Anda di halaman 1dari 11

Catherine Hardy

School of Financial Studies, Charles Sturt University, Wagga Wagga, New Southv Wales, Australia
Robert Reeve
PPAK
School of Economic and Financial Studies, Macquarie University, Sydney, New South Wales, Australia 31

Wu and Hahn's control-complexity/control-point orientation for computer information


system (CIS) audits: an empirical test in an electronic data interchange (EDI) environment

INFORMATION

RECEIVER

SENDER
INFORMATION

CONTROL

Anugerah Septian P-Abyan Perdana Putra-Hanna Christina-Wida Cintya Dewi-Widya Ramadhani-Pangi Suryadi
WHAT IS EDI?
PPAK
31

PAPERLESS

Electronic data interchange atau EDI adalah Transmisi data dalam


bentuk yang terstruktur dan dapat dibaca mesin secara langsung
dari komputer ke komputer di antara beberapa perusahan
COMPONEN OF EDI
PPAK
31
WHAT IS COMPUTER INFORMATION SYSTEM (CIS)?
PPAK
31

sistem pengolah data menjadi sebuah informasi yang berkualitas


dan dipergunakan untuk suatu alat bantu pengambilan keputusan
yang berbasis pada komputer.
WHAT IS CIS (Computer Information System) AUDIT?
PPAK
31

Is an examination of the system control within an information


technology infrastructure
AUDIT IMPLICATION TO EDI
PPAK
31

Eliminasi of the traditional paper trail is one of the major driving forces
behind the introduction of EDI. Tetapi untuk auditor audit trail masih
dibutuhkan untuk bisa menindak lanjuti dari ketidaksepahaman akan data
dan meyakinkan setiap pemeriksaan. Data yang dibutuhkan disimpan
dalam format tertenTu dan untuk jangka waktu tertentu untuk keperluan:
1. Satisfy legal and audit requirements
2. Provide accountability
3. Enable follow ups error or arbitrate in the event of dispute
4. Facilities reconciliation of charges
PPAK
31

Control sistem reliabel :


Objektif
Akurat
kelengkapan
Keamanan
Mudah di audit
Terukur
Terlindungi

As shown in Figure 2, the control subsystem is tightly coupled with the input,
process and output subsystems to ensure that reliable and accurate information is
produced. Management and auditors seek to provide assurance of reliable
information by confirming the operation of adequate and reliable control systems. A
reliable control system fulfils the control objectives of accuracy, completeness,
security, auditability, timeliness and recoverability of information within the
management/ organisational framework. A consensus between management and
auditors as to what is a reliable control system and the areas of concern that need
to be examined has become more important with the continuing evolution of
corporate governance practices
THE AUDIT OF ADVANCED CIS SYSTEMS
audit harus focus pada area utama dengan melakukan PPAK
31
monitoring sebagai indikator peringatan dan menggunakan
program penilaian resiko yang terintegrasi.

The Evaluation Of Internal Control

Inheren Control Control


Risk Risk Structure

Control risk was considered as a net concept because it looks at


the control ability to reduce inherent risk. Control structure risk
reflected the evaluator's informed impression of the organisation's
maximum potential ``net'' exposure to inherent risk posed by a
specified threat and was distinguishable from control risk in that
control structure risk considers all internal and external control that
exists to the threat. In comparison, control risk focuses on a single
control and ignores downstream'' controls.
This alternative approach to auditing advanced CIS systems based on a broader control PPAK
31
concept requires the auditor to adopt five distinctive auditing concepts, namely: (audit
approach wu han)

1. all controls (including general and application controls) must be viewed


as a set of interrelated controls and must be integrated into a structure;

2. a control perspective must be taken to determine the complexity of the


accounting system;

3. control-point processing steps, at which CIS controls are relied on, must
be identified to ensure the completeness and accuracy of information;

4. use of worksheets to document the evaluation of the CIS environment,


flow of transactions and assessment of user and CIS controls; and

5. control risk must be assessed.


PPAK
31

the unique characteristics of EDI systems


create compatible incentives for management
and auditors to work together in designing and
monitoring a well controlled environment to
minimising the risk of errors and irregularitys.
PPAK
31

THANKYOU FOR YOUR


ATTENTION!!!