Document 14197484
advertisement
Matakuliah Tahun : A0294/Audit SI Lanjutan : 2009 Konsep Audit, Risiko, dan Pengendalian (Kontrol) Internal Pertemuan 1-2 Learning Outcomes Pada akhir pertemuan ini, diharapkan mahasiswa akan mampu: Mahasiswa memahami konsep tentang Audit, Risiko, dan Pengenalian Internal Mahasiswa dapat menjelaskan keterkaitan antara Audit, Risiko, dan Pengendalian Internal Bina Nusantara University 3 Outline Materi • • Review Pemahaman Auditing Pengenalan Audit Sistem Informasi/ Audit TI • • • • • Audit SIA Berbasis TI Audit IT Governance Audit operasional bidang lain perlu data TI Konsep Risiko dan Pengendalian Internal Keterkaitan antara Audit, Risiko. Dan Pengendalian Internal Bina Nusantara University 4 Mahasiswa memperoleh Penjelasan manfaat mata kuliah yang dipelajari mekanisme pembelajaran tugas kelompok/individual bahan secara keseluruhan hubungan dengan mata kuliah lainnya disiplin dan aturan dalam perkuliahan Penjelasan singkat tentang Taxonomi Bloom, learning Kompetensi yang diharapkan dicapai Bina Nusantara University 5 Pemahaman Konsep Audit Bina Nusantara University 6 Review Pemahaman Istilah Penting • • • • Pengertian asersi, atestasi, audit Alasan perlunya audit Jenis-jenis audit & karakteristiknya Konsep sistem, sistem informasi akuntansi, resiko, sistem pengendalian intern dan audit • Perkembangan Teknologi dan dampaknya, perubahan sistem/pengendalian intern/audit • Prosedur Audit secara Garis Besar • Penggunaan komputer untuk Audit Bina Nusantara University 7 Firm & Environmet • • • • Firm Environment misalnya: customer, vendor, partner, creditor, Ditjen. Pajak, union (serikat sekerja), dan sebagainya. Ada aliran data/informasi, barang/jasa, dan uang antar perusahan dengan stockholder dan stakeholder. Business objective suatu perusahaan adalah stockholder welfare. Management (Direksi) harus akuntabel. Bina Nusantara University 8 Model Umum Organisasi Bisnis RUPS Top Stockholder/ Stakeholder Midle Level KAP Stockholder/ Stakeholder Supervisor Level Clerical IA Bina Nusantara University IA 9 Tingkatan Manajemen Top Management Menjelaskan tujuan perusahaan. Mission Statement Contoh: President, CEO, executive Contoh : Regional manager, plant manager Contoh : Account manager, office manager Bina Nusantara University 10 Stewardship The accountability/stewardship concept means directors owe the responsibility to the parties who have a vested interest in the organization. They work for and on behalf of the stockholder/stakeholder, and need to demonstrate competence. Akuntanbilitas: •Kewajipan menjalankan tugas dapat dipertanggungjawabkan dan mengikuti aturan. •Memastikan tugas-tugas yang dilaksanakan mencapai tujuan yang ditetapkan. Bina Nusantara University 11 Pengertian Audit Audit, pemeriksaan suatu organisasi/entitas/ unit organisasi/bidang kegiatan tertentu: •oleh orang yang kompeten dan independen •dengan bukti lapangan yang cukup •Adanya standar/kriteria/aturan /acuan •membandingkan bukti dengan kriteria •membuat laporan tentang kesesuaian hal-hal tersebut kepada pihak berkepentingan. Bina Nusantara University 12 Definisi Audit (Umum) Audit adalah proses pemeriksaan terhadap suatu entitas organisasi oleh orang (-orang) yang kompeten dan independen, dengan bahan bukti yang cukup, membandingkan bahan bukti tersebut dengan kriteria yang ditetapkan untuk dapat membuat laporan tentang kesesuaian hal-hal tersebut kepada pihak yang berkepentingan. Bina Nusantara University 13 Definisi (IIA) Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. Bina Nusantara University 14 Add value & improve organization’s operations Internal Auditing objective to add value and improve an organization’s operations, in accomplishing its objectives. Bina Nusantara University 15 MENGAPA PERLU AUDIT? • MEKANISME PENGENDALIAN – Ketaatan pada peraturan dan kebijakan • MENGURANGI KERUGIAN – Kecurangan /Fraud – Inefisiensi • MENINGKATKAN KEYAKINAN/ CONFIDENCE – Menambah kredibilitas data – Mengurangi information risk Bina Nusantara University 16 Siapa Yang Meng-Audits ? • • Trained & qualified auditors Quality Manager selects and trains internal auditors – – • observer on Quality Manager’s audits fist audit under supervision of qualified auditor Person independent of the activity Bina Nusantara University 17 Quality Assurance Service • JASA ATESTASI – – – – • • Bina Nusantara University Audit AGREED UPON PROCEDURES REVIEW EXAMINATION JASA QA NON-ATESTASI JASA NON-QUALITY ASSURANCE 18 Gambaran Menyeluruh Quality assurance Atestasi Audit Bina Nusantara University Review Non-Atestasi Agreed Upon Sistem Pensiun Tax Services 19 Jenis-jenis Audit • Financial Audit – General Audit – Special Audit • • • • • • Operational/ Management Audit Compliance Audit Investigative Audit Fraud Audit Audit Forensic Information Technology Audit Bina Nusantara University 20 1. Audit Plan 2. Develop Checklists 3. Opening Meeting 4. Gather Evidence 5. Record Results 6. Closing Meeting Prosedur Audit Bina Nusantara University 7. Audit Report 21 Audit SI IS auditing is the process of collecting and evaluating evidence to determine whether information systems and related resources, adequately safeguard assets, maintain data and system integrity, provide relevant and reliable information, achieve organizational goals effectively, consume resources efficiently, and have in effect internal controls that provide reasonable assurance that operational and control objectives will be met. Bina Nusantara University 22 AUDIT SI Bina Nusantara University 23 The Effect of Information Technology on The Audit Function Bina Nusantara University 24 Risiko • • • • • • Execution risks Information Processing risks Assets Protection risks Performance risks IT Security risks Continuity of Operations risks Bina Nusantara University 25 CHANGING INFORMATION TECHNOLOGY and its EFFECT on AUDITING • Distributed data processing, networking, and electronic data interchange. • End-User Computing • Real-Time Systems • Electronic (Internet) Commerce • Intelligent Systems Bina Nusantara University 26 IT Governance • The process for controlling an organization’s IT resources, including information and communication systems, and technology. • …using IT to promote an organization’s objectives and enable business processes and to manage and control IT related risks. Bina Nusantara University 27 The IT Internal Control Systems No Fraud Require Passwords CobiT (Framework for IT Processes Management) SOX Legislation/ SEC Rules IT Control Objectives for SOX (financial reporting) Limit Access Check for hard Passwords COSO (Risk Management Framework) Bina Nusantara University PCAOB No. 5 (Audit Standards for Financial Reporting and Statements) 28 Internal Controls TI • • • • • • • • • Separation of duties Delegation of authority and responsibility Competent and trustworthy personnel. System of authorizations Adequate documents and records Physical control over assets and records Adequate management super-vision Independent checks on perfor-mance Comparing recorded accounta-bility with assets Bina Nusantara University 29 What do IT auditors do? • Ensure IT governance by assessing risks and monitoring controls over those risks • Works as either an internal or external IT auditor • Supports many kind of audit and assessment (consulting) engagements Bina Nusantara University 30 Financial vs IT Audits • IT auditors may work on financial audit engagements • IT auditors may work on every step of the financial audit engagement • Standards, such as SAS No. 94*, guide the work of IT auditors on financial audit engagements • IT audit work on financial audit engagements is likely to increase as internal control evaluation becomes more important • * SAS 94 recognizes the pervasive effects of IT on accounting information systems and requires auditors to consider them. It also states that computer-assisted auditing techniques (CAATs) are needed to test 31 automated controls in certain types of IT environments. Bina Nusantara University IT Audit Skills • College education – IS or computer science, and accounting • Certifications – CPA, CFE, CIA, CISA, CISSP, and special technical certifications • Technical IT audit skills – business processes control and specialized IT technologies • General personal and business skills Bina Nusantara University 32 Code of Professional Ethics • The Information Systems Audit and Control Association®, Inc. (ISACA) sets forth this Code of Professional Ethics to guide the professional and personal conduct of members of the Association and/or its certification holders. • Members and ISACA Certification holder’s shall: 1. Support the implementation of, and encourage compliance with, appropriate standards, procedures and controls for information systems. 2. Perform their duties with due diligence and professional care, in accordance with professional standards and best practices. 3. Serve in the interest of stakeholders in a lawful and honest manner, while maintaining high standards of conduct and character, and not engage in acts discreditable to the profession. Bina Nusantara University 33 Code of Professional Ethics 5. Maintain competency in their respective fields and agree to undertake only those activities, which they can reasonably expect to complete with professional competence. 6. Inform appropriate parties of the results of work performed; revealing all significant facts known to them. 7. Support the professional education of stakeholders in enhancing their understanding of information systems security and control. Failure to comply with this Code of Professional Ethics can result in an investigation into a member’s or certification holder’s conduct and, ultimately, in disciplinary measures. Bina Nusantara University 34 Organisasi Profesi • AAA, AICPA, CICA, IFAC, IAI • IIA, • ISACA, • Assocuation of Information Systems (AIS) • Assocuation of Computing Machinery (ACE) Bina Nusantara University 35 Information Systems Audit and Control Association (ISACA) • Kantor Pusat ISACA di Chicago (website www.isaca.org). • ISACA adalah asosiasi profesi audit sistem informasi, didirikan tahun 1969 (Electronics Data Processing Auditing Association, EDPAA), tahun 1994 menjadi ISACA, kini memiliki lebih dari 160 chapters (branches atau cabang organisasi profesi) pada lebih dari 100 negara (di suatu negara mungkin terdapat lebih satu chapter, tergantung dari banyaknya anggota). • Di Indonesia ada Jakarta chapter dibentuk tahun 1992, dipelopori oleh dari BAKOTAN, BPK, BPKP, beberapa Kantor Akuntan Publik, beberapa instansi pemerintah dan swasta. Bina Nusantara University 36 The Bina Nusantara University End 37