Internal audit standards in Indonesia are guidelines used to ensure that the internal audit function is carried out professionally, independently, objectively, risk-based, and provides added value to the organization.<\/p>\n\n\n\n
However, there is no single standard that applies uniformly to all organizations. The guidelines that must be used depend on the organization's status, industry sector, and applicable regulations.<\/p>\n\n\n\n
Private companies can generally refer to the Global Internal Audit Standards issued by the Institute of Internal Auditors (The IIA). Meanwhile, the Government Internal Audit Apparatus uses the Indonesian Government Internal Audit Standards. Issuers, public companies, banks, and financial services institutions must also comply with specific provisions from the Financial Services Authority.<\/p>\n\n\n\n
Therefore, business owners need to understand which standards are relevant before establishing or evaluating an internal audit function in their company.<\/p>\n\n\n\n
Audit standards<\/a><\/strong> Internal audit is a set of professional principles and requirements that govern how the internal audit function is established, managed, performed, and evaluated.<\/p>\n\n\n\n These guidelines not only regulate audit procedures. The standards also regulate the position of the internal audit function within an organization. auditor competency<\/a><\/strong>, relations with directors and board of commissioners, management of conflicts of interest, to monitoring follow-up on recommendations.<\/p>\n\n\n\n Implementing standards is necessary to ensure that audits are not merely administrative audits. Internal audits should help organizations evaluate and improve the effectiveness of:<\/p>\n\n\n\n With clear standards, management can obtain audit results that are more consistent, accountable, and relevant to business objectives.<\/p>\n\n\n\n The selection of Indonesian audit standards must take into account the organization's structure and environment. Below are some of the most relevant frameworks and regulations.<\/p>\n\n\n\n Global Internal Audit Standards or GIAS are professional standards published by The Institute of Internal Auditors.<\/p>\n\n\n\n GIAS 2024 was published as a mandatory part of the International Professional Practices Framework or IPPF and became effective on January 9, 2025. This standard is a global reference in establishing, managing, and evaluating internal audit functions.<\/p>\n\n\n\n GIAS consists of five main domains.<\/p>\n\n\n\n This domain describes the purpose of internal audit and the value it should provide to the organization and its stakeholders.<\/p>\n\n\n\n Internal audit is expected to strengthen the organization's ability to create, protect, and maintain value through independent and risk-based assurance, advisory, insight, and foresight activities.<\/p>\n\n\n\n This domain governs the professional conduct of internal auditors, including:<\/p>\n\n\n\n Auditors must be free from bias, conflicts of interest, and interventions that could influence audit conclusions.<\/p>\n\n\n\n This domain regulates how the internal audit function obtains adequate mandate, standing, independence and oversight from the board or party carrying out the oversight function.<\/p>\n\n\n\n Things to pay attention to include:<\/p>\n\n\n\n This domain regulates the management of the internal audit function, from strategy development, audit planning, resource management, communication with stakeholders, to quality improvement.<\/p>\n\n\n\n The head of internal audit must ensure that the resources, competencies, methodologies, and technologies used are aligned with the organization's needs.<\/p>\n\n\n\n This domain regulates the execution of each audit assignment, including:<\/p>\n\n\n\n Private companies can use GIAS as a primary foundation for building professional internal audit methodologies and systems.<\/p>\n\n\n\n The Indonesian Government Internal Audit Standards or SAIPI are used in internal audit activities within the government.<\/p>\n\n\n\n SAIPI was established by the Association of Indonesian Government Internal Auditors (AAIPI) through Regulation Number PER-01\/AAIPI\/DPN\/2021. These standards must be implemented by leaders of Government Internal Audit Apparatus and auditors in internal audit activities.<\/p>\n\n\n\n SAIPI 2021 has two main groups.<\/p>\n\n\n\n Attribute standards regulate the characteristics of organizations and individuals who carry out internal audits. Their scope includes:<\/p>\n\n\n\n Performance standards govern how internal audit activities are managed and implemented. Their scope includes:<\/p>\n\n\n\n As of June 2026, AAIPI still lists SAIPI 2021 as its government internal audit standard. However, the revision and alignment process with GIAS 2024 is underway. Government organizations should monitor AAIPI's official publications for future standard updates.<\/p>\n\n\n\n Issuers and public companies must pay attention to POJK Number 56\/POJK.04\/2015 concerning the Formation and Guidelines for the Preparation of Internal Audit Unit Charters.<\/p>\n\n\n\n This regulation requires issuers or public companies to have an Internal Audit Unit. The number of auditors should be adjusted to the scale and complexity of the company's business activities.<\/p>\n\n\n\n Internal auditors are also expected to have integrity, independence, objectivity, communication skills, audit knowledge, understanding of regulations, and competencies relevant to their field of business.<\/p>\n\n\n\n Public companies are required to have an Internal Audit Charter which at least regulates:<\/p>\n\n\n\n The charter is established by the board of directors after obtaining approval from the board of commissioners.<\/p>\n\n\n\n The Internal Audit Unit must also be able to access relevant information, communicate with the board of directors, board of commissioners and audit committee, and monitor the implementation of follow-up on audit recommendations.<\/p>\n\n\n\n In addition to provisions for issuers and public companies, some sectors have more specific internal audit regulations.<\/p>\n\n\n\n Examples include:<\/p>\n\n\n\n Companies operating in regulated sectors need to map all applicable regulations. GIAS can be used as a professional standard, while OJK regulations, ministerial regulations, or other sector regulations serve as compliance requirements.<\/p>\n\n\n\n The term \u201cIndonesian audit standards\u201d can cause confusion because internal audits and financial statement audits use different guidelines.<\/p>\n\n\n\n\n
What are the Internal Audit Standards in Indonesia?<\/h2>\n\n\n\n
1. Global Internal Audit Standards from The IIA<\/h3>\n\n\n\n
Domain I: Purpose of Internal Auditing<\/h4>\n\n\n\n
Domain II: Ethics and Professionalism<\/h4>\n\n\n\n
\n
Domain III: Governing the Internal Audit Function<\/h4>\n\n\n\n
\n
Domain IV: Managing the Internal Audit Function<\/h4>\n\n\n\n
Domain V: Performing Internal Audit Services<\/h4>\n\n\n\n
\n
2. Indonesian Government Internal Audit Standards<\/h3>\n\n\n\n
Attribute Standards<\/h4>\n\n\n\n
\n
Performance Standards<\/h4>\n\n\n\n
\n
3. OJK Regulations for Issuers and Public Companies<\/h3>\n\n\n\n
\n
4. Special Regulations Based on Industrial Sector<\/h3>\n\n\n\n
\n
Differences between Internal Audit Standards and Financial Statement Audit Standards<\/h2>\n\n\n\n