audit
-
Upload
beatlesxxx -
Category
Documents
-
view
28 -
download
0
description
Transcript of audit
Konsep Audit, Risiko, dan Pengendalian (Kontrol) Internal
Pertemuan 1-2
Matakuliah : A0294/Audit SI Lanjutan Tahun : 2009
Bina Nusantara University 3
Learning Outcomes
Pada akhir pertemuan ini, diharapkan mahasiswa akan mampu:
Mahasiswa memahami konsep tentang Audit, Risiko, dan Pengenalian Internal
Mahasiswa dapat menjelaskan keterkaitan antara Audit, Risiko, dan Pengendalian Internal
Bina Nusantara University 4
Outline Materi• Review Pemahaman Auditing• Pengenalan Audit Sistem Informasi/ Audit TI
• Audit SIA Berbasis TI• Audit IT Governance• Audit operasional bidang lain perlu data TI
• Konsep Risiko dan Pengendalian Internal• Keterkaitan antara Audit, Risiko. Dan
Pengendalian Internal
Bina Nusantara University 5
Mahasiswa memperoleh Penjelasan
manfaat mata kuliah yang dipelajari mekanisme pembelajaran tugas kelompok/individual bahan secara keseluruhan hubungan dengan mata kuliah lainnya disiplin dan aturan dalam perkuliahan Penjelasan singkat tentang Taxonomi Bloom,
learning style dan teaching methods Kompetensi yang diharapkan dicapai
Bina Nusantara University 6
PemahamanKonsep Audit
Bina Nusantara University 7
Review Pemahaman Istilah Penting
• Pengertian asersi, atestasi, audit• Alasan perlunya audit• Jenis-jenis audit & karakteristiknya• Konsep sistem, sistem informasi akuntansi,
resiko, sistem pengendalian intern dan audit
• Perkembangan Teknologi dan dampaknya, perubahan sistem/pengendalian intern/audit
• Prosedur Audit secara Garis Besar• Penggunaan komputer untuk Audit
Bina Nusantara University 8
Firm & Environmet
• Firm Environment misalnya: customer, vendor, partner, creditor, Ditjen. Pajak, union (serikat sekerja), dan sebagainya.
• Ada aliran data/informasi, barang/jasa, dan uang antar perusahan dengan stockholder dan stakeholder.
• Business objective suatu perusahaan adalah stockholder welfare.
• Management (Direksi) harus akuntabel.
Bina Nusantara University 9
Model Umum Organisasi Bisnis
Stockholder/ Stakeholder
RUPS
Top
Midle Level
Supervisor Level
Clerical
Stockholder/ Stakeholder
KAP
IA IA
Bina Nusantara University 10
Tingkatan Manajemen
Contoh: President,CEO, executive
Contoh : Regionalmanager, plant manager
Contoh : Accountmanager, office manager
Mission Statement
Top ManagementMenjelaskan tujuan perusahaan.
Bina Nusantara University 11
Stewardship The accountability/stewardship concept means directors owe the responsibility to the parties who have a vested interest in the organization. They work for and on behalf of the stockholder/stakeholder, and need to demonstrate competence.
Akuntanbilitas:•Kewajipan menjalankan tugas dapat dipertanggung-jawabkan dan mengikuti aturan.
•Memastikan tugas-tugas yang dilaksanakan mencapai tujuan yang ditetapkan.
Bina Nusantara University 12
Pengertian Audit Audit, pemeriksaan suatu organisasi/entitas/ unit organisasi/bidang kegiatan tertentu:
•oleh orang yang kompeten dan independen•dengan bukti lapangan yang cukup•Adanya standar/kriteria/aturan /acuan•membandingkan bukti dengan kriteria•membuat laporan tentang kesesuaian hal-hal tersebut kepada pihak berkepentingan.
Bina Nusantara University 13
Definisi Audit (Umum)
Audit adalah proses pemeriksaan terhadap suatu entitas organisasi oleh orang (-orang) yang kompeten dan independen, dengan bahan bukti yang cukup, membandingkan bahan bukti tersebut dengan kriteria yang ditetapkan untuk dapat membuat laporan tentang kesesuaian hal-hal tersebut kepada pihak yang berkepentingan.
Bina Nusantara University 14
Definisi (IIA)
Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations.
Bina Nusantara University 15
Add value & improve organization’s operations
Internal Auditing objective to add value and improve an organization’s operations, in accomplishing its objectives.
Bina Nusantara University 16
MENGAPA PERLU AUDIT?• MEKANISME PENGENDALIAN
– Ketaatan pada peraturan dan kebijakan• MENGURANGI KERUGIAN
– Kecurangan /Fraud– Inefisiensi
• MENINGKATKAN KEYAKINAN/ CONFIDENCE– Menambah kredibilitas data– Mengurangi information risk
Bina Nusantara University 17
Siapa Yang Meng-Audits ?
• Trained & qualified auditors • Quality Manager selects and trains internal
auditors– observer on Quality Manager’s audits– fist audit under supervision of qualified auditor
• Person independent of the activity
Bina Nusantara University 18
Quality Assurance Service
• JASA ATESTASI– Audit– AGREED UPON PROCEDURES– REVIEW– EXAMINATION
• JASA QA NON-ATESTASI• JASA NON-QUALITY ASSURANCE
Bina Nusantara University 19
Gambaran Menyeluruh
Quality assurance
Atestasi Non-Atestasi
Audit Review Agreed Upon
Sistem Pensiun Tax Services
Bina Nusantara University 20
Jenis-jenis Audit• Financial Audit
– General Audit– Special Audit
• Operational/ Management Audit• Compliance Audit• Investigative Audit• Fraud Audit• Audit Forensic• Information Technology Audit
Bina Nusantara University 21
1. Audit Plan
4. Gather Evidence
3. Opening Meeting
5. Record Results
2. Develop Checklists
6. Closing Meeting
7. Audit Report
Conducting the Audit
Conducting the Audit
Prosedur Audit
Bina Nusantara University 22
Audit SI IS auditing is the process of collecting and
evaluating evidence to determine whether information systems and related resources, adequately safeguard assets, maintain data and system integrity, provide relevant and reliable information, achieve organizational goals effectively, consume resources efficiently, and have in effect internal controls that provide reasonable assurance that operational and control objectives will be met.
Bina Nusantara University 23
AUDIT SI
Bina Nusantara University 24
The Effect of Information Technology on The Audit
Function
Bina Nusantara University 25
Risiko • Execution risks• Information Processing risks• Assets Protection risks• Performance risks• IT Security risks• Continuity of Operations risks
Bina Nusantara University 26
CHANGING INFORMATION TECHNOLOGY and its EFFECT on AUDITING
• Distributed data processing, networking, and electronic data interchange.
• Real-Time Systems• Intelligent Systems
• End-User Computing
• Electronic (Internet) Commerce
Bina Nusantara University 27
IT Governance
• The process for controlling an organization’s IT resources, including information and communication systems, and technology.
• …using IT to promote an organization’s objectives and enable business processes and to manage and control IT related risks.
Bina Nusantara University 28
SOX Legislation/SEC Rules
PCAOB No. 5(Audit Standards for Financial
Reporting and Statements)
CobiT(Framework for IT
Processes Management)
The IT Internal Control Systems
IT Control Objectivesfor SOX
(financial reporting)
COSO(Risk Management
Framework)
No Fraud
LimitAccess
RequirePasswords
Check for hardPasswords
Bina Nusantara University 29
Internal Controls TI• Separation of duties• Delegation of authority and responsibility• Competent and trustworthy personnel.• System of authorizations• Adequate documents and records• Physical control over assets and records• Adequate management super-vision• Independent checks on perfor-mance• Comparing recorded accounta-bility with assets
Bina Nusantara University 30
What do IT auditors do?• Ensure IT governance by assessing risks and
monitoring controls over those risks• Works as either an internal or external IT auditor• Supports many kind of audit and assessment
(consulting) engagements
Bina Nusantara University 31
Financial vs IT Audits• IT auditors may work on financial audit engagements• IT auditors may work on every step of the financial audit
engagement• Standards, such as SAS No. 94*, guide the work of IT
auditors on financial audit engagements• IT audit work on financial audit engagements is likely to
increase as internal control evaluation becomes more important
• * SAS 94 recognizes the pervasive effects of IT on accounting information systems and requires auditors to consider them. It also states that computer-assisted auditing techniques (CAATs) are needed to test automated controls in certain types of IT environments.
Bina Nusantara University 32
IT Audit Skills• College education – IS or computer science, and
accounting• Certifications – CPA, CFE, CIA, CISA, CISSP, and
special technical certifications• Technical IT audit skills – business processes
control and specialized IT technologies• General personal and business skills
Bina Nusantara University 33
Code of Professional Ethics
• The Information Systems Audit and Control Association®, Inc. (ISACA) sets forth this Code of Professional Ethics to guide the professional and personal conduct of members of the Association and/or its certification holders.
• Members and ISACA Certification holder’s shall:1. Support the implementation of, and encourage compliance with,
appropriate standards, procedures and controls for information systems.2. Perform their duties with due diligence and professional care, in
accordance with professional standards and best practices.3. Serve in the interest of stakeholders in a lawful and honest manner,
while maintaining high standards of conduct and character, and not engage in acts discreditable to the profession.
Bina Nusantara University 34
Code of Professional Ethics5. Maintain competency in their respective fields and agree to
undertake only those activities, which they can reasonably expect to complete with professional competence.
6. Inform appropriate parties of the results of work performed; revealing all significant facts known to them.
7. Support the professional education of stakeholders in enhancing their understanding of information systems security and control.
Failure to comply with this Code of Professional Ethics can result in an investigation into a member’s or certification holder’s conduct and, ultimately, in disciplinary measures.
Bina Nusantara University 35
Organisasi Profesi
• AAA, AICPA, CICA, IFAC, IAI• IIA,• ISACA,• Assocuation of Information Systems (AIS)• Assocuation of Computing Machinery (ACE)
Bina Nusantara University 36
Information Systems Audit and Control Association (ISACA)
• Kantor Pusat ISACA di Chicago (website www.isaca.org).• ISACA adalah asosiasi profesi audit sistem informasi, didirikan
tahun 1969 (Electronics Data Processing Auditing Association, EDPAA), tahun 1994 menjadi ISACA, kini memiliki lebih dari 160 chapters (branches atau cabang organisasi profesi) pada lebih dari 100 negara (di suatu negara mungkin terdapat lebih satu chapter, tergantung dari banyaknya anggota).
• Di Indonesia ada Jakarta chapter dibentuk tahun 1992, dipelopori oleh dari BAKOTAN, BPK, BPKP, beberapa Kantor Akuntan Publik, beberapa instansi pemerintah dan swasta.
Bina Nusantara University 37
The End