Sistem Pengenalian (Kontrol) Intern & CoBIT IT Governance Pertemuan 3-4 Matakuliah: A0294/Audit SI Lanjutan Tahun: 2009.

Slides:



Advertisements
Similar presentations
IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
Advertisements

Alignment of Enterprise Governance and IT Governance
Analisa Proses. Terjemahan model analisis menjadi desain software.
Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems
Auditing Corporate Information Security John R. Robles Tuesday, November 1, Tel:
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
TI BISNIS ITG using COBIT &
COBIT Framework Source:
COBIT - II.
IT Governance Capability Maturity within Government
Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:
Security Controls – What Works
1 Executive Briefing October 16,  Deputy State Auditor, MIS & IT Audit, Commonwealth of Massachusetts  Adjunct faculty at Bentley College 
By Collin Smith COBIT Introduction By Collin Smith
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
1 Pertemuan 6 Internal Control System Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.
Internal Control Pertemuan 05 s.d 06 Matakuliah: F0712 / Lab Sistem Informasi Akuntansi Tahun: 2007.
Pertemuan 9-10 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
The Information Systems Audit Process
COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.
Information Systems Controls for System Reliability -Information Security-
Welcome ISO9001:2000 Foundation Workshop.
Control environment and control activities. Day II Session III and IV.
Chapter 4 Internal Controls McGraw-Hill/Irwin
COBIT®. COBIT - Control Objectives for Information and related Technology C OBI T was initially created by the Information Systems Audit & Control Foundation.
Control and Accounting Information Systems
Chapter 8 Introduction to Internal Control Systems
Chapter 3 Internal Controls.
Introduction to Internal Control Systems
Vijay V Vijayakumar.  SOX Act  Difference between IT Management and IT Governance  Internal Controls  Frameworks for Implementing SOX  COSO - Committee.
Chapter Three IT Risks and Controls.
Internal controls. Session objectives Define Internal Controls To understand components of Internal Controls, control environment and types of controls.
Chapter 5 Internal Control over Financial Reporting
Overview:  Different controls in an organization  Relationship between IT controls & financial controls  The Mega Process Leads  Application of COBIT.
Monitoring Internal Control Systems Johann Rieser Senior Auditor, Ministry of Finance, Vienna.
Roles and Responsibilities
1 Chapter Three IT Risks and Controls. 2 The Risk Management Process Identify IT Risks Assess IT Risks Identify IT Controls Document IT Controls Monitor.
1. IT AUDITS  IT audits: provide audit services where processes or data, or both, are embedded in technologies.  Subject to ethics, guidelines, and.
Presented By Tay Un Soo Senior VP, Bank of Commerce President of ISACA - Malaysia Chapter 1999 National Accountants Conference THRIVING IN THE DIGITAL.
Roadmap to Maturity FISMA and ISO 2700x. Technical Controls Data IntegritySDLC & Change Management Operations Management Authentication, Authorization.
An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.
Committee of Sponsoring Organizations of The Treadway Commission Formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting “Internal.
Risk Management. IT Controls Risk management process Risk management process IT controls IT controls IT Governance Frameworks IT Governance Frameworks.
© ITGI not for commercial use. 1 C OBI T ® Presentation Package Sample 10 Slides of 80-slide Deck The C OBI T ® framework explained in a complete.
IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others.
Chapter 9: Introduction to Internal Control Systems
Institute of Internal Auditors COBIT Presentation October 9, 2001.
COBIT®. COBIT® - Control Objectives for Information and related Technology. C OBI T was initially created by the Information Systems Audit & Control Foundation.
S5: Internal controls. What is Internal Control Internal control is a process Internal control is a process Internal control is effected by people Internal.
C OBI T and slides © 2007 IT Governance Institute. Used with permission. An Overview of C OBI T ®
Control and Security Frameworks Chapter Three Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.
#325 - CobiT and Service Delivery Debra Mallette, CISA, CSSBB Kaiser Permanente IT.
IT Auditor’s Role in IT Governance Fred C. Roth, CISA MIS Training Institute Session 425.
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
1 Using CobiT to Enhance IT Security Governance LHS © John Mitchell John Mitchell PhD, MBA, CEng, CITP, FBCS, MBCS, FIIA, CIA, CISA, QiCA, CFE LHS Business.
Auditors’ Dilemma – reporting requirements on Internal Financial Controls under the Companies Act 2013 and Clause 49 of the Listing agreement V. Venkataramanan.
ISACA Willamette Valley Chapter Luncheon Thursday, March 20, 2008 Practical Auditors Guide for CobiT Steve Balough, CISA.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
BIL 424 NETWORK ARCHITECTURE AND SERVICE PROVIDING.
Alignment of COBIT to Botswana IT Audit Methodology
Control and Accounting Information Systems
An overview of Internal Controls Structure & Mechanism
Presentation transcript:

Sistem Pengenalian (Kontrol) Intern & CoBIT IT Governance Pertemuan 3-4 Matakuliah: A0294/Audit SI Lanjutan Tahun: 2009

Bina Nusantara University 2 Risk & Control Perlu Control karena ada Risk (dari Italia Risicare, dalam English to dare): “the action we dare to take, which depend on how free we are to make choices”.

Bina Nusantara University 3 Overview of Control Concepts What is the traditional definition of internal control? Internal control is the plan of organization and the methods a business uses to safeguard assets, provide accurate and reliable information, promote and improve operational efficiency, and encourage adherence to prescribed managerial policies.

Bina Nusantara University 4 Overview of Control Concepts What is management control? Management control encompasses the following three features: –It is an integral part of management responsibilities. –It is designed to reduce errors, irregularities, and achieve organizational goals. –It is personnel-oriented and seeks to help employees attain company goals.

Bina Nusantara University 5 Internal Control Classifications The specific control procedures used in the internal control and management control systems may be classified using the following four internal control classifications: –Preventive, detective, and corrective controls –General and application controls –Administrative and accounting controls –Input, processing, and output controls

Bina Nusantara University 6 Model of Internal Controls COSO Framework of Internal Control ISACA COBIT Canadian CoCo The IIA SAC/e-SAC United Kingdom Cadbury Commission Dan sebagainya

Bina Nusantara University 7 Committee of Sponsoring Organizations In 1992, COSO issued the results of a study to develop a definition of internal controls and to provide guidance for evaluating internal control systems. The report has been widely accepted as the authority on internal controls.

Bina Nusantara University 8 Committee of Sponsoring Organizations The Committee of Sponsoring Organizations (COSO) is a private sector group consisting of five organizations: –American Accounting Association –American Institute of Certified Public Accountants –Institute of Internal Auditors –Institute of Management Accountants –Financial Executives Institute

Bina Nusantara University 9 COSO Internal Control Soft Controls “People” Openness Shared Values Clarity Commitment to Competence Honesty High Expectations Communications Hard Controls “Activities” Reviews Inspections Policies Reconciliations Structure Limits of Authority Userids and Password Physical Counts

Bina Nusantara University 10 Five Interrelated Components of Internal Control 1. Control environment- tone at the top 2. Risk assessment - identification/analysis of risks 3. Control activities - policies and procedures 4. Information & communication - processing of info in a form and time frame to enable people to do their jobs 5. Monitoring - process that assess quality of internal control over time

Bina Nusantara University 11 Information Systems Audit and Control Foundation The Information Systems Audit and Control Foundation (ISACF) recently developed the Control Objectives for Information and related Technology (COBIT). COBIT consolidates standards from 36 different sources into a single framework. The framework addresses the issue of control from three vantage points, or dimensions:

Bina Nusantara University 12 ISACA Foundation 1.Information: needs to conform to certain criteria that COBIT refers to as business requirements for information 2.IT resources: people, application systems, technology, facilities, and data 3.IT processes: planning and organization, acquisition and implementation, delivery and support, and monitoring

Bina Nusantara University 13 CobiT CobiT’s Control Objectives and Management Guidelines are valuable IT governance tools that help in the understanding and management of risks and benefits associated with information integrity, security and availability and the management of related IT.

Bina Nusantara University 14 Authoritative, up-to-date set of generally accepted IT control objectives and control practices for day-to-day use by business managers and auditors. Structured and organized to provide a powerful control model

Bina Nusantara University 15 Executive Summary -- Senior Executives (CEO, COO, CFO, CIO) Framework -- Senior Operational Management (Directors of IS and Audit / Controls) Control Objectives -- Middle Management (Mid-Level IS and IS Audit/ Controls Managers) Audit Guidelines -- The Line Manager and Controls Practitioner (Applications or Operations Manager and Auditor) Implementation Tool Set -- Any of the above Management Guidelines -- Management and Audit

Bina Nusantara University 16

Bina Nusantara University 17

Bina Nusantara University 18

Bina Nusantara University 19 Why and how is COBIT used?  Incorporates major international standards  Has become the de facto standard for overall control over IT  Starts from business requirements  Is process-oriented IT Processes IT Management Processes IT Governance Processes C OBI T repository for C OBI T as a response to the needs best practices

Bina Nusantara University 20 CobiT Framework IT Domains PLANNING&ORGANISATION ACQUISITION&IMPLEMENTATIONDELIVERY&SUPPORT MONITORING BUSINESS OBJECTIVES INFORMATION IT RESOURCES

Bina Nusantara University 21 PO1 Define a strategic IT plan PO2 Define the information architecture PO3 Determine the technological direction PO4 Define the IT organisation and relationships PO5 Manage the IT investment PO6 Communicate management aims and direction PO7 Manage human resources PO8 Ensure compliance with external requirements PO9 Assess risks PO10 Manage projects PO11 Manage quality AI1 Identify automated solutions AI2 Acquire and mantain application software AI3 Acquire and maintain technology infrastructure AI4 Develop and maintain IT procedures AI5 Install and accredit systems AI6 Manage changes M1 Monitor the process M2 Assess internal control adequacy M3 Obtain independent assurance M4 Provide for independent audit DS1 Define service levels DS2 Manage third-party services DS3 Manage peformance and capacity DS4 Ensure continuous service DS5 Ensure systems security DS6 Identify and attribute costs DS7 Educate and train users DS8 Assist and advise IT customers DS9 Manage the configuration DS10 Manage problems and incidents DS11 Manage data DS12 Manage facilities DS13 Manage operations IT RESOURCES IT RESOURCES Data Application systems Technology Facilities People Data Application systems Technology Facilities People PLAN AND ORGANISE PLAN AND ORGANISE ACQUIRE AND IMPLEMENT ACQUIRE AND IMPLEMENT DELIVER AND SUPPORT Effectiveness Efficiency Confidenciality Integrity Availability Compliance Reliability Effectiveness Efficiency Confidenciality Integrity Availability Compliance Reliability Criteria Business Objectives C OBI T Framework MONITOR AND EVALUATE

Bina Nusantara University 22 Control Objectives & Control Practices High-level control objective – One per process Detailed control objectives – Three to 30 per process Control practices – Five to seven per control objective

Bina Nusantara University 23 CobiT IT Domains Processes PLANNING & ORGANISATION 1.Define a strategic IT plan 2.Define the information architecture 3.Determine the technological direction 4.Define the IT organization and relationships 5.Manage the investment 6.Communicate management aims and directions 7.Manage human resources 8.Ensure compliance with external requirements 9.Assess risks 10.Manage project 11.Manage quality PLANNING&ORGANISATION

Bina Nusantara University 24 CobiT IT Domains Processes ACQUISITION & IMPLEMENTATION 1.Identify solutions 2.Acquire and maintain application software 3.Acquire and maintain technology architecture 4.Develop and maintain IT procedures 5.Install and accredit systems 6.Manage changes ACQUISITION&IMPLEMENTATION

Bina Nusantara University 25 CobiT IT Domains Processes DELIVERY & SUPPORT Define Service Levels 1.Manage third-party services 2.Manage performance and capacity 3.Ensure continuous service 4.Ensure system security 5.Identify and attribute costs 6.Educate and train users 7.Assist and advise IT customers 8.Manage the configuration 9.Manage problems and incidents 10.Manage data 11.Manage facilities 12.Manage operations DELIVERY&SUPPORT

Bina Nusantara University 26 CobiT IT Domains Processes MONITORING 1.Monitor the processes 2.Assess the internal control adequacy 3.Obtain independent assurance 4.Provide for independent audit MONITORING

Bina Nusantara University 27 Framework data application systems technology facilities people BUSINESS PROCESSES BUSINESS PROCESSES INFORMATION IT RESOURCES effectiveness efficiency confidentiality integrity Availability Compliance reliability effectiveness efficiency confidentiality integrity Availability Compliance reliability Information Criteria Do they match? What you need What you get

Bina Nusantara University 28 Information Criteria (Component-1) Effectiveness Efficiency Confidentiality Integrity Availability Compliance Reliability of Information

Bina Nusantara University 29 IT Resources (Component-2) Data Application Systems Technology Facilities People

Bina Nusantara University 30 COBIT Domains: Information Processes (3rd Component) Planning/ Organization Acquisition / Implementation Delivery / Support Monitoring

Bina Nusantara University 31 Relation to Other Control Models CobiT is in alignment with other control models: – COSO – COCO – Cadbury – King

Bina Nusantara University 32 CobiT : An IT control framework u Starts from the premise that IT needs to deliver the information that the enterprise needs to achieve its objectives. u Promotes process focus and process ownership u Divides IT into 34 processes belonging to four domains u Looks at fiduciary, quality and security needs of enterprises and provides for seven information criteria that can be used to generically define what the business requires from IT u Effectiveness u Efficiency u Availability, u Integrity u Confidentiality u Reliability u Compliance. u Planning u Acquiring & Implementing u Delivery & Support u Monitoring

Bina Nusantara University 33 Why governance? “Due diligence” IT is strategic to the business IT is critical to the business Expectations and reality don’t match IT involves huge investments and large risks

Bina Nusantara University Non- Existent InitialRepeatableDefinedManagedOptimised Enterprise current status International standard guidelines Industry best practice Enterprise strategy Legend for symbols usedLegend for rankings used 0 - Management processes are not applied at all 1 - Processes are ad hoc and disorganised 2 - Processes follow a regular pattern 3 - Processes are documented and communicated 4 - Processes are monitored and measured 5 - Best practices are followed and automated Start from a Maturity Model

Bina Nusantara University 35 1Non-exxistenceTahap yang paling awal, masih pemula (belum mapan). proses manajemen tidak ada sama sekali, komputerisasi dilaksanakan secara alamiah, tidak diimplementasikan berdasarkan suatu metodologi yang tepat. Misalnya perusahaan menggunakan komputer tetapi hanya untuk pengetikan atau pembuatan tabel-tabel laporan yang belum terarah dan dilakukan secara amatiran. Artinya sudah menggunakan komputer, tetapi belum menjalankan sistem berbasis komputerisasi. 2InitialSudah mulai ada kegiatan penyusunan sistem komputerisasi yang lebih terorganisir/ terarah, tatapi perencanaan, perancangan, dan proses masih bersifat ad-hoc dan tidak terorganisir dengan baik. 3RepeatableProses perencanaan, perancangan, dan implementasi sistem berbasis komputer telah menemukan pola yang lebih terarah, berjalan dengan pola yang sama (mulai mengenal “metodologi” pengembangan sistem, system development methodology). 4DefinedSeluruh proses telah didokumentasikan dan telah dikomunikasikan dan dilaksanakan berdasarkan metoda pengembangan sistem komputerisasi yang baik. 5ManagedProses komputerisasi telah dapat dimonitor dan terukur dengan baik, manajemen proyek pengembangan sistem komputerisasi sudah dijalankan dengan lebih terorganisir. 6OptimizedBest practices telah diikuti dan diotomatisasi pada sistem berdasarkan proses yang terencana, terorganisir dan menggunakan metodologi yang tepat. Skala level of maturity of IT governance

Bina Nusantara University 36 How Does COBIT Link to IT Governance? IT Governance Goals Responsibilities Control Objectives Business Needs to Direction (IT Strategy and Policy) Control, Risk and Requirements Information the Achieve Its Objectives Information (IT Assurance)

Bina Nusantara University 37 The End

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.