14

PEMERIKSAAN AKUTANSI
DAMPAK TI TERHADAP AUDIT
YULAZRI M.AK., CA., CPA
FAK EKONOMI & BISNIS
VISI DAN MISI UNIVERSITAS ESA UNGGUL
Materi Sebelum UTS
PENGANTAR AUDIT
AUDIT PROSES
TANGGUNG JAWAB DAN TUJUAN AUDIT
BUKTI AUDIT
KERTAS KERJA PEMERIKSAAN
STANDAR AUDIT
LAPORAN AUDIT
Materi Setelah UTS
MATERIALITAS DAN AUDIT RISK
INTERNAL CONTROL
PENILAIAN IC DAN TEST IC
PERENCANAAN DAN AUDIT PROGRAM
KODE ETIK PROFESI
KEWAJIBAN HUKUM

DAMPAK TI PADA PROSES AUDIT

KEMAMPUAN AKHIR YANG DIHARAPKAN

 Mahasiswa memahami tahapan proses

audit.

 Mahasiswa memahami proses perencanaan

audit.
 Mahasiswa dapat menggunakan aplikasi
dasar dari analisa laporan keuangan
(analytical review)
 Proses/tahapan
audit

previous
Field Reporting
Planning
work

new
Risk Reporting
Risk respond
 Perencanaan
audit
Audit should be plan
 Basic Computer Architecture
 Central Processing Unit (CPU)
 Main Memory
 (RAM) (volatile memory)
 Turn-off the computer and it forgets
 Disk Drive
 non-volatile (persistent) memory
 Maintains data across shutdowns
 Data Files
 Temporary Files
 Registry Entries
 Unallocated Space
 Swap Space
 Log Files
 Email
Computer Forensic
Requirements
l Hardware
• Familiarity with all internal and
external devices/components of a
computer

• Thorough understanding of hard

drives and settings

• Understanding motherboards and

the various chipsets used

• Power connections

• Memory
 TI DAN AKUNTANSI
• Teknologi informasi (TI) berfungsi untuk
meningkatkan efektifitas dan efisiensi serta
kualitas proses bisnis, termasuk di dalamnya
proses akuntansi.

• Teknologi informasi berpengaruh besar terhadap

pendekatan dan proses audit laporan keuangan.

• Auditor harus memahami keunggulan dan

kelemahan TI.
How Information Technologies
Enhance Internal Control
Computer controls
replace manual
controls

Higher-quality
information is
available
 TI DAN SISTEM PENGENDALIAN

• TI mengantikan pengendalian manual yang cenderung

kurang efektif dan kurang efisien.

• TI meningkatkan keunggulan kualitas pengolahan data

dari sisi:
– Kemampuannya memproses transaksi yang
komplek dalam jumlah yang besar secara efektif
dan efisien.
– Konsistensi dalam proses pengolahan data.
– Kemampuannya menjamin keandalan proses
pengolahan data.
 TI DAN SISTEM PENGENDALIAN

• TI menggantikan pemisahan fungsi

konvensional.
• TI menurunkan peluang kecurangan (fraud).
• TI meningkatkan keunggulan kualitas informasi
dari sisi: ketepatan waktu, keakuratan
informasi, kemudahan akses, serta
kemampuan adaptasi dengan kebutuhan
pengguna informasi (customizing).

Halaman
 Assessing Risks of
Information Technologies
 Risks to hardware and data

 Reduced audit trail

 Need for IT experience and

separation of IT duties
 RISIKO PENGGUNAKAN TI

Saat ini TI bukan lagi pilihan, tapi keharusan.

Risiko yang harus diperhatikan antara lain:
• Kerusakan file data dan informasi karena
rusaknya hardware/software.
• Kerusakan proses yang sangat masif
yang tidak dapat diketahui dengan
segera.
• Ketergantungan yang tinggi terhadap
fungsi hardware/software.
Halaman
Risks to Hardware and Data

Reliance on Unauthorized
hardware and access
software

Systematic
vs.
Data loss random errors
 RISIKO PENGGUNAAN TI
• Kerusakan sistematis vs random, pada saat proses
manual digantikan dengan TI, kerusakan random
karena human errors dapat diturunkan, tetapi
kerusakan sistematis justru bisa meningkat.
• Unauthorized access. Akses online terhadap data
elektronik berpotensi meningkatkan risiko akses tanpa
otorisasi.
• Loss of data. Data elektronik yang rata-rata disimpan
terpusat dalam data base, meningkatkan risiko
kerusakan atau hilangnya keseluruhan data.
• Need for IT experience. Penggunaan TI memerlukan
staf yang memahami dan mampu memanfaatkan
Halaman
keunggulan TI
 PENGENDALIAN TI
• General controls (pengendalian umum).
Adalah sistem pengendalian untuk seluruh
aspek fungsi TI, mencakup: administrasi
TI, pemisahan fungsi TI, pengembangan
TI, pengamanan akses fisik dan online
terhadap hardware/software/data, backup
data, dan perencanaan kontinjensi untuk
situasi emerjensi.
Auditor harus mengevaluasi
pengendalian umum untuk keseluruhan
TI dalam organisasi.
Halaman
 PENGENDALIAN TI
• Aplication controls (pengendalian aplikasi). Adalah
sistem pengendalian untuk program aplikasi yang
digunakan untuk memproses transaksi, seperti
pengendalian untuk sistem penjualan dan penerimaan
kas.

Auditor harus mengevaluasi pengendalian aplikasi

untuk setiap kategori transaksi atau akun, karena
pengendalian aplikasi bisa jadi berbeda-beda
untuk setiap kategori transaksi atau akun.

Halaman
 Reduced Audit Trail

Visibility of
audit trail

Lack of
traditional Detection risk
authorization

Reduced
human
involvement
Need for IT Experience and
Separation of Duties
 Reduced separation of duties

 Need for IT experience

Internal Controls Specific to
Information Technology
Information technology controls

Application General
controls controls
Relationship Between General
and Application Controls
 Control activities

– Kebijakan dan prosedur yang

membantu menjamin pengarahan
managemen dilaksanakan
 Control Activities
• Pemisahan Tugas
• Pengendalian Pengolahan
Informasi
– General Control
– Application Control
• Pengendalian Pisik
• Review Kinerja
• Pemisahan Tugas:
– seseorang tidak boleh melakukan tugas
yang tidak kompatibel
– Pemisahan tugas pelaksana, pencatatan,
dan penyimpanan aset dari suatu transaksi
– Pemisahan bagian IT dengan Pengguna
– Pemisahan dalam bagian IT:
• Pengembangan sistem
• Operation
• Data control
• Securities administration
• Information Processing Control
• General Control
– Pengendalian organisasi dan
operasional
– Pengendalian pengembangan sistem
dan dokumentasi
– Pengendalian perangkat keras dan
lunak
– Pengendalian akses
– Pengendalian data dan prosedural
• Application Control
 Physical Control

• Direct physical control

• Indirect physical control
• Penghitungan berkala terhadap
aset
 Information and
communication:
– Idenfikasi, perekaman, dan
pertukaran informasi dalam rerangka
bentuk dan waktu yang
memungkinkan orang menjalankan
tanggungjawabnya
Information and Communication
• Transaksi
– Hanya transakasi valid
– Seluruh transaksi
– Hak dan kewajiban
– Pengukuran
– Cukup detail
• Audit atau transaction trail
• Dokumen dan catatan
Categories of General and
Application Controls
Administration of the IT Function

The perceived importance of IT within an

organization is often dictated by the attitude of
the board of directors and senior management.
Segregation of IT Duties
Systems Development
Typical test
strategies

Pilot testing Parallel testing

 Physical and Online Security

Online Controls:
 User ID control
 Password control
 Separate add-on
security software
Physical Controls:
 Keypad entrances
 Badge-entry systems
 Security cameras
 Security personnel
 Backup and Contingency
Planning
Offsite storage of critical files is a key
element to a backup and contingency plan
 Hardware Controls

These controls are built into computer

equipment by the manufacturer to
detect and report equipment failures.
 Application Controls

Application controls are designed for each

software application

Input Output
controls controls

Processing
controls
 Aplication control

– Pengendalian Input
– Pengendalian Proses
– Pengendalian Output
 Aplication control
• Input Control
– Otorisasi
– Konversi Data Input
• Verification Control
• Computer Editing: missing data check,
valid character check, limit
(reasonable) check, valid sign check,
valid code check, check digit)
– Koreksi Kesalahan
• Processing Control
– Control totals
– File identification labels
– Limit and reasonableness checks
– Before-and-after report
– Sequence test
– Process tracing data
• Output control: hasil benar dan
hanya orang yang berhak yang
memperoleh hasilnya
– Reconciliation of totals
– Comparioson to source document
– Visual scanning
 Input Controls

These controls are designed by an

organization to ensure that the
information being processed is
authorized, accurate, and complete.
 Batch Input Controls

Financial total Total for all

records in a batch

Total of codes
Hash total from all batch
records

Total of records
Record count
in a batch
 Processing Controls
Correct file,
Validation test database, or program?
Correct
Sequence test processing order?
Arithmetic Accuracy of
accuracy test processed data?
Data reasonableness Data exceeds
test preset amounts?
Completeness
Completeness test of record fields?
 Output Controls

These controls focus on detecting errors

after processing is completed rather
than on preventing errors.
Impact of Information Technology on
the Audit Process
 Effects of general controls on system-wide
applications
 Effects of general controls on software changes
 Obtaining an understanding of client
general controls
 Relating IT controls to transaction-related
audit objectives
 Effect of IT controls on substantive testing
Auditing in IT Environments with
Varied Complexity
Audit around
LESS the computer
Smaller IT controls
companies < effective

Audit though
MORE the computer
Parallel
Test data
simulation
Auditing Around and Through
the Computer
 Test Data Approach

1. Test data should include all relevant

conditions that the auditor wants tested.

2. Application programs tested by the

auditors’ test data must be the same as
those the client used throughout the year.

3. Test data must be eliminated from the

client’s records.
 Test Data Approach
Input test
transactions to test
key control
procedures

Application programs Transaction files

Master files (assume batch system) (contaminated?)

Control test
Contaminated results
master files
 Test Data Approach

Control test
results

Auditor-predicted results
Auditor makes of key control procedures
comparisons based on an understanding
of internal control

Differences between
actual outcome and
predicted result
 Parallel Simulation

The auditor uses auditor-controlled software

to perform parallel operations to the client’s
software by using the same data files.
 Parallel Simulation
Production Master
transactions file

Auditor-prepared Client application

program system programs

Auditor Client
results results

Auditor makes comparisons between Exception report

client’s application system output and noting differences
the auditor-prepared program output
Embedded Audit Module
Approach

Auditor inserts an audit module in the

client’s application system to identify
specific types of transactions.
Embedded Audit Module
Approach
 Issues for Different IT
Environments
Network Database
Environments Management
Systems

Outsourced e-Commerce
IT systems
 KEUNGGULAN TI

• Reduced human involvement

(penurunan keterlibatan manusia), proses
bisnis menjadi lebih efisien dan tidak
dibatasi dengan waktu.
• Lack of traditional authorization
(penghilangan otorisasi manual), otorisasi
tersebar luas, proses bisnis lebih cepat
dan lebih efisien.
• Reduced separation of duties, proses
bisnis menjadi lebih sederhana,
Halaman
birokrasi
Pengendalian Umum vs Aplikasi
Risiko Pengubahan Risiko Benturan
Software Aplikasi Tanpa Otorisasi Antar Sub Sistem

Pengendalian
Aplikasi
Penerimaan Kas
Pengendalian Pengendalian
Aplikasi Aplikasi
Penjualan Penggajian
Pengendalian
Aplikasi
Siklus Lainnya
Risiko Pengubahan
Master File Tanpa
Otorisasi Risiko Proses
PENGENDALIAN UMUM Tanpa Otorisasi

Halaman