Post on 18-Aug-2018
Lembar Kerja Pemeriksaan Bahan Bacaan: 1. Lance M. Turcato (2006). Integrating COBIT® into the IT Audit
Process (Planning, Scope Development, Practices). ISACA. 2. Federal Financial Institutions Examination Council (2003). IT
EXAMINATION HANDBOOK: AUDIT. 3. Federal Financial Institutions Examination Council (2006). IT
EXAMINATION HANDBOOK: INFORMATION SECURITY 4. Federal Financial Institutions Examination Council (1996). IT
EXAMINATION HANDBOOK: INFORMATION SYSTEM, VOLUME 1. 5. FEDERAL INFORMATION SYSTEM CONTROLS AUDIT MANUAL
(FISCAM). United States Government Accountability Office., 2009.
Drilling Down to the Technology Infrastructure
MYOB, Value Plus, Zahir, Excell, dll
PC Stand Alone (Windows/Open Sources)
Understanding the Technology Infrastructure
Semakin kompleks infrastruktur IT maka semakin kompleks pemeriksaannya
(ruang lingkup, lembar kerja, laporan, dll)
IT Audit Universe
Security Audit Universe
Map Audit Universe To COBIT®
ACCESS RIGHTS ADMINISTRATION
Financial institutions should have an effective process to administer access rights. The process should include:
• Assigning users and devices only the access required to perform their required functions,
• Updating access rights based on personnel or system changes,
• Reviewing periodically users’ access rights at an appropriate frequency based on the risk to the application or system, and
• Designing appropriate acceptable-use policies and require users to agree to them in writing.
Examples (FFIEC, 2006)
Policies, Standards, Guidelines & Procedures
COBIT® Control Assessment Questionnaire
Examples (FFIEC)
Work Program
Work Program (FISCAM) Information System Controls Audit Planning Checklist
Organization and Key Systems/Applications
Kodifikasi/ Kearsipan
Work Program (FISCAM) Application Level General Controls (AS) - AS-2: Implement effective application access controls
Work Program (FISCAM)
Rating/
Scoring
Rating/
Scoring