Download as ppt, pdf, or txt
Download as ppt, pdf, or txt
You are on page 1of 31


IT General Controls
Part 1

May 23, 2023

IS Audit Syllabus
1. Introduction of IS Audit
2. IT Environment
3. IT Process
4. General Computer Control Review (1)
5. General Computer Control Review (2)
6. General Computer Control Case Study
7. Application Control Review
8. Data Analysis Approach
9. IT Audit Integration
10. IT Security
11. IT Risk Management & IT Governance
12. ERP Systems
May 23, 2023
Module Objectives

 Gain an understanding of the IT General

 Understand what are included in the IT
General Controls

May 23, 2023


 PART 1
 Overview
 IT planning and organization
 Change management
 PART 2
 Physical security
 Logical access controls
 Back-up, recovery and contingency

May 23, 2023

Study Guide in Book of Weber

Management and 3. Top Management Controls 72 – 83 (12)

organization 86 – 90 (5)

Change Management 4. System Development Management 105 – 137 (36)

5. Programming Management Controls 160 – 185 (26)
Physical Security 7. Security management Controls 244 – 266 (32)

Logical Access 10. Boundary Controls 378 – 391 (13)

Back- up, recovery and 7. Security management Controls 268 – 272 (5)

May 23, 2023


May 23, 2023

Phases of an IT audit
Audit Planning Test of controls Test of controls
Phase Phase Phase

Review Perform Tests of Perform

Organizations Controls Substantive
Start policies, Practices tests
and structure

Evaluate test Evaluate

Review General
result results and
Controls and
issue Auditor’s

Plan tests of Determine

controls and degree of Audit
substantive reliance on Report
testing controls

May 23, 2023

Pengendalian Dalam SIK – PSA 60 – SA 314
- Karakteristik SIK

 Karakteristik Organisasi
 Pemusatan fungsi & pengetahuan
 Pemusatan program dan data-data
 Karakteristik Sistem
 Tidak adanya dokumen input data
 Tidak adanya transaction trail
 Output tidak kasat mata

May 23, 2023

Pengendalian Dalam SIK – PSA 60 – SA 314
- Karakteristik SIK
 Desain dan Prosedur
 Kinerja yang konsisten

 Prosedur pengendalian terprogram

 Pemutakhiran transaksi tunggal ke database

 Terdapat transaksi yang ditimbulkan oleh
 Rentannya media penyimpanan data transaksi
dari kerusakan fisik maupun program

May 23, 2023

Pengendalian Intern dalam SIK

 Prosedur pengendalian manual

komputer terdiri atas
 Pengendalian menyeluruh yang
berdampak terhadap lingkungan
SIK (pengendalian umum SIK), dan
 Pengendalian khusus atas aplikasi
akuntansi (pengendalian aplikasi
May 23, 2023
General Controls - SA 314

 Tujuan : membuat rerangka pengendalian

menyeluruh atas aktivitas SIK dan untuk
memberikan tingkat keyakinan memadai
bahwa tujuan pengendalian intern secara
keseluruhan dapat tercapai.

May 23, 2023

General Controls Element
 Pengendalian Umum meliputi :
 Pengendalian organisasi dan manajemen
 Pengendalian terhadap pengembangan dan
pemeliharaan sistem aplikasi
 Pengendalian terhadap sistem operasi
 Pengendalian terhadap sistem software
 Pengendalian terhadap entry data dan
 Back up and recovery

May 23, 2023

Pengendalian organisasi dan
 Didesain untuk menciptakan rerangka
organisasi aktivitas SIK,
 Pengendalian operasi dan manajemen
meliputi :
 Kebijakan dan prosedur yang berkaitan
dengan fungsi pengendalian.
 Pemisahan semestinya fungsi yang tidak
sejalan (seperti penyiapan transaksi
masukan, pemrograman, dan operasi

May 23, 2023

Pengendalian terhadap pengembangan
dan pemeliharaan sistem aplikasi
 Didesain untuk memberikan keyakinan memadai
bahwa sistem dikembangkan dan dipelihara dalam
suatu cara yang efisien dan melalui proses otorisasi
 Pengendalian ini juga didesain untuk menciptakan
pengendalian atas:
 Pengujian, perubahan, implementasi, dan
dokumentasi sistem baru atau sistem yang direvisi.
 Perubahan terhadap sistem aplikasi.
 Akses terhadap dokumentasi sistem.
 Pemerolehan sistem aplikasi dan listing program
dari pihak ketiga.

May 23, 2023

Pengendalian terhadap sistem
 didesain untuk mengendalikan operasi
sistem dan untuk memberikan keyakinan
memadai bahwa:
 Sistem digunakan hanya untuk tujuan yang telah
 Akses ke operasi komputer dibatasi hanya bagi
karyawan yang telah mendapat otorisasi.
 Hanya program yang telah diotorisasi yang
 Kekeliruan pengolahan dapat dideteksi dan

May 23, 2023

General Control Illustration

BCP, Backup and Recovery, Contingency Site

Development Testing Production

Logical Access Control


IT m a n a g er
Program Change Control
S e c u rity A d m in is tra to r P ro g ra m m er
Physical Access Control T y p e title h e re T y p e title h e re T y p e title h e re

Policy and Standard Operating Procedures

May 23, 2023
IT Planning and Organization

May 23, 2023

Organizational controls ensure the
Definition alignment of IT facilities with the business needs
and the proper management of these facilities.
• IT does not support business needs
• Loss of efficiency, untimely problem solving, unsatisfied staff,
Key no improvements
risks • Unwanted combination of functions
• Untimely management reporting
• High dependence on one/few persons

• Planning and budgeting

• Quality and quantity of staff
• Segregation of duties or close supervision
• Efficient use of IT
• Procedures and documentation

May 23, 2023

Type of IT Plan

 Strategic Plan (3-5 years)

 Current information assessment
 Strategic directions

 Development strategy

 Operational Plan (1-3 years)

 Progress reports
 Initiative to be undertaken

 Implementation schedule

May 23, 2023

IT Plan Review
 Auditors evaluate whether top management
has formulated a high-quality information
systems plan appropriate to the needs of their
 Example of risks caused by poor planning:
 declining efficiency and effectiveness of IT
 insufficient resources to provide the required IT
functions / availability,
 going concern issues and lack of competitive

May 23, 2023

Organizational issues
 Position of IT department in organization
 Planning and reporting
 Centralization or decentralization of tasks
 Functions and task descriptions of IT staff
 Quality and quantity of staff
 Cost center, Profit center, Investment
center and Hybrid center

May 23, 2023

Change Management

May 23, 2023

Change Management

Change management procedures ensure that changes

Definition in the IT hardware and software do not negatively
affect the general and application controls.

• Loss of effectiveness of IT controls

• Loss of valuable hardware during changes
• IT no longer meets the business needs

• Use of a development and programming standards

Key • Proper testing by the users
controls • Up-to-date hard- and software documentation
• User involvement in initiating and approving changes

May 23, 2023

Integrated Audit Approach with the
Systems Development Life Cycle
Information Analysis

System Design

Program Development

Procedures and forms

Acceptance Testing


Operation &

May 23, 2023

Software Change Process
Read, write and Use access rights
Use access rights
delete access rights for developers
for users
for developers and users

Test and
Development Production

Software library
Read access for librarian

May 23, 2023

Preliminary study
 To evaluate the feasibility of the new system using 4
 Technical feasibility:
 Is the available Technology sufficient to support the
proposed project? Can the technology be acquired or
 Operational feasibility:
 Can the input data be collected for the system? Is the
output usable?
 Economic feasibility:
 Do the benefits of the system exceed the cost?
 Behavioral feasibility:
 What impact will the system have on the users’
quality of working life?

May 23, 2023

Type of Testing

 Program Testing
 System Testing
 User Testing
 Quality Assurance Testing

May 23, 2023

Types of question in UAT process
 How was the testing process planned?
 How were test data designed and developed?
 What test data were used?
 What test results were obtained?
 What actions were taken as a result of errors or
deficiencies identified?
 What subsequent modifications to test data were made in
light of testing experience?
 How was control exercised over test data and the
acceptance testing process?

May 23, 2023

Question and Answer

May 23, 2023


May 23, 2023

Thank You

May 23, 2023

You might also like