1

Pertemuan 3Auditing Standards and Responsibilities

Matakuliah :A0274/Pengelolaan Fungsi Audit Sistem Informasi

Tahun : 2005

Versi : 1/1

2

Learning Outcomes

Pada akhir pertemuan ini, diharapkan mahasiswa

akan mampu :

• Mahasiswa dapat menjelaskan Auditing Standards and Responsibilities.

3

Outline Materi

• Introduction• Ethics

– Institute of Internal Auditors (IIA)• Purpose• Principles of The IIA of Ethics• Rules of Conduct

– Information systems Audit and Control Association (ISACA)

• Purpose• Applicability• Rules of Conduct

4

• Professional Auditing Standards– Institute of Internal Auditors– Information Systems Audit and Control

Association– American Institute of Certified Public

Accountants• General Standards• Standards of Field Work• Reporting Standards

5

Introduction

• The internal audit function is guided by auditing standards, guidelines, principles and the responsibilities for auditors both individually and professionally. Individually, internal auditors have an ethical responsibility to perform their duties with integrity.

6

Ethics

• Every company should have its own ethics officer, who answers to the chief executive officer (CEO) or, better yet, chairman of the board.

• Company may even hire ethics consultants when necessary.

• Ethical principles for responsible use of IT include:– Proportionality– Informed consent– Justice– Minimized risk

7

• Guidelines for becoming a responsible end user:– Act with integrity, avoid conflicts of interest and ensure your

employer is aware of any potential conflicts.– Protect the privacy and confidentiality of any information you are

entrusted with.– Do not misrepresent or with hold information that is germane to

a situation.– Do not attempt to use the resources of an employer for personal

gain or for any purpose without proper approval.– Don not exploit the weakness of a computer system for personal

gain or personal satisfaction.– Set high standards for your work. Accept responsibility for your

work.– Advance the health, privacy and general welfare of the public.

8

• A code of ethics is necessary and appropriate for the profession of internal auditing, founded as it is on the trust placed on its objective assurance about risk management, control and governance.

9

Institute of Internal Auditors (IIA)

• The Institute of Internal Auditors has a Code of Ethics that applies to its members and Certified Internal Auditors (CIA). It extends beyond the definition of internal auditing to include two essential components:– Principles that are relevant to the profession and

practice of internal auditing.– Rules of conduct that describe behavior norms

expected of internal auditors. These rules are an aid to interpreting the principles into practical applications and are intended to guided the ethical conduct of internal auditors.

10

Purpose

• The purpose of this Code is to promote an ethical culture in the profession of internal auditing

11

Applicability

• This Code of Ethics applies to both individuals and entities that provide internal auditing services. For the IIA, “internal auditors” refer to IIA members, recipients of IIA professional certification (CIA, CGAP, CCSA and CFSA) and candidates for those ertifications.

12

Principles of The IIA of Ethics

• Internal auditors are expected to apply and uphold these principles:– Integrity– Objectivity– Confidentiality– Competency

13

Rules of Conduct

• The rules of conduct include:– Integrity– Objectivity– Confidentiality– Competency

14

Information systems Audit and Control Association (ISACA)

• The Information systems Audit and Control Association (ISACA) ALSO HAS A Code of Professional Ethics.

15

Purpose

• The purpose of the ISACA Code is to guide the professional and personal conduct of members of the association and/or holders of the professional certifications from ISACA.

16

Applicability

• The Code applies to members of ISACA and/or holders of Certified Information Systems Auditor (CISA) and/or the Certified Information Security Manager (CISM) certifications.

17

Rules of Conduct

• This Code says members and CISAs shall:– Support the implementation of, and encourage

compliance with, appropriate standards, procedures and controls for information systems.

– Serve in the interest of relevant parties in a diligent, loyal and honest manner and shall not knowingly be a party to any illegal or improper activities.

– Maintain the privacy and confidentiality of information obtained in the course of their duties unless disclosure is required by legal authority. Such information shall not be used for personal benefit or released to inappropriate parties.

– Perform their duties in an independent and objective manner and avoid activities that impair, or may appear to impair, their independence or objectivity.

18

– Maintain competency in their respective fields of auditing and information systems control.

– Agree to undertake only those activities that they can reasonably expect to complete with professional competence.

– Perform their duties with due professional care.– Inform the appropriate parties of the results of

information systems audits and/or control work performed, revealing all material facts known to them, which if not revealed could either distort report of operations or conceal unlawful practices.

19

– Support the education of clients, colleagues, the general public, management and boards of directors in enhancing their understanding of information systems auditing and control.

– Maintain high standards of conduct and character and not engage in acts discreditable to the profession.

20

Professional Auditing Standards

• Like ethics, standards exist from authoritative sources that impose certain requirements and/or structures to the tasks and duties of the internal auditor.

21

Institute of Internal Auditors

• The IIA’s authoritative standards document that is applicable to internal auditor is known as the Standards for the Professional Practice of Internal Auditing (SPPIA). The purpose of SPPIA is to:– Delineate basic principles that represent the practice

of internal auditing as it should be.– Provide a framework for performing and promoting a

broad range of value-added internal audit activities– Establish the basis for the measurement of internal

audit performance– Foster improved organizational processes and

operations

22

Information Systems Audit and Control Association

• The Information Systems Audit and Control Foundation (ISACF) has determined that the specialized nature of information system auditing work and the skills necessary to perform such audits, require the development and promulgation of auditing standards that apply specifically to information systems auditing.

• Information systems auditors review and evaluate the development, maintenance and operation of components of automated systems (or such systems as a whole) and their interfaces with the non-automoted areas of the organization’s operations.

23

• ISACF has developed its Standards in order to inform:– Information systems auditors of the minimum

level of acceptable performance required to meet the professional responsibilities set out in the ISACA Code of Professional Ethics.

– Management and other interested parties of the profession’s expectations concerning the work of practitioners.

24

• The framework for the information systems Standards, Guidelines and Procedures for Information Systems Auditing (Standards) provides multiple levels of guidance:– Standards define mandatory requirements for

information systems auditing and reporting.– Guidelines provide guidance in applying

information systems Auditing Standards.– Procedures provide examples of procedures

an information systems auditor might follow in an audit engagement.

25

American Institute of Certified Public Accountants

• The AICPA has long-established Generally Accepted Auditing Standards (GAAS) that are related to internal auditing.

26

• The basic Standards fall into three categories:– General Standards– Standards of Field Work– Reporting Standards

27

General Standards

• The auditor must have adequate technical training and proficiency.

• The auditor must have independence of mental attitude.

• The auditor must exercise due professional care in the performance of the audit and the preparation of the report.

28

Standards of Field Work

• Audit work must be adequately planned.

• The auditor must gain a sufficient understanding of the internal control structure.

• The auditor must obtain sufficient, competent evidence.

29

Reporting Standards

• The auditor must state in the report whether financial statements were prepared in accordance with generally accepted accounting principles (GAAP).

• The report must identify those circumstances in which GAAP were not applied.

• The report must identify any items that do not have adequate informative disclosures.

• The report shall contain an expression of the auditor’s opinion on the financial statements as a whole.

30

The EndThe End