pertemuan 15 business and information process rules, risks, and controls matakuliah: m0034...
Post on 17-Jan-2018
224 Views
Preview:
DESCRIPTION
TRANSCRIPT
Pertemuan 15 Business and Information Process Rules, Risks, and
Controls
Matakuliah : M0034 /Informasi dan Proses Bisnis Tahun : 2005Versi : 01/05
Learning Outcomes
Pada akhir pertemuan ini, diharapkan mahasiswa akan mampu :• Menjelaskan hubungan resiko, peluang
dan pengendalian proses bisnis
Outline Materi
• Hubungan antara Resiko, Peluang, dan Pengendalian
• Sistem Pengendalian Internal• Filosofi Pengendalian Internal dengan
perspektif TI• Proses Pengembangan Sistem
Pengendalian Internal• Jenis-jenis resiko pengolahan Informasi
pada Proses Bisnis
By Hollander, Denna, Cherrington
PowerPoint slides by: Bruce W. MacLean, Bruce W. MacLean,
Faculty of Management, Faculty of Management,
Dalhousie UniversityDalhousie University
Accounting, Information Technology, and Business Solutions, 2nd Edition
Irwin/McGraw-Hill The McGraw-Hill Companies, Inc., 2000
CHAPTER 5
Business and Information Process Rules, Risks, and Controls
The McGraw-Hill Companies, Inc., 2000
Irwin/McGraw-Hill
Objectives Describe the relationship between
risks, opportunities, and controls Explain each of the components of
an internal control system Discuss weaknesses in the
traditional control philosophy Outline a control philosophy applicable to an
informational technology environment Describe types of business and information process
risks
The McGraw-Hill Companies, Inc., 2000
Irwin/McGraw-Hill
The Relationship between Risks, Opportunities, and Controls
Risks A risk is any exposure to the chance of injury
or loss. Opportunities and Objectives
Opportunity and risk go hand in hand. You can't have an opportunity without some risk and with every risk there is some potential opportunity.
Controls A control is an activity we perform to
minimize or eliminate a risk.
The McGraw-Hill Companies, Inc., 2000
Irwin/McGraw-Hill
Internal Control Systems Internal controls encompass a set of rules, policies, and
procedures an organization implements to provide reasonable assurance that: (a) its financial reports are reliable, (b) its operations are effective and efficient, and (c) its activities comply with applicable laws and regulations.
These represent the three main objectives of the internal control system.
The organization's board of directors, management, and other personnel are responsible for the internal control system.
The McGraw-Hill Companies, Inc., 2000
Irwin/McGraw-Hill
Entire Organization
Data Processing environment
Event Occurrence
Information Processes
Administrative Controls
Accounting Controls
Preventive, Detective, andCorrective Controls
Input, Processing, and Output Controls
Control Environment
General Controls
Application Controls
Control Environment
IT/Human Controls
Business Event Controls
Information Processing Controls
Control Classification Schemes
The McGraw-Hill Companies, Inc., 2000
Irwin/McGraw-Hill
Disk or TapeMaster Files
“Non-Complex” Information Systems
Batch Input Update Process Batch Output
The McGraw-Hill Companies, Inc., 2000
Irwin/McGraw-Hill
“Complex” Information System Architectures
The McGraw-Hill Companies, Inc., 2000
Irwin/McGraw-Hill
Control Environment Control environment sets the tone of the organization, which
influences the control consciousness of its people. This foundation provides discipline and structure upon which all other components of internal control are built.
The control environment includes the following areas: Integrity and ethical behavior Commitment to competence Board of directors and audit committee participation Management philosophy and operating style Organization structure Assignment of authority and
responsibility Human resource policies and practices
The McGraw-Hill Companies, Inc., 2000
Irwin/McGraw-Hill
LikelihoodOf Loss
Size of Potential Impact
High
Low
Small Large
MaterialityRisk
Materiality and Risk
The McGraw-Hill Companies, Inc., 2000
Irwin/McGraw-Hill
Risk Assessment Risk assessment identifies and analyzes the relevant
risks associated with the organization achieving its objectives.
Risk assessment forms the basis for determining what risks need to be controlled and the controls required to manage them.
The McGraw-Hill Companies, Inc., 2000
Irwin/McGraw-Hill
Control Activities Control activities are the policies and procedures the
organization uses to ensure that necessary actions are taken to minimize risks associated with achieving its objectives. Controls have various objectives and may be applied at various organizational and functional levels.
Control Usage - Prevent, Detect, and Correct Control activities may be classified by their use C whether they are used
to prevent, detect, or recover from errors or irregularities. The purpose of each control is evident by its name.
– Preventive controls focus on preventing an error or irregularity.– Detective controls focus on identifying when an error or irregularity has
occurred.– Corrective controls focus on recovering from, repairing the damage from,
or minimizing the cost of an error or irregularity.
The McGraw-Hill Companies, Inc., 2000
Irwin/McGraw-Hill
Control Activities Physical controls include security over the assets
themselves, limiting access to the assets to only authorized people, and periodically reconciling the quantities on hand with the quantities recorded in the organization’s records.
Information processing controls are used to check accuracy, completeness, and authorization of transactions. General controls cover data center operations, systems software
acquisition and maintenance, access security, and application systems development and maintenance.
Application controls apply to the processing of a specific application, like running a computer program to prepare employee's payroll checks each month.
The McGraw-Hill Companies, Inc., 2000
Irwin/McGraw-Hill
Control Activities Performance Reviews
Performance reviews are any reviews of an entity’s performance.
Some of the more common reviews: – compare actual data to budgeted data or prior
period data, – operating data to financial data, and – data within and across various units,
subdivisions, or functional areas of the organization.
The McGraw-Hill Companies, Inc., 2000
Irwin/McGraw-Hill
Information and Communication The information system consists of the methods and records used to record,
maintain, and report the events of an entity, as well as to maintain accountability for the related assets, liabilities, and equity. The quality of the system-generated information affects management's ability to make appropriate decisions in managing and controlling the entity's activities and to prepare reliable financial reports.
The information system should do each of the following to provide accurate and complete information in the accounting system and correctly report the results of operations: Identify and record all business events on a timely basis. Describe each event in sufficient detail. Measure the proper monetary value of each event. Determine the time period in which events occurred. Present properly the events and related disclosures in the financial
statements.
The McGraw-Hill Companies, Inc., 2000
Irwin/McGraw-Hill
Information and Communication The communication aspect of this component deals with
providing an understanding of individual roles and responsibilities pertaining to internal controls.
People should understand how their activities relate to the work of others and how exceptions should be reported to higher levels of management.
Open communication channels help insure that exceptions are reported and acted upon.
Communication also includes the policy manuals, accounting manuals, and financial reporting manuals.
The McGraw-Hill Companies, Inc., 2000
Irwin/McGraw-Hill
Monitoring Monitoring is the process of assessing the quality of
internal control performance over time. Monitoring involves assessing the design and operation
of controls on a timely basis and taking corrective actions as needed. This process is accomplished by
ongoing monitoring activities by management as they question reports that differ significantly from their knowledge of operations.
The McGraw-Hill Companies, Inc., 2000
Irwin/McGraw-Hill
Control EnvironmentSub-elements of ControlEnvironment
Accounting SystemObjectives That Must Be Satisfied
Control ProceduresCategories of ControlProcedures
•Management philosophy and operating style•Organizational structure•Audit Committee•Methods to communicate the assignment of authority and responsibility•Management control methods•Internal Audit function•Personnel policies and procedures•External Influences
•Validity•Authorization•Completeness•Valuation•Classification•Timing•Posting andsummarization
•Adequate separation of duties•Proper authorization of transactions and activities•Adequate documents and records•Physical control over assets and records•Independent checks on performance
Traditional Internal Control Environment
Berlanjut ke Berlanjut ke Pertemuan 16Pertemuan 16
top related