Introduction

Restiana Ie Tjoe Linggadjaya, MM QIA CIA CRMA IIAP

Komite Audit, PT. Adira Dinamika Multi Finance Tbk.
Dewan Pengawas, Ikatan Auditor Intern Bank
Former Vice President, Institute of Internal Auditors Indonesia
 Restiana Ie Tjoe Linggadjaya, MM, QIA, CIA, CRMA, IIAP

Educational Background
•
• S3 PhD Candidate, Universitas Pelita Harapan (2021 – expected graduation 2024)
• S2 Management, Asian Institute of Management, The Philippines (Dean Scholarship, 1999-2000)
• S1 Finance, Universitas Trisakti (1985-1989)

Professional Background
• Audit Committee, PT Adira Dinamika Multi Finance (July 2022 – Present)
• Chief Audit Executive, Indonesia Exim Bank (May 2020 – Dec 2020)
• Chief Risk & Compliance Officer, PT Smartfren Telecom, Tbk (Dec 2018 – Apr 2020)
• Chief Operating Officer, PT Maybank Indonesia (Mar 2017 – Nov 2018)
• Chief Audit Executive, PT Bank CIMB Niaga, Tbk (Mar 2010 – Feb 2017)
• Chief Internal Auditor, PT Bank Danamon, Tbk (May 2004 – Feb 2010)
• Finance Director, PT Asuransi Allianz Life Indonesia (Apr 2002 – Apr 2004)
• Vice President Internal Audit, ABN Amro Bank Indonesia (Jul 2000 – Apr 2002)
• Vice President Treasury, Cash Mgt & Custody, ING Barings (Apr 1996 – Oct 1998)
• Manager, Citibank (Jul 1990 – Apr 1996)
• Finance Supervisor, PT Cipta Piranti Tehnik (Sep 1989 – Jun 1990)
5 Domains - Digital Transformation

5 Domains Strategic Themes

Customers Harness Customer Networks

Competition Build Platforms, not just Products

Data Turn Data into Assets

Innovation Innovate by Rapid Experimentation

Value Adapt your value proposition

Source: David L. Rogers, The Digital Transformation Playbook

It also applies for Internal Auditors!

3
Domain 1. Customer

Social Banking
Media

Gaming
Customer Shopping

Connections between
customers, looking for
the customer needs,
Purchase
Entertain share ideas with you
and introduce to our
next opportunity.

Domain 1: Customer Dynamic Network

4
Domain 1. Customer Pain points (IA Point of View)

Time to Market Systems : Fragmented & Legacy

Need to Simplify Process Process

SOP : Complicated & Long turn Processes : Manual & Semi
around Automatic

5
5
Domain 2. Coopetition

Competition & Cooperation

• Payment gateways
Transact • e-Wallets

• Stock trading platforms

Invest • Insurance aggregator

• P2P lending
Lending

• eCommerce
Lifestyle

Domain 2: Competition Platform Business Models with (In)direct Network Effects

6
 Domain 2. IPPF 2050: Coordination & Reliance
Our processes and We have integrated
technologies processes and technology
remain siloed 14% across many or all
23% organizational silos of
operation

The more integrated you

are, the more you share
information and use
• While IIA has advocated Coordination to ensure adequate
standardized approaches coverage and minimize duplication of efforts, Unfortunately,
to how you manage and 24% 86% organizations run its LoD individually in a siloed basis.
provide assurance about
We have
performance, risk and We have integrated
standardized compliance OCEG 2022
some processes processes across many
organizational silos, but we • 80% report that organizational silos impede access to data
and use of 39%
technology but have not yet completely • 80% report that data silos inhibit their ability to efficiently
not across the addressed integrating perform GRC reporting
technology that supports
entire enterprise
these processes • 91% believe that siloed tools and fragmented systems are a
significant constraint in efficiently develop GRC reports

Source: OCEG 2022, The surprising state of GRC Reporting

7
3 LoD

GRC (Governance, Risk, and Compliance) is

a set of organizational capabilities to
achieve their objectives concerning Board/Audit Committee
uncertainty and ethical conduct.
-- (Switzer, Mitchell, and Mefford 2015).
Senior Management
An organization has elements to ensure that
the GRC activities are running properly. The
board will establish the organizational
strategic direction and oversee the
implementation of the strategy by Risk
management -- (ICGN 2015). Operational Management

External Audit
Management
However, Board (including Audit Committee) is Internal
NOT involved in daily activities in an Compliance Audit
organization. They will rely to the assurance
provider inside and outside the organization. Finance
FERMA and ECIIA develop three lines of defense
(3 LoD) models.
1st Line of Defense 2nd Line of Defense 3rd Line of Defense
8
 Domain 2. Integrated / Combined Assurance: Future State of GRC

Source: OCEG 2022, The surprising state of GRC Reporting

9
Domain 3. Data

- Optimizations and predictive analytics

- Complex statistical analysis
- All types of data, and many sources
- Very large datasets
- More of a real-time

- Ad-hoc querying and reporting

- Data mining techniques
- Structured data, typical sources
- Small to mid-size datasets

5 V of Big Data
1. Volume/Scale
2. Variety/Compexity
3. Velocity/Speed
4. Veracity/Validity
5. Value
Domain 3: Data Drivers of Big data & data-driven decision making

10
Domain 3. Data: Audit Presentation for Better results
Efficiency
► Automate manual work (e.g.
collecting, analyzing and
reporting of data)
► A defined and iterative process to
report on exceptions on
predefined intervals
Better Quality
► Inspect all data to detect
exceptions instead of taking
samples from the data
► Less chance on manual errors
because of the high level of
automation
► Standard exception reporting
where the chance of
misinterpretation is reduced
Effectiveness
► Ability to filter or sort exceptions
based on thresholds or severity
ratings
► Allows to spend more time on
root cause analysis of the
exceptions
► Better decision making based on
visualizations (e.g. trend lines)
Early Warning
► Exceptions can be detected in a
early stage which allows for less
corrective actions
11
Domain 4. Innovation

1 2 3
Convenience Price Simplicity
Transparency of fee (no
Customers want hidden fees) is one factor
things quicker and Everything must be
influence the customers to
easier within their simple and easy to
buy products & services
reach understand/user

Domain 4: Innovate by rapid experimentation Minimum Viable Prototype

12
Domain 4. Innovation: Early Warning continuous auditing

13
Domain 5. Value

Value
• Efficient to use
• More satisfying to use

Simple principles
• Clear engagement message/linked to journey
• Experience design – easy to find where I need to go next
• Good use of keyword and content - indexed via search engines
• Clean code that is easy for browsers to load.

Domain 5: Value Uncover next opportunity for value proposition

14
Domain 5. Value Proposition for Internal Audit

Internal Auditing:
• Assurance
• Insight
• Objectivity

Governing Bodies and Senior Management rely on Internal Auditing for objective assurance and insight
on the effectiveness and efficiency of governance, risk management and internal processes.

Source: The Institute of Internal Auditors

15
Key Attributes of Outstanding Internal Auditors

• Personal Attributes
- Ethical Resilience
- Results Focused
- Intellectually Curious
- Open Mindedness
• Relational Attributes
- Dynamic Communicators
Thankyou
- Insightful Relationships
- Inspirational Leaders
• Professional Attributes
- Critical Thinkers
- Technical Expertise

Source: Chambers, Richard F, Trusted Advisors: Key Attributes of Outstanding Internal Auditors

16
Literacy & Characters for Industry 5.0

Literacy
4L
Data Collaboration
Literacy
Critical Thinking
Technological
Literacy
Creative
Social Literacy

Communication
Lifetime Learner

Computational Thinking

Compassion
Character
6C
Source: Prof Dr. Bambang Brodjonegoro PhD, Former Minister of Research & Technology
17
Internal Auditing (Current State vs Future State)

Current State Future State

Perspective Backward-looking Forward-looking

Style Corporate Police Strategic Business Partner

Mandate Compliance Assurance & Consulting

Risk Focus Operational Enterprise

Tool Kit Work Programs Risk Based Audit

Automated & continuous
Technology Minimal
monitoring

18
Scope & Deliverables – Example

Scope Deliverables

Secure system, process & Confidentiality, Integrity, Availability & non-repudiation

infrastructure for critical system, process & infrastructure

System access review Implementation of user access based on proper User

Access Matrix and Segregation of Duties

Change management • Establishment of Change Advisory Board

• Robust and secure change management process

Infrastructure & architecture Implementation of infrastructure & architecture – based

on organization needs, referring to best practices

Transaction-level review Assurance of completeness and accuracy of transactions

Monitoring activities Early warning and timely detection of incidents

19
Internal Audit as Indispensable Strategic Partner

Protect & Enhance

Value

IA protect value with BOARD IA Independent from management and

assurance services and has unlimited access in all aspects in the
enhance value with consulting organization.
services
Independent Objective
Senior Internal Auditor
Management
Strategic &
Competent forward looking

Technology Collaborative
Operating
Management

20
COSO Enterprise Risk Management : Integrated Framework

• Management

• The board of directors

• Risk officers

• Internal auditors
Source: COSO ERM

21
COSO Internal Control Integrated Framework
Control Environment
3 Objectives
Operations Effectiveness and efficiency
of operations to achieve an
entity's basic mission
Reporting Reliability of reporting for
use by organisations and
stakeholders
Monitoring Activities
Compliance Conduct of activities in
compliance with applicable
laws and regulations
5 Components
Set of standards, processes, and
structures that provide the basis for
carrying out internal control across the
organisation
A dynamic and interactive process for
identifying and assessing risks to the
Risk Assessment achievement of objectives
Policies and procedures that help ensure
Control Activities management directives are carried out
Supports the organisation’s ability to use
the right information within the system
Information & of internal control and to carry out
Communication internal control responsibilities
Assess whether each of the five
components of internal control is present
and functioning
COSO Internal Control Integrated Framework
Audit of Sales & Purchasing
Objectives of audit:

a) Assess the effectiveness of the Sales Strategies and

alignment across the processes
b) Assess the adequacy of controls established and
improvement made since last audit, especially on the
management of advertising agencies and establishment
of operational guidelines and management of digital
marketing
c) Review the management of resources and achievement
of its strategic goals.
Who owns the future

“ The future belongs to those who believe in the beauty of

their dreams “
- Eleanor Roosevelt
Thank you

24
Thank you