PENGENDALIAN DAN SISTEM INFORMASI AKUNTANSI GANGGUAN PADA SISTEM

PENGENDALIAN DAN SISTEM INFORMASI AKUNTANSI

GANGGUAN PADA SISTEM INFORMASI AKUNTANSI Klasifikasi gangguan: § Kesalahan pada software dan tidak berfungsinya peralatan, seperti : – Kegagalan hardware – Kesalahan atau terdapat kerusakan pada software, kegagalan sistem operasi, gangguan dan fluktuasi listrik. – Serta kesalahan pengiriman data yang tidak terdeteksi. § Gangguan lingkungan – Gempa bumi – Bencana alam – Listrik § Kesalahan manusia – Kesalahan operasional – Kesalahan data – Kesalahan yang tidak disengaja : kecerobohan – Kesalahan yang disengaja : Sabotase, Penipuan komputer , Penggelapan 2

Tinjauan menyeluruh konsep-konsep pengendalian § Apakah definisi dari pengendalian internal itu ? Pengendalian internal adalah rencana organisasi dan metode bisnis yang dipergunakan untuk menjaga aset, memberikan informasi yang akurat dan andal, mendorong dan memperbaiki efisiensi jalannya organisasi, serta mendorong kesesuaian dengan kebijakan yang telah ditetapkan. 3

4 Framework for Internal Control over Financial Reporting (ICo. FR)

COSO – Internal Control Integrated Framework (“The Framework) § COSO singkatan dari Committee of Sponsoring Organizations of the Treadway Commission. § Sejarahnya, COSO berkaitan dengan Foreign Corrupt Practices Act (FCPA) yang dikeluarkan SEC dan US Congress di tahun 1977 untuk melawan fraud dan korupsi yang marak terjadi di Amerika tahun 70 -an. Perbedaannya adalah FCPA merupakan inisiatif dari eksekutif-legislatif sedangkan COSO lebih merupakan inisiatif dari sektor swasta. 5

COSO – Internal Control Integrated Framework (“The Framework) § Sektor swasta ini membentuk ‘National Commission on Fraudulent Financial Reporting’ atau dikenal juga dengan ‘The Treadway Commission’ di tahun 1985. Komisi ini disponsori oleh 5 professional association yaitu: 1 2 3 4 5 American Accounting Association (AAA) American Institute of Certified Public Accountants (AICPA) Institute of Internal Auditors (IIA) Institute of Management Accountants (IMA) Financial Executives Institute (FEI) § Tujuan komisi ini adalah melakukan riset mengenai fraud dalam pelaporan keuangan (fraudulent on financial reporting) dan membuat rekomendasi 2 yang terkait dengannya untuk perusahaan publik, auditor independen, SEC, dan institusi pendidikan. 6

COSO – Internal Control over Financial Reporting – Guidance for Smaller Public Companies § Komisi ini mengeluarkan report pertamanya pada 1987. Isi reportnya di antaranya adalah merekomendasikan dibuatnya report komprehensif tentang pengendalian internal (integrated guidance on internal control). Sehingga dibentuk COSO, yang kemudian bekerjasama dengan Coopers & Lybrand dalam membuat laporan tersebut. 7

COSO – Internal Control over Financial Reporting – Guidance for Smaller Public Companies § Coopers & Lybrand mengeluarkan report pada 1992, dengan perubahan minor pada 1994, dengan judul ‘Internal Control – Integrated Framework’. § Report ini berisi definisi umum internal control dan membuat framework untuk melakukan penilaian (assessment) dan perbaikan (improvement) atas internal control. § Kegunaan dari report ini salah satunya adalah untuk mengevaluasi FCPA compliance di suatu perusahaan. 8

COSO – Internal Control over Financial Reporting – Guidance for Smaller Public Companies § Komisi ini mengeluarkan report pertamanya pada 1987. Isi reportnya di antaranya adalah merekomendasikan dibuatnya report komprehensif tentang pengendalian internal (integrated guidance on internal control), yang kemudian dibentuk COSO untuk bekerjasama dengan Coopers & Lybrand untuk membuat report itu. § Coopers & Lybrand mengeluarkan report tersebut pada 1992, dengan perubahan minor pada 1994, dengan judul ‘Internal Control – Integrated Framework’. Report ini berisi definisi umum internal control dan membuat framework untuk melakukan penilaian (assessment) dan perbaikan 9(improvement) atas internal control. Kegunaan dari report ini salah satunya adalah untuk

COSO – Internal Control over Financial Reporting – Guidance for Smaller Public Companies § Poin penting dalam report COSO ‘Internal Control – Integrated Framework’ (1992) : § Definisi internal control menurut COSO Suatu proses yang dijalankan oleh dewan direksi, manajemen, dan staff, untuk membuat reasonable assurance mengenai: – Efektifitas dan efisiensi operasional – Reliabilitas pelaporan keuangan – Kepatuhan atas hukum dan peraturan yang berlaku 10

COSO – Internal Control over Financial Reporting – Guidance for Smaller Public Companies § Menurut COSO framework, Internal control terdiri dari 5 komponen yang saling terkait, yaitu: – – – 11 Control Environment Risk Assessment Control Activities Information and communication Monitoring

Viewing Internal Control as Integrated Process § § 12 All five components of internal control set forth in the Framework (Control Environment, Risk Assessment, Control Activities, Information and Communication, and Monitoring) are important to achieving the objective of reliable financial reporting. Each of the Framework’s five components should not be viewed as an “end in itself. ” Rather the components should be viewed as an integrated system working together to reduce risk to reliable financial reporting to an acceptable level.

Basic Principles related to Control Environment 1. Control Environment Integrity and ethical values are developed and understood Articulates values, monitors adherence, addresses deviations Board of directors understand exercise oversight Define authorities, operates independently, monitors risks, retains financial reporting expertise, oversees quality and reliability and oversees audit activities Financial Reporting Competencies are retained Identifies competencies retains individuals and evaluates competencies 13 Management philosophy and operating style support internal control Set the tone, influences attitudes towards accounting principles and estimates and articulates objectives. Organizational structure supports internal control Establishes lines of financial reporting and establishes structure Authorities and responsibilities are assigned Human resources policies and practices facilitate internal control Defines responsibilities and limits authorities Establishes human resource practices, recruits and retains, adequately trains and evaluates performance and compensates

Basic Principles related to Risk Assessment 2. Risk Assessment 14 Identify Financial Reporting Objectives Identify and Analyze Financial Reporting Risks Identify and Assess the Risk of Fraud as it affects the Company Complies with GAAP, supports information disclosures, reflects company activities, is supported by relevant financial statement assertions and considers materiality Includes business processes, personnel and information technology, involves appropriate levels of management, considers both internal and external factors, estimates likelihood and impact and triggers reassessment Considers incentives and pressures, risk factors and establishes responsibilities and accountability

Basic Principles related to Control Activities 3. Control Activities 15 Control Activities integrate with risk assessment Control Activities are selected and developed Mitigates risks, considers all significant points of entry into the company’s G/L and information technology Considers range of activities, includes preventive and detective controls, segregates duties and considers cost vs benefit Policies are established and communicated and result in management directives being carried out Integrates into business processes establishes responsibility and authority occurs on a timely basis thoughtfully implements, investigates exceptions and periodically reassess Information Technology Controls are designed and implemented Includes applications controls considers general computers operations and includes end user computing

Basic Principles related to Information and Communication 4. Information and Communication Financial Reporting Information is identified, captured, used and distributed Captures data includes financial information uses internal and external sources includes operating information and maintains quality 16 Internal control information is identified, captured, used and distributed Internal Communication supports execution of internal control Matters affecting achievements objectives are communicated (External Communication) Captures data triggers and resolutions and update and maintain quality Communications with personnel and board includes separate communication lines and accesses information Provides input and independently assesses

Basic Principles related to Monitoring 5. Monitoring 17 Ongoing and/or separate evaluations enable management to determine function of internal control Internal Control deficiencies are identified and communicated Integrates with operations provides objectives assessment, uses knowledgeable personnel considers feedback adjusts scope and frequency Reports findings and deficiencies and corrects on a timely basis

Designing and Implementing Cost Effective ICo. FR It is a Journey. . . RISK ASSESSMENT Identify and analyze risks to achievement of financial reporting objectives Refine financial reporting objectives based on changes potentially impacting the business 18 Determine which risks could result in a material misstatement to financial statements MONITORING Implement and operate monitoring activities to help ensure that controls continue to operate properly over time Determine how each of the other components, both separately and together, support reliable financial reporting INFORMATION & COMMUNICATI Implement and ON operate information and communication to support internal control CONTROL ENVIRONMENT Implement and operate control environment, setting the tone of the Company CONTROL ACTIVITIES Implement and operate control environment, using a range of activities to reduce risk to objectives A High-Level of Assurance Financial Reporting