Today’s Agenda
Redefining IS Audit
What’s trending in the sphere
Why it’s getting important
Calling for Good Corporate...
Redefining IS Audit
 Activities of collecting and evaluating evidence of
Information Systems, practices, and operations w...
Redefining IS Audit (cont’d)
 What should ISAuditor really know about?
1. Management, Planning, and Organization of IS
Co...
Redefining IS Audit (cont’d)
5. Business Application System Development,
Acquisition, Implementation, and Maintenance
Valu...
Redefining IS Audit (cont’d)
3/11/2014 5
What’s trending in the sphere
 Utilization level of CAAT (Computer-Assisted Auditing
Techniques) getting higher
 Functio...
What’s trending in the sphere (cont’d)
 Audit trail/documented proof
Record tests performed and log
documented proof for ...
What’s trending in the sphere (cont’d)
 Accounting, IS and IT audit professionals still tops
as one of fastest-growing pr...
Why it’s getting important
IT plays more strategic role
Growing number of IT Budget
IT Project and Investment
Consumer...
IT Plays (More) Strategic Role
 Organization accommodate it for cost-saving
initiative
 Capitalize to reach out more pro...
Growing Number of IT Budget
 IT budget is rising across all continents
aggregatively except in Europe as IDC report
indic...
IT Project and Investment
In relation to the rising budget and
strategic role, more and more IT as well as
IS project and...
Consumerization of IT
Highly influenced by mobile devices and
computer devices to grab more users
Slightly affected by t...
Business competition is stiffening
Literally and naturally business is becoming
more competitive
Corporation is more con...
The World is Getting Riskier
In a day, most of the time, there is always
new risk found, identified, or even more
assesse...
Driven by ProfessionalOrganizations
 ISACA (c/q Information SystemsAudit andControl
Assurance) throughCOBIT (Control of B...
Calling for Good CorporateGovernance
Revisiting Good Corporate Governance
(GCG)
Corporate vs Enterprise Governance
Regu...
Revisiting GCG
Consists of the governance structure
defining distribution of rights and
responsibilities among stakeholde...
Revisiting GCG (cont’d)
Purpose: mechanism for monitoring
actions, policies and decisions within an
organization
Ownersh...
Revisiting GCG (cont’d)
 Concrete implementation
 Two-tiered Board of Directors (BoD)
Executive Board (‘EB’, company exe...
Revisiting GCG (cont’d)
Concrete implementation
Single-tiered Board of Directors (BoD)
Dominated by non-executive direct...
Corporate vs EnterpriseGovernance
 Enterprise governance applies to full scope of the
organization regardless of the indu...
Ever since Corporate Scandals…
 High-profile collapses of Enron and MCI Inc in 2001–2002
while most of them involved acco...
Regulatory Compliance
 Sarbannes-Oaxley
Auditor to review financial statement and issue an opinion
CEO and CFO attest fin...
Regulatory Compliance (cont’d)
Indonesia
Pedoman Umum GoodCorporate
Governance from Komite Nasional
UU No. 40 of 2007 o...
Driving Factors
 Indonesia Case
 International Finance Corporation (IFC) highlighting
GCG in private sectors
 Tied-up w...
Understanding The Requirements
 Rights and equitable treatment of
shareholders
Respect shareholders rights and help
share...
Understanding its Requirements (cont’d)
 Role and responsibilities of the board
Relevant skills and understanding to revi...
Possible Deployment Models
 OECD Principles oftenly referenced by countries developing
local codes or guidelines
 UNISAR...
How IS Plays its Part
3/11/2014 30
How IS Plays its Part (cont’d)
 GCG involves decision-making, accountability,
and monitoring
 Decisions require relevant...
How IS Plays its Part (cont’d)
Deploying Risk-based IS Audit
Leveraging CAAT & other software
Capitalizing frameworks o...
How IS Plays its Part (cont’d)
Always be mindful that auditing involves
PUBLIC responsibility that is more
important than...
Audit Committee Should…
 Accommodate mainly non-executive directors
(all have finance & accounting backgrounds and
expert...
Q & A
3/11/2014 Your Logo
THANK YOU!
Harnessing Information Systems Audit towards Good Corporate Governance
Upcoming SlideShare
Loading in …5
×

Harnessing Information Systems Audit towards Good Corporate Governance

1,121 views
965 views

Published on

Delivered as a guest lecture session for Trisakti Accounting Master program attending by their postgraduate and undergraduate students.

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,121
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
57
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Image credit: 3DEducators.com Presented in a guest lecture session for Trisakti University’s Accounting Master Program
  • Image credit: www.parkersolutionsgroup.co.uk
  • Credit: Charles Schwab & Co, Inc.
  • Credit image: testshop.com
  • Image credit:
  • Image credit: retroamco.com
  • Credit: Roza.nl
  • https://global.theiia.org/about/about-internal-auditing/pages/competency-framework.aspx
  • Credit: Deloitte
  • Image Credit: ThatAuditGuy.com
  • Harnessing Information Systems Audit towards Good Corporate Governance

    1. 1. Today’s Agenda Redefining IS Audit What’s trending in the sphere Why it’s getting important Calling for Good Corporate Governance How IS plays its part Audit Committee should… 3/11/2014 1
    2. 2. Redefining IS Audit  Activities of collecting and evaluating evidence of Information Systems, practices, and operations within an organization  Purpose: Evaluating system's internal control design and effectiveness  Objective: safeguarding assets, maintaining data integrity, operating effectively to achieve organization goals and objectives  Performed in conjunction with financial statement audit, internal audit, or other form of audit 3/11/2014 2
    3. 3. Redefining IS Audit (cont’d)  What should ISAuditor really know about? 1. Management, Planning, and Organization of IS Commencing best IS management practices 2.Technical Infrastructure and Operational Practices Understanding hardware, software and networking technologies 3. Protection of Information Assets Mastering information security management 4. Disaster Recovery and Business Continuity Valuing how IS availability is critical to business 3/11/2014 3
    4. 4. Redefining IS Audit (cont’d) 5. Business Application System Development, Acquisition, Implementation, and Maintenance Valuing core area of IS development 6. Business Process Evaluation and Risk Management Linking business expectations and risks to IS development and deployment 7. IS Audit Process Mastering code of ethics, auditing standards, guidelines, audit methodology, techniques and Control Self-Assessment 3/11/2014 4
    5. 5. Redefining IS Audit (cont’d) 3/11/2014 5
    6. 6. What’s trending in the sphere  Utilization level of CAAT (Computer-Assisted Auditing Techniques) getting higher  Functionality Market leader IDEA analyze, manipulate and interrogate huge quantities of data from business platform or systems  Capability Analyze 2,1 billion rows per an unlimited number of sheets while for example Microsoft Excel 2007’s 1,048,576 rows  Integrity Core data cannot be modified once imported 3/11/2014 6
    7. 7. What’s trending in the sphere (cont’d)  Audit trail/documented proof Record tests performed and log documented proof for audit trail  Suitability Has most of the commonly used audit tests available as ‘one button’ click options  Data assumption/data interpretation Appropriate way in interpreting data imported 3/11/2014 7
    8. 8. What’s trending in the sphere (cont’d)  Accounting, IS and IT audit professionals still tops as one of fastest-growing professions  Marks 22 percent to 30 percent growth estimated for 2008-2018  Organizations are looking for IT audit professionals to assess and recommend ways to mitigate the impacts of today technology risks  All statements cite CNN Money 2012 report. 3/11/2014 8
    9. 9. Why it’s getting important IT plays more strategic role Growing number of IT Budget IT Project and Investment Consumerization of IT Business competition is stiffening The world is getting riskier Driven by professional organization 3/11/2014 9
    10. 10. IT Plays (More) Strategic Role  Organization accommodate it for cost-saving initiative  Capitalize to reach out more prospects, users, customers, consumers, suppliers, vendors and partners  IT literacy level across the globe is increasing  Number of internet adoption and penetration are rising day in and day out  Some companies leverage IT as new revenue streams 3/11/2014 10
    11. 11. Growing Number of IT Budget  IT budget is rising across all continents aggregatively except in Europe as IDC report indicates last year  Particularly found inTelco, Banking, Finance, Internet and IT sectors  Allocation priorities: Infrastructure, hardware, and software  Paradigm shifting: IS/IT is no longer cost but investment  From cost centre to profit centre turn out 3/11/2014 11
    12. 12. IT Project and Investment In relation to the rising budget and strategic role, more and more IT as well as IS project and investment take place Value of project and investment are also climbing Resources getting involved Complexity within the project is rising 3/11/2014 12
    13. 13. Consumerization of IT Highly influenced by mobile devices and computer devices to grab more users Slightly affected by telecommunication operator offering more affordable voice and plan at large Popularity of Bring-Your-Own-Device (BYOD) 3/11/2014 13
    14. 14. Business competition is stiffening Literally and naturally business is becoming more competitive Corporation is more confident in utilizing IT as business-enabler Second wave of mushroomed internet companies driven by SiliconValley start-ups In the flip side, eventually user and customer demands are always evolving 3/11/2014 14
    15. 15. The World is Getting Riskier In a day, most of the time, there is always new risk found, identified, or even more assessed Natural disasters are haunting all the time New virus, worm, trojan, malware and spyware launched every day Hacking, cracking, phreaking and sniffing together with spamming activities never end 3/11/2014 15
    16. 16. Driven by ProfessionalOrganizations  ISACA (c/q Information SystemsAudit andControl Assurance) throughCOBIT (Control of Business and InformationTechnology)  ISACA also urge organization to accommodate IT Governance in implementingCorporateGovernance  IIA (The Institute of InternalAuditors) by accommodating IT (Audit, Risk, Control, Security,Governance) within their domains (PG, GTAG, GAIT) besides InternalAudit Role, InternalAudit Engagement and BusinessAcumen in its framework (GIAC) 3/11/2014 16
    17. 17. Calling for Good CorporateGovernance Revisiting Good Corporate Governance (GCG) Corporate vs Enterprise Governance Regulatory Compliance Understanding its Requirements Possible Deployment Models 3/11/2014 17
    18. 18. Revisiting GCG Consists of the governance structure defining distribution of rights and responsibilities among stakeholders Stakeholders: BoD, shareholders, auditors, regulators, and others Specifies rules and procedures for making decisions in corporate affairs 3/11/2014 18
    19. 19. Revisiting GCG (cont’d) Purpose: mechanism for monitoring actions, policies and decisions within an organization Ownership: BoD, Audit Committee, and other supervisory committee Most direct benefit is to non- executive/management shareholders 3/11/2014 19
    20. 20. Revisiting GCG (cont’d)  Concrete implementation  Two-tiered Board of Directors (BoD) Executive Board (‘EB’, company executives) runs daily operations Supervisory Board (non-executive directors) Represent shareholders and employees: hires and fires EB members, determines their compensation, and reviews major business decisions 3/11/2014 20
    21. 21. Revisiting GCG (cont’d) Concrete implementation Single-tiered Board of Directors (BoD) Dominated by non-executive directors elected by shareholders hold key posts, including audit and compensation committees In UK, CEO doesn’t serve as Chairman of BoD while in the U.S, it’s quite commonly found 3/11/2014 21
    22. 22. Corporate vs EnterpriseGovernance  Enterprise governance applies to full scope of the organization regardless of the industry  For instances:Government encompassing all ministries; private sector encompassing all subsidiaries; military encompassing air, water, land forces  Constitutes the entire accountability framework of an organization  Conformance (corporate governance): governance structures and accountability assignment  Performance (business governance): strategy definition and value creation to help BoD make strategic decisions, take risks and key performance drivers 3/11/2014 22
    23. 23. Ever since Corporate Scandals…  High-profile collapses of Enron and MCI Inc in 2001–2002 while most of them involved accounting fraud  Drawn public and regulator interest in releasing newAct and Laws: Sarbanes-OxleyAct (Sarbox or SOX) in 2002  By now most of implementation is based onThe Cadbury Report (UK, 1992), OECD’s Principles ofCorporate Governance (1998 and 2004) and US SOX  Cadbury and OECD features general principles businesses expected to operate to assure proper governance  SOX legislates several principles recommended by two frameworks above 3/11/2014 23
    24. 24. Regulatory Compliance  Sarbannes-Oaxley Auditor to review financial statement and issue an opinion CEO and CFO attest financial statement Board Audit Committee accommodate financial expert as independent members External audit firms as audit partners to rotate every 5 years Not provide certain types of assurance consulting services  UK Bribery Act in 2010 Illegal to bribe government/private citizens or making facilitating payment Requires corporations to establish controls to prevent bribery3/11/2014 24
    25. 25. Regulatory Compliance (cont’d) Indonesia Pedoman Umum GoodCorporate Governance from Komite Nasional UU No. 40 of 2007 on Private Limited and GCG practices Regulation form Ministry of state-owned No. PER-09/MBU/2012 onGCG implementation for state-owned enterprises 3/11/2014 25
    26. 26. Driving Factors  Indonesia Case  International Finance Corporation (IFC) highlighting GCG in private sectors  Tied-up with Otoritas Jasa Keuangan (OJK), they develop “CorporateGovernance Road Map” and “IndonesiaCorporate Governance Manual” to identify and tackle problems and challenges on the implementation and its regulations  It covers but not limited to stockholder rights, safeguarding minority stockholders, company management best practice, openness and transparency 3/11/2014 26
    27. 27. Understanding The Requirements  Rights and equitable treatment of shareholders Respect shareholders rights and help shareholders to exercise them  Interests of other stakeholders Legal, contractual, social, and market driven obligations to non-shareholder stakeholders (employees, investors, creditors, suppliers, local communities, customers, and policy makers) 3/11/2014 27
    28. 28. Understanding its Requirements (cont’d)  Role and responsibilities of the board Relevant skills and understanding to review and challenge management performance  Integrity and ethical behavior Fundamental requirement in choosing corporate officers and board members Code of conduct for their directors and executives that promotes ethical and responsible decision making  Disclosure and transparency Publicizes roles and responsibilities of board and management 3/11/2014 28
    29. 29. Possible Deployment Models  OECD Principles oftenly referenced by countries developing local codes or guidelines  UNISAR of Guidance on Good Practices in Corporate Governance Disclosure  Consists of more than 50 disclosure items across 5 broad categories  AUDITING  Board and management structure and process  Corporate responsibility and compliance  Financial transparency and information disclosure  Ownership structure and exercise of control rights 3/11/2014 29
    30. 30. How IS Plays its Part 3/11/2014 30
    31. 31. How IS Plays its Part (cont’d)  GCG involves decision-making, accountability, and monitoring  Decisions require relevant and reliable information  Accountability involves measuring, reporting, and transparency  Monitoring involves systems and feedback  IS Auditor’s primary role is to check whether information systems is reliable, accountable and credible to produce important information 3/11/2014 31
    32. 32. How IS Plays its Part (cont’d) Deploying Risk-based IS Audit Leveraging CAAT & other software Capitalizing frameworks of or from:  BSMR (Badan Sertifikasi Manajemen Resiko)  ISO31000 on ERM (Enterprise Risk Management)  ISACA’s Risk IT and COBIT  PMI’s PMBOK  SOX  IIA Framework 3/11/2014 32
    33. 33. How IS Plays its Part (cont’d) Always be mindful that auditing involves PUBLIC responsibility that is more important than relationship with CLIENT Auditors must express their view on the appropriateness – not just acceptability – of IS principles used or proposed to be used Reveal the transparency and completeness of the disclosures 3/11/2014 33
    34. 34. Audit Committee Should…  Accommodate mainly non-executive directors (all have finance & accounting backgrounds and expertise)  Approve appointment of auditors  Establish the audit fees  Approve all non-audit services provided by auditors  Meet with the auditor independently of the rest of the board 3/11/2014 34
    35. 35. Q & A 3/11/2014 Your Logo
    36. 36. THANK YOU!

    ×