Scribd Logo
Upload

Welcome to Scribd!

  • Session 04 - GCR 1 Ver 2

    Uploaded by

    Fikriansyah Adzaki
    4 views31 pages
    This document provides an overview of an upcoming session on IT General Controls. The session will cover IT planning and organization, change management, physical security, logical access controls, and backup/recovery. It includes an agenda, study guide, and background information on topics like the phases of an IT audit and general controls elements. The goal is to help participants gain an understanding of IT general controls.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides an overview of an upcoming session on IT General Controls. The session will cover IT planning and organization, change management, physical security, logical access controls, and backup/recovery. It includes an agenda, study guide, and background information on topics like the phases of an IT audit and general controls elements. The goal is to help participants gain an understanding of IT general controls.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    4 views31 pages

    Session 04 - GCR 1 Ver 2

    Uploaded by

    Fikriansyah Adzaki
    This document provides an overview of an upcoming session on IT General Controls. The session will cover IT planning and organization, change management, physical security, logical access controls, and backup/recovery. It includes an agenda, study guide, and background information on topics like the phases of an IT audit and general controls elements. The goal is to help participants gain an understanding of IT general controls.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 31

    Session

    IT General Controls
    Part 1

    May 23, 2023


    IS Audit Syllabus
    1. Introduction of IS Audit
    2. IT Environment
    3. IT Process
    4. General Computer Control Review (1)
    5. General Computer Control Review (2)
    6. General Computer Control Case Study
    7. Application Control Review
    8. Data Analysis Approach
    9. IT Audit Integration
    10. IT Security
    11. IT Risk Management & IT Governance
    12. ERP Systems
    May 23, 2023
    Module Objectives

     Gain an understanding of the IT General


    Controls
     Understand what are included in the IT
    General Controls

    May 23, 2023


    Agenda

     PART 1
     Overview
     IT planning and organization
     Change management
     PART 2
     Physical security
     Logical access controls
     Back-up, recovery and contingency

    May 23, 2023


    Study Guide in Book of Weber
    TOPIC CHAPTER PAGES

    Management and 3. Top Management Controls 72 – 83 (12)


    organization 86 – 90 (5)

    Change Management 4. System Development Management 105 – 137 (36)


    Controls  
    5. Programming Management Controls 160 – 185 (26)
    Physical Security 7. Security management Controls 244 – 266 (32)

    Logical Access 10. Boundary Controls 378 – 391 (13)


    Security
    Back- up, recovery and 7. Security management Controls 268 – 272 (5)
    contingency

    May 23, 2023


    Overview

    May 23, 2023


    Phases of an IT audit
    Audit Planning Test of controls Test of controls
    Phase Phase Phase

    Review Perform Tests of Perform


    Organizations Controls Substantive
    Start policies, Practices tests
    and structure

    Evaluate test Evaluate


    Review General
    result results and
    Controls and
    issue Auditor’s
    application
    report
    Controls

    Plan tests of Determine


    controls and degree of Audit
    substantive reliance on Report
    testing controls
    procedures

    May 23, 2023


    Pengendalian Dalam SIK – PSA 60 – SA 314
    - Karakteristik SIK

     Karakteristik Organisasi
     Pemusatan fungsi & pengetahuan
     Pemusatan program dan data-data
    transaksi
     Karakteristik Sistem
     Tidak adanya dokumen input data
     Tidak adanya transaction trail
     Output tidak kasat mata

    May 23, 2023


    Pengendalian Dalam SIK – PSA 60 – SA 314
    - Karakteristik SIK
     Desain dan Prosedur
     Kinerja yang konsisten

     Prosedur pengendalian terprogram

     Pemutakhiran transaksi tunggal ke database


    file
     Terdapat transaksi yang ditimbulkan oleh
    sistem
     Rentannya media penyimpanan data transaksi
    dari kerusakan fisik maupun program

    May 23, 2023


    Pengendalian Intern dalam SIK

     Prosedur pengendalian manual


    komputer terdiri atas
     Pengendalian menyeluruh yang
    berdampak terhadap lingkungan
    SIK (pengendalian umum SIK), dan
     Pengendalian khusus atas aplikasi
    akuntansi (pengendalian aplikasi
    SIK).
    May 23, 2023
    General Controls - SA 314

     Tujuan : membuat rerangka pengendalian


    menyeluruh atas aktivitas SIK dan untuk
    memberikan tingkat keyakinan memadai
    bahwa tujuan pengendalian intern secara
    keseluruhan dapat tercapai.

    May 23, 2023


    General Controls Element
     Pengendalian Umum meliputi :
     Pengendalian organisasi dan manajemen
     Pengendalian terhadap pengembangan dan
    pemeliharaan sistem aplikasi
     Pengendalian terhadap sistem operasi
     Pengendalian terhadap sistem software
     Pengendalian terhadap entry data dan
    program
     Back up and recovery

    May 23, 2023


    Pengendalian organisasi dan
    manajemen
     Didesain untuk menciptakan rerangka
    organisasi aktivitas SIK,
     Pengendalian operasi dan manajemen
    meliputi :
     Kebijakan dan prosedur yang berkaitan
    dengan fungsi pengendalian.
     Pemisahan semestinya fungsi yang tidak
    sejalan (seperti penyiapan transaksi
    masukan, pemrograman, dan operasi
    komputer).

    May 23, 2023


    Pengendalian terhadap pengembangan
    dan pemeliharaan sistem aplikasi
     Didesain untuk memberikan keyakinan memadai
    bahwa sistem dikembangkan dan dipelihara dalam
    suatu cara yang efisien dan melalui proses otorisasi
    semestinya.
     Pengendalian ini juga didesain untuk menciptakan
    pengendalian atas:
     Pengujian, perubahan, implementasi, dan
    dokumentasi sistem baru atau sistem yang direvisi.
     Perubahan terhadap sistem aplikasi.
     Akses terhadap dokumentasi sistem.
     Pemerolehan sistem aplikasi dan listing program
    dari pihak ketiga.

    May 23, 2023


    Pengendalian terhadap sistem
    operasi
     didesain untuk mengendalikan operasi
    sistem dan untuk memberikan keyakinan
    memadai bahwa:
     Sistem digunakan hanya untuk tujuan yang telah
    diotorisasi.
     Akses ke operasi komputer dibatasi hanya bagi
    karyawan yang telah mendapat otorisasi.
     Hanya program yang telah diotorisasi yang
    digunakan.
     Kekeliruan pengolahan dapat dideteksi dan
    dikoreksi.

    May 23, 2023


    General Control Illustration

    BCP, Backup and Recovery, Contingency Site

    Development Testing Production


    Output
    Logical Access Control
    Process

    Input

    IT m a n a g er
    Program Change Control
    S e c u rity A d m in is tra to r P ro g ra m m er
    Physical Access Control T y p e title h e re T y p e title h e re T y p e title h e re

    Policy and Standard Operating Procedures


    May 23, 2023
    IT Planning and Organization

    May 23, 2023


    Organization
    Organizational controls ensure the
    Definition alignment of IT facilities with the business needs
    and the proper management of these facilities.
    • IT does not support business needs
    • Loss of efficiency, untimely problem solving, unsatisfied staff,
    Key no improvements
    risks • Unwanted combination of functions
    • Untimely management reporting
    • High dependence on one/few persons

    • Planning and budgeting


    • Quality and quantity of staff
    Key
    controls
    • Segregation of duties or close supervision
    • Efficient use of IT
    • Procedures and documentation

    May 23, 2023


    Type of IT Plan

     Strategic Plan (3-5 years)


     Current information assessment
     Strategic directions

     Development strategy

     Operational Plan (1-3 years)


     Progress reports
     Initiative to be undertaken

     Implementation schedule

    May 23, 2023


    IT Plan Review
     Auditors evaluate whether top management
    has formulated a high-quality information
    systems plan appropriate to the needs of their
    organization.
     Example of risks caused by poor planning:
     declining efficiency and effectiveness of IT
    functions,
     insufficient resources to provide the required IT
    functions / availability,
     going concern issues and lack of competitive
    advantages.

    May 23, 2023


    Organizational issues
     Position of IT department in organization
     Planning and reporting
     Centralization or decentralization of tasks
     Functions and task descriptions of IT staff
     Quality and quantity of staff
     Cost center, Profit center, Investment
    center and Hybrid center

    May 23, 2023


    Change Management

    May 23, 2023


    Change Management

    Change management procedures ensure that changes


    Definition in the IT hardware and software do not negatively
    affect the general and application controls.

    • Loss of effectiveness of IT controls


    Key
    risks
    • Loss of valuable hardware during changes
    • IT no longer meets the business needs

    • Use of a development and programming standards


    Key • Proper testing by the users
    controls • Up-to-date hard- and software documentation
    • User involvement in initiating and approving changes

    May 23, 2023


    Integrated Audit Approach with the
    Systems Development Life Cycle
    Feasibility
    Study
    Information Analysis

    System Design

    Program Development

    Procedures and forms


    development
    Acceptance Testing

    Conversion

    Operation &
    Maintenance

    May 23, 2023


    Software Change Process
    Read, write and Use access rights
    Use access rights
    delete access rights for developers
    for users
    for developers and users

    Test and
    Development Production
    acceptance

    Software library
    Read access for librarian

    May 23, 2023


    Preliminary study
     To evaluate the feasibility of the new system using 4
    criterias
     Technical feasibility:
     Is the available Technology sufficient to support the
    proposed project? Can the technology be acquired or
    developed?
     Operational feasibility:
     Can the input data be collected for the system? Is the
    output usable?
     Economic feasibility:
     Do the benefits of the system exceed the cost?
     Behavioral feasibility:
     What impact will the system have on the users’
    quality of working life?

    May 23, 2023


    Type of Testing

     Program Testing
     System Testing
     User Testing
     Quality Assurance Testing

    May 23, 2023


    Types of question in UAT process
     How was the testing process planned?
     How were test data designed and developed?
     What test data were used?
     What test results were obtained?
     What actions were taken as a result of errors or
    deficiencies identified?
     What subsequent modifications to test data were made in
    light of testing experience?
     How was control exercised over test data and the
    acceptance testing process?

    May 23, 2023


    Question and Answer

    May 23, 2023


    Quiz

    May 23, 2023


    Thank You

    May 23, 2023

    You might also like