Presentasi sedang didownload. Silahkan tunggu

Presentasi sedang didownload. Silahkan tunggu

Information Technology Controls Pertemuan 11-12 Matakuliah: F0174 / Audit Laporan Keuangan Berbasis Komputer Tahun: 2008.

Presentasi serupa


Presentasi berjudul: "Information Technology Controls Pertemuan 11-12 Matakuliah: F0174 / Audit Laporan Keuangan Berbasis Komputer Tahun: 2008."— Transcript presentasi:

1

2 Information Technology Controls Pertemuan Matakuliah: F0174 / Audit Laporan Keuangan Berbasis Komputer Tahun: 2008

3 Bina Nusantara Top Management Control

4 Bina Nusantara Pengendalian oleh pimpinan tertinggi: Senior manajemen di perusahaan bertanggungjawab terhadap fungsi sistem informasi berhadapan dengan banyak tantangan, seperti perkembangan hardware dan software Pimpinan manajemen harus dapat mengantisipasi implikasi perkembangan teknologi terhadap fungsi sistem informasi dengan melihat perkembangan 1.Planning 2.Organizing 3.Leading 4.Controlling 4

5 Bina Nusantara Evaluating The Palnning Function Top manajemen harus membuat master plan untuk bagian sistem informasi yang meliputi 3 tugas: 1.Mengetahui kesempatan dan masalah yg dihadapi 2.Mengidentifikasi sumber daya yang diperlukan 3.Membuat strategi dan taktik yang diperlukan untuk peroleh sumber daya

6 Bina Nusantara Jenis perencanaan: Jangka Panjang: 1.Current Information Assesment 2.Strategic Direction 3.Development STartegic Jangka Pendek: 1.Progress Report 2.Initiatives to be undertaken 3.Implementation Scheduler

7 Bina Nusantara Need for a Contingency Approach to Planning Perencanaan sisfo melibatkan banyak bagian organisasi. Hal yang mendasari perencaan bagian organisasi meliputi 2 faktor: 1.Strategi penting yang ada pad aportofolio sekarang dan yang sedang berjalan 2.Strategi penting yang ada dalam portofolio sisfo yang akan digunakan pada masa yang akan datang

8 Bina Nusantara Evaluating Organization Function Fungsi pengorganisasian adalah menemukan, mengalokasikan dan mendapatkan sumberdaya yang diperlukan untuk mencapai tujuan serta ditetapkan pada fungsi perencanaan. Beberapa fungsi pada pengorganisasian yang harus dipertimbangkan bagi manajemen adalah: 1.Resorcing the information Systems Function 2.Staffing the Information System Function 3.Centralization Versus Decentralization of the Information System Function. 4.Internal organization of Information System Function 5.Location of the Information Systems Function

9 Bina Nusantara Evaluating The Leading Function Kepemimpinan sistem manajemen yang kompleks yang dibuat untuk mempengaruhi tingkah laku individu atau group individu. Proses kepemimpinan untuk mencapai tujuan diharapkan mempertimbangkan: 1.Motivating Information System Personel 2.Matching Leadership Styles with Information System Personel 3.Effectively Communicating with Information System Personel

10 Bina Nusantara Evaluating The Controlling Function Fungsi kontrol adalah melakukan perbandingan antara hasil yang dicapai sesungguhnya dengan yang direncanakan. Beberapa hal yang dipertimbangkan dalam pengendalian: 1.Overall Controll of Information System Function 2.Technology Diffution and Controll of of Information System Function 3.Controll of Information System Function 4.Control of user of Information System Function

11 Bina Nusantara Management pengembangan sistem bertanggungjawab terhadap fungsi analisa, disain, pengembangan, implementasi dan maintenance sistem informasi. Dalam banyak hal manajer menempatkan fungsi ini sebagai karya seni walapun telah banyak bimbingan prkatis yang disediakan tapi hasil kerja pengembangan sistem sistem yang baik tetap saja tergantung pada wawasan intuisi dan pengalaman setiap individu sistem analis dan desainer. System development Management Controll 11

12 Bina Nusantara Pendekatan yang digunakan saat mengaudit sub sistem pengembangan sistem: 1.Approaches to Auditing Systems Development 2.Evaluating The Major Phases In The Systems Development Process

13 Bina Nusantara Approaches to Auditing Systems Development Pendekatan untuk mengaudit pengembangan sistem Ada tiga tipe yang dilakukan auditor terhadap proses pengembangan sistem yaitu: 1.Concurent audit 2.Postimplementation audit 3.General Audit

14 Bina Nusantara Evaluating The Major Phases In The Systems Development Process Terdapat 13 fase pengembangan sistem yang harus dievaluasi dan dikontrol auditor: 1.Problem/oportunity definition 2.Management of the change process 3.Entry and feasibility assesment (penilaian) 4.Analysis of existing system 5.Formulation of strategic requirement 6.Organizational and job design 7.Information processing systems design 8.Application software acquisition and development 9.Hardware/system software acquisition 10.Procedure Development 11.Acceptance testing 12.Conversion 13.Operatin and Maintenance

15 Bina Nusantara Programing Management Controls

16 Bina Nusantara Cara cara yang dipergunakan untuk memimpin pengembangan atau pembelian software yang bermutu tinggi terdapat beberapa fase: 1. The Program Development Life Cycle: Untuk mengembangkan atau membeli dan untuk mengimplementasikan program berkualita 2. Organizing The Programing Team Cara yang dipergunakan untuk mengorganisasi programer akan mempengaruhi nkualitas dari software yang dihasilkan

17 Bina Nusantara The Program Development Life Cycle Karakteristik program berkualitas: 1.Fungsinya tepat & lengkap 2.Memiliki high quality user interface 3.Bekerja dengan efisien 4.Disain & dokumentasi baik 5.Gampang untuk di maintain 6.Tangguh menghadapi keadaan yang tidak normal 6 pedoman untuk fase pengembangan program life cucle: 1.Planning 2.Control 3.Design 4.Coding 5.Testing 6.Operation and maintenance

18 Bina Nusantara Organizing The Programing Team Terdapat 3 cara pengelolaan programer: 1.Chief Programer Team Organisasi sederhana dengan fokus pada fungsi kontrol yang tersentralisasi 2.Adaptive Team model struktur programer, jumlah personalnya sedikit 3.Controlled Decentralized Teams Struktur yang menggunakan junior progrmaer yang berada dibawah koordinasi senior programer yang bertindak sebagai pemimpin proyek

19 Bina Nusantara Data resource management controls

20 Bina Nusantara security management controls

21 Bina Nusantara operation management controls

22 Bina Nusantara Quality assurance management controls

23 Bina Nusantara Business Risk: Likehood that an organization will not achieve its business goals and objectives. Both internal & External factor can contribute to the chances of this occurance Risk may emerge from the external environment, such as the risk of a poor economy. Other risks could rise internally. Identifying Information Technology Controls 23

24 Bina Nusantara The Risk Management Process Identify IT Risk

25 Bina Nusantara Audit Risk Audit Risk is the likehood that an organization’s external auditor makes a mistake when issuing an opinion attesting to the fairness of its financial statements or that an IT auditor fails to uncover a material error or fraud. Audit Risk = Inherent Risk (IR) Likehood of material errors or fraud inherent in the business environment Control Risk (CR) Likehood that The internal control System will not Prevent or detect Material errors or Fraud on A timely basis Detection Risk (DR) Likehood that Audit procedures Will not detect Material errors or Fraud on A timely basis XX

26 Bina Nusantara COSO : (Committee of Sponsoring Organization) of Treadway Commission Internal Control  is a process, effected by the entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: 1.Reliability of financial reporting 2.Compliance with applicable laws and regulations 3.Effectiveness and efficiency of operation Identifying Information Technology Controls

27 Bina Nusantara COSO Components of Internal Control Control environment Risk assessment Control activities Information and communication Monitoring

28 Bina Nusantara Quality Control Standards To using internal financial and operational controls, many organizations have sought to improve public confidance in their products and processes by adopting quality control standards. ISO9000: The international Organization for Standardization (ISO). Organization introduce ISO9000, 9001, 9002 and Six Sigma ISO900 forces managers to document processes. Doing so may lead to process or product improvement, but that’s incidental to certification. Six Sigma, on the other hand, represents a standardized approach to process improvement. The term “Six Sigma” refers to a statistical level, implying that tolerance of defects in quality should be controlled to less than six deviation from customer specifications or 3,4 defects per million instances.

29 Bina Nusantara Steps in the Six Sigma DMAIC Methodology Define Measure Analyse Improve Control Define customers, processes and Boundary Project Measure current process performance Analyse data to identify defect causes and oppurtunities For improvement Improve processes and prevent problems Control and monitor improvements

30 Bina Nusantara IT auditor use many tools to document their understanding of IT controls These tools include: 1.Narrative description 2.Flowcharts, DFD (Grafis method) 3.Internal control questionare Documenting Information Technology Controls 30

31 Bina Nusantara Documenting AIS Graphic representation of business processes / events Communication –High light main components of processes –Relatively easy to understand by all parties –Understanding existing systems –Designing new systems –Easier to compare processes Forces discipline (if done correctly) SAS 94 suggests them, particularly for complex processes

32 Bina Nusantara Universal Modeling Language (UML) Designed for use in Object Oriented design and development –Can be used to document any system –Not the only choice, but popular and flexible Like a map UML: –Is Visual –Uses standard symbols to convey information –Is usually prepared by experts but can be read by anyone –Can provide high or low levels of detail (globe vs. map of OSU campus)

33 Bina Nusantara Data-Flow Diagrams A data-flow diagram shows the physical and logical flows of data through a transaction processing system without regard to the time period when each occurs Physical devices that transform data are not used in the logical diagrams Because of the simplified focus, only four symbols are needed

34 Bina Nusantara Symbols used in Data Flow Diagrams A square represents an external data source or data destination. The latter is also called a sink A circle (or bubble) indicates an entity or a process that changes or transforms data –A bubble can either be an internal entity in a physical DFD or a process in a logical DFD An open-ended rectangle or a set of parallel lines represents a store or repository of data –The file may represent a view or a portion of a larger entity-wide data base A line with an arrow indicates the direction of the flow of data

35 Bina Nusantara Physical DFDs A Physical DFD documents the physical structure of an existing system. It answers questions such as Where an entity works, How an entity works, the work is done by Whom, etc. Given the very “physical” focus of a physical DFD, it changes whenever the entities, technology used to implement the system, etc. changes Physical DFDs have no lower levels This limitation makes physical DFDs cumbersome to work with, and usually of limited value

36 Bina Nusantara Logical Data flow diagrams are usually drawn in levels that include increasing amounts of detail A top level (or high-level) DFD that provides an overall picture of an application or system is called a context diagram A context diagram is then decomposed, or broken down, into successively lower levels of detail

37 Bina Nusantara Logical DFDs - II Logical Data flow diagrams document the processes in an existing or proposed system (What tasks) Because the logic of a system changes infrequently, relative to its physical nature, a logical DFD will remain relatively constant over time Logical Data flow diagrams typically have levels below the level-0 diagram

38 Bina Nusantara The Hierarchy of Data-Flow Diagrams

39 Bina Nusantara A Context Diagram Customer Cash Receipts Process Bank Payment DepositDataflows (Interfaces) Process bubble }Boundary (border between a system and its environment) Relevant Environment comprised of External Entities This is a flow connecting a system with its environment

40 Bina Nusantara Diagram Components Customer Server Kitchen Staff Cashier Manager Register Event A Event BEvent C Event D Event E Event F T: Table 1 D: (paid) F: File 1 S: (completed) D: (completed) D = document Start of Process Events/Triggers End of Process Swimlanes: Separation based on role Sequence (triggers) Document/ Report Data flows Files (tables) Status

41 Bina Nusantara Validation Data


Download ppt "Information Technology Controls Pertemuan 11-12 Matakuliah: F0174 / Audit Laporan Keuangan Berbasis Komputer Tahun: 2008."

Presentasi serupa


Iklan oleh Google