LM FEB UIWebinar Series, “Overview of Audit Assessment in General and Risk Monitoring”
Nino Eka Putra ~ PR of FEB UI
DEPOK – (22/8/2020)
A webinar series, entitled “Overview of Internal Audit Assessment on its’ Risk and General Control” on Saturday (22/8/2020) was held by the Management Institute, Faculty of Economics and Business, Universitas Indonesia.
This webinar series was conducted with resource persons, Robert Porhas L. Tobing, SE, M.BA., Associate Consultant of LM FEB UI, and Rama Kurnia, SE, MA., Governor of Academic Relations IIA Indonesia, moderated by Rini Yulius, M . Ak., ERMCP., Senior Consultant LM FEB UI.
Robert Porhas L. Tobing, said that internal audit is an independent and objective insurance and consulting activity designed to provide added value and improve organizational operations. Internal audit helps the organization achieve its objectives through a systematic and orderly approach, in evaluating and improving the effectiveness of risk management, control and governance processes.
As a general rule, the head of internal audit must prepare a risk-based plan to determine priorities for internal audit activities; in accordance with the objectives of the organization. In addition, the internal audit activity must assess how the organization’s information technology (IT) governance has supported the organization’s strategy and goals. Therefore, an IT security system that is confidential, integrated, and available must be in place.
Robert stated that “Information systems auditors (SI) conduct tests on information systems (SI) to determine conformity with laws, regulations, agreements, and industry directives according to governance criteria and procedures; to make sure that IS data and information have adequate confidentiality, integrity and availability, and IS operations have been carried out effectively and efficiently according to the applied targets. “.
Rama Kurnia continued that the IT control hierarchy consists of technicalities of management and government (policy). The IT planning and development process audit includes understanding the business, defining the IT scope, carrying out risk assessments, and formulating an audit plan.
Rama added that “The principle of assessing information technology general control (ITGC) is to understand the relationship between business processes and ITGC core controls, to measure the likelihood and impact of risk, and the ineffectiveness of ITGC which may not have a direct impact on business processes. The ITGC assessment must be carried out thoroughly to cover the main business processes and ITGC testing including manual and automatic controls.”
Rama continued that the measure of the effectiveness of the ITGC has a criteria, including the minimum number of incidents that damage the reputation of the organization, the minimum of systems that do not meet the security criteria, and the minimum of violations of segregation of duties.
Because organizations rely on IT to carry out their operations, IT risk is classified as an on-going issue. The organization must ensure that IT controls and risks are adequate. The application of controls must consider the costs and benefits to the organization. Internal auditors can perform periodic tests of IT controls and ensure that significant IT risks have been identified and measured. To ensure business continuity, an organization must have a plan that can effectively anticipate disruptions that may hinder the organization’s business. (hjtp)