NAMA : Novita DewiNim : 11353202277

Tugas Mandiri Control & Audit Sistem Informasi Dosen Pembimbing : Muhammad jazzman, S. Kom., M. InfoSys

 

SISTEM INFORMASI VII G

FAKULTAS SAINS DAN TEKNOLOGI

UNIVERSITAS ISLAM NEGERI SULTHAN SYARIF KASIM RIAU

2016

Definitions Audit

According to Mulyadi:

"A systematic process for obtaining and objectively evaluate the evidence on the allegations about the activities and economic events, with the aim to establish the level of concordance between these statements with the established criteria, as well as the delivery of the results to the user concerned".

Definitions Audit

Audit information technology or IT (information technology) is also known as the audit or audit information system (information system audit) is the testing of the control activities of the infrastructure unit groups of a system / information technology

Factors to be considered in conducting an auditIn performing the audit the following factors must be considered: It takes information that can be measured and the number of criteria

(standard) that can be used as a guide to evaluate the information, Determination of the economic entity and the time period being audited must

be clear to determine the scope of responsibilities of the auditor, Material evidence should be obtained in sufficient quantity and quality to

meet the objectives of the audit, The ability of auditors to understand the criteria used and independent

attitude in collecting the evidence necessary to support a conclusion that will be taken.

Types of Audit in general Audit of financial statements (financial statement audit). Audit of

financial statements are audited by an external auditor or internal to the auditee's financial statements to give an opinion whether the financial statements are presented in accordance with the criteria that have been set. The audit results and shared with outside parties such as creditors, shareholders, and the tax office.

Audit compliance (compliance audit). This audit aims to determine whether that is checked in accordance with the conditions, the norm of, and certain laws. The criteria set out in the compliance audit comes from different sources. For example, it may come from the management in the form of internal control procedures. Compliance audit can be performed by internal and external auditors.

CONT…

Operational audit (operational audit). Operational audit is the systematic review of the operating activities of the organization in relation to a particular destination. Operational audits, auditors are expected to observe an objective and comprehensive analysis of the operation-specific operations.

Type Audit (IT)

system AuditThe audit of a documented system to ensure it meets national or international standards

Compliance AuditTo test the effectiveness of the implementation of policies, procedures, controls and other legal elements

Product / Service AuditTo test a product or service is in compliance such as predetermined specifications and suitable

Operational audit objective is to:

o Assessing the performance, the performance compared with policies, standards, and goals set by managementIdentifying opportunities and

o Provide recommendations for improvement or further action. The parties may request an audit is operational management and third parties. The results of operational audits submitted to the party requesting the execution of the audit.

IT Audit?

The process of collecting and evaluating the facts / evidence to determine whether the system (computerized): keeping assets Maintaining data integrity Enabling communication and access to information Achieve operational goals effectively Consuming resources efficiently

advantage Audit Assessing the effectiveness of the activity of documentation activities in

organizations Monitoring compliance with policies, systems, procedures and company

law. Measuring the effectiveness of the system Identify weaknesses in the system that may result in a mismatch in the

future. Provides information for process improvement Enhance mutual understanding between departments and between

individuals Reported the results of the review and actions based on the risk to

Management

audit SI

Audit an information technology system for now is a must. Audit needs

to be done so that the system is able to qualify sebuat IT Governance.

Audit information system is a way of testing of the system information

in the organization to determine whether the system information held in

accordance with the vision, mission and goals of the organization, tested

the system performance information and to detect risks and potential

effects that may arise.

IT Audit Methodology

In its implementation, IT auditors gather sufficient evidence through a variety of techniques including surveys, interviews, observation and documentation review.

One thing that is unique, audit evidence taken by the auditor usually also covers electronic evidence. Typically, IT auditors apply computer-assisted audit techniques, also known as CAAT (Computer Aided Auditing Technique). This technique is used to analyze the data, such as transaction data sales, purchasing, inventory transaction activity, customer activity, and others.

Audit basic steps SIAudit in the context of information technology is to check whether the computer system running properly. Seven step audit process: Implement a strategy based audit risk management and control practices that

can be agreed by all parties. Set steps detailed audit. Use facts / material evidence sufficient, reliable, relevant, and useful. Make a report with conclusions based on the facts collected. Examine whether the audit objectives achieved. Convey reports to interested parties. Ensure that the organization implements risk management and control

practices.

Stages of Information System AuditAudit Information System can be done in various stages. Stages of audit consists of 5 stages as follows: The stage of preliminary examination Detailed examination phase. Conformance testing phase. Stages of testing the truth of the evidence. Stage of the overall assessment of the results of testing.

Who Audited ?

Management IT Manager IT Specialist (network, database, system analyst, programmer,

etc.)user

Conducting AuditDepending Audit Objectives Internal Audit (first party audits) Made by or on behalf of the

company itselfUsually for management review or internal company purposes

Independent institutions outside the enterprise Second party audit Conducted by special interest groups thd company Third party audit Conducted by independent parties outside the company. For example, for certification (ISO 9001, BS7799, etc.).

Tasks IT Auditor Make sure the sides of the application of IT has the necessary

controls. Ensure the controls are applied properly as expected

Which is conducted

Preparation. Document Review. Preparatory activities on-site audit. Conducting on-site audit. Preparation, approval and distribution of audit reports. Follow-up audit.

Output activity AuditThe final result is in the form of a report that contains: Scope of the audit. Methodology. Findings. Non-compliance (the nature of nonconformities, bukti2 supporters, met

the requirements dud, location, degree of mismatch). Conclusion (level of conformance to the audit criteria, the effectiveness

of the implementation, maintenance and management system development, recommendation).

IT auditor needs Internal Audit -> every company needs. Company audit service providers. Company certification providers.

Principles of Auditing Ethical conduct

Based on professionalism, honesty, integrity, confidentiality and discretion

Fair PresentationThe obligation to report honestly and accurately

Due professional careImplementation of seriousness and consideration given

Independence Evidence-base approach

FINISH