Anda di halaman 1dari 37

Konsep Audit, Risiko, dan Pengendalian

(Kontrol) Internal
Pertemuan 1-2
Matakuliah : A0294/Audit SI Lanjutan
Tahun : 2009
Bina Nusantara University
3
Learning Outcomes
Pada akhir pertemuan ini, diharapkan mahasiswa
akan mampu:
Mahasiswa memahami konsep tentang Audit,
Risiko, dan Pengenalian Internal
Mahasiswa dapat menjelaskan keterkaitan antara
Audit, Risiko, dan Pengendalian Internal
Bina Nusantara University
4
Outline Materi
Review Pemahaman Auditing
Pengenalan Audit Sistem Informasi/ Audit TI
Audit SIA Berbasis TI
Audit IT Governance
Audit operasional bidang lain perlu data TI
Konsep Risiko dan Pengendalian Internal
Keterkaitan antara Audit, Risiko. Dan Pengendalian
Internal

Bina Nusantara University
5
Mahasiswa memperoleh Penjelasan
manfaat mata kuliah yang dipelajari
mekanisme pembelajaran
tugas kelompok/individual
bahan secara keseluruhan
hubungan dengan mata kuliah lainnya
disiplin dan aturan dalam perkuliahan
Penjelasan singkat tentang Taxonomi Bloom, learning
style dan teaching methods
Kompetensi yang diharapkan dicapai
Bina Nusantara University
6
Pemahaman
Konsep Audit
Bina Nusantara University
7
Review
Pemahaman Istilah Penting
Pengertian asersi, atestasi, audit
Alasan perlunya audit
Jenis-jenis audit & karakteristiknya
Konsep sistem, sistem informasi akuntansi, resiko,
sistem pengendalian intern dan audit
Perkembangan Teknologi dan dampaknya,
perubahan sistem/pengendalian intern/audit
Prosedur Audit secara Garis Besar
Penggunaan komputer untuk Audit
Bina Nusantara University
8
Firm & Environmet
Firm Environment misalnya: customer, vendor, partner,
creditor, Ditjen. Pajak, union (serikat sekerja), dan
sebagainya.
Ada aliran data/informasi, barang/jasa, dan uang antar
perusahan dengan stockholder dan stakeholder.
Business objective suatu perusahaan adalah
stockholder welfare.
Management (Direksi) harus akuntabel.
Bina Nusantara University
9
Model Umum Organisasi Bisnis
Stockholder/
Stakeholder
RUPS
Top
Midle Level
Supervisor Level
Clerical
Stockholder/
Stakeholder
KAP
IA
IA
Bina Nusantara University
10
Tingkatan Manajemen
Contoh: President,
CEO, executive
Contoh : Regional
manager, plant manager
Contoh : Account
manager, office
manager
Mission
Statement
Top Management
Menjelaskan tujuan
perusahaan.
Bina Nusantara University
11
Stewardship
The accountability/stewardship concept means directors
owe the responsibility to the parties who have a vested
interest in the organization. They work for and on behalf
of the stockholder/stakeholder, and need to demonstrate
competence.
Akuntanbilitas:
Kewajipan menjalankan tugas dapat dipertanggung-
jawabkan dan mengikuti aturan.
Memastikan tugas-tugas yang dilaksanakan mencapai
tujuan yang ditetapkan.

Bina Nusantara University
12
Pengertian Audit
Audit, pemeriksaan suatu organisasi/entitas/ unit
organisasi/bidang kegiatan tertentu:
oleh orang yang kompeten dan independen
dengan bukti lapangan yang cukup
Adanya standar/kriteria/aturan /acuan
membandingkan bukti dengan kriteria
membuat laporan tentang kesesuaian hal-hal tersebut
kepada pihak berkepentingan.
Bina Nusantara University
13
Definisi Audit (Umum)
Audit adalah proses pemeriksaan terhadap suatu
entitas organisasi oleh orang (-orang) yang kompeten
dan independen, dengan bahan bukti yang cukup,
membandingkan bahan bukti tersebut dengan kriteria
yang ditetapkan untuk dapat membuat laporan tentang
kesesuaian hal-hal tersebut kepada pihak yang
berkepentingan.
Bina Nusantara University
14
Definisi (IIA)

Internal Auditing is an independent, objective assurance
and consulting activity designed to add value and improve
an organizations operations.
Bina Nusantara University
15
Add value & improve organizations
operations

Internal Auditing objective to add value and
improve an organizations operations, in
accomplishing its objectives.
Bina Nusantara University
16
MENGAPA PERLU AUDIT?
MEKANISME PENGENDALIAN
Ketaatan pada peraturan dan kebijakan
MENGURANGI KERUGIAN
Kecurangan /Fraud
Inefisiensi
MENINGKATKAN KEYAKINAN/ CONFIDENCE
Menambah kredibilitas data
Mengurangi information risk
Bina Nusantara University
17
Siapa Yang Meng-Audits ?
Trained & qualified auditors
Quality Manager selects and trains internal auditors
observer on Quality Managers audits
fist audit under supervision of qualified auditor
Person independent of the activity
Bina Nusantara University
18
Quality Assurance Service
JASA ATESTASI
Audit
AGREED UPON PROCEDURES
REVIEW
EXAMINATION
JASA QA NON-ATESTASI
JASA NON-QUALITY ASSURANCE
Bina Nusantara University
19
Gambaran Menyeluruh

Quality assurance
Atestasi

Non-Atestasi

Audit

Review

Agreed
Upon

Sistem Pensiun

Tax Services
Bina Nusantara University
20
Jenis-jenis Audit
Financial Audit
General Audit
Special Audit
Operational/ Management Audit
Compliance Audit
Investigative Audit
Fraud Audit
Audit Forensic
Information Technology Audit

Bina Nusantara University
21
1. Audit Plan
4. Gather Evidence
3. Opening Meeting
5. Record Results
2. Develop Checklists
6. Closing Meeting
7. Audit Report
Prosedur Audit
Bina Nusantara University
22
Audit SI
IS auditing is the process of collecting and evaluating
evidence to determine whether information systems and
related resources, adequately safeguard assets,
maintain data and system integrity, provide relevant and
reliable information, achieve organizational goals
effectively, consume resources efficiently, and have in
effect internal controls that provide reasonable
assurance that operational and control objectives will be
met.
Bina Nusantara University
23
AUDIT SI
Bina Nusantara University
24
The Effect of
Information Technology on The Audit
Function
Bina Nusantara University
25
Risiko
Execution risks
Information Processing risks
Assets Protection risks
Performance risks
IT Security risks
Continuity of Operations risks
Bina Nusantara University
26
CHANGING INFORMATION TECHNOLOGY and its
EFFECT on AUDITING
Distributed data processing,
networking, and electronic
data interchange.
Real-Time Systems
Intelligent Systems
End-User Computing


Electronic (Internet)
Commerce
Bina Nusantara University
27
IT Governance
The process for controlling an organizations IT
resources, including information and communication
systems, and technology.
using IT to promote an organizations objectives and
enable business processes and to manage and control
IT related risks.

Bina Nusantara University
28
SOX Legislation/
SEC Rules
PCAOB No. 5
(Audit Standards for Financial
Reporting and Statements)
CobiT
(Framework for IT
Processes Management)
The IT Internal Control Systems
IT Control Objectives
for SOX
(financial reporting)
COSO
(Risk Management
Framework)
No Fraud
Limit
Access
Require
Passwords
Check for hard
Passwords
Bina Nusantara University
29
Internal Controls TI
Separation of duties
Delegation of authority and responsibility
Competent and trustworthy personnel.
System of authorizations
Adequate documents and records
Physical control over assets and records
Adequate management super-vision
Independent checks on perfor-mance
Comparing recorded accounta-bility with assets
Bina Nusantara University
30
What do IT auditors do?
Ensure IT governance by assessing risks and monitoring
controls over those risks
Works as either an internal or external IT auditor
Supports many kind of audit and assessment
(consulting) engagements
Bina Nusantara University
31
Financial vs IT Audits
IT auditors may work on financial audit engagements
IT auditors may work on every step of the financial audit
engagement
Standards, such as SAS No. 94*, guide the work of IT
auditors on financial audit engagements
IT audit work on financial audit engagements is likely to
increase as internal control evaluation becomes more
important
* SAS 94 recognizes the pervasive effects of IT on
accounting information systems and requires auditors to
consider them. It also states that computer-assisted
auditing techniques (CAATs) are needed to test
automated controls in certain types of IT environments.
Bina Nusantara University
32
IT Audit Skills
College education IS or computer science, and
accounting
Certifications CPA, CFE, CIA, CISA, CISSP, and
special technical certifications
Technical IT audit skills business processes control
and specialized IT technologies
General personal and business skills
Bina Nusantara University
33
Code of Professional Ethics

The Information Systems Audit and Control Association, Inc.
(ISACA) sets forth this Code of Professional Ethics to guide the
professional and personal conduct of members of the Association
and/or its certification holders.
Members and ISACA Certification holders shall:
1. Support the implementation of, and encourage compliance with,
appropriate standards, procedures and controls for information systems.
2. Perform their duties with due diligence and professional care, in
accordance with professional standards and best practices.
3. Serve in the interest of stakeholders in a lawful and honest manner,
while maintaining high standards of conduct and character, and not
engage in acts discreditable to the profession.

Bina Nusantara University
34
Code of Professional Ethics

5. Maintain competency in their respective fields and agree to
undertake only those activities, which they can reasonably expect to
complete with professional competence.
6. Inform appropriate parties of the results of work performed;
revealing all significant facts known to them.
7. Support the professional education of stakeholders in enhancing
their understanding of information systems security and control.

Failure to comply with this Code of Professional Ethics can result in
an investigation into a members or certification holders conduct
and, ultimately, in disciplinary measures.

Bina Nusantara University
35
Organisasi Profesi
AAA, AICPA, CICA, IFAC, IAI
IIA,
ISACA,
Assocuation of Information Systems (AIS)
Assocuation of Computing Machinery (ACE)
Bina Nusantara University
36
Information Systems Audit and Control
Association (ISACA)
Kantor Pusat ISACA di Chicago (website www.isaca.org).
ISACA adalah asosiasi profesi audit sistem informasi, didirikan
tahun 1969 (Electronics Data Processing Auditing Association,
EDPAA), tahun 1994 menjadi ISACA, kini memiliki lebih dari 160
chapters (branches atau cabang organisasi profesi) pada lebih dari
100 negara (di suatu negara mungkin terdapat lebih satu chapter,
tergantung dari banyaknya anggota).
Di Indonesia ada Jakarta chapter dibentuk tahun 1992, dipelopori
oleh dari BAKOTAN, BPK, BPKP, beberapa Kantor Akuntan Publik,
beberapa instansi pemerintah dan swasta.
Bina Nusantara University
37



The End