1 / 19

Tatakelola dan audit ti

Tatakelola dan audit ti. Indri Sudanawati Rozas. METODE PENILAIAN. Kehadiran 20% UTS 30% UAS 30% Tugas/Projek 20%. RANGE NILAI. BAIK SEKALI > 80 A BAIK 73 – 80 AB SEDANG 65 – 72 B KURANG 57 – 64 BC KURANG SEKALI 49 - 56 C SANGAT KURANG SEKALI 41 - 48 D

lorand
Download Presentation

Tatakelola dan audit ti

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Tatakelola dan audit ti Indri Sudanawati Rozas

  2. METODE PENILAIAN • Kehadiran 20% • UTS 30% • UAS 30% • Tugas/Projek 20% RANGE NILAI • BAIK SEKALI > 80 A • BAIK 73 – 80 AB • SEDANG 65 – 72 B • KURANG 57 – 64 BC • KURANG SEKALI 49 - 56 C • SANGAT KURANG SEKALI 41 - 48 D • Mengulang = 40 E

  3. KONTRAK • Penyampaian Kontrak Perkuliahan. Overview Tatakelola dan Audit TI. • Definisi Tatakelola TI. Urgensi Tatakelola TI. Implementasi Tatakelola TI. Tugas I: Tatakelola TI [SOP+WI] • Framework2 Tatakelola TI. Why framework? Positioning framework. • How to implement Tatakelola TI. • Pembahasan Tugas I Tatakelola TI. • Definisi Audit TI. Skill auditor TI. Softskill vs hardskill. • Metodologi Audit TI. Framework Audit TI. • Menentukan Ruang lingkup Audit TI. BG – ITG – ITP. • RACI chart. Interview. Kuisioner. Observasi. Analisis Kondisi Eksisting. • ML tool. Scale [0; 0,33; 0,66; 1]. Maturity level. • Control Objectives. Rekomendasi Audit TI. • Laporan Audit. Spider Chart. Executive Summary. • Tugas II: Eksplorasi judul penelitian di bidang Tatakelola dan Audit TI. • Pembahasan Tugas II, Bab 1 sd Bab 3. • ---------------------------- UTS ---------------------------- • ---------------------------- UAS ----------------------------

  4. OUTline Minggu I • Tata Kelola TI • Tata Kelola TI ( IT Governance) • Framework Tatakelola TI • Audit SI • Pengertian Audit Sistem Informasi • Tipe / fungsi Dasar Audit • Prinsip Laporan Audit • Metodologi Audit

  5. IT Governance • IT Governance is the responsibility of the Board of Directors and executive management, it is an integral part of enterprise governance and consist of the leadership and organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategy and objectives. (IT Governance Institute, 2001) • Specifying the decision rights and accountability framework to encourage desirable behaviour in using IT. (Peter Weill & Jeanne W Ross – MIT, 2004) • The system by which the current and future use of ICT is directed and controlled. It involves evaluating and directing the plans for the use of ICT to support the organization and monitoring this use to achieve plans. It includes the strategy and policies for using ICT within an organization. (Australian Standard on Corporate Governance of ICT, 2005)

  6. OVERVIEW of AUDIT TI Perusahaan Apakah divisi IT bisa membantu meningkatkan kinerja perusahaan? Divisi x Divisi x Continuous improvement PROSES AUDIT TI Divisi x Divisi x Divisi IT output Nilai Maturity Level (1-5) Rekomendasi

  7. AUDIT TI • IT Audit  sering disebut dengan: • IT Risk Management • I.S. Risk Management • Operational Systems Risk Management • Technology & Security Risk Services • Typically a division of assurance services

  8. Audit TI • Prosespengumpulandanevaluasifakta/buktiuntukmenentukanapakahsistem (terkomputerisasi): • Menjagaaset • Memeliharaintegritas data • Memampukankomunikasi & aksesinformasi • Mencapaitujuanoperasionalsecaraefektif • Mengkonsumsisumberdayasecaraefisien

  9. IT Audit Area • Planning • Organization and Management • Policies and procedures • Security • Regulation and standard

  10. Jenis Audit (Secara Umum) • Compliance • Kinerja • Kecurangan • Sertifikasi

  11. Jenis Audit (IT) • System Audit • Audit terhadap sistem terdokumentasi untuk memastikan sudah memenuhi standar nasional atau internasional • Compliance Audit • Untuk menguji efektifitas implementasi dari kebijakan, prosedur, kontrol dan unsur hukum yang lain • Product / Service Audit • Untuk menguji suatu produk atau layanan telah sesuai seperti spesifikasi yang telah ditentukan dan cocok digunakan

  12. Siapa yang Diaudit • Management • IT Manager • IT Specialist (network, database, system analyst, programmer, dll.) • User

  13. Siapa yang Meng-Audit Tergantung Tujuan Audit • Internal Audit (first party audit) • Dilakukan oleh atau atas nama perusahaan sendiri • Biasanya untuk management review atau tujuan internal perusahaan • Lembaga independen di luar perusahaan • Second party audit • Dilakukan oleh pihak yang memiliki kepentingan thd perusahaan • Third party audit • Dilakukan oleh pihak independen dari luar perusahaan. Misalnya untuk sertifikasi (ISO 9001, BS7799 dll).

  14. Tugas Auditor IT • Memastikan sisi-sisi penerapan IT memiliki kontrol yang diperlukan • Memastikan kontrol tersebut diterapkan dengan baik sesuai yang diharapkan

  15. Ketrampilan yang dibutuhkan • Audit skill : sampling, komunikasi, melakukan interview, mengajukanpertanyaan, mencatat • Generic knowledge : pengetahuanmengenai prinsip2 audit, prosedurdanteknik, sistemmanajemendan dokumen2 referensi, organisasi, peraturan2 yang berlaku • Specific knowledge : background IT/IS, bisnis, specialist technical skill, pengalaman audit sistemmanajemen, perundangan

  16. Prinsip-prinsip Audit • Ethical conduct • Berdasar pada profesionalisme, kejujuran, integritas, kerahasiaan dan kebijaksanaan • Fair Presentation • Kewajiban melaporkan secara jujur dan akurat • Due professional care • Implementasi dari kesungguhan dan pertimbangan yang diberikan • Independence • Evidence-base approach

  17. AUDITOR STANDARDS • American Institute of Certified Public Accountants (AICPA) • Institute of Internal Auditor (IIA) • Internal Federation of Accountants (IFAC) • Information Systems Audit and Control Association (ISACA) • IkatanAkuntan Indonesia (IAI) • Ikatan Audit SistemInformasi Indonesia (IASII) • ISSA (Information System Security Association) Indonesian Chapter

  18. Sertifikasi ISACA • CISA (Certified Information Systems Auditor) • CISM (Certified Information Security Manager) • CISSP (Certified IS Security Professional) • CIA (Certified Internal Auditor) Kualifikasi : Pengalamandanpengetahuanuntukmengidentifikasi, mengevaluasi, danmemberikanrekomendasiberupasolusiuntukmengurangikelemahansistem IT => Mengeluarkansertifikasiuntuk personal auditor

More Related