2. Fokus pembelajaran
[LO04] Mahasiswa mampu memahami
konsep audit TI
[SLO06] Memahami
konsep audit TI
[SLO07] Memahami
audit TI berbasis
risiko
[LO05] Mahasiswa mampu memahami
proses audit TI
[SLO09]
Mengetahui
standar audit TI
[SLO10]
Mengetahui tahap-
tahap audit TI
[LO06]
Mahasiswa
mampu
membuat
perangkat audit
TI
[SLO011]
Menyiapkan
perangkat audit TI
3. Indikator Capaian
Memahami konsep auditTI
Pentingnya Audit TI
(WHY)
Pengertian Audit TI
berbasis Risiko (WHAT)• [MEETING02] Menerangkan definisi dan pengertian Audit TI
• [MEETING02] Membedakan Audit TI dengan Evaluasi TI dan Tata
kelola TI
• [MEETING02] Menerangkan keterkaitan Audit TI dengan Proses TI
• [MEETING01] Mengetahui latar belakang, tujuan, manfaat Audit TI
• [MEETING01] Mengetahui pentingnya belajar Audit TI
• [MEETING04] Mengungkapkan pentingnya audit TI berbasis risiko
• [MEETING04] Menerangkan permasalahan audit TI berbasis risiko di
organisasi
• [MEETING03] Mengetahui keterkaitan audit TI dengan risiko
• [MEETING03] Mengetahui konsep audit TI berbasis risiko
13. Menurut Anda, apa saja keywords
dari audit TI
Source:
https://thumbs.dreamstime.com/z/
quality-audit-words-26148204.jpg
14. INDIVIDUAL ASSIGNMENT - 01
Jenis: 2-page sheet
Topik: Kontrol Proses TI dan Konsep Audit TI
Petunjuk:
1. Temukan nomor urut NRP Anda di Absen (Ganjil dan Genap)
2. Buat dalam 2 lembar kertas, masing-masing berisikan:
• NOMOR GENAP (Proses TI)
• Page 1: Daftar Proses TI yang pernah Anda pelajari di kelas sebelumnya
• Page 2: Daftar kontrol untuk tiap Proses TI
• NOMOR GANJIL (Konsep Audit TI)
• Page 1: Daftar Pertanyaan mengenai konsep Audit TI, misal: perbedaan audit TI
dengan tatakelola TI dan evaluasi TI, tipe-tipe audit TI, pengertian audit TI
• Page 2: Daftar kontrol untuk tiap Proses TI
3. Cetak dan bawa lembar kertas tersebut pada kelas berikutnya
21. Source: Chapter 2, p. 12, The Basics of IT Audit: Purposes, Processes, and Practical Information (Basics (Syngress))
by Stephen D. Gantz
22. Source: Chapter 2, p. 22, The Basics of IT Audit: Purposes, Processes, and Practical Information (Basics (Syngress))
by Stephen D. Gantz
23.
24. The Basics of IT Audit: Purposes, Processes, and Practical Information (Basics (Syngress))
by Stephen D. Gantz
To the extent that financial and accounting practices in
audited organizations use IT, financial audits must address
technology-based controls and their contribution to
effectively supporting internal financial controls.
Operational audits examine the effectiveness of one or
more business processes or organizational functions and
the efficient use of resources in support of organizational
goals and objectives.
Information systems and other technology represent key
resources often included in the scope of operational
audits.
Quality audits apply to many aspects of organizations,
including business processes or other operational focus
areas, IT management, and information security
25. Types of Audit:
WHAT (1)
• Administrative audits—An audit that focuses on operational
processes.
• Financial audits—An audit that relates to the correctness of
the organization’s financial statement.
• Forensic audits—An audit that focuses on the recovery of
information that might uncover fraud or crimes committed to
alter the financial figures of the organization.
Source:
Chapter 1 - Audit Process, p. 40-41, (2007). IT Governance and the Audit. In M. Gregg, CISA Exam Prep. Que Publishing.
26. Types of Audit:
WHAT (2)
• Information system audits—An audit that is performed to verify the protection
mechanisms provided by information systems and related systems.
➔ should examine internal controls to ensure that they protect integrity,
confidentiality, and assurance of data and electronic information, and that they
operate efficiently.
• Operational audits—An audit designed to examine the internal control
structure of a process or area.
➔ E.g.: those that examine application controls or logical security systems.
• Other audits—Other types of audits include those that examine compliance.
E.g.: compliance audits include the Sarbanes-Oxley, Health Insurance Portability and
Accountability Act (HIPAA), or Statement on Auditing Standards (SAS) 70.
Source:
Chapter 1 - Audit Process, p. 40-41, (2007). IT Governance and the Audit. In M. Gregg, CISA Exam Prep. Que Publishing.
29. GROUP ASSIGNMENT - 01
Jenis: SWAY-presentation
Topik: Tipe Audit TI
Petunjuk:
1. Buat 5 (lima) kelompok masing-masing mendapatkan topik: Financial Audits,
Operational Audits, Certification Audits, Compliance Audits, IT-Specific Audits
2. Buat dalam presentasi SWAY
• Area of Emphasis, Key Objectives, Performed by
• Deskripsi (WHAT), Mengapa perlu dilakukan (WHY), Bagaimana dilakukan
(HOW), Contoh audit (WHAT)
3. Selesaikan sebelum hari Minggu, 4 November 2018
31. Recommended sources of learning
• [VIDEO] Apa itu IT Audit?
https://www.youtube.com/watch?v=HjeGKRWg03Y
• [VIDEO] Information technology audit
https://www.youtube.com/watch?v=ZUzWsIlStpc
• [VIDEO] KPMG |The audit is changing
https://www.youtube.com/watch?v=O1HZYjBAooc
33. Useful readings
• Quality Management System (QMS) Audits - Including Internal Auditing,
Available: https://elsmar.com/Audit/
• [BOOK CHAPTER] Chapter 7: IT Audit Drivers (pp.129-148)
Gantz, S.D. (2014). The Basics of IT Audit: Purposes, Processes, and Practical
Information. Available:
https://www.sciencedirect.com/science/article/pii/B9780124171596000079
• [BOOK CHAPTER] Chapter 5 -Types of Audits (pp.83-104)
Gantz, S.D. (2014). The Basics of IT Audit: Purposes, Processes, and Practical
Information. Available:
https://www.sciencedirect.com/science/article/pii/B9780124171596000055?via
%3Dihub
34.
35. anisah@is.its.ac.id
check our annual conferences at www.isico.info | www.sesindo.org
DEPARTMENT OF INFORMATION SYSTEMS | INSTITUT TEKNOLOGI SEPULUH NOPEMBER