Professional Documents
Culture Documents
CONTROL
RANGGA, QILA, PUTRI, DEYE, DITA
Outline
Peran Internal Audit dalam Penilaian
(Kontrol)
Komponen Internal Control-COSO
Control
Definitions for External auditor: Internal control is a process affected
by an activitys BOD, management or other personnel-designed to provide
reasonable assurance regarding the achievement of objectives.
Definitions for Internal Auditor: Control is the employment of all the
means devised in an enterprise to promote, direct, restrain, govern, and
check upon its various activities for the purpose of seeing that enterprise
objectives are met.
Control is a suitable system of internal check should eliminate the
need for a detailed audit
The importance of
Control to the Internal
Auditor
Operati
ng
System
Control
System
CONTR
CONTR
OL BY
BY
INTERN
AL
AL
AUDIT
AUDIT
OR
OR
OBJECTIVES
Importance of Internal
Controls
Internal and external auditors have many different objectives.
Most references to auditors apply to internal auditors, who have
a major responsibility to understand and assess COSO internal
controls.
10
FCPA Facts
the FCPA record-keeping requirements applied to
all public corporations registered with the SEC.
It contained provisions requiring the maintenance
of accurate books and records as well as systems
of internal accounting control.
The FCPA required that companies maintain a
system of internal accounting controls sufficient to
provide reasonable assurances that
transactions are authorized and recorded to permit
preparation of financial statements in conformity
with GAAP.
12
13
SAS No. 55
Begin with expectation gap of SAS no. 1
the AICPA released a series of new SASs
between 1980 and 1985, guidance for the
terminology to be used in internal accounting
control reports.
SAS no. 55: Control environment, accounting
system, control procedures
AUDIT INTERNAL FEB UI 2015
14
Treadway Comittee
Report
The National Commission on Fraudulent Financial
Reporting (Treadway Commission) has objectives to
identify the causal factors that allowed fraudulent financial
reporting and to make recommendations to reduce their
incidence.
The Treadway Commissions final report was issued in
1987*: recommendations to management, boards of
directors, the public accounting profession, and others
15
COSO Internal
Control
Framework
AUDIT INTERNAL FEB UI 2015
16
Internal
Control
Integrated
Framework
AICPA
FEI
AAA
IMA
Formed a
Committe
e: COSO
In September
1992
A common framework:
Definisi dari internal control
Prosedur bagaimana
mengevaluasi control
Menurut COSO
Internal control adalah
proses yang
dipengaruhi oleh BOD,
manajemen, dan
personil lain dalam
perusahaan, yang
didesain untuk
memberikan
reasonable assurance
terkait pencapaian
atas tujuan
perusahaan meliputi:
Efektivitas dan
efisiensi dari operasi
Keandalan dari
pelaporan keuangan
Kesesuaian dengan
hukum dan peraturan
yang berlaku
Control Environment
Fondasi dari
struktur internal
control
Merefleksikan
keseluruhan sikap,
kesadaran, dan
perilaku dari BOD,
manajemen, dan pihak
lainnya mengenai
pentingnya internal
control di dalam
perusahaan
Memiliki
pengaruh
terhadap ketiga
tujuan dan
terhadap
keseluruhan unit
Sejarah dan budaya
di perusahaan
memiliki peran
penting dalam
pembentukan
internal control
environment.
Components of Control
Environment
INTEGRITY AND
ETHICAL VALUES
COMMITMENT TO
COMPETENCE
BOARD OF
DIRECTORS AND
AUDIT COMMITTEE
Components of Control
Environment
MANAGEMENTS
PHILOSOPHY AND
OPERATING STYLE
ORGANIZATIONAL
STRUCTURE
ASSIGNMENT OF
AUTHORITY AND
RESPONSIBILITY
Components of Control
Environment
HUMAN
RESOURCES
POLICIES AND
PRACTICES
Risk Assessment
COSO describes risk assessment as
a three-step process:
Estimate the significance of the risk.
Assess the likelihood or frequency of the risk
occurring.
Consider how the risk should be managed
and assess what actions must be taken.
Risk Assessment
The COSO internal controls
framework suggests that risks
should be considered from three
perspectives
Risks due to external factors
Risks due to internal factors
Specific activity-level risks
Control Activities
Control Activities are
the policies and
procedures that help
ensure that actions
identified to address
risks are carried out
Essential part of
building and then
establishing effective
internal controls in an
enterprise
Control Activities
Information and
Communication
RELATIONSHIP OF
INFORMATION AND
INTERNAL CONTROL
THE COMMUNICATIONS
ASPECT OF INTERNAL
CONTROL
Quality of Information
External Communications
Monitoring
ONGOING MONITOR
ACTIVITIES
SEPARATE INTERNAL
CONTROL
EVALUATION
Benchmarking
Monitoring
Reporting internal control deficiencies:
Findings on internal control deficiencies usually should be
reported not only to the individual responsible for the
function or activity involved, who is in the position to take
corrective action, but also to at least one level of
management above the directly responsible person. This
process enables that individual to provide needed support
or oversight for taking corrective action, and to
communicate with others in the enterprise whose
activities may be affected.
2.
3.
32
33
Risk
Management:
COSO ERM
AUDIT INTERNAL FEB UI 2015
34
Perusahaan
perlu
mengidentifikasi
kan semua risiko
bisnis yang
mereka hadapi
35
Risk Management
Fundamentals
Perusahaan harus
memberikan tambahan
nilai kepada
stakeholdernya dengan
cara melakukan
aktivitas bisnis.
Tetapi setiap aktivitas
merupakan subject dari
ketidakpastian/risiko
36
37
38
39
Tools
Risk Assessment Analysis
Map
40
41
42
COSO Enterprise
Risk Management
is a framework to
help enterprises to
have a
consistent
definition of their
risks.
COSO contracted
with
Pricewaterhouse
Coopers (PwC) to
develop this
risk framework.
The COSO ERM
framework was
published in
September 2004.
43
44
45
46
47
Risk Component
Internal Environment
This level defines the basis for all other
components in an enterprises ERM model,
influencing how strategies and
objectives should be established, how risk-related
business activities are structured, and how risks are
identified and acted on.
Elemen-elemennya:
Risk management
Commitment to
competence
philosophy
Organizational
Risk appetite
structure
Board of directors
Assignment of
attitude
authority and
Integrity and
responsibility
ethical value
Human
resource
standard
48
49
Risk
Component
AUDIT INTERNAL FEB UI 2015
50
Risk Component
Event Identification
Sebuah perusahaan perlu mendefinisikan risiko signifikan dari
sebuah events dengan jelas dan kemudian memonitornya
dengan tujuan melakukan tindakan-tindakan yang diperlukan
51
Risk Component
Risk Assessment
Mengizinkan perusahaan untuk mempertimbangkan efek
apa yang dimiliki oleh event yang memiliki potensi risiko
pada pencapaian tujuan perusahaan
52
53
Risk Component
Control Activities
Peraturan dan prosedur yang dibutuhkan untuk
memastikan tindakan pada identified risk responses
Komponen pada control activities harus berhubungan
erat dengan risk response strategies dan action
previously discussed
Control activities biasanya memasukkan area kontrol
internal:
1. Separation of duties
2. Audit trails
3. Security and integrity
4. Documentation
54
Risk Component
Information and
Communication
Information and
Communication Flows
in ERM Components
55
Risk Component
Monitoring
Diperlukan untuk menentukan apakah seluruh komponen
ERM yang digunakan bekerja dengan efektif
56
57
Entity-Level Risks
58
59
60
61
CoCo Model
AUDIT INTERNAL FEB UI 2015
62
CoCo
The Canadian Institute of Chartered Accountants Criteria
of Control Committee (CoCo) menyusun model
pengedalian intern yang mirip dengan COSO
Canadians memiliki model yang menurutnya lebih mudah
dimengerti dan lebih mudah dijadikan sebagai petunjuk
untuk kegiatan internal audit.
63
Keunggulan CoCo
64
65
2.
3.
4.
5.
66
2.
3.
4.
67
2.
3.
4.
5.
68
2.
3.
4.
5.
6.
69