Audit Sistem Informasi

M08 - ID
 Business Application
System

• To develop effective audit program, the IS

auditor must obtain a clear understanding of
the application system
 E - Commerce

• E commerce models
– B to C relationship
– B to B relationship
– B to E relationship
– B to G relationship
– C to G relationship
– X to X relationship
 E-Commerce RIsk

• Confidentiality
• Integrity
• Availability
• Autentification and nonrepudation
• Power shift to customers
 E-Commerce
Requirements

• Build a business case

• Develop clear business purpose
• Use technolgy to first improve costs
• Build business case
 E-Commerce

• IS Auditor should assess applicabale use of

– Security mechanisms and procedure
– Firewall mechanisms
– A process whereby participants in e-Commerce
– Digital signature
– Infrastructure to amanage and control a public key
– Logs of E-Commerce applications
 EDI

• The benefits :
– Less paperless
– Fewer errors during the exchange of information
– Improve information flow
– No unnecessary rekeying of data
– Fewer delays in communication
– Improved invoicing and payment process
 EDI

• General Requirements
– Required communications software, translation
software and access to standards
– To build a map
– To handle errors and exceptions
 Web based EDI

• Internet – through – internet service provider

for all computer connected to the internet
• Its ability to attract new partners via web
based sites
• New security products available to address
issues of condentiality
 Control in EDI
Environment

• Use appropriate encryption techniques when

using public internet
• Perform edit checks
• Perform additional computerized checking
• Log each inbpund transactions
• Segment count totals
• Control techniques
 IS Auditor evaluate EDI

• An IS Auditor must review

– Internet encryption process
– Edit checks
– Additional computerized checked
– Batch Controls Total
 E-mail

• Two principal component

– Mail serves
– Clients
 Security issue with
E-Mail

• Flaws in the configuration of the mail server

application
• DoS attacks may be directed to the mail server
• Sensitive information transmitted
unencryption between mail server and client
• Viruses and other types
• Users may send inappropriate
• Digital signatures are a good method of
securing e-mail transmissionsin that
– The signature cannot be forged
– The signature is authentic and encrypted
– The signature cannot be reused
– The signed document cannot be altered
 E-Banking

• Three categories Risk management controls

– Board and management oversight
– Security controls
– Legal and reputational risk management
 E-Finance

• Advantage of E-Finance :
– Lower costs
– Increased breadth and quality
– Widening access to financial services
– A synchrony
– A topy
 E-Funds Transfer

• The exchange of maoney via

telecommunications without currency actually
changing hands
• Allows partiesto move money from one
account to another
• Usually function via an internal bank transfer
from one party’s account to another
 AI and ES

• The study and applications of the principles :

– Knowledge is acquired and used
– Goals are generated and achieved
– Information is communicated
– Collaboration are formed
– Concept are formed
– Language are developed
 AI

• Include
– Expert systems
– Natural and artificial
– Neural networks
– Intelligent text management
– Theorm proving
– Abstract reasoning
– Pattern recognition
– Problem solving
– Machine translation
 AI

• IS auditor should be :
– Understand the purpose and functionality the
system
– Assess the system
– Review the adherence of the system
– Review procedures
– Review security access