Audit Risk Assessment Template for Indonesia
Generate a bespoke document
What is a Audit Risk Assessment?
The Audit Risk Assessment document is a critical component of the audit planning process in Indonesia, required under both local regulations and international auditing standards. This document is typically prepared at the initial phase of an audit engagement to identify, evaluate, and document potential risks that could affect the financial statements or audit opinion. The assessment must comply with Indonesian regulatory requirements, including those set by OJK and IAPI, while following the framework established in Indonesian Standards on Auditing (SPAP). The Audit Risk Assessment helps determine the audit strategy, resource allocation, and specific procedures needed to address identified risks. It includes evaluation of the client's business environment, internal control systems, previous audit findings, and industry-specific considerations. This document serves as a foundation for developing an effective and efficient audit approach while maintaining compliance with Indonesian audit regulations and professional standards.
Frequently Asked Questions
Is an Audit Risk Assessment legally required under Indonesian law?
Yes, Audit Risk Assessment is mandatory under Indonesian law, specifically required by Law No. 5 of 2011 on Public Accountants and Indonesian Standards on Auditing (SPAP). Public accountants must prepare this document as part of audit planning to comply with professional standards and regulatory requirements from OJK.
Do I need a certified public accountant to prepare an Audit Risk Assessment in Indonesia?
Yes, under Law No. 5 of 2011, only licensed public accountants (Akuntan Publik) registered with the Ministry of Finance can legally prepare and sign Audit Risk Assessments. The assessment must be conducted by someone with proper certification and understanding of Indonesian auditing standards (SPAP).
Can OJK reject my audit if the Risk Assessment is incomplete or missing?
Yes, OJK can reject audit reports and impose sanctions if the Audit Risk Assessment is incomplete or missing. This violates Indonesian Standards on Auditing (SPAP) requirements and can result in professional disciplinary action against the public accountant, including license suspension or revocation.
How does Indonesian SPAP differ from international auditing standards for risk assessment?
Indonesian SPAP incorporates international standards but includes specific local requirements such as compliance with Indonesian Financial Accounting Standards (PSAK) and additional OJK regulatory considerations. The assessment must also address Indonesia-specific business risks and regulatory environments that may not exist in international frameworks.
How is Audit Risk Assessment different from Internal Control Evaluation in Indonesia?
While both documents assess controls, Audit Risk Assessment is broader and evaluates all risks affecting audit opinions including business risks, fraud risks, and compliance risks. Internal Control Evaluation focuses specifically on operational controls and is often a component within the broader risk assessment framework required by SPAP.
How long does it typically take to complete an Audit Risk Assessment for Indonesian companies?
For most Indonesian companies, completing an Audit Risk Assessment takes 2-4 weeks depending on company size and complexity. This includes client interviews, documentation review, control testing, and compliance verification with SPAP requirements and local regulations.
Can foreign auditors conduct risk assessments for Indonesian subsidiaries without local licensing?
No, under Law No. 5 of 2011, foreign auditors must partner with Indonesian-licensed public accountants or obtain local licensing to conduct audits and risk assessments. Only certified Indonesian public accountants can sign off on audit risk assessments for Indonesian entities.
Which common mistakes invalidate Audit Risk Assessments under Indonesian regulations?
Common invalidating mistakes include failing to assess fraud risks as required by SPAP, not evaluating compliance with Indonesian Financial Accounting Standards (PSAK), inadequate documentation of risk responses, and missing signatures from licensed Indonesian public accountants. These errors can lead to audit rejection by regulators.
About the Audit Risk Assessment
An Audit Risk Assessment is a fundamental document in Indonesia's audit framework that systematically identifies, evaluates, and documents risks that could materially affect financial statements or audit opinions. Under Indonesian law, this assessment is mandatory for all audit engagements and must be prepared during the initial planning phase to ensure compliance with local regulations and professional standards.
When do you need this document?
You need an Audit Risk Assessment at the beginning of every audit engagement in Indonesia, whether for public companies, financial institutions, or private entities. This document is required when conducting initial audits of new clients, annual recurring audits, or special purpose audits. Financial institutions must prepare enhanced risk assessments under OJK regulations, particularly for systemically important banks and non-bank financial institutions. The assessment is also necessary when there are significant changes in the client's business model, management structure, or operating environment that could affect audit risk levels.
Key legal considerations
Your Audit Risk Assessment must address several critical areas under Indonesian auditing standards. The document should evaluate inherent risks specific to the client's industry and business model, assess control risks related to internal control effectiveness, and determine detection risks based on planned audit procedures. You must document material weaknesses in internal controls, related party transactions that could present risks, and any fraud indicators discovered during preliminary assessments. The assessment should also consider management override risks, revenue recognition complexities, and IT control environments. Under Indonesian Standards on Auditing, you must maintain professional skepticism throughout the risk assessment process and ensure adequate documentation of risk evaluation procedures and conclusions.
Legal requirements in Indonesia
Indonesian law mandates specific requirements for audit risk assessments under Law No. 5 of 2011 on Public Accountants and supporting regulations. Your assessment must comply with Indonesian Standards on Auditing (SPAP) issued by IAPI, which align with international standards but include local modifications. OJK Regulation No. 13/POJK.03/2017 requires enhanced risk assessment procedures for financial services entities, including stress testing scenarios and regulatory compliance evaluations. Government Regulation No. 20 of 2015 mandates quality control procedures throughout the risk assessment process, including partner review requirements and documentation standards. The assessment must consider Indonesian Financial Accounting Standards (PSAK) implications and include evaluation of going concern assumptions under local economic conditions. You must also assess compliance with local tax regulations and industry-specific requirements that could affect financial statement presentation or audit scope.
GOVERNING LAW
Applicable law
This Audit Risk Assessment is drafted to comply with Indonesia law. Key legislation includes:
Explore 208,390+ legal templates
Explore 208,390+ legal templates
Genie's Security Promise
Genie is the safest place to draft. Here's how we prioritise your privacy and security.
Your data is private:
We do not train on your data; Genie's AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it