The Internal Audit Unit (“IA”) plays a role in exercising control over our business activities. For this reason, and as governed by the prevailing capital market regulations, IA is directly responsible to the President Director.
Internal Audit Charter In order to reinforce this role and responsibility, the Internal Audit Charter clearly sets out the vision, mission, structure, status, duties and responsibilities and authority of IA, the requirements of auditors and the President Director’s and Audit Committee’s approval of the content of the Audit Charter, with reference to the International Standards for the Professional Practice of Internal Auditing issued by the Institute of Internal Auditors (“IIA”).
As part of its commitment to the Internal Audit Charter, during 2010 IA strengthened its position within the organization and enlarged its role in exercising control over the company’s business.
Internal Audit Duties and Responsibilities The strengthening of IA’s position is a strategic activity, intended to formulate the unit’s contribution to our operations. It was executed through a reformulation of IA’s organization in line with its role as a provider of business assurance and internal consulting services. IA’s strategy and objectives, meanwhile, were articulated in the 2010 program of audit and non-audit activities, which was itself the realization of IA’s interpretation of the company’s business direction. This formulation is broadly conveyed in the IA Master Plan 2009-2014.
The focus of IA’s activities is based on a commitment that IA’s mission should be executed methodologically. This means that each stage of auditing and internal consulting, consisting of preparation, implementation, and follow-up monitoring, must be standardized and measured. Therefore, at the preparation stage, the main reference is Risk-Based Audit methodology, which stipulates that auditable units must be based on a risk rating of the business processes of said units: the higher the risk, the greater the need for auditing. Accordingly, in every audit plan, the first thing that should be taken into account is the auditable risk rating, based either on the risk register mapped out by the Company or on the professional judgment of IA itself.
In order to facilitate this Risk-Based Audit paradigm, IA has, since the beginning of 2009, been equipped with a management tool, namely Audit Management Systems (“AMS”), which is an online application system for documenting the implementation of risk-based audits.
The role of IA was strengthened by increasing quality assurance on our operations through audit and non-audit activities. The auditing is dedicated to ensuring that any business risks that may arise can be immediately addressed through effective internal controls. If there are deficiencies and or uncontrollable risks in the control of any business process, they will be subjected to a substantive test, which is a further test of the audit object designed to go in depth into the root cause of the issue. For this reason, in 2010 the scope of the audit has included high-risk business areas such as quarterly and year-end financial reporting, the process of disclosure of company information required by the capital market authorities on a quarterly and annual (Annual Report) basis, revenue assurance, management of infrastructure readiness and quality, and ensuring synergy in the TELKOMGroup audit process. In addition, as a result of our IDX and NYSE listings, IA regularly and consistently performs tests and assurance on the effectiveness and adequacy of our ICOFR. We have undergone an ICOFR audit annually since 2006. Various challenges were overcome in order to eliminate material weakness rating, a status that we achieved for the 2008 financial reporting. Likewise, IA has an important role to play in the whistleblower mechanism, which is the domain of the Audit Committee and the Executive Investigative Committee (“EIC”), wherein the Head of IA was appointed as secretary of the EIC. The whistleblower mechanism serves to accommodate any ‘whistleblowing’ by employees and forward such input to management. In turn, if the Audit Committee and EIC judge that certain whistleblower feedback needs to be investigated further, IA will take action to follow it up as part of its audit engagements.
To support audit engagement and to develop awareness of the importance of internal control for business units, every quarter, each business unit performs a Control Self Assessment (“CSA”) on the internal controls for which it is responsible. IA regularly evaluates these CSA results in order to assess their adequacy.
The following stage involves internal consulting service activities. In 2010, internal consulting focused on the operations of the company, which can be categorized as management of infrastructure (production equipment) and products, trading and supporting operations, including enterprise risk management (“ERM”), identifying group financial reporting risk (GFRR) and human capital management. Internal consulting is more of a pre-emptive solution to ensure that business operations continue to comply with the prevailing regulations.
The results of such activities are reported to the President Director and copied to the Audit Committee. The auditees are also informed of the results so that they can be followed up and the related business processes remedied. In order to make sure that auditees respond adequately to the results of auditing and internal consulting, follow-up activities are monitored. Follow-up activities in the field are usually carried out by the auditees and monitored by IA. For this purpose, the follow up is restricted to significant business process areas and subject to agreed deadlines.
During 2010, another focus for IA has been to monitor the follow up of deficiencies discovered by the External Auditor in 2009. These monitoring activities have been properly documented.
To empower our IA human capital, programs have been implemented to prepare and retain competent auditors who are capable of playing the roles consistent with the scope of IA’s activities in line with the growth of our business. In 2010, these key competencies were enhanced through ensuring that our auditors were intensively involved in our preparation for the full adoption of International Financial Reporting Standards in TELKOM in 2011 through training, internships, seminars, workshops, and continuous learning.
Since 2007, IA has been led by Tjatur Purwadi, SE, MM, an employee who has pursued his career in operational techniques. He became involved in organizing and improving our accounting policy, eventually becoming Vice President of Financial & Logistics Policy and now Head of the Internal Audit.
TELKOM’s Internal Audit Structure Below is the internal audit structure of TELKOM
Our financial statements for fiscal year 2010 were audited by PwC. The appointment of the independent auditors for fiscal year 2010, was carried out in accordance with the appropriate procedures by taking into account both the independence and qualification of the independent auditors.
Fees and Services of External Auditor The following table summarizes the aggregate fees billed to us by PwC in 2008, 2009 and 2010, respectively:
Tax Fees PwC did not perform any tax compliance, tax advisory or tax planning services for us in 2008.
All Other Fees PwC did not perform any non-audit services for us in 2008.
