Beruflich Dokumente
Kultur Dokumente
Auditing
Presented by Instructor Team
Agenda
1. Introduction to Information System Auditing
2. Introduction to the Basis of IT-related Business Risks and Controls
3. Integration of Financial Audit and IS Audit
4. Application of IS Audit and Web Trust
Definition: Information Systems Auditing
(Ron Webber)
IS Audit Objectives
Asset Safeguarding
The assets of a computer installation include hardware, software, people,
data files, system documentation, and supplies must be protected by system
of internal control.
Data Integrity
Agenda
1. Introduction to Information System Auditing
2. Introduction to the Basis of IT-related Business Risks and Controls
3. Integration of Financial Audit and IS Audit
4. Application of IS Audit and Web Trust
Specific Industry Application
• Reporting Systems
• Call Center
• Enterprise Resource Planning
• Office Automation
• Cloud Computing
The Need for Control and IS Audit
Your business processes depend on the computer applications
and data that support them - so you need to be sure that your data
and systems are secure. Yet, all the time, rapid changes in
business and technology keep increasing your organization's
control and security challenges - and reducing your reaction time.’
Confidentiality
Integrity
Availability
General Control
The controls can be thought
of as existing within a General IT controls are
hierarchy that relies on the typically pervasive
operating effectiveness in nature and are
interconnectivity of the addressed through various
controls as well as the audit avenues.
realization that failure of a Application Control
set of controls can lead to
Application controls provide
increased reliance and
another category of controls
necessary examination of
and include controls within
other control groups
an application around input,
processing, and output.
IT Controls
Computer
Application Application
Controls Systems and
Program
INTERNAL
CONTROLS
Application
Systems
Development/
Changes
General
Controls
Computer
Service Center
(Operations
and Security)
IT Controls and Financial Reporting
Information Technology
Risk and Controls
Information System Audit Course
Agenda
1. Introduction to Information System Auditing
2. Introduction to the Basis of IT-related Business Risks and Controls
3. Integration of Financial Audit and IS Audit
4. Application of IS Audit and Web Trust
Financial Audit Objective and External
Auditors’ Responsibility
Agenda
1. Introduction to Information System Auditing
2. Introduction to the Basis of IT-related Business Risks and Controls
3. Integration of Financial Audit and IS Audit
4. Application of IS Audit and Web Trust
Agenda 4: Application of IS Audit and Web Trust
Web Trust – Sys Trust Certification
Agenda 4: Application of IS Audit and Web Trust
Catatan
WebTrust Defined
pemenuhan prinsip
PROCESSING
INTEGRITY
Melalui Systrust
(lihat slide berikut)
Ernst &Young’s seal - Cyber Process Certification Agenda 4: Application of IS Audit and Web Trust
Agenda 4: Application of IS Audit and Web Trust
Report of Management
Contoh Penerapan WebTrust
Agenda 4: Application of IS Audit and Web Trust
Report of Independent
Report of Independent Accountant
Accountants
Agenda 4: Application of IS Audit and Web Trust
Sertifikasi Pada Internet Banking
VeriSign
Certificate
Agenda 4: Contoh Penerapan: Audit Laporan Keuangan & Web Trust
Sertifikasi Pada Internet Banking
Comparison of Seals
Transaction
Privacy of Security of Business Processing
Product Cost Data Data Policies Integrity
BBBOnline Low NO NO Lightly NO
Covered
TRUSTe Low YES NO NO NO
Veri-Sign Low to NO YES: Data NO NO
Medium Transmittal
NO: Data
Storage
ICSA High YES YES Somewhat Lightly
Covered Covered
WebTrust High YES YES YES YES
End of Presentation
Thank You.