Control and Audit Information System

LOGOwww.themegallery.com
oleh :
ARIF PRASETYO
11353100414
CONTROL AND AUDIT INFORMATION SYSTEM
Dosen Pengampu : M. Jasman, S.Kom, M.InfoSys

Control & Audit
by Vishnu Ap Audit is a process checks are carried out systematically to find out
how the actual implementation of quality applied. The audit results will be in the
documentation and periodic evaluation. Meanwhile, according to Frans m. Royan
Audit aims to facilitate owners to control and avoid fraud and manipulation of data.
While understanding the information systems audit is an inspection activities
performed by an internal audit of the company in collecting evidence and
evaluating control of the company to achieve the company's objectives and in
accordance with the specified criteria.
control is also called a system control means (A control is a system) in other words,
is a set of interrelated components that relate to work together to accomplish a
purpose or goal, legality / validity of an activity (unlawful events), and inspection.

5 Accounting Information Systems Audit Cycle
1. Revienue Cycle (sales and cloction)
2. Expenditure Cycle (about how to buy goods)
3. Production Cycle (How to produce Goods)
4. HRM
5. General Regent and Reporting System

 Internal audit
Internal audit is independent appraisal function to examine and evaluate the
activities and as a service for an organization. internal auditor perform a
variety of activities, including financial, operational, compliance and audit
fraud. Auditors can work for your organization or tasks can be outsourced.
Independence is self-imposed, but the auditor representing the interests of the
organization.

 External vs. Internal Auditor
The external auditors are outsiders while internal auditors representing
the interests of the organization. Internal auditors often cooperate with
and assist the external auditors in some aspects of the financial audit.
Extent of cooperation depends on the independence and competence of
the internal audit staff. external auditors may rely in part on evidence
gathered by the internal audit department is organizationally independent
and reports to the audit committee of the board of directors.

 The role of the Audit Committee
Subcommittee of the board of directors
• Usually three external members.
• SOX requires at least one member must be a "financial expert".
Functioning as an independent "check and balance" to the
internal audit function.
SOX mandates that external auditors report to the audit
committee:
• the employee committee and auditor fire and resolve disputes.

 Auditing standards
statements of management and auditing purposes:
1. The existence or occurrence; Completeness; Rights and obligations; Valuation
or Allocation; Presentation and Disclosure.
2. The auditor develops auditing purposes and to design audit procedures based
on this statement.
3. Auditor search for material evidence corroborating the statement.
4. The auditor should determine whether internal control deficiencies and material
misstatement.
5. The auditor should communicate the results of their tests, including an audit
opinion.

LOGO
 Audit risk
The probability that the auditor will make ineligible opinions (net) of the financial statements are,
in fact, a material misstatement. the inherent risk (IR) is associated with the unique
characteristics of the client's business or industry. control risk (CR) is the possibility of
controlling structure is flawed because the control does not exist or is inadequate to prevent or
detect errors. Detection risk (DR) is the auditor is willing to take the risk that errors are not
detected or prevented by the control structure will not be detected by the auditor. components
of audit risk in the model used to define the scope, nature and timing of substantive testing:
audit risk model: AR = IR x CR x DR
If the risk is acceptable audit is 5%, the risk of detection will depend on the planned control
structure.
The stronger the internal control structure, the lower the risk control and less substantive testing
the auditor should do.
substantive testing is labor intensive audit costs and time-consuming, which encourages and cause
interference.
management interests are served by a strong internal control structure.
www.themegallery.com

LOGO
Internal control
Management is required by law to establish and maintain an adequate system of internal controls.
A brief history of the law of internal control:
1. SEC Acts of 1933 and 1934.
2. Copyright law of 1976.
3. Foreign Corrupt Practices (FCPA) in 1977 requires companies registered with the SEC to:
• Keep records sufficient and fairly reflect the transactions and the company's financial position.
• Maintain internal control systems which provide reasonable assurance that organizational goals
are met.
Committee of Sponsoring Organizations - 1992
• Sarbanes-Oxley Act of 2002 (SOX) requires management of public companies to implement an
adequate system of internal controls over their financial reporting process. Under Section 302:
• Managers should state the organization's internal controls quarterly and annually.
• external auditors must perform certain procedures quarterly to identify modifications that control
material can affect financial reporting.
Section 404 requires management of public companies to access the effectiveness of internal
controls in their annual reports.

 Internal Control System
internal control system consists of policies, practices and
procedures to achieve four broad objectives:
Safeguard company assets.
Ensure the accuracy and reliability of accounting records and
information.
Promoting efficiency in operations.
Measuring compliance with prescribed policies and procedures
management.

 Modifying Principles
management's responsibility to make laws by SOX.
Goals must be achieved regardless of the data processing method used.
Each system has limitations on its effectiveness including: the possibility of
error, circumvention, overriding management and changing conditions.
The system should provide reasonable assurance that the broad objectives are
met.
Costs to achieve improved control should not be greater than the benefits.
Cost of material weaknesses corrected offset by gains.

LOGO
PDC Model

PDC Model
passive preventive control techniques designed to reduce the frequency of
undesirable events occurred.
more cost effective than detect and fix problems after they occur.
is a detective control devices, techniques and procedures to identify and
expose the undesirable events that pass preventive controls.
corrective controls to correct problems identified.

 IT Governance
Part of the corporate governance focusing on resource
management and strategic IT assessment.
key object to reduce risk and ensure investment in IT
resources add value to the corporation.
All of the company's stakeholders must be active
participants in key IT decisions.

Control IT Governance
COSO (Committee Of Sponsoring Organitation) was first made in 1992. Three
issues of IT governance is handled by SOX and the COSO internal control
framework:
• the organizational structure of the IT function.
• computer operations center.
• disaster recovery planning.

There are 5 parts of COSO, namely:
1. Control environment
2. The risk factors
3. The information communication
4. monitoring
5. control activity, in control of this activity there are two categories, namely
• in IT
• physically
The purpose of control is to avoid the occurrence of Error, Froud (thieves), Acess and
Nischip.
In 2001 there kasun EROM, which occurred between the public transport games.
Sabban Oxcly has made rule of law sourch in 2002, 4 times in a year perform an audit.
For membagun a company needs to be held to protect preventive control, detective and
corrective controls to mendekteksi control to fix.

 Audit Data Base
Access to data resources controlled by a database
management system (DBMS).
Centralize the organization's data into a common database
shared by a community of users.
All users have access to the data they need to overcome the
problem of flat-file.
Deletion of data storage problem: There is no data
redundancy.
Elimination of the problem of updating the data: Single
update procedure eliminates a problem of information.
Abolition of duty-dependency problems User data is limited
only by the legitimacy of the access needs.

LOGO
 Physical database
the lowest level and the only one in the physical form.
Sports magnetic disk coated metal that makes a logical collection of files and
records.
data structure of bricks and mortar database.
Allows records to be located, stored, and retrieved.
Two components: organization and access methods.
File organization refers to the way records are physically arranged in the
storage device - either sequential or random.
access method is a program used to search for records and to navigate through
the database.

LOGO
 Terminology database
Entity: Organization Anything want to capture data about.
Record Type: physical representation of database entities.
Genesis: In relation to the number of records is represented by a particular
record type.
Attributes: Defining entities with values different (ie each employee has a
different name).
Database: Set the type of record that organizations need to support their
business processes.

LOGO
AUDIT INFORMATION SYSTEM BASED ON COBITFRAMEWORK
Control Objectives for Information and releated
Technology, or in short COBIT is a standard guide
information technology management practices. COBIT IT
governance is designed as a tool that helps in pemahamaan
and manage the risks, benefits and evaluation related to IT.
Standards issued by the COBIT IT govermance Institute
which is part of ISACA. COBIT 4.0 is the latest version ..

COBIT Framework consists of 34 high-level control objective,
which each IT grouped in four Primary Domain:

LOGO
1. Planning and Organization
Includes strategies and tactics regarding the identification of how IT can best contribute
to the achievement of the organization's business objectives, forming a good
organization with good technology infrastructure anyway.
PO1 Difene a strategic information technology plan
PO2 difine the information archicture
PO3 Determine the technological direction
PO4 Difene the IT organization and releationship
PO5 Manage the investment in information technology
PO6 Communicate management aims and direction
PO7 Manage human resources
PO8 Ensure compliance with external requirements
PO9 Assess risks
PO10 Manage Projects
PO11 Manage quality

2. Acquisition and Implementation
Identifikassi Ti solution later in implementassikan and
integrated into business processes to realize the IT strategy.
AI1 Identity automated solutions
AI2 Acquire and maintain application software
AI3 Acquire and maintain technology infrastructure
AI4 Develop and maintain IT procedure
AI5 Install and accredit systems
AI6 Manage Changes

3. Delivery and Support
Domain associated with the desired storage service, which consists of the operating
system and the security aspects of business continuity up to the procurement
training.
DS1 Define and manage service levels
DS2 manage third-party service
DS3 manage performance and capacity
DS4 Ensure continuous service
DS5 Ensure system security
DS6 Identify and allocate costs
DS7 Educate and train users
DS8 Assist and advise costumers
DS9 manage the configuration
DS10 manage problems and incidents
DS11 manage the data
DS12 Manage facilities
DS13 Manage Operations

4. Monitoring
All IT processes need to be assessed regularly and periodically bagaimmana
kesesuiananya the quality and control requirements.
M1 monitor the process
M2 Assess internal control adequacy
M3 obatin independent assuarance
M4 Provide for independent audit

Control and Audit Information System

More Related Content

What's hot

Viewers also liked

Similar to Control and Audit Information System

Recently uploaded

Control and Audit Information System