Lembar Kerja Pemeriksaan Bahan Bacaan: 1. Lance M. Turcato (2006). Integrating COBIT® into the IT Audit

Process (Planning, Scope Development, Practices). ISACA. 2. Federal Financial Institutions Examination Council (2003). IT

EXAMINATION HANDBOOK: AUDIT. 3. Federal Financial Institutions Examination Council (2006). IT

EXAMINATION HANDBOOK: INFORMATION SECURITY 4. Federal Financial Institutions Examination Council (1996). IT

EXAMINATION HANDBOOK: INFORMATION SYSTEM, VOLUME 1. 5. FEDERAL INFORMATION SYSTEM CONTROLS AUDIT MANUAL

(FISCAM). United States Government Accountability Office., 2009.

Drilling Down to the Technology Infrastructure

MYOB, Value Plus, Zahir, Excell, dll

PC Stand Alone (Windows/Open Sources)

Understanding the Technology Infrastructure

Semakin kompleks infrastruktur IT maka semakin kompleks pemeriksaannya

(ruang lingkup, lembar kerja, laporan, dll)

IT Audit Universe

Security Audit Universe

Map Audit Universe To COBIT®

ACCESS RIGHTS ADMINISTRATION

Financial institutions should have an effective process to administer access rights. The process should include:

• Assigning users and devices only the access required to perform their required functions,

• Updating access rights based on personnel or system changes,

• Reviewing periodically users’ access rights at an appropriate frequency based on the risk to the application or system, and

• Designing appropriate acceptable-use policies and require users to agree to them in writing.

Examples (FFIEC, 2006)

Policies, Standards, Guidelines & Procedures

COBIT® Control Assessment Questionnaire

Examples (FFIEC)

Work Program

Work Program (FISCAM) Information System Controls Audit Planning Checklist

Organization and Key Systems/Applications

Kodifikasi/ Kearsipan

Work Program (FISCAM) Application Level General Controls (AS) - AS-2: Implement effective application access controls

Work Program (FISCAM)

Rating/

Scoring

Rating/

Scoring