Internal Audit Charter

Introduction

This Internal Audit Charter is prepared based on:

  • POJK No. 56/POJK.04/2015 dated December 29, 2015, regarding the establishment and guidelines for drafting the Internal Audit Unit Charter.
  • SEOJK No. 14/SEOJK.07/2014 concerning Data Confidentiality and Security and/or Consumer Personal Information.
  • Law No. 40 of 2007 concerning Limited Liability Companies (LLC Law) on Corporate Governance.
  • Law No. 5 of 1999 on Prohibition of Monopolistic Practices and Unfair Business Competition.
  • Law No. 11 of 2008 on Electronic Information and Transactions (EIT Law) concerning digital-based procurement services and the validity of electronic transactions, data security, and cybercrime protection.
  • Referring to ISO 27001: Information Security, ISO9001: Quality Management, ISO20000: IT Service Management, SNI ISO: Indonesian IT Standards.

This charter provides a framework for conducting internal audits at PT. Pemindo Mitra Sinergi and its subsidiaries and has been approved by the Board of Commissioners and Directors.

The primary purpose of this charter is to define and establish:

  • The role of the Company’s Internal Audit.
  • The objectives and scope of the Company’s Internal Audit Unit.
  • The position of the Internal Audit Unit within the Company, access to various documents, departments, and activities, as well as responsibilities and accountability.

This charter is crucial and must be observed and implemented with high integrity, diligence, and consistency. Considering this, the Board of Commissioners and Directors have established the Company’s Internal Audit Charter as defined below.

Objectives

Internal Audit is an independent and objective assurance and consulting service designed to add value and improve company operations. Internal Audit activities help the company achieve its objectives through a systematic and disciplined approach in evaluating and enhancing the effectiveness of governance, risk management, and control processes. Consulting services are advisory in nature and are generally performed upon request from the auditee.

The type and scope of consulting services agreed upon with the auditee aim to add value and improve governance, risk management, and control processes at PT. Pemindo Mitra Sinergi.

Key Principles of Professional Internal Audit Practice

The key principles collectively measure the effectiveness of internal audit. For the internal audit function to be considered effective, all principles must be present and function effectively. The way an internal auditor, including the internal audit organization, meets these Key Principles may differ from one organization to another, but failure to meet any of the principles means the internal audit organization cannot optimally achieve its mission.

The key principles for professional internal audit practice consist of:

  • Demonstrating integrity.
  • Demonstrating competence and professional diligence.
  • Objectivity and freedom from undue influence (independence).
  • Alignment with organizational strategy, objectives, and risks.
  • Proper positioning with adequate resource support.
  • Demonstrating quality and continuous improvement.
  • Effective communication.
  • Being insightful, proactive, and future-focused.
  • Promoting organizational improvement.

Vision Statement

To be a leader in evaluating and contributing to the improvement of governance, risk management, and control processes concerning:

  • Reliability and integrity of financial and operational information.
  • Effectiveness and efficiency of operations.
  • Asset protection.
  • Compliance with applicable laws and regulations.

Mission Statement

The Internal Audit mission must align with the organization’s objectives. Therefore, to achieve these objectives, the Internal Audit Mission is to enhance and protect the value of PT. Pemindo Mitra Sinergi by providing risk-based and objective assurance, advice, and insights.

Structure

  • The Internal Audit Unit is led by a Head of Internal Audit.
  • The Head of the Internal Audit Unit is appointed and dismissed by the President Director with the approval of the Board of Commissioners.
  • The President Director may dismiss the Head of Internal Audit, with the approval of the Board of Commissioners, if the Head of Internal Audit does not meet the requirements as an Internal Audit Division Auditor as stipulated in this regulation or fails or is incompetent in performing their duties.
  • The Head of Internal Audit is administratively responsible and reports to the President Director and functionally responsible and reports to the Board of Commissioners and the Audit Committee.
  • Auditors in the Internal Audit Unit report directly to the Head of Internal Audit.

Duties and Responsibilities

  • Develop an annual audit plan based on a risk-based methodology and submit the plan to the Board of Directors and the Board of Commissioners through the Audit Committee for approval.
  • Implement the approved audit plan, including special tasks or projects requested by the Board of Directors or the Board of Commissioners through the Audit Committee.
  • Ensure the availability of sufficient audit staff with adequate knowledge, expertise, experience, and professional certification to conduct audits.
  • Conduct audit activities and assess the efficiency and effectiveness of finance, procurement, purchasing, services, operations, marketing, information technology, and other activities.
  • Provide recommendations for optimizing procurement processes and IT services.
  • Supervise IT infrastructure, including procurement systems, networks, and applications.
  • Prepare audit reports and submit them to the audited party with copies to the President Director, Compliance Director, relevant units, and the Board of Commissioners through the Audit Committee.
  • Periodically report to the Board of Directors and Board of Commissioners through the Audit Committee on objectives, authority, duties, responsibilities, and Internal Audit performance compared to its plan. Reporting also includes significant risk exposures and control issues.
  • Monitor, analyze, and report on the implementation of recommended corrective actions.
  • Provide improvement suggestions and objective information on activities examined at all management levels.
  • Ensure that management has implemented agreed improvements timely, conduct follow-up work as necessary to ensure adequacy, effectiveness, and timeliness of improvements.
  • Evaluate the implementation of internal control and risk management systems in accordance with company policies.
  • Develop a program to evaluate the quality of internal audit activities conducted.
  • Conduct special examinations when necessary.
  • Prepare performance evaluation measures for Internal Audit’s success and achievement of objectives.
  • Maintain adequate audit working papers following applicable regulations.
  • Implement a Quality Assurance and Improvement Program (QAIP) covering all aspects of Internal Audit activities.
  • Submit quality assurance and improvement program reports on Internal Audit activities.

Professional Standards

  • Internal Audit must comply with International Standards for Audit Guidance and Practices.
  • Internal Audit work and audit results are confidential and will not be disclosed to third parties, except to external auditors, with the approval of the President Director and/or the Audit Committee Chairman.

Authority

To ensure optimal execution of duties and responsibilities, the Head of Internal Audit is granted authority to:

  • Determine audit strategy, scope, methods, and frequency independently.
  • Obtain information from all work units and employees within the company.
  • Conduct physical reviews of all company assets.
  • Conduct investigative audit assignments without prior communication with other parties within the company, except with the President Director and the Audit Committee.
  • Evaluate data protection and information security policies in compliance with regulations.

Code of Ethics

Internal auditors are expected to apply and uphold the following principles:

  1. Integrity
  2. Objectivity
  3. Confidentiality
  4. Competence

Prohibition of Dual Roles and Positions

Auditors in the Internal Audit Unit are prohibited from holding dual roles with operational company activities in either the parent company or its subsidiaries.

Miscellaneous

  • The appointment, replacement, or dismissal of the Head of Internal Audit must be promptly announced on the company’s website.
  • This charter will be periodically reviewed for improvements (if necessary).
  • The Internal Audit Charter is made in both Indonesian and English. In the event of inconsistencies, the Indonesian version shall prevail.