Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Auditing
Presented by Instructor Team
Agenda
1. Introduction to Information System Auditing
2. Introduction to the Basis of IT-related Business Risks and Controls
3. Integration of Financial Audit and IS Audit
4. Application of IS Audit and Web Trust
Backgrounds
4. Audit Requirements
– For External Auditor
• SA Seksi 314 Risk Assessment and internal control - consideration
and EDP characteristics
• SA Seksi 335 Auditing in EDP environment
– For Internal Auditor
• SPFAIB for Banking Industry
Definition: Information Systems Auditing
(Ron Webber)
IS Audit Objectives
Asset Safeguarding
The assets of a computer installation include hardware, software, people,
data files, system documentation, and supplies must be protected by system
of internal control.
Data Integrity
Agenda
1. Introduction to Information System Auditing
2. Introduction to the Basis of IT-related Business Risks and Controls
3. Integration of Financial Audit and IS Audit
4. Application of IS Audit and Web Trust
Specific Industry Application
• Reporting Systems
• Call Center
• Enterprise Resource Planning
• Office Automation
• Cloud Computing
The Need for Control and IS Audit
Your business processes depend on the computer applications
and data that support them - so you need to be sure that your data
and systems are secure. Yet, all the time, rapid changes in
business and technology keep increasing your organization's
control and security challenges - and reducing your reaction time.’
Confidentiality
Integrity
Availability
22 What is to be protected?
4 Who is responsible?
General Control
The controls can be thought
General IT controls are
of as existing within a
hierarchy that relies on the typically pervasive
operating effectiveness in nature and are
interconnectivity of the addressed through various
audit avenues.
controls as well as the
realization that failure of a Application Control
set of controls can lead to
Application controls provide
increased reliance and
another category of controls
necessary examination of
and include controls within
other control groups
an application around input,
processing, and output.
IT Governance
INTERNAL
CONTROLS
Application
Systems
Development/
Changes
General
Controls
Computer
Service Center
(Operations
and Security)
IT Controls and Financial Reporting
Information Technology
Risk and Controls
Information System Audit Course
Agenda
1. Introduction to Information System Auditing
2. Introduction to the Basis of IT-related Business Risks and Controls
3. Integration of Financial Audit and IS Audit
4. Application of IS Audit and Web Trust
Financial Audit Objective and External
Auditors’ Responsibility
Agenda
1. Introduction to Information System Auditing
2. Introduction to the Basis of IT-related Business Risks and Controls
3. Integration of Financial Audit and IS Audit
4. Application of IS Audit and Web Trust
Agenda 4: Application of IS Audit and Web Trust
Catatan
pemenuhan prinsip
WebTrust Defined
PROCESSING
INTEGRITY
Melalui Systrust
(lihat slide berikut)
Ernst &Young’s seal - Cyber Process Certification
Agenda 4: Application of IS Audit and Web Trust
Agenda 4: Application of IS Audit and Web Trust
Report of
Management
Contoh Penerapan WebTrust
Agenda 4: Application of IS Audit and Web Trust
Report of
Independent
Accountants
Agenda 4: Application of IS Audit and Web Trust
VeriSign
Certificate
Agenda 4: Contoh Penerapan: Audit Laporan Keuangan & Web Trust
Transaction
Privacy of Security of Business Processing
Product Cost Data Data Policies Integrity
BBBOnline Low NO NO Lightly NO
Covered
TRUSTe Low YES NO NO NO
Veri-Sign Low to NO YES: Data NO NO
Medium Transmittal
NO: Data
Storage
ICSA High YES YES Somewhat Lightly
Covered Covered
WebTrust High YES YES YES YES
End of Presentation
Thank You.