CONTROL: TYPES AND TECHNIQUES
STUDY UNIT THREE
PROFICIENCY IN ANALYSIS, SYNTHESIS
AND EVALUATION
Elements
Description
Example
Analysis
It results in understanding of a situation,
set of circumstances, or process. Apply
to elements, and relationships of
elements of situation, circumstances. It
requires understanding, deductive
reasoning to reach a conclusion about
specifics that necessarily follows from
general premises.
In evaluating effectiveness and efficiency of
production capacity, IA must determine
whether customers orders should be
accepted ot a lower-than-usual-price.
Variable to consider include contribution
margin, available capacity, and economic
effects on other customers.
Synthesis
It involved developing standards and
generalization for a situation, set of
circumstances or a process. Combining
individual components or parts to
produce a whole. Requires inductive
reasoning, reaching generalized
conclusion from particular instances.
Developing an engagement work program.
IA must synthesize many factors:
engagement objectives, prior results,
organizational changes, legal and
regulatory issues, identified risks, etc.
Evaluation
It is relating a situation, set of
circumstances to predetermined or
synthesized standards. Evaluation
usually included bot analysis and
synthesis.
IA relies on their training, experience,
understanding to assess quality of situation
or process.
2
PROFICIENCY IN ANALYSIS, SYNTHESIS
AND EVALUATION
Elements
Description
Example
Analysis
Hasilnya pemahaman situasi, keadaan,
atau proses.
Cara untuk memahami keseluruhan
melalui pemahaman parts.
Hal ini membutuhkan pemahaman,
penalaran deduktif.
Dalam mengevaluasi efektivitas dan
efisiensi kapasitas produksi, IA harus
menentukan apakah pesanan pelanggan
telah diterima pada harga atau lebih
rendah dari biasanya. Variabel yang perlu
dipertimbangkan: margin kontribusi,
kapasitas yang tersedia, dan dampak
ekonomi pada pelanggan lain.
Synthesis
Pengembangan standar dan
generalisasi untuk situasi, keadaan atau
proses.
Menggabungkan komponen individu
atau bagian untuk menghasilkan
keseluruhan.
Membutuhkan penalaran induktif,
mencapai kesimpulan umum dari kasus
tertentu.
Mengembangkan program kerja audit.
IA harus mensintesis banyak faktor: tujuan
penugasan, hasil sebelumnya, perubahan
organisasi, masalah hukum dan peraturan,
diidentifikasi risiko , dll
Evaluation
Menghubungkan situasi, keadaan atau
proses thd standar yang telah
ditentukan.
Evaluasi meliputi analisis dan sintesis.
IA bergantung pada pelatihan,
pengalaman, pemahaman untuk menilai
kualitas situasi atau proses.
3
SU.3.1:
OVERVIEW OF CONTROL
4
3.1 OVERVIEW OF CONTROL
Control (IIA Glossary)
Any action taken by management, the board, and other parties to manage
risk and increase the likelihood that established objectives and goals will be
achieved.
Management plans, organizes, and directs the performance of sufficient
actions to provide reasonable assurance that objectives and goals will be
achieved.
Control Process (IIA Glossary)
The policies, procedures (both manual and automated), and activities that
are part of a control framework, designed and operated to ensure that risks
are contained within the level that an organization is willing to accept.​
5
3.1 OVERVIEW OF CONTROL
Control (Pengendalian)
Adalah kegiatan yang dilakukan oleh manajemen, dewan
pengawas, dan pihak-pihak lain dalam mengelola risiko dan
meningkatkan kemungkinan pencapaian sasaran dan tujuan
organisasi.
Manajemen merencanakan, mengorganisasikan, dan
mengarahkan kinerja menuju tindakan-tindakan yang dapat
memberikan jaminan bahwa tujuan dan sasaran organisasi
akan tercapai.
6
3.1 OVERVIEW OF CONTROL
Control Processes (Proses/Kegiatan Pengendalian)
Kebijakan, prosedur (baik manual maupun yang telah
terotomatisasi), dan kegiatan sebagai bagian dari kerangka
pengendalian, yang dirancang dan dioperasikan untuk
menjamin bahwa risiko yang ada telah diturunkan sampai
pada suatu level yang dapat diterima organisasi.
7
CONTROL PROCESS
Establishing standards for the operation to
be controlled
Measuring performance against the
standards
Examining and analyzing deviations
Taking corrective actions
Reappraising the standards based on
experience
• Kontrol membutuhkan umpan balik tentang hasil kegiatan organisasi untuk tujuan
pengukuran dan koreksi
• Evaluasi sistem reward-harus dilaksanakan
• Biaya pengendalian internal tidak boleh lebih besar dari manfaatnya
8
SU.3.2:
CLASSIFIYING CONTROLS
9
3.2 CLASSIFYING CONTROLS
1. PRIMARY CONTROLS
• To deter
undesirable
events from
occuring
• Correct the
negative effects
of unwanted
items
• To detect and
correct
undesirable
events that
have occured
Preventive
Detective
Corrective
Directive
• To cause or
encourage a
desirable event
to occur
10
CONTOH SOAL
2. SECONDARY CONTROLS
Compensatory/
mitigative controls
– reduce risk when
the primary controls
are not effective
Complementary
controls – work with
other controls to
reduce risk to an
acceptable level
(synergy)
12
3. APPLICATION CONTROLS
•
Kontrol Aplikasi adalah kontrol utama yang berhubungan dengan tugas-tugas bisnis yang
dilakukan oleh sistem tertentu.
•
Mereka harus memberikan keyakinan memadai bahwa rekaman, masukan, proses dan
pelaporan data dilakukan dengan benar.
• Most economical
point for correcting
input errors
• Focus of IA activity
Input
Controls
Processing
Controls
• Ensure data are
complete
• Ensure data are
accurate during
updating
• Ensure processing
results are complete,
accurate and properly
distributed
• Users has quality
assurance function
Output
Controls
13
INPUT CONTROLS
Batch Input
Controls
Online Input
Controls (1)
Online Input
Controls (2)
Financial totals –
summarize
monetary amounts
in an info field in a
group of record
Preformatting data
entry screens
Limit and range
checks – based on
known limit for given
information
Record counts –
track the number of
records processed
by the system vs.
expected numbers
Field checks – test
characters in a field
to verify
Self-checking digits
– to detect incorrect
identification
numbers
Hash totals – control
total without a
defined meaning, to
verify completeness
data
Validity checks –
compared data
entered vs. valid
values
14
4. TIME BASED CALCULATION
• Report information
about completed
activities
• Example: inspection
of completed goods
Feedbacks
controls
Concurrent
Controls
• Adjust ongoing
activities, prevent
from standard
deviating
• Example: supervise
workers
• Anticipate and
prevent problems,
future perspectives
• Example: policy and
procedures
Feed-forward
controls
15
5. FINANCIAL VS. OPERATING CONTROLS
Financial controls
• Should be based on
established accounting
principles
• Objectives: authorization,
recordkeeping,
safeguarding, compliance
Operating controls
• Apply to production and support
activities
• Should be based on Management
principles and methods
• Design in line with Mgt functions
16
6. PEOPLE-BASED VS. SYSTEM-BASED
CONTROLS
People-based controls
System-based controls
• Dependent on intervention of
humans for proper
performance
• Executed whenever needed
with no human interventions
• Example: monthly
reconciliation
• Example: computerized PO
system, which requires
management approval
• Checklist is a valuable
assistance to proper control
17
7. USE A CONTROL MATRIX
Risk 1
X
Risk 2
X
Risk 3
X
Risk 4
X
Risk 5
Risk 6
D
Co
nt
ro
l
C
nt
ro
l
Co
nt
ro
l
Co
Co
nt
ro
l
C
B
• A control matrix is useful for matching controls with risks in these
circumstances
• Controls do not necessarily match risk one-to-one. Certain controls
may address more than one risk, and more than one control may be
needed to adequately address a single risk.
X
X
X
18
3.3
ACCOUNTING CYCLES &
ASSOCIATED CONTROLS
INTERNAL CONTROL
Internal control yang dirancang dengan baik dapat menurunkan
risiko terjadinya kesalahan dan mencegah seseorang
melakukan fraud.
Struktur organisasi dan pembagian pekerjaan harus dirancang
untuk men-segregasi fungsi-fungsi tertentu yang tidak dapat
dilaksanakan oleh satu orang.
Sebagai contoh, 3 fungsi berikut harus dilaksanakan oleh
individual-individual yang terpisah:
1. Otorisasi (pemberian persetujuan) transaksi
2. Pencatatan transaksi
3. Penyimpanan aset terkait dengan transaksi di atas
CONTOH SOAL
SEGREGATION OF DUTIES
Siklus Akuntansi Umum
1.Penjualan dan pencatatan piutang
2.Penerimaan uang dari pelanggan
3.Pembelian dan pencatatan hutang
4.Pengeluaran kas untuk membayar hutang
5.Pembayaran kepada pegawai
3.4
MANAGEMENT CONTROLS
Peran & Tanggung Jawab
MANAJEMEN:
1.CEO  Tone at the top
2.Ethical values organisasi
3.Control consciousness of CEO
Peran & Tanggung Jawab
BoD:
1.Komitmen thd integritas & nilai etika
tercermin dlm seleksi manajemen
senior.
2.Mampu memberi judgment, memiliki
knowledge, mampu melaksanakan
pengawasan kpd manajemen
3.Pembentukan sub komite
Peran & Tanggung Jawab
Internal Auditor:
1.Consulting & advisory role.
2.Evaluasi sistem internal control
3.Menjaga independensi
Peran & Tanggung Jawab
Personil lainnya:
1.Semua pihak berpartisipasi dalam
IC & melaksanakan control activitiesnya.
2.Melapor ke atasan apabila terdapat
kelemahan control atau control tidak
berfungsi
Imposed & Self Control
1.Imposed control: merupakan pendekatan
tradisional/mekanis. Mengukur kinerja
terhadap standar.
2.Self-control: Mengevaluasi seluruh proses.
Meningkatkan proses, bukan sekedar
meningkatkan kinerja manajer tertentu.
Contoh: MBO
Means of Control
1.Organisasi
2.Kebijakan
3.Prosedur
4.Personil
5.Akuntansi
6.Anggaran
7.Pelaporan
CONTOH SOAL
CONTOH SOAL
CONTOH SOAL
THANK YOU
39