Integrating an Ethics Control System through the Integrity Management Framework (IMF)

Authors: I Nyoman Wara, Teguh Widodo, and Moh. Iqbal Aruzzi

Introduction: Good Practices of Ethics Control Systems

The integrity and ethics standards and guidelines of supreme audit institutions (SAIs) have been provided by the International Standards of Supreme Audit Institutions (ISSAI). INTOSAI P1 on the Lima Declaration states that members and auditors of a SAI must have the qualifications and moral integrity required to carry out their duties. ISSAI 100 on Fundamental Principles of Public Sector Auditing states that SAIs need to develop and maintain procedures relevant to organizational ethics and quality control to ensure that the supreme audit institution and its auditors comply with standards, ethics and statutory provisions. Furthermore, ISSAI 130 on the Code of Ethics emphasizes the need for a SAI to implement an ethics control system that comprises specific strategies, policies, and procedures. These practical elements, such as regular ethics training, clear ethical guidelines, and a system for reporting ethical violations, are crucial to guide, manage, and control ethical behaviour, making the implementation of ethics control systems a tangible and effective process. 

Some countries and organizations use different terms for ethics control systems in broader contexts. For instance, the Australian Government published a fraud control framework, which is essentially an ethics control system containing the main elements of fraud control: fraud rules, policy, and guidance. Australia has also issued a fraud and corruption control system, another term for an ethics control system, consisting of planning, prevention, detection, and response. Meanwhile, the Office of the Controller and Auditor-General of New Zealand in 2022 published an integrity framework, also another term for an ethics control system, containing key activities and ways of working required to build and maintain integrity throughout the organization. The Organization for Economic Co-operation and Development (OECD) in 2017 published a public integrity strategy blueprint, essentially an ethics control system that includes three main pillars: system, culture, and accountability. The International Organization for Standardization (ISO) published ISO 37001:2016 on anti-bribery management systems, which is synonymous for an ethics control system that regulates the requirements and guidelines for establishing, implementing, maintaining, and improving bribery management systems in an organization. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the Association of Certified Fraud Examiners (ACFE) jointly published a fraud risk management guide, which is an ethics control system that contains components of governance, fraud risk assessment, fraud control activities, fraud investigation and corrective actions, and monitoring activities.

The Implementation of an Ethics Control System in SAI Indonesia

In practice, SAI Indonesia (the Audit Board of the Republic of Indonesia or BPK) has implemented many instruments required in an ethics control system. The momentum for its commitment to adopting and implementing its code of ethics started with the issuing of Law Number 15 of 2006 on the Audit Board. In 2007, SAI Indonesia established the code of ethics, which was then continuously amended as needed in 2011, 2016, and most recently in 2018. 

Furthermore, SAI Indonesia does not stop developing various integrity enforcement instruments, including gratification control programs, provision of whistleblowing channels, development of organizational culture, development of human resource information systems, measurement and assessment of integrity risks, and implementation of risk management. SAI Indonesia has also proactively provided various regular training on ethics and integrity for its auditors. In addition, it also has a special working unit responsible for conducting audits and enforcing against integrity violations, including violations of the code of ethics, fraud, and disciplinary actions. SAI Indonesia has also established an Honorary Council on the Code of Ethics to ensure compliance with the organization’s code of ethics.

However, until recently, SAI Indonesia has not included those instruments in the explicit form of an ethics control system or an integrity framework that integrates and harmonizes all components and instruments of the system. The absence of a framework makes it difficult to understand, communicate, and implement the components of integrity control. This has become a significant issue when it faces conditions that have the potential to disrupt their independence, integrity, and professionalism. 

The Development of Integrity Management Framework in SAI Indonesia

SAI Indonesia has taken a strategic initiative to develop an integrity management system as part of its Strategic Plan for 2020 – 2024. In mid-2022, SAI Indonesia decided to implement the “Trilogy of Integrity Development” and fraud control system to strengthen the implementation of its basic values – Independence, Integrity, and Professionalism. This approach aims to prevent, detect, and swiftly respond to integrity violations by implementing a fraud control system, having top management act as integrity champions, and reinforcing the commitment to the organization’s core values. The trilogy consists of integrity education, integrity system development, and integrity enforcement and is expected to make the organization resilient and capable of preventing, detecting, and swiftly responding to integrity violations.

After a prolonged process of careful consideration, the trilogy of integrity development was operationalised into an ethics control system known as the Integrity Management Framework (IMF). The board of SAI Indonesia approved the IMF in January 2024. 

The IMF is a framework that SAI Indonesia uses as a reference to maintain integrity. This includes developing an organizational culture of integrity, preventing, detecting, controlling, and taking action against violations of integrity in a comprehensive and measurable way. It also involves accommodating all integrity management initiatives currently in progress and those being developed by SAI Indonesia. The IMF contains strategies and policies to guide, manage, enforce, and foster an organizational culture of integrity. The objectives of the IMF are:

1. manifesting an organizational culture that upholds  the basic values of the organisation, namely Independence, Integrity, and Professionalism; 
2. harmonizing all integrity control instruments or components in the Integrity Management Framework; and
3. increasing transparency and accountability in governance, prevention, detection, and response against integrity violations, as well as monitoring and evaluating integrity management in the organisation.

The IMF is comprised of five main components and thirty-three subcomponents, which can be easily visualized in the IMF Map. This map is a helpful tool that simplifies and explains the various parts of the IMF. Each component is either already established or is being built and developed in BPK. The IMF Map is designed to provide users and stakeholders with a clear and accurate understanding of the IMF in a quick and concise manner.

The Integrity Management Governance Component ensures that each integrity management component, subcomponent, and instrument is implemented, monitored, and evaluated by responsible parties within the organisation.  

The Prevention of Integrity Violations Component is designed to reduce the risks of integrity violations that may occur. The three-line model approach is used to prevent integrity violations, including developing and maintaining high integrity and a strong organizational culture within the organization.

The Detection of Integrity Violations Component is a tool created to identify any previously undiscovered integrity violations, enabling prompt remedial action to be taken. This is essential because even with comprehensive prevention measures in place, there is always the possibility of corruption, fraud and other integrity violations occurring. By detecting these violations at the earliest opportunity, SAI Indonesia can take swift action to address them.

The Response to Integrity Violations Component is intended to address possible integrity violations. Enforcement is necessary to uphold BPK’s fundamental values, preserve BPK’s reputation and credibility, and recover any losses that may result from such violations.

The Monitoring and Evaluating the Integrity Management Component is an ongoing process of observation, measurement, and assessment for each component of the Integrity Management Framework.

These five interconnected components are implemented in SAI Indonesia’s daily business processes iteratively and the components may only function well if they are supported by other components.

Conclusion and Way Forward

The Integrity Management Framework (IMF) was developed under a zero-tolerance policy for integrity violations. However, implementing the framework does not rule out the possibility of integrity violations since these violations may occur due to opportunities, motives, rationalization, pressure, and other factors coming from any individual who influences the employee’s decision to commit integrity violations. The IMF can help SAI Indonesia implement reasonable and proportional plans to prevent, detect, and respond to integrity violations.

Every SAI should acknowledge that integrity is an ongoing process requiring continuous adaptation, and improvement is a crucial lesson for global organizations. Embracing a culture of continuous improvement ensures that integrity initiatives remain relevant and effective in the face of evolving challenges.

SAI Indonesia’s willingness to acknowledge these challenges and public understanding of the principle of upholding integrity is highly important. This is to keep public expectations within reasonable limits and show its profound understanding of the complexities of maintaining integrity in public institutions. SAI Indonesia is committed to addressing these issues by continuously improving its integrity management system.

As a principle-based document, the IMF’s components and subcomponents will be implemented continuously using many forms of instruments that adapt to the changing needs and demands of its internal and external environments.

About the authors

I Nyoman Wara is currently serving as the Director General of Investigative Audit and the former Inspector General of SAI Indonesia. He has extensive experience and expertise in investigative and forensic audits, as well as financial and performance auditing.

Teguh Widodo is currently serving as the Inspector of Integrity Enforcement for the Inspectorate General of SAI Indonesia. He earned a doctoral degree in budgeting from the School of Government at the University of Birmingham, United Kingdom in 2017.

Moh. Iqbal Aruzzi is currently the Head of the Medan Branch of SAI Indonesia Corporate University. He earned a doctoral degree in Accounting and Financial Management from Loughborough University in the United Kingdom in 2019. His research focused on the Whistleblowing System as a tool for Anti-corruption Program.