0900 - 0915 Welcome and introduction
0915 - 0945 KPMG Indonesia Internal Audit Survey Launch
0945 - 1130 Key survey findings and themes (facilitated discussion)
1130 - 1145 Key takeaways
1145 - 1200 Q&A
What we will discuss
4 © 2016 PT KPMG Siddharta Advisory (Registration No: 09.05.1.70.85569), an Indonesian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Document Classification: KPMG Confidential
Objectives of the IA roundtable
• Connect you with a selected group of Internal Audit (IA) professionals
• Engage in insightful conversations about key risks, trends, practices and common challenges
• Share and learn about better practices for internal audit across industries
• Build stronger IA network and community
6 © 2016 PT KPMG Siddharta Advisory (Registration No: 09.05.1.70.85569), an Indonesian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Document Classification: KPMG Confidential
Cyber security risk
Regulatory risk
Emerging technology risk
Strategic risk
Geopolitical risk
30%
28%
26%
25%
24%
Top 5 key risks that CEOs are most concerned about
Source: 2016 Global CEO Outlook, KPMG International
7 © 2016 PT KPMG Siddharta Advisory (Registration No: 09.05.1.70.85569), an Indonesian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Document Classification: KPMG Confidential
Top 10 key IA risks for banking and capital markets
Source: KPMG Internal Audit: Top 10 key risks in 2016, Banking and Capital Markets
8 © 2016 PT KPMG Siddharta Advisory (Registration No: 09.05.1.70.85569), an Indonesian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Document Classification: KPMG Confidential
Clarifying the role of IA
Figure 1: The KPMG ‘4 Lines of Defence’ model
Isolated? Findings? Basement?
Checker? Collaborative? Insights? Boardroom?
Business Advisor?
9 © 2016 PT KPMG Siddharta Advisory (Registration No: 09.05.1.70.85569), an Indonesian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Document Classification: KPMG Confidential
Recent KPMG Surveys
Background to the KPMG Indonesia IA survey
Figure 2: The KPMG IA Quality Assurance Review (QAR) Framework
10 © 2016 PT KPMG Siddharta Advisory (Registration No: 09.05.1.70.85569), an Indonesian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Document Classification: KPMG Confidential
53% 51% represent the Financial Services
Survey demographics are Chief Audit Executives (CAEs)
Chart 1: Role in your organisation Chart 2: Analysis of sector representation
11 © 2016 PT KPMG Siddharta Advisory (Registration No: 09.05.1.70.85569), an Indonesian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Document Classification: KPMG Confidential
IA generally adds value but improvements required
Q27. In your view, does IA contribute to improving the quality and effectiveness of governance, risk management, and internal control processes? Q29. Does IA add value to your organisation beyond compliance (e.g. enhancing control environment to mitigate high risk areas, improving efficiency in business process, providing practical recommendations on procedural matters, etc.)?
Chart 3: IA’s contribution Chart 4: IA’s value adding
55% 62% expressed that IA adds value beyond compliance
found their IA effective in contributing to governance, risk management and internal controls
12 © 2016 PT KPMG Siddharta Advisory (Registration No: 09.05.1.70.85569), an Indonesian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Document Classification: KPMG Confidential
Key market insights and themes
Risk based aud it ing • To what extent does IA conduct risk based audits?
Integrated assurance • How is IA achieving an integrated assurance approach with risk management,
compliance and other lines of defence?
Technology • To what extent is IA leveraging technology, in terms of data analytics and
additional assurance methods (such as continuous auditing)?
13 © 2016 PT KPMG Siddharta Advisory (Registration No: 09.05.1.70.85569), an Indonesian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Document Classification: KPMG Confidential
What is integrated assurance? Coordinated Enterprise Assurance
Compliance – corporate
Internal audit
External audit
Technical evaluation
group
Sustainable development
assurance Corporate
Compliance – product groups
Communities Security
Group Risk
Other
Integrated Assurance: • Coordination of assurance activities • Minimize gaps, maximize overlaps • Coordinated teams where appropriate • Consistency of approach, ratings and
monitoring • Common risk vocabulary and consistent
reporting to executive management and the Board
• Benefits: cost savings (redundant
activities eliminated and common information is shared)
15 © 2016 PT KPMG Siddharta Advisory (Registration No: 09.05.1.70.85569), an Indonesian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Document Classification: KPMG Confidential
Risk based auditing well established
Chart 5: Risk Based Auditing
93% indicated that IA work is concentrated on higher risk areas
Q21. Is Internal Audit work concentrated on higher risk areas? Q22. Is the annual Internal Audit plan developed in accordance with the risks identified at Group level?
91% indicated that the IA plan is developed in accordance with the risks identified at Group level
Chart 6: IA plan
16 © 2016 PT KPMG Siddharta Advisory (Registration No: 09.05.1.70.85569), an Indonesian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Document Classification: KPMG Confidential
What are the current IA priorities?
Chart 7: IA’s current priorities Q8a. Please identify the top three areas on which Internal Audit in your organisation is currently focusing.
Do these results surprise you? What are your current IA priorities?
1st 2nd
3rd Surprising?
17 © 2016 PT KPMG Siddharta Advisory (Registration No: 09.05.1.70.85569), an Indonesian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Document Classification: KPMG Confidential
What are the IA priorities in the next 3-5 years?
Chart 8: IA’s future priorities Q8b. Please identify the top three areas on which Internal Audit in your organisation is going to focus on in the next 3-5 years.
Are you experiencing any changes in future IA priorities/expectations?
Joint 1st 2nd
3rd Surprising?
18 © 2016 PT KPMG Siddharta Advisory (Registration No: 09.05.1.70.85569), an Indonesian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Document Classification: KPMG Confidential
Q23. Is the IA plan and key changes to the plan, including deferment of audits into the next work year, presented to the Audit Committee for approval?
Chart 9: Review and approval of IA plans
Review and approval of IA plans to be more dynamic
30% indicated that the IA plan was not presented for approval (annually) and/or no changes were made during the year
What process do you go through to review and approve the IA plan? To what extent are you seeing changes occur more frequently? Is this creating any challenges in practice?
20 © 2016 PT KPMG Siddharta Advisory (Registration No: 09.05.1.70.85569), an Indonesian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Document Classification: KPMG Confidential
Q13. If your company has an in-house Internal Audit function, what is its structure?
Chart 10: Structure of IA function
What is the structure of your IA function?
24% indicated a combined IA, Risk Management and Compliance function
How is your IA function currently structured?
21 © 2016 PT KPMG Siddharta Advisory (Registration No: 09.05.1.70.85569), an Indonesian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Document Classification: KPMG Confidential
Q12. In your opinion, does IA collaborate well with the Compliance and Risk Management functions in managing the company's risks? Chart 11: IA’s approach to collaboration
41% expressed that IA collaborates well with the Compliance and Risk Management functions all the time
To what extent are there multiple sources of assurance over key risks in your company? How are you achieving integrated assurance with compliance, risk and other lines of defence? Which function takes the lead in driving the integrated assurance approach?
Does your IA collaborate well?
22 © 2016 PT KPMG Siddharta Advisory (Registration No: 09.05.1.70.85569), an Indonesian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Document Classification: KPMG Confidential
Q10. In your opinion, is the size and structure of IA appropriate for effective audit coverage across the business areas?
Chart 12: Size and structure of an effective IA
To what extent are the skills of your IA relevant?
30% are confident that their IA possess skills and experience that are appropriate across the business areas
What skill-sets do you look for when recruiting IA personnel? What challenges exist in the market currently to meet these requirements?
23 © 2016 PT KPMG Siddharta Advisory (Registration No: 09.05.1.70.85569), an Indonesian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Document Classification: KPMG Confidential
Chart 13: Core competencies ‘ranking Q20. Please rank the following core competencies in your preferred order of importance for Internal Auditors.
Critical competencies for IA to deliver Do these results resonate with you?
Are there other critical competencies you look for? To what extent do you outsource/co-source specialist skills and competencies?
1st
2nd 3rd
Surprising?
24 © 2016 PT KPMG Siddharta Advisory (Registration No: 09.05.1.70.85569), an Indonesian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Document Classification: KPMG Confidential
A more structured approach to training is required
Chart 14: Training topics’ ranking Q18. Please select the training topics that you believe are critical to build up your IA capacity. You may choose more than one training topic.
Do you have a formal and structured training program for your IA function? What is the split between on-line vs classroom style training? To what extent has that been reviewed for effectiveness?
1st 2nd 3rd
26 © 2016 PT KPMG Siddharta Advisory (Registration No: 09.05.1.70.85569), an Indonesian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Document Classification: KPMG Confidential
Q32: Does IA leverage on technology (such as data analytics) to increase audit effectiveness and efficiency, and enhance productivity?
Chart 15: Technology leverage
Technology not being leveraged sufficiently by IA
64% do not currently leverage technology to increase IA effectiveness and efficiency
To what extent do you use data analytics on your IA reviews? What systems do you use? What are the key challenges and how do you overcome them?
27 © 2016 PT KPMG Siddharta Advisory (Registration No: 09.05.1.70.85569), an Indonesian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Document Classification: KPMG Confidential
Chart 16: Technology leverage for financial and non-financial services
Comparison of FS and non-FS tech usage
65% of financial services responded positively to utilizing data analytics tools compared to only 32% of non-financial services
Q32: Does IA leverage on technology (such as data analytics) to increase audit effectiveness and efficiency, and enhance productivity?
Surprising? How do we leverage technology to provide
additional assurance e.g. continuous monitoring and auditing?
29 © 2016 PT KPMG Siddharta Advisory (Registration No: 09.05.1.70.85569), an Indonesian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Document Classification: KPMG Confidential
Key takeaways
Consider the optimal structure and resourcing model for the IA function to deliver a sufficient coverage in terms of breadth and depth of projects 2
3 4 5
Develop a business case for investing in technology to enhance the depth of analysis and coverage
Establish a better coordination across the providers of assurance (internal and external auditors)
Enhance the skills and experience of the IA function
Establish regular communication between IA and key stakeholders to firm up the key focus areas 1
31 © 2016 PT KPMG Siddharta Advisory (Registration No: 09.05.1.70.85569), an Indonesian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Document Classification: KPMG Confidential
2013 2015 201
4 2016
Key thought leadership reference points
2014
Copies and more information are available at www.kpmg.com.sg or www.kpmg.com/id
kpmg.com/socialmedia kpmg.com/app
The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. © 2016 PT KPMG Siddharta Advisory, an Indonesian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.