Upload
umaral
View
228
Download
0
Embed Size (px)
Citation preview
7/25/2019 Introduction to Information System Audit
1/42
12010 by Umar Alhabsyi, MT, CISA, CRISC. Studium Generale-TI-UII! ISAudit
Audit Sistem Informasi
"leh!
Umar Alhabsyi, MT, CISA, CRISC.
Studium Generale
Yogyakarta, 12 Februari 2011
mailto:[email protected]:[email protected]7/25/2019 Introduction to Information System Audit
2/42
22010 by Umar Alhabsyi, MT, CISA, CRISC. Studium Generale-TI-UII! ISAudit
Fata
Sebuah studi dari !artner menun"uanbah#a $%& in'estasi di IT, atau tidaurang dari US( )%% billion, terbuang
*ercuma setia* tahunnya.
+#i$% &uber, ComputerWeekly, March2002)
ara In'estor mau membeli saham $%&lebih mahal untu *erusahaan yang
menera*an *rati-*rati goodgo'ernance *ada *erusahaannya
+McKinsey Investors Opinion Survey,une 2000.
7/25/2019 Introduction to Information System Audit
3/42
'2010 by Umar Alhabsyi, MT, CISA, CRISC. Studium Generale-TI-UII! ISAudit
Fata
(a)aimana Anda bisa ya%in *r)anisasi Anda tida%
men)alami +musibah serua ini/
/esulitan 0ie aibat egagalan im*lementasi S12 Su**lyChain mengaibatan erugian seitar US3$%% million.
Matinya sistem *ela*oran 4nansial dari Interstate 5aeriesmenyebaban market valuenya turun 617 hanya dalamsehari.
/egagalan *ada sistem logisti *ada MFI and Sainsburymenyebaban erugian "utaan !5, *enurunan *ro4t dane"atuhan harga saham.
/egagalan o*erasional *erusahaan *asca merger theSouthern aci4c8Union aci4c setelah dilaca ternyatautamanya disebaban oleh egagalan oordinasi darisistem-sistem IT nya.
7/25/2019 Introduction to Information System Audit
4/42
2010 by Umar Alhabsyi, MT, CISA, CRISC. Studium Generale-TI-UII! ISAudit
Fata
...atau meleat%an manaat-manaatnya/
Transformasi su**ly chain dari South#est Airlinesmeningatan emam*uan *erusahaan untumengestimasi ebutuhan, mengurangi biaya*engadaan dan meningatan ser'ice le'els
sementara biayanya lebih rendah. I5M menghemat US36$ billion selama $ tahun
dengan menghubungan bagian-bagian ter*isahdari sistem su**ly chain nya, "uga mengurangi
tingat *ersediaannya. Sinergi IT yang sangat estensif di !reat-2est 9ife
berdam*a signi4an *ada se"umlah ausisi yangdilauan *erusahaan.
7/25/2019 Introduction to Information System Audit
5/42
32010 by Umar Alhabsyi, MT, CISA, CRISC. Studium Generale-TI-UII! ISAudit
Changing IT :m*hasis
Ten years ago #e #ere afraidof rocets destroying
com*uting centres..........
..........right no#, #e should
be a#are of soft#are errorsdestroying rocets ;
Fata
7/25/2019 Introduction to Information System Audit
6/42
42010 by Umar Alhabsyi, MT, CISA, CRISC. Studium Generale-TI-UII! ISAudit
Risio dan 0ilai
Risio dan nilai adalah $ sisi mata uang yang
sama Risio bersifat inheren utnu semua organisasi.
TAI
7/25/2019 Introduction to Information System Audit
7/42
52010 by Umar Alhabsyi, MT, CISA, CRISC. Studium Generale-TI-UII! ISAudit
IS Audit
IS Audit
5uti
5uti
5uti
5uti
C*lle$t
in)
C*lle$tin)
C*lle$tin)
C
*lle$
tin)
6r*te%si Aset/
Inte)ritas dan7etersediaan (ata
dan Sistem>
In*rmasi yang
rele8an dan handalyang efetif untu
menduung obyetifbisnis dengan
resource yang e4sien7*ntr*l internalyang cuu* ut
memastian obyetif
bisnis, o*erasionaldan ontrol terca*aiMen$e)ah hal-hal
yang tida diinginan,bagaimana
mendete%si danmemerbai%idalam
#atu yang da*at
diterima
98alu
atin)
98alua
tin)
98aluatin)98a
luatin
)
98aluatin
)
7/25/2019 Introduction to Information System Audit
8/42
:2010 by Umar Alhabsyi, MT, CISA, CRISC. Studium Generale-TI-UII! ISAudit
5asis dalam IS Audit>
RisRis
C*ntr*l
Tugas seorang IS Auditor adalah men)identi;%asi Risi%* *adaarea dalam cau*an Audit, serta identi;%asi %ebutuhan dane8aluasi eneraan %*ntr*l yang mengelolanya.
IS Audit*r harusmemahami Audit
Sub
7/25/2019 Introduction to Information System Audit
9/42
=2010 by Umar Alhabsyi, MT, CISA, CRISC. Studium Generale-TI-UII! ISAudit
Risio dalam roses ISAudit
Inherent Ris% C*ntr*l Ris%
Risio yang meleat *adasesuatu /emunginan
ter"adinya signifcant loss*ada sesuatu tan*amem*ertimbanganadanya *enera*anontrol-ontrol
Risio *ada ontrol /emunginan tida
efetifnya ontrol yangditera*an untumembatasi ataumengelola inherent ris.
ResidualRis% ? IR =
CR
>ete$ti*n Ris%
Risio dimana sebuahesalahan *ada area yang
diaudit tida terdetesioleh Auditor.
IS Audit Ris%
Audit Risk = Risiko yang diakibatkan IS Auditor tidakakurat dalam memberikan judgment terkait area yang
diaudit
7/25/2019 Introduction to Information System Audit
10/42
10
2010 by Umar Alhabsyi, MT, CISA, CRISC. Studium Generale-TI-UII! ISAudit
Tie 7*ntr*l Internal
/ontrol yang didesain untumen$e)ah ter"adinyaesalahan, elalaian ataue"adian lain yang telahdi%etahui da*at berdam*a
negatif.
6re8enti8e C*ntr*l >ete$ti8e C*ntr*l
/ontrol yang digunaan untumengidenti4asi suatu e"adian,
esalahan atau hal lain yangter"adi dimana telah dietahui
aan berdam*a signi4an
C*rre$ti8e C*ntr*l
/ontrol yang digunaanuntu melauan
*erbaian *ada hal-halyang ber"alan tida benar
atau semestinya
7*ntr*l Internal
7/25/2019 Introduction to Information System Audit
11/42
11
2010 by Umar Alhabsyi, MT, CISA, CRISC. Studium Generale-TI-UII! ISAudit
5isnis dan /ontrol TI
roses-roses dalamSilus Tata /elola TI
6r*ses-6r*ses dalam Tata 7el*la (isnis
IT?s Res*nsibility(usiness?s Res*nsibility (usiness?s Res*nsibility(usiness
C*ntr*ls
(usiness
C*ntr*ls
IT GeneralC*ntr*ls
Ali$ati*n
C*ntr*ls
/ontrol yang ditera*an *adaseluruh *roses dan ati4tas ITdalam ranga memberian
layanan *ada organisasi
/ontrol yang ditera*an *rosesbisnis, bai yang terotomasi+dengan IT mau*un yang
masih manual.
IT !enconAudit
A**s ControlAudit
7/25/2019 Introduction to Information System Audit
12/42
12
2010 by Umar Alhabsyi, MT, CISA, CRISC. Studium Generale-TI-UII! ISAudit
roses IS Audit
Mengum*ulan Informasi dan Merencanaan@men)enal bisnis *r)anisasi, Re8ie audit sebelumnya, Re)ulasi
yan) berla%u, Inherent Ris% Assessment
Memahami /ontrol Internal@C*ntr*l en8ir*nment, $*ntr*l r*$edures, dete$ti*n ris% assessment,
C*ntr*l ris% assessment, Men)hitun) t*tal risi%*
Com*liance Test@Indenti;%asi %*ntr*l utama yan) a%an diu
7/25/2019 Introduction to Information System Audit
13/42
1'
2010 by Umar Alhabsyi, MT, CISA, CRISC. Studium Generale-TI-UII! ISAudit
IS Audit butuhStandard dan Frame#or
Sebagai guidelines dalammelauan *roses Audit
Untu memastian elenga*an
Untu mengambil manfaat daribest *ractices *engelolaan IT didunia
Untu men"adi alat omuniasiantara IT, bisnis dan Auditor
Untu memastian a*asitas danom*etensi Auditor
Untu memastian standard odeeti *elasanaan *roses Audit
7/25/2019 Introduction to Information System Audit
14/42
1
2010 by Umar Alhabsyi, MT, CISA, CRISC. Studium Generale-TI-UII! ISAudit
Standard IT1IS Audit
ITIS Audit Standard
ISACAadalah standard dan *anduan untu IT1ISauditing dan meru*aan ode eti *rofesional bagiauditor yang berserti4asi CISA.
7/25/2019 Introduction to Information System Audit
15/42
13
2010 by Umar Alhabsyi, MT, CISA, CRISC. Studium Generale-TI-UII! ISAudit
CobiT-The IT !o'ernanceFrame#or
Meru*aan um*ulan best *ractices yangditerima secara Internasional
5erorientasi mana"emen
Tersedia secara gratis di www.itgi.org
Terus diembangan
(ielola oleh organisasi non ro4t yang
re*utable(i*etaan 6%%& dengan C
7/25/2019 Introduction to Information System Audit
16/42
14
2010 by Umar Alhabsyi, MT, CISA, CRISC. Studium Generale-TI-UII! ISAudit
CobiT diantara Standard9ain
6E
7/25/2019 Introduction to Information System Audit
17/42
15
2010 by Umar Alhabsyi, MT, CISA, CRISC. Studium Generale-TI-UII! ISAudit
rocess eli8er D Su*rt, M*nit*r D98aluate
C*nt*h! In$ident Mana)ement, 6r*blemMana)ement, IT Strate)y 6lan, Chan)eMana)ement, dst.
C*nt*h! re$*rd ne r*blem, r**ses*luti*n, analisis, m*nit*r s*luti*n, dst.
7/25/2019 Introduction to Information System Audit
18/42
1:
2010 by Umar Alhabsyi, MT, CISA, CRISC. Studium Generale-TI-UII! ISAudit
(e4nition of Control
The olicies, rocedures, ractices and
7/25/2019 Introduction to Information System Audit
19/42
20
2010 by Umar Alhabsyi, MT, CISA, CRISC. Studium Generale-TI-UII! ISAudit
C
9HABUAT9
ACUIR9A#>
IM6B9M9#T
I#"RMATI"#
ITR9S"URC9S
C " ( I T R A M 9 J " R 7
:Gecti'eness
Con4dentiality
Integrity
A'ailability
Com*liance
>S1 (e4ne and manageser'ice le'els.
>S2 Manage third-*artyser'ices.
>S' Manage *erformance andca*acity.
>S :nsure continuousser'ice.
>S3 :nsure systems security.>S4 Identify and allocate
costs.>S5 :ducate and train users.>S: Manage ser'ice des and
incidents.>S= Manage the con4guration.>S10 Manage *roblems.>S11 Manage data.>S12 Manage the
*hysical en'ironment.>S1' Manage o*erations.
M91 Monitor and e'aluate IT*erformance.
M92 Monitor and e'aluateinternal control.
M9' :nsure com*liance #ithe=ternal reHuirements.
M9 ro'ide IT go'ernance.
6"1 (e4ne a strategic IT *lan.6"2 (e4ne the information
architecture.6"' (etermine technological
direction.6" (e4ne the IT *rocesses,
organisation andrelationshi*s.
6"3 Manage the IT in'estment.6"4 Communicate
management aims anddirection.
6"5 Manage IT humanresources.
6": Manage Huality.6"= Assess and manage IT
riss.6"10 Manage *ro"ects.AI1 Identify automated
solutions.
AI2 AcHuire and maintaina**lication soft#are.
AI' AcHuire and maintaintechnology infrastructure.
AI :nable o*eration and use.AI3 rocure IT resources.AI4 Manage changes.AI5 Install and accredit
solutions and changes.
6BA#A#>
"RGA#IS9
Reliability
7/25/2019 Introduction to Information System Audit
20/42
21
2010 by Umar Alhabsyi, MT, CISA, CRISC. Studium Generale-TI-UII! ISAudit
CobiT 2aterfall Model
The control o
that satisy
is enabled by
considering
(omains - 7 rocesses - $6% Control
7/25/2019 Introduction to Information System Audit
21/42
22
2010 by Umar Alhabsyi, MT, CISA, CRISC. Studium Generale-TI-UII! ISAudit
Contoh (S$ 2aterfall
roses TI
/ey Control
/ey erformance
7/25/2019 Introduction to Information System Audit
22/42
2'
2010 by Umar Alhabsyi, MT, CISA, CRISC. Studium Generale-TI-UII! ISAudit
Contoh (S$ Management!uidelines
$7
Dari mana saja Input
roses ini!
"asil #ari roses ini menja#iinput untuk proses mana!
$kti%tas apa yan& ter#apat#alam proses ini! Siapa yan&'ertan&&un&(jaa'!
7/25/2019 Introduction to Information System Audit
23/42
2
2010 by Umar Alhabsyi, MT, CISA, CRISC. Studium Generale-TI-UII! ISAudit
Control ractices
etunjuk #etail untuk setiap *ontrol O'jectives!
Contoh >S2- Mana)e Third-arty Ser8i$es
C*ntr*l "b
7/25/2019 Introduction to Information System Audit
24/42
23
2010 by Umar Alhabsyi, MT, CISA, CRISC. Studium Generale-TI-UII! ISAudit
Assurance1Audit !uide
$)
+a&aimana men&uji ke'erjalanan kontrol pa#a setiap proses!
Contoh >S2- Mana)e Third-arty Ser8i$es
C*ntr*l "besi)n:nHuire #hether and con4rm that a register of su**lier relationshi* is maintained.
7/25/2019 Introduction to Information System Audit
25/42
24
2010 by Umar Alhabsyi, MT, CISA, CRISC. Studium Generale-TI-UII! ISAudit
rocess MaturityAssessment
0Kn*n-eListent tida teridenti4asi ada *roses.
7/25/2019 Introduction to Information System Audit
26/42
25
2010 by Umar Alhabsyi, MT, CISA, CRISC. Studium Generale-TI-UII! ISAudit
Materiality
Risio bisa terda*at di banya area, a*a*un "enisnya
7/25/2019 Introduction to Information System Audit
27/42
2:
2010 by Umar Alhabsyi, MT, CISA, CRISC. Studium Generale-TI-UII! ISAudit
ro4l Risio TI
/ey Control Analysis/ey Control Analysisro4l Risio roses TI, utamanyamem*ertimbangan
(a*at diombinasian dengan standard1frame#or lain untumelihat dalam *ers*etif yang lain..
M t it
7/25/2019 Introduction to Information System Audit
28/42
2=
2010 by Umar Alhabsyi, MT, CISA, CRISC. Studium Generale-TI-UII! ISAudit
rocess MaturityAssessment
7/25/2019 Introduction to Information System Audit
29/42
'0
2010 by Umar Alhabsyi, MT, CISA, CRISC. Studium Generale-TI-UII! ISAudit
/ey Control Analysis
IT 6r*$ess 7ey C*ntr*l
6arameter Analisis untu% 7ey C*nt
7/25/2019 Introduction to Information System Audit
30/42
'1
2010 by Umar Alhabsyi, MT, CISA, CRISC. Studium Generale-TI-UII! ISAudit
ro4l Risio TI
Contoh Audit rogram
7/25/2019 Introduction to Information System Audit
31/42
'2
2010 by Umar Alhabsyi, MT, CISA, CRISC. Studium Generale-TI-UII! ISAudit
Contoh Audit rogramUntu S*esi4 Sistem
Aa$he Jeb Ser8i$es Ser8erAuditAssuran$e 6r*)ram
Contoh Audit rogram
7/25/2019 Introduction to Information System Audit
32/42
''
2010 by Umar Alhabsyi, MT, CISA, CRISC. Studium Generale-TI-UII! ISAudit
Contoh Audit rogramUntu S*esi4 Sistem
MySB Ser8er AuditAssuran$e 6r*)ram
7/25/2019 Introduction to Information System Audit
33/42
'
2010 by Umar Alhabsyi, MT, CISA, CRISC. Studium Generale-TI-UII! ISAudit
Aku tidak tahu sia!a !enemu air" teta!i yang
!asti bukan ikan# $arshall $c%uhan
7
7/25/2019 Introduction to Information System Audit
34/42
'3
2010 by Umar Alhabsyi, MT, CISA, CRISC. Studium Generale-TI-UII! ISAudit
Than JouMerci bien
Matur Nuwun
Hatur Nuhun
Matur se 7elan)%*n)
Syuron
/heili Mamnun
(ane
!raKias
Terima asih
7/25/2019 Introduction to Information System Audit
35/42
'4
2010 by Umar Alhabsyi, MT, CISA, CRISC. Studium Generale-TI-UII! ISAudit
Ada Pertanyaan??????
7/25/2019 Introduction to Information System Audit
36/42
'5
2010 by Umar Alhabsyi, MT, CISA, CRISC. Studium Generale-TI-UII! ISAudit
PO1 Define a strategic IT plan
PO3 Deterine t!e tec!nological "irection
PO# $anage t!e IT in%estent
PO& 'ssess risks
PO10 $anage pro(ects
'I1 I"entify solutions'I2 'c)uire an" aintain applications s*+
'I# Install an" accre"it systes
'I $anage c!anges
D-1 Define ser%ice le%els
D-. /nsure continuous ser%ice
D-# /nsure syste securityD-10 $anage probles an" inci"ents
D-11 $anage "ata
$1 $onitor t!e processes
The Most Im*ortant ITrocesses
34
15
7
Survey
7/25/2019 Introduction to Information System Audit
37/42
7/25/2019 Introduction to Information System Audit
38/42
7/25/2019 Introduction to Information System Audit
39/42
7/25/2019 Introduction to Information System Audit
40/42
7/25/2019 Introduction to Information System Audit
41/42
7/25/2019 Introduction to Information System Audit
42/42