Sistem Pengendalian Internal
description
Transcript of Sistem Pengendalian Internal
Sistem Pengendalian Internal
Cowbo
y
Problems in Auditing........Problems in Auditing........
The Cowboy after The Cowboy after OSHAOSHA(Occupational & Safety Health Act )(Occupational & Safety Health Act )
4
The COSO Internal Control Integrated Framework
After several significant audit failures occurred during the 1980s, the Committee of Sponsoring Organizations (COSO) formed to redefine internal control and the criteria for determining the effectiveness of an internal control system.
In 1985, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) was formed to sponsor the National Commission on Fraudulent Financial Reporting, whose charge was to study and report on the factors that can lead to fraudulent financial reporting.
A significant part of this mission is aimed at developing guidance on internal control.
5
Defining Risk
To satisfy stakeholders, be successful and gain competitive advantage, organizations need to recognize that the achievement of their business objectives is inextricably linked to risk.
Risk is anything- internal or external - that may impede an organization from achieving its objectives.
Although the common view of risk is a negative event, risk also encompasses uncertainty and opportunity.
So the challenge to management becomes to effectively manage risk by minimizing the negative and maximizing the opportunity to achieve, or exceed, the business objectives.
6
In 1992, COSO published Internal Control-Integrated Framework, which established a framework for internal control and provided evaluation tools that businesses could use to evaluate their control systems.
. The 1992 COSO document, Internal Control - Integrated Framework, changed the way internal control is viewed. The COSO Framework considers not only the evaluation of hard controls, like segregation of duties, but also soft controls, such as the competence and professionalism of employees.
7
4 pagar pengamanan4 pagar pengamanan
1 2 3 4
Values
Kualitas Pengendalian Intern
Peran Internal Auditor
Peran External Auditor
SAS 78, 1995SAS 78, 1995 Mengadopsi pengertian Pengendalian internal Mengadopsi pengertian Pengendalian internal
dari laporan COSO (Committee of Sponsoring dari laporan COSO (Committee of Sponsoring Organization)Organization)
Internal control adalah suatu proses, dijalankan Internal control adalah suatu proses, dijalankan oleh dewan komisaris, managemen, dan oleh dewan komisaris, managemen, dan karyawan lain dari suatu entitas, dirancang untuk karyawan lain dari suatu entitas, dirancang untuk memberikan jaminan memadai sehubungan memberikan jaminan memadai sehubungan dengan pencapaian tujuan dalam kategori sbb:dengan pencapaian tujuan dalam kategori sbb: Keandalan pelaporan keuanganKeandalan pelaporan keuangan Kepatuhan terhadap undang-undang dan peraturan Kepatuhan terhadap undang-undang dan peraturan
yang berlakuyang berlaku Efektivitas dan efesiensi operasional Efektivitas dan efesiensi operasional
Komponen Pengendalian Internal Komponen Pengendalian Internal
COSO says internal control consists of five COSO says internal control consists of five interrelated components that are derived from interrelated components that are derived from the way management runs a business and are the way management runs a business and are integrated into the management process:integrated into the management process:
Control EnvironmentControl Environment Risk AssessmentRisk Assessment Control ActivitiesControl Activities Information and communicationInformation and communication MonitoringMonitoring
Control environment. Control environment. The tone of the The tone of the organization influences the control organization influences the control consciousness of its people. Examples include consciousness of its people. Examples include the integrity, ethical values and competence the integrity, ethical values and competence of employees; management’s philosophy; and of employees; management’s philosophy; and input provided by the board of directors.input provided by the board of directors.
Risk assessment. Risk assessment. Identification and analysis Identification and analysis of risks relevant to achieving corporate goals, of risks relevant to achieving corporate goals, determination of how such risks should be determination of how such risks should be managed and implementation of a process to managed and implementation of a process to address risks associated with change.address risks associated with change.
Control activities. Control activities. Policies, procedures and processes Policies, procedures and processes that help ensure a company carries out management that help ensure a company carries out management directives. Examples include approvals, verifications, directives. Examples include approvals, verifications, reconciliations, reviews of operating performance, reconciliations, reviews of operating performance, security of assets and segregation of duties.security of assets and segregation of duties.
Information and communication. Information and communication. Communication Communication within the company and with external parties such as within the company and with external parties such as customers, regulators and shareholders. For example, customers, regulators and shareholders. For example, reports that contain operational, compliance or financial reports that contain operational, compliance or financial data or that share ideas or events across lines of data or that share ideas or events across lines of business are generated from a company’s information business are generated from a company’s information systems.systems.
Monitoring. Monitoring. Assessing the quality of a company’s Assessing the quality of a company’s internal control systems. This is done through ongoing internal control systems. This is done through ongoing monitoring of activities within the business unit and an monitoring of activities within the business unit and an independent evaluation of existing controls by auditorsindependent evaluation of existing controls by auditors. .
Risiko Bawaan
Risiko Pengendalian
Risiko Audit
Risiko Deteksi
13
Scoping – The COSO Framework
Control ActivitiesMonitoring Assessment of a control
system’s performance over time
Combination of ongoing and separate evaluation
Management and supervisory activities
Internal audit activities
Information & Communication Pertinent information
identified, captured and communicated in a timely manner
Access to internally and externally generated information
Flow of information that allows for successful control actions from instructions on responsibilities to summary of findings for management action
Control Environment Sets tone of organization, influencing
control consciousness of its people
Factors include integrity, ethical values, competence, authority, responsibility, organization structure, HR policies and IT control environment
Foundation for all other components of control
Policies/procedures that ensure management directives are carried out
Range of activities including approvals, authorizations, verifications, recommendations, performance reviews, asset security and segregation of duties
Risk Assessment Risk assessment is the
identification and analysis of relevant risks to achieving the entity’s objectives – forming the basis for determining control activities
14
Risk Assessment Process
Risk Assessment Process
Step 1Goals Key Questions Examples
Set Objectives What are we trying to achieve?Produce reliable financial
statements
Step 2Goals Key Questions Examples
Identify risks to achieving those
objectivesWhat could happen that would
affect our objectives
A natural disaster could destroy computer systems
and data
Step 3Goals Key Questions Examples
Assess Risk
What are the consequences of risk? What is likelihood event
will occur?Consequences are severe;
likelihood is slight
Step 4Goals Key Questions Examples
Manage Risk
In light of the assessment, what is the most cost-effective way
to manage the risk>
Insure against loss. Develop business recovery
plan. Self-insure
Step 5Goals Key Questions Examples
Define Control Objective
For risks to managed through internal control, what are the
control objectives?
Implement recovery plan that reduces the impact of
a natural disaster.
Step 6Goals Key Questions Examples
Design Control
How should the control be designed to prevent or detect
identified risk?
Design recovery plan. Implement plan.
Test on a regular basis.
CONTROL ACTIVITIES
15
Anti-Fraud Provisions
The SEC’s rules relating to management’s reports on internal control include commentary on the background of the rules and insight on how the rules should be interpreted and implemented, including:
– The assessment of a company’s internal control over financial reporting must be based on procedures sufficient both to evaluate its design and to test its operating effectiveness. Controls subject to such assessment include, but are not limited to: …controls related to the prevention and detection of fraud.
In addition to the SEC guidance, the PCAOB, in its Auditing Standards #2, has stated the following:
– That management's responsibility when designing a company's internal control over financial reporting is to design and implement programs and controls to prevent, deter, and detect fraud.
– Management, along with those who have responsibility for oversight of the financial reporting process (such as the audit committee), should set the proper tone; create and maintain a culture of honesty and high ethical standards; and establish appropriate controls to prevent, deter, and detect fraud.
16
Perolehan Pemahaman Perolehan Pemahaman Pengendalian Internal Pengendalian Internal
Metodologi audit untuk memenuhi standar Metodologi audit untuk memenuhi standar pekerjaan lapangan kedua:pekerjaan lapangan kedua: Pemahaman cukup atas komponen-komponen Pemahaman cukup atas komponen-komponen
pengendalian internal untuk merencanaan pengendalian internal untuk merencanaan auditaudit
Penilaian risiko kontrol untuk setiap asersi Penilaian risiko kontrol untuk setiap asersi penting yang ada dlam saldo akun atau penting yang ada dlam saldo akun atau kelompok transaksi dan komponen kelompok transaksi dan komponen pengungkapan dari laporan keuangan pengungkapan dari laporan keuangan
Perancangan pengujian substantif untuk setiap Perancangan pengujian substantif untuk setiap asersi penting elemen laporan keuangan asersi penting elemen laporan keuangan
Dokumentasi PemahamanDokumentasi Pemahaman Angket (questionnaires)Angket (questionnaires)
Rangkaian pertanyaan ya/tidak tentang pengendalian Rangkaian pertanyaan ya/tidak tentang pengendalian internal yang diperlukan untuk mencegah salahsaji internal yang diperlukan untuk mencegah salahsaji materialmaterial
Bagan alirBagan alir Diagram sistematik dg memakai simbol standar, garis Diagram sistematik dg memakai simbol standar, garis
penghubung dan penjelasanpenghubung dan penjelasan Tabel keputusanTabel keputusan
Matriks yang digunakan mendokumentasikan logika Matriks yang digunakan mendokumentasikan logika program komputerprogram komputer
MemorandaMemoranda Komentar tertulis auditor tentang pengendalian internal Komentar tertulis auditor tentang pengendalian internal