Presentasi sedang didownload. Silahkan tunggu

Presentasi sedang didownload. Silahkan tunggu

DAMPAK TI TERHADAP AUDIT

Diterbitkan olehDjaja Tan Telah diubah "6 tahun yang lalu

Presentasi serupa

Presentasi berjudul: "DAMPAK TI TERHADAP AUDIT"— Transcript presentasi:

1 DAMPAK TI TERHADAP AUDIT
14 PEMERIKSAAN AKUTANSI DAMPAK TI TERHADAP AUDIT YULAZRI M.AK., CA., CPA FAK EKONOMI & BISNIS

2 VISI DAN MISI UNIVERSITAS ESA UNGGUL

3 Materi Sebelum UTS PENGANTAR AUDIT AUDIT PROSES
TANGGUNG JAWAB DAN TUJUAN AUDIT BUKTI AUDIT KERTAS KERJA PEMERIKSAAN STANDAR AUDIT LAPORAN AUDIT

4 Materi Setelah UTS MATERIALITAS DAN AUDIT RISK INTERNAL CONTROL
PENILAIAN IC DAN TEST IC PERENCANAAN DAN AUDIT PROGRAM KODE ETIK PROFESI KEWAJIBAN HUKUM DAMPAK TI PADA PROSES AUDIT

5 KEMAMPUAN AKHIR YANG DIHARAPKAN
Mahasiswa memahami tahapan proses audit. Mahasiswa memahami proses perencanaan audit. Mahasiswa dapat menggunakan aplikasi dasar dari analisa laporan keuangan (analytical review)

6

7 Proses/tahapan audit previous new Field work Reporting Planning
Risk Risk respond Reporting

8 Perencanaan audit Audit should be plan

9

10

11 Basic Computer Architecture
Central Processing Unit (CPU) Main Memory (RAM) (volatile memory) Turn-off the computer and it forgets Disk Drive non-volatile (persistent) memory Maintains data across shutdowns Data Files Temporary Files Registry Entries Unallocated Space Swap Space Log Files

12

13

14 Computer Forensic Requirements
Hardware Familiarity with all internal and external devices/components of a computer Thorough understanding of hard drives and settings Understanding motherboards and the various chipsets used Power connections Memory

15

16 TI DAN AKUNTANSI Teknologi informasi (TI) berfungsi untuk meningkatkan efektifitas dan efisiensi serta kualitas proses bisnis, termasuk di dalamnya proses akuntansi. Teknologi informasi berpengaruh besar terhadap pendekatan dan proses audit laporan keuangan. Auditor harus memahami keunggulan dan kelemahan TI.

17 How Information Technologies Enhance Internal Control
Computer controls replace manual controls Higher-quality information is available

18 TI DAN SISTEM PENGENDALIAN
TI mengantikan pengendalian manual yang cenderung kurang efektif dan kurang efisien. TI meningkatkan keunggulan kualitas pengolahan data dari sisi: Kemampuannya memproses transaksi yang komplek dalam jumlah yang besar secara efektif dan efisien. Konsistensi dalam proses pengolahan data. Kemampuannya menjamin keandalan proses pengolahan data.

19 TI DAN SISTEM PENGENDALIAN
TI menggantikan pemisahan fungsi konvensional. TI menurunkan peluang kecurangan (fraud). TI meningkatkan keunggulan kualitas informasi dari sisi: ketepatan waktu, keakuratan informasi, kemudahan akses, serta kemampuan adaptasi dengan kebutuhan pengguna informasi (customizing). Halaman

20 Assessing Risks of Information Technologies
Risks to hardware and data Reduced audit trail IT can improve a company’s internal controls; however, it can also affect the company's overall control risk. If IT systems fail, organizations can be paralyzed by the inability to retrieve information or by the use of unreliable information caused by processing errors. Specific risks to IT systems include the aforementioned. Need for IT experience and separation of IT duties

21

22

23 Kerusakan file data dan informasi karena rusaknya hardware/software.
RISIKO PENGGUNAKAN TI Saat ini TI bukan lagi pilihan, tapi keharusan. Risiko yang harus diperhatikan antara lain: Kerusakan file data dan informasi karena rusaknya hardware/software. Kerusakan proses yang sangat masif yang tidak dapat diketahui dengan segera. Ketergantungan yang tinggi terhadap fungsi hardware/software. Halaman

24 Risks to Hardware and Data
Reliance on hardware and software Unauthorized access Without proper physical protection, hardware or software may not function or may function improperly. When organizations replace manual procedures with technology-based procedures, the risk of random error from human involvement decreases. However, the risk of systematic error increases because once procedures are programmed into computer software, the computer processes information consistently for all transactions. IT cased accounting systems often allow online access to electronic data in master files software and other records. Because online access can occur from remote access points, there is potential for illegitimate access. Since much of the data is stored in centralized electronic files, this increases the risk of loss or destruction of entire data files. Systematic vs. random errors Data loss

25 RISIKO PENGGUNAAN TI Kerusakan sistematis vs random, pada saat proses manual digantikan dengan TI, kerusakan random karena human errors dapat diturunkan, tetapi kerusakan sistematis justru bisa meningkat. Unauthorized access. Akses online terhadap data elektronik berpotensi meningkatkan risiko akses tanpa otorisasi. Loss of data. Data elektronik yang rata-rata disimpan terpusat dalam data base, meningkatkan risiko kerusakan atau hilangnya keseluruhan data. Need for IT experience. Penggunaan TI memerlukan staf yang memahami dan mampu memanfaatkan keunggulan TI Halaman

26 PENGENDALIAN TI General controls (pengendalian umum). Adalah sistem pengendalian untuk seluruh aspek fungsi TI, mencakup: administrasi TI, pemisahan fungsi TI, pengembangan TI, pengamanan akses fisik dan online terhadap hardware/software/data, backup data, dan perencanaan kontinjensi untuk situasi emerjensi. Auditor harus mengevaluasi pengendalian umum untuk keseluruhan TI dalam organisasi. Halaman

27 PENGENDALIAN TI Aplication controls (pengendalian aplikasi). Adalah sistem pengendalian untuk program aplikasi yang digunakan untuk memproses transaksi, seperti pengendalian untuk sistem penjualan dan penerimaan kas. Auditor harus mengevaluasi pengendalian aplikasi untuk setiap kategori transaksi atau akun, karena pengendalian aplikasi bisa jadi berbeda-beda untuk setiap kategori transaksi atau akun. Halaman

28 Reduced Audit Trail Visibility of audit trail Lack of traditional
authorization With the use of computers, IT often reduces or even eliminates source documents and records that allow the organization to trace accounting information. In many IT systems, employees who deal with the initial processing of transactions never see the final results. Therefore, they are less able to identify mistakes. Advanced IT systems can often initiate transactions automatically, such as calculating interest on savings accounts and ordering inventory when pre-specified order levels are reached. Detection risk Reduced human involvement

29 Need for IT Experience and Separation of Duties
It is important to have personnel with knowledge and experience to install, maintain, and use the system. Reduced separation of duties Need for IT experience

30 Internal Controls Specific to Information Technology
Information technology controls General controls apply to all aspects of the IT function including IT admin, separation of IT duties, systems development, physical and online security over access to hardware, software and related data. Application controls apply to processing transactions. Application controls General controls

31 Relationship Between General and Application Controls

32 Control activities Kebijakan dan prosedur yang membantu menjamin pengarahan managemen dilaksanakan

33 Control Activities Pemisahan Tugas Pengendalian Pengolahan Informasi
General Control Application Control Pengendalian Pisik Review Kinerja

34 Pemisahan Tugas: seseorang tidak boleh melakukan tugas yang tidak kompatibel Pemisahan tugas pelaksana, pencatatan, dan penyimpanan aset dari suatu transaksi Pemisahan bagian IT dengan Pengguna Pemisahan dalam bagian IT: Pengembangan sistem Operation Data control Securities administration

35 Information Processing Control General Control
Pengendalian organisasi dan operasional Pengendalian pengembangan sistem dan dokumentasi Pengendalian perangkat keras dan lunak Pengendalian akses Pengendalian data dan prosedural Application Control

36 Physical Control Direct physical control Indirect physical control
Penghitungan berkala terhadap aset

37 Information and communication:
Idenfikasi, perekaman, dan pertukaran informasi dalam rerangka bentuk dan waktu yang memungkinkan orang menjalankan tanggungjawabnya

38 Information and Communication
Transaksi Hanya transakasi valid Seluruh transaksi Hak dan kewajiban Pengukuran Cukup detail Audit atau transaction trail Dokumen dan catatan

39 Categories of General and Application Controls

40 Administration of the IT Function
The perceived importance of IT within an organization is often dictated by the attitude of the board of directors and senior management.

41 Segregation of IT Duties
The CIO or IT manager should be responsible for oversight of the IT function. Systems analysts are responsible for the overall design of each application system Computer operators are responsible for the day-to-day operations of the computer following the schedule established by the CIO.

42 Systems Development Typical test strategies Pilot testing
Pilot testing is when a new system is implemented in one part of the organization while other locations continue to rely on the old system. Parallel testing is when the new and old systems operate simultaneously in all locations. Pilot testing Parallel testing

43 Physical and Online Security
Online Controls: User ID control Password control Separate add-on security software Physical controls decrease the risk of unauthorized changes to programs and improper use of programs and data files. Proper user IDs and passwords control access to software and related data files this reducing the likelihood that unauthorized changes are made to software applications and data files. Physical Controls: Keypad entrances Badge-entry systems Security cameras Security personnel

44 Backup and Contingency Planning
Offsite storage of critical files is a key element to a backup and contingency plan One key to a backup and contingency plan is to make sure that all critical copies of software and data files are backed up and stored off the premises.

45 Hardware Controls These controls are built into computer
equipment by the manufacturer to detect and report equipment failures.

46 Application controls are designed for each
software application Input controls Output controls Processing controls

47 Aplication control Pengendalian Input Pengendalian Proses
Pengendalian Output

48 Aplication control Input Control Otorisasi Konversi Data Input
Verification Control Computer Editing: missing data check, valid character check, limit (reasonable) check, valid sign check, valid code check, check digit) Koreksi Kesalahan

49 Processing Control Control totals File identification labels
Limit and reasonableness checks Before-and-after report Sequence test Process tracing data

50 Output control: hasil benar dan hanya orang yang berhak yang memperoleh hasilnya
Reconciliation of totals Comparioson to source document Visual scanning

51 Input Controls These controls are designed by an
organization to ensure that the information being processed is authorized, accurate, and complete.

52 Batch Input Controls Total for all Financial total records in a batch
Total of codes from all batch records Hash total Total of records in a batch Record count

53 Processing Controls Correct file, database, or program?
Validation test Correct processing order? Sequence test Accuracy of processed data? Arithmetic accuracy test Data exceeds preset amounts? Data reasonableness test Completeness of record fields? Completeness test

54 Output Controls These controls focus on detecting errors
after processing is completed rather than on preventing errors.

55 Impact of Information Technology on the Audit Process
Effects of general controls on system-wide applications Effects of general controls on software changes Ineffective general controls create the potential for material misstatements across all system applications regardless of the quality of the application controls. Client changes to application software affect the auditor’s reliance on automated controls. Auditors obtain information about general and application controls through interviews, examination of system documentation, and reviews of detailed questionnaires completed by IT staff. If general controls are ineffective, the auditor’s ability to rely on IT-related application controls to reduce control risk in all cycles is reduced. After identifying specific IT-based application controls that can be used to reduce control risk, auditors can reduce substantive testing. Obtaining an understanding of client general controls Relating IT controls to transaction-related audit objectives Effect of IT controls on substantive testing

56 Auditing in IT Environments with Varied Complexity
Audit around the computer LESS Smaller companies IT controls < effective Audit though the computer MORE Parallel simulation Test data

57 Auditing Around and Through the Computer

58 Test Data Approach 1. Test data should include all relevant
conditions that the auditor wants tested. 2. Application programs tested by the auditors’ test data must be the same as those the client used throughout the year. Auditor’s process their own test data using the client’s computer system and application program to determine whether the automated controls correctly process the test data. 3. Test data must be eliminated from the client’s records.

59 Test Data Approach Input test transactions to test key control
procedures Master files Application programs (assume batch system) Transaction files (contaminated?) Contaminated master files Control test results

60 Test Data Approach Control test results Auditor makes comparisons
Auditor-predicted results of key control procedures based on an understanding of internal control Differences between actual outcome and predicted result

61 Parallel Simulation The auditor uses auditor-controlled software
to perform parallel operations to the client’s software by using the same data files.

62 Parallel Simulation Production transactions Master file
Auditor-prepared program Client application system programs Auditor results Client results Auditor makes comparisons between client’s application system output and the auditor-prepared program output Exception report noting differences

63 Embedded Audit Module Approach
Auditor inserts an audit module in the client’s application system to identify specific types of transactions.

64 Embedded Audit Module Approach

65 Issues for Different IT Environments
Network Environments Database Management Systems Outsourced IT e-Commerce systems

66 KEUNGGULAN TI Reduced human involvement (penurunan keterlibatan manusia), proses bisnis menjadi lebih efisien dan tidak dibatasi dengan waktu. Lack of traditional authorization (penghilangan otorisasi manual), otorisasi tersebar luas, proses bisnis lebih cepat dan lebih efisien. Reduced separation of duties, proses bisnis menjadi lebih sederhana, birokrasi yang rumit menjadi berkurang tajam, pengendalian dilakukan secara elektronik. Halaman

67 Pengendalian Umum vs Aplikasi
Risiko Pengubahan Software Aplikasi Tanpa Otorisasi Risiko Benturan Antar Sub Sistem Pengendalian Aplikasi Penerimaan Kas Pengendalian Aplikasi Penjualan Pengendalian Aplikasi Penggajian Pengendalian Aplikasi Siklus Lainnya Risiko Pengubahan Master File Tanpa Otorisasi Risiko Proses Tanpa Otorisasi PENGENDALIAN UMUM Halaman

Download ppt "DAMPAK TI TERHADAP AUDIT"

Presentasi serupa

Audit Wikipedia (id)‏ Audit atau pemeriksaan dalam arti luas bermakna evaluasi terhadap suatu organisasi, sistem, proses, atau produk. Audit dilaksanakan.

Audit Wikipedia (id)‏ Audit atau pemeriksaan dalam arti luas bermakna evaluasi terhadap suatu organisasi, sistem, proses, atau produk. Audit dilaksanakan.
Pengendalian umum, dan pengendalian aplikasi

Pengendalian umum, dan pengendalian aplikasi
Pengendalian Internal (Internal Control)

Pengendalian Internal (Internal Control)
Pemahaman Pengendalian Internal

Pemahaman Pengendalian Internal
Pengaruh Audit SI/TI & Komputer pada pengendalian internal & Auditing

Pengaruh Audit SI/TI & Komputer pada pengendalian internal & Auditing
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
DAMPAK TEKNOLOGI INFORMASI TERHADAP AUDIT

DAMPAK TEKNOLOGI INFORMASI TERHADAP AUDIT
Chapter 10 Information Systems Controls for System Reliability

Chapter 10 Information Systems Controls for System Reliability
Pengendalian Sistem Informasi Akuntansi

Pengendalian Sistem Informasi Akuntansi
TUJUAN AUDIT SI/TI Pertemuan 2.

TUJUAN AUDIT SI/TI Pertemuan 2.
Managing Software Requirements (manajemen kebutuhan perangkat lunak)

Managing Software Requirements (manajemen kebutuhan perangkat lunak)
Panduan Audit Sistem Informasi

Panduan Audit Sistem Informasi
Panduan Audit Sistem Informasi

Panduan Audit Sistem Informasi
Analisis dan Perancangan Sistem

Analisis dan Perancangan Sistem
Electronic Data Processing

Electronic Data Processing
Pemeriksaan Atas Sikus Pengeluaran

Pemeriksaan Atas Sikus Pengeluaran
TSI Perbankan Indonesia: Kompleksitas, Permasalahan,

TSI Perbankan Indonesia: Kompleksitas, Permasalahan,
1 Pertemuan 17 Input / Output Matakuliah: T0316/sistem Operasi Tahun: 2005 Versi/Revisi: 5.

1 Pertemuan 17 Input / Output Matakuliah: T0316/sistem Operasi Tahun: 2005 Versi/Revisi: 5.
Standar Pelaporan Lap. Keu. Sesuai PABU

Standar Pelaporan Lap. Keu. Sesuai PABU
Testing Implementasi Sistem Oleh :Rifiana Arief, SKom, MMSI

Testing Implementasi Sistem Oleh :Rifiana Arief, SKom, MMSI

Presentasi serupa

Iklan oleh Google