4. What is New Economy?
“New industries whereby technology
particularly internet and World Wide
Web are the driving force behind the
economic growth”.
Sometimes called “Internet Economy”,
“Digital Economy”, or “Web Economy”.
April 2017 4@goudotmobi
5. What is New Economy? (cont’d)
“Have started in late 1990s, as high tech
tools (support roles), such as the internet”.
“Then began penetrating consumer and
business fields through consumerization
and mass adoption due to mobile
devices and affordable data plan with the
roles as enabler and driver”.
April 2017 5@goudotmobi
6. More than Only E-Commerce
• E-Business (SAP, Oracle,
Dynamics)
• E-Commerce: E-Retailer,
Banner Ad, E-Marketplace
(Blibli, Alibaba, Lazada,
Zalora)
• E-Travel (Traveloka, Tiket)
• Crowdfunding (Kickstarter)
• Social Media/Network
(Facebook, Twitter, Path,
Instagram)
• Mass Customization
Manufacturers: 3D printing,
design-your-own clothing,
watches, sneakers.
April 2017 @goudotmobi 6
7. More than Only E-Commerce (cont’d)
• Car Sharing/Pooling
• Transportation-network (Go-
JEK, Uber, Grab)
• Peer-to-peer lending of
money (Zopa, WeLab)
• Peer-to-peer property rental
(Airbnb)
• Online video/music services
(Netflix, Spotify, HOOQ)
• Online dating services
(Match.com, Tinder)
• Online advertising
(AdWords, AdSense,
Facebook Ads)
• E-Money, E-Wallet, Virtual
and Digital Currency
(T-Cash, Flazz, Go-Pay)
April 2017 @goudotmobi 7
8. Important Characteristics
• Digitalization and
intensive use of
Information and
Communication
Technologies (ICT).
• Shifted role from
Support into Enabler
and Driver.
• Transformation of
information into
commodities.
• New ways of organizing
work and production.
April 2017 @goudotmobi 8
9. Digital Economy’s Evolution
• Steadily evolved since 2000.
• A bit shaky start but has been rapidly embraced globally.
• In the case of E-Commerce:
• Skepticism
Early 2000, Internet’s use for business was not so
positively responded; It was elsewhere too.
• Global Adoption
In 2007, as Western countries struggled with economic
crisis, other countries rapidly plugging into the
bandwagon.
• Mobile, Mobile and Mobile Connectivity
In 2013 until now, the next billion people are going
online worldwide (5 out of 7+ billion)
April 2017 @goudotmobi 9
16. Digital Vulnerability - An Inescapable Aspect
April 2017 16
Image courtesy of: City Caucus
@goudotmobi
Source: Harvard Business Review's Bhaskar Chakravorti
17. In the Case of Indonesia
Economic and Industry Perspectives:
• Economic outlook (>4.5%) ~ citing ADB recent stats
• In 2050, the 4th largest economy in the world
after China, India and the US ~ citing PwC recent study
• Stable inflation and interest rate ~ citing ADB recent stats
• 5G technology edges closer
• US$5.5B investment in telematics (US$500m for
cellular phone’s)~ citing IndonesiaInvestments May 2016
• IT spending of US$22+B ~ citing IDC in early 2017
• 80% of budget goes to corporates and enterprises
(majority in Banking & Telco) ~ citing IDC in late 2016
17@goudotmobiApril 2017
18. • 260+ million population
• 85+ internet users
• 30% saving account owners
• 7% credit card subscribers
• 55 million Facebookers
• 45 million Twitterers
• 4 million Kaskusers
• 85 million middle class
• 5 million middle class growth per year
• 3% internet users growth per year
• 200 million domestic trips per year
Let’s Digging the Numbers Deeper…
23. Reiterating IS and IT Audit
• What is?
Activities of collecting and evaluating evidence of
Information Systems (IS) or Information Technology
(IT), practices, and operations within an organization.
• Purpose
Evaluating system's internal control design and
effectiveness.
• Objective
Safeguarding assets, maintaining data integrity, operating
effectively to achieve organization goals and objectives.
• Performed
In conjunction with financial statement audit, internal audit,
or other form of audit.
April 2017 @goudotmobi 23
24. IT Audit In Details
• Gathering, Assessing, Evaluating, Validating and
Examining an organization's IT Infrastructure, policies,
procedures including Comparing and Testing them
against the executions/implementations/operations.
• The objective is to give assurance whether IT Controls
protect corporate assets, ensure data integrity and are
aligned with the business overall goals.
• Formerly known as Electronic Data Processing (EDP)
Audit.
April 2017 @goudotmobi 24
25. IT Audit In Details (cont’d)
In a nutshell, to simplify
• IT Audit gives assurance that IT systems are adequately
protected, provide reliable information to users and properly
managed to achieve their intended benefits.
Bringing the Objectives forward
• Evaluate the systems and processes are in place to secure
the organization’s data.
• Determine risks (Risk-Based IT Audit) to a company's
information assets, and help identify methods to minimize
those risks.
• Ensure IT management processes are in compliance with
IT-specific laws, policies and standards.
• Determine inefficiencies in IT systems and associated
management.
April 2017 @goudotmobi 25
26. IT vs IT Audit
• IS Audit focus on the respective system
(especially Business, Accounting and Finance
Systems) and particularly within their
Application/Software and Data.
• IT Audit eyes on IT Infrastructure such as
Server, Storage, Network (Router, Switch, Hub),
Firewall and other supporting peripherals
(UPS, Fire Suppression Systems).
April 2017 @goudotmobi 26
27. Various Types of IT and IS Audit
April 2017 @goudotmobi 27
Perform
Separate IT/IS
audits
Perform
Integrated audits
Perform
Technical and IT
Operational
audits
Provide
technical
assistance to
financial audits
General Control
Examination
Application
Systems Audit
System Under
Development
Audit
Special Topic
Audits
(Compliance,
etc)
28. What to Audit?
April 2017 @goudotmobi 28
Input
Processing
Output
Web
Application
Security
Network
Security
Application Controls (2nd)
Operating
System
Database
General Computer Controls (1st)
Physical Security
29. Auditing General (Computer) Controls
April 2017 @goudotmobi 29
IS/IT Strategy
IS/IT Policies and
Procedures
IT/IS Management
Practices
IT/IS Organizational
Structure and
Responsibilities
Auditing the
Management,
Planning and
Organization of
IS/IT
30. How to Become IT/IS Auditor?
Step 1: Complete a Bachelor Degree Program,
particularly:
Bachelor of Science (B.S.) in IT (Informatics Engineering,
Computer Engineering, Computerized Accounting).
BS in Information Systems.
Bachelor of Arts in Economics majoring in Management or
Accounting.
Step 2: Gain (Relevant) Working Experience.
Step 3: Obtain International Individual Certification
(optional)
In fact, some of those certifications (such as from ISACA)
could be obtained prior to professional experience.
April 2017 @goudotmobi 30
31. International Individual Certifications
• CISA (Certified Information Systems Auditor)
from ISACA.
• CISM (Certified Information Systems
Manager) from ISACA.
• CISSP (Certified Information Systems Security
Professional) from International Information
Systems Security Certification Consortium.
• ISO 27001 on Information Systems
Management Systems (ISMS) Lead Auditor
• GSNA: GIAC Systems and Network Auditor
from GIAC.
• CFE (Certified Fraud Examiner) from ACFE.
April 2017 @goudotmobi 31
36. IS and IT Auditor Parts
April 2017 36@goudotmobi
37. IS and IT Auditor Parts (cont’d)
• Deploying Risk-based IS and IT Audit
• Leveraging CAAT & other auditing software
• Capitalizing frameworks, regulation and standards:
• ISACA’s COBIT, Risk IT and ValIT
• ISO 20000 on IT Service Management
• ISO 27001 on Information Security
• ISO 22301 on Business Continuity Management Systems
• PMI’s Project Management Body of Knowledge (PMBOK)
• IIA COSO
• PCI-DSS
• Sarbanes-Oxley (SOX)
• HIPAA
• Peraturan Bank Indonesia and Surat Edaran OJK
April 2017 37@goudotmobi
38. IS and IT Auditor Parts (cont’d)
• Always be mindful that auditing involves
PUBLIC responsibility that is more important
than relationship with CLIENT.
• Auditors must express their view on the
appropriateness – not just acceptability – of
IS and IT principles used or proposed to be
used.
• Reveal transparency and completeness of
opinions, reports and disclosures.
April 2017 38@goudotmobi
39. Must-Have Knowledge
1. Management, Planning, and Organization of IS and IT
Commencing Best IS and IT management practices
2. Technical Infrastructure and Operational Practices
Understanding hardware, software and networking
technologies
3. Protection of Information Assets
Mastering information security management
4. Disaster Recovery and Business Continuity
Valuing how IS and IT availability are critical to business
April 2017 @goudotmobi 39
40. Must-Have Knowledge (cont’d)
5. Business Application System Development,
Acquisition, Implementation, and Maintenance
Valuing core area of IS and IT development
6. Business Process Evaluation and Risk Management
Linking business expectations and risks to IS and IT
development and deployment
7. IS and IT Audit Process
Mastering code of ethics, auditing standards, guidelines,
audit methodology, techniques and Control Self-Assessment
April 2017 @goudotmobi 40
41. IS/IT Audit Methodology
• Manual Assessment
Understanding IT environments and systems
Gathering data and document needed
Assessing and evaluating data and document
Interviewing and discussing with related individuals,
functions, divisions and departments
Observing the systems and controls
Validating policies and procedures against the
executions
Testing controls against the executions through
sampling
Doing on-site visits
April 2017 @goudotmobi 41
42. IS/IT Audit Methodology (cont’d)
• Systematic assessment
Performing Security Vulnerability
Scans/Assessments (WireShark, Nmap)
Conducting Penetration Test (Nessus)
Rolling out other IT Technical Test
Acquiring and Analyzing Data and File (CAAT
such as IDEA and ACL)
Documenting IT/IS Audit Activities and
Working Papers (Voyager, AutoAudit,
TeamMate)
April 2017 @goudotmobi 42
43. What the Future Holds
• IS and IT Auditors play MORE and MORE STRATEGIC roles
• Needed than earlier – IT is now BUSINESS DRIVER and
more importantly ENABLER.
• Paperless or Less Paper Audit Documentation capitalizing
Audit Management System (MKInsight, Paisley GRC,
TeamMate, etc).
• Utilization level of CAAT (Computer-Assisted Auditing
Techniques) such as IDEA and ACL getting higher
• Functionality
Market leader IDEA analyze, manipulate and interrogate
huge quantities of data from business platform or systems
• Capability
Analyze 2,1 billion rows per an unlimited number of sheets
while for example Microsoft Excel 2007’s 1,048,576 rows
• Integrity
Core data cannot be modified once imported
April 2017 @goudotmobi 43
44. What the Future Holds (cont’d)
• Adoption of auditing tools such for Vulnerability
Assessment and Penetration Testing (Nessus,
Nmap).
• Still one of fastest-growing professions (20-
30% growth est. for 2018-2030).
• Therefore, they shall attain good understanding
on Online Business, their cycles and business
processes (e-travel, e-commerce, e-money, e-
wallet, payment gateway, etc).
• New areas to be audited (Social Media, Big Data,
Mobile Banking, Smart City).
April 2017 @goudotmobi 44
45. Higher Bargaining Positions
•IT plays more strategic role: in tech
organizations (driver) and non-tech
sectors (enabler and support).
•Growing number of IT Budget.
•Tons of IT Project and Investments.
•Business competition is stiffening.
•The world is getting riskier (threats,
vulnerabilities keep going).
•Driven by professional organization
(ISACA and IIA) and regulators.
April 2017 45@goudotmobi
46. Ever Since IT Plays Strategic Role
• Number of internet adoption and penetration are
rising day in and day out.
• IT literacy level throughout individuals and
organizations across the globe is increasing.
• Organization accommodate it for cost-saving
initiative.
• Capitalize to reach out more prospects, users,
customers, consumers, suppliers, vendors and
partners.
• Some companies identify and leverage IT as new
revenue streams (cost center to profit center).
April 2017 46@goudotmobi
47. Further References
Professional Organizations and Associations
• Information Systems Audit and Control
Association (ISACA) www.isaca.org
• The SANS Technology Institute www.sans.org
• International Information System Security
Certification Consortium (ISC)²: www.isc2.org
• The Institute of Internal Auditors www.theiia.org
• American Institute of Certified Public Accountants
(AICPA) www.aicpa.org
April 2017 @goudotmobi 47
48. Further References (cont’d)
Information System
• Computer-Assisted Auditing Techniques (CAAT): IDEA, ACL
• Audit Management Software: Voyager, MKInsight, TeamMate.
Framework
• Control Objectives of Business and Information Technology
(COBIT) 5 from ISACA
• Committee of Sponsoring Organizations of the Treadway
Commission (COSO) from IIA
• (ISC)² Common Body of Knowledge (CBK) from ISC2
Standard
• ISO 27001 Information Security Management Systems
(ISMS)
April 2017 @goudotmobi 48