internal control

Sistem Pengendalian Internal
Problems in Auditing........
The Cowboy after
OSHA(Occupational & Safety Health Act )
The COSO Internal Control Integrated Framework
 After several significant audit failures occurred during the 1980s, the
Committee of Sponsoring Organizations (COSO) formed to redefine
internal control and the criteria for determining the effectiveness of an
internal control system.
 In 1985, the Committee of Sponsoring Organizations of the Treadway
Commission (COSO) was formed to sponsor the National Commission on
Fraudulent Financial Reporting, whose charge was to study and report on
the factors that can lead to fraudulent financial reporting.
 A significant part of this mission is aimed at developing guidance on
internal control.
Defining Risk
To satisfy stakeholders, be successful and gain competitive advantage,
organizations need to recognize that the achievement of their business
objectives is inextricably linked to risk.
Risk is anything- internal or external - that may impede an organization
from achieving its objectives.
Although the common view of risk is a negative event, risk also
encompasses uncertainty and opportunity.
So the challenge to management becomes to effectively manage risk by
minimizing the negative and maximizing the opportunity to achieve, or
exceed, the business objectives.
 In 1992, COSO published Internal Control-Integrated Framework, which
established a framework for internal control and provided evaluation tools
that businesses could use to evaluate their control systems.
 . The 1992 COSO document, Internal Control - Integrated Framework,
changed the way internal control is viewed. The COSO Framework
considers not only the evaluation of hard controls, like segregation of
duties, but also soft controls, such as the competence and
professionalism of employees.
4 pagar pengamanan
Kualitas Pengendalian Intern
Peran Internal
Peran External Auditor
SAS 78, 1995
Mengadopsi pengertian Pengendalian internal dari
laporan COSO (Committee of Sponsoring Organization)
Internal control adalah suatu proses, dijalankan oleh
dewan komisaris, managemen, dan karyawan lain dari
suatu entitas, dirancang untuk memberikan jaminan
memadai sehubungan dengan pencapaian tujuan dalam
kategori sbb:
Keandalan pelaporan keuangan
Kepatuhan terhadap undang-undang dan peraturan yang
Efektivitas dan efesiensi operasional
Komponen Pengendalian Internal
COSO says internal control consists of five interrelated
components that are derived from the way
management runs a business and are integrated into
the management process:
Control Environment
Risk Assessment
Control Activities
Information and communication
Control environment. The tone of the
organization influences the control
consciousness of its people. Examples include
the integrity, ethical values and competence of
employees; management’s philosophy; and
input provided by the board of directors.
Risk assessment. Identification and analysis of
risks relevant to achieving corporate goals,
determination of how such risks should be
managed and implementation of a process to
address risks associated with change.
Control activities. Policies, procedures and processes
that help ensure a company carries out management
directives. Examples include approvals, verifications,
reconciliations, reviews of operating performance,
security of assets and segregation of duties.
Information and communication. Communication
within the company and with external parties such as
customers, regulators and shareholders. For example,
reports that contain operational, compliance or financial
data or that share ideas or events across lines of
business are generated from a company’s information
Monitoring. Assessing the quality of a company’s
internal control systems. This is done through ongoing
monitoring of activities within the business unit and an
independent evaluation of existing controls by auditors.
Risiko Audit
Scoping – The COSO Framework
Control Activities
Assessment of a control
system’s performance over
Policies/procedures that
ensure management
directives are carried out
Combination of ongoing and
separate evaluation
Management and
supervisory activities
Internal audit activities
Range of activities
including approvals,
performance reviews,
asset security and
segregation of duties
Information &
Pertinent information
identified, captured and
communicated in a timely
Access to internally and
externally generated
Flow of information that
allows for successful control
actions from instructions on
responsibilities to summary
of findings for management
Risk Assessment
Control Environment
Sets tone of organization, influencing
control consciousness of its people
Factors include integrity, ethical values,
competence, authority, responsibility,
organization structure, HR policies and IT
control environment
Foundation for all other components of
Risk assessment is the
identification and
analysis of relevant risks
to achieving the entity’s
objectives – forming the
basis for determining
control activities
Risk Assessment Process
Step 1
Set Objectives
Key Questions
What are we trying to achieve?
Produce reliable financial
Step 2
Key Questions
Identify risks to
A natural disaster could
achieving those What could happen that would destroy computer systems
affect our objectives
and data
Step 3
Risk Assessment Process
Assess Risk
Key Questions
What are the consequences of
risk? What is likelihood event Consequences are severe;
will occur?
likelihood is slight
Step 4
Manage Risk
Key Questions
In light of the assessment, what
Insure against loss.
is the most cost-effective way Develop business recovery
to manage the risk>
plan. Self-insure
Step 5
Define Control
Step 6
Design Control
Key Questions
For risks to managed through
internal control, what are the
control objectives?
Implement recovery plan
that reduces the impact of
a natural disaster.
Key Questions
How should the control be
designed to prevent or detect
identified risk?
Design recovery plan.
Implement plan.
Test on a regular basis.
Anti-Fraud Provisions
The SEC’s rules relating to management’s reports on internal control include
commentary on the background of the rules and insight on how the rules should
be interpreted and implemented, including:
– The assessment of a company’s internal control over financial reporting must be based
on procedures sufficient both to evaluate its design and to test its operating
effectiveness. Controls subject to such assessment include, but are not limited to:
…controls related to the prevention and detection of fraud.
In addition to the SEC guidance, the PCAOB, in its Auditing Standards #2, has
stated the following:
– That management's responsibility when designing a company's internal control over
financial reporting is to design and implement programs and controls to prevent, deter,
and detect fraud.
– Management, along with those who have responsibility for oversight of the financial
reporting process (such as the audit committee), should set the proper tone; create and
maintain a culture of honesty and high ethical standards; and establish appropriate
controls to prevent, deter, and detect fraud.
Perolehan Pemahaman
Pengendalian Internal
Metodologi audit untuk memenuhi standar
pekerjaan lapangan kedua:
Pemahaman cukup atas komponen-komponen
pengendalian internal untuk merencanaan audit
Penilaian risiko kontrol untuk setiap asersi penting
yang ada dlam saldo akun atau kelompok transaksi
dan komponen pengungkapan dari laporan keuangan
Perancangan pengujian substantif untuk setiap asersi
penting elemen laporan keuangan
Dokumentasi Pemahaman
Angket (questionnaires)
Bagan alir
Diagram sistematik dg memakai simbol standar, garis
penghubung dan penjelasan
Tabel keputusan
Rangkaian pertanyaan ya/tidak tentang pengendalian internal
yang diperlukan untuk mencegah salahsaji material
Matriks yang digunakan mendokumentasikan logika program
Komentar tertulis auditor tentang pengendalian internal
Related flashcards


24 cards


25 cards

Create Flashcards