Presentasi sedang didownload. Silahkan tunggu

Presentasi sedang didownload. Silahkan tunggu

Sistem Pengendalian Internal. Cowboy Problems in Auditing........

Presentasi serupa


Presentasi berjudul: "Sistem Pengendalian Internal. Cowboy Problems in Auditing........"— Transcript presentasi:

1 Sistem Pengendalian Internal

2 Cowboy Problems in Auditing

3 The Cowboy after OSHA (Occupational & Safety Health Act )

4 4 The COSO Internal Control Integrated Framework  After several significant audit failures occurred during the 1980s, the Committee of Sponsoring Organizations (COSO) formed to redefine internal control and the criteria for determining the effectiveness of an internal control system.  In 1985, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) was formed to sponsor the National Commission on Fraudulent Financial Reporting, whose charge was to study and report on the factors that can lead to fraudulent financial reporting.  A significant part of this mission is aimed at developing guidance on internal control.

5 5 Defining Risk  To satisfy stakeholders, be successful and gain competitive advantage, organizations need to recognize that the achievement of their business objectives is inextricably linked to risk.  Risk is anything- internal or external - that may impede an organization from achieving its objectives.  Although the common view of risk is a negative event, risk also encompasses uncertainty and opportunity.  So the challenge to management becomes to effectively manage risk by minimizing the negative and maximizing the opportunity to achieve, or exceed, the business objectives.

6 6  In 1992, COSO published Internal Control-Integrated Framework, which established a framework for internal control and provided evaluation tools that businesses could use to evaluate their control systems. . The 1992 COSO document, Internal Control - Integrated Framework, changed the way internal control is viewed. The COSO Framework considers not only the evaluation of hard controls, like segregation of duties, but also soft controls, such as the competence and professionalism of employees.

7 7 4 pagar pengamanan Values Kualitas Pengendalian Intern Peran Internal Auditor Peran External Auditor

8 SAS 78, 1995 Mengadopsi pengertian Pengendalian internal dari laporan COSO (Committee of Sponsoring Organization) Mengadopsi pengertian Pengendalian internal dari laporan COSO (Committee of Sponsoring Organization) Internal control adalah suatu proses, dijalankan oleh dewan komisaris, managemen, dan karyawan lain dari suatu entitas, dirancang untuk memberikan jaminan memadai sehubungan dengan pencapaian tujuan dalam kategori sbb: Internal control adalah suatu proses, dijalankan oleh dewan komisaris, managemen, dan karyawan lain dari suatu entitas, dirancang untuk memberikan jaminan memadai sehubungan dengan pencapaian tujuan dalam kategori sbb: Keandalan pelaporan keuangan Keandalan pelaporan keuangan Kepatuhan terhadap undang-undang dan peraturan yang berlaku Kepatuhan terhadap undang-undang dan peraturan yang berlaku Efektivitas dan efesiensi operasional Efektivitas dan efesiensi operasional

9 Komponen Pengendalian Internal COSO says internal control consists of five interrelated components that are derived from the way management runs a business and are integrated into the management process: Control Environment Control Environment Risk Assessment Risk Assessment Control Activities Control Activities Information and communication Information and communication Monitoring Monitoring

10 Control environment. The tone of the organization influences the control consciousness of its people. Examples include the integrity, ethical values and competence of employees; management’s philosophy; and input provided by the board of directors. Control environment. The tone of the organization influences the control consciousness of its people. Examples include the integrity, ethical values and competence of employees; management’s philosophy; and input provided by the board of directors. Risk assessment. Identification and analysis of risks relevant to achieving corporate goals, determination of how such risks should be managed and implementation of a process to address risks associated with change. Risk assessment. Identification and analysis of risks relevant to achieving corporate goals, determination of how such risks should be managed and implementation of a process to address risks associated with change.

11 Control activities. Policies, procedures and processes that help ensure a company carries out management directives. Examples include approvals, verifications, reconciliations, reviews of operating performance, security of assets and segregation of duties. Control activities. Policies, procedures and processes that help ensure a company carries out management directives. Examples include approvals, verifications, reconciliations, reviews of operating performance, security of assets and segregation of duties. Information and communication. Communication within the company and with external parties such as customers, regulators and shareholders. For example, reports that contain operational, compliance or financial data or that share ideas or events across lines of business are generated from a company’s information systems. Information and communication. Communication within the company and with external parties such as customers, regulators and shareholders. For example, reports that contain operational, compliance or financial data or that share ideas or events across lines of business are generated from a company’s information systems. Monitoring. Assessing the quality of a company’s internal control systems. This is done through ongoing monitoring of activities within the business unit and an independent evaluation of existing controls by auditors. Monitoring. Assessing the quality of a company’s internal control systems. This is done through ongoing monitoring of activities within the business unit and an independent evaluation of existing controls by auditors.

12 Risiko Bawaan Risiko Pengendalian Risiko Audit Risiko Deteksi

13 13 Scoping – The COSO Framework Control ActivitiesMonitoring  Assessment of a control system’s performance over time  Combination of ongoing and separate evaluation  Management and supervisory activities  Internal audit activities Information & Communication  Pertinent information identified, captured and communicated in a timely manner  Access to internally and externally generated information  Flow of information that allows for successful control actions from instructions on responsibilities to summary of findings for management action Control Environment  Sets tone of organization, influencing control consciousness of its people  Factors include integrity, ethical values, competence, authority, responsibility, organization structure, HR policies and IT control environment  Foundation for all other components of control  Policies/procedures that ensure management directives are carried out  Range of activities including approvals, authorizations, verifications, recommendations, performance reviews, asset security and segregation of duties Risk Assessment  Risk assessment is the identification and analysis of relevant risks to achieving the entity’s objectives – forming the basis for determining control activities

14 14 Risk Assessment Process

15 15 Anti-Fraud Provisions  The SEC’s rules relating to management’s reports on internal control include commentary on the background of the rules and insight on how the rules should be interpreted and implemented, including: –The assessment of a company’s internal control over financial reporting must be based on procedures sufficient both to evaluate its design and to test its operating effectiveness. Controls subject to such assessment include, but are not limited to: …controls related to the prevention and detection of fraud.  In addition to the SEC guidance, the PCAOB, in its Auditing Standards #2, has stated the following: –That management's responsibility when designing a company's internal control over financial reporting is to design and implement programs and controls to prevent, deter, and detect fraud. –Management, along with those who have responsibility for oversight of the financial reporting process (such as the audit committee), should set the proper tone; create and maintain a culture of honesty and high ethical standards; and establish appropriate controls to prevent, deter, and detect fraud.

16 16

17 Perolehan Pemahaman Pengendalian Internal Metodologi audit untuk memenuhi standar pekerjaan lapangan kedua: Metodologi audit untuk memenuhi standar pekerjaan lapangan kedua: Pemahaman cukup atas komponen-komponen pengendalian internal untuk merencanaan audit Pemahaman cukup atas komponen-komponen pengendalian internal untuk merencanaan audit Penilaian risiko kontrol untuk setiap asersi penting yang ada dlam saldo akun atau kelompok transaksi dan komponen pengungkapan dari laporan keuangan Penilaian risiko kontrol untuk setiap asersi penting yang ada dlam saldo akun atau kelompok transaksi dan komponen pengungkapan dari laporan keuangan Perancangan pengujian substantif untuk setiap asersi penting elemen laporan keuangan Perancangan pengujian substantif untuk setiap asersi penting elemen laporan keuangan

18 Dokumentasi Pemahaman Angket (questionnaires) Angket (questionnaires) Rangkaian pertanyaan ya/tidak tentang pengendalian internal yang diperlukan untuk mencegah salahsaji material Rangkaian pertanyaan ya/tidak tentang pengendalian internal yang diperlukan untuk mencegah salahsaji material Bagan alir Bagan alir Diagram sistematik dg memakai simbol standar, garis penghubung dan penjelasan Diagram sistematik dg memakai simbol standar, garis penghubung dan penjelasan Tabel keputusan Tabel keputusan Matriks yang digunakan mendokumentasikan logika program komputer Matriks yang digunakan mendokumentasikan logika program komputer Memoranda Memoranda Komentar tertulis auditor tentang pengendalian internal Komentar tertulis auditor tentang pengendalian internal


Download ppt "Sistem Pengendalian Internal. Cowboy Problems in Auditing........"

Presentasi serupa


Iklan oleh Google