Upload presentasi
Presentasi sedang didownload. Silahkan tunggu
Diterbitkan olehSuharto Kusnadi Telah diubah "9 tahun yang lalu
2
Information Technology Controls Pertemuan 11-12
Matakuliah : F0174 / Audit Laporan Keuangan Berbasis Komputer Tahun : 2008 Information Technology Controls Pertemuan 11-12
3
Top Management Control
Bina Nusantara
4
Pengendalian oleh pimpinan tertinggi:
Senior manajemen di perusahaan bertanggungjawab terhadap fungsi sistem informasi berhadapan dengan banyak tantangan, seperti perkembangan hardware dan software Pimpinan manajemen harus dapat mengantisipasi implikasi perkembangan teknologi terhadap fungsi sistem informasi dengan melihat perkembangan Planning Organizing Leading Controlling 4 Bina Nusantara
5
Evaluating The Palnning Function
Top manajemen harus membuat master plan untuk bagian sistem informasi yang meliputi 3 tugas: Mengetahui kesempatan dan masalah yg dihadapi Mengidentifikasi sumber daya yang diperlukan Membuat strategi dan taktik yang diperlukan untuk peroleh sumber daya Bina Nusantara
6
Jenis perencanaan: Jangka Panjang: Jangka Pendek:
Current Information Assesment Strategic Direction Development STartegic Jangka Pendek: Progress Report Initiatives to be undertaken Implementation Scheduler Bina Nusantara
7
Need for a Contingency Approach to Planning
Perencanaan sisfo melibatkan banyak bagian organisasi. Hal yang mendasari perencaan bagian organisasi meliputi 2 faktor: Strategi penting yang ada pad aportofolio sekarang dan yang sedang berjalan Strategi penting yang ada dalam portofolio sisfo yang akan digunakan pada masa yang akan datang Bina Nusantara
8
Evaluating Organization Function
Fungsi pengorganisasian adalah menemukan, mengalokasikan dan mendapatkan sumberdaya yang diperlukan untuk mencapai tujuan serta ditetapkan pada fungsi perencanaan. Beberapa fungsi pada pengorganisasian yang harus dipertimbangkan bagi manajemen adalah: Resorcing the information Systems Function Staffing the Information System Function Centralization Versus Decentralization of the Information System Function. Internal organization of Information System Function Location of the Information Systems Function Bina Nusantara
9
Evaluating The Leading Function
Kepemimpinan sistem manajemen yang kompleks yang dibuat untuk mempengaruhi tingkah laku individu atau group individu. Proses kepemimpinan untuk mencapai tujuan diharapkan mempertimbangkan: Motivating Information System Personel Matching Leadership Styles with Information System Personel Effectively Communicating with Information System Personel Bina Nusantara
10
Evaluating The Controlling Function
Fungsi kontrol adalah melakukan perbandingan antara hasil yang dicapai sesungguhnya dengan yang direncanakan. Beberapa hal yang dipertimbangkan dalam pengendalian: Overall Controll of Information System Function Technology Diffution and Controll of of Information System Function Controll of Information System Function Control of user of Information System Function Bina Nusantara
11
System development Management Controll
Management pengembangan sistem bertanggungjawab terhadap fungsi analisa, disain, pengembangan, implementasi dan maintenance sistem informasi. Dalam banyak hal manajer menempatkan fungsi ini sebagai karya seni walapun telah banyak bimbingan prkatis yang disediakan tapi hasil kerja pengembangan sistem sistem yang baik tetap saja tergantung pada wawasan intuisi dan pengalaman setiap individu sistem analis dan desainer. 11 Bina Nusantara
12
Approaches to Auditing Systems Development
Pendekatan yang digunakan saat mengaudit sub sistem pengembangan sistem: Approaches to Auditing Systems Development Evaluating The Major Phases In The Systems Development Process Bina Nusantara
13
Approaches to Auditing Systems Development
Pendekatan untuk mengaudit pengembangan sistem Ada tiga tipe yang dilakukan auditor terhadap proses pengembangan sistem yaitu: Concurent audit Postimplementation audit General Audit Bina Nusantara
14
Evaluating The Major Phases In The Systems Development Process
Terdapat 13 fase pengembangan sistem yang harus dievaluasi dan dikontrol auditor: Problem/oportunity definition Management of the change process Entry and feasibility assesment (penilaian) Analysis of existing system Formulation of strategic requirement Organizational and job design Information processing systems design Application software acquisition and development Hardware/system software acquisition Procedure Development Acceptance testing Conversion Operatin and Maintenance Bina Nusantara
15
Programing Management Controls
Bina Nusantara
16
Cara cara yang dipergunakan untuk memimpin pengembangan atau pembelian software yang bermutu tinggi terdapat beberapa fase: 1. The Program Development Life Cycle: Untuk mengembangkan atau membeli dan untuk mengimplementasikan program berkualita 2. Organizing The Programing Team Cara yang dipergunakan untuk mengorganisasi programer akan mempengaruhi nkualitas dari software yang dihasilkan Bina Nusantara
17
The Program Development Life Cycle
Karakteristik program berkualitas: Fungsinya tepat & lengkap Memiliki high quality user interface Bekerja dengan efisien Disain & dokumentasi baik Gampang untuk di maintain Tangguh menghadapi keadaan yang tidak normal 6 pedoman untuk fase pengembangan program life cucle: Planning Control Design Coding Testing Operation and maintenance Bina Nusantara
18
Organizing The Programing Team
Terdapat 3 cara pengelolaan programer: Chief Programer Team Organisasi sederhana dengan fokus pada fungsi kontrol yang tersentralisasi Adaptive Team model struktur programer, jumlah personalnya sedikit Controlled Decentralized Teams Struktur yang menggunakan junior progrmaer yang berada dibawah koordinasi senior programer yang bertindak sebagai pemimpin proyek Bina Nusantara
19
Data resource management controls
Bina Nusantara
20
security management controls
Bina Nusantara
21
operation management controls
Bina Nusantara
22
Quality assurance management controls
Bina Nusantara
23
Identifying Information Technology Controls
Business Risk: Likehood that an organization will not achieve its business goals and objectives. Both internal & External factor can contribute to the chances of this occurance Risk may emerge from the external environment, such as the risk of a poor economy. Other risks could rise internally. 23 Bina Nusantara
24
The Risk Management Process
Identify IT Risk Identify IT Risk Identify IT Risk Identify IT Risk Bina Nusantara
25
Audit Risk Audit Risk is the likehood that an organization’s external auditor makes a mistake when issuing an opinion attesting to the fairness of its financial statements or that an IT auditor fails to uncover a material error or fraud. Inherent Risk (IR) Likehood of material errors or fraud inherent in the business environment Control Risk (CR) Likehood that The internal control System will not Prevent or detect Material errors or Fraud on A timely basis Detection Risk (DR) Likehood that Audit procedures Will not detect Material errors or Fraud on A timely basis Audit Risk = X X Bina Nusantara
26
Identifying Information Technology Controls
COSO : (Committee of Sponsoring Organization) of Treadway Commission Internal Control is a process, effected by the entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: Reliability of financial reporting Compliance with applicable laws and regulations Effectiveness and efficiency of operation Bina Nusantara
27
COSO Components of Internal Control
Control environment Risk assessment Control activities Information and communication Monitoring Bina Nusantara
28
Quality Control Standards
To using internal financial and operational controls, many organizations have sought to improve public confidance in their products and processes by adopting quality control standards. ISO9000: The international Organization for Standardization (ISO). Organization introduce ISO9000, 9001, 9002 and 9003. Six Sigma ISO900 forces managers to document processes. Doing so may lead to process or product improvement, but that’s incidental to certification. Six Sigma, on the other hand, represents a standardized approach to process improvement. The term “Six Sigma” refers to a statistical level, implying that tolerance of defects in quality should be controlled to less than six deviation from customer specifications or 3,4 defects per million instances. Bina Nusantara
29
Steps in the Six Sigma DMAIC Methodology
Define Define customers, processes and Boundary Project Measure Measure current process performance Analyse Analyse data to identify defect causes and oppurtunities For improvement Improve Improve processes and prevent problems Control Control and monitor improvements Bina Nusantara
30
Documenting Information Technology Controls
IT auditor use many tools to document their understanding of IT controls These tools include: Narrative description Flowcharts, DFD (Grafis method) Internal control questionare 30 Bina Nusantara
31
Documenting AIS Graphic representation of business processes / events
Communication High light main components of processes Relatively easy to understand by all parties Understanding existing systems Designing new systems Easier to compare processes Forces discipline (if done correctly) SAS 94 suggests them, particularly for complex processes Bina Nusantara
32
Universal Modeling Language (UML)
Designed for use in Object Oriented design and development Can be used to document any system Not the only choice, but popular and flexible Like a map UML: Is Visual Uses standard symbols to convey information Is usually prepared by experts but can be read by anyone Can provide high or low levels of detail (globe vs. map of OSU campus) Bina Nusantara
33
Data-Flow Diagrams A data-flow diagram shows the physical and logical flows of data through a transaction processing system without regard to the time period when each occurs Physical devices that transform data are not used in the logical diagrams Because of the simplified focus, only four symbols are needed Bina Nusantara
34
Symbols used in Data Flow Diagrams
A square represents an external data source or data destination. The latter is also called a sink A circle (or bubble) indicates an entity or a process that changes or transforms data A bubble can either be an internal entity in a physical DFD or a process in a logical DFD An open-ended rectangle or a set of parallel lines represents a store or repository of data The file may represent a view or a portion of a larger entity-wide data base A line with an arrow indicates the direction of the flow of data Bina Nusantara
35
Physical DFDs A Physical DFD documents the physical structure of an existing system. It answers questions such as Where an entity works, How an entity works, the work is done by Whom, etc. Given the very “physical” focus of a physical DFD, it changes whenever the entities, technology used to implement the system, etc. changes Physical DFDs have no lower levels This limitation makes physical DFDs cumbersome to work with, and usually of limited value Bina Nusantara
36
Logical Data flow diagrams are usually drawn in levels that include increasing amounts of detail
A top level (or high-level) DFD that provides an overall picture of an application or system is called a context diagram A context diagram is then decomposed, or broken down, into successively lower levels of detail Bina Nusantara
37
Logical DFDs - II Logical Data flow diagrams document the processes in an existing or proposed system (What tasks) Because the logic of a system changes infrequently, relative to its physical nature, a logical DFD will remain relatively constant over time Logical Data flow diagrams typically have levels below the level-0 diagram Bina Nusantara
38
The Hierarchy of Data-Flow Diagrams
Bina Nusantara
39
A Context Diagram Process bubble Customer Relevant Environment
comprised of External Entities Payment Cash Receipts Process }Boundary (border between a system and its environment) Bank Dataflows (Interfaces) Deposit This is a flow connecting a system with its environment Bina Nusantara
40
Diagram Components Start of Process Document/ Report D = document
Events/Triggers Customer Event A Event D Server Event B Event C D: (completed) Sequence (triggers) Kitchen Staff Status Swimlanes: Separation based on role S: (completed) Cashier Event E Files (tables) Manager Event F Data flows D: (paid) End of Process Register Bina Nusantara F: File 1 T: Table 1
41
Validation Data Bina Nusantara
Presentasi serupa
© 2024 SlidePlayer.info Inc.
All rights reserved.