Internal Audit Analysis in Islamic Banking

Reader Impact Factor Score
[Total: 5 Average: 5]

Published on International Journal of Economics & Business
Publication Date: January, 2020

Abdul Muis Alwahid, Agung Budi & Muhammad Miqdad
Accounting Program, Faculty of Economics and Business, University of Jember
Jember, East Java, Indonesia

Journal Full Text PDF: Internal Audit Analysis in Islamic Banking (Case Study at Islamic Bank Jember “X” KCP “Y”).

Abstract
This study seeks to show how the application of internal audit in Islamic banking, specifically Islamic Banking “X” KCP “Y”. This study used qualitative research methods. The type of data used in this study is subject data while the source of data is primary data and secondary data. Primary data used in this study were obtained by interviewing informants. While the secondary data used in this study are all supporting data that help researchers to answer questions raised in this study that are used in research obtained by interviewing informants. Data collection method used is the interview method. Data validity testing techniques in this study are Domain Analysis, Data Triangulation, Depenability Testing and Confirmation Testing. The results showed that in general Sharia Bank “X” KCP “Y” had carried out internal control properly in accordance with COSO. Audit procedures have been prepared and can accommodate the needs of field conditions later. One of them is demonstrated by the presence of an audit system branch that can provide a brief description of operational conditions or whether the internal audit is going well or not.

Keywords: Internal Audit, Coso and Islamic Banking.

1. Introduction
Effects of changes in Law No. 7 of 1992 into Law No. 10 of 1998 is the development and performance of Islamic banking which is heading in a positive direction. Besides the activities of Islamic banks began to become one of the rapidly developing industrial sectors in Indonesia, the growth of Islamic banking activities was caused by the rapid introduction of work practices contained in Islamic banks as well as extensive knowledge about practical work contained in the activities of Islamic banks.
Evidence of the development and development of sharia banking can be seen from the network of sharia banking offices, which in 1998 there was only one sharia commercial bank with 10 branch offices, 1 (Sharia Banking Statistics 2003 Financial Services Authority) to 12 sharia commercial banks with 2,151 branch offices spread throughout Indonesia in 2014 (2015 Islamic Banking Authority Financial Services Roadmap).
In addition to the expansion of Islamic banking to increase the number of banks and offices, the rapid growth of banks and offices is also due to the large number of opening of Islamic banks, both Islamic commercial banks and Islamic business units. This development not only shows improvement in the performance of the Islamic banking system, but also makes some researchers try to understand Islamic banking further, starting from the philosophy of the operational system to its products.
The encouraging development and performance of sharia banking can also be seen from the total assets that showed an upward trend in sharia banking assets from 2008 amounted to 49,555 (billion) to 272,343 (billion), meaning that there was a significant increase with an average of 40% annually (Sharia Banking Roadmap 2015 Financial Services Authority).
A significant increase in sharia banking assets is not comparable when seen from the sharia banking financial ratios that show sharia banking performance, where financial ratios from year to year have changed and there are differences with the theory or research that states the relationship CAR, BOPO, NPF, and FDR on ROA (Sharia Banking Roadmap 2015 Financial Services Authority).
In 2009 when ROA increased by 0.02% the CAR actually experienced a decrease of 2.04%. But on the contrary when ROA fell 0.14% in 2013, CAR actually rose by 0.19%. This is in contradiction with research which states that CAR has a positive effect on ROA.
In 2009 when BOPO rose by 2.64%, ROA actually rose by 0.06%. So it can be concluded that the BOPO ratio has a positive effect on ROA where several studies such as. This is in contradiction with research which states that BOPO has a negative and significant effect on ROA
In 2009, when the NPF ratio rose by 2.54%, ROA also rose 0.06%. These results conclude that the NPF ratio has a positive effect on ROA. This is in contradiction with research that the smaller the NPL the smaller the credit risk borne by the bank), or it can be concluded that the NPF has a negative effect on ROA.
The financial ratios above indicate the inconsistency of the ratios which indicate the inconsistency of the performance of Islamic banking. The inconsistency of the performance of Islamic banking shows that Islamic banking requires supervision and audit, especially internal audit to further understand the conditions or performance of Islamic banking.
The role of internal audit in Islamic banking becomes very important in the implementation of Islamic banking operations. That is because the role of internal audit in helping management to carry out its responsibilities in accordance with applicable regulations. The existence of an internal audit in Islamic banking is regulated in Bank Indonesia Regulation Number 11/33 / PBI / 2009 article 23 which requires each Islamic bank to carry out an internal audit.
In practice, the implementation of internal audits in Islamic banking is still difficult to carry out. That is because the internal audit at IFI (Islamic Financial Institution) which is part of sharia audits, is still new compared to conventional audits that have long been developing, but on the other hand the need for Sharia/ Islamic auditing is very much needed for Islamic / Islamic institutions (Harahap, 2002). Harahap (2002) explains that due to the new sharia audits compared to conventional audits, the formulation of sharia audits is based on conventional audits as long as they do not violate Islamic norms and standards.
This has led to similarities in carrying out internal audits. Similarities in conventional and sharia internal audit standards can be seen from the internal audit procedures performed. The similarities in the procedures for carrying out internal audits both conventional and sharia do not show the same thing in their implementation.
Several studies that have examined internal control include Rachmat (2006) who conducts internal control assessments that focus on the BTN bank control environment. Sari (2012) conducted a study To improve the transparency of local government financial reports, it is necessary to implement internal controls to avoid fraud.
In contrast to some previous researchers who focused on one internal control activity and using quantitative methods. This study seeks to show how the implementation of internal audits in Islamic banking, especially Syariah Bank KCP Bondowoso. This study uses qualitative research methods to find out in depth how the concept of sharia audits, sharia audit implementation and sharia audit outputs, by researching directly on the object of research to obtain a clear picture and understanding of internal audit in Jember Syariah Banking.
The background of the researchers took the title of the research Internal Audit Analysis in Islamic Banking (Case Study in Islamic Banks “X” KCP “Y”). The purpose of this study is to analyze in depth how the implementation of sharia audits at the “X” KCP “Y” Sharia Bank.
The contribution of this research is that theoritically the contribution of this research is expected to be a reference or input for the development of autansi and to add to the study of accounting, especially in the field of sharia audit to find out in depth how the implementation is applied in the implementation of sharia audits at the “X” KCP “Y” Sharia Bank. Practically, the contribution of this research is expected to be input for the internal audit executor at the “X” KCP “Y” Sharia Bank in implementing internal audit. In policy terms, the contribution of this research is expected to be input for decision makers on internal audit policy at the “X” KCP “Y” Sharia Bank.

2. Literature review
2.1 Understanding of Internal Audit
The Committee of Sponsoring Organizations (COSO) report in Boynton (2003) explains that internal control is a process carried out by the board of directors, management and other personnel in an entity that is designed to provide adequate confidence regarding the achievement of objectives in the categories: reliability of financial statements, compliance with laws and applicable regulations and the effectiveness of operating controls.
According to the Committee of Sponsoring Organizations of Treadway Commissions (COSO) (2013) describes the components of internal control as follows:
a. Control Environmet
b. Risk Assessment
c. Control Activities
d. Information and Communication
e. Monitoring Activites.
The relationship between the five objectives and internal control components is described by COSO (2013) in the form of a cube as follows:

Figure 1. Relationship of Objectives and Components of Internal Control
Source: COSO (2013)

Based on Figure 1., explains that there is a direct relationship between the objectives to be achieved by an entity with an internal control component that represents the needs needed to achieve that goal, as well as the existence of an entity’s organizational structure at each level (division, operating unit, function, etc.) . The three categories of objectives (operations, reporting, and obedience) are depicted in the column, while the five components of internal control are represented by rows, while the organizational structure of enity is described by the three dimensions.

2.2 Previous Research
Several previous studies examining internal audit have been carried out, one of which was conducted by Sofianingsih (2014) examining the components of internal control structures in a company to prevent fraud. The method used in this research is descriptive research that is research that aims to describe or define the influence of internal control structure components to prevent fraud on the company. In carrying out its business activities, the company always faces various risks which are usually referred to as business risks (bussiness risk). These include the risk of fraud that is classified as an Integrity Risk. According to ACFE, fraud that occurs can be classified into three categories of fraud, fraudulent financial statements (Financial Statement Fraud), misuse of assets (Asset Misappropriation), and corruption (Corruption). After understanding the types of fraud, the internal auditor needs to properly understand the structure of internal control in order to make efforts to prevent and detect fraud. According to COSO, the internal control structure consists of five components, namely the Control Environment, Risk Assessment, Control Activities, Information and Communication, and Monitoring. If the internal control structure has been put in place and running well, the chance of undetected fraud will be greatly reduced. The fraud examiner must know and understand each element in the structure internal control in order to be able to evaluate and find weaknesses.
Wardayati and Imaroh (2015) examined the application of internal controls to fund management, identified strengths and weaknesses related to internal controls applied, and provided recommendations on the application of internal controls in the fund management system at the Jember branch of the Al-Falah Social Fund Foundation. The research method used is a descriptive qualitative method and the object of the research used is the internal control procedure of fund management. This study analyzes internal control according to the internal control component according to COSO which consists of the control environment, risk assessment, control activities, information and communication, monitoring as well as analyzing the weaknesses contained in the Jember branch of the Al-Falah Social Fund Foundation. The results showed that internal control over fund management activities at the Jember branch of the Al-Falah Social Fund Foundation had several weaknesses, but overall the control was already running effectively.
Irsutami et all (2018) conducted a study to design an internal control system based on the Committee of Sponsoring Organizations (COSO) in the Managerial Accounting Study Program at the Department of Business Management in Batam State Polytechnic. Data collection was carried out by document inspection and interviews with several related parties, while the method of analysis was descriptive, namely by explaining each component of the COSO internal control system namely 1) Control Environment, 2) Risk Assessment, 3) Disregarding Activities, 4) Information and Communication, and 5) Monitoring with reference to the Vision and Mission of the Managerial Accounting Study Program. The result is a set of COSO-based internal control systems for the Managerial Accounting study program that can be applied to control the learning system.

3. Research Methods
This research uses a qualitative research approach using interpretive case study methods. The use of qualitative research is because qualitative research emphasizes more on the analysis of the process of thinking processes inductively related to the dynamics of the relationship between observed phenomena and always using scientific logic (Gunawan, 2015). The study was conducted at the office The study was conducted at the “X” KCP “Y” Sharia Bank office.
The type of data used in this study is subject data while the source of data is primary data and secondary data. Primary data used in the study were obtained by interviewing informants. The informants used in this study were the auditor, the head of the bank and one of the bank officers.
While secondary data used in this study are all supporting data that help researchers to answer questions raised in this study, secondary data include organizational charts, especially the internal audit department organizational chart, internal auditor SOP and other supporting data.
Susanto (2013) explains the activities in data analysis used in qualitative research namely data collection, data reduction, data display, and conclusion drawing, so that the way of analyzing the data used in this study is as follows:
a. Data collection is data that has been obtained both through interview techniques and documentation collected to build a credible model,
b. Data reduction is the process of selecting, focusing on simplifying data that is still raw from the records obtained. By summarizing data, classifying, directing, and discarding irrelevant data, conclusions can be obtained. If the problems found will develop, coding will be carried out for each information obtained.
c. Presentation of data is the process when the required data is ready for use then a presentation is formed. The form can be in the form of narrative text, charts, graphs or matrices.
d. Efforts to draw conclusions are carried out continuously. The more data obtained and processed, the conclusions obtained will be more detailed and stronger.

Figure 2. Steps of data analysis

Data collection methods used are interview methods, interview techniques used in this study are: (1) in-depth interviews and (2) Documentation, the collection of documents will be carried out simultaneously with interviews with informants. In-depth interviews will be carried out by researchers in stages by visiting the informants directly on the appointed days and hours. Days, hours and length of time the interview will be determined through confirmation with the informants about the time available for the informants to carry out the interview.
The data validity testing techniques in this study are Domain Analysis, Data Triangulation, Depenability Testing and Confirmability Testing. First, the researcher conducts domain analysis to obtain a general picture by seeing and understanding secondary data that will be received later, which can be in the form of SOPs, Organizational Structure (especially the Internal Audit Department) so that researchers can get an overview of the duties and responsibilities of internal auditors, as well as positions in company and how the reporting (both systematic and internal audit reporting flow) and follow-up after the internal audit findings are reported.
Second, triangulation of data is carried out in a way. Checking the validity of the data from various sources is done by checking the informant’s interview data with available data such as secondary data, observations in the hunger area or confirming one informant with another informant. To do this test the researcher will confirm the answers of each resource person to get confidence in the answers of each resource person.
Third, in the dependability testing phase, the researcher will consult with the research supervisor regarding interviews with the speakers. The guidance can be in the form of a list of questions deemed sufficiently capable of answering the researcher’s questions, consulting the interview flow to the informants who feel the researcher has a portion, position or experience in conducting internal audits.
Fourth, in the confirmability testing phase, the researcher will confirm with the speakers regarding the results of the interviews that have been conducted to all speakers. From this confirmation, researchers can obtain certainty from the interviewees for the results of interviews that are allowed to be published and which results of interviews that are not allowed to be published.
The research process begins by describing an understanding of sharia internal audit at the “X” KCP “Y” Sharia Bank, the general picture is obtained by collecting secondary data, then interviews are conducted with informants to reinforce the picture that has been received. Before, during the process and after the interview is conducted, the researcher will always consult with the supervisor to get interview directions. Guidance guidance is believed by researchers to make researchers obtain conclusions that can answer questions raised by researchers. During the research process the results of the interviews were confirmed by the interviewees so that it can be concluded how the implementation of sharia audits that have been carried out at the “X” KCP “Y” Sharia Bank.
In addition to consulting the supervisor before, during the process and after the interview, the researcher will also confirm to the interviewees about the results of interviews that can be published and which cannot be published. If there are interview results that are not allowed by the resource person to be published, the researcher will consult the supervisor about the results. This was done by researchers to get direction in this study.

4. Research Result
4.1 Development of the Internal Auditor’s Role
COSO (2013) identified five interrelated internal control components to provide a structure in considering many possible controls related to achieving the entity’s objectives, namely:
a. Control environment
b. Risk assessment.
c. Control activities (control activities).
d. Information and communication (information and communication).
e. Monitoring (monitoring).

4.2 Role of Internal Auditors in “X” KCP Bank “Y”
4.2.1 Control Environment
COSO (2013) explains control environmental factors including integrity, ethical values, and competencies of people and entities, management philosophy and operating style, how management gives authority and responsibility and organizes and develops people, attention and direction given by the board. The control environment is the basis for all components of internal control, providing discipline and structure.
The results of the interview show the control environment shown includes; integrity and ethics, competence, board participation, management philosophy and operational style, organizational structure, assignment of authority and responsibilities, practices and resource policies show that the Sharia Bank “X” KCP “Y” upholds the control environment. This is indicated by the formulation of clear regulations that support the achievement of the control environment in the Sharia Bank “X” KCP “Y”, such regulations include the creation of a code of ethics in supporting integrity and ethics, terms and conditions in employee recruitment, the existence of an audit committee for accommodate board participation, how fast management is in responding and handling incoming reports. In the organizational structure of the Sharia Bank “X” KCP “Y” has clearly shown authority, responsibilities and job descriptions of each employee, in terms of giving authority, the Sharia Bank “X” KCP “Y” has given written authority and responsibility for each employee, as well as routine evaluations, and most recently in terms of human resource policies, the “X” KCP “Y” Sharia Bank has determined the proportion of employees according to needs where there are regulations that support the recruitment standards and the proportion of employees.

4.2.2 Risk Assessment
COSO (2013) explains that risk assessment is a mechanism established to identify, analyze, and manage risks associated with the various activities in which an organization operates.
In its application in the Islamic Bank “X” KCP “Y” there have been standard rules in terms of identifying existing risks and just apply them. In identifying the risks that occur, the identification of problems that can be a risk is first carried out and determining priorities in assessing and anticipating these risks according to internal audit recommendations. When the results of the analysis are determined whether it is still in the form of potential, an in-depth analysis will be carried out to determine and anticipate the potential, after that together with internal audits will try to minimize the potential for fraud. In anticipating changes in risk assessment, Islamic Bank “X” KCP “Y” together with internal auditors will continue to update the potential risks that exist, this is done by collecting credible information so as not to be left behind in changes in risk assessment and eventually it will become an action. fraud. This will be the basis for internal auditors to determine the steps to anticipate future risks.

4.2.3 Control Activities
COSO (2013) explains that control activities are the implementation of policies and procedures established by management to help ensure that objectives can be achieved.
In carrying out control activities, Sharia Bank “X” KCP “Y” has taken several actions to support control activities. This is by carrying out multiple functions, documentation, supervision and authorization.
With regard to technology that supports control activities that support Sharia Bank “X” KCP “Y” in achieving its objectives, it has been determined that technology is able to support control activities, starting from the authorization, supervision to the flow of an “X” KCP “Y” Sharia Bank which has been accommodated by existing technology. Even though the technology still has a gap because there is no perfect technology, Islamic Bank “X” KCP “Y” continues and will update the technology to suit the needs of Islamic Bank “X” KCP “Y”.
To support control activities, the Sharia Bank “X” KCP “Y” has provided policies that support work procedures, which can later be implemented and applied in the operational activities of the Sharia Bank “X” KCP “Y”.

4.2.4 Information and communication
COSO (2013) explains the importance of information and communication in the form of a system that enables people or entities to obtain and exchange information needed to carry out, manage and control their operations.
At the “X” Sharia Bank “Y” KCP regarding understanding the importance of information is to be able to support the application of internal control, so that an information system is needed that can help to accommodate the information needs. The information that has been obtained will be communicated both information about the objectives and responsibilities of internal control and other information that supports internal control itself.
Interview results show that they have carried out internal controls in the Information and Communication component, including using information systems software that can support information and communication needs. In addition to information system software, communication is also done by doing a routine agenda that discusses the information obtained.

4.2.5 Monitoring
COSO (2013) explains the internal control system needs to be monitored, this process aims to assess the quality of system performance over time. This is done through ongoing monitoring activities, separate evaluations or a combination of the two. Monitoring includes determining the design and operation of timely controls and taking corrective actions.
The results of the interviews show that the Sharia Bank “X” KCP “Y” has carried out internal control in the monitoring component, one of which is to use routine evaluations carried out on related parties.

4. Conclusions, Limitation & Recommendation
4.1 Conclusions
In general, Islamic banks “X” KCP “Y” have carried out internal controls well. Audit procedures have been compiled and can accommodate the needs of the field conditions later. One of them is shown by the presence of an audit system branch that can provide a concise description of operational conditions or whether the internal audit is running well or not.
In the five internal control components mentioned by COSO (2008), namely 1. Control environment, 2. Risk assessment, 3. Control activities, 4. Information and communication (information and communication), 5. Monitoring (monitoring). Islamic Bank “X” KCP “Y” has run all of these components.
In controlling environmental activities, Sharia Bank “X” KCP “Y” has compiled a code of ethics that must be applied by each employee, along with punishments if they violate the code of ethics. In addition, the determination of employee recruitment requirements that support the competence of each employee. Audit board participation to support the control environment. The directors’ response is fast in helping field people make decisions. A clear organizational structure with clear authority, responsibilities and job descriptions. Along with the needs of employees who are fit and not excessive in recruiting.
In risk control activities, Sharia Bank “X” KCP “Y” explains that there are standard rules in assessing risk. One example given is the appointment of a KAP in providing financial statements when a debtor submits a credit. This shows that the Sharia Bank “X” KCP “Y” has anticipated the possibility of the risk of the financial statements being given incorrectly. The appointment of KAP is expected to help provide the correct financial statements, so that the Sharia Bank “X” KCP “Y” obtains credible information in order to anticipate risks in granting credit.
In control activities, Sharia Bank “X” KCP “Y” has performed separate functions from each division, besides the Sharia Bank “X” KCP “Y” requires supporting physical data that must be met in each of their reporting, such as forms, supporting documents and etc. The authorization granted is layered to support the Sharia Bank “X” KCP “Y” control activities.
In the information and communication activities, Sharia Bank “X” KCP “Y” already has a system that can accommodate the information and communication needs needed. With notes not every employee can see detailed information, for example the teller cannot see the accounting information.
In monitoring activities of the Sharia Bank “X” KCP “Y” has conducted a routine evaluation conducted every month to support monitoring activities.

4.2 Limitation
This research has limitations that limit its perfection. Therefore, these limitations need to be considered for further studies, limitations in this study are;
a. Interviews cannot be conducted in depth because of the busyness of the informants. In addition, the informants only pleased to interview via email.
b. Because this study discusses global internal audit, this study does not specifically examine internal control in the “X” KCP “Y” Sharia Bank division, such as the financing division, lending and others.
c. Because the focus of this study only focuses on Islamic banks, it cannot be made a comparison of bank control between Islamic banks and conventional banks.

4.3 Recommendation
Based on the limitations stated above, the researcher tries to give suggestions on various things that are considered necessary for further researchers:
a. The need for interviews that are only limited via email to better find out how the internal control of Islamic banks.
b. Specific research can be carried out discussing internal control in the “X” KCP “Y” Sharia Bank division such as the financing division, lending and others.
c. The need for expansion of the research area, so that an overview can be given of how the internal control of Islamic banks and conventional banks

5. References
Alamsyah, Halim. 2012. “Development and Prospects of Indonesian Islamic Banking: Challenges in Welcoming the 2015 MEA.” Paper presented at the Scientific Lecture of the Association of Islamic Economics (IAEI), IAEI 18th Anniversary, (13 April 2012).
Alfiya, Evi, and Mohammad Heykal.2014. “Analysis of Internal Control Against Mudharabah Financing Case Study of Bank Syariah Mandiri Mudharabah Financing Kebon Jeruk Branch.” Binus Business Review 5.1: 194-209.
Boynton, W. C., Raymond N. J, and Walter G.K, 2003. Modern Auditing, Issue 7, Jakarta: Translators Paul A. Rajoe, Gina Gania, Ichsan Setiyo Budi, Erlangga, Volume II.
Commite of Sponsoring Organization of Treadway Commissions. 2013. Internal Control – Integrated Framework.
Dendawijaya, Lukman. 2003. Banking Management. 2nd edition. Ghalia Indonesia (member of IKAPI), Jakarta
Florida Department of Economic Opportunity. 2016
Gunawan, Imam. 2013. “Qualitative Research Methods Theory and Practice.” Jakarta: Earth Literacy.
Harahap, Sofyan Syafri. 2002. “Auditing in Islamic Perspectives”, Jakarta: Quantum Library.
Hidayat, Siti Nurlola. 2012. Analysis of the Application of Accounting Information Systems in Supporting the Effectiveness of Internal Control in Musyarakah Financing. Journal of Accounting Gunadarma University
Ibrahim, Mohamed, and Shahul Hameed. “IFRS vs AAOIFI: The clash of standards?” (2007).
Indirantoro, Nur and Bambang Supomo.2013. “Business Research Methodology for Accounting & Management”. First Edition of the Sixth Printing. BPFE. Yogyakarta.
Irsutami, Irsutami, Sinarti Sinarti, and Jessica Olifia.2018. “The Design of COSO-Based Internal Control Systems in the Study Program at Batam State Polytechnic.” Journal of Applied Accounting and Taxation 3.2 (2018): 150-157.
Jusuf, Amir Abdi. 2006. Accounting Information Systems. Salemba Empat. Jakarta
Lukitasari, Yunia Putri, and Andi Kartika. 2015. “Analysis of the Effects of Third Party Funds, BOPO, CAR, LDR and NPL on Financial Performance in the Banking Sector which are listed on the Indonesia Stock Exchange.” INFOKAM 11 …
Mahardian, P. 2008. Analysis of the Influence of CAR, BOPO, NPL, NIM, and LDR Ratios on Banking Financial Performance (Case Study of Banking Companies Listed on the JSE period June 2002, June 2007). Management Economics Thesis. Diponegoro University, Semarang
Archipelago. A. B. 2009. Analysis of the Influence of NPL, CAR, LDR, and BOPO on Bank Profitability (Comparison of Go Public Banks and Non Public Go Commercial Banks in Indonesia for the Period of 2005-2007). Management Economics Thesis. Diponegoro University, Semarang.
Bank Indonesia Regulation Number 11/3 / PBI / 2009 concerning Sharia Commercial Banks Muamalat Profile on the official website of Muamalat bank
Rachmat, Sanyoto, 2006. “Analysis of Control Environment Conditions in the Internal Control System of Bank BTN”. Thesis Diponegoro University. Semarang
Riyadi, S. 2006. Banking Asets and Liability Management. University of Indonesia Faculty of Economics Publisher Institute, Jakarta
Sharia Banking Roadmap 2015 Financial Services Authority
Sari, Diana. 2012. “The Influence of Internal Control Against Transparency of Local Government Financial Statements”. Bandung: SNAB Development of the Role of Accounting in Professional Business
Sawyer, L, B.,. Dottenhofer, M. A and. Scheiner J. H, 2005. Sawyer’s Internal Auditing, Book 1, Issue 5, Jakarta: Translator Desi Anhariani, Salemba Empat ,.
Savcuk, Olga. 2007. “Internal Audit Efficiency Evaluation Principles”. Journal of Business Economics and Management 2007 Vol VII no 4, 275-284.
Syafi’I, Antonio Muhammad. 2001. Islamic banks: from theory to practice. Human echoes.
Shafii, Zurina, et al. 2014. “Shariah Audit Certification Contents: Views of Regulators, Shariah Committees, Shariah Reviewers and Undergraduate Students.” International Journal of Economics and Finance 6.5: p210.
Sudiyatno, Bambang. 2010. Analysis of the Influence of Third Party Funds, BOPO, CAR and LDR on Financial Performance in the Banking Sector that Go Public on the Indonesia Stock Exchange (BEI) Period 2005-2008. Journal of Financial and Banking Dynamics Vol.2 No 2.
Sondakh, Jullie J., and Nova Handayani.2016. “Evaluation of the Application of Accounting Information Systems in Supporting the Effectiveness of Internal Control of Musyarakah Financing at PT. Muamalat Bank Manado Branch Office.” Journal of Economic, Management, Business and Accounting Research 4.1
Sofianingsih, Dewi.2014. “Effect of Internal Control Structure Components to prevent fraud on companies.” Unesa Accounting Journal 2.2.
Susanto, Azhar. 2013. Accounting Information Systems. Lingga Jaya. Bandung
The Institute of Internal Auditors.2015. “International Professional Practice Framework”
Single, Amin Widjaja. 2013. COSO-Based Auditing Principles. Harvindo. Jakarta
Law No. 7 of 1992 concerning Banking
Law No. 7 of 1992 concerning Banking in 1998
Law No. 10/ 1998 concerning amendment to Law No. 7 of 1992 concerning Banking
Wardayati, Siti Maria, and Siska Putri Imaroh.2015. “Analysis of COSO Internal Control in the Management of Zakat, Infaq and Sadaqah Funds (ZIS) (Case Study at the Jember Branch Al-Falah Social Fund Foundation).