Hidayat Prabowo

Departemen Manajemen Risiko & Pengendalian Kualitas OJK

Yogyakarta, 3 Desember 2014

 HOT TEA

“GOVERNANCE, like tea, could only be appreciated

when It’s in Hot Water”

1
 Agenda
1
Fraud Issues
2
Governance & GRC
3
CA Model OJK & Fraud
Prevention
 Fraud Triangle
Opportunites
• IC lemah • Supervisi lemah
• Assurance gagal • Kompetensi kurang

• Tuntutan persaingan • Demi organisasi

• Salary tidak cukup • Yang lain juga lakukan
• Target yang ambisius • Tidak muncul kerugian
dan tidak rasional langsung

Pressures Rationalisation

2
 Fraud – Issues
1. Fraud triangle - “teori disepakati” = Opportunities +
Pressure + Rationalisation.
 Fraud = Crime = Opportunities + Intention/Niat/ f (Pressure +
Rationalisation)
 “Dahulu”, internal control hanya fokus untuk menekan opportunities,
NIAT tidak dapat dicegah atau diminimalkan.
 COSO IC Framework , mengubah paradigma dasar:
- Soft control, type Y > type X (1 orang tidak dapat dipercaya)
- Soft control menekan NIAT = f (Pressure + Rationalisation)

3
 Fraud – Issues
2. Fraud diawali dengan non compliance events/NCE
(pelanggaran aturan, prosedur)
 meminimalkan fraud harus meminimalkan non compliance events,
dengan
 kompetensi (improve) dan disiplin (tone at the top, strategi,
enforcement)
 strong message, bahwa cepat atau lambat fraud akan terdeteksi, pelaku
dihukum - efek PENCEGAHAN
 NCE tidak selalu menghasilkan Fraud, tapi Fraud hampir selalu
dimulai (dipicu) dengan NCE - sering menjadi PEMBENARAN

4
 Fraud – Issues
3. Fraud tidak mungkin zero
 Harus di “manage” - fraud risk management
 Strategy mitigasi fraud berbeda untuk masing-masing kuadran ,
perhatian atas “Black Swan”
 Mencegah lebih baik dari mengatasi setelah terjadi
 Tidak ada “kesalahan” 3rd line tanpa ada kesalahan 1st dan 2nd line –
penerapan konsep 3 line of defense (CA /GRC > 3LoD)
 Fraud vs Corruption. Fraud selalu ada kesengajaan/niat jahat
sedangkan Corruption bisa sengaja dan tidak sengaja (karena
kompetensi, keteledoran, kesalahan administratif)

5
 Fraud Risk Management - Strategy
Pricing Strategy Risk Premium

HOUSE MANAGE
KEEPING
Probability

Allowance

MONITOR CONTINGENCY
PLAN
Capital

Impact
61

Third Line : Internal Audit
First Line : Operational Manager
Pre Event
- Strategy : Anti Fraud Strategy Fraud Event
- Goals and Objevtices : Reduce Fraud & Early
Warning Fraud Detection
- Policies and Procedures : Policies & Procedures
of Anti Fraud Strategy or Whisle Blowing System,
Surprise Audit Methodology
- Structure and Processes: Fraud Detection
System or Whistle Bolwing System
- Risk Monitoring : Risk Profile Up Date
- Control : Internal Control Identifiacation,
Internal Control Implemenatation
- Activities : Risk Monitoring, Internal Control
Effectiveness Evaluation, Surprise Audit,
Surveillance System
Preventive
Deterrent
- Strategy : Anti Fraud Awareness , Risk Awareness,
Know Your Employee
- Risk Management : Identify, Analysis and Mitigate
Fraud Risk.
- Goals and Objevtices : Mitigate & Reduce Fraud
- Policies and Procedures : Business Ethic, Standard
Operating Procedures, Job Desk Analysis, Anti Fraud
Statement
- Structure and Processes : Organisation Structure,
Segregation of Duties.
- Laws and Regulation : Anti Fraud Strategy for
Banking.
2nd : Risk Management, Quality Mgt, Compliance, Legal
Strategi Anti Fraud
Post Event
- Strategy : Anti Fraud Improvement Strategy
- Goals and Objevtices : Reward or Punishment, Corrective
Action Report
- Policies and Procedures : Reward or Punishment Policies
& Procedures.
- Structure and Processes: Fraud Detection System or
Whistle Bolwing System Up Date
- Risk Management : Risk Profile Up Date
- Control : Internal Control Effectiveness Up Date
- Activities : Corrective Action
- Laws & Regulation : Legal Compliance on Witness
Protection, Labour Regulation, Industrial Relation Policies
Investigative
Detective
- Strategy : Fraud Assurance & Audit Program
- Goals and Objevtices : Fraud Audit Report
- Policies and Procedures : Fraud Audit Policies &
Procedures, Legal Compliance on Witness Protection
- Structure and Processes: Fraud Detection System or
Whistle Bolwing System, Fraud Audit
- Risk Management : Risk Profile Up Date
- Control : Internal Control Effectiveness
- Activities : Risk Monitoring, Internal Control Effectiveness
Evaluation, Fraud Audit, Surveillance System
- Laws & Regulation : Legal Compliance on Witness
Protection
Third Line : Internal Audit
712
 Anti Fraud Strategy vs FRM Quality
• Efisien • Costly
• Mudah • Effort Besar “A leader who fails to provide focus
and resources for prevention
activities is practicing a false
economy”

Quality
-
Fraud Risk
Management

Post Event/
Pre Event Fraud
Response
events

8
 Fraud – Issues
4. Membangun sistem vs leadership
 Peran para leaders sangat penting (komitmen, strong message, role
model, enforcement yang disiplin). Business leaders = Governance
leaders
 Sistem yang efektif dibangun oleh leaders yang efektif , bukan leaders
yang populer / “disukai”.
 Players vs victims mentallity, setiap orang ambil peran dan tangung
jawab (whistleblower), result orientation & focus on process.
 Responsible = ability to response, bukan hanya secara formal
bertanggung jawab namun seberapa mampu kita meresponse “semua”
yang dapat mempengaruhi diri kita ...

9
 Agenda

1
Fraud Issues
2
Governance & GRC
3
CA Model OJK & Fraud
Prevention
 Good Governance – Definisi
The UK Corporate Governance Code (Cadbury Report) – Sept 2012
Corporate governance is the system by which companies are directed
and controlled....

OECD Definition of Corporate Governance

“Procedures and processes according to which an organisation is
directed and controlled

King III (King Report on Governance for South Africa 2009)

“There is always a link between good governance and compliance
with law. Good governance is not something that exists separately
from the law and it is entirely inappropriate to unhinge governance
from law”

10
 Good Governance - Pengertian

• Governance is real and practical.

Tidak hanya di level konsep dan principles tapi Governance harus ada
strukturnya, komponen, proses, dipraktikan, diukur, dirasakan manfaatnya.

• Governance memastikan pencapaian tujuan.

Menyeimbangkan aspek security (risk mgt, compliance, control dll) dan aspek
pertumbuhan (bisnis, operasional, service dll) melalui implementasi prinsip-
prinsipnya.

• “One strike you’re out”.

Tidak ada toleransi bagi pelanggar hukum (Governance), melanggar
governance langsung “mati” namun kalau karena kalah bersaing butuh waktu
panjang.

11
 GRC – Pengertian

Konsep, Prinsip-Prinsip, Metodologi, Strategi,

Framework, Proses Bisnis, Sistem Aplikasi, dan
MINDSET / PARADIGM !!!
KPMG 2012
GRC is more tha a software solution....strategic discipline, continous
and integrated process....

12
 GRC - Scope
Governance
• Menetapkan obyektif, mengevaluasi
kinerja.
• Menetapkan business strategy & Compliance
model untuk mencapai objectives Governance
• Memastikan kecukupan peraturan
internal dan keseuaian dengan
peraturan eksternal
• Memastikan kepatuhan terhadap
Culture kebijakan dan seluruh peraturan.
Risk Management • Mendeteksi ketidak-patuhan dan
memitigasi
• Identifikasi, assess, dan
mengelola risiko untuk
mencapai objectives
• Identifikasi dan memitigasi risiko

Source: Open Compliance and Ethics Group

13
Tanpa GRC

Masing-masing
memberi signal,
namun warna
berbeda-beda,
tidak jelas mana
yang benar,
membingungkan
“stakeholders”

14
 GRC – Evolusi

Note : from various resources

15 1
 Agenda
1
Fraud Issues
2

Governance & GRC

3
CA Model OJK & Fraud
Prevention
Model Combined Assurance OJK

20
16
 Combined Assurance – Definisi
King III - 2009
Integrating and aligning assurance process in an organisation to
maximise risk and governance oversight and control efficiencies, and
optimised overall assurance to the audit and risk committee,
considering the company risk appettite.

OJK - 2014
Combined Assurance adalah proses yang dilaksanakan oleh seluruh
fungsi asurans secara sinergis, melalui pendekatan yang sistematis
dan menyeluruh (combined) untuk meningkatkan efektivitas dan
efisiensi pelaksanaan proses governance, manajemen risiko, kontrol
internal, pengendalian kualitas, dan kepatuhan (compliance) dalam
rangka memastikan pencapaian tujuan organisasi.

17
 CA Framework
1. Planning

Supervision & Monitoring

4. Continuous
Monitoring & Standard & Information 2. Continuous
Improvement
Methodology Assurance
Procedure System Assignment
Program

Culture & Organization

: CA Component
3. Reporting
: CA Process 22
18
 CA & Risk Management Process

CA / GRC akan memastikan bahwa seluruh proses fraud deterrent,

prevention, detection, investigation, correction berjalan efektif.
19
 CA Process
1 2 Planning3 4 5

Strategic Risk Level &

Process Inherent Risk Control
Objectives Priority
Identification Identification Identification
Identification Identification
1 2 3 4 5

1-4 : 1st Line using risk management tools

5 : Preparation of OJK risk profile by RMQA Proposed
Updating Risk 6-7 : Planning CA Working Group (1st, 2nd, & 3rd) Assurance
Profile Strategy
Monitoring

8 : Determining OJK risk profile & assurance strategy by OJK

BOC
Identification 6
14
9-10 : `
CA implementation by each of the assurance provider

Monitoring & 11 : Report by each of the assurance provider

Supervision Designing CA
-Action Plan 12 : Preparation of Periodic CA report Working Group Matrix Plan
-Improvement13 9 7
13-14 : Review 11 10 on correction or
of recommendation based
corrective Audit findings

Report: Independent Management Set up Risk

Combined - Management Assurance: Assurance: Priority &
Assurance Assurance - Review
- Independent - Validation - Mitigation Assurance
Report
12 Assurance 11 - Audit 10 - RCSA 9 Strategy 8

Reporting Executing 24
20
 CA/GRC & Strategi Anti Fraud

Tantangan
1. Peran leaders. Dalam penerapan CA / GRC perlu visi dan
komitmen
2. SILO mentallity. Pertumbuhan disiplin masing-masing bidang
G-R-C yang sedang cepat sehingga sinergi merupakan “ancaman”
bagi pengembangan
3. Cost – benefits. Biaya yang cukup besar untuk memulai
sedangkan manfaatnya perlu waktu dan kesabaran
4. Change management. Eksekusi yang harus disiplin, melibatkan
ownership seluruh fungsi assurance

21
Terima Kasih….