INTERNAL CONTROL SYSTEMS

• Students are able to:

– Explain Basic control concepts and why computer control and security control are important.
– Compare and Contrast the COBIT, COSO and ERM control Frameworks.
– Describe Major elements in the Environmental of a company
– Describe the four types of Control objectives that companies need to set.
– Describe the event that affect uncertainty and The techniques to identify them
– Describe control activities commonly used in companies
 Explain Basic control concepts and why computer control and
security control are important.

• Ancaman Terhadap SIA

WHAT ARE EXAMPLES OF NATURAL
AND POLITICAL DISASTERS?
– fire or excessive heat
– floods
– earthquakes
– high winds
– war
WHAT ARE EXAMPLES OF SOFTWARE
ERRORS AND EQUIPMENT
MALFUNCTIONS ?
– hardware failures
– power outages and fluctuations
– undetected data transmission errors
WHAT ARE EXAMPLES OF
UNINTENTIONAL ACTS?
– accidents caused by human carelessness
– innocent errors of omissions (kelalaian)
– lost or misplaced data
– logic errors
– systems that do not meet company needs
WHAT ARE EXAMPLES OF INTENTIONAL
ACTS ?
– Sabotage (sabotase)
– computer fraud (kecurangan)
– Embezzlement (penggelapan)
 Need For Control
• Organizational Cost of
Organizational
cost of data
lost
data loss
O R G A N I Z AT I O N Value of
• Cost of incorrect
decision making
hardware a,
software and
personnel

High Cost of
Computer
error
• Cost of computer abuse
• Value of hardware,
Maintenance
Privacy
software, personnel
• High cost of computer
error
Cost of
incorrect
decision

Controlled
Evolution of
• Maintenance of privacy
• Controlled evolution of
Computer use

computer use
Cost of
computer
abuse

5/6/2019 Ron Webber, Overview of IS AUdting 7

PERTANYAAN

• Mengapa pengendalian dan keamanan terhadap SIK itu Penting

• Jelaskan bentuk ancaman terhadap SIA.
– Jawaban dengan memberikan contoh mendapat nilai tambah
OVERVIEWS CONCEPT CONTROLS
 What is management control?
 Management control encompasses the
following three features:
1 It is an integral part of management
responsibilities.
2 It is designed to reduce errors, irregularities,
and achieve organizational goals.
3 It is personnel-oriented and seeks to help
employees attain company goals.
IDENTIFY FINANCIAL INFORMATION
SYSTEM CONTROLS
• A control is a system that prevent, detect and corrects unlawful event. It Is a system because all
components of the controls must be in place and working for the controls to functions reliably.
• Control is a system, its compromises a set of interrelated system components that functions
together to achieve overall purposes.
• Focus of control is unlawful events. It can arise if unauthorized, inaccurate, incomplete,
redundant, ineffective or inefficient input enters the system

IS Constrol and AUdit, ROn Weber. CISA review Manual,

9/28/11 10
ISACA, 2003
OVERVIEWS CONCEPT CONTROLS

• What is the traditional definition of internal control?

• Internal control is the plan of organization and the methods a business uses to safeguard
assets, provide accurate and reliable information, promote and improve operational efficiency,
and encourage adherence to prescribed managerial policies.
INTERNAL CONTROL
CLASSIFICATIONS
• The specific control procedures used in the internal control and management control systems
may be classified using the following four internal control classifications:
1 Preventive, detective, and corrective controls
2 General and application controls
3 Administrative and accounting controls
4 Input, processing, and output controls
PERTANYAAN

• Apa defenisi dari Pengendalian atau control

• Sebutkan Klasifikasi dari pengendalian
COMMITTEE OF SPONSORING
ORGANIZATIONS
• The Committee of Sponsoring Organizations (COSO) is a private sector group consisting of
five organizations:
1 American Accounting Association
2 AICPA
3 Institute of Internal Auditors
4 Institute of Management Accountants
5 Financial Executives Institute
COMMITTEE OF SPONSORING
ORGANIZATIONS
• In 1992, COSO issued the results of a study to develop a definition of internal controls and to
provide guidance for evaluating internal control systems.
• The report has been widely accepted as the authority on internal controls.
COMMITTEE OF SPONSORING
ORGANIZATIONS
• The COSO study defines internal control as the process implemented by the
board of directors, management, and those under their direction to provide
reasonable assurance that control objectives are achieved with regards to:
– effectiveness and efficiency of operations
– reliability of financial reporting
– compliance with applicable laws and regulations
COMMITTEE OF SPONSORING
ORGANIZATIONS
• COSO’s internal control model has five crucial components:
1 Control environment
2 Control activities
3 Risk assessment
4 Information and communication
5 Monitoring
INFORMATION SYSTEMS AUDIT
AND CONTROL FOUNDATION
• The Information Systems Audit and Control Foundation (ISACF) recently developed the
Control Objectives for Information and related Technology (COBIT).
• COBIT consolidates standards from 36 different sources into a single framework.
• The framework addresses the issue of control from three vantage points, or dimensions:
INFORMATION SYSTEMS AUDIT
AND CONTROL FOUNDATION
1 Information: needs to conform to certain criteria that COBIT refers to as business
requirements for information
2 IT resources: (people, application systems, technology, facilities, and data)
3 IT processes: (planning and organization, acquisition and implementation, delivery and support,
and monitoring
• Apa yang dimaksud dengan COSO dan ISACF
• Sebutkan anggota COSO
• Apa yang dihasilkan oleh COSO
• Apa yang dihasilkan oleh ISACF
•
COSO’S INTERNAL
CONTROL MODEL HAS FIVE
CRUCIAL COMPONENTS:
1 Control environment
2 Control activities
3 Risk assessment
4 Information and communication
5 Monitoring
CONTROL ENVIRONMENT

• The core business is Its people-their individual attributes, including integrity, ethical vales and
competence and the environment in which they are operate.
• They are the engine that drive organization and the foundation on which everything rest
RISK ASSESSMENT

• The organization must aware of and deal with the risk it faces
• It must set objectives, integrated with the sales, production, marketing, financial and other
activities.
• So that the organization is operating in concrete,. It must also establish mechanism to identify,
analyze and manage the related risks
CONTROL ACTIVITIES

• Control policies and procedure must be establish and execute to help ensure that the action
identifies by the management as necessary to address risk to achievement of the organization’s
objective are effectively carried out
INFORMATION AND COMMUNICATION

• Surrounding the control activities are information and communication. These enable the
organization’s people to capture and exchange the information needed to conduct. Manage and
control its operation
MONITORING

• The entire process a must be monitored and modifications made as necessary. In this way the
system can react dynamically. Changing as condition warrant
• Mana yang paling penting diantara 5 komponen internal control.
THE CONTROL ENVIRONMENT
• The control environment consists of many factors, including the following:
1 Commitment to integrity and ethical values
2 Management’s philosophy and operating style
3 Organizational structure
THE CONTROL ENVIRONMENT
4 The audit committee of the board of directors
5 Methods of assigning authority and responsibility
6 Human resources policies and practices
7 External influences
COMMITMENT TO INTEGRITY AND
ETHICAL VALUES
• The management of an organization must show their commitments toward implementation of
ethical values
• The most critical aspect of an organization’s control environment is management’s attitude
toward internal control and the emphasis it places on internal control in the organizations
MANAGEMENT’S PHILOSOPHY AND
OPERATING STYLE
• The management of any organization strives for profitable operation, growth and other
indicator business success.
• But there are often difference in how management attempt to achieve goals for business
ORGANIZATIONAL STRUCTURE

• Another key element of a company’s control environment is its organization structure Which
define the line of authority and responsibility within the company and provides the overall
framework for planning, directing and controlling its operation
METHODS OF ASSIGNING AUTHORITY
AND RESPONSIBILITY
• Management’s methods of assigning authority and responsibility have an important influence on
the control environment.
• Authority and responsibility my be assigned through formal job descriptions
 Audit Committee

• An important element of the control environment of a publicly held corporation is the

function of its board of director whose members act as representative of the shareholder in
direction the business and affair of the corporation. Much of board work is performed through
its various committee. Audit committee is the most important board
HUMAN RESOURCES POLICIES AND
PRACTICES
• An organization's personnel policies and practices are still another key element of its control
environment.
• Policies and practice dealing with hiring, training, evaluating, compensating and promoting
employee can have an important effect on the organization
EXTERNAL INFLUENCES

• Numerous external values may effect the operation and practices of a business organization
and its control environment.
CONTROL ACTIVITIES
• The second component of COSO’s internal control model is control activities.
• Generally, control procedures fall into one of five categories:
1 Proper authorization of transactions and activities
2 Segregation of duties
CONTROL ACTIVITIES
3 Design and use of adequate documents and records
4 Adequate safeguards of assets and records
5 Independent checks on performance
PROPER AUTHORIZATION OF
TRANSACTIONS AND ACTIVITIES
• Authorization is the empowerment management gives employees to perform activities and
make decisions.
• Digital signature or fingerprint is a means of signing a document with a piece of data that cannot
be forged.
• Specific authorization is the granting of authorization by management for certain activities or
transactions.
SEGREGATION OF DUTIES
• Good internal control demands that no single employee be given too much responsibility.
• An employee should not be in a position to perpetrate and conceal fraud or unintentional
errors.
SEGREGATION OF DUTIES
Custodial Functions
Handling cash
Handling assets
Writing checks
Receiving checks in mail Authorization Functions
Authorization of
Recording Functions transactions
Preparing source documents
Maintaining journals
Preparing reconciliations
Preparing performance reports
SEGREGATION OF DUTIES
• If two of these three functions are the responsibility of a single person, problems can arise.
• Segregation of duties prevents employees from falsifying records in order to conceal theft of
assets entrusted to them.
• Prevent authorization of a fictitious or inaccurate transaction as a means of concealing asset
thefts.
SEGREGATION OF DUTIES
• Segregation of duties prevents an employee from falsifying records to cover up an inaccurate
or false transaction that was inappropriately authorized.
DESIGN AND USE OF ADEQUATE
DOCUMENTS AND RECORDS
• The proper design and use of documents and records helps ensure the accurate and complete
recording of all relevant transaction data.
• Documents that initiate a transaction should contain a space for authorization.
DESIGN AND USE OF ADEQUATE
DOCUMENTS AND RECORDS
• The following procedures safeguard assets from theft, unauthorized use, and vandalism:
– effectively supervising and segregating duties
– maintaining accurate records of assets, including information
– restricting physical access to cash and paper assets
– having restricted storage areas
ADEQUATE SAFEGUARDS OF
ASSETS AND RECORDS
• What can be used to safeguard assets?
– cash registers
– safes, lockboxes
– safety deposit boxes
– restricted and fireproof storage areas
– controlling the environment
– restricted access to computer rooms, computer files, and information
INDEPENDENT CHECKS
ON PERFORMANCE
• Independent checks to ensure that transactions are processed accurately are another
important control element.
• What are various types of independent checks?
– reconciliation of two independently maintained set of records
– comparison of actual quantities with recorded amounts
INDEPENDENT CHECKS
ON PERFORMANCE
– double-entry accounting
– batch totals
• Five batch totals are used in computer systems:
1 A financial total is the sum of a dollar field.
2 A hash total is the sum of a field that would usually not be added.
INDEPENDENT CHECKS
ON PERFORMANCE
3 A record count is the number of documents processed.
4 A line count is the number of lines of data entered.
5 A cross-footing balance test compares the grand total of all the rows with the grand total of all
the columns to check that they are equal.
PERTANYAAN

• Sebutkan lima katagori prosedur pengendalian (controls)

• Apa arti dari Authority
• Apa arti dari Segregation of duty
• Apa arti dari Design and Use of Adequate Documents and Records
• Apa arti dari Independen Check and performance
RISK ASSESSMENT
• Companies must identify the threats they face:
– strategic — doing the wrong thing
– financial — having financial resources lost, wasted, or stolen
– information — faulty or irrelevant information, or unreliable systems
RISK ASSESSMENT
• Companies that implement Accounting Information System must identify the threats the
system will face, such as:
1 Choosing an inappropriate technology
2 Unauthorized system access
3 Tapping into data transmissions
4 Loss of data integrity
RISK ASSESSMENT
5 Incomplete transactions
6 System failures
7 Incompatible systems
RISK ASSESSMENT
• Some threats pose a greater risk because the probability of their occurrence is more likely.
• What is an example?
• A company is more likely to be the victim of a computer fraud rather than a terrorist attack.
• Risk and exposure must be considered together.
PERTANYAAN

• Apa yang dimaksud Risk Asessment

• Mengapa RISK harus di identifikasi
• Sebutkan ancaman yang dihadapi dalam SIA dalam kaitannya dengan Risk Assesment
INFORMATION AND COMMUNICATION
• The fourth component of COSO’s internal control model is information and communication.
• Accountants must understand the following:
1 How transactions are initiated
2 How data are captured in machine-readable form or converted from source documents
INFORMATION AND COMMUNICATION
3 How computer files are accessed and updated
4 How data is processed to prepare information
5 How information is reported
6 How transactions are initiated
• All of these items make it possible for the system to have an audit trail.
• An audit trail exists when individual company transactions can be traced through the system.
PERTANYAAN

• Apa yang harus diketahui oleh akuntan dalam kaitannya dengankomponen COSO; Information
and communication?
• Jelaskan dengan contoh
MONITORING PERFORMANCE
• What are the key methods of monitoring performance?
– effective supervision
– responsibility accounting
– internal auditing
MONITORING PERFORMANCE
• The fifth component of COSO’s internal control model is monitoring.
• What are the key methods of monitoring performance?
– effective supervision
– responsibility accounting
– internal auditing
• Terima Kasih