Risk Management and Internal Control - Bank Sentral Republik Indonesia
Sign In
October 20, 2020


In implementing its duties and authorities, Bank Indonesia shall face risks that are potentially increasing and complex due to the dynamics of the development and demand, both internally and externally. Therefore, it requires a comprehensive and integrated risk management with the strengthening in the aspect of internal control.

The implementation of risk management shall be conducted by referring to the best international best practices divided in three (3) categories. First, risk management of first line of defense conducted by the working unit implementing business process. Second, risk management of second line of defense conducted by the working unit which has the risk management function and independent from the work unit conducting business process. Third, risk management of third line of defense conducted by the working unit implementing the function of internal audit to ensure the activities of risk management are performed effectively.


With the availability of this risk management in three phases, it is expected that the process of duty implementation of Bank Indonesia, in particular in decision making can be conducted by observing the aspects of prudentiality, good governance principle, and obtaining optimum result toward the performance, finance and credibility of policy.

Based on the above framework, the internal audit has the important role in the quality assurance to the overall work process in Bank Indonesia. The scope of internal audit function includes the implementation of internal audit and consultation through the provision of opinion and recommendation toward the process of governance, risk management, and Controlling.

The implementation of internal audit function of Bank Indonesia shall use the methodology of Risk Based Internal Audit. The high the audit target risk, the higher the frequency of internal audit implementation. The work process with high risk shall be audited every year, whereas the work process with medium risk and low risk shall be audited in a longer time span, namely once in 2 or 3 years.

Show Left Panel