Bapepam and LK Rulebook

All rules published are translated from the original documents. If there is any hesitation regarding the rules, please refer to the original documents

ATTACHMENT : Decision of the Chairman of Capital Market and Financial Institutions Supervisory Agency Number : Kep-496/BL/2008 Date : November 28, 2008 RULE NUMBER IX.I.7 : FORMING AND CHARTERS COMPILATION GUIDANCE OF INTERNAL AUDIT UNIT 1. Definitions of terms for the purposes of this rule: a. Internal Auditing is an independent and objective assurance and consultation activity designed to add value and improve an organization's operations, by utilizing a systematic methodology for evaluating and improving the effectiveness of risk management, control, and governance processes. b. Internal Audit Unit is a working unit in the Issuer or Public Company that incorporates Internal Auditing function. The name or term used for Internal Audit Unit can be determined by each Issuer of Public Company. 2. Issuer or Public Company is required to establish an Internal Audit Unit. 3. The Internal Audit Unit as mentioned in number 2 consists of at least one internal auditor. In the case that the Internal Audit Unit consists of one internal auditor, he or she should also act as a Chief of Internal Audit Unit. 4. Issuer or Public Company is required to establish Internal Audit Charter which at least covers: a. Internal Audit Units structure and its position in the organizational structure; b. Internal Audit Units duty and responsibility; c. Internal Audit Units authority; d. Internal Audit Units ethical code which refers to Internal Auditor association in Indonesia or internationally common practice of ethical code of Internal Auditor; e. Internal Audit Units requirement of auditor; f. Internal Audit Units accountability; and g. Prohibiting of dual duties and positions of Internal Audit Units auditor and its staff from performing companys operational activities in Issuer or Public Company even its subsidiary 5. Internal Audit Units Charter is enacted by director after commissioners approval. 6. Internal Audit Units structure and its position in the organizational structure as mentioned in number 4 letter a is: a. Internal Audit Unit is led by a Chief of Internal Audit Unit. b. The Chief of Internal Audit Unit is appointed and dismissed by the president director with commissioners approval. c. Commissioner can propose the replacement of the Chief of Internal Audit Unit, if he or she does not fulfill the requirement as an auditor

of Internal Audit Unit as stated in this rule and or fails or is incapable to perform his or her duty. d. The Chief of Internal Audit Unit has to report to the president director. e. Auditor of Internal Audit Unit has to report directly to the Chief of Internal Audit Unit. f. The term of duty of the Chief of Internal Audit is no more than 3 (three) years and he or she can be reappointed. 7. The requirement of auditors Internal Audit Unit as mentioned in number 4 letter e at least covers that the auditor : a. has professional integrity and conduct, independence, fairness, and objectiveness in performing his or her duty; b. has knowledge and experience in audit technique and other relevant science in accordance to his or her duty; c. has knowledge in capital market regulations and other relevant regulations; d. has capability to effectively interact and communicate both verbally and in writing; e. shall comply with professional standard which is issued by Internal Auditor association; f. shall comply with the ethical code of Internal Auditor; g. shall maintain confidentiality of companys information and/or data related to performing of Internal Audit Units duty and responsibility except required by regulations or courts decrees/decisions; h. understands good corporate governance and risk management principles; and i. is willing to enhance his or her professional knowledge, expertise and skill in ongoing basis. 8. Internal Audit Units duty and responsibility as mentioned in number 4 letter b at least covers: a. compiling and performing annual Internal Audit plan; b. reviewing and evaluating the operation of internal control and risk management in accordance to companys policy; c. performing audit and assessing the efficiency and effectiveness in the area of finance, accounting, operation, human resource, marketing, information technology and other activities; d. performing compliance audit to related regulations and laws; e. identifying the efficiency and effectiveness of improvement and enhancement alternative of resources and funding consumptions; f. giving objective improvement of advice and information regarding audited activities for all management levels; g. reporting the audit result and delivers the report to president director and commissioner; h. monitoring, analysing, and reporting the progress of recommended action performance; i. cooperating with the Audit Committee; j. developing program to evaluate the quality of internal audit action which is performed by it; and k. performing special audit, if necessary. 9. Internal Audit Units authority as mentioned in number 4 letter c covers,

but not limited to the following : a. to accessall relevant information regarding company related to its duty and role; b. to communicate directly with director, commissioner, and/or Audit Committee and the member of directors, commissioners, and/or Audit Committees; c. to perform regular and incidental meeting with director, commissioner, and/or Audit Committee; d. to coordinate its activity with external auditor; and e. To requests or get assistant from companys internal employee or external party, if necessary, in order toperform its duty. 10. Appointment, replacement, or dismissal of the Chief of Internal Audit Unit shall be notified to Bapepam and LK no longer that the 14th (fourteenth) day after the date of his or her appointment, replacement, or dismissal. 11. By no means undermining criminal stipulation in capital market, Bapepam and LK may impose sanction on any violations of this Rule, as well as on any Person that causes the violation to occur.

CODE OF ETHICS
Principles
Internal auditors are expected to apply and uphold the following principles: 1. Integrity The integrity of internal auditors establishes trust and thus provides the basis for reliance on their judgment. 2. Objectivity Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors make a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interests or by others in forming judgments 3. Confidentiality Internal auditors respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so. 4. Competency Internal auditors apply the knowledge, skills, and experience needed in the performance of internal audit services.

Rules of Conduct
1. Integrity Internal auditors: 1.1. Shall perform their work with honesty, diligence, and responsibility. 1.2. Shall observe the law and make disclosures expected by the law and the profession. 1.3. Shall not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the profession of internal auditing or to the organization. 1.4. Shall respect and contribute to the legitimate and ethical objectives of the organization. 2. Objectivity Internal auditors: 2.1. Shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those activities or relationships that may be in conflict with the interests of the organization. 2.2. Shall not accept anything that may impair or be presumed to impair their professional judgment. 2.3. Shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review.
Issued: January 2009 Code of Ethics Revised: Page 2 of 2 2009 The Institute of Internal Auditors

3. Confidentiality Internal auditors: 3.1. Shall be prudent in the use and protection of information acquired in the course of their duties. 3.2. Shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization. 4. Competency Internal auditors: 4.1. Shall engage only in those services for which they have the necessary knowledge, skills, and experience. 4.2. Shall perform internal audit services in accordance with the International Standards for the Professional Practice of Internal Auditing. 4.3. Shall continually improve their proficiency and the effectiveness and quality of their services.