ABSTRACT
Background: Risk Based internal audit is a control and supervision activity carried out by internal auditors using the output of risk management. Purpose: The purpose of this study was to obtain a comprehensive understanding of the implementation of risk based internal audit at BPJS Ketenagakerjaan. Internal auditors need to know about risk management and risk maturity to identify key areas that require immediate supervision and follow-up. Method: This research is a case study qualitative research with a descriptive approach. Data was collected by means of interviews, observation and documentation. The analysis technique using triangulation is to collect data, reduce and draw conclusions. Results and findings: Researchers found that Social Security Agency while in Indonesian term is Badan Penyelenggara Jaminan Sosial (BPJS) Ketenagakerjaan as an institution that is mandated to manage labor social security membership fees and implement good governance and manage business risks. The risk management output is then used as the basis for conducting an internal audit. Discussion: BPJS Ketenagakerjaan carries out risk management to identify risks, identify areas that have potential risks and carry out risk profiling. This makes it easier for internal auditors to carry out the internal audit process. Impact: The results of risk management make it easier for auditors to identify risks and identify specific areas so that internal audits can run effectively and efficiently.