1. NAMA : Novita Dewi
Nim : 11353202277
Tugas Mandiri Control & Audit Sistem Informasi
Dosen Pembimbing : Muhammad jazzman, S. Kom., M. InfoSys
SISTEM INFORMASI VII G
FAKULTAS SAINS DAN TEKNOLOGI
UNIVERSITAS ISLAM NEGERI SULTHAN SYARIF KASIM
RIAU
2016
2. Definitions Audit
According to Mulyadi:
"A systematic process for obtaining and objectively evaluate the
evidence on the allegations about the activities and economic events,
with the aim to establish the level of concordance between these
statements with the established criteria, as well as the delivery of the
results to the user concerned".
3. Definitions Audit
Audit information technology or IT (information technology) is
also known as the audit or audit information system
(information system audit) is the testing of the control activities
of the infrastructure unit groups of a system / information
technology
4. Factors to be considered in conducting
an audit
In performing the audit the following factors must be considered:
It takes information that can be measured and the number of criteria
(standard) that can be used as a guide to evaluate the information,
Determination of the economic entity and the time period being audited must
be clear to determine the scope of responsibilities of the auditor,
Material evidence should be obtained in sufficient quantity and quality to
meet the objectives of the audit,
The ability of auditors to understand the criteria used and independent
attitude in collecting the evidence necessary to support a conclusion that will
be taken.
5. Types of Audit in general
Audit of financial statements (financial statement audit). Audit of
financial statements are audited by an external auditor or internal to the
auditee's financial statements to give an opinion whether the financial
statements are presented in accordance with the criteria that have been set.
The audit results and shared with outside parties such as creditors,
shareholders, and the tax office.
Audit compliance (compliance audit). This audit aims to determine
whether that is checked in accordance with the conditions, the norm of,
and certain laws. The criteria set out in the compliance audit comes from
different sources. For example, it may come from the management in the
form of internal control procedures. Compliance audit can be performed
by internal and external auditors.
6. CONT…
Operational audit (operational audit). Operational audit is the
systematic review of the operating activities of the organization in
relation to a particular destination. Operational audits, auditors
are expected to observe an objective and comprehensive analysis
of the operation-specific operations.
7. Type Audit (IT)
system Audit
The audit of a documented system to ensure it meets national or
international standards
Compliance Audit
To test the effectiveness of the implementation of policies, procedures,
controls and other legal elements
Product / Service Audit
To test a product or service is in compliance such as predetermined
specifications and suitable
8. Operational audit objective is to:
o Assessing the performance, the performance compared with
policies, standards, and goals set by management
Identifying opportunities and
o Provide recommendations for improvement or further action. The
parties may request an audit is operational management and third
parties. The results of operational audits submitted to the party
requesting the execution of the audit.
9. IT Audit?
The process of collecting and evaluating the facts / evidence to
determine whether the system (computerized):
keeping assets
Maintaining data integrity
Enabling communication and access to information
Achieve operational goals effectively
Consuming resources efficiently
10. advantage Audit
Assessing the effectiveness of the activity of documentation activities in
organizations
Monitoring compliance with policies, systems, procedures and company
law.
Measuring the effectiveness of the system
Identify weaknesses in the system that may result in a mismatch in the
future.
Provides information for process improvement
Enhance mutual understanding between departments and between
individuals
Reported the results of the review and actions based on the risk to
Management
11. audit SI
Audit an information technology system for now is a must. Audit needs
to be done so that the system is able to qualify sebuat IT Governance.
Audit information system is a way of testing of the system information
in the organization to determine whether the system information held in
accordance with the vision, mission and goals of the organization,
tested the system performance information and to detect risks and
potential effects that may arise.
12. IT Audit Methodology
In its implementation, IT auditors gather sufficient evidence through a
variety of techniques including surveys, interviews, observation and
documentation review.
One thing that is unique, audit evidence taken by the auditor usually also
covers electronic evidence. Typically, IT auditors apply computer-assisted
audit techniques, also known as CAAT (Computer Aided Auditing
Technique). This technique is used to analyze the data, such as transaction
data sales, purchasing, inventory transaction activity, customer activity,
and others.
13. Audit basic steps SI
Audit in the context of information technology is to check whether the
computer system running properly. Seven step audit process:
Implement a strategy based audit risk management and control practices that
can be agreed by all parties.
Set steps detailed audit.
Use facts / material evidence sufficient, reliable, relevant, and useful.
Make a report with conclusions based on the facts collected.
Examine whether the audit objectives achieved.
Convey reports to interested parties.
Ensure that the organization implements risk management and control
practices.
14. Stages of Information System Audit
Audit Information System can be done in various stages. Stages of
audit consists of 5 stages as follows:
The stage of preliminary examination
Detailed examination phase.
Conformance testing phase.
Stages of testing the truth of the evidence.
Stage of the overall assessment of the results of testing.
15. Who Audited ?
Management
IT Manager
IT Specialist (network, database, system analyst, programmer,
etc.)
user
16. Conducting Audit
Depending Audit Objectives
Internal Audit (first party audits) Made by or on behalf of the
company itself
Usually for management review or internal company purposes
Independent institutions outside the enterprise Second party audit
Conducted by special interest groups thd company Third party audit
Conducted by independent parties outside the company. For
example, for certification (ISO 9001, BS7799, etc.).
17. Tasks IT Auditor
Make sure the sides of the application of IT has the necessary
controls.
Ensure the controls are applied properly as expected
Which is conducted
Preparation.
Document Review.
Preparatory activities on-site audit.
Conducting on-site audit.
Preparation, approval and distribution of audit reports.
Follow-up audit.
18. Output activity Audit
The final result is in the form of a report that contains:
Scope of the audit.
Methodology.
Findings.
Non-compliance (the nature of nonconformities, bukti2 supporters, met
the requirements dud, location, degree of mismatch).
Conclusion (level of conformance to the audit criteria, the effectiveness
of the implementation, maintenance and management system
development, recommendation).
19. IT auditor needs
Internal Audit -> every company needs.
Company audit service providers.
Company certification providers.
20. Principles of Auditing
Ethical conduct
Based on professionalism, honesty, integrity, confidentiality and
discretion
Fair Presentation
The obligation to report honestly and accurately
Due professional care
Implementation of seriousness and consideration given
Independence
Evidence-base approach