Matakuliah
Tahun
Versi
:A0274/Pengelolaan Fungsi Audit
Sistem Informasi
: 2005
: 1/1
Pertemuan 3
Auditing Standards and
Responsibilities
1
Learning Outcomes
Pada akhir pertemuan ini, diharapkan mahasiswa
akan mampu :
• Mahasiswa dapat menjelaskan Auditing
Standards and Responsibilities.
2
Outline Materi
• Introduction
• Ethics
– Institute of Internal Auditors (IIA)
• Purpose
• Principles of The IIA of Ethics
• Rules of Conduct
– Information systems Audit and Control Association
(ISACA)
• Purpose
• Applicability
• Rules of Conduct
3
• Professional Auditing Standards
– Institute of Internal Auditors
– Information Systems Audit and Control
Association
– American Institute of Certified Public
Accountants
• General Standards
• Standards of Field Work
• Reporting Standards
4
Introduction
• The internal audit function is guided by
auditing standards, guidelines, principles
and the responsibilities for auditors both
individually and professionally.
Individually, internal auditors have an
ethical responsibility to perform their duties
with integrity.
5
Ethics
• Every company should have its own ethics
officer, who answers to the chief executive
officer (CEO) or, better yet, chairman of the
board.
• Company may even hire ethics consultants
when necessary.
• Ethical principles for responsible use of IT
include:
–
–
–
–
Proportionality
Informed consent
Justice
Minimized risk
6
• Guidelines for becoming a responsible end user:
– Act with integrity, avoid conflicts of interest and ensure your
employer is aware of any potential conflicts.
– Protect the privacy and confidentiality of any information you are
entrusted with.
– Do not misrepresent or with hold information that is germane to a
situation.
– Do not attempt to use the resources of an employer for personal
gain or for any purpose without proper approval.
– Don not exploit the weakness of a computer system for personal
gain or personal satisfaction.
– Set high standards for your work. Accept responsibility for your
work.
– Advance the health, privacy and general welfare of the public.
7
• A code of ethics is necessary and
appropriate for the profession of internal
auditing, founded as it is on the trust
placed on its objective assurance about
risk management, control and governance.
8
Institute of Internal Auditors (IIA)
• The Institute of Internal Auditors has a Code of
Ethics that applies to its members and Certified
Internal Auditors (CIA). It extends beyond the
definition of internal auditing to include two
essential components:
– Principles that are relevant to the profession and
practice of internal auditing.
– Rules of conduct that describe behavior norms
expected of internal auditors. These rules are an aid
to interpreting the principles into practical applications
and are intended to guided the ethical conduct of
internal auditors.
9
Purpose
• The purpose of this Code is to promote an
ethical culture in the profession of internal
auditing
10
Applicability
• This Code of Ethics applies to both
individuals and entities that provide
internal auditing services. For the IIA,
“internal auditors” refer to IIA members,
recipients of IIA professional certification
(CIA, CGAP, CCSA and CFSA) and
candidates for those ertifications.
11
Principles of The IIA of Ethics
• Internal auditors are expected to apply and
uphold these principles:
– Integrity
– Objectivity
– Confidentiality
– Competency
12
Rules of Conduct
• The rules of conduct include:
– Integrity
– Objectivity
– Confidentiality
– Competency
13
Information systems Audit and Control
Association (ISACA)
• The Information systems Audit and Control
Association (ISACA) ALSO HAS A Code of
Professional Ethics.
14
Purpose
• The purpose of the ISACA Code is to
guide the professional and personal
conduct of members of the association
and/or holders of the professional
certifications from ISACA.
15
Applicability
• The Code applies to members of ISACA
and/or holders of Certified Information
Systems Auditor (CISA) and/or the
Certified Information Security Manager
(CISM) certifications.
16
Rules of Conduct
• This Code says members and CISAs shall:
– Support the implementation of, and encourage
compliance with, appropriate standards, procedures
and controls for information systems.
– Serve in the interest of relevant parties in a diligent,
loyal and honest manner and shall not knowingly be a
party to any illegal or improper activities.
– Maintain the privacy and confidentiality of information
obtained in the course of their duties unless
disclosure is required by legal authority. Such
information shall not be used for personal benefit or
released to inappropriate parties.
– Perform their duties in an independent and objective
manner and avoid activities that impair, or may
appear to impair, their independence or objectivity. 17
– Maintain competency in their respective fields of
auditing and information systems control.
– Agree to undertake only those activities that they can
reasonably expect to complete with professional
competence.
– Perform their duties with due professional care.
– Inform the appropriate parties of the results of
information systems audits and/or control work
performed, revealing all material facts known to them,
which if not revealed could either distort report of
operations or conceal unlawful practices.
18
– Support the education of clients, colleagues,
the general public, management and boards
of directors in enhancing their understanding
of information systems auditing and control.
– Maintain high standards of conduct and
character and not engage in acts discreditable
to the profession.
19
Professional Auditing Standards
• Like ethics, standards exist from
authoritative sources that impose certain
requirements and/or structures to the
tasks and duties of the internal auditor.
20
Institute of Internal Auditors
• The IIA’s authoritative standards document that
is applicable to internal auditor is known as the
Standards for the Professional Practice of
Internal Auditing (SPPIA). The purpose of
SPPIA is to:
– Delineate basic principles that represent the practice
of internal auditing as it should be.
– Provide a framework for performing and promoting a
broad range of value-added internal audit activities
– Establish the basis for the measurement of internal
audit performance
– Foster improved organizational processes and
operations
21
Information Systems Audit and Control
Association
• The Information Systems Audit and Control
Foundation (ISACF) has determined that the
specialized nature of information system
auditing work and the skills necessary to perform
such audits, require the development and
promulgation of auditing standards that apply
specifically to information systems auditing.
• Information systems auditors review and
evaluate the development, maintenance and
operation of components of automated systems
(or such systems as a whole) and their
interfaces with the non-automoted areas of the
organization’s operations.
22
• ISACF has developed its Standards in
order to inform:
– Information systems auditors of the minimum
level of acceptable performance required to
meet the professional responsibilities set out
in the ISACA Code of Professional Ethics.
– Management and other interested parties of
the profession’s expectations concerning the
work of practitioners.
23
• The framework for the information systems
Standards, Guidelines and Procedures for
Information Systems Auditing (Standards)
provides multiple levels of guidance:
– Standards define mandatory requirements for
information systems auditing and reporting.
– Guidelines provide guidance in applying
information systems Auditing Standards.
– Procedures provide examples of procedures
an information systems auditor might follow in
an audit engagement.
24
American Institute of Certified Public
Accountants
• The AICPA has long-established Generally
Accepted Auditing Standards (GAAS) that
are related to internal auditing.
25
• The basic Standards fall into three
categories:
– General Standards
– Standards of Field Work
– Reporting Standards
26
General Standards
• The auditor must have adequate technical
training and proficiency.
• The auditor must have independence of
mental attitude.
• The auditor must exercise due
professional care in the performance of
the audit and the preparation of the report.
27
Standards of Field Work
• Audit work must be adequately planned.
• The auditor must gain a sufficient
understanding of the internal control
structure.
• The auditor must obtain sufficient,
competent evidence.
28
Reporting Standards
• The auditor must state in the report whether
financial statements were prepared in
accordance with generally accepted accounting
principles (GAAP).
• The report must identify those circumstances in
which GAAP were not applied.
• The report must identify any items that do not
have adequate informative disclosures.
• The report shall contain an expression of the
auditor’s opinion on the financial statements as
a whole.
29
The End
30