1. 1 Pertemuan 5 Internal Control System Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1

2. 2 Learning Outcomes Pada akhir pertemuan ini, diharapkan mahasiswa akan mampu : Mahasiswa dapat menunjukkan Internal Control System.

3. 3 Outline Materi Definition Fundamental Assumption in Establishing An Internal Control System –Business Reasons for A Strong Internal Control System –Legal Reasons for A Strong Internal Control System –Basic Assumptions for the Internal Control System –Evolution of Attacks and Intruders’ Technical Knowledge –Cost-Benefit Analysis of Controls

4. 4 Definition Executives and auditors alike understand the importance of a strong internal control system in relation to financial audits and reliable financial reports

5. 5 Internal control system is the policies, practices, procedures and tools designed to: –Safeguard corporate assets. –Ensure accuracy and reliability of data captured and information products. –Promote efficiency. –Measure compliance with corporate policies. –Measure compliance with regulations. –Manage the negative events and effects from fraud, crime and deleterious activities.

6. 6 Fundamental Assumptions in Establishing An Internal Control System Management should employ the skills and abilities of professionals in designing internal controls and auditing their effectiveness. That includes technicians in the information systems function and audit professionals in the internal audit function.

7. 7 If the company is conducting business over the internet, that would include information system professionals such as Certified Information System Security Professional (CISSP), Certified Information Technology Professional (CITP) or Certified Information Systems Auditor (CISA) who understand both computer technologies and security. For the internal audit function is would include Certified Internal Auditor (CIA) or CISA. Internal control professionals should also be involved in all new systems development – CIA, CISA or CITP.

8. 8 Business Reasons for A Strong Internal Control System The business reasons have to do with management objectives.

9. 9 Legal Reasons for A Strong Internal Control System The last statement brings up the second point about compliance with applicable laws and regulations.

10. 10 Basic Assumption for The Internal Control System The first basic assumption is that of management responsibility. The responsibility for an effective internal control system is not that of internal auditors, external auditors, management accountants or any other group except management. The second assumption is that of reasonable assurance. There is no such thing as a perfect internal control system. Controls can generally be compromised under the right conditions. Internal control does not guarantee that an entity will meet management objectives or even that the firm will survive.

11. 11 The third assumption is independence from the method of data processing. The specific controls will vary with different technologies but the objectives should be process independent. The fourth assumption deals with limitations, of which there are several.

12. 12 Evolution of Attacks and Intruders’ Technical Knowledge Attacks have grown from simplistic to complicated while simultaneously the technical knowledge needed by intruders has gone from a high level to a very low level.

13. 13 Cost-Benefit Analysis of Controls An important constraint in developing internal controls is the use of cost-benefit analysis on controls. Control activities are subject to the some cost-benefit analysis of other management activities.

14. 14 The End