to select ↑↓ to navigate
Company Playbook

Company Playbook

Company Playbook Data & AI Playbook Delivery Playbook Engineering Playbook Finance Playbook HR Playbook Learning Playbook Marketing Playbook Partnership Playbook Presales Playbook Product Playbook QA & Testing Playbook Sales Playbook Strategy & Advisory Playbook
Edit
Open in ChatGPT
Ask ChatGPT about this page
Open in Claude
Ask Claude about this page

Internal Audit Policy

Internal Audit Policy

Merujuk pada ISO 19011:2018 (Guidelines for Auditing Management Systems), ISO 9001:2015 Clause 9.2 (Internal Audit), ISO 27001:2022 (Information Security Management), dan Best Practice Internal Control Framework

Document Control

Aspek Detail
No. Dokumen POL-LDR-006
Versi 2.2
Berlaku sejak 20 Februari 2026
Review berikutnya 20 Agustus 2026
Pemilik Dokumen People & Culture
Disetujui oleh Director

Riwayat Revisi

Versi Tanggal Penulis Perubahan
1.0 Februari 2026 People & Culture Dokumen awal
2.0 20 Februari 2026 AI Audit System Penambahan document control, standarisasi format
2.1 21 Februari 2026 AI Audit System Perbaikan nilai CIRCCA
2.2 21 Februari 2026 AI Audit System Integrasi referensi BizOps

Filosofi CIRCCA

  • Curiosity: Internal audit adalah proses eksplorasi mendalam yang melibatkan berbagai departemen dengan pendekatan constructive untuk improvement bukan punishment.
  • Impact: Internal audit berfokus pada menghasilkan dampak nyata melalui temuan yang actionable, dengan fokus pada fakta yang terverifikasi dan rekomendasi yang terukur.
  • Respect: Kami menghargai setiap departemen dan individu yang diaudit dengan proses yang menghormati waktu dan resources mereka.
  • Courage: Internal audit memerlukan keberanian untuk mengidentifikasi dan melaporkan temuan secara objektif, termasuk di area yang sensitif.
  • Commitment: Setiap audit mengidentifikasi opportunities untuk enhancement dengan tren findings yang dianalisis untuk improvement kebijakan organisasi.
  • Adaptability: Proses audit disesuaikan dengan perubahan regulasi, standar, dan kebutuhan organisasi, dengan setiap departemen responsif terhadap implementasi corrective actions.

Ruang Lingkup

Aspek Keterangan
Berlaku untuk Semua departemen, fungsi, proses, dan systems di Divistant
Cakupan Quality Management System (ISO 9001), Information Security Management System (ISMS per ISO 27001), Operational Processes, Financial Controls, Human Resources Management, Data Protection, Compliance dengan peraturan
Pihak terkait Leadership Team, Legal & Compliance, Internal Auditor (Internal atau External), Department Manager, Audit Committee (jika ada), dan semua karyawan Divistant

Definisi Istilah

Istilah Definisi
Internal Audit Proses evaluasi sistematis, independen, dan objektif terhadap kepatuhan terhadap kebijakan, prosedur, dan sistem manajemen untuk memastikan efektivitas operasional dan risk management
Auditee Departemen, fungsi, atau area yang sedang diaudit
Auditor Individu yang berkualifikasi untuk melakukan audit sesuai standar ISO 19011
Audit Objective Tujuan spesifik dari setiap audit, misalnya: assess compliance, evaluate effectiveness, identify improvement opportunities
Audit Plan Dokumen rinci yang mencakup scope, timing, resources, dan metodologi audit
Finding Observasi terhadap bukti (evidence) yang mendukung atau tidak mendukung compliance dengan criteria audit
Non-Conformance (NC) Ketidaksesuaian terhadap requirement dalam kebijakan, prosedur, atau standar yang berlaku
Observation Temuan yang menunjukkan potential issue atau improvement opportunity, tetapi belum menjadi non-conformance
Corrective Action Tindakan untuk menghilangkan akar penyebab (root cause) dari non-conformance
Follow-up Audit Audit yang dilakukan untuk memverifikasi implementasi corrective actions dari audit sebelumnya
Audit Report Dokumentasi formal dari hasil audit mencakup findings, recommendations, dan corrective actions

Pernyataan Kebijakan

Divistant berkomitmen untuk memastikan bahwa semua aspek operasional, financial, information security, dan compliance berjalan sesuai dengan kebijakan, prosedur, dan standar yang berlaku. Internal audit adalah fungsi penting dalam governance structure perusahaan yang memberikan independent assurance atas efektivitas sistem manajemen dan kontrol internal.

Kebijakan Internal Audit menetapkan framework untuk melaksanakan audit internal yang sistematis, objektif, dan konstruktif dengan tujuan untuk: (1) Memverifikasi compliance terhadap kebijakan dan prosedur, (2) Mengevaluasi efektivitas proses dan sistem, (3) Mengidentifikasi risiko dan opportunities untuk improvement, (4) Mendukung leadership dalam governance dan risk management, (5) Memastikan kesesuaian dengan standar industri dan requirement regulasi, dan (6) Mendorong budaya continuous improvement di seluruh organisasi.

Proses audit internal melibatkan perencanaan yang matang, eksekusi yang objektif, dokumentasi yang lengkap, dan follow-up yang ketat untuk memastikan bahwa findings dan recommendations diterima dan diimplementasikan dengan efektif oleh departemen terkait.

SIKLUS INTERNAL AUDIT — PT DIVISTANT TEKNOLOGI INDONESIA 1. Planning Audit plan tahunan Risk-based priority Nov-Des (utk tahun depan) 2. Preparation Notifikasi 2-4 minggu Checklist & criteria Review laporan sebelumnya 3. Execution Doc review, observasi Interview, evidence 1-3 hari per departemen 4. Reporting Findings & evidence Closing conference Report: 15 hari 5. Corrective Action Action plan 7 hari Root cause + PIC Eksekusi 30-90 hari 6. Follow-Up Verifikasi efektivitas Close / extend 30-90 hari setelah CA JENIS AUDIT: Scheduled (1x/thn) Ad-Hoc (trigger) Follow-Up (3-6 bln) Compliance (ISO 9001/27001) RISK-BASED: High Risk → 2x/thn | Medium Risk → 1x/thn | Low Risk → 1x/2 thn FINDING SEVERITY: Critical CA: 1-2 minggu, FU: 30 hari Major CA: 30 hari, FU: 60 hari Minor CA: 60 hari, FU: 90 hari ANNUAL PLAN: Q1: Financial & HR Q2: IT Security & Data Protection Q3: QMS (ISO 9001) Q4: Operations & Client Service

Tujuan Internal Audit

Tujuan Utama

  1. Compliance Assurance

    • Memverifikasi bahwa semua departemen mematuhi kebijakan, prosedur, dan work instructions yang telah ditetapkan
    • Memastikan kepatuhan terhadap peraturan pemerintah dan requirement eksternal (ISO, DPA, client requirements)
    • Mengidentifikasi gap antara actual practice dan prescribed requirements

  2. Effectiveness Evaluation

    • Mengevaluasi apakah proses dan sistem berjalan sesuai dengan design intent
    • Mengukur efisiensi operasional dan resource utilization
    • Menilai apakah control activities efektif dalam mencegah risiko

  3. Risk Identification

    • Mengidentifikasi risiko operasional, financial, compliance, dan security yang mungkin terlewat
    • Mengevaluasi adequacy dari risk management activities
    • Memberikan early warning atas potential issues sebelum menjadi masalah besar

  4. Improvement Opportunity

    • Mengidentifikasi opportunities untuk meningkatkan efisiensi, efektivitas, dan kualitas
    • Benchmarking terhadap best practices industri
    • Mendukung kaizen dan continuous improvement mindset

  5. Governance Support

    • Memberikan independent assurance kepada Leadership dan Board
    • Supporting informed decision-making
    • Membantu Leadership memenuhi tanggung jawab mereka terhadap stakeholder

  6. Performance Measurement

    • Mengukur key performance indicators (KPIs) dari departemen
    • Mengevaluasi achievement terhadap targets dan objectives
    • Mengidentifikasi performance gaps

Jenis-Jenis Audit

1. Scheduled Audit (Planned Internal Audit)

Deskripsi: Audit yang direncanakan dalam audit plan tahunan dengan scope, timing, dan resources yang telah ditetapkan sebelumnya.

Aspek Detail
Frequency Minimal 1x per tahun untuk setiap departemen/fungsi kritis
Advance Notice 2-4 minggu sebelumnya untuk memberikan waktu persiapan
Scope Definition Jelas dan terdokumentasi dalam audit plan
Resource Planning Auditor dan waktu sudah dialokasikan
Duration Tergantung kompleksitas, typically 1-3 hari per departemen
Typical Coverage Quality, Financial, IT Security, Compliance, Operational Effectiveness

Scheduled Audit Plan Examples:

  • Q1: Financial & HR processes
  • Q2: IT Security & Data Protection
  • Q3: Quality Management System (ISO 9001)
  • Q4: Operations & Client Service

2. Ad-Hoc Audit (Unplanned Internal Audit)

Deskripsi: Audit yang dilakukan tanpa perencanaan sebelumnya, biasanya untuk merespons risk atau concerns tertentu.

Aspek Detail
Trigger Events Client complaint, incident, suspected fraud, material control failure, risk alert
Timing Immediate atau dalam 1-2 hari kerja sesuai urgency
Notice Period Minimal, untuk menjaga element of surprise dan test actual practices
Scope Narrowly focused pada area atau proses spesifik
Duration 4-8 jam hingga 2 hari, tergantung complexity

Contoh Ad-Hoc Audit Triggers:

  • High-risk client request atau audit eksternal
  • Incident atau accident report
  • Whistleblower complaint atau allegation
  • Internal control failure atau process breakdown
  • Change dalam sistem atau process major
  • Suspected data breach atau security incident

3. Follow-Up Audit

Deskripsi: Audit yang dilakukan untuk memverifikasi implementation dari corrective actions dari audit sebelumnya.

Aspek Detail
Timing 3-6 bulan setelah audit awal, tergantung seriusnya findings
Scope Fokus pada areas dengan non-conformances atau observations
Objective Verify effectiveness dari corrective actions yang telah diimplementasikan
Duration Lebih singkat dari initial audit, biasanya 4-8 jam
Approval Corrective actions harus sudah di-review dan di-approve oleh department head

Follow-Up Schedule:

  • Critical NC: Follow-up dalam 3 bulan
  • Major NC: Follow-up dalam 6 bulan
  • Minor NC: Follow-up dalam next scheduled audit
  • Observations: Monitor dalam regular interactions

4. Management System Audit (Compliance Audit)

Deskripsi: Comprehensive audit terhadap seluruh management system terhadap standar tertentu (ISO 9001, ISO 27001, dll).

Aspek Detail
Scope Semua aspek dari management system: context, leadership, planning, support, operation, performance, improvement
Frequency Minimal 1x per tahun untuk compliance, dapat lebih sering untuk certification audit
Duration 3-5 hari tergantung kompleksitas organisasi
Expertise Required Auditor bersertifikat dalam standar spesifik
Output Comprehensive report dengan identified non-conformances dan improvement opportunities

Audit Planning dan Preparation

Annual Audit Plan Development

Timeline:

  • November: Leadership dan Internal Audit team mulai develop audit plan untuk tahun berikutnya
  • December: Review dan approve plan, communicasi ke departemen
  • January: Detail planning untuk scheduled audits, allocation resources

Audit Plan harus mencakup:

  • Audit scope dan objectives
  • Departments/areas yang akan diaudit
  • Timing dan duration setiap audit
  • Auditor assignment
  • Audit methodology dan criteria
  • Resource requirements
  • Risk assessment untuk prioritization

Risk-Based Audit Planning:

Kriteria Impact Frequency Audit
High Risk (Critical) Major financial/reputational/compliance impact 2x per tahun
Medium Risk (Important) Moderate impact 1x per tahun
Low Risk (Standard) Minor impact 1x per 2 tahun

Contoh Risk Assessment untuk Scheduling:

  • Financial: High (2x/year) - critical untuk akurasi dan control
  • IT Security: High (2x/year) - critical untuk data protection
  • Quality/ISO 9001: Medium (1x/year) - important untuk compliance
  • HR/People Process: Medium (1x/year) - important untuk retention dan compliance
  • Operations/Client Service: Medium (1x/year) - important untuk customer satisfaction

Pre-Audit Preparation

Oleh Audit Function (2-4 minggu sebelum audit):

  1. Review audit plan dan objectives
  2. Gather information tentang departemen melalui BizOps: processes, procedures, recent changes
  3. Review previous audit reports dan findings
  4. Prepare audit checklist dan interview questions
  5. Brief auditors tentang scope dan expectations
  6. Send formal notification ke departemen (manager dan team)

Oleh Auditee Department (setelah notifikasi):

  1. Prepare documentation: procedures, records, process evidence
  2. Organize departemen dan workspace untuk audit
  3. Identify key personnel untuk interview
  4. Brief team tentang audit purpose dan what to expect
  5. Prepare specific records atau data yang akan diaudit
  6. Document any changes atau issues sejak last audit

Audit Criteria Definition

Audit Criteria adalah standar atau requirements yang digunakan untuk mengevaluasi:

Kategori Criteria Contoh
Regulatory Compliance Undang-Undang PDP No. 27 2022, UU K3, PP 8/2021 Perlindungan Data Pribadi
Industry Standards ISO 9001:2015 QMS, ISO 27001:2022 ISMS
Company Policies HR Policy, Finance Policy, IT Security Policy
Procedures & Work Instructions SOP untuk setiap proses, departmental guidelines
Client Requirements Specific client contracts, service level agreements
Internal Control Framework COSO framework, company internal controls

Auditor Qualifications dan Independence

Auditor Qualifications

Minimum Requirements:

Aspek Requirement Evidence
Education S1 atau sederajat Diploma/Certificate
Experience Minimal 3 tahun di area yang relevan Work history
Audit Training Audit training dan/atau certification Certificate (ISO 19011, Lead Auditor, QMS auditor)
Competency Menunjukkan competency dalam 5 area: (1) Knowledge of audit subject matter, (2) Audit methodology, (3) Systems thinking, (4) Communication skills, (5) Interpersonal skills Assessment/evaluation by audit supervisor
Technical Knowledge Deep understanding tentang standard/requirements yang diaudit Demonstrated through audit performance

Auditor Competency Assessment:

  • Initial assessment sebelum first assignment
  • Annual re-assessment untuk continuing auditors
  • Recorded dalam auditor file
  • Competency gaps addressed through training

Auditor Independence

Independence adalah critical untuk objectivity dan credibility audit:

  1. Organizational Independence:

    • Internal auditor reports to Leadership atau Audit Committee
    • Tidak report ke departemen yang diaudit
    • Memiliki akses langsung ke Leadership untuk escalation

  2. Personal Independence:

    • Auditor tidak mengaudit area mereka sendiri atau area dimana mereka baru pindah
    • Minimal 1 tahun sejak membiarkan suatu area sebelum mengaudit
    • Tidak memiliki direct family member yang bekerja di area yang diaudit
    • Avoid conflict of interest (financial interest, personal relationship)

  3. Functional Independence:

    • Audit function memiliki dedicated resources
    • Audit scope tidak dipengaruhi oleh management di auditee department
    • Auditor tidak menerima instruction dari auditee untuk memodifikasi scope

Conflict of Interest Disclosure:

  • Auditor harus disclose sebelum audit dimulai jika ada potential conflict
  • Reassignment ke auditor lain jika confirmed conflict of interest

Auditor Development dan Certification

Company Support untuk Auditor Development:

  • Training untuk ISO 19011 atau relevant audit standards
  • Lead Auditor Certification support (IRCA, TÜV, etc.)
  • Annual refresher training untuk continuing auditors
  • Conference dan workshop attendance untuk knowledge update
  • Mentoring dari senior auditor untuk new auditors

Certification Maintenance:

  • Lead Auditor Certification harus dipertahankan (some certificates require annual CPD)
  • Competency evaluation tahunan
  • Audit performance monitoring untuk quality assurance

Audit Process Steps (Detailed)

Phase 1: Opening Conference

Purpose: Establish rapport, confirm scope, explain methodology, answer questions

Participants:

  • Lead Auditor
  • Auditee Department Manager
  • Key personnel dari department
  • HR representative (jika relevant)

Agenda:

  1. Introduction dan explanation tujuan audit (10 minutes)
  2. Review scope, timing, dan plan (10 minutes)
  3. Review audit criteria dan standards yang digunakan (10 minutes)
  4. Explain audit methodology dan interview process (10 minutes)
  5. Discuss confidentiality dan non-punitive approach (5 minutes)
  6. Address questions dan concerns (5 minutes)
  7. Walk through department dan introduce audit team (10 minutes)

Documentation: Opening Conference Record ditandatangani oleh peserta

Phase 2: On-Site Audit Execution

Audit Activities:

  1. Document Review

    • Review procedures, policies, work instructions
    • Check compliance dengan latest version
    • Assess adequacy dan clarity
    • Documented dalam audit working papers

  2. Process Observation

    • Observe actual activities yang sedang berjalan
    • Assess compliance dengan procedures
    • Identify potential risks atau inefficiencies
    • Take detailed notes dan photos (dengan permission)

  3. Record Review

    • Sample records dan documents (logs, approvals, data)
    • Check completeness, accuracy, timeliness
    • Verify controls yang telah dikerjakan
    • Random sampling untuk efficiency

  4. Interview dan Enquiry

    • Interview personnel tentang responsibilities, understanding, actual practice
    • Ask open-ended questions untuk encourage dialogue
    • Clarify inconsistencies antara documentation dan actual practice
    • Document key points dari interview

  5. Evidence Gathering

    • Collect evidence untuk support findings
    • Take photos, copies records, note observations
    • Maintain evidence trail untuk traceability

Audit Working Papers:

  • Detailed notes dari setiap activity
  • Evidence references (document location, record number, interview date)
  • Observations dan preliminary findings
  • Photos atau screenshots
  • Auditor signature dan date

Phase 3: Findings Development dan Review

Dari Evidence ke Findings:

  1. Evidence Analysis

    • Organize evidence berdasarkan audit criteria
    • Evaluate completeness dan credibility
    • Cross-reference untuk confirmation

  2. Finding Classification

    • Non-Conformance (NC): Clear violation dari requirement
    • Observation: Potential issue atau improvement opportunity
    • Strength/Positive Finding: Example dari good practice

  3. Root Cause Analysis (untuk NC)

    • Why did this happen?
    • Contributing factors?
    • Was it one-time atau systemic?
    • How long has this been happening?

  4. Internal Review by Audit Team

    • Lead auditor review semua findings
    • Verify evidence adequacy
    • Assess severity accuracy
    • Identify any patterns atau trends

  5. Draft Report Preparation

    • Write up findings dengan clear description
    • Include evidence, location, timing
    • Identify impact atau risk
    • Provide recommendations (if applicable)

Phase 4: Closing Conference

Purpose: Present findings, explain methodology, invite auditee response, discuss next steps

Participants:

  • Audit team
  • Department manager
  • Key personnel
  • HR representative (jika relevant)

Agenda:

  1. Present findings one by one (10-15 minutes)

    • Describe observation dan evidence
    • Explain classification (NC vs Observation)
    • Ask for auditee input atau clarification

  2. Summarize audit results (5 minutes)

    • Number of findings by category
    • Overall assessment
    • Compliance percentage (jika applicable)

  3. Explain next steps (5 minutes)

    • Timeline untuk corrective actions
    • How to submit action plans
    • Follow-up audit process

  4. Address questions dan concerns (10 minutes)

    • Allow auditee untuk ask clarification
    • Respond professionally
    • Remain open untuk discussion

  5. Close conference professionally (5 minutes)

    • Thank for cooperation
    • Remind about improvement focus
    • Confirm next communication

Documentation: Closing Conference Record signed by attendees

Phase 5: Audit Report Issuance

Report Components:

  1. Executive Summary (1-2 pages)

    • Overview of audit
    • Key findings
    • Overall assessment

  2. Findings Section

    • Each finding described clearly
    • Evidence documented
    • Impact dan risk assessed
    • Audit criteria referenced

  3. Recommendations Section

    • Suggested corrective actions
    • Timeline untuk implementation
    • Responsibility assignment

  4. Appendices

    • Audit checklist
    • Interview notes summary
    • Process maps atau documentation reviewed
    • Photos atau evidence attachments

Report Finalization Process:

  1. Draft report prepared by auditor (within 5 days of closing conference)
  2. Internal review by audit supervisor
  3. Sent to auditee untuk factual accuracy review (3 days untuk response)
  4. Incorporate any auditee corrections atau clarifications
  5. Final approval by audit supervisor
  6. Distributed to relevant stakeholders (within 15 days of closing conference)

Report Distribution:

  • Auditee department manager
  • Department head
  • Leadership/Director
  • Legal (jika ada compliance findings)
  • Finance (jika ada financial findings)
  • Audit file (archived)

Corrective Action dan Follow-Up

Corrective Action Process

Timeline:

  • Audit report issued on Day 15
  • Department submits action plan within 7 days (Day 22)
  • Approved action plan by Day 30
  • Execution period: 30-90 days depending on NC severity
  • Follow-up audit: 30-90 days after agreed implementation date

Action Plan Requirements:

Component Description
For Each NC/Observation Address each finding separately
Root Cause Identify why the issue occurred
Corrective Action Specific action to eliminate root cause
Implementation Timeline When action will be completed
Responsible Party Who is accountable for implementation
Evidence of Completion How to verify action has been implemented
Preventive Measures How to prevent recurrence (if applicable)

Example Corrective Action Plan:

Finding: "Access controls tidak adequate untuk file berbasis data pribadi. 5 dari 20 samples tidak memiliki access list yang updated."

Root Cause: Lack of ownership clarity dan reminder process untuk access control updates ketika ada personnel changes.

Corrective Action:

  1. Immediately review dan update all access control lists untuk PII files (by Jan 15)
  2. Implement quarterly access control review process (starting Feb 1)
  3. Create automated reminder untuk manager sebelum employee end date (by Feb 15)
  4. Training untuk all managers tentang access control responsibility (by March 1)

Evidence: Access control list updates, training attendance record, reminder email system

Responsible: IT Manager + HR Manager

Severity Classification

Severity Definition Corrective Action Timeline Follow-Up
Critical Violation yang membawa immediate risk atau non-compliance dengan legal requirement Immediate (1-2 weeks) 30 days
Major Violation yang material terhadap control design atau effectiveness 30 days 60 days
Minor Violation yang isolated atau low impact 60 days 90 days
Observation Improvement opportunity tanpa current non-compliance 90 days Monitor dalam next scheduled audit

Follow-Up Audit

Purpose: Verify yang corrective actions telah diimplementasikan dan effective

Process:

  1. Schedule follow-up audit 3-7 days sebelum target completion date
  2. Review action plan documentation
  3. Verify implementation evidence
  4. Interview personnel untuk assess understanding dan sustainability
  5. Close findings jika adequate evidence provided
  6. Identify residual issues untuk additional corrective actions jika needed
  7. Issue follow-up audit report

Follow-Up Outcomes:

  • Finding Closed: Corrective action proven effective
  • Partially Completed: Some actions done, others still in progress (extend timeline)
  • Not Completed: Action not done (issue formal notice, escalate ke management)
  • Ineffective: Action implemented tetapi tidak menyelesaikan root cause (request revised action plan)

Audit Reporting dan Communication

Audit Report Communication Strategy

Multi-Level Reporting:

Level Content Frequency
Department Level Individual audit reports, findings, corrective action status After each audit
Leadership Level Summary of all audits, trends, risk assessment, recommendations Monthly/Quarterly
Board Level High-level summary, critical issues, overall compliance status Quarterly/Annually

Trend Analysis dan Management Reporting

Quarterly Audit Summary Report mencakup:

  1. Number of audits conducted (scheduled vs ad-hoc)
  2. Finding summary by category (NC vs Observation)
  3. Finding distribution by department dan process
  4. Repeat findings (indication dari ineffective corrective actions)
  5. Corrective action completion rate
  6. Key trends dan patterns
  7. Risk assessment dan recommendations
  8. Audit schedule untuk upcoming quarter

Annual Management Report mencakup:

  1. Comprehensive audit program execution
  2. Finding trends year-over-year
  3. Systemic issues atau repeat findings
  4. Departments dengan good compliance vs challenges
  5. Key improvement areas for next year
  6. Resource requirements untuk audit function
  7. Recommendations untuk organizational improvement

Confidentiality dan Data Security

Audit reports contain sensitive information:

  • Limit distribution ke management dan relevant stakeholders only
  • Store audit reports securely di BizOps Drive (encrypted, access controlled)
  • Delete atau destroy old reports sesuai retention policy
  • Confidentiality agreement untuk external auditors
  • No public disclosure tanpa approval dari leadership

Training & Awareness

Aktivitas Frekuensi Sasaran Durasi Medium
Audit Awareness Training Annual Semua karyawan 30 menit BizOps LMS/Workshop
Departmental Pre-Audit Briefing Per audit Department yang akan diaudit 30 menit Meeting
Auditor Initial Training Before first assignment New auditors 3-5 hari Training + mentoring
Auditor Refresher & Development Annual All internal auditors 16 jam/year Workshop/Conference
Manager Audit Readiness Before departmental audit Department managers 1 jam Meeting
Corrective Action Workshop Biannual Managers dengan NC 1.5 hours Workshop
Process Improvement Workshop Annual Relevant departments 2 hours Workshop

Kebijakan Terkait

  • Kebijakan Quality Management System (ISO 9001)
  • Kebijakan Information Security Management System (ISO 27001)
  • Kebijakan Risk Management dan Assessment
  • Kebijakan Data Protection dan Confidentiality
  • Kebijakan Document dan Record Management
  • Kebijakan Compliance dan Regulatory Adherence
  • Kebijakan Incident Management dan Reporting
  • Kebijakan Continuous Improvement (Kaizen)

Kontak

Fungsi Nama/Departemen Email Telepon
Internal Audit Lead / Coordinator Leadership/Compliance audit@divistant.co.id ext. 100
Head of Compliance & Legal Legal & Compliance legal@divistant.co.id ext. 103
Internal Auditor (Primary) Audit Function [auditor@divistant.co.id] ext. 104
Risk & Compliance Officer Leadership risk@divistant.co.id ext. 105
Department Manager (for coordination) Your Department [manager@divistant.co.id] ext. [manager]
Last updated 3 months ago
Was this helpful?
Thanks!