prev
next
out of 22

Bab III Coso & Cobit

Tags:

Embed Size (px)

Citation preview

Pertemuan ke-3 Audit Berbasis Komputer

1. EDP Audit Bab 3 & 5 (Akmal & Marmah Hadi) 2. PP No.60 Tahun 2006 tentang Sistem Pengendalian Intern Pemerintah (SPIP) 3. Implementing COBIT in Higher Education: Practices That Work Best (Claude L. Council, Ph.D., CISM), dipresentasikan Karyo Budi Utomo dkk

lingkungan pengendalian; penilaian risiko; kegiatan pengendalian; informasi dan komunikasi; dan pemantauan pengendalian intern.

Pimpinan Instansi Pemerintah wajib menciptakan dan memelihara lingkungan pengendalian yang menimbulkan perilaku positif dan kondusif untuk penerapan SPI dalam lingkungan kerjanya. Dapat dicapai dengan : a. penegakan integritas dan nilai etika ex : Penyusunan kode etik/SOP, reward & punishment kasus BPK, KPK, BI b. komitmen terhadap kompetensi ex : rekruitmen dengan kualifikasi SDM tertentu, standar kompetensi, kewajiban diklat, promosi staf yang kompeten, c. kepemimpinan yang kondusif; ex : leading by example, set tone from the top, interaksi atasan bawahan

d. pembentukan struktur organisasi yang sesuai dengan kebutuhan; ex : hemat struktur, kaya fungsi; jumlah sdm yang sesuai komisi2 yang tidak perlu e.pendelegasian wewenang dan tanggung jawab yang tepat; ex : kewenangan & tj sesuai posisi f. penyusunan dan penerapan kebijakan yang sehat tentang pembinaan SDM; ex : pola rekruitmen, rekam jejak, asesment g. perwujudan peran APIP yang efektif; ex : reformasi APIP h. hubungan kerja yang baik dengan Instansi Pemerintah terkait. ex : check & balance, DKP vs Depdag, Polri vs Kejaksaan vs KPK

Instansi Pemerintah menetapkan: 1. tujuan Instansi Pemerintah; dan 2. tujuan pada tingkatan kegiatan Dilaksanakan juga 1. Identifikasi risiko; dan 2. Analisis risiko (yang telah diidentifikasi)

Analisa SWOT : strenght, weakness, opportunity, threats Know yourself, know your enemy, know your terrain

and you will be victory (Sun Tzu)

Tujuan : Mendidik dan mempersiapkan calon PNS di lingkungan Kemkeu dan Instansi terkait yang kompeten dan berintegritas Tujuan per mata kuliah GBPP Resiko : 1. USM tidak fair/ada kecurangan kualitas input rendah 2. Rekruitmen tidak disetujui generasi yang hilang 3. Anggaran kecil sarana prasaran tidak memadai 4. Mata kuliah tidak relevan dengan dunia kerja update

Pimpinan Instansi Pemerintah wajib menyelenggarakan kegiatan pengendalian sesuai dengan ukuran, kompleksitas, dan sifat dari tugas dan fungsi Instansi Pemerintah yang bersangkutan. Sekurang- kurangnya memiliki karakteristik sebagai berikut: 1. diutamakan pada kegiatan pokok Instansi Pemerintah; 2. dikaitkan dengan proses penilaian risiko; 3. dipilih disesuaikan dengan sifat khusus Instansi Pemerintah; 4. kebijakan dan prosedur harus ditetapkan secara tertulis; 5. prosedur yang telah ditetapkan harus dilaksanakan sesuai yang ditetapkan secara tertulis; dan 6. dievaluasi secara teratur untuk memastikan bahwa kegiatan tersebut masih sesuai dan berfungsi seperti yang diharapkan.

reviu atas kinerja Instansi Pemerintah yang bersangkutan; reviu oleh APIP, pemeriksaan kinerja oleh BPK pembinaan sumber daya manusia; prosedur rekrutmen, diklat, sistem kompensasi, program kesejahteraan dan fasilitas pegawai, ketentuan disiplin pegawai, sistem penilaian kinerja, rencana pengembangan karir. pengendalian atas pengelolaan sistem informasi; pengendalian umum (pengamanan sistem informasi; pengendalian atas akses; pengendalian atas pengembangan dan perubahan perangkat lunak aplikasi; pengendalian atas perangkat lunak sistem; pemisahan tugas; dan kontinuitas pelayanan.) pengendalian aplikasi (pengendalian otorisasi; pengendalian kelengkapan; pengendalian akurasi; dan pengendalian terhadap keandalan pemrosesan dan file data.

pengendalian fisik atas aset; inventarisasi fisik, kendali atas aset, Lap BMN penetapan dan reviu atas indikator dan ukuran kinerja; menetapkan & mengukur IKU (indikator kinerja utama) pemisahan fungsi; bendaharawan otorisasi keputusan penting, pencatatan yang akurat dan tepat waktu atas transaksi dan kejadian; cut off, accuracy pembatasan akses atas sumber daya dan pencatatannya; akuntabilitas terhadap sumber daya dan pencatatannya; dan dokumentasi yang baik atas SPI serta transaksi dan kejadian penting.

Dengan cara : menyediakan dan memanfaatkan berbagai bentuk dan sarana komunikasi; dan mengelola, mengembangkan, memperbarui sistem informasi secara terus menerus. Contoh : Extern : website, siaran pers, cs online (kring pajak 500200, tmc polda metro, bank) Intern : portal, mekanisme whistleblower, rapat & diskusi

Melalui Pemantauan berkelanjutan, evaluasi terpisah, dan tindak lanjut rekomendasi hasil audit dan reviu lainnya. Pemantauan berkelanjutan : pengelolaan rutin, supervisi, pembandingan, rekonsiliasi, dan tindakan lain yang terkait dalam pelaksanaan tugas. 2. Evaluasi terpisah sebagaimana dimaksud dalam Pasal 43 ayat (2) diselenggarakan melalui penilaian sendiri, reviu, dan pengujian efektivitas Sistem Pengendalian Intern oleh APIP atau pihak eksternal pemerintah (BPK). 3. Tindak lanjut hasil audit APIP & BPK.1.

CobiT : Control Objectives for Information and related Technology Dikembangkan oleh ITGI (Information Technology Governance Institute) Cobit dirancang sebagai alat pengendalian IT yang membantu dalam pemahaman dan memanage resiko, manfaat serta evaluasi yang berhubungan dengan IT

COBIT: An IT Control Framework

COBITs Vision

Sebagai model untuk penguasaan IT

COBITs Mission

Melakukan penelitian, pengembangan, publikasi dan promosi terhadap control objective dari teknologi informasi yang secara umum diterima di lingkungan internasional untuk pemakaian sehari-hari oleh manager dan auditor

TI sejalan dengan tujuan organisasi TI dapat menjadi suatu bisnis yang menghasilkan manfaat Sumber daya TI digunakan secara bermanfaat Resiko TI dikelola secara memadai

Pensejajaran Strategi

Pengukuran Kinerja

Nilai hasil

Tata Kelola TI yang baik

Manajemen SD

Manajemen resiko

Pensejajaran strategi : kesesuaian antara rencana bisnis dan rencana TI Nilai hasil : hasil dari TI memberikan manfaat dan membutuhkan biaya yang wajar Manajemen SD : investasi yang optimal dan manajemen yang memadai atas hardware, software, brainware Manajemen Resiko : kepedulian, pemahaman para pejabat terhadap resiko penggunaan TI Pengukuran kinerja : TI mendukung pengukuran kinerja, misal : balance scorecard

COBIT FrameworkHow do they relate?IT ResourcesData Information Systems Technology Facilities Human Resources

IT ProcessesPlan and Organise(Perencanaan & Org.)

Business RequirementsEffectiveness(efektifitas) Efficiency (Efisiensi) Confidentiality (Rahasia) Integrity (Integritas) Availability (Ketersediaan) Compliance (Pemenuhan) Information Reliability (Kehandalan Informasi)

Acquire and Implement(Pengadaan & Implementasi)

Deliver and Support(Pengantaran & dukungan)

Monitor and Evaluate(Pengawasan &Evaluasi)

COBIT FrameworkTerse Tersedianya sumber daya ITBagaimana IT diorganisir unt bereaksi thd suatu kebutuhan

Apa yang stakeholders harapkan dari IT

How do they relate?

IT Resources Data Information Systems Technology Facilities Human Resources

IT Processes Planning and organisation Acquisition and implementation Delivery and Support Monitoring

Business Requirements Effectiveness Efficiency Confidentiality Integrity Availability Compliance Information Reliability

COBIT FrameworkCDomainsPlan and OrganiseTopics

Acquire and ImplementTopics

Strategi dan taktik Merencanakan Visi Organisasi and infrastruktur Apakah IT dan strategi bisnis sudah ditetapkan? Apakah perusahaan sudah menggunakan secara maksimum sumber dayanya? Apakah semua orang di dlm org. sudah memahami sasaran IT? Apakah resiko IT sudah dipahami & diatur? Apakah mutu sistem IT sudah sesuai dgn kebutuhan bisnis?

Questions

IT solutions Perubahan dan Pemeliharaan Apakah proyek baru dapat memberikan solusi terhadap kebutuhan bisnis? bisnis? Apakah proyek baru dapat selesai tepat waktu dan sesuai anggaran? anggaran? Apakah sistem kerja yg baru bisa diterapkan dgn baik? baik? Apakah perubahan yg dibuat tdk merepotkan kegiatan bisnis yg berjalan? berjalan?

Questions

COBIT DomainsDomainsDeliver and SupportTopics

Monitor and EvaluateTopics

Layanan pengantaran& dukungan Dukungan proses penyusunan Pengolahan sistem aplikasi Apakah layanan IT yg diberikan sesuai dgn prioritas bisnis? Apakah biaya IT dapat dioptimalkan? Apakah pekerja mampu menggunakan sistem IT lebih produktif dan aman? Apakah keamanan, integritas dan ketersediaan sudah pada tempatnya?

Questions

Penilaian over time, jaminan pengiriman Sistem pengendalian manajemen kesalahan Pengukuran pekerjaan Dapatkan IT mendeteksi suatu permasalahan sebelum semuanya terlambat? terlambat? Apakah jaminan kemandirian yg diperlukan dpt memastikan bidang2 kritis bisa beroperasi sesuai dgn yg diharapkan? diharapkan?

Questions

COBIT FrameworkM1 M2 M3 M4 Monitor the process Assess internal control adequacy Obtain independent assurance Provide for independent audit

Criteria Effectiveness Efficiency Confidentiality Integrity Availability Compliance Reliability

IT RESOURCES

PO1 Define a strategic IT plan (menggambarkan) PO2 Define the information architecture PO3 Determine the technological direction (menentukan) PO4 Define the IT organisation and relationships PO5 Manage the IT investment PO6 Communicate management aims and direction PO7 Manage human resources PO8 Ensure compliance with external requirements (memast PO9 Assess risks (menilai) PO10 Manage projects PO11 Manage quality

Data Application systems Technology Facilities People

PLAN AND ORGANISE

MONITOR AND EVALUATEDS1 Define service levels DS2 Manage third-party services DS3 Manage performance and capacity DS4 Ensure continuous service DS5 Ensure systems security DS6 Identify and attribute costs DS7 Educate and train users DS8 Assist and advise IT customers DS9 Manage the configuration DS10 Manage problems and incidents DS11 Manage data DS12 Manage facilities DS13 Manage operations

ACQUIRE AND IMPLEMENT

DELIVER AND SUPPORT

AI1 AI2 AI3 AI4 AI5 AI6

Identify automated solutions Acquire and maintain application software Acquire and maintain technology infrastructure Develop and maintain IT procedures Install and accredit systems Manage changes


Governance SPICE 6th EU Certificates (EUCert) Days, “Politehnica” University of Timişoara, Romania, 22 - 23 September 2011 Applying COSO/COBIT SPICE based

Governance SPICE 6th EU Certificates (EUCert) Days, “Politehnica” University of Timişoara, Romania, 22 - 23 September 2011 Applying COSO/COBIT SPICE based

Documents
DUBAL’s ISO 31000-based ERM Program - grc- · PDF fileDUBAL’s ISO 31000-based ERM Program ... Prashant Rao Murari ... SOX, OSHA, EH&S, FCPA, IT, ISO, NIST, COSO, COBIT

DUBAL’s ISO 31000-based ERM Program - grc- · PDF fileDUBAL’s ISO 31000-based ERM Program ... Prashant Rao Murari ... SOX, OSHA, EH&S, FCPA, IT, ISO, NIST, COSO, COBIT

Documents
Stay Ahead of the Risk - Actuaries Institute · Landscape is becoming increasingly complex…. Turnbull Report COSO & COBIT Barings Collapse LTCM Collapse

Stay Ahead of the Risk - Actuaries Institute · Landscape is becoming increasingly complex…. Turnbull Report COSO & COBIT Barings Collapse LTCM Collapse

Documents
What is IT governance, Cobit, COSO, and - Chapters Site Archive... · Cobit, COSO, and Governance, Oh My! IIA / ISACAWNY Conference – December 11, 2013 Don Redman CISM, CISA, CRISC

What is IT governance, Cobit, COSO, and - Chapters Site Archive... · Cobit, COSO, and Governance, Oh My! IIA / ISACAWNY Conference – December 11, 2013 Don Redman CISM, CISA, CRISC

Documents
13 COSO I Vrs COSO II

13 COSO I Vrs COSO II

Documents
Cobit 4.1 vs Cobit 5

Cobit 4.1 vs Cobit 5

Documents
An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0

An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0

Documents
COBIT® 5 Supplementary Guide for the COBIT 5 Process ...campus.itpreneurs.com/itpreneurs/LPEngine/Cobit/Foundation/English... · COBIT® 5 Supplementary Guide for the COBIT 5 Process

COBIT® 5 Supplementary Guide for the COBIT 5 Process ...campus.itpreneurs.com/itpreneurs/LPEngine/Cobit/Foundation/English... · COBIT® 5 Supplementary Guide for the COBIT 5 Process

Documents
Governance SPICE - 2017.eurospi.net2017.eurospi.net/images/Documents/WS5/presentation-governance-s… · Governance SPICE Using COSO and COBIT Process Assessment Models Linking Governance

Governance SPICE - 2017.eurospi.net2017.eurospi.net/images/Documents/WS5/presentation-governance-s… · Governance SPICE Using COSO and COBIT Process Assessment Models Linking Governance

Documents
Corporate in control - PwC€¦ · Corporate in control 4 PwC. L3M ... processes, with checks & controls, so that ... using existing COSO and CobiT models

Corporate in control - PwC€¦ · Corporate in control 4 PwC. L3M ... processes, with checks & controls, so that ... using existing COSO and CobiT models

Documents
COBIT Self-assessment Guide: Using COBIT 5

COBIT Self-assessment Guide: Using COBIT 5

Documents
SOX COBIT COSO - University Of Illinoiscitebm.business.illinois.edu/TWC Class/Pr…  · Web view · 2006-05-17ING’s CoBIT case study ... The ING case study indicates co-variance

SOX COBIT COSO - University Of Illinoiscitebm.business.illinois.edu/TWC Class/Pr…  · Web view · 2006-05-17ING’s CoBIT case study ... The ING case study indicates co-variance

Documents
Comparing COBIT 4.1 and COBIT 5 Comparing COBIT 4.1 and COBIT 5 Presented by

Comparing COBIT 4.1 and COBIT 5 Comparing COBIT 4.1 and COBIT 5 Presented by

Documents
COSO Enterprise Risk Management …...Framework now? 1 Who is COSO and what is the COSO ERM Framework? Introducing COSO COSO recognises the growing expectation of organisations to

COSO Enterprise Risk Management …...Framework now? 1 Who is COSO and what is the COSO ERM Framework? Introducing COSO COSO recognises the growing expectation of organisations to

Documents
Sarbanes-Oxley, COSO, ERM, COBIT, IFRS, BASEL II, · PDF fileSarbanes-Oxley, COSO, ERM, COBIT, IFRS, BASEL II, OMB A-123, ASX 10, OECD Principles, Turnbull Guidance, Best Practices,

Sarbanes-Oxley, COSO, ERM, COBIT, IFRS, BASEL II, · PDF fileSarbanes-Oxley, COSO, ERM, COBIT, IFRS, BASEL II, OMB A-123, ASX 10, OECD Principles, Turnbull Guidance, Best Practices,

Documents
Introduction to Coso & Cobit

Introduction to Coso & Cobit

Documents
COSO - sfmagazine.com · COSO ’92 and COSO ERM and what it requires as well. Interestingly, the agency has no point person on COSO per se or COSO ERM or risk management in general.“The

COSO - sfmagazine.com · COSO ’92 and COSO ERM and what it requires as well. Interestingly, the agency has no point person on COSO per se or COSO ERM or risk management in general.“The

Documents
Enterprise Governance of IT - s u · Implementation status COBIT and VALIT . 2,50 2,60 2,70 2,80 2,90 3,00 3,10 3,20 3,30 3,40 3,50 COBIT PO COBIT AI COBIT DS COBIT ME COBIT Total

Enterprise Governance of IT - s u · Implementation status COBIT and VALIT . 2,50 2,60 2,70 2,80 2,90 3,00 3,10 3,20 3,30 3,40 3,50 COBIT PO COBIT AI COBIT DS COBIT ME COBIT Total

Documents
RELATING THE COSO INTERNAL CONTROL INTEGRATED FRAMEWORK ...informationsecurity.report/Resources/Whitepapers/f9d00ce2-f760-4be... · ... Control—Integrated Framework and COBIT

RELATING THE COSO INTERNAL CONTROL INTEGRATED FRAMEWORK ...informationsecurity.report/Resources/Whitepapers/f9d00ce2-f760-4be... · ... Control—Integrated Framework and COBIT

Documents
Introduction - Home - Cloud Security Alliance€¦  · Web viewThis guidance can take the form of the COBIT, COSO, ISO 27000, CSA Guidance, ... The mail transfer agent is the mail

Introduction - Home - Cloud Security Alliance€¦  · Web viewThis guidance can take the form of the COBIT, COSO, ISO 27000, CSA Guidance, ... The mail transfer agent is the mail

Documents
Integrating COBIT 5 With COSO 2013 - ISACA€¢Define the Project Plan and Methodology –Finalize Methodology ... Integrating COBIT 5 With COSO 2013 •Version 3.0 of PCI-DSS was

Integrating COBIT 5 With COSO 2013 - ISACA€¢Define the Project Plan and Methodology –Finalize Methodology ... Integrating COBIT 5 With COSO 2013 •Version 3.0 of PCI-DSS was

Documents
Overview of Frameworks: Cobit, COSO ITIL ISOCOSO, · PDF fileOverview of Frameworks: Cobit, COSO ITIL ISOCOSO, ITIL, ISO, anddoe more Jennifer F. Alfafara, CISA Consultant

Overview of Frameworks: Cobit, COSO ITIL ISOCOSO, · PDF fileOverview of Frameworks: Cobit, COSO ITIL ISOCOSO, ITIL, ISO, anddoe more Jennifer F. Alfafara, CISA Consultant

Documents
Integrating COBIT 5 With COSO 2013 - ISACA · Integrating COBIT 5 With COSO 2013 Audit Committee Expectations •In the opening keynote address at the 2014 Governance, Risk, and Control

Integrating COBIT 5 With COSO 2013 - ISACA · Integrating COBIT 5 With COSO 2013 Audit Committee Expectations •In the opening keynote address at the 2014 Governance, Risk, and Control

Documents
2 IT Control Objectives for Sarbanes-Oxley, 2 - Autenticação · APPENDIX B—COSO AND COBIT ... APPENDIX F—PROJECT ESTIMATING TOOL ... comments received were addressed through

2 IT Control Objectives for Sarbanes-Oxley, 2 - Autenticação · APPENDIX B—COSO AND COBIT ... APPENDIX F—PROJECT ESTIMATING TOOL ... comments received were addressed through

Documents
Laying a FAIR Foundation - NYMISSA · including COSO, ITIL, ISO/IEC 27002, COBIT, OCTAVE, etc. It provides ... – The number of BYOD devices is expected to be between 1200 and 1300

Laying a FAIR Foundation - NYMISSA · including COSO, ITIL, ISO/IEC 27002, COBIT, OCTAVE, etc. It provides ... – The number of BYOD devices is expected to be between 1200 and 1300

Documents
La TI en el ICOFR y el uso del modelo CobiT. sox-vs-cobit.pdf · Usando Cobit para soportar el ICOFR Controles de TI en el ICOFR Cobit vs COSO Controles de TI a nivel de la Entidad

La TI en el ICOFR y el uso del modelo CobiT. sox-vs-cobit.pdf · Usando Cobit para soportar el ICOFR Controles de TI en el ICOFR Cobit vs COSO Controles de TI a nivel de la Entidad

Documents
COBIT - all together now! - · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

COBIT - all together now! - · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

Documents
Comparing COBIT 4.1 and COBIT 5

Comparing COBIT 4.1 and COBIT 5

Documents
Singapore Quick Guide to the COSO - Protiviti...The COSO Enterprise Risk Management-Integrated Framework and the COSO Internal Control-Integrated Framework (COSO Frameworks) are internationally

Singapore Quick Guide to the COSO - Protiviti...The COSO Enterprise Risk Management-Integrated Framework and the COSO Internal Control-Integrated Framework (COSO Frameworks) are internationally

Documents
Achieving Enterprise Resiliency And Corporate Certification · Use Best Practices like CERT / COSO, CobIT, ITIL.v3 Mainframe, Mid-Range, Client / Server, and PC safeguards Communications

Achieving Enterprise Resiliency And Corporate Certification · Use Best Practices like CERT / COSO, CobIT, ITIL.v3 Mainframe, Mid-Range, Client / Server, and PC safeguards Communications

Documents