Domain II - CSA Program Integration

Hari Setianto, Ak., MSocSc, CIA, CCSA, CFSA, CGAP, CISA

Direktur Akademis - YPIA
CSA Program Integration
A. Alternative approaches to CSA
B. Supporting technology alternatives
C. Cost/benefit analysis for implementation of the CSA
process
D. Organizational theory and behavior
E. Strategic and operational planning processes
F. Change management and business process
reengineering
G. Presentation techniques for successful integration
H. Organizational risk and control processes
I. Client feedback mechanisms (e.g., interviews, surveys)
J. Strategic CSA program planning methodologies or
techniques, including resource allocation
 Alternative
Approaches to CSA
 Approaches

Facilitated workshop

• Objective-based
• Risk-based
• Control-based
• Process-based

Surveys

Management-produced analysis
 Facilitated Workshop
• Gathering information from work teams
representing different level in the business
unit
• The goal is to identify control weaknesses and
risks and to develop ways for managing and
monitoring those risks
• The facilitator attempts to focus the group’s
thinking and ensure that it addresses key
issues
• Most effective where open communication and
continuous learning are encourage
 Objective-based
• Focus on the best way to achieve a business
objective
• Steps:
– Identifying controls in place to support the objective,
– Determining the residual risks remaining
– Decide whether the controls currently in place are
working effectively to optimize the achievement of
the objective
– Define what controls should be in place (new or
redesigned)
• Less formal, objective dictate what new
control might be effective
 Objective-based

• Identifikasi control terpasang untuk

mencapai objective (& assess residual risks)
• Flow: O-C-rR-assessment
• Jika sudah pernah dilakukan risk
identification yang mendalam (implemen
COSO)
• Asumsi: kontrol yang ada up to date

©2008 Hari Setianto - YPIA. All rights reserved.

 Risk-based
• Focus on listing the risks to achieving an
objective
• Steps:
– Listing barriers, obstacles, threats that prevent
achieving objectives
– Examining the control procedures in place
– Determine if they are sufficient to manage the key
risks
• The aim is to ensure that all significant risks
are adequately managed
• Some flexibility in brainstorm all possible risks
 Risk-based
• Flow: O-R-C-rR-assessment

• Risk identification mendalam

• Lebih banyak kepastian bahwa semua risk teridentifikasi

• Baik bagi yang baru start (belum COSO)

 Control-based
• Focuses on how well the controls in place are
working
• Facilitator identify the key risks and their
mitigating controls before the beginning of the
workshop
• The aim is to produce analysis of the gap
between how controls are working and how
well management expects those control to
work
• More formal  draws on existing knowledge of
the participants regarding controls and their
effectiveness, efficiency, and economy
 Control-based

• Flow: agreement on existing R & C, assessment

on effectiveness of Control
• Labih singkat dan mudah dilakukan
• Perlu pekerjaan persiapan lebih banyak
• Assurance lebih sedikit
• Buy-in lebih sedikit

©2008 Hari Setianto - YPIA. All rights reserved.

 Process-based
• Focuses on selected activities that are
elements of a chain of processes
• Covers identification of the objectives of the
whole process and the various immediate
steps
• The aim is to evaluate, update, validate,
improve, and streamline the whole process
and its components activities
• Supporting concurrent management efforts 
reengineering, quality, and continuous
improvement
 Process-based

 Flow: Process O- activity level O-

assessment

 Subjek workshop: business process

 Cross departmental
 Situational Approach

No Questions
1 What is this process? How things work?
2 What are the strengths (success) in our process? Give me
examples?
3 What are the weaknesses in our process? Are there
opportunities for improvement?
4 What are your suggestions to remedy these problems?
 Situational

 Flow: enablers – hindrances- solutions to

hindrances
 Easier to facilitate
 May not address specific objectives
 Less preparation
 No assessment of control

©2008 Hari Setianto - YPIA. All rights reserved.

The workshop - appraisal
Format Identify Assess

Objective-based Control <objective> Control effectiveness,

residual risks
Risk-based Risk, Control Risks, control
<objective> effectiveness, residual
risks
Control-based Control effectiveness Control effectiveness
<O, R, C>
Process-based Process objective – Objectives
activity objective
Situational Enablers, hindrances Enablers, hindrances
Supporting Technology
Alternatives
 Supporting Technology

• Databases
• Electronic and manual voting
• Presentation software and
hardware
• Project management software
 Open Voting
• Topic area is not contentious
• Good team communication and
leadership
• Environment of openness, trust and
respect
• Good management support
• Common cultural and behavioral norms
Advantages of electronic voting

• Immediate feedback
• Anonymous
• Votes are quickly and easily
summarized
• Facilitator can draft new question
easily
Cost/Benefit of CSA
process
 Benefits

• More efficient and effective

business process
• Improved internal controls
• Better risks assessment and
management
• Improve employee morale
Benefits to internal auditing

• Improve ability to test informal

and soft controls
• Enhanced role of IA
• Improve auditors morale
• Ability to focus on high risks areas
• Efficient use of audit resources
 Drawbacks
• Resistance to the use of CSA
• Lack of direction or focus
• Intimidation by stringer group
member
• Failure to follow through on results
and recommendations
• Inadequate planning and training