audit

Konsep Audit, Risiko, dan Pengendalian (Kontrol) Internal

Pertemuan 1-2

Matakuliah : A0294/Audit SI Lanjutan Tahun : 2009

Bina Nusantara University 3

Learning Outcomes

Pada akhir pertemuan ini, diharapkan mahasiswa akan mampu:

Mahasiswa memahami konsep tentang Audit, Risiko, dan Pengenalian Internal

Mahasiswa dapat menjelaskan keterkaitan antara Audit, Risiko, dan Pengendalian Internal


Outline Materi• Review Pemahaman Auditing• Pengenalan Audit Sistem Informasi/ Audit TI

• Audit SIA Berbasis TI• Audit IT Governance• Audit operasional bidang lain perlu data TI

• Konsep Risiko dan Pengendalian Internal• Keterkaitan antara Audit, Risiko. Dan

Pengendalian Internal


Mahasiswa memperoleh Penjelasan

manfaat mata kuliah yang dipelajari mekanisme pembelajaran tugas kelompok/individual bahan secara keseluruhan hubungan dengan mata kuliah lainnya disiplin dan aturan dalam perkuliahan Penjelasan singkat tentang Taxonomi Bloom,

learning style dan teaching methods Kompetensi yang diharapkan dicapai


PemahamanKonsep Audit


Review Pemahaman Istilah Penting

• Pengertian asersi, atestasi, audit• Alasan perlunya audit• Jenis-jenis audit & karakteristiknya• Konsep sistem, sistem informasi akuntansi,

resiko, sistem pengendalian intern dan audit

• Perkembangan Teknologi dan dampaknya, perubahan sistem/pengendalian intern/audit

• Prosedur Audit secara Garis Besar• Penggunaan komputer untuk Audit


Firm & Environmet

• Firm Environment misalnya: customer, vendor, partner, creditor, Ditjen. Pajak, union (serikat sekerja), dan sebagainya.

• Ada aliran data/informasi, barang/jasa, dan uang antar perusahan dengan stockholder dan stakeholder.

• Business objective suatu perusahaan adalah stockholder welfare.

• Management (Direksi) harus akuntabel.


Model Umum Organisasi Bisnis

Stockholder/ Stakeholder

RUPS

Top

Midle Level

Supervisor Level

Clerical

Stockholder/ Stakeholder

KAP

IA IA


Tingkatan Manajemen

Contoh: President,CEO, executive

Contoh : Regionalmanager, plant manager

Contoh : Accountmanager, office manager

Mission Statement

Top ManagementMenjelaskan tujuan perusahaan.


Stewardship The accountability/stewardship concept means directors owe the responsibility to the parties who have a vested interest in the organization. They work for and on behalf of the stockholder/stakeholder, and need to demonstrate competence.

Akuntanbilitas:•Kewajipan menjalankan tugas dapat dipertanggung-jawabkan dan mengikuti aturan.

•Memastikan tugas-tugas yang dilaksanakan mencapai tujuan yang ditetapkan.


Pengertian Audit Audit, pemeriksaan suatu organisasi/entitas/ unit organisasi/bidang kegiatan tertentu:

•oleh orang yang kompeten dan independen•dengan bukti lapangan yang cukup•Adanya standar/kriteria/aturan /acuan•membandingkan bukti dengan kriteria•membuat laporan tentang kesesuaian hal-hal tersebut kepada pihak berkepentingan.


Definisi Audit (Umum)

Audit adalah proses pemeriksaan terhadap suatu entitas organisasi oleh orang (-orang) yang kompeten dan independen, dengan bahan bukti yang cukup, membandingkan bahan bukti tersebut dengan kriteria yang ditetapkan untuk dapat membuat laporan tentang kesesuaian hal-hal tersebut kepada pihak yang berkepentingan.


Definisi (IIA)

Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations.


Add value & improve organization’s operations

Internal Auditing objective to add value and improve an organization’s operations, in accomplishing its objectives.


MENGAPA PERLU AUDIT?• MEKANISME PENGENDALIAN

– Ketaatan pada peraturan dan kebijakan• MENGURANGI KERUGIAN

– Kecurangan /Fraud– Inefisiensi

• MENINGKATKAN KEYAKINAN/ CONFIDENCE– Menambah kredibilitas data– Mengurangi information risk


Siapa Yang Meng-Audits ?

• Trained & qualified auditors • Quality Manager selects and trains internal

auditors– observer on Quality Manager’s audits– fist audit under supervision of qualified auditor

• Person independent of the activity


Quality Assurance Service

• JASA ATESTASI– Audit– AGREED UPON PROCEDURES– REVIEW– EXAMINATION

• JASA QA NON-ATESTASI• JASA NON-QUALITY ASSURANCE


Gambaran Menyeluruh

Quality assurance

Atestasi Non-Atestasi

Audit Review Agreed Upon

Sistem Pensiun Tax Services


Jenis-jenis Audit• Financial Audit

– General Audit– Special Audit

• Operational/ Management Audit• Compliance Audit• Investigative Audit• Fraud Audit• Audit Forensic• Information Technology Audit


1. Audit Plan

4. Gather Evidence

3. Opening Meeting

5. Record Results

2. Develop Checklists

6. Closing Meeting

7. Audit Report

Conducting the Audit

Conducting the Audit

Prosedur Audit


Audit SI IS auditing is the process of collecting and

evaluating evidence to determine whether information systems and related resources, adequately safeguard assets, maintain data and system integrity, provide relevant and reliable information, achieve organizational goals effectively, consume resources efficiently, and have in effect internal controls that provide reasonable assurance that operational and control objectives will be met.


AUDIT SI


The Effect of Information Technology on The Audit

Function


Risiko • Execution risks• Information Processing risks• Assets Protection risks• Performance risks• IT Security risks• Continuity of Operations risks


CHANGING INFORMATION TECHNOLOGY and its EFFECT on AUDITING

• Distributed data processing, networking, and electronic data interchange.

• Real-Time Systems• Intelligent Systems

• End-User Computing

• Electronic (Internet) Commerce


IT Governance

• The process for controlling an organization’s IT resources, including information and communication systems, and technology.

• …using IT to promote an organization’s objectives and enable business processes and to manage and control IT related risks.


SOX Legislation/SEC Rules

PCAOB No. 5(Audit Standards for Financial

Reporting and Statements)

CobiT(Framework for IT

Processes Management)

The IT Internal Control Systems

IT Control Objectivesfor SOX

(financial reporting)

COSO(Risk Management

Framework)

No Fraud

LimitAccess

RequirePasswords

Check for hardPasswords


Internal Controls TI• Separation of duties• Delegation of authority and responsibility• Competent and trustworthy personnel.• System of authorizations• Adequate documents and records• Physical control over assets and records• Adequate management super-vision• Independent checks on perfor-mance• Comparing recorded accounta-bility with assets


What do IT auditors do?• Ensure IT governance by assessing risks and

monitoring controls over those risks• Works as either an internal or external IT auditor• Supports many kind of audit and assessment

(consulting) engagements


Financial vs IT Audits• IT auditors may work on financial audit engagements• IT auditors may work on every step of the financial audit

engagement• Standards, such as SAS No. 94*, guide the work of IT

auditors on financial audit engagements• IT audit work on financial audit engagements is likely to

increase as internal control evaluation becomes more important

• * SAS 94 recognizes the pervasive effects of IT on accounting information systems and requires auditors to consider them. It also states that computer-assisted auditing techniques (CAATs) are needed to test automated controls in certain types of IT environments.


IT Audit Skills• College education – IS or computer science, and

accounting• Certifications – CPA, CFE, CIA, CISA, CISSP, and

special technical certifications• Technical IT audit skills – business processes

control and specialized IT technologies• General personal and business skills


Code of Professional Ethics

• The Information Systems Audit and Control Association®, Inc. (ISACA) sets forth this Code of Professional Ethics to guide the professional and personal conduct of members of the Association and/or its certification holders.

• Members and ISACA Certification holder’s shall:1. Support the implementation of, and encourage compliance with,

appropriate standards, procedures and controls for information systems.2. Perform their duties with due diligence and professional care, in

accordance with professional standards and best practices.3. Serve in the interest of stakeholders in a lawful and honest manner,

while maintaining high standards of conduct and character, and not engage in acts discreditable to the profession.


Code of Professional Ethics5. Maintain competency in their respective fields and agree to

undertake only those activities, which they can reasonably expect to complete with professional competence.

6. Inform appropriate parties of the results of work performed; revealing all significant facts known to them.

7. Support the professional education of stakeholders in enhancing their understanding of information systems security and control.

Failure to comply with this Code of Professional Ethics can result in an investigation into a member’s or certification holder’s conduct and, ultimately, in disciplinary measures.


Organisasi Profesi

• AAA, AICPA, CICA, IFAC, IAI• IIA,• ISACA,• Assocuation of Information Systems (AIS)• Assocuation of Computing Machinery (ACE)


Information Systems Audit and Control Association (ISACA)

• Kantor Pusat ISACA di Chicago (website www.isaca.org).• ISACA adalah asosiasi profesi audit sistem informasi, didirikan

tahun 1969 (Electronics Data Processing Auditing Association, EDPAA), tahun 1994 menjadi ISACA, kini memiliki lebih dari 160 chapters (branches atau cabang organisasi profesi) pada lebih dari 100 negara (di suatu negara mungkin terdapat lebih satu chapter, tergantung dari banyaknya anggota).

• Di Indonesia ada Jakarta chapter dibentuk tahun 1992, dipelopori oleh dari BAKOTAN, BPK, BPKP, beberapa Kantor Akuntan Publik, beberapa instansi pemerintah dan swasta.


The End

audit

Documents

Transcript of audit