INTERNAL AUDITING ESSAY

SUBMITTED TO:
MRS. SYAFIQHA IHSANI HASANIA BASRI

PREPARED BY

No Name NIM
1 Firyal Arina Salsabila 17102031
2 Jodi Prasetyo 17101220
3 M. Raihan Alfathi 17102067
4 Perdana Priambudi 17102080

SHARIA ACCOUNTING DEPARTMENT

FACULTY OF ISLAMIC ECONOMICS AND BUSINESS
TAZKIA ISLAMIC UNIVERSITY COLLEGE
BOGOR

2020 M / 1440 H
 FOREWORD

This paper discusses questions about internal auditing cases. Mulyadi [2002: 29]
Internal Audit is an auditor who works within an entity / company whose task is to determine
whether the procedures and policies that have been compiled and established by management
have been complied with, determine whether safeguarding the assets of the entity /
organization is good or not, determining the level of effectiveness and efficiency of
procedures for the activities of the organization's activities, as well as determining the
reliability of information that has been produced by the parts of the entity / organization.
The focus of the discussion of this paper is to determine the importance of internal audit
and to sharpen our analysis in dealing with internal auditors' cases and the importance of
strong internal controls.
In this paper the authors used several sources listed both from mass media and written
media. The purpose of making this paper is also to fulfill assignments in the internal audit
course. The author apologizes for all limitations in writing this paper.

Bogor, October 26th, 2020

(Authors)

ii
 TABLE OF CONTENTS

COVER.......................................................................................................................................i
FOREWORD.............................................................................................................................ii
TABLE OF CONTENTS..........................................................................................................iii
TABLE OF
FIGURES...............................................................................................................iv
CHAPTER I QUESTIONS
1.1. Questions
1...............................................................................................................1
1.2. Questions
2...............................................................................................................1
1.3. Questions
3...............................................................................................................1
CHAPTER II ANSWERS
2.1. Answer of Question
1...............................................................................................2
2.2. Answer of Question
2...............................................................................................2
2.3. Answer of Question
3...............................................................................................8
REFERENCES

iii
 TABLE OF FIGURES

Figure 1. Flow of Audit.............................................................................................................3

Figure 2. The Fraud Triangle.....................................................................................................5
Figure 3. Internal Control—Integrated Framework...................................................................8

iv
 CHAPTER I
QUESTIONS

1.1. Question 1
Explain the importance of internal audit. Relate with theory and discuss.

1.2. Question 2
You as an internal auditor discover that one of the employee in the finance department
has committed fraud by stealing Rp. 15.000.000 from petty cash account and some of
company inventories.
- What action would you take in order to overcome this situation?
- What is your recommendation in order to avoid this thing to happen again in the
future?
- Create internal audit report based on the given case.

1.3. Question 3
Explain the benefit of having strong internal control in the company. Then, explain the
disadvantages of having weak internal control in the company. Show examples of each.
(Real cases in companies).

1
 CHAPTER II
ANSWERS

2.1. Answer of Question 1

Internal auditing is an independent, objective assurance and consulting activity
designed to add value and improve an organization's operations [ CITATION Ins20 \l
1057 ]. Private companies and government institutions needs an internal audit process
in managing their companies[ CITATION Wad20 \l 1057 ]. There are some reasons
why internal audit is important for the company.
Firstly, to secure the company’s property and recording system since it is
valuable things for company. Physical forms of property such as important documents,
receivables can be misused and stolen. Therefore, it is necessary to have more adequate
supervision in order to minimize actions that can harm companies such as fraud and so
on. And surveillance and security of computerized systems must be strictly
implemented.
Secondly, to ensure the company is obey for the regulations. Internal control is a
process that must be carried out by the company as proof that the company has
implemented in accordance with the existing regulations, both the company and
government regulations.
Lastly, to increase the efficiency and productivity of company. Through internal
audit process the auditors know that SOP is already running in accordance with the
field conditions and the internal audit process can also help in controlling the risks that
will be faced by the company.
The internal audit will develop the company’s system, so company will be
considered as a great business entity, especially in asset security and financial
statement, so it will attract investors to invest more.

2.2. Answer of Question 2

The fraud that will be analyzed in this case, is divided into two types, which are
theft for personal use & theft for resale [ CITATION Joh13 \l 1057 ]. In this case,
auditors can analyze that the employee committed theft in two ways, namely stealing
money and goods.
Firstly, for theft of goods, the likely action that will be taken by the employee is
to sell the inventory he stole which we call theft for resale. This is due to the lack of

2
internal control within the company and creates a loophole for the employee to steal
inventory that should be the company's assets. The value of such goods or supplies for
the employee stealing is not calculated from how much the company losses, but from
how the employee's ability to sell to the person who purchased the stolen goods. The
more goods in the company, the greater the chance of theft of goods, and the higher the
value that will be obtained by the employee.
Then, for money theft, it is possible that the action that the employee will take is
to use the money for personal purposes, called theft for personal use. This can happen
because the money stolen is consider as little value to the company but can be a great
value to the employees. So, the employee felt his actions is the right thing to do because
the amount of Rp15.000.000 is not a significant amount for the company.
These theft things can also called a salami technique which stealing the
company’s assets from some sources, such as bank accounts, petty cash accounts,
inventory accounts, etc.

Figure 1. Flow of Audit

Source: The Institute of Internal Auditor Topeka Chapter

3
Steps
As the internal auditor have a job to do investigation about any fraud or error in
company, for this case, first thing that auditor should do is think like a thief. Find any
loophole and weakness and even opportunities that caused that fraud. All the files or
documentations which relate to the fraud issues have to be gathered to help auditor in
reviewing the documents, making investigation steps and identifying which controls that
possible to break. Then, the auditors have to discover some tests to find any visible sign of
inappropriate actions. The test can be done in electronic or manual way.
The use of electronic way is to shorten time in finding related evidences in huge
possibilities that will occur. Next step is doing interviews of targeted people or department,
for this case is financial department. This will be an effective way of uncovering information
and evidence that is beyond the reach of the computer. In the interview stage, auditors can
find hidden information from related parties or departments regarding the fraud that was
committed. If in the process of investigating a computerized audit doesn’t find any record of
the fraud, an interview can be an alternative way to find out how the fraud was planned and
implemented. Last but not least, auditors must observe what indicators caused the fraud to
occur.
The auditor can ask internal data from the relevant department or in this case the finance
department, request access to financial report data, invoices, receipts, memos or any data that
might be evidence of this unusual event. After all those steps has done, auditor need to
consider all indicators that surface in investigation process and do follow up about that. So,
the ending result is the actors that do fraud will show up and revealed by the internal auditor,
and also internal auditor can strengthen the weaknesses and loopholes regarding the last fraud
case that happened.

Recommendation
Based on the cases listed here fraud that is included the theft of money from petty cash
and inventory of companies that are included in the fraud in the misappropriation of assets.
There are three things that encourage fraud efforts, namely the encouragement that causes a
person to commit fraud (pressure), opportunities that allow fraud to occur (opportunity), and
an important element in the onsanment of fraud, where the perpetrator seeks justification for
his or her actions (rationalization).

4
 Figure 2. The Fraud Triangle
Source: Best Business Circle

In this case we analyze the cause of this fraud because the employee sees a pressure, it
could be internal presscure and ecternal pressure. From this case we see internal pressure
might come from the family, the employees stole money as much as Rp. 15 million to fulfill
the needs of his family and perhaps also from the lifestyle of his family that demands him to
give his best. The Other cause because the employee have opportunity. The opportunity come
because he works at finance departement that he could be easily stole money from the patty
cash and unlikely to be discovered. And the last is the rationalization, it maybe because he
think that he didn't do anything wrong, he could easily carry out his actions in the
misappropriation of the company's inventory or assets.
Based on the above explanation we must take precautions that to solve the above
problems so as not to repeat itself in the future with fraud prevention environment. From the
source we got fraud prevention environment divided into 10 types namely anti-fraud internal
control infrastructure, acceptable and unacceptable behavior is defined and communicated,
leaders at all levels set a great example – every day, Policy on Suspected Misconduct,
Reporting of suspected violations is required, Losses are identified, quantified and tracked,
Comprehensive fraud exposure analysis, Meaningful fraud skills training for employees ,
Auditors and employees look actively for fraud, Fraud response is in place and ready to go
[ CITATION Joh13 \l 1057 ].
From the several types of options above, we find that some types of control that are
appropriate in handling this case are the implementation of the Anti-Fraud internal control
infrastructure. With this application, it is hoped that fraud will occur and be more quickly
identified if it occurs. Of course this will strengthen internal control

5
 Then, a Policy on Suspected Misconduct that will manage this risk effectively.
Employees and managers will have a one-stop resource explaining their role in effective
incident prevention, early detection, and response. It will reduce the risk on rationalization.
Identification, Quantification and Trace Losses also have an important role in this
prevention effort. By listing the areas where losses have occurred in the past then examining
these areas and determining the range of possible levels of losses that will occur. This is
expected to reduce opportunities for fraud
Then also by implementing Fraud Skills Training to conduct fraud awareness and
skill training programs that discuss things that employees and auditors need to know to
prevent, detect and handle fraud. It is expected to reduce the risk on rationalization. Then
auditors and employees look for symptoms and indicators of fraud in the information they see
every day.
Managers and employees monitor each other for indicators of fraud in the documents
they handle and approve, in reports of operations and exceptions, and in behavior. Auditors
brainstorm fraud risk on each project, link fraud risk to specific audit procedures, and
perform fraud detection measures during their tests and interviews to prevent pressure.

Internal Audit Report

Audit Report

From : Internal Audit Department

To : Finance Department
Subject : Audit Findings
Period : 2020

Condition
Fraud which was conducted by one of employee in Finance Department, which stealing
Rp15.000.000,00 from petty cash & some inventories

Reason/Cause
Lack of controls and monitoring

Recommendation
6
The department should perform the following:
 Design the internal control infrastructure within petty cash & inventoriy section
tightly
 Make list of areas that often occur fraud until the possible of losses decrease
 Mark the significant transaction
 Re-new the procedures within those sections to prevent unwanted event
 Communicate wisely to employee for any unusual events that occur

Bogor, October 26th, 2020

Audit Supervisor

7
2.3. Answer of Question 3

Figure 3. Internal Control—Integrated Framework

Source: Committee of Sponsoring Organizations of the Treadway Commission (COSO)

According to COSO framework, internal control is good if the system inside the
company runs effectively and efficiently in accordance with existing procedures and
applicable regulations. Coso framework components include 5 main things that must be
applied to achieve enterprise objectivity. The following are the advantages and disadvantages
of having strong & weak internal control.
Advantages having strong internal control are the scope of the internal audit is defined
by management or the Board (not an outside agency or adversarial entity), internal audit
“reports” directly to management or the Board, advances the “control environment” of the
organization, and eventually increases accountability within the organization. For example
PT. Astra Otoparts Tbk has CIA (Corporate Internal Audit) that assists management in
achieving company goals. Throughout 2019, CIA conducted 61 audit activities in divisions,
subsidiaries, sales offices, depots, and Shop&Drive outlets that cover operational audits. CIA
also conducted advisory functions related to new business process in the Company.
Disadvantages having weak internal control are inadequate documentation to affords
the evidence and no secondary data to backups the primary data, lack of control with
approval of transactions, no review for the future decision making, lack of separation of
duties. For example, PT Sunprima Nusantara Pembiayaan (Sunprima Finance) failed to pay
the interest on medium term notes until the entry of the Debt Payment Obligation Delay
(PKPU) process. In fact, in 2016, giving by management, Sunprima Finance did not make
any payments. It's just that there is a rearrangement with Bank Mandiri regarding the amount
and tenor of payments so that the company can get funds from other banks. However, SNP

8
Finance can’t pay the interest of payments. All the debts that SNP Finance failed audited by
Deloitte as its auditor. Deloitte failed to detect any fraudulent schemes in the SNP Finance’s
financial statement. The COSO framework that writers get are risk assessment, control
activities, information – communication, and monitoring failed to process on SNP Finance
and make SNP has a lot of debts.

9
 REFERENCES

Admin. (2019, December 14). Business. Retake from Best Business Circle:
https://bestbusinesscircle.com/fraud-triangle/
Annette Schandl MSIB, C. &. (2019, January). Retake from Committee of Sponsoring
Organizations of the Treadway Commission:
https://www.coso.org/Documents/COSO-CROWE-COSO-Internal-Control-
Integrated-Framework.pdf
Institute of Internal Auditor. (2020). Standards & Guidance. Retake from Institute of Internal
Auditor North America: https://na.theiia.org/standards-guidance/mandatory-
guidance/Pages/Definition-of-Internal-Auditing.aspx
John J. Hall, C. (2013, May 1). Retake from www.hallconsulting.biz:
https://chapters.theiia.org/topeka/Documents/Participant%20Materials%20-
%20FRAUD%20Issue%20and%20Answers%20for%20IA_May%201%202013.pdf
Patel, S. (2015, August 6). 10 Examples of Companies With Fantastic Cultures. Retake from
Entrepreneur Asia Pacific: https://www.entrepreneur.com/article/249174
Strand, L. H. (2014, October 2). 10 Common Internal Control Deficiencies Found in Small
Businesses. Retake from Aprio: https://www.lbahs.com/blog/common-internal-
control-deficiencies-found-in-small-businesses/
The Benefits of the Internal Audit. (2015, March 9). Retake from Withum:
https://www.withum.com/resources/benefits-internal-audit/
Wadiyo. (2020, Mei 5). Mengenal Internal Audit: Konsep, Tujuan, Dan Struktur Organisasi.
Retake from Manajemen Keuangan: https://manajemenkeuangan.net/internal-audit-
efektif/

10