Individual Assignment Dasar-Dasar Audit Sistem Informasi Ekstensi CHAPTER 1 CHAPTER 3 (TOTAL POINT = 40) TERMS QUESTIONS Please

e do explain the terms below: 1. What COSO stands for? (2 points) 2. What are the differences between attest services and advisory services? (2 points) 3. What are the 3 types of risks? (3 points) 4. What are general types of management assertions? (4 points) 5. What are the key elements of a disaster recovery plan? (4 points) 6. Which chapter from Peraturan Bank Indonesia covering Information Technology which be based to review the internal audit work? (3 points)

PRACTICED QUESTIONS A. Please determine some of detection risks probably occurred in these following statements? (In other words, what could go wrong in these following statements?) (6 points) At the end of the month, the HR and payroll data are interfaced from PeopleSoft system to SAP to be calculated. Every 2 am, the system would automatically back up the financially significant data from the system to the back-up tape. The system would automatically calculate the interest for each customer. B. Please determine what kind of assertions is hit by these following controls; (See page 7. It could be one or combination of Existence and Occurrence, Completeness, Rights and Obligations, Valuation or Allocation and Presentation and Disclosure) (4 points) The system automatically calculates the price based on foreign exchange (forex) rate. The Account Payable (AP) clerk performs 3-way matching between Purchase Order (PO) against invoice and Good Receipt (GR) before the invoice could be processed any further. C. Please identify whether the control; (6 points) Automated or manual Preventive or detective Otherwise, just leave as an activity. 1. Password over the operating system is reviewed in a regular basis.

2. Every day, the system automatically backs up the financially significant data and that is periodically tested for recoverability. 3. The access control matrix for vendor master data is reviewed in a timely basis to ensure the appropriateness of access level. D. Please choose whether the scenarios related to segregation of duties below are either; (6 points) Appropriate compare to best practice Not too appropriate compare to best practice 1. The user access matrix for payroll application is defined by IT department and being reviewed by payroll supervisor. 2. The audit trail for SQL database is set by a database administrator (staff) and being reviewed by another database administrator (department head). 3. An account payable staff could create PO (Purchase Order), while the entire account payable supervisor could create and approve PO.