Enhancing the Competency Development Program for New Recruits: A Case Study at Internal Audit & Risk Management Function

: The pandemic created unsettling vulnerability as organization accelerated the shift to digital operations. One bright spot is that asset misappropriation, while still a top category of fraud, was down in the last 24 months perhaps due to more employees working remotely, with limited access to company assets. At the same time, remote working increased risks beyond just digital security. Hence, it is important to have effective internal controls to identify and prevent any kind of fraud. The increasing need for recruiting strong internal audit and risk management functions especially in public company is due to several factors, including increased regulatory scrutiny, greater stakeholder demands for transparency and accountability, and the growing complexity of business operations. With the increasing number of public companies, there is a greater need for effective internal controls and risk management systems to ensure financial reporting accuracy, prevent fraud, and meet regulatory requirements. Internal audit and risk management improve governance, decision-making, and identify risks for organizations. Strong functions require adequate manpower, trained personnel, and resources for effective performance. Group Audit and Risk Management (GARM) in one of public company, working on Internal Audit and Risk Management (IARM). To ensure GARM fulfils its responsibilities as a corporate center, they define Key Performance Indicators (KPIs) that are reviewed semi-annually by the Board of Directors (BOD). Unfortunately, one of the KPIs related to advisory and supporting roles, namely supporting the fulfilment of Group IARM manpower requirements, has not been met since 2013. The purpose of this study is to identify the root cause of the decrease in new recruit manpower fulfilment requests from Internal Audit and Risk Management functions in subsidiaries company and enhance the existing competency program in order to increase participation from Internal Audit and Risk Management functions. Using design thinking method and conducting in depth interview author may determine framework to enhance the programs that are more relevant to the competency needs.


INTRODUCTION
Company objectives refer to the goals and aspirations that a company has set for itself. They help guide decision-making and prioritize resources and are an important part of a company's overall strategy. Common company objectives include increasing profits, expanding market share, improving customer satisfaction, and developing new products or services. Several risks must be overcome in order for the company to achieve its goal. Risk could be defined as the possibility that an unexpected occurrence would occur and have a negative impact on a person, a company, or society. In the context of business and finance, risk is often assessed based on the likelihood and potential implications of such occurrences. Fraud risk is one of the various types of risks that businesses are facing, and it will continue to exist. PwC (2022) found that fraud and economic and financial crime have substantial impacts on both large and small organizations. Companies with global revenues over $10bn experienced 52% fraud in the past 24 months, with one in five experiencing a financial impact of over $50m. Cybercrime is the biggest threat across organizations. The Institute of Internal Auditors (IIA) established International Standards for Professional Practice of Internal Auditing. These standards were revised in October 2017 to explicitly state the responsibilities of internal auditors and dictate the nature of internal auditing activities. The IIA (1210.A2) requires internal auditors to assess fraud risk and organizational risk management. The IIA (1220.A1, 2120.A2 and 2210.A2) also requires internal auditors to exercise due professional care by evaluating the probability of significant error, fraud, or non-compliance and by indicating how organizational personnel manage these risks. Finally, the IIA (2410.A1) mandates internal auditors to include their opinion and conclusions in engagement results, considering senior management, board, and stakeholders' expectations.
The increasing need for strong internal audit and risk management functions especially in public company is due to several factors, including increased regulatory scrutiny, greater stakeholder demands for transparency and accountability, and the growing complexity of business operations. A strong internal audit and risk management function requires adequate manpower to ensure effective and efficient performance of their duties. This includes having sufficient numbers of trained and qualified personnel, as well as the necessary resources, to effectively carry out the internal audit and risk management processes. Public companies nowadays compete not only for customers, but also for high-potential employees to help them achieve their goals. Recruiting high-potential employees is important because they could drive the growth and success of a company. They possess unique skills, qualities, and experiences that make them valuable assets to the organization. Hiring high-potential employees helps to ensure that the company has a pool of talent that can fill leadership positions in the future, reducing the risk of a talent shortage. Internal Audit and Risk Management Function has a significant role as the third line of defense in supporting the implementation of a good control system and risk management. GARM is a corporate function in the head office that has roles and responsibilities that are defined by Management. One of the roles and responsibilities is advisory and supporting i.e., As an internal consultant, providing business advisory and support for subsidiaries. The activities that are relevant in this research are support the fulfilment of Group IARM manpower requirements; and support Group IARM's continuous learning and improvement. In this paper, we highlight the responsibility for fulfilling the need for internal auditors and risk management staff. Audit & Risk Development Program (ARDP) is a program for enhancing fresh graduates' competencies to meet the requirements of potential Auditors and Risk Analysts in Companies Group. This development program is designed to equip essential competencies as junior Auditors and Risk Analysts in technical and behavioral skill sets (knowledge and attitude). Therefore, they can accomplish their responsibilities as Auditor and Risk Analyst and have credibility following the Group standards. This program aims to build competent Auditors and Risk Analysts to work with minimum supervision. GARM has been conducting a competency development program for new recruits since 2010. Unfortunately, the participation trend from company subsidiaries in this program has been decreasing until now. The purpose of this study is to identify the root cause of the decrease in new recruit manpower fulfilment requests from Internal Audit and Risk Management functions in company subsidiaries and enhance the existing competency program in order to increase company subsidiaries participation.

LITERATURE REVIEW Internal Audit
The Institute of Internal Auditors (IIA) International Professional Practices Framework (IPPF) is a global framework for authoritative guidance for internal audit professionals, providing mandatory and recommended guidance as mandatory and recommended. Refer to IPPF (2017), internal auditing is an independent, objective assurance and consulting activity aimed at improving an organization's operations. It involves a systematic, disciplined approach to risk management, control, and governance processes. A code of ethics is necessary for this profession, based on trust in its objective assurance of governance, risk management, and control. One of the principles discussed is that internal auditors should utilize knowledge, skills, and experience for audit services. Furthermore, one of the rules of conduct states that internal auditors must engage in services with the necessary knowledge, skills, and experience, perform them according to International Standards, and continuously improve their proficiency and service quality. The IIA's Internal Audit Competency Framework offers a professional development plan for internal auditors at all career levels. It consists of four knowledge areas, three competency levels, and focuses on standards, situational functions, and key proficiencies. The framework also serves as an effective onboarding tool and multi-year training plan, helping chief audit executives identify and fill skill gaps within the audit function. Knowledge Areas: Professionalism, performance, environment, leadership, and communication. Professionalism involves the mission of internal auditing, charter, organizational independence, ethical behavior, and professional development. Performance involves governance, fraud, risk management, internal control, engagement planning, and engagement outcomes. Environment involves strategic planning, common business processes, social responsibility, and sustainability. Leadership involves strategic planning, coordinating assurance efforts, and quality assurance programs. Olsson (2002) mention the definition of risk as the uncertainty of future outcomes. Uncertainty has two dimensions: the range of possible outcomes and the probability of an outcome occurring. The range of possible outcomes can be narrow, limited, or unknown, making it crucial to have an open mind. Probability refers to the chance that a particular outcome will occur, but it may not be exact

Training & Development
Training and development programs for the enhancement of employees' skills and abilities are provided by a variety of multinational corporations. Companies may not allocate career opportunities to employees with the necessary acquaintances and abilities, according to O'Herron and Simonsen (1995). Mel Kleiman (2000) emphasized the importance of orientation, management, and operational skills in employee training programs, forming the foundation for employee development. A successful employee training program should combine knowledge, career development, and goal setting to benefit both employees and the organization. As information technology systems advance, businesses must ensure their employees have the necessary knowledge, skills, and abilities to perform new tasks effectively. It is the organization's responsibility to ensure employees have the necessary skills and knowledge, aligning with their position and providing them promptly when needed. Organizations must prioritize employee training to ensure they are equipped with the necessary knowledge and skills for their roles.

Figure 1 -Research Design
The researcher will come up with the research question and research objective, then use the design thinking framework to identify the current situation and propose the idea. To support the research, data collection needs to be conducted. First step: gathering data through primary data from interviewing users (in depth interview) for initial insights to test the research hypotheses and through secondary data from internal data and literature review for supporting data to get the insights from primary data. The research objective is to identify the root cause of subsidiaries' unwillingness to participate in this program and to enhance the programs to be more relevant to user's needs. The researcher conducted in-depth interviews to build empathy with users, aiming to find a more impactful solution. They collected internal data and reviewed relevant literature. As part of the core research framework, a design-thinking process was used to generate a recommended design solution.
Utilizing in-depth interviews to collect primary data, this research uses a qualitative approach. Mason (2002) mentioned that an indepth interview is similar to a conversation in that there are two individuals discussing a topic of mutual interest, and ideally the discussion is relaxed, open, and honest. The detailed analysis of the first-hand data will be explained in the section of the paper called "Emphasize," which is part of the "Design Thinking Process." As for secondary data collection, it was collected from both internal data and a literature review, as explained in the previous section. The internal data collection is based on detailed supporting data for KPI review. There are 26 respondents who will be interviewed and observed in this study to cover the whole population because the size of the population that has the particular set of characteristics that are of interest is small and manageable. The respondent is Internal Audit and Risk Management Head of each subsidiary company. They are the ones who decide whether or not to participate in this program. Consist of two main parts, i.e., (1) exploring the pain and gain of the users by learning about their feelings and experiences regarding the existing program and (2) brainstorming to find solutions for the pain and gain. Design thinking is a problem-solving and innovation approach centered on human-centered design. It is solution-based and usercentric, focusing on the solution rather than the problem itself. The first step is building empathy with users, which helps find more impactful solutions. Design thinking also involves observing product interaction, drawing conclusions based on research, and ensuring the user remains the focus of the final implementation (Ester Han, Harvard Business Review, 2022). Design thinking is an iterative process with three to seven phases, influenced by the Hasso Plattner Institute of Design at Stanford. The five-stage model is widely recognized for its teaching and application of design thinking. In this research, author use 5 stages of design thinking, according to the d.school, which are: The prototype phase enables the development, testing, and adjustment of the new ARDP. The emphasis is on gathering feedback, evaluating program effectiveness, and making any necessary adjustments to increase the training program's effectiveness in developing the desired competencies. The preparation from the prototype stage to the test phase for competency-based training allows for a systematic evaluation and refinement of the program before its full implementation.

Test
The test phase will be conducted the following year. It would be relevant to provide a schedule for plan implementation. Creating a timeline during the test phase of a competency-based training program provides benefits such as clear milestones and deadlines, efficient time management, enhanced organization and coordination, improved stakeholder communication, risk mitigation, opportunities for evaluation and feedback, project accountability, and optimized resource utilization. It contributes to the overall success and effectiveness of the testing procedure and facilitates the achievement of the project's objectives.

CONCLUSION AND RECOMMENDATION Conclusion
After conducting interviews, Subsidiaries still require ARDP because graduates of the program can demonstrate that the skills, they learned there were very useful for advancing their careers in their respective companies. However, some adjustments are needed to ensure that this program remains relevant to the company's current and future needs. This is due to the fact that the existing program is incapable of assisting users in finding candidates who meet their requirements. In order to fulfill manpower requirements, strong collaboration among the user and recruitment teams is needed. The user is responsible for defining technical competency and keeping it up to date with international and best practice standards, as well as consider industry standards, emerging trends, and specific job requirements while defining the technical competency. The requirement will be communicated to the recruitment team as the first window to proactively finding, engaging, and ultimately hiring candidates that they think would fit the company and the role. Based on the interview results from users, the author concluded that maximizing and diversifying applications from various majors is one way to get sufficient numbers of candidates. A higher number of candidates will increase the success rate in recruiting; hence, the time consumed for interviewing candidates will reduce. Several initiatives have been taken to make the program more attractive, such as rebranding the program, an intensive campaign on social media platforms, increasing numbers of universities collaborating, and a new scheme of benefits provided during the program. Designing a competency-based training program with a comprehensive curriculum that covers IT audit, data analytics, and ESG and includes a certification plan for candidates is a strategic method for ensuring that candidates acquire the required skills and knowledge in these areas. Enhancing the other factors regarding strengthening the mentoring program and the empowerment of professional external facilitators will contribute to the effectiveness of the training program, participants' competency development, and the overall success of the organization in building a skilled and competent workforce.

Recommendation
Competency-based training program development is an iterative process. Continuously collect feedback, evaluate the effectiveness of the curriculum and assessments, and make any necessary adjustments to guarantee that the program meets the needs of candidates and aligns with industry standards. Implementing a 360-degree feedback process can provide valuable insights and multiple perspectives on the competencies and skills of individuals participating in this program, as well as a comprehensive view of the participants' competencies, strengths, and areas for development. Regarding assessment and measurement, future research should explore innovative assessment methods and tools for evaluating competency acquisition and proficiency. The effectiveness of different assessment approaches, such as simulations, performancebased assessments, and digital badges, in accurately measuring competencies needs to be explored. E-learning will be utilized more effectively if the potential of adaptive learning technologies in competency-based training is also explored. How adaptive learning platforms can personalize the learning experience, dynamically adjust content based on the learner's needs, and maximize the development of competencies.