Matakuliah : F0174 / Audit Laporan Keuangan Berbasis
Komputer
Tahun : 2008

Bina Nusantara

Pengendalian oleh pimpinan tertinggi:
Senior manajemen di perusahaan bertanggungjawab terhadap fungsi sistem informasi berhadapan dengan banyak tantangan, seperti perkembangan hardware dan software
Pimpinan manajemen harus dapat mengantisipasi implikasi perkembangan teknologi terhadap fungsi sistem informasi dengan melihat perkembangan
1. Planning
2. Organizing
3. Leading
Bina Nusantara
4. Controlling
4

Top manajemen harus membuat master plan untuk bagian sistem informasi yang meliputi 3 tugas:
1. Mengetahui kesempatan dan masalah yg dihadapi
2. Mengidentifikasi sumber daya yang diperlukan
3. Membuat strategi dan taktik yang diperlukan untuk peroleh sumber daya
Bina Nusantara

Jangka Panjang:
1. Current Information Assesment
2. Strategic Direction
3. Development STartegic
Jangka Pendek:
1. Progress Report
2. Initiatives to be undertaken
3. Implementation Scheduler
Bina Nusantara

Perencanaan sisfo melibatkan banyak bagian organisasi.
Hal yang mendasari perencaan bagian organisasi meliputi 2 faktor:
1. Strategi penting yang ada pad aportofolio sekarang dan yang sedang berjalan
2. Strategi penting yang ada dalam portofolio sisfo yang akan digunakan pada masa yang akan datang
Bina Nusantara

Fungsi pengorganisasian adalah menemukan, mengalokasikan dan mendapatkan sumberdaya yang diperlukan untuk mencapai tujuan serta ditetapkan pada fungsi perencanaan.
Beberapa fungsi pada pengorganisasian yang harus dipertimbangkan bagi manajemen adalah:
1. Resorcing the information Systems Function
2. Staffing the Information System Function
3. Centralization Versus Decentralization of the Information
System Function.
4. Internal organization of Information System Function
5. Location of the Information Systems Function
Bina Nusantara

Kepemimpinan sistem manajemen yang kompleks yang dibuat untuk mempengaruhi tingkah laku individu atau group individu. Proses kepemimpinan untuk mencapai tujuan diharapkan mempertimbangkan:
1. Motivating Information System Personel
2. Matching Leadership Styles with Information System Personel
3. Effectively Communicating with Information System Personel
Bina Nusantara

Fungsi kontrol adalah melakukan perbandingan antara hasil yang dicapai sesungguhnya dengan yang direncanakan.
Beberapa hal yang dipertimbangkan dalam pengendalian:
1. Overall Controll of Information System Function
2. Technology Diffution and Controll of of Information System
Function
3. Controll of Information System Function
4. Control of user of Information System Function
Bina Nusantara

Management pengembangan sistem bertanggungjawab terhadap fungsi analisa, disain, pengembangan, implementasi dan maintenance sistem informasi.
Dalam banyak hal manajer menempatkan fungsi ini sebagai karya seni walapun telah banyak bimbingan prkatis yang disediakan tapi hasil kerja pengembangan sistem sistem yang baik tetap saja tergantung pada wawasan intuisi dan pengalaman setiap individu sistem analis dan desainer.
11
Bina Nusantara

Pendekatan yang digunakan saat mengaudit sub sistem pengembangan sistem:
1. Approaches to Auditing Systems Development
2. Evaluating The Major Phases In The Systems
Development Process
Bina Nusantara

Approaches to Auditing Systems Development
Pendekatan untuk mengaudit pengembangan sistem
Ada tiga tipe yang dilakukan auditor terhadap proses pengembangan sistem yaitu:
1. Concurent audit
2. Postimplementation audit
3. General Audit
Bina Nusantara

Evaluating The Major Phases In The
Systems Development Process
Terdapat 13 fase pengembangan sistem yang harus dievaluasi dan dikontrol auditor:
1.
Problem/oportunity definition
2.
Management of the change process
3.
Entry and feasibility assesment (penilaian)
4.
Analysis of existing system
5.
Formulation of strategic requirement
6.
Organizational and job design
7.
Information processing systems design
8.
Application software acquisition and development
9.
Hardware/system software acquisition
10. Procedure Development
11. Acceptance testing
12. Conversion
13. Operatin and Maintenance
Bina Nusantara

Bina Nusantara

Cara cara yang dipergunakan untuk memimpin pengembangan atau pembelian software yang bermutu tinggi terdapat beberapa fase:
1. The Program Development Life Cycle:
Untuk mengembangkan atau membeli dan untuk mengimplementasikan program berkualita
2. Organizing The Programing Team
Cara yang dipergunakan untuk mengorganisasi programer akan mempengaruhi nkualitas dari software yang dihasilkan
Bina Nusantara

Karakteristik program berkualitas:
1. Fungsinya tepat & lengkap
2. Memiliki high quality user interface
3. Bekerja dengan efisien
4. Disain & dokumentasi baik
5. Gampang untuk di maintain
6. Tangguh menghadapi keadaan yang tidak normal
6 pedoman untuk fase pengembangan program life cucle:
1. Planning
2. Control
3. Design
4. Coding
5. Testing
6. Operation and maintenance
Bina Nusantara

Terdapat 3 cara pengelolaan programer:
1. Chief Programer Team
Organisasi sederhana dengan fokus pada fungsi kontrol yang tersentralisasi
2. Adaptive Team model struktur programer, jumlah personalnya sedikit
3. Controlled Decentralized Teams
Struktur yang menggunakan junior progrmaer yang berada dibawah koordinasi senior programer yang bertindak sebagai pemimpin proyek
Bina Nusantara

Bina Nusantara

Bina Nusantara

Bina Nusantara

Bina Nusantara

Business Risk:
Likehood that an organization will not achieve its business goals and objectives.
Both internal & External factor can contribute to the chances of this occurance
Risk may emerge from the external environment, such as the risk of a poor economy. Other risks could rise internally.
23
Bina Nusantara

Bina Nusantara
Identify IT Risk
Identify IT Risk
Identify IT Risk
Identify IT Risk

Audit Risk is the likehood that an organization’s external auditor makes a mistake when issuing an opinion attesting to the fairness of its financial statements or that an IT auditor fails to uncover a material error or fraud.
Inherent Risk (IR) Control Risk (CR)
Detection Risk (DR)
Audit Risk = Likehood of material errors or fraud inherent in the business environment
X
Likehood that
The internal control
System will not
Prevent or detect
Material errors or
Fraud on
A timely basis
X
Likehood that
Audit procedures
Will not detect
Material errors or
Fraud on
A timely basis
Bina Nusantara

Identifying Information Technology Controls
COSO :
(Committee of Sponsoring Organization) of Treadway Commission
Internal Control
 is a process, effected by the entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
1.
Reliability of financial reporting
2.
Compliance with applicable laws and regulations
3.
Effectiveness and efficiency of operation
Bina Nusantara

Bina Nusantara
• Control environment
• Risk assessment
• Control activities
• Information and communication
• Monitoring

To using internal financial and operational controls, many organizations have sought to improve public confidance in their products and processes by adopting quality control standards.
ISO9000: The international Organization for Standardization (ISO).
Organization introduce ISO9000, 9001, 9002 and 9003.
Six Sigma ISO900 forces managers to document processes. Doing so may lead to process or product improvement, but that’s incidental to certification. Six Sigma, on the other hand, represents a standardized approach to process improvement.
The term “Six Sigma” refers to a statistical level, implying that tolerance of defects in quality should be controlled to less than six deviation from customer specifications or 3,4 defects per million instances.
Bina Nusantara

Define
Steps in the Six Sigma DMAIC Methodology
Define customers, processes and Boundary Project
Measure
Measure current process performance
Bina Nusantara
Analyse
Improve
Analyse data to identify defect causes and oppurtunities
For improvement
Improve processes and prevent problems
Control and monitor improvements
Control

Documenting Information Technology Controls
IT auditor use many tools to document their understanding of IT controls
These tools include:
1. Narrative description
2. Flowcharts, DFD (Grafis method)
3. Internal control questionare
30
Bina Nusantara

• Graphic representation of business processes / events
• Communication
– High light main components of processes
– Relatively easy to understand by all parties
– Understanding existing systems
– Designing new systems
– Easier to compare processes
• Forces discipline (if done correctly)
• SAS 94 suggests them, particularly for complex processes
Bina Nusantara

• Designed for use in Object Oriented design and development
– Can be used to document any system
– Not the only choice, but popular and flexible
• Like a map UML:
– Is Visual
– Uses standard symbols to convey information
– Is usually prepared by experts but can be read by anyone
– Can provide high or low levels of detail (globe vs. map of OSU campus)
Bina Nusantara

• A data-flow diagram shows the physical and logical flows of data through a transaction processing system without regard to the time period when each occurs
• Physical devices that transform data are not used in the logical diagrams
• Because of the simplified focus, only four symbols are needed
Bina Nusantara

Symbols used in Data Flow Diagrams
• A square represents an external data source or data destination . The latter is also called a sink
• A circle (or bubble) indicates an entity or a process that changes or transforms data
– A bubble can either be an internal entity in a physical DFD or a process in a logical
DFD
• An open-ended rectangle or a set of parallel lines represents a store or repository of data
– The file may represent a view or a portion of a larger entity-wide data base
• A line with an arrow indicates the direction of the flow of data
Bina Nusantara

• A Physical DFD documents the physical structure of an existing system. It answers questions such as Where an entity works,
How an entity works, the work is done by Whom , etc.
• Given the very “physical” focus of a physical DFD, it changes whenever the entities, technology used to implement the system, etc. changes
• Physical DFDs have no lower levels
• This limitation makes physical DFDs cumbersome to work with, and usually of limited value
Bina Nusantara

• Logical Data flow diagrams are usually drawn in levels that include increasing amounts of detail
• A top level (or high-level) DFD that provides an overall picture of an application or system is called a context diagram
• A context diagram is then decomposed, or broken down, into successively lower levels of detail
Bina Nusantara

• Logical Data flow diagrams document the processes in an existing or proposed system ( What tasks )
• Because the logic of a system changes infrequently, relative to its physical nature, a logical DFD will remain relatively constant over time
• Logical Data flow diagrams typically have levels below the level-0 diagram
Bina Nusantara

Bina Nusantara
The Hierarchy of Data Flow Diagrams
Context Diagram
Physical DFD
No lower levels
Level-0 logical DFD
Lower levels possible
Level 1 diagram(s)
Level 2 diagrams(s), etc.

Customer
Dataflows
(Interfaces)
This is a flow connecting a system with its environment
Bina Nusantara
Payment
Process bubble
Cash
Receipts
Process
Relevant Environment comprised of External Entities
}Boundary
(border between a system and its environment)
Deposit
Bank

Start of Process Events/Triggers Document/
Report
Customer
Event A Event D
D = document
Server
Kitchen
Staff
Cashier
Manager
Register
Bina Nusantara
Event B Event C
D: (completed)
Sequence (triggers)
Status
Swimlanes:
Separation based on role
S: (completed)
Event E
Data flows
Files
(tables)
D: (paid)
F: File 1 T: Table 1
Event F
End of Process

Bina Nusantara