SlideShare a Scribd company logo

Control and Audit Information System

Download as PPTX, PDF
A
arif prasetyo

slide ini bersumber dari buku Hall 2015 dan beberapa sumber lainya..

Economy & Finance
1 of 27
LOGOwww.themegallery.com oleh : ARIF PRASETYO 11353100414 CONTROL AND AUDIT INFORMATION SYSTEM Dosen Pengampu : M. Jasman, S.Kom, M.InfoSys
LOGOwww.themegallery.com Control & Audit by Vishnu Ap Audit is a process checks are carried out systematically to find out how the actual implementation of quality applied. The audit results will be in the documentation and periodic evaluation. Meanwhile, according to Frans m. Royan Audit aims to facilitate owners to control and avoid fraud and manipulation of data. While understanding the information systems audit is an inspection activities performed by an internal audit of the company in collecting evidence and evaluating control of the company to achieve the company's objectives and in accordance with the specified criteria. control is also called a system control means (A control is a system) in other words, is a set of interrelated components that relate to work together to accomplish a purpose or goal, legality / validity of an activity (unlawful events), and inspection.
LOGOwww.themegallery.com 5 Accounting Information Systems Audit Cycle 1. Revienue Cycle (sales and cloction) 2. Expenditure Cycle (about how to buy goods) 3. Production Cycle (How to produce Goods) 4. HRM 5. General Regent and Reporting System
LOGOwww.themegallery.com  Internal audit Internal audit is independent appraisal function to examine and evaluate the activities and as a service for an organization. internal auditor perform a variety of activities, including financial, operational, compliance and audit fraud. Auditors can work for your organization or tasks can be outsourced. Independence is self-imposed, but the auditor representing the interests of the organization.
LOGOwww.themegallery.com  External vs. Internal Auditor The external auditors are outsiders while internal auditors representing the interests of the organization. Internal auditors often cooperate with and assist the external auditors in some aspects of the financial audit. Extent of cooperation depends on the independence and competence of the internal audit staff. external auditors may rely in part on evidence gathered by the internal audit department is organizationally independent and reports to the audit committee of the board of directors.
LOGOwww.themegallery.com  The role of the Audit Committee Subcommittee of the board of directors • Usually three external members. • SOX requires at least one member must be a "financial expert". Functioning as an independent "check and balance" to the internal audit function. SOX mandates that external auditors report to the audit committee: • the employee committee and auditor fire and resolve disputes.
LOGOwww.themegallery.com  Auditing standards statements of management and auditing purposes: 1. The existence or occurrence; Completeness; Rights and obligations; Valuation or Allocation; Presentation and Disclosure. 2. The auditor develops auditing purposes and to design audit procedures based on this statement. 3. Auditor search for material evidence corroborating the statement. 4. The auditor should determine whether internal control deficiencies and material misstatement. 5. The auditor should communicate the results of their tests, including an audit opinion.
LOGO  Audit risk The probability that the auditor will make ineligible opinions (net) of the financial statements are, in fact, a material misstatement. the inherent risk (IR) is associated with the unique characteristics of the client's business or industry. control risk (CR) is the possibility of controlling structure is flawed because the control does not exist or is inadequate to prevent or detect errors. Detection risk (DR) is the auditor is willing to take the risk that errors are not detected or prevented by the control structure will not be detected by the auditor. components of audit risk in the model used to define the scope, nature and timing of substantive testing: audit risk model: AR = IR x CR x DR If the risk is acceptable audit is 5%, the risk of detection will depend on the planned control structure. The stronger the internal control structure, the lower the risk control and less substantive testing the auditor should do. substantive testing is labor intensive audit costs and time-consuming, which encourages and cause interference. management interests are served by a strong internal control structure. www.themegallery.com
LOGO Internal control Management is required by law to establish and maintain an adequate system of internal controls. A brief history of the law of internal control: 1. SEC Acts of 1933 and 1934. 2. Copyright law of 1976. 3. Foreign Corrupt Practices (FCPA) in 1977 requires companies registered with the SEC to: • Keep records sufficient and fairly reflect the transactions and the company's financial position. • Maintain internal control systems which provide reasonable assurance that organizational goals are met. Committee of Sponsoring Organizations - 1992 • Sarbanes-Oxley Act of 2002 (SOX) requires management of public companies to implement an adequate system of internal controls over their financial reporting process. Under Section 302: • Managers should state the organization's internal controls quarterly and annually. • external auditors must perform certain procedures quarterly to identify modifications that control material can affect financial reporting. Section 404 requires management of public companies to access the effectiveness of internal controls in their annual reports.
LOGOwww.themegallery.com  Internal Control System internal control system consists of policies, practices and procedures to achieve four broad objectives: Safeguard company assets. Ensure the accuracy and reliability of accounting records and information. Promoting efficiency in operations. Measuring compliance with prescribed policies and procedures management.
LOGOwww.themegallery.com  Internal Control System internal control system consists of policies, practices and procedures to achieve four broad objectives: Safeguard company assets. Ensure the accuracy and reliability of accounting records and information. Promoting efficiency in operations. Measuring compliance with prescribed policies and procedures management.
LOGOwww.themegallery.com  Modifying Principles management's responsibility to make laws by SOX. Goals must be achieved regardless of the data processing method used. Each system has limitations on its effectiveness including: the possibility of error, circumvention, overriding management and changing conditions. The system should provide reasonable assurance that the broad objectives are met. Costs to achieve improved control should not be greater than the benefits. Cost of material weaknesses corrected offset by gains.
LOGO PDC Model www.themegallery.com
LOGOwww.themegallery.com PDC Model passive preventive control techniques designed to reduce the frequency of undesirable events occurred. more cost effective than detect and fix problems after they occur. is a detective control devices, techniques and procedures to identify and expose the undesirable events that pass preventive controls. corrective controls to correct problems identified.
LOGOwww.themegallery.com  IT Governance Part of the corporate governance focusing on resource management and strategic IT assessment. key object to reduce risk and ensure investment in IT resources add value to the corporation. All of the company's stakeholders must be active participants in key IT decisions.
LOGOwww.themegallery.com Control IT Governance COSO (Committee Of Sponsoring Organitation) was first made in 1992. Three issues of IT governance is handled by SOX and the COSO internal control framework: • the organizational structure of the IT function. • computer operations center. • disaster recovery planning.
LOGOwww.themegallery.com There are 5 parts of COSO, namely: 1. Control environment 2. The risk factors 3. The information communication 4. monitoring 5. control activity, in control of this activity there are two categories, namely • in IT • physically The purpose of control is to avoid the occurrence of Error, Froud (thieves), Acess and Nischip. In 2001 there kasun EROM, which occurred between the public transport games. Sabban Oxcly has made rule of law sourch in 2002, 4 times in a year perform an audit. For membagun a company needs to be held to protect preventive control, detective and corrective controls to mendekteksi control to fix.
LOGOwww.themegallery.com  Audit Data Base Access to data resources controlled by a database management system (DBMS). Centralize the organization's data into a common database shared by a community of users. All users have access to the data they need to overcome the problem of flat-file. Deletion of data storage problem: There is no data redundancy. Elimination of the problem of updating the data: Single update procedure eliminates a problem of information. Abolition of duty-dependency problems User data is limited only by the legitimacy of the access needs.
LOGO  Physical database the lowest level and the only one in the physical form. Sports magnetic disk coated metal that makes a logical collection of files and records. data structure of bricks and mortar database. Allows records to be located, stored, and retrieved. Two components: organization and access methods. File organization refers to the way records are physically arranged in the storage device - either sequential or random. access method is a program used to search for records and to navigate through the database. www.themegallery.com
LOGO  Terminology database Entity: Organization Anything want to capture data about. Record Type: physical representation of database entities. Genesis: In relation to the number of records is represented by a particular record type. Attributes: Defining entities with values different (ie each employee has a different name). Database: Set the type of record that organizations need to support their business processes. www.themegallery.com
LOGO AUDIT INFORMATION SYSTEM BASED ON COBITFRAMEWORK www.themegallery.com Control Objectives for Information and releated Technology, or in short COBIT is a standard guide information technology management practices. COBIT IT governance is designed as a tool that helps in pemahamaan and manage the risks, benefits and evaluation related to IT. Standards issued by the COBIT IT govermance Institute which is part of ISACA. COBIT 4.0 is the latest version ..
LOGOwww.themegallery.com COBIT Framework consists of 34 high-level control objective, which each IT grouped in four Primary Domain:
LOGO 1. Planning and Organization Includes strategies and tactics regarding the identification of how IT can best contribute to the achievement of the organization's business objectives, forming a good organization with good technology infrastructure anyway. PO1 Difene a strategic information technology plan PO2 difine the information archicture PO3 Determine the technological direction PO4 Difene the IT organization and releationship PO5 Manage the investment in information technology PO6 Communicate management aims and direction PO7 Manage human resources PO8 Ensure compliance with external requirements PO9 Assess risks PO10 Manage Projects PO11 Manage quality www.themegallery.com
LOGOwww.themegallery.com 2. Acquisition and Implementation Identifikassi Ti solution later in implementassikan and integrated into business processes to realize the IT strategy. AI1 Identity automated solutions AI2 Acquire and maintain application software AI3 Acquire and maintain technology infrastructure AI4 Develop and maintain IT procedure AI5 Install and accredit systems AI6 Manage Changes
LOGOwww.themegallery.com 3. Delivery and Support Domain associated with the desired storage service, which consists of the operating system and the security aspects of business continuity up to the procurement training. DS1 Define and manage service levels DS2 manage third-party service DS3 manage performance and capacity DS4 Ensure continuous service DS5 Ensure system security DS6 Identify and allocate costs DS7 Educate and train users DS8 Assist and advise costumers DS9 manage the configuration DS10 manage problems and incidents DS11 manage the data DS12 Manage facilities DS13 Manage Operations
LOGOwww.themegallery.com 4. Monitoring All IT processes need to be assessed regularly and periodically bagaimmana kesesuiananya the quality and control requirements. M1 monitor the process M2 Assess internal control adequacy M3 obatin independent assuarance M4 Provide for independent audit
LOGOwww.themegallery.com www.themegallery.com

Recommended

Information systems audit and control
Information systems audit and controlInformation systems audit and control
Information systems audit and control
Kashif Rana ACCA
 
Chapter 1 auditing and internal control
Chapter 1 auditing and internal controlChapter 1 auditing and internal control
Chapter 1 auditing and internal control
jayussuryawan
 
Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1
Sreekanth Narendran
 
Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1
Yasir Khan
 
Information System audit
Information System auditInformation System audit
Information System audit
Pratapchandra
 
IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOX
Mahesh Patwardhan
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)
Hendri Eka Saputra
 
Conducting an Information Systems Audit
Conducting an Information Systems Audit Conducting an Information Systems Audit
Conducting an Information Systems Audit
Sreekanth Narendran
 

Recommended

Information systems audit and control
Information systems audit and controlInformation systems audit and control
Information systems audit and control
Kashif Rana ACCA
 
Chapter 1 auditing and internal control
Chapter 1 auditing and internal controlChapter 1 auditing and internal control
Chapter 1 auditing and internal control
jayussuryawan
 
Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1
Sreekanth Narendran
 
Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1
Yasir Khan
 
Information System audit
Information System auditInformation System audit
Information System audit
Pratapchandra
 
IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOX
Mahesh Patwardhan
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)
Hendri Eka Saputra
 
Conducting an Information Systems Audit
Conducting an Information Systems Audit Conducting an Information Systems Audit
Conducting an Information Systems Audit
Sreekanth Narendran
 
3c 2 Information Systems Audit
3c 2 Information Systems Audit3c 2 Information Systems Audit
3c 2 Information Systems Audit
Rajeswaran Muthu Venkatachalam
 
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
Sreekanth Narendran
 
CONTROL AND AUDIT
CONTROL AND AUDITCONTROL AND AUDIT
CONTROL AND AUDIT
Ros Dina
 
Security Audit View
Security Audit ViewSecurity Audit View
Security Audit View
PLN9 Security Services Pvt. Ltd.
 
Information System Audit and Control
Information System Audit and ControlInformation System Audit and Control
Information System Audit and Control
Asad Raza
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Compliance
seanpizzy
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
Kaushal Trivedi
 
Auditing application controls
Auditing application controlsAuditing application controls
Auditing application controls
CenapSerdarolu
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
Mufaddal Nullwala
 
Information security management system
Information security management systemInformation security management system
Information security management system
Arani Srinivasan
 
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSCISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
ShivamSharma909
 
SOX compliance - Understanding Sarbanes-Oxley
SOX compliance - Understanding Sarbanes-OxleySOX compliance - Understanding Sarbanes-Oxley
SOX compliance - Understanding Sarbanes-Oxley
Amarnath Gupta
 
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Sreekanth Narendran
 
Information security governance framework
Information security governance frameworkInformation security governance framework
Information security governance framework
Ming-Chang (Bright) Wu
 
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
Muhammad Azmy
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditing
Damilola Mosaku
 
Cobit
CobitCobit
Cobit
ifourkhushbooshah
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security Management
Jonathan Coleman
 
03.2 application control
03.2 application control03.2 application control
03.2 application control
Mulyadi Yusuf
 
ITGC audit of ERPs
ITGC audit of ERPsITGC audit of ERPs
ITGC audit of ERPs
Jayesh Daga
 
Information system and control audit – lecture i
Information system and control audit – lecture iInformation system and control audit – lecture i
Information system and control audit – lecture i
Kartik T. Vayeda & Co.
 
Information System Audit - UNIKOM Seminar (Nov 2015)
Information System Audit - UNIKOM Seminar (Nov 2015)Information System Audit - UNIKOM Seminar (Nov 2015)
Information System Audit - UNIKOM Seminar (Nov 2015)
Basuki Rahmad
 

More Related Content

What's hot

Information security management system
Information security management systemInformation security management system
Information security management system
Arani Srinivasan
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security Management
Jonathan Coleman
 
03.2 application control
03.2 application control03.2 application control
03.2 application control
Mulyadi Yusuf
 

What's hot (20)

3c 2 Information Systems Audit
3c 2 Information Systems Audit3c 2 Information Systems Audit
3c 2 Information Systems Audit
 
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
 
CONTROL AND AUDIT
CONTROL AND AUDITCONTROL AND AUDIT
CONTROL AND AUDIT
 
Security Audit View
Security Audit ViewSecurity Audit View
Security Audit View
 
Information System Audit and Control
Information System Audit and ControlInformation System Audit and Control
Information System Audit and Control
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Compliance
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
 
Auditing application controls
Auditing application controlsAuditing application controls
Auditing application controls
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
 
Information security management system
Information security management systemInformation security management system
Information security management system
 
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSCISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
 
SOX compliance - Understanding Sarbanes-Oxley
SOX compliance - Understanding Sarbanes-OxleySOX compliance - Understanding Sarbanes-Oxley
SOX compliance - Understanding Sarbanes-Oxley
 
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
 
Information security governance framework
Information security governance frameworkInformation security governance framework
Information security governance framework
 
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditing
 
Cobit
CobitCobit
Cobit
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security Management
 
03.2 application control
03.2 application control03.2 application control
03.2 application control
 
ITGC audit of ERPs
ITGC audit of ERPsITGC audit of ERPs
ITGC audit of ERPs
 

Viewers also liked

Audit evidence a framework (ppt ch7[1].pdf)
Audit evidence a framework (ppt ch7[1].pdf)Audit evidence a framework (ppt ch7[1].pdf)
Audit evidence a framework (ppt ch7[1].pdf)
bagarza
 
Audit planning and risk assessment
Audit planning and risk assessmentAudit planning and risk assessment
Audit planning and risk assessment
casahiljain1992
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
Biswajit Bhattacharjee
 

Viewers also liked (11)

Information system and control audit – lecture i
Information system and control audit – lecture iInformation system and control audit – lecture i
Information system and control audit – lecture i
 
Information System Audit - UNIKOM Seminar (Nov 2015)
Information System Audit - UNIKOM Seminar (Nov 2015)Information System Audit - UNIKOM Seminar (Nov 2015)
Information System Audit - UNIKOM Seminar (Nov 2015)
 
Information system and control audit ~ Lecture # 1
Information system and control audit ~ Lecture # 1Information system and control audit ~ Lecture # 1
Information system and control audit ~ Lecture # 1
 
Audit procedures
Audit proceduresAudit procedures
Audit procedures
 
Audit evidence a framework (ppt ch7[1].pdf)
Audit evidence a framework (ppt ch7[1].pdf)Audit evidence a framework (ppt ch7[1].pdf)
Audit evidence a framework (ppt ch7[1].pdf)
 
Audit procedures
Audit proceduresAudit procedures
Audit procedures
 
13 information system audit of banks
13 information system audit of banks13 information system audit of banks
13 information system audit of banks
 
Audit planning and risk assessment
Audit planning and risk assessmentAudit planning and risk assessment
Audit planning and risk assessment
 
Internal Audit COSO Framework
Internal Audit COSO FrameworkInternal Audit COSO Framework
Internal Audit COSO Framework
 
Audit Checklist for Information Systems
Audit Checklist for Information SystemsAudit Checklist for Information Systems
Audit Checklist for Information Systems
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
 

Similar to Control and Audit Information System

SOX ICMS Implmenetation - 2007
SOX ICMS Implmenetation - 2007SOX ICMS Implmenetation - 2007
SOX ICMS Implmenetation - 2007
Slava Gorbunov
 
Understanding Risk Management Through COSO ERM.pdf
Understanding Risk Management Through COSO ERM.pdfUnderstanding Risk Management Through COSO ERM.pdf
Understanding Risk Management Through COSO ERM.pdf
MaAnneLuisSarillana1
 
Internal control system
Internal control systemInternal control system
Internal control system
Madiha Hassan
 
El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007
Danial Khan
 
There are regulatory rules that must be met as well as organizatio.docx
There are regulatory rules that must be met as well as organizatio.docxThere are regulatory rules that must be met as well as organizatio.docx
There are regulatory rules that must be met as well as organizatio.docx
randymartin91030
 

Similar to Control and Audit Information System (20)

Tugas control & audit sistem informasi
Tugas control & audit sistem informasiTugas control & audit sistem informasi
Tugas control & audit sistem informasi
 
Kontrol & Audit Sistem Informasi
Kontrol & Audit Sistem InformasiKontrol & Audit Sistem Informasi
Kontrol & Audit Sistem Informasi
 
SOX ICMS Implmenetation - 2007
SOX ICMS Implmenetation - 2007SOX ICMS Implmenetation - 2007
SOX ICMS Implmenetation - 2007
 
COSO 2013 and The Auditor
COSO 2013 and The AuditorCOSO 2013 and The Auditor
COSO 2013 and The Auditor
 
Internal controls & ai ss
Internal controls & ai ssInternal controls & ai ss
Internal controls & ai ss
 
Ethics fraud & internal control ppt @ dom s
Ethics fraud & internal control ppt @ dom sEthics fraud & internal control ppt @ dom s
Ethics fraud & internal control ppt @ dom s
 
Ethics fraud & internal control ppt @ dom s
Ethics fraud & internal control ppt @ dom sEthics fraud & internal control ppt @ dom s
Ethics fraud & internal control ppt @ dom s
 
Understanding Risk Management Through COSO ERM.pdf
Understanding Risk Management Through COSO ERM.pdfUnderstanding Risk Management Through COSO ERM.pdf
Understanding Risk Management Through COSO ERM.pdf
 
Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1
 
Ais Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And AisAis Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And Ais
 
Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1
 
Ais Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And AisAis Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And Ais
 
Information systems and its components iii
Information systems and its components iiiInformation systems and its components iii
Information systems and its components iii
 
Lecture 16 internal control - james a. hall book chapter 3
Lecture 16 internal control - james a. hall book chapter 3Lecture 16 internal control - james a. hall book chapter 3
Lecture 16 internal control - james a. hall book chapter 3
 
Internal control system
Internal control systemInternal control system
Internal control system
 
Internal control system
Internal control systemInternal control system
Internal control system
 
Lecture 17 sas framework internal control - james a. hall book chapter 3
Lecture 17 sas framework internal control - james a. hall book chapter 3Lecture 17 sas framework internal control - james a. hall book chapter 3
Lecture 17 sas framework internal control - james a. hall book chapter 3
 
El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007
 
There are regulatory rules that must be met as well as organizatio.docx
There are regulatory rules that must be met as well as organizatio.docxThere are regulatory rules that must be met as well as organizatio.docx
There are regulatory rules that must be met as well as organizatio.docx
 
Ais Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsAis Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based Is
 

Recently uploaded

Female Russian Escorts Mumbai Call Girls-((ANdheri))9833754194-Jogeshawri Fre...
Female Russian Escorts Mumbai Call Girls-((ANdheri))9833754194-Jogeshawri Fre...Female Russian Escorts Mumbai Call Girls-((ANdheri))9833754194-Jogeshawri Fre...
Female Russian Escorts Mumbai Call Girls-((ANdheri))9833754194-Jogeshawri Fre...
priyasharma62062
 
Virar Best Sex Call Girls Number-📞📞9833754194-Poorbi Nalasopara Housewife Cal...
Virar Best Sex Call Girls Number-📞📞9833754194-Poorbi Nalasopara Housewife Cal...Virar Best Sex Call Girls Number-📞📞9833754194-Poorbi Nalasopara Housewife Cal...
Virar Best Sex Call Girls Number-📞📞9833754194-Poorbi Nalasopara Housewife Cal...
priyasharma62062
 
Kurla Capable Call Girls ,07506202331, Sion Affordable Call Girls
Kurla Capable Call Girls ,07506202331, Sion Affordable Call GirlsKurla Capable Call Girls ,07506202331, Sion Affordable Call Girls
Kurla Capable Call Girls ,07506202331, Sion Affordable Call Girls
Priya Reddy
 
✂️ 👅 Independent Bhubaneswar Escorts Odisha Call Girls With Room Bhubaneswar ...
✂️ 👅 Independent Bhubaneswar Escorts Odisha Call Girls With Room Bhubaneswar ...✂️ 👅 Independent Bhubaneswar Escorts Odisha Call Girls With Room Bhubaneswar ...
✂️ 👅 Independent Bhubaneswar Escorts Odisha Call Girls With Room Bhubaneswar ...
jabtakhaidam7
 
Russian Call Girls New Bhubaneswar Whatsapp Numbers 9777949614 Russian Escor...
Russian Call Girls New Bhubaneswar Whatsapp Numbers 9777949614 Russian Escor...Russian Call Girls New Bhubaneswar Whatsapp Numbers 9777949614 Russian Escor...
Russian Call Girls New Bhubaneswar Whatsapp Numbers 9777949614 Russian Escor...
jabtakhaidam7
 
Nalasopara TRusted Virar-Vasai-Housewife Call Girls✔✔9833754194 Gorgeous Mode...
Nalasopara TRusted Virar-Vasai-Housewife Call Girls✔✔9833754194 Gorgeous Mode...Nalasopara TRusted Virar-Vasai-Housewife Call Girls✔✔9833754194 Gorgeous Mode...
Nalasopara TRusted Virar-Vasai-Housewife Call Girls✔✔9833754194 Gorgeous Mode...
priyasharma62062
 
Bhubaneswar🌹Kalpana Mesuem ❤CALL GIRLS 9777949614 💟 CALL GIRLS IN bhubaneswa...
Bhubaneswar🌹Kalpana Mesuem ❤CALL GIRLS 9777949614 💟 CALL GIRLS IN bhubaneswa...Bhubaneswar🌹Kalpana Mesuem ❤CALL GIRLS 9777949614 💟 CALL GIRLS IN bhubaneswa...
Bhubaneswar🌹Kalpana Mesuem ❤CALL GIRLS 9777949614 💟 CALL GIRLS IN bhubaneswa...
Call Girls Mumbai
 

Recently uploaded (20)

Call Girls in Benson Town / 8250092165 Genuine Call girls with real Photos an...
Call Girls in Benson Town / 8250092165 Genuine Call girls with real Photos an...Call Girls in Benson Town / 8250092165 Genuine Call girls with real Photos an...
Call Girls in Benson Town / 8250092165 Genuine Call girls with real Photos an...
 
Famous Kala Jadu, Black magic expert in Faisalabad and Kala ilam specialist i...
Famous Kala Jadu, Black magic expert in Faisalabad and Kala ilam specialist i...Famous Kala Jadu, Black magic expert in Faisalabad and Kala ilam specialist i...
Famous Kala Jadu, Black magic expert in Faisalabad and Kala ilam specialist i...
 
Female Russian Escorts Mumbai Call Girls-((ANdheri))9833754194-Jogeshawri Fre...
Female Russian Escorts Mumbai Call Girls-((ANdheri))9833754194-Jogeshawri Fre...Female Russian Escorts Mumbai Call Girls-((ANdheri))9833754194-Jogeshawri Fre...
Female Russian Escorts Mumbai Call Girls-((ANdheri))9833754194-Jogeshawri Fre...
 
W.D. Gann Theory Complete Information.pdf
W.D. Gann Theory Complete Information.pdfW.D. Gann Theory Complete Information.pdf
W.D. Gann Theory Complete Information.pdf
 
Strategic Resources May 2024 Corporate Presentation
Strategic Resources May 2024 Corporate PresentationStrategic Resources May 2024 Corporate Presentation
Strategic Resources May 2024 Corporate Presentation
 
Virar Best Sex Call Girls Number-📞📞9833754194-Poorbi Nalasopara Housewife Cal...
Virar Best Sex Call Girls Number-📞📞9833754194-Poorbi Nalasopara Housewife Cal...Virar Best Sex Call Girls Number-📞📞9833754194-Poorbi Nalasopara Housewife Cal...
Virar Best Sex Call Girls Number-📞📞9833754194-Poorbi Nalasopara Housewife Cal...
 
Lion One Corporate Presentation May 2024
Lion One Corporate Presentation May 2024Lion One Corporate Presentation May 2024
Lion One Corporate Presentation May 2024
 
Indore City REd Light Area Call Girls-✔✔9155612368 Escorts In Indore Female E...
Indore City REd Light Area Call Girls-✔✔9155612368 Escorts In Indore Female E...Indore City REd Light Area Call Girls-✔✔9155612368 Escorts In Indore Female E...
Indore City REd Light Area Call Girls-✔✔9155612368 Escorts In Indore Female E...
 
Kurla Capable Call Girls ,07506202331, Sion Affordable Call Girls
Kurla Capable Call Girls ,07506202331, Sion Affordable Call GirlsKurla Capable Call Girls ,07506202331, Sion Affordable Call Girls
Kurla Capable Call Girls ,07506202331, Sion Affordable Call Girls
 
Solution Manual For Financial Statement Analysis, 13th Edition By Charles H. ...
Solution Manual For Financial Statement Analysis, 13th Edition By Charles H. ...Solution Manual For Financial Statement Analysis, 13th Edition By Charles H. ...
Solution Manual For Financial Statement Analysis, 13th Edition By Charles H. ...
 
Female Escorts Service in Hyderabad Starting with 5000/- for Savita Escorts S...
Female Escorts Service in Hyderabad Starting with 5000/- for Savita Escorts S...Female Escorts Service in Hyderabad Starting with 5000/- for Savita Escorts S...
Female Escorts Service in Hyderabad Starting with 5000/- for Savita Escorts S...
 
✂️ 👅 Independent Bhubaneswar Escorts Odisha Call Girls With Room Bhubaneswar ...
✂️ 👅 Independent Bhubaneswar Escorts Odisha Call Girls With Room Bhubaneswar ...✂️ 👅 Independent Bhubaneswar Escorts Odisha Call Girls With Room Bhubaneswar ...
✂️ 👅 Independent Bhubaneswar Escorts Odisha Call Girls With Room Bhubaneswar ...
 
Russian Call Girls New Bhubaneswar Whatsapp Numbers 9777949614 Russian Escor...
Russian Call Girls New Bhubaneswar Whatsapp Numbers 9777949614 Russian Escor...Russian Call Girls New Bhubaneswar Whatsapp Numbers 9777949614 Russian Escor...
Russian Call Girls New Bhubaneswar Whatsapp Numbers 9777949614 Russian Escor...
 
Test bank for advanced assessment interpreting findings and formulating diffe...
Test bank for advanced assessment interpreting findings and formulating diffe...Test bank for advanced assessment interpreting findings and formulating diffe...
Test bank for advanced assessment interpreting findings and formulating diffe...
 
Call Girls In Kolkata-📞7033799463-Independent Escorts Services In Dam Dam Air...
Call Girls In Kolkata-📞7033799463-Independent Escorts Services In Dam Dam Air...Call Girls In Kolkata-📞7033799463-Independent Escorts Services In Dam Dam Air...
Call Girls In Kolkata-📞7033799463-Independent Escorts Services In Dam Dam Air...
 
Nalasopara TRusted Virar-Vasai-Housewife Call Girls✔✔9833754194 Gorgeous Mode...
Nalasopara TRusted Virar-Vasai-Housewife Call Girls✔✔9833754194 Gorgeous Mode...Nalasopara TRusted Virar-Vasai-Housewife Call Girls✔✔9833754194 Gorgeous Mode...
Nalasopara TRusted Virar-Vasai-Housewife Call Girls✔✔9833754194 Gorgeous Mode...
 
Effortless Income Tax Filing Online Your Path to Financial Ease..pdf
Effortless Income Tax Filing Online Your Path to Financial Ease..pdfEffortless Income Tax Filing Online Your Path to Financial Ease..pdf
Effortless Income Tax Filing Online Your Path to Financial Ease..pdf
 
Collecting banker, Capacity of collecting Banker, conditions under section 13...
Collecting banker, Capacity of collecting Banker, conditions under section 13...Collecting banker, Capacity of collecting Banker, conditions under section 13...
Collecting banker, Capacity of collecting Banker, conditions under section 13...
 
GIFT City Overview India's Gateway to Global Finance
GIFT City Overview India's Gateway to Global FinanceGIFT City Overview India's Gateway to Global Finance
GIFT City Overview India's Gateway to Global Finance
 
Bhubaneswar🌹Kalpana Mesuem ❤CALL GIRLS 9777949614 💟 CALL GIRLS IN bhubaneswa...
Bhubaneswar🌹Kalpana Mesuem ❤CALL GIRLS 9777949614 💟 CALL GIRLS IN bhubaneswa...Bhubaneswar🌹Kalpana Mesuem ❤CALL GIRLS 9777949614 💟 CALL GIRLS IN bhubaneswa...
Bhubaneswar🌹Kalpana Mesuem ❤CALL GIRLS 9777949614 💟 CALL GIRLS IN bhubaneswa...
 

Control and Audit Information System

  • 1. LOGOwww.themegallery.com oleh : ARIF PRASETYO 11353100414 CONTROL AND AUDIT INFORMATION SYSTEM Dosen Pengampu : M. Jasman, S.Kom, M.InfoSys
  • 2. LOGOwww.themegallery.com Control & Audit by Vishnu Ap Audit is a process checks are carried out systematically to find out how the actual implementation of quality applied. The audit results will be in the documentation and periodic evaluation. Meanwhile, according to Frans m. Royan Audit aims to facilitate owners to control and avoid fraud and manipulation of data. While understanding the information systems audit is an inspection activities performed by an internal audit of the company in collecting evidence and evaluating control of the company to achieve the company's objectives and in accordance with the specified criteria. control is also called a system control means (A control is a system) in other words, is a set of interrelated components that relate to work together to accomplish a purpose or goal, legality / validity of an activity (unlawful events), and inspection.
  • 3. LOGOwww.themegallery.com 5 Accounting Information Systems Audit Cycle 1. Revienue Cycle (sales and cloction) 2. Expenditure Cycle (about how to buy goods) 3. Production Cycle (How to produce Goods) 4. HRM 5. General Regent and Reporting System
  • 4. LOGOwww.themegallery.com  Internal audit Internal audit is independent appraisal function to examine and evaluate the activities and as a service for an organization. internal auditor perform a variety of activities, including financial, operational, compliance and audit fraud. Auditors can work for your organization or tasks can be outsourced. Independence is self-imposed, but the auditor representing the interests of the organization.
  • 5. LOGOwww.themegallery.com  External vs. Internal Auditor The external auditors are outsiders while internal auditors representing the interests of the organization. Internal auditors often cooperate with and assist the external auditors in some aspects of the financial audit. Extent of cooperation depends on the independence and competence of the internal audit staff. external auditors may rely in part on evidence gathered by the internal audit department is organizationally independent and reports to the audit committee of the board of directors.
  • 6. LOGOwww.themegallery.com  The role of the Audit Committee Subcommittee of the board of directors • Usually three external members. • SOX requires at least one member must be a "financial expert". Functioning as an independent "check and balance" to the internal audit function. SOX mandates that external auditors report to the audit committee: • the employee committee and auditor fire and resolve disputes.
  • 7. LOGOwww.themegallery.com  Auditing standards statements of management and auditing purposes: 1. The existence or occurrence; Completeness; Rights and obligations; Valuation or Allocation; Presentation and Disclosure. 2. The auditor develops auditing purposes and to design audit procedures based on this statement. 3. Auditor search for material evidence corroborating the statement. 4. The auditor should determine whether internal control deficiencies and material misstatement. 5. The auditor should communicate the results of their tests, including an audit opinion.
  • 8. LOGO  Audit risk The probability that the auditor will make ineligible opinions (net) of the financial statements are, in fact, a material misstatement. the inherent risk (IR) is associated with the unique characteristics of the client's business or industry. control risk (CR) is the possibility of controlling structure is flawed because the control does not exist or is inadequate to prevent or detect errors. Detection risk (DR) is the auditor is willing to take the risk that errors are not detected or prevented by the control structure will not be detected by the auditor. components of audit risk in the model used to define the scope, nature and timing of substantive testing: audit risk model: AR = IR x CR x DR If the risk is acceptable audit is 5%, the risk of detection will depend on the planned control structure. The stronger the internal control structure, the lower the risk control and less substantive testing the auditor should do. substantive testing is labor intensive audit costs and time-consuming, which encourages and cause interference. management interests are served by a strong internal control structure. www.themegallery.com
  • 9. LOGO Internal control Management is required by law to establish and maintain an adequate system of internal controls. A brief history of the law of internal control: 1. SEC Acts of 1933 and 1934. 2. Copyright law of 1976. 3. Foreign Corrupt Practices (FCPA) in 1977 requires companies registered with the SEC to: • Keep records sufficient and fairly reflect the transactions and the company's financial position. • Maintain internal control systems which provide reasonable assurance that organizational goals are met. Committee of Sponsoring Organizations - 1992 • Sarbanes-Oxley Act of 2002 (SOX) requires management of public companies to implement an adequate system of internal controls over their financial reporting process. Under Section 302: • Managers should state the organization's internal controls quarterly and annually. • external auditors must perform certain procedures quarterly to identify modifications that control material can affect financial reporting. Section 404 requires management of public companies to access the effectiveness of internal controls in their annual reports.
  • 10. LOGOwww.themegallery.com  Internal Control System internal control system consists of policies, practices and procedures to achieve four broad objectives: Safeguard company assets. Ensure the accuracy and reliability of accounting records and information. Promoting efficiency in operations. Measuring compliance with prescribed policies and procedures management.
  • 11. LOGOwww.themegallery.com  Internal Control System internal control system consists of policies, practices and procedures to achieve four broad objectives: Safeguard company assets. Ensure the accuracy and reliability of accounting records and information. Promoting efficiency in operations. Measuring compliance with prescribed policies and procedures management.
  • 12. LOGOwww.themegallery.com  Modifying Principles management's responsibility to make laws by SOX. Goals must be achieved regardless of the data processing method used. Each system has limitations on its effectiveness including: the possibility of error, circumvention, overriding management and changing conditions. The system should provide reasonable assurance that the broad objectives are met. Costs to achieve improved control should not be greater than the benefits. Cost of material weaknesses corrected offset by gains.
  • 14. LOGOwww.themegallery.com PDC Model passive preventive control techniques designed to reduce the frequency of undesirable events occurred. more cost effective than detect and fix problems after they occur. is a detective control devices, techniques and procedures to identify and expose the undesirable events that pass preventive controls. corrective controls to correct problems identified.
  • 15. LOGOwww.themegallery.com  IT Governance Part of the corporate governance focusing on resource management and strategic IT assessment. key object to reduce risk and ensure investment in IT resources add value to the corporation. All of the company's stakeholders must be active participants in key IT decisions.
  • 16. LOGOwww.themegallery.com Control IT Governance COSO (Committee Of Sponsoring Organitation) was first made in 1992. Three issues of IT governance is handled by SOX and the COSO internal control framework: • the organizational structure of the IT function. • computer operations center. • disaster recovery planning.
  • 17. LOGOwww.themegallery.com There are 5 parts of COSO, namely: 1. Control environment 2. The risk factors 3. The information communication 4. monitoring 5. control activity, in control of this activity there are two categories, namely • in IT • physically The purpose of control is to avoid the occurrence of Error, Froud (thieves), Acess and Nischip. In 2001 there kasun EROM, which occurred between the public transport games. Sabban Oxcly has made rule of law sourch in 2002, 4 times in a year perform an audit. For membagun a company needs to be held to protect preventive control, detective and corrective controls to mendekteksi control to fix.
  • 18. LOGOwww.themegallery.com  Audit Data Base Access to data resources controlled by a database management system (DBMS). Centralize the organization's data into a common database shared by a community of users. All users have access to the data they need to overcome the problem of flat-file. Deletion of data storage problem: There is no data redundancy. Elimination of the problem of updating the data: Single update procedure eliminates a problem of information. Abolition of duty-dependency problems User data is limited only by the legitimacy of the access needs.
  • 19. LOGO  Physical database the lowest level and the only one in the physical form. Sports magnetic disk coated metal that makes a logical collection of files and records. data structure of bricks and mortar database. Allows records to be located, stored, and retrieved. Two components: organization and access methods. File organization refers to the way records are physically arranged in the storage device - either sequential or random. access method is a program used to search for records and to navigate through the database. www.themegallery.com
  • 20. LOGO  Terminology database Entity: Organization Anything want to capture data about. Record Type: physical representation of database entities. Genesis: In relation to the number of records is represented by a particular record type. Attributes: Defining entities with values different (ie each employee has a different name). Database: Set the type of record that organizations need to support their business processes. www.themegallery.com
  • 21. LOGO AUDIT INFORMATION SYSTEM BASED ON COBITFRAMEWORK www.themegallery.com Control Objectives for Information and releated Technology, or in short COBIT is a standard guide information technology management practices. COBIT IT governance is designed as a tool that helps in pemahamaan and manage the risks, benefits and evaluation related to IT. Standards issued by the COBIT IT govermance Institute which is part of ISACA. COBIT 4.0 is the latest version ..
  • 22. LOGOwww.themegallery.com COBIT Framework consists of 34 high-level control objective, which each IT grouped in four Primary Domain:
  • 23. LOGO 1. Planning and Organization Includes strategies and tactics regarding the identification of how IT can best contribute to the achievement of the organization's business objectives, forming a good organization with good technology infrastructure anyway. PO1 Difene a strategic information technology plan PO2 difine the information archicture PO3 Determine the technological direction PO4 Difene the IT organization and releationship PO5 Manage the investment in information technology PO6 Communicate management aims and direction PO7 Manage human resources PO8 Ensure compliance with external requirements PO9 Assess risks PO10 Manage Projects PO11 Manage quality www.themegallery.com
  • 24. LOGOwww.themegallery.com 2. Acquisition and Implementation Identifikassi Ti solution later in implementassikan and integrated into business processes to realize the IT strategy. AI1 Identity automated solutions AI2 Acquire and maintain application software AI3 Acquire and maintain technology infrastructure AI4 Develop and maintain IT procedure AI5 Install and accredit systems AI6 Manage Changes
  • 25. LOGOwww.themegallery.com 3. Delivery and Support Domain associated with the desired storage service, which consists of the operating system and the security aspects of business continuity up to the procurement training. DS1 Define and manage service levels DS2 manage third-party service DS3 manage performance and capacity DS4 Ensure continuous service DS5 Ensure system security DS6 Identify and allocate costs DS7 Educate and train users DS8 Assist and advise costumers DS9 manage the configuration DS10 manage problems and incidents DS11 manage the data DS12 Manage facilities DS13 Manage Operations
  • 26. LOGOwww.themegallery.com 4. Monitoring All IT processes need to be assessed regularly and periodically bagaimmana kesesuiananya the quality and control requirements. M1 monitor the process M2 Assess internal control adequacy M3 obatin independent assuarance M4 Provide for independent audit