Evaluation of Internal Audit Role as a Governance, Risk and Compliance Partner, Trusted Advisor and Value Driver to Implement Strategy ( Case Study of Indonesia’s Social Health Insurance Provider

This study aims to evaluate the alignment of the scope of internal audit activities with the strategy of Indonesia’s Social Health Insurance Provider (BPJS Kesehatan ). The perception of the added value provided by the internal audit is often described as hazy and enigmatic. Therefore, Eulerich and Lenz (2020) defined the internal audit role into three scopes: Governance, risk and compliance (GRC) partner, trusted advisor and value driver. This qualitative research uses a case study method by collecting internal organisational documents, questionnaire surveys and interviews. The results show that BPJS Kesehatan’s internal audit can act as both a GRC partner and a trusted advisor. However, its internal audit activity is not prepared and aligned with the implementation of the organisation’s strategy. The internal audit function is nevertheless moving towards aspects in which it may add more value to the success of the organisation’s strategy


INTRODUCTION
The COVID-19 pandemic had a significant impact on Indonesian society, especially the health sector.

Principles of Governing Body
The governing body delegates its authority to management and establishes an internal auditor to achieve organisational goals. The larger the organisation, the wider the delegation of management; additional hierarchical levels can also be applied (Eulerich, 2021).

Management Principles and the First and Second Lines
The first-and second-line roles can work separately or be blended as

Third Line Principle
The third line function provides objective and independent assurance. According to Deloitte (2020b), the third line must assess whether the first and second lines are operating effectively.

Third-line Independence Principle
The third line must carry out its duties objectively and independently. According to IPPF standard 1100, this independence is reflected in its accountability to the governing body, unlimited access to resources and data needs and freedom from intervention from other parties.

Value Creation Principle
Anderson, Head, and Ramamoorti

Agency Theory
Agency theory arises based on potential differences in interests between the owners of capital (principals) and management (agents).

Scope of Internal Audit Role
Stakeholder satisfaction is one of the main challenges of internal audits. Therefore, it is important to understand the expectations of each stakeholder. Eulerich and Lenz (2020) introduced the following new concepts for the internal audit role based on value proposition:

Internal Audit as a GRC Partner
The core task of a GRC partner is to focus on the protection of value as opposed to the creation of additional value. An internal auditor thus provides assurance that all the controls required by an organisation exist and are operating properly.

Internal Audit as Trusted Advisor
As a trusted advisor, an internal auditor strives to improve the efficiency and effectiveness of the organization. In addition, the IAF seeks to develop modern audit activities or approaches. It also considers improvements to business processes and structures to ensure they run optimally through, for example, continuous auditing or automation.

Strategy-related Audit
According to Sawyer and Sawyer (2019)

Research Design
The data/information used in this study were obtained based on primary and secondary data. The primary data were derived from questionnaires and interviews.  Always trying to be one step ahead (observation) Source: Processed Data (2022) insurance and the only such provider in Indonesia (Ramadhan, 2020).

Activities
The IAF activities at BPJS Kesehatan in 2021 can be broadly divided into audit and non-audit activities, as follows:

Routine Audit
As stated in the 2021 Annual Work

Investigative Audit
An investigative audit is carried out to identify and examine the information and facts to reveal incidents of violation outlined in the report.

Consultancy
This activity provides advice on improving the implementation of the organisation's operational activities by requesting the unit or work unit.

Workshop Speaker Request
This provides knowledge and experience related to certain aspects in the implementation of activities running in the organisation.

Results of External Supervision
This activity ensures that the IAF has followed up on the recommendations delivered by external supervision.

External Audit Assistance
External audit assistance is provided by a public accountant consultant.

Strengthening the Internal Control Function
These activities include a review of guidelines and follow-up on quality assurance.

Development of Inspection Tools
This activity is one of the efforts undertaken by the IAF to provide internal audit best practices.

Planning and Evaluation of Work Programmes
Work programme planning and evaluation activities are carried out twice a year, in July and December.

Competency Improvement
Competency improvement activities are obligatory for IAF employees to maintain technical quality and the internal audit profession.