Scribd Logo
Upload

Welcome to Scribd!

  • Sistem Pengendalian Internal

    Uploaded by

    Elizabeth Putri
    31 views18 pages

    Original Title

    4

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    31 views18 pages

    Sistem Pengendalian Internal

    Uploaded by

    Elizabeth Putri

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 18

    Sistem Pengendalian Internal

    Problems in Auditing........

    Cowboy
    The Cowboy after OSHA(Occupational
    & Safety Health Act )
    The COSO Internal Control Integrated Framework

     After several significant audit failures occurred during the 1980s, the
    Committee of Sponsoring Organizations (COSO) formed to redefine
    internal control and the criteria for determining the effectiveness of an
    internal control system.
     In 1985, the Committee of Sponsoring Organizations of the Treadway
    Commission (COSO) was formed to sponsor the National Commission on
    Fraudulent Financial Reporting, whose charge was to study and report on
    the factors that can lead to fraudulent financial reporting.
     A significant part of this mission is aimed at developing guidance on
    internal control.

    4
    Defining Risk

     To satisfy stakeholders, be successful and gain competitive advantage,


    organizations need to recognize that the achievement of their business
    objectives is inextricably linked to risk.
     Risk is anything- internal or external - that may impede an organization
    from achieving its objectives.
     Although the common view of risk is a negative event, risk also
    encompasses uncertainty and opportunity.

     So the challenge to management becomes to effectively manage risk by


    minimizing the negative and maximizing the opportunity to achieve, or
    exceed, the business objectives.

    5
     In 1992, COSO published Internal Control-Integrated Framework, which
    established a framework for internal control and provided evaluation tools
    that businesses could use to evaluate their control systems.
     . The 1992 COSO document, Internal Control - Integrated Framework,
    changed the way internal control is viewed. The COSO Framework
    considers not only the evaluation of hard controls, like segregation of
    duties, but also soft controls, such as the competence and
    professionalism of employees.

    6
    4 pagar pengamanan

    1 2 3 4
    Values

    Kualitas Pengendalian Intern

    Peran Internal
    Auditor

    Peran External Auditor

    7
    SAS 78, 1995
    • Mengadopsi pengertian Pengendalian internal dari
    laporan COSO (Committee of Sponsoring Organization)
    • Internal control adalah suatu proses, dijalankan oleh
    dewan komisaris, managemen, dan karyawan lain dari
    suatu entitas, dirancang untuk memberikan jaminan
    memadai sehubungan dengan pencapaian tujuan dalam
    kategori sbb:
    – Keandalan pelaporan keuangan
    – Kepatuhan terhadap undang-undang dan peraturan yang
    berlaku
    – Efektivitas dan efesiensi operasional
    Komponen Pengendalian Internal
    COSO says internal control consists of five interrelated
    components that are derived from the way
    management runs a business and are integrated into
    the management process:
    • Control Environment
    • Risk Assessment
    • Control Activities
    • Information and communication
    • Monitoring
    • Control environment. The tone of the
    organization influences the control
    consciousness of its people. Examples include
    the integrity, ethical values and competence of
    employees; management’s philosophy; and
    input provided by the board of directors.
    • Risk assessment. Identification and analysis of
    risks relevant to achieving corporate goals,
    determination of how such risks should be
    managed and implementation of a process to
    address risks associated with change.
    • Control activities. Policies, procedures and processes
    that help ensure a company carries out management
    directives. Examples include approvals, verifications,
    reconciliations, reviews of operating performance,
    security of assets and segregation of duties.
    • Information and communication. Communication
    within the company and with external parties such as
    customers, regulators and shareholders. For example,
    reports that contain operational, compliance or financial
    data or that share ideas or events across lines of
    business are generated from a company’s information
    systems.
    • Monitoring. Assessing the quality of a company’s
    internal control systems. This is done through ongoing
    monitoring of activities within the business unit and an
    independent evaluation of existing controls by auditors.
    Risiko
    Bawaan

    Risiko
    Pengendalian

    Risiko
    Deteksi

    Risiko Audit
    Scoping – The COSO Framework

    Monitoring Control Activities


     Assessment of a control  Policies/procedures that
    system’s performance over ensure management
    time directives are carried out
     Combination of ongoing and  Range of activities
    separate evaluation including approvals,
    authorizations,
     Management and
    verifications,
    supervisory activities
    recommendations,
     Internal audit activities performance reviews,
    asset security and
    segregation of duties

    Information &
    Communication
     Pertinent information
    Risk Assessment
    identified, captured and
    communicated in a timely  Risk assessment is the
    manner Control Environment identification and
     Sets tone of organization, influencing analysis of relevant risks
     Access to internally and to achieving the entity’s
    externally generated control consciousness of its people
    objectives – forming the
    information  Factors include integrity, ethical values, basis for determining
     Flow of information that competence, authority, responsibility, control activities
    allows for successful control organization structure, HR policies and IT
    actions from instructions on control environment
    responsibilities to summary  Foundation for all other components of
    of findings for management control
    action

    13
    Risk Assessment Process

    Step 1
    Goals Key Questions Examples
    Produce reliable financial
    Set Objectives What are we trying to achieve? statements

    Step 2
    Goals Key Questions Examples
    Identify risks to A natural disaster could
    achieving those What could happen that would destroy computer systems
    objectives affect our objectives and data

    Step 3
    Goals Key Questions Examples
    What are the consequences of
    risk? What is likelihood event Consequences are severe;

    Risk Assessment Process


    Assess Risk will occur? likelihood is slight

    Step 4
    Goals Key Questions Examples

    In light of the assessment, what Insure against loss.


    is the most cost-effective way Develop business recovery
    Manage Risk to manage the risk> plan. Self-insure

    CONTROL ACTIVITIES

    Step 5
    Goals Key Questions Examples
    For risks to managed through Implement recovery plan
    Define Control internal control, what are the that reduces the impact of
    Objective control objectives? a natural disaster.

    Step 6
    Goals Key Questions Examples
    How should the control be Design recovery plan.
    designed to prevent or detect Implement plan.
    Design Control identified risk? Test on a regular basis.

    14
    Anti-Fraud Provisions

     The SEC’s rules relating to management’s reports on internal control include


    commentary on the background of the rules and insight on how the rules should
    be interpreted and implemented, including:
    – The assessment of a company’s internal control over financial reporting must be based
    on procedures sufficient both to evaluate its design and to test its operating
    effectiveness. Controls subject to such assessment include, but are not limited to: …
    controls related to the prevention and detection of fraud.

     In addition to the SEC guidance, the PCAOB, in its Auditing Standards #2, has
    stated the following:
    – That management's responsibility when designing a company's internal control over
    financial reporting is to design and implement programs and controls to prevent, deter,
    and detect fraud.
    – Management, along with those who have responsibility for oversight of the financial
    reporting process (such as the audit committee), should set the proper tone; create and
    maintain a culture of honesty and high ethical standards; and establish appropriate
    controls to prevent, deter, and detect fraud.

    15
    16
    Perolehan Pemahaman
    Pengendalian Internal
    • Metodologi audit untuk memenuhi standar
    pekerjaan lapangan kedua:
    – Pemahaman cukup atas komponen-komponen
    pengendalian internal untuk merencanaan audit
    – Penilaian risiko kontrol untuk setiap asersi penting
    yang ada dlam saldo akun atau kelompok transaksi
    dan komponen pengungkapan dari laporan keuangan
    – Perancangan pengujian substantif untuk setiap asersi
    penting elemen laporan keuangan
    Dokumentasi Pemahaman
    • Angket (questionnaires)
    – Rangkaian pertanyaan ya/tidak tentang pengendalian internal
    yang diperlukan untuk mencegah salahsaji material
    • Bagan alir
    – Diagram sistematik dg memakai simbol standar, garis
    penghubung dan penjelasan
    • Tabel keputusan
    – Matriks yang digunakan mendokumentasikan logika program
    komputer
    • Memoranda
    – Komentar tertulis auditor tentang pengendalian internal

    You might also like