Upload presentasi
Presentasi sedang didownload. Silahkan tunggu
1
KONSEP DASAR MELAKUKAN AUDIT SISTEM INFORMASI
PERTEMUAN 2 Darmansyah HS AKUNTANSI FEB UEU
2
KEMAMPUAN AKHIR YANG DIHARAPKAN
Mampu memahami peran yang dimainkan oleh system operasi dalam sebuah struktur pengendalian internal perusahaan dan audit dalam perusahaan
3
Pengendalian dan audit TI
Kegiatan yang memastikan apa yang dilakukan telah sesuai dengan apa yang ditentukan/direncanakan. Audit TI: Merupakan aktivitas pengumpulan dan pengevaluasian bukti untuk penentuan apakah Proses TI yang berlangsung dalam perusahaan telah dikelola sesuai dengan stanclar dan dilengkapi dengan objektif kontrol untuk mengawasi penggunaannya serta apakah telah memenuhi Tujuan Bisnis secara efektif.
4
Bagaimana tahapan audit?
Pemeriksaan (audit) Bagaimana tahapan audit? Pekerjaan pendahuluan Perencanaan audit Pengujian pengendalian (control testing) Pengujian substantif (substantive testing) Bagaimana tahapan audit TI….????
5
Pemeriksaan (audit)
6
Pemeriksaan (audit)
7
Pemeriksaan (audit)
8
TI dan Pengendalian Internal
Pengendalian TI Untuk menghindari terjadinya sesuatu yang tidak diinginkan atas teknologi informasi sehubungan dengan tujuan & kegiatan organisasi Basic Management/General Application COBIT (Control Objectives for Information and Related Technology) Planning & Organization Acquisition & Implementation Delivery & Support Monitoring
9
Audit TI dan SI Audit TI dan SI:
Merupakan aktivitas pengumpulan dan pengevaluasian bukti untuk penentuan apakah Proses TI yang berlangsung dalam perusahaan telah dikelola sesuai dengan stanclar dan dilengkapi dengan objektif kontrol untuk mengawasi penggunaannya serta apakah telah memenuhi Tujuan Bisnis secara efektif.
10
Pendekatan Audit TI Audit TI dan SI Audit around the Computer
Audit through the Computer Audit with the Computer
11
Audit TI dan SI
12
Audit TI dan SI
13
Standar Audit TI Audit TI dan SI Standards Guidelines Procedures
Information Systems Audit & Control Association(ISACA) Standards Guidelines Procedures
14
Audit TI dan SI Code of Professional Ethics:
Support the implementation of, and encourage compliance with, appropriate standards, procedures and controls for information systems. Perform their duties with due diligence and professional care, in accordance with professional standards and best practices Serve in the interest of stakeholders in a lawful and honest manner, while maintaining high standards of conduct and character, and not engage in acts discreditable to the profession. Maintain the privacy and confidentiality of information obtained in the course of their duties unless disclosure is required by legal authority. Such information shall not be used for personal benefit or released to inappropriate parties. Maintain competency in their respective fields and agree to undertake only those activities, which they can reasonably expect to complete with professional competence. Inform appropriate parties of the results of work performed; revealing all significant facts known to them. Support the professional education of stakeholders in enhancing their understanding of information systems security and control.
15
Audit TI dan SI 010 Audit Charter
Responsibility, Authority and Accountability The responsibility, authority and accountability of the information systems audit function are to be appropriately documented in an audit charter or engagement letter. o 020 Independence Professional Independence In all matters related to auditing, the information systems auditor is to be independent of the auditee in attitude and appearance. Organizational Relationship The information systems audit function is to be sufficiently independent of the area
16
Audit TI dan SI 030 Professional Ethics and Standards
Code of Professional Ethics The information systems auditor is to adhere to the Code of Professional Ethics of the Information Systems Audit and Control Association. Due Professional Care Due professional care and observance of applicable professional auditing standards are to be exercised in all aspects of the information systemsauditor's work. o 040 Competence Skills and Knowledge The information systems auditor is to be technically competent, having the skills and knowledge necessary to perform the auditor's work. Continuing Professional Education The information systems auditor is to maintain technical competence through appropriate continuing professional education
17
Audit TI dan SI 050 Planning 050.010 Audit Planning
The information systems auditor is to plan the information systems audit work to address the audit objectives and to comply with applicable professional auditing standards. o 060 Performance of Audit Work Supervision Information systems audit staff are to be appropriately supervised to provide assurance that audit objectives are accomplished and applicable professional auditing standards are met. Evidence During the course of the audit, the information systems auditor is to obtain sufficient, reliable, relevant and useful evidence to achieve the audit objectives effectively. The audit findings and conclusions are to be supported by appropriate analysis and interpretation of this evidence.
18
Audit TI dan SI 070 Reporting 070.010 Report Content and Form
The information systems auditor is to provide a report, in an appropriate form, to intended recipients upon the completion of audit work. The audit report is to state the scope, objectives, period of coverage and the nature and extent of the audit work performed. The report is to identify the organization, the intended recipients and any restrictions on circulation. The report is to state the findings, conclusions and recommendations and any reservations or qualifications that the auditor has with respect to the audit. o 080 Follow-Up Activities Follow-Up The information systems auditor is to request and evaluate appropriate information on previous relevant findings, conclusions and recommendations to determine whether appropriate actions have been implemented in a timely manner.
Presentasi serupa
