Information Technology Controls Pertemuan 11-12

Slides:



Advertisements
Presentasi serupa
Tahapan information engineering
Advertisements

Applied Information System Project Management
DISCLOSURE AND TRANSPARENCY
Information Systems, Organizations, and Strategy
Managing Software Requirements (manajemen kebutuhan perangkat lunak)
Panduan Audit Sistem Informasi
Manajemen Risiko Strategi Risiko Reaktif & Proaktif
RENCANA PENGEMBANGAN PERANGKAT LUNAK (RPPL)
Analisis dan Perancangan Sistem
Control Objectives for Information and related Technology
Learning Outcomes Pada akhir pertemuan ini, diharapkan mahasiswa akan mampu : Mahasiswa dapat membuat diagram / skema untuk assessment setiap tahap pengembangan.
Roesfiansjah Rasjidin Program Studi Teknik Industri Fakultas Teknik – Univ. Esa Unggul.
Pert. 4. Mengapa harus memiliki strategi IS/IT?
KONSEP STRATEGI BISNIS DAN IMPLIKASINYA PADA STRATEGI IS/IT
WaterfallPrototyping RAD Incremental Prototyping Pendekatan SDLC.
STANDAR PEKERJAAN LAPANGAN: Perencanaan dan Supervisi
PENGANTAR AKUNTANSI MANAJEMEN
Pertemuan 25 EVALUASI DAN MANAJEMEN PROYEK Matakuliah: S0174/Evaluasi dan Manajemen Proyek Tahun: 2006 Versi: 1.
1 Pertemuan 12 Pengkodean & Implementasi Matakuliah: T0234 / Sistem Informasi Geografis Tahun: 2005 Versi: 01/revisi 1.
BEST PRACTICES MANAJEMEN RISIKO 5/31/2013Resista Vikaliana,S.Si. MM 1.
Sistem Pengendalian Internal
1 INTRODUCTION Pertemuan 1 s.d 2 Matakuliah: A0554/Analisa dan Perancangan Sistem Informasi Akuntansi Tahun: 2006.
Process Modeling Tsutomu Ono, Abdul Munif Japan International Cooperation Agency 1.
Introduction.  Proses manajemen untuk mengidentifikasi, mengantisipasi dan memuaskan kebutuhan pelanggan secara menguntungkan  Pemasaran adalah proses.
Manajemen Mutu Proyek (Manajemen Kualitas)
Accounting Information Systems: An Overview BAB 1 PERTEMUAN 1 -2 SIA-UMBY.
SIKLUS PENGEMBANGAN SISTEM INFORMASI
Management Control Framework (1-2)
Pengelolaan Proyek Sistem Informasi
Manajemen Mutu Proyek (Manajemen Kualitas)
Software Engineering Process
Chapter 6 Foundations of Business Intelligence: Databases and Information Management.
ANALISA SISTEM ( ANALYSIS SYSTEM )
Pert. 16. Menyimak lingkungan IS/IT saat ini
Accounting Information Systems: An Overview
Management Information Systems (Chapter 2)
Notasi Object Oriented System
Support System IT Putri Taqwa Prasetyaningrum,S.T.,M.T.
IT AUDITS IT audits: pemeriksaan terhadap proses atau data yang melekat dengan teknologi informasi. Berkaitan dengan internal, external, dan fraud audits.
PEMILIHAN SISTEM.
Pertemuan #3 Data Modeling Using the Entity-Relationship Model
Perancangan Basis Data
Software Engineering Rekayasa Perangkat Lunak
KEWAJIBAN PARA PUBLIC RELATIONS (TOUR OF DUTY) Pertemuan 3
Manajemen Mutu Proyek Muhammad Rachmadi.
Bab 9 Menggunakan Data Flow Diagrams
REKAYASA PERANGKAT LUNAK
SQA Team.
IMPLEMENTASI & TESTING E-BISNIS Pertemuan 10
Siklus Hidup Pengembangan Sistem (System Development Life Cycle)
Dasar-Dasar Sistem Informasi
Master data Management
Manajemen Mutu Proyek Muhammad Rachmadi.
ROOT CAUSE ANALYSIS.
Pengendalian Internal Dr Rilla Gantino, SE., AK., MM
Manajemen Resiko Proyek
SISTEM INFORMASI MANAJEMEN
4 plan.
System Development Life Cycle
Manajemen Mutu Proyek (Manajemen Kualitas)
Resista Vikaliana,S.Si. MM
ANALISA SISTEM ( ANALYSIS SYSTEM )
Business Modeling By: U. Abd. Rohim, MT
SIKLUS PENGEMBANGAN SISTEM INFORMASI
ANALISA SISTEM ( ANALYSIS SYSTEM )
SIKLUS PENGEMBANGAN SISTEM INFORMASI
ISA Implementation Support Module Prepared by IAASB Staff October 2010 Materiality, Misstatements and Reporting − Part II.
SISTEM PENUNJANG KEPUTUSAN UNTUK SISTEM INFORMASI MANAJEMEN.
Building Information Systems
A SHORT ESSAY OF CIVIL ENGINEERING BY : ALFATIHATU RAHMI CIVIL ENGINEERING ENGINEERING FACULTY ANDALAS UNIVERSITY PADANG.
Transcript presentasi:

Information Technology Controls Pertemuan 11-12 Matakuliah : F0174 / Audit Laporan Keuangan Berbasis Komputer Tahun : 2008 Information Technology Controls Pertemuan 11-12

Top Management Control Bina Nusantara

Pengendalian oleh pimpinan tertinggi: Senior manajemen di perusahaan bertanggungjawab terhadap fungsi sistem informasi berhadapan dengan banyak tantangan, seperti perkembangan hardware dan software Pimpinan manajemen harus dapat mengantisipasi implikasi perkembangan teknologi terhadap fungsi sistem informasi dengan melihat perkembangan Planning Organizing Leading Controlling 4 Bina Nusantara

Evaluating The Palnning Function Top manajemen harus membuat master plan untuk bagian sistem informasi yang meliputi 3 tugas: Mengetahui kesempatan dan masalah yg dihadapi Mengidentifikasi sumber daya yang diperlukan Membuat strategi dan taktik yang diperlukan untuk peroleh sumber daya Bina Nusantara

Jenis perencanaan: Jangka Panjang: Jangka Pendek: Current Information Assesment Strategic Direction Development STartegic Jangka Pendek: Progress Report Initiatives to be undertaken Implementation Scheduler Bina Nusantara

Need for a Contingency Approach to Planning Perencanaan sisfo melibatkan banyak bagian organisasi. Hal yang mendasari perencaan bagian organisasi meliputi 2 faktor: Strategi penting yang ada pad aportofolio sekarang dan yang sedang berjalan Strategi penting yang ada dalam portofolio sisfo yang akan digunakan pada masa yang akan datang Bina Nusantara

Evaluating Organization Function Fungsi pengorganisasian adalah menemukan, mengalokasikan dan mendapatkan sumberdaya yang diperlukan untuk mencapai tujuan serta ditetapkan pada fungsi perencanaan. Beberapa fungsi pada pengorganisasian yang harus dipertimbangkan bagi manajemen adalah: Resorcing the information Systems Function Staffing the Information System Function Centralization Versus Decentralization of the Information System Function. Internal organization of Information System Function Location of the Information Systems Function Bina Nusantara

Evaluating The Leading Function Kepemimpinan sistem manajemen yang kompleks yang dibuat untuk mempengaruhi tingkah laku individu atau group individu. Proses kepemimpinan untuk mencapai tujuan diharapkan mempertimbangkan: Motivating Information System Personel Matching Leadership Styles with Information System Personel Effectively Communicating with Information System Personel Bina Nusantara

Evaluating The Controlling Function Fungsi kontrol adalah melakukan perbandingan antara hasil yang dicapai sesungguhnya dengan yang direncanakan. Beberapa hal yang dipertimbangkan dalam pengendalian: Overall Controll of Information System Function Technology Diffution and Controll of of Information System Function Controll of Information System Function Control of user of Information System Function Bina Nusantara

System development Management Controll Management pengembangan sistem bertanggungjawab terhadap fungsi analisa, disain, pengembangan, implementasi dan maintenance sistem informasi. Dalam banyak hal manajer menempatkan fungsi ini sebagai karya seni walapun telah banyak bimbingan prkatis yang disediakan tapi hasil kerja pengembangan sistem sistem yang baik tetap saja tergantung pada wawasan intuisi dan pengalaman setiap individu sistem analis dan desainer. 11 Bina Nusantara

Approaches to Auditing Systems Development Pendekatan yang digunakan saat mengaudit sub sistem pengembangan sistem: Approaches to Auditing Systems Development Evaluating The Major Phases In The Systems Development Process Bina Nusantara

Approaches to Auditing Systems Development Pendekatan untuk mengaudit pengembangan sistem Ada tiga tipe yang dilakukan auditor terhadap proses pengembangan sistem yaitu: Concurent audit Postimplementation audit General Audit Bina Nusantara

Evaluating The Major Phases In The Systems Development Process Terdapat 13 fase pengembangan sistem yang harus dievaluasi dan dikontrol auditor: Problem/oportunity definition Management of the change process Entry and feasibility assesment (penilaian) Analysis of existing system Formulation of strategic requirement Organizational and job design Information processing systems design Application software acquisition and development Hardware/system software acquisition Procedure Development Acceptance testing Conversion Operatin and Maintenance Bina Nusantara

Programing Management Controls Bina Nusantara

Cara cara yang dipergunakan untuk memimpin pengembangan atau pembelian software yang bermutu tinggi terdapat beberapa fase: 1. The Program Development Life Cycle: Untuk mengembangkan atau membeli dan untuk mengimplementasikan program berkualita 2. Organizing The Programing Team Cara yang dipergunakan untuk mengorganisasi programer akan mempengaruhi nkualitas dari software yang dihasilkan Bina Nusantara

The Program Development Life Cycle Karakteristik program berkualitas: Fungsinya tepat & lengkap Memiliki high quality user interface Bekerja dengan efisien Disain & dokumentasi baik Gampang untuk di maintain Tangguh menghadapi keadaan yang tidak normal 6 pedoman untuk fase pengembangan program life cucle: Planning Control Design Coding Testing Operation and maintenance Bina Nusantara

Organizing The Programing Team Terdapat 3 cara pengelolaan programer: Chief Programer Team Organisasi sederhana dengan fokus pada fungsi kontrol yang tersentralisasi Adaptive Team model struktur programer, jumlah personalnya sedikit Controlled Decentralized Teams Struktur yang menggunakan junior progrmaer yang berada dibawah koordinasi senior programer yang bertindak sebagai pemimpin proyek Bina Nusantara

Data resource management controls Bina Nusantara

security management controls Bina Nusantara

operation management controls Bina Nusantara

Quality assurance management controls Bina Nusantara

Identifying Information Technology Controls Business Risk: Likehood that an organization will not achieve its business goals and objectives. Both internal & External factor can contribute to the chances of this occurance Risk may emerge from the external environment, such as the risk of a poor economy. Other risks could rise internally. 23 Bina Nusantara

The Risk Management Process Identify IT Risk Identify IT Risk Identify IT Risk Identify IT Risk Bina Nusantara

Audit Risk Audit Risk is the likehood that an organization’s external auditor makes a mistake when issuing an opinion attesting to the fairness of its financial statements or that an IT auditor fails to uncover a material error or fraud. Inherent Risk (IR) Likehood of material errors or fraud inherent in the business environment Control Risk (CR) Likehood that The internal control System will not Prevent or detect Material errors or Fraud on A timely basis Detection Risk (DR) Likehood that Audit procedures Will not detect Material errors or Fraud on A timely basis Audit Risk = X X Bina Nusantara

Identifying Information Technology Controls COSO : (Committee of Sponsoring Organization) of Treadway Commission Internal Control is a process, effected by the entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: Reliability of financial reporting Compliance with applicable laws and regulations Effectiveness and efficiency of operation Bina Nusantara

COSO Components of Internal Control Control environment Risk assessment Control activities Information and communication Monitoring Bina Nusantara

Quality Control Standards To using internal financial and operational controls, many organizations have sought to improve public confidance in their products and processes by adopting quality control standards. ISO9000: The international Organization for Standardization (ISO). Organization introduce ISO9000, 9001, 9002 and 9003. Six Sigma ISO900 forces managers to document processes. Doing so may lead to process or product improvement, but that’s incidental to certification. Six Sigma, on the other hand, represents a standardized approach to process improvement. The term “Six Sigma” refers to a statistical level, implying that tolerance of defects in quality should be controlled to less than six deviation from customer specifications or 3,4 defects per million instances. Bina Nusantara

Steps in the Six Sigma DMAIC Methodology Define Define customers, processes and Boundary Project Measure Measure current process performance Analyse Analyse data to identify defect causes and oppurtunities For improvement Improve Improve processes and prevent problems Control Control and monitor improvements Bina Nusantara

Documenting Information Technology Controls IT auditor use many tools to document their understanding of IT controls These tools include: Narrative description Flowcharts, DFD (Grafis method) Internal control questionare 30 Bina Nusantara

Documenting AIS Graphic representation of business processes / events Communication High light main components of processes Relatively easy to understand by all parties Understanding existing systems Designing new systems Easier to compare processes Forces discipline (if done correctly) SAS 94 suggests them, particularly for complex processes Bina Nusantara

Universal Modeling Language (UML) Designed for use in Object Oriented design and development Can be used to document any system Not the only choice, but popular and flexible Like a map UML: Is Visual Uses standard symbols to convey information Is usually prepared by experts but can be read by anyone Can provide high or low levels of detail (globe vs. map of OSU campus) Bina Nusantara

Data-Flow Diagrams A data-flow diagram shows the physical and logical flows of data through a transaction processing system without regard to the time period when each occurs Physical devices that transform data are not used in the logical diagrams Because of the simplified focus, only four symbols are needed Bina Nusantara

Symbols used in Data Flow Diagrams A square represents an external data source or data destination. The latter is also called a sink A circle (or bubble) indicates an entity or a process that changes or transforms data A bubble can either be an internal entity in a physical DFD or a process in a logical DFD An open-ended rectangle or a set of parallel lines represents a store or repository of data The file may represent a view or a portion of a larger entity-wide data base A line with an arrow indicates the direction of the flow of data Bina Nusantara

Physical DFDs A Physical DFD documents the physical structure of an existing system. It answers questions such as Where an entity works, How an entity works, the work is done by Whom, etc. Given the very “physical” focus of a physical DFD, it changes whenever the entities, technology used to implement the system, etc. changes Physical DFDs have no lower levels This limitation makes physical DFDs cumbersome to work with, and usually of limited value Bina Nusantara

Logical Data flow diagrams are usually drawn in levels that include increasing amounts of detail A top level (or high-level) DFD that provides an overall picture of an application or system is called a context diagram A context diagram is then decomposed, or broken down, into successively lower levels of detail Bina Nusantara

Logical DFDs - II Logical Data flow diagrams document the processes in an existing or proposed system (What tasks) Because the logic of a system changes infrequently, relative to its physical nature, a logical DFD will remain relatively constant over time Logical Data flow diagrams typically have levels below the level-0 diagram Bina Nusantara

The Hierarchy of Data-Flow Diagrams Bina Nusantara

A Context Diagram Process bubble Customer Relevant Environment comprised of External Entities Payment Cash Receipts Process }Boundary (border between a system and its environment) Bank Dataflows (Interfaces) Deposit This is a flow connecting a system with its environment Bina Nusantara

Diagram Components Start of Process Document/ Report D = document Events/Triggers Customer Event A Event D Server Event B Event C D: (completed) Sequence (triggers) Kitchen Staff Status Swimlanes: Separation based on role S: (completed) Cashier Event E Files (tables) Manager Event F Data flows D: (paid) End of Process Register Bina Nusantara F: File 1 T: Table 1

Validation Data Bina Nusantara