Group 4

Adhityas Ghaniyya Tejo 1406533806

Nanang Dwi Setiawan 1406534310
Prabowo Satrio Hutomo - 1406611700
Muhammad Yusuf Fadhillah 1406673652
CONTROL, COMPLIANCE AND SECURITY
CONTROL
1.1 Definition
Control means the power of influence or direct peoples behavior or the course of events.
Internal control is a process, effected by an entitys board of directors, management, and
other personnel, designed to provide reasonable assurance regarding the achievement of
objectives relating to operations, reporting, and compliance.
This definition reflects certain fundamental concepts. Internal control is:

Geared to the achievement of objectives in one or more categoriesoperations, reporting,

and compliance

A process consisting of ongoing tasks and activitiesa means to an end, not an end in
itself

Effected by peoplenot merely about policy and procedure manuals, systems, and forms,
but about people and the actions they take at every level of an organization to affect
internal control

Able to provide reasonable assurancebut not absolute assurance, to an entitys senior

management and board of directors

Adaptable to the entity structureflexible in application for the entire entity or for a
particular subsidiary, division, operating unit, or business process

Internal Control is part of the first line of defense because it is the responsibility of Operational
Management, which itself is accountable to Senior Management.
1.2 Objective
Operations ObjectivesThese pertain to effectiveness and efficiency of the entitys
operations, including operational and financial performance goals, and safeguarding

assets against loss.

Reporting ObjectivesThese pertain to internal and external financial and nonfinancial reporting and may encompass reliability, timeliness, transparency, or other

terms as set forth by regulators, recognized standard setters, or the entitys policies.
Compliance ObjectivesThese pertain to adherence to laws and regulations to which
the entity is subject.

COMPLIANCE
1.1 Definition
The term compliance describes the ability to act according to an order, set of rules or
request. In the context of financial services businesses compliance operates at two levels.

Level 1 - compliance with the external rules that are imposed upon an organisation as
a whole

Level 2 - compliance with internal systems of control that are imposed to achieve
compliance with the externally imposed rules.

1.2 Duty, Objective and Responsibility of A Compliance Officer

DUTY - The Compliance Officer has a duty to his employer to work with
management and staff to identify and manage regulatory risk.
OBJECTIVE - the overriding objectives of a compliance officer should be to ensure
that an organization has systems of internal control that adequately measure and
manage the risks that it faces.
RESPONSIBILITY - The general responsibility of the Compliance Officer is to
provide an in-house compliance service that effectively supports business areas in
their duty to comply with relevant laws and regulations and internal procedures.
1.3 Five Key Functions of A Compliance Department
1. To identify the risks that an organisation faces and advise on them (identification)
2. To design and implement controls to protect an organisation from those risks
(prevention)
3. To monitor and report on the effectiveness of those controls in the management of an
organisations exposure to risks (monitoring and detection)
4. To resolve compliance difficulties as they occur (resolution)
5. To advise the business on rules and controls (advisory)
SECURITY
1.1 Definition
Information security system is a subsystem in an organization that is in charge of
controlling the risks associated with computer-based information systems. Information
security systems have a major element of information systems, such as hardware, databases,
procedures, and reporting.
1.2 Lifecycle Information Security System

Electronic security system is an information system. Computer security system

developed by applying the method of analysis, design, implementation, and evaluation of the
operation, and control. The purpose of each stage of the life cycle are as follows:
-Analysis system : Analysis of system vulnerabilities within the meaning of the relevant
threats and exposure to loss associated with the threat.
- System design : Design of security measures and contingency plans to control exposure to
loss is identified
-Implementing system : Applying security rules as it has been designed.
- Operation, evaluation and control systems : Operating systems and assess their effectiveness
and efficiency. Make changes as necessary to existing conditions.
Collectively, the four phases of the so-called risk management information system.
Information system risk management is a process to assess and control the risks of computer
systems.
Control, Compliance and Security
1.1 Advantage
1.11 Advantage of Control
Internal control can help an entity achieve its performance and profitability targets, and
prevent loss of resources. It can help ensure reliable financial reporting. And it can help
ensure that the enterprise complies with laws and regulations, avoiding damage to its
reputation and other consequences. In sum, it can help an entity get to where it wants to go,
and avoid pitfalls and surprises along the way.
1.12 Advantage of Complience

Does not violate the code of ethics

Does not against the law
Good in the eyes of society

1.13 Advantage of Security

Information security is extremely easy to utilize. For protection of less sensitive

material users can simply password protect files. For the more sensitive material users

can install biometric scanners, firewalls, or detection systems.

As technology increases so will the crimes associated with it. Making the use of

information security very worth while.

It keeps vital private information out of the wrong hands.
For the government it keeps top secret information and cabalities out of terrorist and
enemy nation's hands.

Information security protects users valuable information both while in use and while it
is being stored.

1.2 Disadvantage
1.21 Disadvantage of Control

Suitability of objectives established as a precondition to internal control

Reality that human judgment in decision making can be faulty and subject to bias
Breakdowns that can occur because of human failures such as simple errors
Ability of management to override internal control
Ability of management, other personnel, and/or third parties to circumvent controls

through collusion
External events beyond the organizations control
1.21 Disadvantage of Compliance

Its difficult to establish an ethical culture in an era of scandal

Only part of control, so sometimes can be done or not
If the cost of complience more than benefit, complianc hard to be held

1.23 Disadvantage of Security

Technolgoy is always changing so users must always purchase upgraded information

security.
Since technology is always changing nothing will ever be completely secure.
If a user misses one single area that should be protected the whole system could be

compromised.
It can be extremely complicated and users might not totally understand what they are

dealing with.
It can slow down productivity if a user is constantly having to enter passwords.

SUMBER
https://www.armor.com/resources/security-vs-compliance/ (diakses pada 27 September
2016)
https://www.investopedia.com/ (diakses pada 27 September 2016)
https://www.enablon.com/ (diakses pada 27 September 2016)
https://www.coso.org (diakses pada 27 September 2016)