Presentasi sedang didownload. Silahkan tunggu

Presentasi sedang didownload. Silahkan tunggu

Information Technology Controls Pertemuan 11-12

Diterbitkan olehSuharto Kusnadi Telah diubah "8 tahun yang lalu

Presentasi serupa

Presentasi berjudul: "Information Technology Controls Pertemuan 11-12"— Transcript presentasi:

1

2 Information Technology Controls Pertemuan 11-12
Matakuliah : F0174 / Audit Laporan Keuangan Berbasis Komputer Tahun : 2008 Information Technology Controls Pertemuan 11-12

3 Top Management Control
Bina Nusantara

4 Pengendalian oleh pimpinan tertinggi:
Senior manajemen di perusahaan bertanggungjawab terhadap fungsi sistem informasi berhadapan dengan banyak tantangan, seperti perkembangan hardware dan software Pimpinan manajemen harus dapat mengantisipasi implikasi perkembangan teknologi terhadap fungsi sistem informasi dengan melihat perkembangan Planning Organizing Leading Controlling 4 Bina Nusantara

5 Evaluating The Palnning Function
Top manajemen harus membuat master plan untuk bagian sistem informasi yang meliputi 3 tugas: Mengetahui kesempatan dan masalah yg dihadapi Mengidentifikasi sumber daya yang diperlukan Membuat strategi dan taktik yang diperlukan untuk peroleh sumber daya Bina Nusantara

6 Jenis perencanaan: Jangka Panjang: Jangka Pendek:
Current Information Assesment Strategic Direction Development STartegic Jangka Pendek: Progress Report Initiatives to be undertaken Implementation Scheduler Bina Nusantara

7 Need for a Contingency Approach to Planning
Perencanaan sisfo melibatkan banyak bagian organisasi. Hal yang mendasari perencaan bagian organisasi meliputi 2 faktor: Strategi penting yang ada pad aportofolio sekarang dan yang sedang berjalan Strategi penting yang ada dalam portofolio sisfo yang akan digunakan pada masa yang akan datang Bina Nusantara

8 Evaluating Organization Function
Fungsi pengorganisasian adalah menemukan, mengalokasikan dan mendapatkan sumberdaya yang diperlukan untuk mencapai tujuan serta ditetapkan pada fungsi perencanaan. Beberapa fungsi pada pengorganisasian yang harus dipertimbangkan bagi manajemen adalah: Resorcing the information Systems Function Staffing the Information System Function Centralization Versus Decentralization of the Information System Function. Internal organization of Information System Function Location of the Information Systems Function Bina Nusantara

9 Evaluating The Leading Function
Kepemimpinan sistem manajemen yang kompleks yang dibuat untuk mempengaruhi tingkah laku individu atau group individu. Proses kepemimpinan untuk mencapai tujuan diharapkan mempertimbangkan: Motivating Information System Personel Matching Leadership Styles with Information System Personel Effectively Communicating with Information System Personel Bina Nusantara

10 Evaluating The Controlling Function
Fungsi kontrol adalah melakukan perbandingan antara hasil yang dicapai sesungguhnya dengan yang direncanakan. Beberapa hal yang dipertimbangkan dalam pengendalian: Overall Controll of Information System Function Technology Diffution and Controll of of Information System Function Controll of Information System Function Control of user of Information System Function Bina Nusantara

11 System development Management Controll
Management pengembangan sistem bertanggungjawab terhadap fungsi analisa, disain, pengembangan, implementasi dan maintenance sistem informasi. Dalam banyak hal manajer menempatkan fungsi ini sebagai karya seni walapun telah banyak bimbingan prkatis yang disediakan tapi hasil kerja pengembangan sistem sistem yang baik tetap saja tergantung pada wawasan intuisi dan pengalaman setiap individu sistem analis dan desainer. 11 Bina Nusantara

12 Approaches to Auditing Systems Development
Pendekatan yang digunakan saat mengaudit sub sistem pengembangan sistem: Approaches to Auditing Systems Development Evaluating The Major Phases In The Systems Development Process Bina Nusantara

13 Approaches to Auditing Systems Development
Pendekatan untuk mengaudit pengembangan sistem Ada tiga tipe yang dilakukan auditor terhadap proses pengembangan sistem yaitu: Concurent audit Postimplementation audit General Audit Bina Nusantara

14 Evaluating The Major Phases In The Systems Development Process
Terdapat 13 fase pengembangan sistem yang harus dievaluasi dan dikontrol auditor: Problem/oportunity definition Management of the change process Entry and feasibility assesment (penilaian) Analysis of existing system Formulation of strategic requirement Organizational and job design Information processing systems design Application software acquisition and development Hardware/system software acquisition Procedure Development Acceptance testing Conversion Operatin and Maintenance Bina Nusantara

15 Programing Management Controls
Bina Nusantara

16 Cara cara yang dipergunakan untuk memimpin pengembangan atau pembelian software yang bermutu tinggi terdapat beberapa fase: 1. The Program Development Life Cycle: Untuk mengembangkan atau membeli dan untuk mengimplementasikan program berkualita 2. Organizing The Programing Team Cara yang dipergunakan untuk mengorganisasi programer akan mempengaruhi nkualitas dari software yang dihasilkan Bina Nusantara

17 The Program Development Life Cycle
Karakteristik program berkualitas: Fungsinya tepat & lengkap Memiliki high quality user interface Bekerja dengan efisien Disain & dokumentasi baik Gampang untuk di maintain Tangguh menghadapi keadaan yang tidak normal 6 pedoman untuk fase pengembangan program life cucle: Planning Control Design Coding Testing Operation and maintenance Bina Nusantara

18 Organizing The Programing Team
Terdapat 3 cara pengelolaan programer: Chief Programer Team Organisasi sederhana dengan fokus pada fungsi kontrol yang tersentralisasi Adaptive Team model struktur programer, jumlah personalnya sedikit Controlled Decentralized Teams Struktur yang menggunakan junior progrmaer yang berada dibawah koordinasi senior programer yang bertindak sebagai pemimpin proyek Bina Nusantara

19 Data resource management controls
Bina Nusantara

20 security management controls
Bina Nusantara

21 operation management controls
Bina Nusantara

22 Quality assurance management controls
Bina Nusantara

23 Identifying Information Technology Controls
Business Risk: Likehood that an organization will not achieve its business goals and objectives. Both internal & External factor can contribute to the chances of this occurance Risk may emerge from the external environment, such as the risk of a poor economy. Other risks could rise internally. 23 Bina Nusantara

24 The Risk Management Process
Identify IT Risk Identify IT Risk Identify IT Risk Identify IT Risk Bina Nusantara

25 Audit Risk Audit Risk is the likehood that an organization’s external auditor makes a mistake when issuing an opinion attesting to the fairness of its financial statements or that an IT auditor fails to uncover a material error or fraud. Inherent Risk (IR) Likehood of material errors or fraud inherent in the business environment Control Risk (CR) Likehood that The internal control System will not Prevent or detect Material errors or Fraud on A timely basis Detection Risk (DR) Likehood that Audit procedures Will not detect Material errors or Fraud on A timely basis Audit Risk = X X Bina Nusantara

26 Identifying Information Technology Controls
COSO : (Committee of Sponsoring Organization) of Treadway Commission Internal Control is a process, effected by the entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: Reliability of financial reporting Compliance with applicable laws and regulations Effectiveness and efficiency of operation Bina Nusantara

27 COSO Components of Internal Control
Control environment Risk assessment Control activities Information and communication Monitoring Bina Nusantara

28 Quality Control Standards
To using internal financial and operational controls, many organizations have sought to improve public confidance in their products and processes by adopting quality control standards. ISO9000: The international Organization for Standardization (ISO). Organization introduce ISO9000, 9001, 9002 and 9003. Six Sigma ISO900 forces managers to document processes. Doing so may lead to process or product improvement, but that’s incidental to certification. Six Sigma, on the other hand, represents a standardized approach to process improvement. The term “Six Sigma” refers to a statistical level, implying that tolerance of defects in quality should be controlled to less than six deviation from customer specifications or 3,4 defects per million instances. Bina Nusantara

29 Steps in the Six Sigma DMAIC Methodology
Define Define customers, processes and Boundary Project Measure Measure current process performance Analyse Analyse data to identify defect causes and oppurtunities For improvement Improve Improve processes and prevent problems Control Control and monitor improvements Bina Nusantara

30 Documenting Information Technology Controls
IT auditor use many tools to document their understanding of IT controls These tools include: Narrative description Flowcharts, DFD (Grafis method) Internal control questionare 30 Bina Nusantara

31 Documenting AIS Graphic representation of business processes / events
Communication High light main components of processes Relatively easy to understand by all parties Understanding existing systems Designing new systems Easier to compare processes Forces discipline (if done correctly) SAS 94 suggests them, particularly for complex processes Bina Nusantara

32 Universal Modeling Language (UML)
Designed for use in Object Oriented design and development Can be used to document any system Not the only choice, but popular and flexible Like a map UML: Is Visual Uses standard symbols to convey information Is usually prepared by experts but can be read by anyone Can provide high or low levels of detail (globe vs. map of OSU campus) Bina Nusantara

33 Data-Flow Diagrams A data-flow diagram shows the physical and logical flows of data through a transaction processing system without regard to the time period when each occurs Physical devices that transform data are not used in the logical diagrams Because of the simplified focus, only four symbols are needed Bina Nusantara

34 Symbols used in Data Flow Diagrams
A square represents an external data source or data destination. The latter is also called a sink A circle (or bubble) indicates an entity or a process that changes or transforms data A bubble can either be an internal entity in a physical DFD or a process in a logical DFD An open-ended rectangle or a set of parallel lines represents a store or repository of data The file may represent a view or a portion of a larger entity-wide data base A line with an arrow indicates the direction of the flow of data Bina Nusantara

35 Physical DFDs A Physical DFD documents the physical structure of an existing system. It answers questions such as Where an entity works, How an entity works, the work is done by Whom, etc. Given the very “physical” focus of a physical DFD, it changes whenever the entities, technology used to implement the system, etc. changes Physical DFDs have no lower levels This limitation makes physical DFDs cumbersome to work with, and usually of limited value Bina Nusantara

36 Logical Data flow diagrams are usually drawn in levels that include increasing amounts of detail
A top level (or high-level) DFD that provides an overall picture of an application or system is called a context diagram A context diagram is then decomposed, or broken down, into successively lower levels of detail Bina Nusantara

37 Logical DFDs - II Logical Data flow diagrams document the processes in an existing or proposed system (What tasks) Because the logic of a system changes infrequently, relative to its physical nature, a logical DFD will remain relatively constant over time Logical Data flow diagrams typically have levels below the level-0 diagram Bina Nusantara

38 The Hierarchy of Data-Flow Diagrams
Bina Nusantara

39 A Context Diagram Process bubble Customer Relevant Environment
comprised of External Entities Payment Cash Receipts Process }Boundary (border between a system and its environment) Bank Dataflows (Interfaces) Deposit This is a flow connecting a system with its environment Bina Nusantara

40 Diagram Components Start of Process Document/ Report D = document
Events/Triggers Customer Event A Event D Server Event B Event C D: (completed) Sequence (triggers) Kitchen Staff Status Swimlanes: Separation based on role S: (completed) Cashier Event E Files (tables) Manager Event F Data flows D: (paid) End of Process Register Bina Nusantara F: File 1 T: Table 1

41 Validation Data Bina Nusantara

Download ppt "Information Technology Controls Pertemuan 11-12"

Presentasi serupa

Tahapan information engineering

Tahapan information engineering
Applied Information System Project Management

Applied Information System Project Management
DISCLOSURE AND TRANSPARENCY

DISCLOSURE AND TRANSPARENCY
Information Systems, Organizations, and Strategy

Information Systems, Organizations, and Strategy
Managing Software Requirements (manajemen kebutuhan perangkat lunak)

Managing Software Requirements (manajemen kebutuhan perangkat lunak)
Panduan Audit Sistem Informasi

Panduan Audit Sistem Informasi
Manajemen Risiko Strategi Risiko Reaktif & Proaktif

Manajemen Risiko Strategi Risiko Reaktif & Proaktif
RENCANA PENGEMBANGAN PERANGKAT LUNAK (RPPL)

RENCANA PENGEMBANGAN PERANGKAT LUNAK (RPPL)
Analisis dan Perancangan Sistem

Analisis dan Perancangan Sistem
Control Objectives for Information and related Technology

Control Objectives for Information and related Technology
Learning Outcomes Pada akhir pertemuan ini, diharapkan mahasiswa akan mampu : Mahasiswa dapat membuat diagram / skema untuk assessment setiap tahap pengembangan.

Learning Outcomes Pada akhir pertemuan ini, diharapkan mahasiswa akan mampu : Mahasiswa dapat membuat diagram / skema untuk assessment setiap tahap pengembangan.
Roesfiansjah Rasjidin Program Studi Teknik Industri Fakultas Teknik – Univ. Esa Unggul.

Roesfiansjah Rasjidin Program Studi Teknik Industri Fakultas Teknik – Univ. Esa Unggul.
Pert. 4. Mengapa harus memiliki strategi IS/IT?

Pert. 4. Mengapa harus memiliki strategi IS/IT?
KONSEP STRATEGI BISNIS DAN IMPLIKASINYA PADA STRATEGI IS/IT

KONSEP STRATEGI BISNIS DAN IMPLIKASINYA PADA STRATEGI IS/IT
WaterfallPrototyping RAD Incremental Prototyping Pendekatan SDLC.

WaterfallPrototyping RAD Incremental Prototyping Pendekatan SDLC.
STANDAR PEKERJAAN LAPANGAN: Perencanaan dan Supervisi

STANDAR PEKERJAAN LAPANGAN: Perencanaan dan Supervisi
PENGANTAR AKUNTANSI MANAJEMEN

PENGANTAR AKUNTANSI MANAJEMEN
Pertemuan 25 EVALUASI DAN MANAJEMEN PROYEK Matakuliah: S0174/Evaluasi dan Manajemen Proyek Tahun: 2006 Versi: 1.

Pertemuan 25 EVALUASI DAN MANAJEMEN PROYEK Matakuliah: S0174/Evaluasi dan Manajemen Proyek Tahun: 2006 Versi: 1.
1 Pertemuan 12 Pengkodean & Implementasi Matakuliah: T0234 / Sistem Informasi Geografis Tahun: 2005 Versi: 01/revisi 1.

1 Pertemuan 12 Pengkodean & Implementasi Matakuliah: T0234 / Sistem Informasi Geografis Tahun: 2005 Versi: 01/revisi 1.
BEST PRACTICES MANAJEMEN RISIKO 5/31/2013Resista Vikaliana,S.Si. MM 1.

BEST PRACTICES MANAJEMEN RISIKO 5/31/2013Resista Vikaliana,S.Si. MM 1.

Presentasi serupa

Iklan oleh Google