Matakuliah
Tahun
Versi
:A0274/Pengelolaan Fungsi Audit
Sistem Informasi
: 2005
: 1/1
Pertemuan 5
Internal Control System
1
Learning Outcomes
Pada akhir pertemuan ini, diharapkan mahasiswa
akan mampu :
• Mahasiswa dapat menunjukkan Internal
Control System.
2
Outline Materi
• Definition
• Fundamental Assumption in Establishing An
Internal Control System
– Business Reasons for A Strong Internal Control
System
– Legal Reasons for A Strong Internal Control System
– Basic Assumptions for the Internal Control System
– Evolution of Attacks and Intruders’ Technical
Knowledge
– Cost-Benefit Analysis of Controls
3
Definition
• Executives and auditors alike understand
the importance of a strong internal control
system in relation to financial audits and
reliable financial reports
4
• Internal control system is the policies, practices,
procedures and tools designed to:
– Safeguard corporate assets.
– Ensure accuracy and reliability of data captured and
information products.
– Promote efficiency.
– Measure compliance with corporate policies.
– Measure compliance with regulations.
– Manage the negative events and effects from fraud,
crime and deleterious activities.
5
Fundamental Assumptions in
Establishing An Internal Control System
• Management should employ the skills and
abilities of professionals in designing
internal controls and auditing their
effectiveness.
• That includes technicians in the
information systems function and audit
professionals in the internal audit function.
6
• If the company is conducting business over the
internet, that would include information system
professionals such as Certified Information
System Security Professional (CISSP), Certified
Information Technology Professional (CITP) or
Certified Information Systems Auditor (CISA)
who understand both computer technologies
and security.
• For the internal audit function is would include
Certified Internal Auditor (CIA) or CISA. Internal
control professionals should also be involved in
all new systems development – CIA, CISA or
CITP.
7
Business Reasons for A Strong Internal
Control System
• The business reasons have to do with
management objectives.
8
Legal Reasons for A Strong Internal
Control System
• The last statement brings up the second
point about compliance with applicable
laws and regulations.
9
Basic Assumption for The Internal
Control System
• The first basic assumption is that of
management responsibility. The responsibility
for an effective internal control system is not that
of internal auditors, external auditors,
management accountants or any other group
except management.
• The second assumption is that of reasonable
assurance. There is no such thing as a perfect
internal control system. Controls can generally
be compromised under the right conditions.
Internal control does not guarantee that an entity
will meet management objectives or even that
the firm will survive.
10
• The third assumption is independence
from the method of data processing. The
specific controls will vary with different
technologies but the objectives should be
process independent.
• The fourth assumption deals with
limitations, of which there are several.
11
Evolution of Attacks and Intruders’
Technical Knowledge
• Attacks have grown from simplistic to
complicated while simultaneously the
technical knowledge needed by intruders
has gone from a high level to a very low
level.
12
Cost-Benefit Analysis of Controls
• An important constraint in developing
internal controls is the use of cost-benefit
analysis on controls. Control activities are
subject to the some cost-benefit analysis
of other management activities.
13
The End
14