Matakuliah : F0174 / Audit Laporan Keuangan Berbasis
Komputer
Tahun
: 2008
Information Technology Controls
Pertemuan 11-12
Top Management Control
Bina Nusantara
Pengendalian oleh pimpinan tertinggi:
Senior manajemen di perusahaan bertanggungjawab
terhadap fungsi sistem informasi berhadapan dengan
banyak tantangan, seperti perkembangan hardware dan
software
Pimpinan manajemen harus dapat mengantisipasi implikasi
perkembangan teknologi terhadap fungsi sistem
informasi dengan melihat perkembangan
Bina Nusantara
1.
2.
3.
4.
Planning
Organizing
Leading
Controlling
4
Evaluating The Palnning Function
Top manajemen harus membuat master plan untuk bagian
sistem informasi yang meliputi 3 tugas:
1. Mengetahui kesempatan dan masalah yg dihadapi
2. Mengidentifikasi sumber daya yang diperlukan
3. Membuat strategi dan taktik yang diperlukan untuk peroleh
sumber daya
Bina Nusantara
Jenis perencanaan:
Jangka Panjang:
1. Current Information Assesment
2. Strategic Direction
3. Development STartegic
Jangka Pendek:
1. Progress Report
2. Initiatives to be undertaken
3. Implementation Scheduler
Bina Nusantara
Need for a Contingency Approach to Planning
Perencanaan sisfo melibatkan banyak bagian organisasi.
Hal yang mendasari perencaan bagian organisasi
meliputi 2 faktor:
1. Strategi penting yang ada pad aportofolio sekarang dan yang
sedang berjalan
2. Strategi penting yang ada dalam portofolio sisfo yang akan
digunakan pada masa yang akan datang
Bina Nusantara
Evaluating Organization Function
Fungsi pengorganisasian adalah menemukan,
mengalokasikan dan mendapatkan sumberdaya yang
diperlukan untuk mencapai tujuan serta ditetapkan pada
fungsi perencanaan.
Beberapa fungsi pada pengorganisasian yang harus
dipertimbangkan bagi manajemen adalah:
1. Resorcing the information Systems Function
2. Staffing the Information System Function
3. Centralization Versus Decentralization of the Information
System Function.
4. Internal organization of Information System Function
5. Location of the Information Systems Function
Bina Nusantara
Evaluating The Leading Function
Kepemimpinan sistem manajemen yang kompleks yang
dibuat untuk mempengaruhi tingkah laku individu atau
group individu. Proses kepemimpinan untuk mencapai
tujuan diharapkan mempertimbangkan:
1. Motivating Information System Personel
2. Matching Leadership Styles with Information System Personel
3. Effectively Communicating with Information System Personel
Bina Nusantara
Evaluating The Controlling Function
Fungsi kontrol adalah melakukan perbandingan antara
hasil yang dicapai sesungguhnya dengan yang
direncanakan.
Beberapa hal yang dipertimbangkan dalam pengendalian:
1. Overall Controll of Information System Function
2. Technology Diffution and Controll of of Information System
Function
3. Controll of Information System Function
4. Control of user of Information System Function
Bina Nusantara
System development Management Controll
Management pengembangan sistem bertanggungjawab
terhadap fungsi analisa, disain, pengembangan,
implementasi dan maintenance sistem informasi.
Dalam banyak hal manajer menempatkan fungsi ini
sebagai karya seni walapun telah banyak bimbingan
prkatis yang disediakan tapi hasil kerja pengembangan
sistem sistem yang baik tetap saja tergantung pada
wawasan intuisi dan pengalaman setiap individu sistem
analis dan desainer.
11
Bina Nusantara
Pendekatan yang digunakan saat mengaudit sub sistem
pengembangan sistem:
1. Approaches to Auditing Systems Development
2. Evaluating The Major Phases In The Systems
Development Process
Bina Nusantara
Approaches to Auditing Systems Development
Pendekatan untuk mengaudit pengembangan sistem
Ada tiga tipe yang dilakukan auditor terhadap proses
pengembangan sistem yaitu:
1. Concurent audit
2. Postimplementation audit
3. General Audit
Bina Nusantara
Evaluating The Major Phases In The
Systems Development Process
Terdapat 13 fase pengembangan sistem yang harus dievaluasi
dan dikontrol auditor:
1. Problem/oportunity definition
2. Management of the change process
3. Entry and feasibility assesment (penilaian)
4. Analysis of existing system
5. Formulation of strategic requirement
6. Organizational and job design
7. Information processing systems design
8. Application software acquisition and development
9. Hardware/system software acquisition
10. Procedure Development
11. Acceptance testing
12. Conversion
13. Operatin and Maintenance
Bina Nusantara
Programing Management Controls
Bina Nusantara
Cara cara yang dipergunakan untuk memimpin
pengembangan atau pembelian software yang bermutu
tinggi terdapat beberapa fase:
1. The Program Development Life Cycle:
Untuk mengembangkan atau membeli dan untuk
mengimplementasikan program berkualita
2. Organizing The Programing Team
Cara yang dipergunakan untuk mengorganisasi programer akan
mempengaruhi nkualitas dari software yang dihasilkan
Bina Nusantara
The Program Development Life Cycle
Karakteristik program berkualitas:
1.
2.
3.
4.
5.
6.
Fungsinya tepat & lengkap
Memiliki high quality user interface
Bekerja dengan efisien
Disain & dokumentasi baik
Gampang untuk di maintain
Tangguh menghadapi keadaan yang tidak normal
6 pedoman untuk fase pengembangan program life cucle:
1.
2.
3.
4.
5.
6.
Bina Nusantara
Planning
Control
Design
Coding
Testing
Operation and maintenance
Organizing The Programing Team
Terdapat 3 cara pengelolaan programer:
1. Chief Programer Team
Organisasi sederhana dengan fokus pada fungsi kontrol yang
tersentralisasi
2. Adaptive Team
model struktur programer, jumlah personalnya sedikit
3. Controlled Decentralized Teams
Struktur yang menggunakan junior progrmaer yang berada
dibawah koordinasi senior programer yang bertindak sebagai
pemimpin proyek
Bina Nusantara
Data resource management controls
Bina Nusantara
security management controls
Bina Nusantara
operation management controls
Bina Nusantara
Quality assurance management controls
Bina Nusantara
Identifying Information Technology Controls
Business Risk:
Likehood that an organization will not achieve its business
goals and objectives.
Both internal & External factor can contribute to the
chances of this occurance
Risk may emerge from the external environment, such as
the risk of a poor economy. Other risks could rise
internally.
23
Bina Nusantara
The Risk Management Process
Identify IT Risk
Identify IT Risk
Identify IT Risk
Identify IT Risk
Bina Nusantara
Audit Risk
Audit Risk is the likehood that an organization’s external auditor
makes a mistake when issuing an opinion attesting to the
fairness of its financial statements or that an IT auditor fails to
uncover a material error or fraud.
Control Risk (CR)
Inherent Risk (IR)
Audit Risk
Bina Nusantara
=
Likehood of
material errors
or fraud inherent
in the
business
environment
X
Likehood that
The internal control
System will not
Prevent or detect
Material errors or
Fraud on
A timely basis
Detection Risk (DR)
X
Likehood that
Audit procedures
Will not detect
Material errors or
Fraud on
A timely basis
Identifying Information Technology Controls
COSO :
(Committee of Sponsoring Organization)
of Treadway Commission
Internal Control
is a process, effected by the entity’s board of
directors, management, and other personnel,
designed to provide reasonable assurance regarding
the achievement of objectives in the following
categories:
1. Reliability of financial reporting
2. Compliance with applicable laws and regulations
3. Effectiveness and efficiency of operation
Bina Nusantara
COSO
Components of Internal Control
•
•
•
•
•
Bina Nusantara
Control environment
Risk assessment
Control activities
Information and communication
Monitoring
Quality Control Standards
To using internal financial and operational controls, many organizations
have sought to improve public confidance in their products and
processes by adopting quality control standards.
ISO9000: The international Organization for Standardization (ISO).
Organization introduce ISO9000, 9001, 9002 and 9003.
Six Sigma ISO900 forces managers to document processes. Doing so
may lead to process or product improvement, but that’s incidental to
certification. Six Sigma, on the other hand, represents a
standardized approach to process improvement.
The term “Six Sigma” refers to a statistical level, implying that tolerance
of defects in quality should be controlled to less than six deviation
from customer specifications or 3,4 defects per million instances.
Bina Nusantara
Steps in the Six Sigma DMAIC Methodology
Define customers, processes and Boundary Project
Define
Measure current process performance
Measure
Analyse
Improve
Analyse data to identify defect causes and oppurtunities
For improvement
Improve processes and prevent problems
Control
Bina Nusantara
Control and monitor improvements
Documenting Information Technology Controls
IT auditor use many tools to document their understanding
of IT controls
These tools include:
1. Narrative description
2. Flowcharts, DFD (Grafis method)
3. Internal control questionare
30
Bina Nusantara
Documenting AIS
• Graphic representation of business processes /
events
• Communication
–
–
–
–
–
High light main components of processes
Relatively easy to understand by all parties
Understanding existing systems
Designing new systems
Easier to compare processes
• Forces discipline (if done correctly)
• SAS 94 suggests them, particularly for complex
processes
Bina Nusantara
Universal Modeling Language (UML)
• Designed for use in Object Oriented design and
development
– Can be used to document any system
– Not the only choice, but popular and flexible
• Like a map UML:
–
–
–
–
Bina Nusantara
Is Visual
Uses standard symbols to convey information
Is usually prepared by experts but can be read by anyone
Can provide high or low levels of detail (globe vs. map of OSU
campus)
Data-Flow Diagrams
• A data-flow diagram shows the physical and logical flows of
data through a transaction processing system without regard
to the time period when each occurs
• Physical devices that transform data are not used in the
logical diagrams
• Because of the simplified focus, only
four
symbols are needed
Bina Nusantara
Symbols used in Data Flow Diagrams
•
•
A square represents an external data source or data destination. The
latter is also called a sink
A circle (or bubble) indicates an entity or a process that changes or
transforms data
–
•
An open-ended rectangle or a set of parallel lines represents a store or
repository of data
–
•
A bubble can either be an internal entity in a physical DFD or a process in a logical
DFD
The file may represent a view or a portion of a larger entity-wide data base
A line with an arrow indicates the
of the flow of data
Bina Nusantara
direction
Physical DFDs
• A Physical DFD documents the physical structure of an existing
system. It answers questions such as Where an entity works,
How an entity works, the work is done by Whom, etc.
• Given the very “physical” focus of a
physical DFD, it changes whenever the entities, technology used to
implement the system, etc. changes
• Physical DFDs have no lower levels
• This limitation makes physical DFDs cumbersome to work with,
and usually of limited value
Bina Nusantara
• Logical Data flow diagrams are
usually drawn in levels that include increasing
amounts of detail
• A top level (or high-level) DFD that provides an
overall picture of an application or system is
called a context diagram
• A context diagram is then decomposed, or
broken down, into successively lower levels of
detail
Bina Nusantara
Logical DFDs - II
• Logical Data flow diagrams
document the processes in an existing
or proposed system (What tasks)
• Because the logic of a system changes infrequently,
relative to its physical nature, a logical DFD will remain
relatively constant over time
• Logical Data flow diagrams typically have levels below
the level-0 diagram
Bina Nusantara
The Hierarchy of Data-Flow Diagrams
The Hierarchy of Data Flow Diagrams
Context Diagram
Physical DFD
No lower levels
Level-0 logical DFD
Lower levels possible
Level 1 diagram(s)
Level 2 diagrams(s), etc.
Bina Nusantara
A Context Diagram
Process bubble
Customer
Payment
Dataflows
(Interfaces)
This is a flow connecting a system
with its environment
Bina Nusantara
Relevant Environment
comprised of External Entities
Cash
(border between a
Receipts }Boundary
system and its environment)
Process
Deposit
Bank
Diagram Components
Start of Process Events/Triggers Document/
Report
Customer
Event A
Server
Event B
D = document
Event D
Event C
D: (completed)
Kitchen
Staff
Cashier
Manager
Sequence (triggers)
Swimlanes:
Separation based
on role
Data flows
Status
S: (completed)
Event E
Files
(tables)
Event F
D: (paid)
Register
Bina Nusantara
F: File 1
T: Table 1
End of Process
Validation Data
Bina Nusantara