SlideShare a Scribd company logo

Kuliah Sesi ke-01 Control & Audit [080616].pptx

Download as PPTX, PDF
R
Reza743349

Control & Audit

Technology
1 of 17
IS Quality Assurance & Control Rabu, 8 Juni 2016
IS Quality Assurance & Control Why control and audit are important? Global concern for control and audit. Legal issue impacting IT. Protecting against Computer Fraud. Audit standards. Definition and Role of an IT Auditor 1 AGENDA
IS Quality Assurance & Control What needs to be Audit? 2
IS Quality Assurance & Control 3
IS Quality Assurance & Control 4
IS Quality Assurance & Control Audit Preparation 5
IS Quality Assurance & Control At that time, the need for an IT audit function came from several directions  Auditors realized that computers had impacted their ability to perform the attestation function.  Corporate and information processing management recognized that computers were key resources for competing in the business environment and similar to other valuable business resource within the organization, and therefore, the need for control and auditability is critical.  Professional associations and organizations, and government entities recognized the need for IT control and auditability. 6 IT Technology Environment: Why Are Controls and Audit Important?
IS Quality Assurance & Control 7 IT auditing is an integral part of the audit function because it supports the auditor’s judgment on the quality of the information processed by computer systems. IT Technology Environment: Why Are Controls and Audit Important?
IS Quality Assurance & Control 8  The events of September 11, 2001, and  the collapse of trust in the financial reports of private industry (Enron, WorldCom, etc.) have caused much reflection and self-assessment within the business world.  Cases in Indonesia: Bank Bali Solution with Forensic Accountants A Global Concern about Control and Audit
IS Quality Assurance & Control 9 The financial scandals involving Enron and Arthur Andersen LLP, and others generated a demand for the new legislation to prevent, detect, and correct such aberrations. Legal Issues Impacting IT
IS Quality Assurance & Control 10 The latest Computer Crime and Security Survey and a sample study of large corporations and government agencies conducted by the Computer Security Institute (CSI) and the FBI have revealed the following:  90 percent of respondents have detected computer security breaches within the past 12 months. (In 1998, this was 64 percent.)  80 percent acknowledged financial losses due to computer security breaches.  44 percent quantified their financial losses for a total of $455,848,000 in losses among 223 respondents.  74 percent cited their Internet connection as a frequent point of attack.  33 percent cited their internal systems as a frequent point of attack.  34 percent reported the intrusions to law enforcement. (Ā is has more than doubled since 1996.) Computer Crime and Security Survey
IS Quality Assurance & Control 11 The FBI’s National Computer Crime Squad has the following advice to help protect against computer fraud:  Place a log-in banner to ensure that unauthorized users are warned that they may be subject to monitoring.  Turn audit trails on.  Consider keystroke level monitoring if adequate banner is displayed. Request trap and tracing from your local telephone company.  Consider installing caller identification.  Make backups of damaged or altered files.  Maintain old backups to show the status of the original. Protection against Computer Fraud
IS Quality Assurance & Control 12  Designate one person to secure potential evidence. Evidence can consist of tape backups and printouts. These pieces of evidence should be documented and verified by the person obtaining the evidence. Evidence should be retained in a locked cabinet with access limited to one person.  Keep a record of resources used to reestablish the system and locate the perpetrator.  Encrypt files.  Encrypt transmissions.  Use one-time password (OTP) generators.  Use secure fi rewalls. Protection against Computer Fraud (2)
IS Quality Assurance & Control 13  American Institute of Certified Public Accountants (AICPA)  The Institute of Internal Auditors (IIA)  Information Systems Audit Control Association (ISACA)  Canadian Institute of Chartered Accountants (CICA)  International Federation of Accountants (IFAC)  Information System Security Association (ISSA)  Society for Information Management (SIM)  Association of Information Technology Professionals (AITP)  International Federation for Information Processing (IFIP)  Association for Computing Machinery (ACM)  The Institute of Chartered Accountants in Australia (ICAA)  National Institute of Standards and Technology (NIST)  General Accounting Office (GAO)  The International Organization of Supreme Audit Institutions (INTOSAI) Audit Standards
IS Quality Assurance & Control 14  An individual qualified (at the state level) to conduct audits. An auditor may be an internal auditor (an individual whose primary job function is to audit his or her own company) or an external auditor (an individual from outside the company, who typically is employed by an auditing firm who handles many different clients). Definition of an IT Auditor
IS Quality Assurance & Control 15 IT auditors can perform a number of key roles:1  Initiating IT governance programmes  Assessing the current state  Planning IT governance solutions  Monitoring IT governance initiatives  Helping make IT governance business as usual 1 Based on: ITGI, IT Governance Implementation Guide: Using CobiT® and Val ITTM, 2nd Edition, 2007 Role of an IT Auditor
IS Quality Assurance & Control 16 IT auditors can also help to drive business benefits from better IT governance:  Transparency and accountability  Return on investment/stakeholder value  Opportunities and partnerships  Performance improvement  External compliance Role of an IT Auditor (2)

Recommended

CISA (1).pdf
CISA (1).pdfCISA (1).pdf
CISA (1).pdf
Infosec Train
 
FREQUENTLY ASKED QUESTIONS IN CISA CERTIFIED ROL INTERVIEW
FREQUENTLY ASKED QUESTIONS IN CISA CERTIFIED ROL INTERVIEWFREQUENTLY ASKED QUESTIONS IN CISA CERTIFIED ROL INTERVIEW
FREQUENTLY ASKED QUESTIONS IN CISA CERTIFIED ROL INTERVIEW
infosec train
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
Kaushal Trivedi
 
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
Taiye Lambo
 
Final presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planFinal presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit plan
Cameron Forbes Over
 
Final presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planFinal presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit plan
Cameron Forbes Over
 
IS Audits and Internal Controls
IS Audits and Internal ControlsIS Audits and Internal Controls
IS Audits and Internal Controls
Bharath Rao
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security Solution
Precisely
 

Recommended

CISA (1).pdf
CISA (1).pdfCISA (1).pdf
CISA (1).pdf
Infosec Train
 
FREQUENTLY ASKED QUESTIONS IN CISA CERTIFIED ROL INTERVIEW
FREQUENTLY ASKED QUESTIONS IN CISA CERTIFIED ROL INTERVIEWFREQUENTLY ASKED QUESTIONS IN CISA CERTIFIED ROL INTERVIEW
FREQUENTLY ASKED QUESTIONS IN CISA CERTIFIED ROL INTERVIEW
infosec train
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
Kaushal Trivedi
 
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
Taiye Lambo
 
Final presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planFinal presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit plan
Cameron Forbes Over
 
Final presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planFinal presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit plan
Cameron Forbes Over
 
IS Audits and Internal Controls
IS Audits and Internal ControlsIS Audits and Internal Controls
IS Audits and Internal Controls
Bharath Rao
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security Solution
Precisely
 
9-Steps-Info-Sec-Whitepaper-final.pdf
9-Steps-Info-Sec-Whitepaper-final.pdf9-Steps-Info-Sec-Whitepaper-final.pdf
9-Steps-Info-Sec-Whitepaper-final.pdf
SoniaCristina49
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threat
illustro
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystem
kpatrickwheeler
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP Program
GoogleNewsSubmit
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
PECB
 
20 IT Auditor questions.pdf
20 IT Auditor questions.pdf20 IT Auditor questions.pdf
20 IT Auditor questions.pdf
infosec train
 
2010 06 gartner avoiding audit fatigue in nine steps 1d
2010 06 gartner avoiding audit fatigue in nine steps 1d2010 06 gartner avoiding audit fatigue in nine steps 1d
2010 06 gartner avoiding audit fatigue in nine steps 1d
Gene Kim
 
Internal Audit
Internal AuditInternal Audit
Internal Audit
Nigel Robinson
 
itgc.pptx
itgc.pptxitgc.pptx
itgc.pptx
AvniJain836319
 
An Identity Crisis at the Center of Every IoT Product
An Identity Crisis at the Center of Every IoT ProductAn Identity Crisis at the Center of Every IoT Product
An Identity Crisis at the Center of Every IoT Product
Salesforce Developers
 
Comply or Die: Learn How to Avoid Failed Audits
Comply or Die: Learn How to Avoid Failed AuditsComply or Die: Learn How to Avoid Failed Audits
Comply or Die: Learn How to Avoid Failed Audits
Thycotic
 
Heartlandpt3
Heartlandpt3Heartlandpt3
Heartlandpt3
grimesjo
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
Ulf Mattsson
 
Responsible AI: An Example AI Development Process with Focus on Risks and Con...
Responsible AI: An Example AI Development Process with Focus on Risks and Con...Responsible AI: An Example AI Development Process with Focus on Risks and Con...
Responsible AI: An Example AI Development Process with Focus on Risks and Con...
Patrick Van Renterghem
 
Top 5 EC-Council Certifications That You Should Look Into in 2022.pptx
Top 5 EC-Council Certifications That You Should Look Into in 2022.pptxTop 5 EC-Council Certifications That You Should Look Into in 2022.pptx
Top 5 EC-Council Certifications That You Should Look Into in 2022.pptx
infosec train
 
Professional designations in it governance
Professional designations in it governanceProfessional designations in it governance
Professional designations in it governance
jkllee
 
Professional Designations in IT Governance
Professional Designations in IT GovernanceProfessional Designations in IT Governance
Professional Designations in IT Governance
jkllee
 
Iso 27001 whitepaper
Iso 27001 whitepaperIso 27001 whitepaper
Iso 27001 whitepaper
Syzygal
 
Managing-Data-Protection-and-Cybersecurity-Audit-s-Role_joa_Eng_0116
Managing-Data-Protection-and-Cybersecurity-Audit-s-Role_joa_Eng_0116Managing-Data-Protection-and-Cybersecurity-Audit-s-Role_joa_Eng_0116
Managing-Data-Protection-and-Cybersecurity-Audit-s-Role_joa_Eng_0116
Mohammed J. Khan
 
Identity Theft ResponseYou have successfully presented an expa
Identity Theft ResponseYou have successfully presented an expaIdentity Theft ResponseYou have successfully presented an expa
Identity Theft ResponseYou have successfully presented an expa
LizbethQuinonez813
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 

More Related Content

Similar to Kuliah Sesi ke-01 Control & Audit [080616].pptx

DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
PECB
 
2010 06 gartner avoiding audit fatigue in nine steps 1d
2010 06 gartner avoiding audit fatigue in nine steps 1d2010 06 gartner avoiding audit fatigue in nine steps 1d
2010 06 gartner avoiding audit fatigue in nine steps 1d
Gene Kim
 
Comply or Die: Learn How to Avoid Failed Audits
Comply or Die: Learn How to Avoid Failed AuditsComply or Die: Learn How to Avoid Failed Audits
Comply or Die: Learn How to Avoid Failed Audits
Thycotic
 
Heartlandpt3
Heartlandpt3Heartlandpt3
Heartlandpt3
grimesjo
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
Ulf Mattsson
 
Managing-Data-Protection-and-Cybersecurity-Audit-s-Role_joa_Eng_0116
Managing-Data-Protection-and-Cybersecurity-Audit-s-Role_joa_Eng_0116Managing-Data-Protection-and-Cybersecurity-Audit-s-Role_joa_Eng_0116
Managing-Data-Protection-and-Cybersecurity-Audit-s-Role_joa_Eng_0116
Mohammed J. Khan
 
Identity Theft ResponseYou have successfully presented an expa
Identity Theft ResponseYou have successfully presented an expaIdentity Theft ResponseYou have successfully presented an expa
Identity Theft ResponseYou have successfully presented an expa
LizbethQuinonez813
 

Similar to Kuliah Sesi ke-01 Control & Audit [080616].pptx (20)

9-Steps-Info-Sec-Whitepaper-final.pdf
9-Steps-Info-Sec-Whitepaper-final.pdf9-Steps-Info-Sec-Whitepaper-final.pdf
9-Steps-Info-Sec-Whitepaper-final.pdf
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threat
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystem
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP Program
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
 
20 IT Auditor questions.pdf
20 IT Auditor questions.pdf20 IT Auditor questions.pdf
20 IT Auditor questions.pdf
 
2010 06 gartner avoiding audit fatigue in nine steps 1d
2010 06 gartner avoiding audit fatigue in nine steps 1d2010 06 gartner avoiding audit fatigue in nine steps 1d
2010 06 gartner avoiding audit fatigue in nine steps 1d
 
Internal Audit
Internal AuditInternal Audit
Internal Audit
 
itgc.pptx
itgc.pptxitgc.pptx
itgc.pptx
 
An Identity Crisis at the Center of Every IoT Product
An Identity Crisis at the Center of Every IoT ProductAn Identity Crisis at the Center of Every IoT Product
An Identity Crisis at the Center of Every IoT Product
 
Comply or Die: Learn How to Avoid Failed Audits
Comply or Die: Learn How to Avoid Failed AuditsComply or Die: Learn How to Avoid Failed Audits
Comply or Die: Learn How to Avoid Failed Audits
 
Heartlandpt3
Heartlandpt3Heartlandpt3
Heartlandpt3
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
 
Responsible AI: An Example AI Development Process with Focus on Risks and Con...
Responsible AI: An Example AI Development Process with Focus on Risks and Con...Responsible AI: An Example AI Development Process with Focus on Risks and Con...
Responsible AI: An Example AI Development Process with Focus on Risks and Con...
 
Top 5 EC-Council Certifications That You Should Look Into in 2022.pptx
Top 5 EC-Council Certifications That You Should Look Into in 2022.pptxTop 5 EC-Council Certifications That You Should Look Into in 2022.pptx
Top 5 EC-Council Certifications That You Should Look Into in 2022.pptx
 
Professional designations in it governance
Professional designations in it governanceProfessional designations in it governance
Professional designations in it governance
 
Professional Designations in IT Governance
Professional Designations in IT GovernanceProfessional Designations in IT Governance
Professional Designations in IT Governance
 
Iso 27001 whitepaper
Iso 27001 whitepaperIso 27001 whitepaper
Iso 27001 whitepaper
 
Managing-Data-Protection-and-Cybersecurity-Audit-s-Role_joa_Eng_0116
Managing-Data-Protection-and-Cybersecurity-Audit-s-Role_joa_Eng_0116Managing-Data-Protection-and-Cybersecurity-Audit-s-Role_joa_Eng_0116
Managing-Data-Protection-and-Cybersecurity-Audit-s-Role_joa_Eng_0116
 
Identity Theft ResponseYou have successfully presented an expa
Identity Theft ResponseYou have successfully presented an expaIdentity Theft ResponseYou have successfully presented an expa
Identity Theft ResponseYou have successfully presented an expa
 

Recently uploaded

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
VictorSzoltysek
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
WSO2
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Recently uploaded (20)

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Navigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseNavigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern Enterprise
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software Engineering
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 

Kuliah Sesi ke-01 Control & Audit [080616].pptx

  • 1. IS Quality Assurance & Control Rabu, 8 Juni 2016
  • 2. IS Quality Assurance & Control Why control and audit are important? Global concern for control and audit. Legal issue impacting IT. Protecting against Computer Fraud. Audit standards. Definition and Role of an IT Auditor 1 AGENDA
  • 3. IS Quality Assurance & Control What needs to be Audit? 2
  • 4. IS Quality Assurance & Control 3
  • 5. IS Quality Assurance & Control 4
  • 6. IS Quality Assurance & Control Audit Preparation 5
  • 7. IS Quality Assurance & Control At that time, the need for an IT audit function came from several directions  Auditors realized that computers had impacted their ability to perform the attestation function.  Corporate and information processing management recognized that computers were key resources for competing in the business environment and similar to other valuable business resource within the organization, and therefore, the need for control and auditability is critical.  Professional associations and organizations, and government entities recognized the need for IT control and auditability. 6 IT Technology Environment: Why Are Controls and Audit Important?
  • 8. IS Quality Assurance & Control 7 IT auditing is an integral part of the audit function because it supports the auditor’s judgment on the quality of the information processed by computer systems. IT Technology Environment: Why Are Controls and Audit Important?
  • 9. IS Quality Assurance & Control 8  The events of September 11, 2001, and  the collapse of trust in the financial reports of private industry (Enron, WorldCom, etc.) have caused much reflection and self-assessment within the business world.  Cases in Indonesia: Bank Bali Solution with Forensic Accountants A Global Concern about Control and Audit
  • 10. IS Quality Assurance & Control 9 The financial scandals involving Enron and Arthur Andersen LLP, and others generated a demand for the new legislation to prevent, detect, and correct such aberrations. Legal Issues Impacting IT
  • 11. IS Quality Assurance & Control 10 The latest Computer Crime and Security Survey and a sample study of large corporations and government agencies conducted by the Computer Security Institute (CSI) and the FBI have revealed the following:  90 percent of respondents have detected computer security breaches within the past 12 months. (In 1998, this was 64 percent.)  80 percent acknowledged financial losses due to computer security breaches.  44 percent quantified their financial losses for a total of $455,848,000 in losses among 223 respondents.  74 percent cited their Internet connection as a frequent point of attack.  33 percent cited their internal systems as a frequent point of attack.  34 percent reported the intrusions to law enforcement. (Ā is has more than doubled since 1996.) Computer Crime and Security Survey
  • 12. IS Quality Assurance & Control 11 The FBI’s National Computer Crime Squad has the following advice to help protect against computer fraud:  Place a log-in banner to ensure that unauthorized users are warned that they may be subject to monitoring.  Turn audit trails on.  Consider keystroke level monitoring if adequate banner is displayed. Request trap and tracing from your local telephone company.  Consider installing caller identification.  Make backups of damaged or altered files.  Maintain old backups to show the status of the original. Protection against Computer Fraud
  • 13. IS Quality Assurance & Control 12  Designate one person to secure potential evidence. Evidence can consist of tape backups and printouts. These pieces of evidence should be documented and verified by the person obtaining the evidence. Evidence should be retained in a locked cabinet with access limited to one person.  Keep a record of resources used to reestablish the system and locate the perpetrator.  Encrypt files.  Encrypt transmissions.  Use one-time password (OTP) generators.  Use secure fi rewalls. Protection against Computer Fraud (2)
  • 14. IS Quality Assurance & Control 13  American Institute of Certified Public Accountants (AICPA)  The Institute of Internal Auditors (IIA)  Information Systems Audit Control Association (ISACA)  Canadian Institute of Chartered Accountants (CICA)  International Federation of Accountants (IFAC)  Information System Security Association (ISSA)  Society for Information Management (SIM)  Association of Information Technology Professionals (AITP)  International Federation for Information Processing (IFIP)  Association for Computing Machinery (ACM)  The Institute of Chartered Accountants in Australia (ICAA)  National Institute of Standards and Technology (NIST)  General Accounting Office (GAO)  The International Organization of Supreme Audit Institutions (INTOSAI) Audit Standards
  • 15. IS Quality Assurance & Control 14  An individual qualified (at the state level) to conduct audits. An auditor may be an internal auditor (an individual whose primary job function is to audit his or her own company) or an external auditor (an individual from outside the company, who typically is employed by an auditing firm who handles many different clients). Definition of an IT Auditor
  • 16. IS Quality Assurance & Control 15 IT auditors can perform a number of key roles:1  Initiating IT governance programmes  Assessing the current state  Planning IT governance solutions  Monitoring IT governance initiatives  Helping make IT governance business as usual 1 Based on: ITGI, IT Governance Implementation Guide: Using CobiT® and Val ITTM, 2nd Edition, 2007 Role of an IT Auditor
  • 17. IS Quality Assurance & Control 16 IT auditors can also help to drive business benefits from better IT governance:  Transparency and accountability  Return on investment/stakeholder value  Opportunities and partnerships  Performance improvement  External compliance Role of an IT Auditor (2)

Editor's Notes

  1. Attestation function = fungsi pengesahan