slide akt309 sia pertemuan 5
DESCRIPTION
mTRANSCRIPT
PENGENDALIAN DAN SISTEM INFORMASI AKUNTANSI
2
GANGGUAN PADA SISTEM INFORMASI AKUNTANSIKlasifikasi gangguan:Kesalahan pada software dan tidak berfungsinya peralatan, seperti :
– Kegagalan hardware– Kesalahan atau terdapat kerusakan pada software, kegagalan sistem operasi, gangguan
dan fluktuasi listrik.– Serta kesalahan pengiriman data yang tidak terdeteksi.
Gangguan lingkungan– Gempa bumi– Bencana alam– Listrik
Kesalahan manusia– Kesalahan operasional– Kesalahan data– Kesalahan yang tidak disengaja : kecerobohan– Kesalahan yang disengaja : Sabotase, Penipuan komputer ,Penggelapan
3
Tinjauan menyeluruh konsep-konsep pengendalian
Apakah definisi dari pengendalian internal itu ?Pengendalian internal adalah rencana organisasi dan
metode bisnis yang dipergunakan untuk menjaga aset, memberikan informasi yang akurat dan andal, mendorong dan memperbaiki efisiensi jalannya organisasi, serta mendorong kesesuaian dengan kebijakan yang telah ditetapkan.
4
Framework for Internal Control over Financial Reporting (ICoFR)
5
COSO – Internal Control Integrated Framework (“The Framework)
COSO singkatan dari Committee of Sponsoring Organizations of the Treadway Commission.
Sejarahnya, COSO berkaitan dengan Foreign Corrupt Practices Act (FCPA) yang dikeluarkan SEC dan US Congress di tahun 1977 untuk melawan fraud dan korupsi yang marak terjadi di Amerika tahun 70-an. Perbedaannya adalah FCPA merupakan inisiatif dari eksekutif-legislatif sedangkan COSO lebih merupakan inisiatif dari sektor swasta.
6
COSO – Internal Control Integrated Framework (“The Framework)
Sektor swasta ini membentuk ‘National Commission on Fraudulent Financial Reporting’ atau dikenal juga dengan ‘The Treadway Commission’ di tahun 1985. Komisi ini disponsori oleh 5 professional association yaitu:
1 American Accounting Association (AAA)2 American Institute of Certified Public Accountants (AICPA)3 Institute of Internal Auditors (IIA)4 Institute of Management Accountants (IMA)5 Financial Executives Institute (FEI)
Tujuan komisi ini adalah melakukan riset mengenai fraud dalam pelaporan keuangan (fraudulent on financial reporting) dan membuat rekomendasi2 yang terkait dengannya untuk perusahaan publik, auditor independen, SEC, dan institusi pendidikan.
7
COSO – Internal Control over Financial Reporting – Guidance for Smaller Public Companies
Komisi ini mengeluarkan report pertamanya pada 1987. Isi reportnya di antaranya adalah merekomendasikan dibuatnya report komprehensif tentang pengendalian internal (integrated guidance on internal control). Sehingga dibentuk COSO, yang kemudian bekerjasama dengan Coopers & Lybrand dalam membuat laporan tersebut.
8
COSO – Internal Control over Financial Reporting – Guidance for Smaller Public Companies
Coopers & Lybrand mengeluarkan report pada 1992, dengan perubahan minor pada 1994, dengan judul ‘Internal Control – Integrated Framework’. Report ini berisi definisi umum internal control dan membuat framework untuk melakukan penilaian (assessment) dan perbaikan (improvement) atas internal control. Kegunaan dari report ini salah satunya adalah untuk mengevaluasi FCPA compliance di suatu perusahaan.
9
COSO – Internal Control over Financial Reporting – Guidance for Smaller Public Companies
Komisi ini mengeluarkan report pertamanya pada 1987. Isi reportnya di antaranya adalah merekomendasikan dibuatnya report komprehensif tentang pengendalian internal (integrated guidance on internal control), yang kemudian dibentuk COSO untuk bekerjasama dengan Coopers & Lybrand untuk membuat report itu.
Coopers & Lybrand mengeluarkan report tersebut pada 1992, dengan perubahan minor pada 1994, dengan judul ‘Internal Control – Integrated Framework’. Report ini berisi definisi umum internal control dan membuat framework untuk melakukan penilaian (assessment) dan perbaikan (improvement) atas internal control. Kegunaan dari report ini salah satunya adalah untuk mengevaluasi FCPA compliance di suatu perusahaan.
10
COSO – Internal Control over Financial Reporting – Guidance for Smaller Public Companies Poin penting dalam report COSO ‘Internal Control – Integrated
Framework’ (1992) :
Definisi internal control menurut COSOSuatu proses yang dijalankan oleh dewan direksi, manajemen, dan staff, untuk membuat reasonable assurance mengenai:– Efektifitas dan efisiensi operasional– Reliabilitas pelaporan keuangan– Kepatuhan atas hukum dan peraturan yang berlaku
11
COSO – Internal Control over Financial Reporting – Guidance for Smaller Public Companies
Menurut COSO framework, Internal control terdiri dari 5 komponen yang saling terkait, yaitu:– Control Environment– Risk Assessment– Control Activities– Information and communication– Monitoring
12
Viewing Internal Control as Integrated Process
All five components of internal control set forth in the Framework (Control Environment, Risk Assessment, Control Activities, Information and Communication, and Monitoring) are important to achieving the objective of reliable financial reporting.
Each of the Framework’s five components should not be viewed as an “end in itself.” Rather the components should be viewed as an integrated system working together to reduce risk to reliable financial reporting to an acceptable level.
13
Basic Principles related to Control Environment
1. Control Environment
Integrity and ethical values are developed and understood
Articulates values, monitors adherence, addresses deviations
Board of directors understand and exercise oversight
Define authorities, operates independently, monitors risks, retains financial reporting expertise, oversees quality and reliability and oversees audit activities
Management philosophy and operating style support internal control
Set the tone, influences attitudes towards accounting principles and estimates and articulates objectives.
Organizational structure supports internal control
Establishes lines of financial reporting and establishes structure
Financial Reporting Competencies are retained
Identifies competencies retains individuals and evaluates competencies
Authorities and responsibilities are assigned
Defines responsibilities and limits authorities
Human resources policies and practices facilitate internal control
Establishes human resource practices, recruits and retains, adequately trains and evaluates performance and compensates
14
Basic Principles related to Risk Assessment
2. Risk Assessment
Complies with GAAP, supports information disclosures, reflects company activities, is supported by relevant financial statement assertions and considers materiality
Includes business processes, personnel and information technology, involves appropriate levels of management, considers both internal and external factors, estimates likelihood and impact and triggers reassessment
Considers incentives and pressures, risk factors and establishes responsibilities and accountability
Identify Financial Reporting Objectives
Identify and Analyze Financial Reporting Risks
Identify and Assess the Risk of Fraud as it affects the Company
15
Basic Principles related to Control Activities
3. Control Activities
Control Activities integrate with risk assessment
Mitigates risks, considers all significant points of entry into the company’s G/L and information technology
Control Activities are selected and developed
Considers range of activities, includes preventive and detective controls, segregates duties and considers cost vs benefit
Policies are established and communicated and result in management directives being carried out
Integrates into business processes establishes responsibility and authority occurs on a timely basis thoughtfully implements, investigates exceptions and periodically reassess
Information Technology Controls are designed and implemented
Includes applications controls considers general computers operations and includes end user computing
16
Basic Principles related to Information and Communication
4. Information and Communication
Financial Reporting Information is identified, captured, used and distributed
Captures data includes financial information uses internal and external sources includes operating information and maintains quality
Internal control information is identified, captured, used and distributed
Captures data triggers and resolutions and update and maintain quality
Internal Communication supports execution of internal control
Communications with personnel and board includes separate communication lines and accesses information
Matters affecting achievements objectives are communicated (External Communication)
Provides input and independently assesses
17
Basic Principles related to Monitoring
5. Monitoring
Ongoing and/or separate evaluations enable management to determine function of internal control
Integrates with operations provides objectives assessment, uses knowledgeable personnel considers feedback adjusts scope and frequency
Internal Control deficiencies are identified and communicated
Reports findings and deficiencies and corrects on a timely basis
18
CONTROL ENVIRONMENT
RISK ASSESSMENT
Designing and Implementing Cost Effective ICoFRIt is a Journey ...
Identify and analyze risks to achievement of financial reporting objectives
Determine which risks could result in a material misstatement to financial statements
Determine how each of the other components, both separately and together, support reliable financial reporting
Implement and operate control environment, setting the tone of the Company
CONTROL ACTIVITIES
Implement and operate control environment, using a range of activities to reduce risk to objectives
INFORMATION & COMMUNICATION
Implement and operate information and communication to support internal control
MONITORING
Implement and operate monitoring activities to help ensure that controls continue to operate properly over time
Refine financial reporting objectives based on changes potentially impacting the business
A High-Level of Assurance Financial Reporting