2. 5 Accounting Information Systems Audit Cycle
1. Revienue Cycle (sales and cloction)
2. Expenditure Cycle (about how to buy goods)
3. Production Cycle (How to produce Goods)
4. HRM
5. General Regent and Reporting System
3. Internal audit
Internal audit is independent appraisal function to examine and evaluate the
activities and as a service for an organization. internal auditor perform a
variety of activities, including financial, operational, compliance and audit
fraud. Auditors can work for your organization or tasks can be outsourced.
Independence is self-imposed, but the auditor representing the interests of the
organization.
4. External vs. Internal Auditor
The external auditors are outsiders while internal auditors representing
the interests of the organization. Internal auditors often cooperate with
and assist the external auditors in some aspects of the financial audit.
Extent of cooperation depends on the independence and competence of
the internal audit staff. external auditors may rely in part on evidence
gathered by the internal audit department is organizationally independent
and reports to the audit committee of the board of directors.
5. The role of the Audit Committee
Subcommittee of the board of directors
• Usually three external members.
• SOX requires at least one member must be a "financial expert".
Functioning as an independent "check and balance" to the
internal audit function.
SOX mandates that external auditors report to the audit
committee:
• the employee committee and auditor fire and resolve disputes.
6. Auditing standards
statements of management and auditing purposes:
1. The existence or occurrence; Completeness; Rights and obligations; Valuation
or Allocation; Presentation and Disclosure.
2. The auditor develops auditing purposes and to design audit procedures based
on this statement.
3. Auditor search for material evidence corroborating the statement.
4. The auditor should determine whether internal control deficiencies and material
misstatement.
5. The auditor should communicate the results of their tests, including an audit
opinion.
7. Audit risk
The probability that the auditor will make ineligible opinions (net) of the financial statements are,
in fact, a material misstatement. the inherent risk (IR) is associated with the unique
characteristics of the client's business or industry. control risk (CR) is the possibility of
controlling structure is flawed because the control does not exist or is inadequate to prevent or
detect errors. Detection risk (DR) is the auditor is willing to take the risk that errors are not
detected or prevented by the control structure will not be detected by the auditor. components
of audit risk in the model used to define the scope, nature and timing of substantive testing:
audit risk model: AR = IR x CR x DR
If the risk is acceptable audit is 5%, the risk of detection will depend on the planned control
structure.
The stronger the internal control structure, the lower the risk control and less substantive testing
the auditor should do.
substantive testing is labor intensive audit costs and time-consuming, which encourages and cause
interference.
management interests are served by a strong internal control structure.
8. Internal control
Management is required by law to establish and maintain an adequate system of internal controls.
A brief history of the law of internal control:
1. SEC Acts of 1933 and 1934.
2. Copyright law of 1976.
3. Foreign Corrupt Practices (FCPA) in 1977 requires companies registered with the SEC to:
• Keep records sufficient and fairly reflect the transactions and the company's financial position.
• Maintain internal control systems which provide reasonable assurance that organizational goals are met.
Committee of Sponsoring Organizations - 1992
• Sarbanes-Oxley Act of 2002 (SOX) requires management of public companies to implement an adequate system
of internal controls over their financial reporting process. Under Section 302:
• Managers should state the organization's internal controls quarterly and annually.
• external auditors must perform certain procedures quarterly to identify modifications that control material can
affect financial reporting.
Section 404 requires management of public companies to access the effectiveness of internal controls in their
annual reports.
9. Internal Control System
internal control system consists of policies, practices and
procedures to achieve four broad objectives:
-Safeguard company assets.
-Ensure the accuracy and reliability of accounting records and
information.
-Promoting efficiency in operations.
-Measuring compliance with prescribed policies and procedures
management.
10. Modifying Principles
management's responsibility to make laws by SOX.
Goals must be achieved regardless of the data processing method used.
Each system has limitations on its effectiveness including: the possibility of
error, circumvention, overriding management and changing conditions.
The system should provide reasonable assurance that the broad objectives are
met.
Costs to achieve improved control should not be greater than the benefits.
Cost of material weaknesses corrected offset by gains.
12. PDC Model
passive preventive control techniques designed to reduce the frequency of
undesirable events occurred.
more cost effective than detect and fix problems after they occur.
is a detective control devices, techniques and procedures to identify and
expose the undesirable events that pass preventive controls.
corrective controls to correct problems identified.
13. IT Governance
Part of the corporate governance focusing on resource
management and strategic IT assessment.
key object to reduce risk and ensure investment in IT
resources add value to the corporation.
All of the company's stakeholders must be active
participants in key IT decisions.
14. Control IT Governance
COSO (Committee Of Sponsoring Organitation) was first made in 1992. Three
issues of IT governance is handled by SOX and the COSO internal control
framework:
• the organizational structure of the IT function.
• computer operations center.
• disaster recovery planning.
15. There are 5 parts of COSO, namely:
1. Control environment
2. The risk factors
3. The information communication
4. monitoring
5. control activity, in control of this activity there are two categories,
Namely • in IT • physically
The purpose of control is to avoid the occurrence of Error, Froud (thieves), Acess and
Nischip.
In 2001 there kasun EROM, which occurred between the public transport games.
Sabban Oxcly has made rule of law sourch in 2002, 4 times in a year perform an audit.
For membagun a company needs to be held to protect preventive control, detective and
corrective controls to mendekteksi control to fix.
16. Audit Data Base
Access to data resources controlled by a database
management system (DBMS). Centralize the organization's
data into a common database shared by a community of
users. All users have access to the data they need to
overcome the problem of flat-file.
Deletion of data storage problem: There is no data
redundancy.
Elimination of the problem of updating the data: Single
update procedure eliminates a problem of information.
Abolition of duty-dependency problems User data is limited
only by the legitimacy of the access needs.
17. Physical database
the lowest level and the only one in the physical form.
Sports magnetic disk coated metal that makes a logical collection of files and
records.
data structure of bricks and mortar database.
Allows records to be located, stored, and retrieved.
Two components: organization and access methods.
File organization refers to the way records are physically arranged in the
storage device - either sequential or random.
access method is a program used to search for records and to navigate through
the database.
18. Terminology database
Entity: Organization Anything want to capture data about.
Record Type: physical representation of database entities.
Genesis: In relation to the number of records is represented by a particular
record type.
Attributes: Defining entities with values different (ie each employee has a
different name).
Database: Set the type of record that organizations need to support their
business processes.