PENGENDALIAN DAN SISTEM INFORMASI AKUNTANSI Internal Audit Core Skill Course

GANGGUAN PADA SISTEM INFORMASI AKUNTANSI Klasifikasi gangguan: Kesalahan pada software dan tidak berfungsinya peralatan, seperti : Kegagalan hardware Kesalahan atau terdapat kerusakan pada software, kegagalan sistem operasi, gangguan dan fluktuasi listrik. Serta kesalahan pengiriman data yang tidak terdeteksi. Gangguan lingkungan Gempa bumi Bencana alam Listrik Kesalahan manusia Kesalahan operasional Kesalahan data Kesalahan yang tidak disengaja : kecerobohan Kesalahan yang disengaja : Sabotase, Penipuan komputer ,Penggelapan Internal Audit Core Skill Course

Tinjauan menyeluruh konsep-konsep pengendalian Apakah definisi dari pengendalian internal itu ? Pengendalian internal adalah rencana organisasi dan metode bisnis yang dipergunakan untuk menjaga aset, memberikan informasi yang akurat dan andal, mendorong dan memperbaiki efisiensi jalannya organisasi, serta mendorong kesesuaian dengan kebijakan yang telah ditetapkan.

Framework for Internal Control over Financial Reporting (ICoFR)

COSO – Internal Control Integrated Framework (“The Framework) COSO singkatan dari Committee of Sponsoring Organizations of the Treadway Commission. Sejarahnya, COSO berkaitan dengan Foreign Corrupt Practices Act (FCPA) yang dikeluarkan SEC dan US Congress di tahun 1977 untuk melawan fraud dan korupsi yang marak terjadi di Amerika tahun 70-an. Perbedaannya adalah FCPA merupakan inisiatif dari eksekutif-legislatif sedangkan COSO lebih merupakan inisiatif dari sektor swasta.

COSO – Internal Control Integrated Framework (“The Framework) Sektor swasta ini membentuk ‘National Commission on Fraudulent Financial Reporting’ atau dikenal juga dengan ‘The Treadway Commission’ di tahun 1985. Komisi ini disponsori oleh 5 professional association yaitu: American Accounting Association (AAA) American Institute of Certified Public Accountants (AICPA) Institute of Internal Auditors (IIA) Institute of Management Accountants (IMA) Financial Executives Institute (FEI) Tujuan komisi ini adalah melakukan riset mengenai fraud dalam pelaporan keuangan (fraudulent on financial reporting) dan membuat rekomendasi2 yang terkait dengannya untuk perusahaan publik, auditor independen, SEC, dan institusi pendidikan.

COSO – Internal Control over Financial Reporting – Guidance for Smaller Public Companies Komisi ini mengeluarkan report pertamanya pada 1987. Isi reportnya di antaranya adalah merekomendasikan dibuatnya report komprehensif tentang pengendalian internal (integrated guidance on internal control). Sehingga dibentuk COSO, yang kemudian bekerjasama dengan Coopers & Lybrand dalam membuat laporan tersebut.

COSO – Internal Control over Financial Reporting – Guidance for Smaller Public Companies Coopers & Lybrand mengeluarkan report pada 1992, dengan perubahan minor pada 1994, dengan judul ‘Internal Control – Integrated Framework’. Report ini berisi definisi umum internal control dan membuat framework untuk melakukan penilaian (assessment) dan perbaikan (improvement) atas internal control. Kegunaan dari report ini salah satunya adalah untuk mengevaluasi FCPA compliance di suatu perusahaan.

COSO – Internal Control over Financial Reporting – Guidance for Smaller Public Companies Komisi ini mengeluarkan report pertamanya pada 1987. Isi reportnya di antaranya adalah merekomendasikan dibuatnya report komprehensif tentang pengendalian internal (integrated guidance on internal control), yang kemudian dibentuk COSO untuk bekerjasama dengan Coopers & Lybrand untuk membuat report itu. Coopers & Lybrand mengeluarkan report tersebut pada 1992, dengan perubahan minor pada 1994, dengan judul ‘Internal Control – Integrated Framework’. Report ini berisi definisi umum internal control dan membuat framework untuk melakukan penilaian (assessment) dan perbaikan (improvement) atas internal control. Kegunaan dari report ini salah satunya adalah untuk mengevaluasi FCPA compliance di suatu perusahaan.

COSO – Internal Control over Financial Reporting – Guidance for Smaller Public Companies Poin penting dalam report COSO ‘Internal Control – Integrated Framework’ (1992) : Definisi internal control menurut COSO Suatu proses yang dijalankan oleh dewan direksi, manajemen, dan staff, untuk membuat reasonable assurance mengenai: Efektifitas dan efisiensi operasional Reliabilitas pelaporan keuangan Kepatuhan atas hukum dan peraturan yang berlaku

COSO – Internal Control over Financial Reporting – Guidance for Smaller Public Companies Menurut COSO framework, Internal control terdiri dari 5 komponen yang saling terkait, yaitu: Control Environment Risk Assessment Control Activities Information and communication Monitoring

Viewing Internal Control as Integrated Process All five components of internal control set forth in the Framework (Control Environment, Risk Assessment, Control Activities, Information and Communication, and Monitoring) are important to achieving the objective of reliable financial reporting. Each of the Framework’s five components should not be viewed as an “end in itself.” Rather the components should be viewed as an integrated system working together to reduce risk to reliable financial reporting to an acceptable level.

Basic Principles related to Control Environment Integrity and ethical values are developed and understood Board of directors understand and exercise oversight Management philosophy and operating style support internal control Organizational structure supports internal control Articulates values, monitors adherence, addresses deviations Define authorities, operates independently, monitors risks, retains financial reporting expertise, oversees quality and reliability and oversees audit activities Set the tone, influences attitudes towards accounting principles and estimates and articulates objectives. Establishes lines of financial reporting and establishes structure Financial Reporting Competencies are retained Authorities and responsibilities are assigned Human resources policies and practices facilitate internal control Identifies competencies retains individuals and evaluates competencies Defines responsibilities and limits authorities Establishes human resource practices, recruits and retains, adequately trains and evaluates performance and compensates

Basic Principles related to Risk Assessment Identify Financial Reporting Objectives Identify and Analyze Financial Reporting Risks Identify and Assess the Risk of Fraud as it affects the Company Complies with GAAP, supports information disclosures, reflects company activities, is supported by relevant financial statement assertions and considers materiality Includes business processes, personnel and information technology, involves appropriate levels of management, considers both internal and external factors, estimates likelihood and impact and triggers reassessment Considers incentives and pressures, risk factors and establishes responsibilities and accountability

Basic Principles related to Control Activities Control Activities integrate with risk assessment Control Activities are selected and developed Policies are established and communicated and result in management directives being carried out Information Technology Controls are designed and implemented Mitigates risks, considers all significant points of entry into the company’s G/L and information technology Considers range of activities, includes preventive and detective controls, segregates duties and considers cost vs benefit Integrates into business processes establishes responsibility and authority occurs on a timely basis thoughtfully implements, investigates exceptions and periodically reassess Includes applications controls considers general computers operations and includes end user computing

Basic Principles related to Information and Communication Financial Reporting Information is identified, captured, used and distributed Internal control information is identified, captured, used and distributed Internal Communication supports execution of internal control Matters affecting achievements objectives are communicated (External Communication) Captures data includes financial information uses internal and external sources includes operating information and maintains quality Captures data triggers and resolutions and update and maintain quality Communications with personnel and board includes separate communication lines and accesses information Provides input and independently assesses

Basic Principles related to Monitoring Ongoing and/or separate evaluations enable management to determine function of internal control Internal Control deficiencies are identified and communicated Integrates with operations provides objectives assessment, uses knowledgeable personnel considers feedback adjusts scope and frequency Reports findings and deficiencies and corrects on a timely basis

Designing and Implementing Cost Effective ICoFR It is a Journey ... RISK ASSESSMENT CONTROL ENVIRONMENT Identify and analyze risks to achievement of financial reporting objectives Determine which risks could result in a material misstatement to financial statements Determine how each of the other components, both separately and together, support reliable financial reporting Implement and operate control environment, setting the tone of the Company A High-Level of Assurance Financial Reporting Refine financial reporting objectives based on changes potentially impacting the business MONITORING INFORMATION & COMMUNICATION CONTROL ACTIVITIES Implement and operate monitoring activities to help ensure that controls continue to operate properly over time Implement and operate information and communication to support internal control Implement and operate control environment, using a range of activities to reduce risk to objectives