Control and SIA

Threats to AIS
• Natural and political disasters.
• Software errors and equipment
• Unintentational acts
• Intentional acts
The many reasons for the increase in
security problema are :
• Increasing number of client/server system.
• LAN and client / server system distribute data
to many user.
• WANs are giving data access to each others
system and data, making confedentiality a
major concern.
 Overview of control concepts
• Internal control is the plan of organization and
the methods a business uses to safeguard assets,
provide accurate and realiable information,
promote and improve operational efficiency and
encourage adherence to prescribed managerial
policies.
• Internal control perform 3 functions are :
– Preventive control
– Detective control
– Corrective controls
 IC model of COSO
• Control environment : etika, kompetence, integritas,
struktur organisasi, management filosofi.
• Control activities : persetujuan, tanggungjawab dan
kewenangan, pemisahan tugas, pendokumentasian,
rekonsiliasi, karyawan kompeten dan jujur,
pemeriksaan internal.
• Risk assessment
• Information and communication
• Monitoring.
 IC structure
• The control environment
• Accounting system
• Controling procedure
 The control environment
• Comitment to integrity and ethical value
• Mangement’s philosopy and operation style
• Organizational structure
• The audite committee of the board of directors.
• Methods of assigning outhority and
responsibility.
• Human resources polices and practices.
• External influences.
 Control Activities
• Proper authorization of transaction and
activities
• Segregation of duties
• Design and use of adequate documents and
records
• Adequate safeguards of assets and records
• Independent checks on performance.
 Procedures safeguard assets :
• Effectively supervising and segregating duties.
• Maintaining accurate record of assets,
including information
• Restricting physical access to assets.
• Protecting records and documents.
• Controlling the environment
• Restricting access to computer rooms,
computer files and information.