ICOFR and PER-2: Strengthening Transparency and Accountability in SOEs

Read Time: 10 minutes

Internal Control over Financial Reporting (ICOFR) plays a crucial role in ensuring the integrity and reliability of a company’s financial reports. Globally, ICOFR is regulated under frameworks such as the Sarbanes-Oxley Act (SOX) in the United States. In Indonesia, its implementation is guided by various regulations from the Financial Services Authority (OJK) and government directives on the governance of State-Owned Enterprises (SOEs). 

 

ICOFR in Indonesia’s SOEs 

In the Indonesian context, ICOFR aligns with Good Corporate Governance (GCG) principles, emphasizing transparency and accountability. This approach is further reinforced by Ministerial Regulation No. PER-2/MBU/02/2023 (PER-2), which provides guidelines on governance and significant corporate activities for SOEs. 

The objectives of ICOFR implementation in SOEs include: 

  • Ensuring financial statements are reliable and free from material misstatements. 
  • Defining roles and responsibilities clearly to enhance operational efficiency. 
  • Strengthening corporate credibility and ensuring compliance with financial reporting regulations. 

 

Stages of ICOFR Implementation 

A systematic and structured approach is essential for effective ICOFR implementation. Below are the key stages: 

Stage 

Details 

1. Design 
  • Define the scope.Identify risks and controls.
  • Document business processes and control designs.
  • Validate control designs. 

2. Implementation and Monitoring 
  • Update Business Process Mapping (BPM).
  • Develop a Risk Control Matrix (RCM).
  • Conduct Control Self-Assessments (CSA). 

3. Evaluation 
  • Perform Test of Design Effectiveness (TOD).
  • Conduct Test of Operating Effectiveness (TOE). 

4. Remediation 
  • Address control deficiencies.
  • Reassess remediation results. 

5. Management Assessment Report 
  • Classify deficiencies: Control Deficiency, Significant Deficiency, and Material Weakness.
  • Prepare a management assessment report. 

6. ICOFR Assurance by External Experts 
  • Perform third-party assessments to validate implementation effectiveness. 

 

The Three Lines of Governance 

SOEs are required to adopt the Three Lines Model for risk governance: 

  • First Line: Business units as risk owners. 
  • Second Line: Risk management function. 
  • Third Line: Internal audit function. 

Additionally, GCG evaluation includes assessing the quality and performance of internal oversight. Appointing independent external quality assessors to review the Internal Audit Unit (SPI) at least once every three years is a critical requirement. 

 

Simplify ICOFR Implementation with Compozer

Compozer offers an integrated and modular platform designed to streamline ICOFR implementation. Equipped with an up-to-date library for risk controls, regulatory requirements (such as BI/OJK), and international standards (such as ISO and COBIT), Compozer leverages automation to improve productivity and simplify complex processes. 

Contact our ICOFR experts for more information at discover@compozer.com.sg.