Professional Documents
Culture Documents
Webster Dictionary
List of ERP
ERP Modules – SAP
ERP Modules – SAP (Cont’d)
ERP Modules – SAP (Cont’d)
Organization IT PMO System
Procurement System
Architecture
ERP
Payment Gateway
Taxation System
ERP Resources
Business
Supply Chain
Process
Management
Improvement
User-Developed Applications (UDAs)
What are UDAs?
Spreadsheets and databases created and
used by end users to extract, sort, calculate,
and compile organizational data to analyze
trends, make business decisions, or
summarize operational and financial data
and reporting results.
User-Developed Apps (Examples)
Procurement System
Sistem Informasi
Sistem Aplikasi Pengelolaan Keuangan
Keuangan Tingkat Daerah (SIPKD)
Instansi (SAKTI)
Benefits of UDAs
Quicker to
develop and
use
Readily
Configurable available
and flexible tools at a
lower cost
UDA Risks
Confidentiality Regulatory
risks risks
BREAKOUT: Audit of User-Developed
Applications
Work individually.
Read the excerpt from “GTAG 14: Auditing
User-developed Applications.”
Be prepared to discuss.
Spreadsheets
Frequent uses:
Support of journal entries
Management reporting
Calculating bonuses and incentive
compensation
Spreadsheet Characteristics
Easy to
use
Easy to Easy to
share change
IT Organizational Chart
CEO
CIO
Processes Descriptions
(Layers)
IT management The set of people, policies, procedures,
and processes that manage IT services
and facilities
Technical infrastructure The technology that underlies, supports,
and enables primary business applications
Applications Programs that perform specific tasks
related to business operations
External connections The corporate network connections to
other external networks
Internal Audit Role in IT Auditing
Manual Controls
Manual
IT Dependent
Type of Control Manual Controls
Objective of Control
IT Control Classifications
Source: Practice Guide “Information Technology Risks and Controls,” second edition
IT Internal Control Objectives
Processes
Organizational structures
7 enablers
Culture, ethics, and behavior
Information
5 key principles
1. Meeting
stakeholder
needs
5. Separating
2. Covering
governance
the enterprise
from
end-to-end
management
3. Applying a
4. Enabling a
single
holistic
integrated
approach
framework
Goals of IT Controls and Control
Frameworks
Provide:
Compliance with
regulations and legislation.
Consistency with business
objectives.
Practice Guide
Continuity with governance
(Previously GTAG 1) policies and risk appetite.
Testing Processes
Test of Design Effectiveness
Walkthrough
Data
Data input
origination
Processing Output
Data Origination and Input
❑ Procedures
❑ Input Edits
❑ Balancing
❑ Batching
❑ Authorization
❑ Segregation of Duties
❑ Retention
Processing Controls
System
Documentation
Processing
Audit Trails
Logs
Output Controls
Output
Distribution
Integrity
Record
Destruction
Retention
Interface Controls
❑ Security Administration
- Access (logical)
- Access (physical)
- User awareness
❑ Authenticity
WIIFM
Record any new ideas you picked up.
How will you use what you learned on
the job?
Q&A?
Questions?
End-of-Unit-5- - - -
THANK YOU!