Add to collection(s) Add to saved
  1. Business
  2. Management

IT Audit Guidelines and Procedures Pertemuan 9-10 Matakuliah : A0294/Audit SI Lanjutan

advertisement 
Matakuliah
Tahun
: A0294/Audit SI Lanjutan
: 2009
IT Audit Guidelines and Procedures
Pertemuan 9-10
Learning Outcomes
Pada akhir pertemuan ini, diharapkan mahasiswa
akan mampu :
• Menjelaskan mengenai ISACA IS Audit Guidelines
• Menjelaskan mengenai ISACA IS Audit Proedures
• Menjelaskan keterkaitan antara ISACA IS Standards, IS Audit Guidelines, and IS Audit
Procedures.
Bina Nusantara University
2
Outline Materi
•
•
•
Materi 1 ISACA IS Audit Guidelines
Materi 2 ISACA IS Audit Procedures
Materi 3 Kaitan antara ISACA Audit Standards, dengan ISACA IS Audit Guidelines,
dan ISACA IS Audit Procedures.
Bina Nusantara University
3
I.S. Auditing Standards
Objectives of IS Auditing Standards
• Inform management and other interested parties of the profession’s
expectations concerning the work of audit practitioners
• Inform information system auditors of the minimum level of acceptable
performance required to meet professional responsibilities
Bina Nusantara University
4
Standards, Guidelines, and Procedures for IS Auditing
(ISACA)
Bina Nusantara University
5
Objectives for ISACA’s Standards
• Minimum level of acceptable performance required to meet professional
responsibilities set out in the Code of Professional Ethics.
• Mandatory requirements for IS auditing and reporting
• Inform Management and other interested parties of the profession’s expectations
concerning the work of practitioners.
Bina Nusantara University
6
ISACA Guidelines for IS Auditing
• Consider the guidelines in determining how to implement the above mentioned
standards:
– Auditing Standards
– Evidence and Evaluation
• Use professional judgement applying them.
• Be able to justify any departure.
Bina Nusantara University
7
ISACA Audit Procedures
• provide examples of procedures an IS auditor might follow in an audit
engagement.
• provide information on how to meet the standards when performing IS auditing
work, but do not set requirements.
• should not be considered inclusive of any proper procedures and tests or exclusive
of other procedures and tests that are reasonably directed to obtain the same
results.
Bina Nusantara University
8
IT Risk Assessment Quadrants
100%
Sensitivity Rating
Quadrant II (Medium Risk)
Quadrant I (High Risk)
Example Risk
Suggested Action(s):
Accept
Mitigate
Transfer
Suggested Action(s): Level Assignment
Mitigate
50%
Quadrant IV (Low Risk)
Quadrant III (Medium Risk)
Suggested Action(s):
Accept
Suggested Action(s):
Accept
Mitigate
Transfer
0%
0%
Bina Nusantara University
50%
Vulnerability Assessment Rating
100%
9
Performing an IS Audit
Typical audit phases Summary
Identify
– the area to be audited
– the purpose of the audit
– the specific systems, function or unit of the organization to be included
in the review.
– technical skills and resources needed
– the sources of information for tests or review such as functional flowcharts, policies, standards, procedures and prior audit work papers.
– locations or facilities to be audited.
– select the audit approach to verify and test the controls
– list of individuals to interview
– obtain departmental policies, standards and guidelines for review
Bina Nusantara University
Develop
– audit tools and methodology to test
and verify control
– procedures for evaluating the test or
review results
– procedures for communication with
management
Identify
– follow-up review procedures
– procedures to evaluate/test
operational efficiency and
effectiveness
– procedures to test controls
Review and evaluate the soundness of
documents, policies and procedures
10
Emerging Changes in IS Audit Process
• Continuous Auditing - Prerequisites
–
–
–
–
–
–
–
–
–
–
–
Bina Nusantara University
A high degree of automation
An automated and reliable information-producing process
Alarm triggers to report control failures
Implementation of automated audit tools
Quickly informing IS auditors of anomalies/errors
Timely issuance of automated audit reports
Technically proficient IS auditors
Availability of reliable sources of evidence
Adherence to materiality guidelines
Change of IS auditors’ mind-set
Evaluation of cost factors
11
ISACA IS Auditing Standards
• The specialized nature of information systems auditing and the skills and
knowledge necessary to perform such audits require globally applicable standards
that pertain specifically to information systems auditing
• ISACA functions is to provide information to support knowledge requirement
Bina Nusantara University
12
ISACA
IS Auditing Standards Objectives
• Information system auditors of the minimum level of acceptable
performance required to meet the professional responsibilities set out
in the Code of Professional Ethics for information systems auditors
• Management and other interested parties of the profession’s
expectations concerning the concerning the work of audit practitioners
Bina Nusantara University
13
ISACA Auditing Standards
• Audit Charter
• Independence
– Professional Independence
– Organisation Independence
• Professional Ethics and Standards
• Professional Competence
• Planning
Bina Nusantara University
14
ISACA IS Auditing Procedures
• Procedures developed by the ISACA Standards Board provide examples of possible
process an IS auditor might follow in an audit engagement.
• In determining the appropriateness of any specific procedure, IS auditor should
apply their own professional judgment to the specific circumstances. The
procedure documents provide information on how to meet the standards when
performing IS auditor work, but do not set requirements.
Bina Nusantara University
15
Relationship:
Standards, Guidelines, Procedures
Standards defined by ISACA are to be followed by the IS auditor. Guidelines provide
assistance on how the auditor can implement standards in various audit assignment.
Procedures provide the examples of steps the auditor may follow in specific audit
assignment so as to implement the standards. However, the IS auditor should use
professional judgment when using guidelines and procedures.
Bina Nusantara University
16
Introduction
The specialised nature of information systems auditing,
and the skills necessary to perform such audits, require
globally applicable standards that apply specifically to
information systems auditing. One of the Information
Systems Audit and
Control Association, Inc.’s (ISACA’s) goals is therefore
to advance standards to meet this need. The
development and dissemination of Standards for
Information Systems
Auditing are a cornerstone of the
ISACA’s professional contribution to
the audit community.
Information systems auditing is defined as any audit
that encompasses the review and evaluation of any
aspect of automated information processing systems,
including related nonautomated processes, and the
interfaces between them.
Objectives
The objectives of the ISACA’s
Standards for Information Systems
Auditing are to inform
Information systems
auditors of the minimum level of acceptable
performance required to meet the professional
responsibilities set out in the Code of Professional
Ethics for information systems auditors

Management and other interested parties of the
profession’s expectations concerning the work of
practitioners
The objective of Guidelines for
Information Systems Auditing
Standards is to provide further information on how to
comply with the Standards for Information Systems
Auditing.
Bina Nusantara University
Document G1
Scope and Authority of
Standards for Information
Systems Auditing
The framework for the ISACA’s
Standards for Information Systems
Auditing provides for multiple levels of
standards, as follows:
Standards define mandatory requirements for
IS auditing and reporting.
Guidelines provide examples of different types
of information systems audit work and set
requirements for the work and its reporting. They
are standards to the extent that an information
systems auditor should be prepared to justify
departure.
Procedures provide examples of procedures
an information systems auditor might follow in
an audit engagement. The procedure documents
provide information on how to meet the
standards when doing information systems
auditing work, but do not set requirements.
The ISACA Code of Professional
Ethics requires members of the
ISACA and holders of the Certified
Information Systems Auditor (CISA) designation to
comply with Information Systems Auditing Standards
adopted by the ISACA. Apparent failure to comply
with these may result in an investigation into the
member's or CISA holder's conduct by the ISACA
Board or appropriate ISACA committee and
disciplinary action may ensue.
Development of Standards, Guidelines and
Procedures The ISACA Standards Board is
committed to wide consultation in the preparation of
Standards for Information Systems Auditing, Guidelines
and Procedures. Prior to issuing any documents, the
Standards Board issues exposure drafts internationally
for general public comment. The Standards Board also
seeks out those with a special expertise or interest in
the topic under consideration for consultation where
necessary.
The Standards Board has an on-going development
programme, and would welcome the input of members
of the ISACA and holders of the CISA designation to
identify emerging issues requiring new standards
products. Any suggestions should be e-mailed
(research@isaca.org) or faxed (+1.847. 253.1443) to
ISACA’s International Office, for the attention of the
Director of Research, Standards and Academic
Relations.
17
Tugas
Cari artikel berkaitan dengan Kode Etik dan Standar Profesional yang disusun oleh
IASII (Ikatan Auditor Sistem Informasi Indonesia)
Bina Nusantara University
18
Diskusi
• Jelaskan perbedaan antara IS Auditing Standard, IS Auditing Guidelines, dan IS
Auditing Procedures yang disusun oleh ISACA, dan jelaskan hubungan keterkaitan
di antara ketiganya!
• Sebutkan tujuan atau alasan mengapa ISACA menyusun kode etik Auditor SI.
• Sebutkan tujuan/ alasan mengapa ISACA menyusun IS Auditing Standard, IS
Auditing Guidelines, dan IS Auditing Procedures.
Bina Nusantara University
19
Diskusi
• Jelaskan mengapa IS Auditing Standard, IS Auditing Guidelines, dan IS Auditing
Procedures yang disusun oleh ISACA selalu direview secara periodik dan secara
terus-menerus disempurnakan?
• Sebutkan tanggal terakhir buletin ISACA tentang IS Auditing Standard, IS Auditing
Guidelines, dan IS Auditing Procedures pada saat ini.
Bina Nusantara University
20
Diskusi
• Jelaskan dan beri contoh yang dimaksud dengan professional competence di
bidang audit SI.
The End
Bina Nusantara University
21
Related documents
Access Controls Presentation
Access Controls Presentation
The US Sarbanes-Oxley Act has fundamentally impacted financial reporting, auditing, internal
The US Sarbanes-Oxley Act has fundamentally impacted financial reporting, auditing, internal
UNUM Auditor
UNUM Auditor
Document13499846 13499846
Document13499846 13499846
Los Angeles Seminar Flyer
Los Angeles Seminar Flyer
Download
advertisement