PENGENDALIAN DAN SISTEM INFORMASI
AKUNTANSI
GANGGUAN PADA SISTEM INFORMASI AKUNTANSI
Klasifikasi gangguan:
 Kesalahan pada software dan tidak berfungsinya peralatan, seperti :
– Kegagalan hardware
– Kesalahan atau terdapat kerusakan pada software, kegagalan sistem operasi, gangguan
dan fluktuasi listrik.
– Serta kesalahan pengiriman data yang tidak terdeteksi.
 Gangguan lingkungan
– Gempa bumi
– Bencana alam
– Listrik
 Kesalahan manusia
– Kesalahan operasional
– Kesalahan data
– Kesalahan yang tidak disengaja : kecerobohan
– Kesalahan yang disengaja : Sabotase, Penipuan komputer ,Penggelapan
2
Tinjauan menyeluruh konsep-konsep
pengendalian
 Apakah definisi dari pengendalian internal itu ?
Pengendalian internal adalah rencana organisasi dan
metode bisnis yang dipergunakan untuk menjaga aset,
memberikan informasi yang akurat dan andal, mendorong
dan memperbaiki efisiensi jalannya organisasi, serta
mendorong kesesuaian dengan kebijakan yang telah
ditetapkan.
3
4
Framework for
Internal Control
over Financial
Reporting
(ICoFR)
COSO – Internal Control Integrated Framework
(“The Framework)
 COSO singkatan dari Committee of Sponsoring Organizations of the
Treadway Commission.
 Sejarahnya, COSO berkaitan dengan Foreign Corrupt Practices Act
(FCPA) yang dikeluarkan SEC dan US Congress di tahun 1977 untuk
melawan fraud dan korupsi yang marak terjadi di Amerika tahun 70-an.
Perbedaannya adalah FCPA merupakan inisiatif dari eksekutif-legislatif
sedangkan COSO lebih merupakan inisiatif dari sektor swasta.
5
COSO – Internal Control Integrated Framework
(“The Framework)
 Sektor swasta ini membentuk ‘National Commission on Fraudulent
Financial Reporting’ atau dikenal juga dengan ‘The Treadway
Commission’ di tahun 1985. Komisi ini disponsori oleh 5 professional
association yaitu:
1
2
3
4
5
American Accounting Association (AAA)
American Institute of Certified Public Accountants (AICPA)
Institute of Internal Auditors (IIA)
Institute of Management Accountants (IMA)
Financial Executives Institute (FEI)
 Tujuan komisi ini adalah melakukan riset mengenai fraud dalam
pelaporan keuangan (fraudulent on financial reporting) dan membuat
rekomendasi2 yang terkait dengannya untuk perusahaan publik, auditor
independen, SEC, dan institusi pendidikan.
6
COSO – Internal Control over Financial Reporting –
Guidance for Smaller Public Companies
 Komisi ini mengeluarkan report pertamanya pada
1987. Isi reportnya di antaranya adalah
merekomendasikan dibuatnya report komprehensif
tentang pengendalian internal (integrated
guidance on internal control). Sehingga dibentuk
COSO, yang kemudian bekerjasama dengan
Coopers & Lybrand dalam membuat laporan
tersebut.
7
COSO – Internal Control over Financial Reporting –
Guidance for Smaller Public Companies
 Coopers & Lybrand mengeluarkan report pada 1992,
dengan perubahan minor pada 1994, dengan judul
‘Internal Control – Integrated Framework’.
 Report ini berisi definisi umum internal control dan
membuat framework untuk melakukan penilaian
(assessment) dan perbaikan (improvement) atas
internal control.
 Kegunaan dari report ini salah satunya adalah untuk
mengevaluasi FCPA compliance di suatu
perusahaan.
8
COSO – Internal Control over Financial Reporting – Guidance
for Smaller Public Companies
 Komisi ini mengeluarkan report pertamanya pada 1987. Isi
reportnya di antaranya adalah merekomendasikan dibuatnya
report komprehensif tentang pengendalian internal
(integrated guidance on internal control), yang kemudian
dibentuk COSO untuk bekerjasama dengan Coopers &
Lybrand untuk membuat report itu.
 Coopers & Lybrand mengeluarkan report tersebut pada
1992, dengan perubahan minor pada 1994, dengan judul
‘Internal Control – Integrated Framework’. Report ini berisi
definisi umum internal control dan membuat framework untuk
melakukan penilaian (assessment) dan perbaikan
(improvement) atas internal control. Kegunaan dari report ini
salah satunya adalah untuk mengevaluasi FCPA compliance
di suatu perusahaan.
9
COSO – Internal Control over Financial Reporting –
Guidance for Smaller Public Companies
 Poin penting dalam report COSO ‘Internal Control – Integrated
Framework’ (1992) :
 Definisi internal control menurut COSO
Suatu proses yang dijalankan oleh dewan direksi, manajemen, dan staff,
untuk membuat reasonable assurance mengenai:
– Efektifitas dan efisiensi operasional
– Reliabilitas pelaporan keuangan
– Kepatuhan atas hukum dan peraturan yang berlaku
10
COSO – Internal Control over Financial Reporting –
Guidance for Smaller Public Companies
 Menurut COSO framework, Internal control
terdiri dari 5 komponen yang saling terkait,
yaitu:
–
–
–
–
–
11
Control Environment
Risk Assessment
Control Activities
Information and communication
Monitoring
Viewing Internal Control as Integrated Process


12
All five components of internal control set forth in the Framework (Control Environment, Risk
Assessment, Control Activities, Information and Communication, and Monitoring) are important to
achieving the objective of reliable financial reporting.
Each of the Framework’s five components should not be viewed as an “end in itself.” Rather the
components should be viewed as an integrated system working together to reduce risk to reliable
financial reporting to an acceptable level.
Basic Principles related to Control Environment
1. Control Environment
Integrity and ethical values
are developed and
understood
Board of directors
understand and exercise
oversight
Management philosophy
and operating style support
internal control
Organizational structure
supports internal control
Articulates values,
monitors adherence,
addresses deviations
Define authorities, operates
independently, monitors
risks, retains financial
reporting expertise,
oversees quality and
reliability and oversees
audit activities
Set the tone, influences
attitudes towards
accounting principles and
estimates and articulates
objectives.
Establishes lines of
financial reporting and
establishes structure
Financial Reporting
Competencies are retained
Identifies competencies
retains individuals and
evaluates competencies
13
Authorities and
responsibilities are
assigned
Human resources policies
and practices facilitate
internal control
Defines responsibilities
and limits authorities
Establishes human
resource practices, recruits
and retains, adequately
trains and evaluates
performance and
compensates
Basic Principles related to Risk Assessment
2. Risk Assessment
14
Identify Financial Reporting
Objectives
Identify and Analyze
Financial Reporting Risks
Identify and Assess the
Risk of Fraud as it affects
the Company
Complies with GAAP,
supports information
disclosures, reflects
company activities, is
supported by relevant
financial statement
assertions and considers
materiality
Includes business
processes, personnel and
information technology,
involves appropriate
levels of management,
considers both internal
and external factors,
estimates likelihood and
impact and triggers
reassessment
Considers incentives and
pressures, risk factors
and establishes
responsibilities and
accountability
Basic Principles related to Control Activities
3. Control Activities
15
Control Activities
integrate with risk
assessment
Control Activities
are selected and
developed
Policies are established and
communicated and result in
management directives
being carried out
Information
Technology Controls
are designed and
implemented
Mitigates risks,
considers all
significant points of
entry into the
company’s G/L and
information
technology
Considers range of
activities, includes
preventive and
detective controls,
segregates duties
and considers cost
vs benefit
Integrates into business
processes establishes
responsibility and authority
occurs on a timely basis
thoughtfully implements,
investigates exceptions and
periodically reassess
Includes applications
controls considers
general computers
operations and
includes end user
computing
Basic Principles related to Information and Communication
4. Information and Communication
Financial Reporting
Information is
identified, captured,
used and distributed
Captures data
includes financial
information uses
internal and external
sources includes
operating information
and maintains quality
16
Internal control
information is
identified, captured,
used and distributed
Internal
Communication
supports execution
of internal control
Matters affecting
achievements objectives
are communicated
(External Communication)
Captures data
triggers and
resolutions and
update and maintain
quality
Communications
with personnel and
board includes
separate
communication lines
and accesses
information
Provides input and
independently assesses
Basic Principles related to Monitoring
5. Monitoring
17
Ongoing and/or separate evaluations
enable management to determine function
of internal control
Internal Control deficiencies are identified
and communicated
Integrates with operations provides
objectives assessment, uses
knowledgeable personnel considers
feedback adjusts scope and frequency
Reports findings and deficiencies and
corrects on a timely basis
Designing and Implementing Cost Effective ICoFR
It is a Journey ...
CONTROL
ENVIRONMENT
RISK ASSESSMENT
Identify and analyze
risks to achievement
of financial reporting
objectives
Refine financial
reporting
objectives based
on changes
potentially
impacting the
business
18
Determine which
risks could result in
a material
misstatement to
financial statements
MONITORING
Implement and
operate monitoring
activities to help
ensure that controls
continue to operate
properly over time
Determine how each
of the other
components, both
separately and
together, support
reliable financial
reporting
INFORMATION &
COMMUNICATION
Implement and
operate information
and communication
to support internal
control
Implement and
operate control
environment, setting
the tone of the
Company
CONTROL
ACTIVITIES
Implement and
operate control
environment, using a
range of activities to
reduce risk to
objectives
A High-Level of
Assurance
Financial
Reporting