Sistem Pengendalian Internal
Problems in Auditing........
Cowboy
The Cowboy after
OSHA(Occupational & Safety Health Act )
The COSO Internal Control Integrated Framework
 After several significant audit failures occurred during the 1980s, the
Committee of Sponsoring Organizations (COSO) formed to redefine
internal control and the criteria for determining the effectiveness of an
internal control system.
 In 1985, the Committee of Sponsoring Organizations of the Treadway
Commission (COSO) was formed to sponsor the National Commission on
Fraudulent Financial Reporting, whose charge was to study and report on
the factors that can lead to fraudulent financial reporting.
 A significant part of this mission is aimed at developing guidance on
internal control.
‹#›
Defining Risk

To satisfy stakeholders, be successful and gain competitive advantage,
organizations need to recognize that the achievement of their business
objectives is inextricably linked to risk.

Risk is anything- internal or external - that may impede an organization
from achieving its objectives.

Although the common view of risk is a negative event, risk also
encompasses uncertainty and opportunity.

So the challenge to management becomes to effectively manage risk by
minimizing the negative and maximizing the opportunity to achieve, or
exceed, the business objectives.
‹#›
 In 1992, COSO published Internal Control-Integrated Framework, which
established a framework for internal control and provided evaluation tools
that businesses could use to evaluate their control systems.
 . The 1992 COSO document, Internal Control - Integrated Framework,
changed the way internal control is viewed. The COSO Framework
considers not only the evaluation of hard controls, like segregation of
duties, but also soft controls, such as the competence and
professionalism of employees.
‹#›
4 pagar pengamanan
1
2
3
4
Values
Kualitas Pengendalian Intern
Peran Internal
Auditor
Peran External Auditor
‹#›
SAS 78, 1995


Mengadopsi pengertian Pengendalian internal dari
laporan COSO (Committee of Sponsoring Organization)
Internal control adalah suatu proses, dijalankan oleh
dewan komisaris, managemen, dan karyawan lain dari
suatu entitas, dirancang untuk memberikan jaminan
memadai sehubungan dengan pencapaian tujuan dalam
kategori sbb:



Keandalan pelaporan keuangan
Kepatuhan terhadap undang-undang dan peraturan yang
berlaku
Efektivitas dan efesiensi operasional
Komponen Pengendalian Internal
COSO says internal control consists of five interrelated
components that are derived from the way
management runs a business and are integrated into
the management process:





Control Environment
Risk Assessment
Control Activities
Information and communication
Monitoring


Control environment. The tone of the
organization influences the control
consciousness of its people. Examples include
the integrity, ethical values and competence of
employees; management’s philosophy; and
input provided by the board of directors.
Risk assessment. Identification and analysis of
risks relevant to achieving corporate goals,
determination of how such risks should be
managed and implementation of a process to
address risks associated with change.



Control activities. Policies, procedures and processes
that help ensure a company carries out management
directives. Examples include approvals, verifications,
reconciliations, reviews of operating performance,
security of assets and segregation of duties.
Information and communication. Communication
within the company and with external parties such as
customers, regulators and shareholders. For example,
reports that contain operational, compliance or financial
data or that share ideas or events across lines of
business are generated from a company’s information
systems.
Monitoring. Assessing the quality of a company’s
internal control systems. This is done through ongoing
monitoring of activities within the business unit and an
independent evaluation of existing controls by auditors.
Risiko
Bawaan
Risiko
Pengendalian
Risiko
Deteksi
Risiko Audit
Scoping – The COSO Framework
Monitoring
Control Activities

Assessment of a control
system’s performance over
time

Policies/procedures that
ensure management
directives are carried out

Combination of ongoing and
separate evaluation


Management and
supervisory activities

Internal audit activities
Range of activities
including approvals,
authorizations,
verifications,
recommendations,
performance reviews,
asset security and
segregation of duties
Information &
Communication



Pertinent information
identified, captured and
communicated in a timely
manner
Access to internally and
externally generated
information
Flow of information that
allows for successful control
actions from instructions on
responsibilities to summary
of findings for management
action
Risk Assessment

Control Environment

Sets tone of organization, influencing
control consciousness of its people

Factors include integrity, ethical values,
competence, authority, responsibility,
organization structure, HR policies and IT
control environment

Foundation for all other components of
control
Risk assessment is the
identification and
analysis of relevant risks
to achieving the entity’s
objectives – forming the
basis for determining
control activities
‹#›
Risk Assessment Process
Step 1
Goals
Set Objectives
Key Questions
What are we trying to achieve?
Examples
Produce reliable financial
statements
Step 2
Goals
Key Questions
Examples
Identify risks to
A natural disaster could
achieving those What could happen that would destroy computer systems
objectives
affect our objectives
and data
Step 3
Goals
Risk Assessment Process
Assess Risk
Key Questions
Examples
What are the consequences of
risk? What is likelihood event Consequences are severe;
will occur?
likelihood is slight
Step 4
Goals
Manage Risk
Key Questions
Examples
In light of the assessment, what
Insure against loss.
is the most cost-effective way Develop business recovery
to manage the risk>
plan. Self-insure
CONTROL ACTIVITIES
Step 5
Goals
Define Control
Objective
Step 6
Goals
Design Control
Key Questions
For risks to managed through
internal control, what are the
control objectives?
Examples
Implement recovery plan
that reduces the impact of
a natural disaster.
Key Questions
How should the control be
designed to prevent or detect
identified risk?
Examples
Design recovery plan.
Implement plan.
Test on a regular basis.
‹#›
Anti-Fraud Provisions

The SEC’s rules relating to management’s reports on internal control include
commentary on the background of the rules and insight on how the rules should
be interpreted and implemented, including:
– The assessment of a company’s internal control over financial reporting must be based
on procedures sufficient both to evaluate its design and to test its operating
effectiveness. Controls subject to such assessment include, but are not limited to:
…controls related to the prevention and detection of fraud.

In addition to the SEC guidance, the PCAOB, in its Auditing Standards #2, has
stated the following:
– That management's responsibility when designing a company's internal control over
financial reporting is to design and implement programs and controls to prevent, deter,
and detect fraud.
– Management, along with those who have responsibility for oversight of the financial
reporting process (such as the audit committee), should set the proper tone; create and
maintain a culture of honesty and high ethical standards; and establish appropriate
controls to prevent, deter, and detect fraud.
‹#›
‹#›
Perolehan Pemahaman
Pengendalian Internal

Metodologi audit untuk memenuhi standar
pekerjaan lapangan kedua:



Pemahaman cukup atas komponen-komponen
pengendalian internal untuk merencanaan audit
Penilaian risiko kontrol untuk setiap asersi penting
yang ada dlam saldo akun atau kelompok transaksi
dan komponen pengungkapan dari laporan keuangan
Perancangan pengujian substantif untuk setiap asersi
penting elemen laporan keuangan
Dokumentasi Pemahaman

Angket (questionnaires)


Bagan alir


Diagram sistematik dg memakai simbol standar, garis
penghubung dan penjelasan
Tabel keputusan


Rangkaian pertanyaan ya/tidak tentang pengendalian internal
yang diperlukan untuk mencegah salahsaji material
Matriks yang digunakan mendokumentasikan logika program
komputer
Memoranda

Komentar tertulis auditor tentang pengendalian internal