System Analysis in Developing an Effective Government Internal Audit System

— Units of Government Internal Audit (GIA) play a significant role in developing a system of good governance. They contribute to the improvement of public services delivery and the welfare of society. But some current governance issues in Indonesia, such as corruption, accountability and performance problems, raise questions concerning the effectiveness of Indonesia’s GIA units. The complexity of these issues requires cybernetic study to find holistic and effective solutions. The objective of this study is to examine the effectiveness of government internal audit systems in order to enhance the professionalism of government internal auditors and the maturity of the management processes that they audit. This research was based on qualitative approaches with systems methodology. The instruments used during the research were regulatory analysis, survey, and in-depth interviews. The survey involved 205 Chief Audit Executives (CAE) of Government Internal Supervisory Apparatus (GISA) in national government and regional governments, and was conducted on-line or on paper. The survey was complemented by in-depth interview with 24 (twenty four) senior stakeholders representing practitioners (the CAE of GISA units), internal users (governors, mayors, heads of regional planning agencies), external users (Indonesia’s Supreme Audit Board, SAB), regulators, and associations of professional internal auditors, both private sector (IIA) and public sector (AAIPI). The research found that the effort of enhancing the role of the GIA units should be seen holistically. The improvement of the role of GIA units related to the stakeholders, including management line of the organization, the SAB, professional associations, regulators, and law enforcement officials as well as other factors. The arrangement of the internal audit system could allow the government auditors to improve their professionalism and help line management to mature their management processes. The emerging strategic issues needed to build an effective internal audit system are the improvement of independence and objectivity of the auditors, a relationship with relevant stakeholders regulation and harmonization of regulation for the internal audit system.


I. INTRODUCTION
The current condition of the practice of governance in Indonesia is not good. This can be seen from the problems of fraud and corruption, and problems related to governance, including provision of public services, financial accountability, and ease of doing business. According to the 2014 Indonesia Governance Index (IGI) survey regional governance only scored 6.85 out of 10 points. The National Integrity Survey, conducted by the anti-corruption commission KPK in 2014 indicated that the quality index of public service delivered by the central government was only 7.22 (it was aimed to reach 8.00 in 2014). The quality of local government's financial reports (LKPD) also tells the same story. There were only 251 out of 501 local government financial reports which achieved unqualified opinion in 2014. Similarly, reporting of performance accountability (LAKIP) was inadequate. In 2013, the ministry for administrative reform reported that only 153 of 451 regional governments evaluated (33.92%) were classified as having performance accountability reports classified as "accountable" with an average score of 43.788. The average score in 2015 was 60.47 for the local government, and only 65.82 for ministries and other central government institutions.
Internal Audit is one of the elements which contributes most to the implementation of governance [1]. This is consistent with the statement [2] that the effectiveness of the GIA is important in order to establish good governance and also with the scope of internal audit defined by the Institute of Internal Auditors Research Foundation [3], where internal audit activity is expected to improve the effectiveness of risk management, control and governance of an organization.
The role of internal audit in an organization is assurance, compliance and consulting services, which contribute to good governance practices [1], [4], [5]. It focuses on internal control and risk management [4], [5], [6], [7], [8], [9]. In the context of fraud prevention, the role of internal audit was also discussed in Law [10] and Salameh [11] who stated that effective internal audit can prevent the occurrence of fraud.
Tusek et. al. [12] stated that the purpose of internal audit in an organization is to improve the quality of risk management.
The most important factor of internal audit activities in adding value to the organization is the independence and objectivity [6]. Barac et al. [7] discussed several approaches through which internal audit contributes value to an organization, e.g., organizational status, staff, work environment, implementation of recommendations, risk assessment, provided service/activities, and performance measurement. Mihret et al. [8] state that the main factors that construct the attributes of value-adding IA department are the goal of the organization, strategies, and the level of risk that the organization is facing. Furthermore, it is important for internal audit unit to change its paradigm so that it doesn't focus merely on compliance audit but also in activities to achieve organization's goals. Dixon and Singer [9] stressed strategic values in relation to meeting the needs of stakeholders, aligning the goals of internal audit and organization's goals, and the role of internal audit in risk management.
The problems related to effectiveness of internal audit function need proper research, considering the current inadequacy of internal audit practice in Indonesia's government sector. The problems are indicated by these following conditions: (1) the capability of GIA units is still at level 1 as assessed by Indonesia's national government GIA, BPKP, using the Internal Audit Capability Model (IACM) in 2011 on a scale of 1 to 5, while it is targeted to reach level 3 by 2019, and (2) the quality of monitoring and regulation of internal audit system in 2013 is still rated inadequate by the Supreme Audit Board (SAB) Based on the problems cited above and the complex parameters to establish an effective internal audit system, it is necessary to conduct research into the building an effective government internal audit system in order to enhance the professionalism of government internal auditors and the maturity of management processes that they audit. The problem statement of this research is thus "the government internal audit system has not been effective, thereby affecting the level of auditors' professionalism and maturity of the management they audit".
Considering the background and value gap as described above, this research will focus on answering the research question of how to build an effective government internal audit system in order to improve auditors' professionalism and maturity of the management they audit. The purpose of this research is to establish an effective government internal audit system to add value in realizing good governance in government in Indonesia. This research substantially refers to control theory [13] and institutional theory [14], whereas the methodology is based on system theory [15], [16]. The scope of research covers internal audit activity, administration, and governance which can be further described as follows: (1) internal audit is the activity of independent and objective assurance and consultancy designed to add value and improve an organization's operations, and (2) the internal audit unit in Indonesian public sector (government sector) is commonly called the Government Internal Supervisory Apparatus (GISA).

II. METHODOLOGY
This is a qualitative research using a systems methodology approach for management sciences [15]. The instruments used during the research were literature study, regulatory analysis, survey, and in-depth interviews. The survey involved 205 Chief Audit Executives (CAE) from the national government and regions, and was conducted on line or on paper. The survey also used in depth interviews with 24 senior stakeholders representing practitioners (the CAE of GISA Unit), internal users (governor, mayor, head of regional planning agency), external users (SAB), regulators, and associations of professional internal auditors, both private sector (IIA) and public sector (AAIPI).  Given that the GIA is based on several diverse regulations, this research focuses on building an understanding of the role of GIA as regulated and analyzing several important issues related to policy implementation. In the analysis of , where We = weight e, and e = 1,2,….. k for e=1,2,……. k Where ej = objective by expert j N = Amount of experts change factors and priorities, this research aimed to obtain opinions, conditions, sentiments or perceptions from leaders of internal audit units in the public sector (inspectorates general of central government, inspectorates of regional governments, and BPKP provincial representative offices) in terms of designing a strategy to establish an internal audit system in public sector which will enhance effectiveness and value for the management. Factor and priority analysis was done by analyzing the work criteria decision using Eckenrode Method [17] whereas the analysis of the results of in-depth interview was carried out using thematic analysis.
In assessing the needs, the researchers conducted in-depth interviews in the period of October 2015 to December 2015 with 24 respondents representing practitioners, internal users of audits, external users, a regulator, and professional associations ( Table 2).

A. Regulation Analysis
One of the main factors in the effectiveness of internal audit in public sector is sufficient regulatory mandate [18], [19], [20], [21]. Several countries have already drawn up laws on internal audit in public sector, for example Ghana [20], most countries of Europe Union [22], including Romania [24], Sweden, and Holland, and USA [19].
The absence of a single regulation on internal audit for the Indonesian public sector calls for analysis of 14 relevant regulations with result as follows: 1) The concepts of supervision, internal supervision and control. There is a lack of harmony across regulations in understanding of the concepts of supervision, internal supervision and control. Government Regulation 7/2015 on the organizations of ministries states that the role of Inspectorate General is conducting the internal supervision of its ministry, whereas Law 39/2008 on state ministries uses the term supervision for the same thing. In regards with duties of internal audit regulated in the aforementioned legislation, there is a lack of alignment of the concepts and regulated practice of control or supervision as management function and control or supervision by internal audit. From a theory of management perspective, where the functions of management are planning, organizing, actuating, controlling, there is a similar meaning between supervision and control. Sawyer (13) explained that the definition of internal audit is evaluating risk management, control, and governance. In this context of control, management is required to establish risk management, internal control, and governance, which in turn will be evaluated by internal audit unit. Likewise, the definition of internal control stated in Government Regulation 60/2008 on the internal control system of government is not in fully accordance with the definition used by IIA, which is to evaluate the effectiveness of governance, risk, and control.
2) Scope of control. Presidential Regulation 7/2015 states the duty of inspectorate (the GISA) is to conduct internal supervision, whereas Law 23/2014 on regional government states its duty to conduct general and technical supervision. It is implied that control or supervision is within the scope of duty of internal audit units, without distinction from control as a function of management. Furthermore, Law 23/2014, in article 378, states that governors as the representative of central government in their regions are to conduct general and technical supervision on regency and city governments, although the meaning of the article is to be further elaborated in an implementing regulation on the role of governors as the representative of central government. There is a considerable gap between the regulation of controls and the implementation of supervision of local governments. Improvement of supervision is defined as a macro program in Presidential Regulation 81/2010 on the grand design of bureaucratic reform where the desired outcome is improved implementation of governance free of corruption, collusion and nepotism 3) The independence of GIA. As mentioned in the literature review, one of the major factors which support the effectiveness of internal audit is the independence of auditors (18); (19); (22). Their independence has been accommodated in Government Regulation 60/2008, where article 56 states that GISA should be independent and objective in carrying out their duties. However, there are conflicts and inconsistencies in the existing rules that obscure the nature of their independence, especially in regional government where the GISA (inspectorate) is placed under and responsible to the elected head of region, but through the regional secretary.

4)
The synergy and coordination with the law enforcement authorities. Law 23/2014 also states in article 385 (2) that law enforcement authorities conduct an examination of complaints submitted to them by the public after first coordinating with GISA. This regulation is not yet operational as the coordination mechanism is yet to be regulated. The conclusions drawn from this regulation analysis are: (1) regulation of GISA is spread over several pieces of legislation; (2) the lack of clarity, lack of harmony, inconsistencies, and potential for conflict both in the legislation and in the concepts of best practices on (a) the concept of internal audit, oversight, internal monitoring and control, (b) scope of internal audit activity, (c) the authorities in charge of carrying out internal audit function, and (d) the independence of auditors. (3) Some regulations are not yet operational, especially in terms of coordination with Law Enforcement Authorities. Some possible causes to those problems above are: (1) policy makers do not comprehend the international-recognized concept of the role of GIA, (2) low level of management maturity within Indonesian government institutions, in particular for running internal control activities, where the national medium term development plan for 2015-2019 still sets a target for the maturity to achieve level 3 in 2019, and (3) the lack of commitment and support of stakeholders. The inconsistencies among regulations will affect the performance of GISA units negatively.

B. Situational Analysis
1) Factors and change priority. Of 205 returned questionnaires, 59 or 28.8% were internal audit practitioners in national units and 146 or 71.2% were practitioners in regions. This reflects the larger number of regions. In total, there are 550 regional government units and 80 units in national government. In terms of age, experience and education, the leaders of GISA showed maturity, with 80.2% of the respondents in the age range of 40 to 60 years, and 65.7% with working experience in GISA for more than 4 years. All respondents had academic credentials, with a composition of 1.8% doctoral degree, 60.5% master degree, and 37.7% bachelor degree. Only 25 % has professional certification from the professional association. Using the Eckenrode Method, the result showed human resources and regulation as the aspects where change was most necessary. The score calculation placed the two aspects in the highest priorities by only a small difference. In sequential order, the priorities were: (1) human resource; (2) regulation; (3) governance; (4) management; (5) stakeholders; (6) infrastructure; (7) service; and (8) politics.  Human resources became the top priority for change even though 50% to 60% of respondents answered "strongly agree" and "agree" that human resource factors were sufficient. This result indicates human resources are a significant area for improvement, reflecting the importance of human resources for internal audit. It supports prior research which postulated the importance of competency skill [5], [19], [25], [26], [27] along with independence and objectivity [6], [18]. The power of internal audit organization as a professional bureaucracy is in its professional human resources.
IIA [28] discussed several criteria to evaluate the quality of a professions such as service to public, long specialized training, examination to test entrants, knowledge, subscription to a code of ethics, professional standards and quality review/peer review process, memberships in association and attendance at meetings and publication of journals and upgrading practices.
Regulation was the second priority for change to be made even though the 50% to 60% of respondents stated they 'strongly agree' and 'agree' that regulations are sufficient. However, 83% responded with 'strongly agree' and 'agree' to the statement that government should draw up a law on internal audit in public sector. Such area of improvement and considering the importance of regulation drove respondent's opinion that change should be made on regulation aspect. Areas of improvement in regulations were shown in factors such as harmony, regulation of work units, and regulatory consistency. The priority given to regulation in carrying out the role of internal audit supports prior research [18]; [19]. Governance came up as the third priority, which agrees with researches on the importance of independence of internal audit [6], [7], [18], [19], [29] and sufficiency of resources, especially funding [18], [19], [27]. Area of improvement appeared in factors where the number of responses with 'neutral', 'disagree', and 'strongly disagree' were high, such as the independent position, performancebased budgeting, and autonomy over GISA budgeting.
The fourth priority was management, which agrees with prior research especially on conformity with strategy [5], [8], [9], [30] and professionalism manifested in standards and codes of ethics [18], [29]. Areas of improvement indicated by the survey included guidance and peer review, the implementation of code of ethics, and conformity with strategy.
In the fifth priority, stakeholders, areas for improvement included risk management, internal control system in public sector, and high quality human resources. Areas of improvement in infrastructure, the sixth priority, were control technology, facilities and infrastructure and funding.
In the seventh priority, services of internal audit, covering both assurance and consultancy activities, areas for improvement were performance and problem solving. This result showed that GISA have moved focus from mere compliance to performance and provision of consultancy services, consistent with prior studies by [7], [31], [27], [32], [19].
In the eight priority, politics, room of improvement was found in funding support and regulation reform and utilization of supervision findings. The role of the legislative was considered important, especially in budgeting and regulation.
In conclusion, respondents generally answered that all aspects of internal audit were compliant and regulations were being implemented, but there were still rooms for improvement to support GISA to perform effectively. Aspects where change should be made, in order of priority, were (1) human resources, (2) regulation, (3) governance, (4) management, (5) stakeholders, (6) infrastructure, (7) service, (8) politics.
2) Needs Analysis. Based on thematic analysis of the respondents' answers, it can be argued that the role of the internal auditor is to ensure the achievement of performance and financial objectives efficiently, effectively, and economically (3 E) and free of corruption. The emphasis was mainly on achievement of goals set in medium term development plans and finding solutions to problems. This is in line with IIA and Government Regulation 60/2008, where internal audit is defined as activities of assessing the effectiveness of governance, risk and control. Interviewees stressed that services provided by internal auditors, such as assurance and consulting activities, should remain objective.
There is a paradigm shift in internal auditing. Internal auditors should no longer seen as watchdogs, but more as problem preventers. Prevention activities can be in form of coaching, dissemination, monitoring, and de-bottlenecking. Thus, internal auditors are supposed to be treated as partners and thus not to be feared. The paradigm shift still needs to be internalized in GISA and understood by stakeholders.
3) Strategic Themes. Respondents' criticism of current practices can be classified by theme. Different groups of respondents emphasized different themes, as follows: (i) Practitioners suggested that human resources, independence, stakeholders' support, as well as the maturity of management are where concerns should be. (ii) Internal users put more concern on initiating and developing management maturity as well as internal auditing acting as an early warning system or preventive mechanism, recognizing the need to improve human resources to improve the quality of supervision. (iii) The regulators emphasized independence, professionalism of human resources, and the quality business processes. (iv) External users (that is, the SAB) suggest that the quality of supervision still needs significant improvement overall, as the quality of internal auditors needs to meet the same standard as for external auditors. They also suggest there is an issue with the concept of supervision, internal supervision, and control. (v) Professional associations suggest that GISA should adopt the standards of the profession. Overall, summarizing the analysis of the respondents' answers on change priorities, it can be argued that: (i) Auditor professionalism. The professionalism of auditors is the main priority where change is needed, by continuous professional development and setting of professional standards. Interviewees also referred to quantity. As many as 46,000 auditors are currently required, but there is only around 13.040 available. As in other professional organizations, the strength of internal audit professional organization lies in the auditors themselves. (ii) Independence and objectivity. Similarly, auditors' independence was a main issue that needs to be explored and resolved. It can be said that Lack of independence in the institutional arrangements of internal audit units can lead to difficulties and ineffectiveness in carrying out internal audit functions. This matches the problem identified in the regulatory analysis, as the position of the internal auditors is defined in the regulations. (iii) Stakeholders' support is important because stakeholders are the end users of internal audit services. Stakeholders' support is needed in order to refine audit services to assure better utilization of audit results, and improve utilization of audit resources. (iv). Management maturity affects stakeholders' support to internal audit function and strengthen the first and second line of defenses in three lines of defense concept. Line managers as risk owners need maturity in governance, risk, and control,. The condition where internal audit is overloaded is most likely due to low maturity of management of the organization. The quality assurance function of internal audit runs best when it helps to drive the maturing of management.

C. Strategic issues
Based on in-depth interview analysis and considering the regulatory analysis as well as the situational analysis summarized in the strategic themes above reveal some strategic issues on the role of government internal auditors, as follows:

1) Professionalism of government internal auditors.
GISA are professional organizations. Thus, it is required that they be managed professionally [18], [32], [33], [34], [36] according to standards applied to the profession. High level of professionalism will provide high quality services as demanded by stakeholders. By the establishment of AAIPI in 2012, the steps towards professional government internal auditor had been started.
2) Independency and objectivity. In providing services, internal auditors have to be objective and [6], [36], [37]. The independency of internal audit function organizationally is made by establishing internal audit unit with proper reporting level which enable internal audit unit to carry out its responsibilities. Objectivity is a state where auditors are unbiased and avoiding conflict of interests.
3) Stakeholders' support. The support from stakeholders is a strategic issue because internal audit units act as the eyes and the ears of organization leaders. Strong support from management can be given in form of resources, freedom of access to information needed to conduct a proper audit, and by the use of results of supervision [27], [36], [37]. Thus, the existence of government internal auditor is not merely to comply with the regulations, but more because it is really needed. And in order to be needed, GISA has to be professional in order to assure that their services meet the stakeholders' demands.

4)
Maturity of management. Risk management, internal control, and improved governance processes are important signs of the maturity of management. This is in line with the concept of three lines of defense. GIA as the third line of defense in Indonesian government organizations has to assure that the first and second line of defense run well. In that condition, all the three lines of defense should be strong and should work properly. An organization should not rely on the third line only. In the national medium term development plan for 2015-2019, it is stated that management capability should meet level 3 by 2019 by implementing the government internal control system (which reflects the maturity of management, by describing the state of risk management, internal controls, and governance process.

5) Regulations related to GISA and their harmony.
Regulation is a strategic issue due to difficulties in harmonizing the regulations currently in place [19], 36]. Consistent regulations and common understanding from stakeholders upon the role of internal audit unit are highly needed.

IV. CONCLUSIONS
The existence of GIA units is important in order to promote better government governance in Indonesia which in the end will help provide better public services and social welfare. In the national medium term development plan 2015-2019, the government of Indonesia has set a target for management maturity should be at level 3 with the building of capability of an internal control system.
One of the problems in governance in Indonesia is the ineffective role of GIA in government institutions, so they are not yet adding significant value to them.
Efforts to overcome this problem are carried out through (1) bureaucratic reform which places internal audit as a driver of change, (2) improvement of supervision of financial accountability and performance of government institutions, (3) establishment of a professional association of government internal auditors in Indonesia which is expected to promote professionalism.
The improvement of GISA's role can't be achieved with a reductionist approach; it has to be done holistically. Efforts to improve the role of GIA are associated with other stakeholders, namely management where each GIA unit is located, the external auditor (SAB), professional association, regulators, and law enforcement authorities. Structuring a GIA system is believed will provide a breakthrough in improving the professionalism of auditors and management maturity of the organization they work for. Strategic issues which act as leverages to boost the improvement of GISA's role are as follows: professionalism; independence and objectivity; stakeholder support; level of management maturity; improved regulation and harmonization between regulations on internal audit. Thus, Indonesia's GIA system requires an effective institutional and management model.