8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
Harnessing Information Systems Audit towards Good Corporate Governance
1.
2. Today’s Agenda
Redefining IS Audit
What’s trending in the sphere
Why it’s getting important
Calling for Good Corporate
Governance
How IS plays its part
Audit Committee should…
3/11/2014 1
3. Redefining IS Audit
Activities of collecting and evaluating evidence of
Information Systems, practices, and operations within
an organization
Purpose: Evaluating system's internal control design
and effectiveness
Objective: safeguarding assets, maintaining data
integrity, operating effectively to achieve
organization goals and objectives
Performed in conjunction with financial statement
audit, internal audit, or other form of audit
3/11/2014 2
4. Redefining IS Audit (cont’d)
What should ISAuditor really know about?
1. Management, Planning, and Organization of IS
Commencing best IS management practices
2.Technical Infrastructure and Operational Practices
Understanding hardware, software and networking
technologies
3. Protection of Information Assets
Mastering information security management
4. Disaster Recovery and Business Continuity
Valuing how IS availability is critical to business
3/11/2014 3
5. Redefining IS Audit (cont’d)
5. Business Application System Development,
Acquisition, Implementation, and Maintenance
Valuing core area of IS development
6. Business Process Evaluation and Risk
Management
Linking business expectations and risks to IS
development and deployment
7. IS Audit Process
Mastering code of ethics, auditing standards,
guidelines, audit methodology, techniques and
Control Self-Assessment
3/11/2014 4
7. What’s trending in the sphere
Utilization level of CAAT (Computer-Assisted Auditing
Techniques) getting higher
Functionality
Market leader IDEA analyze, manipulate and
interrogate huge quantities of data from business
platform or systems
Capability
Analyze 2,1 billion rows per an unlimited number
of sheets while for example Microsoft Excel 2007’s
1,048,576 rows
Integrity
Core data cannot be modified once imported
3/11/2014 6
8. What’s trending in the sphere (cont’d)
Audit trail/documented proof
Record tests performed and log
documented proof for audit trail
Suitability
Has most of the commonly used audit tests
available as ‘one button’ click options
Data assumption/data interpretation
Appropriate way in interpreting data
imported
3/11/2014 7
9. What’s trending in the sphere (cont’d)
Accounting, IS and IT audit professionals still tops
as one of fastest-growing professions
Marks 22 percent to 30 percent growth estimated
for 2008-2018
Organizations are looking for IT audit professionals
to assess and recommend ways to mitigate the
impacts of today technology risks
All statements cite CNN Money 2012 report.
3/11/2014 8
10. Why it’s getting important
IT plays more strategic role
Growing number of IT Budget
IT Project and Investment
Consumerization of IT
Business competition is stiffening
The world is getting riskier
Driven by professional organization
3/11/2014 9
11. IT Plays (More) Strategic Role
Organization accommodate it for cost-saving
initiative
Capitalize to reach out more prospects, users,
customers, consumers, suppliers, vendors and
partners
IT literacy level across the globe is increasing
Number of internet adoption and penetration are
rising day in and day out
Some companies leverage IT as new revenue
streams
3/11/2014 10
12. Growing Number of IT Budget
IT budget is rising across all continents
aggregatively except in Europe as IDC report
indicates last year
Particularly found inTelco, Banking, Finance,
Internet and IT sectors
Allocation priorities: Infrastructure, hardware,
and software
Paradigm shifting: IS/IT is no longer cost but
investment
From cost centre to profit centre turn out
3/11/2014 11
13. IT Project and Investment
In relation to the rising budget and
strategic role, more and more IT as well as
IS project and investment take place
Value of project and investment are also
climbing
Resources getting involved
Complexity within the project is rising
3/11/2014 12
14. Consumerization of IT
Highly influenced by mobile devices and
computer devices to grab more users
Slightly affected by telecommunication
operator offering more affordable voice
and plan at large
Popularity of Bring-Your-Own-Device
(BYOD)
3/11/2014 13
15. Business competition is stiffening
Literally and naturally business is becoming
more competitive
Corporation is more confident in utilizing IT as
business-enabler
Second wave of mushroomed internet
companies driven by SiliconValley start-ups
In the flip side, eventually user and customer
demands are always evolving
3/11/2014 14
16. The World is Getting Riskier
In a day, most of the time, there is always
new risk found, identified, or even more
assessed
Natural disasters are haunting all the time
New virus, worm, trojan, malware and
spyware launched every day
Hacking, cracking, phreaking and sniffing
together with spamming activities never end
3/11/2014 15
17. Driven by ProfessionalOrganizations
ISACA (c/q Information SystemsAudit andControl
Assurance) throughCOBIT (Control of Business and
InformationTechnology)
ISACA also urge organization to accommodate IT
Governance in implementingCorporateGovernance
IIA (The Institute of InternalAuditors) by accommodating IT
(Audit, Risk, Control, Security,Governance) within their
domains (PG, GTAG, GAIT) besides InternalAudit Role,
InternalAudit Engagement and BusinessAcumen in its
framework (GIAC)
3/11/2014 16
18. Calling for Good CorporateGovernance
Revisiting Good Corporate Governance
(GCG)
Corporate vs Enterprise Governance
Regulatory Compliance
Understanding its Requirements
Possible Deployment Models
3/11/2014 17
19. Revisiting GCG
Consists of the governance structure
defining distribution of rights and
responsibilities among stakeholders
Stakeholders: BoD, shareholders,
auditors, regulators, and others
Specifies rules and procedures for making
decisions in corporate affairs
3/11/2014 18
20. Revisiting GCG (cont’d)
Purpose: mechanism for monitoring
actions, policies and decisions within an
organization
Ownership: BoD, Audit Committee, and
other supervisory committee
Most direct benefit is to non-
executive/management shareholders
3/11/2014 19
21. Revisiting GCG (cont’d)
Concrete implementation
Two-tiered Board of Directors (BoD)
Executive Board (‘EB’, company executives)
runs daily operations
Supervisory Board (non-executive directors)
Represent shareholders and employees: hires
and fires EB members, determines their
compensation, and reviews major business
decisions
3/11/2014 20
22. Revisiting GCG (cont’d)
Concrete implementation
Single-tiered Board of Directors (BoD)
Dominated by non-executive directors elected
by shareholders hold key posts, including
audit and compensation committees
In UK, CEO doesn’t serve as Chairman of BoD
while in the U.S, it’s quite commonly found
3/11/2014 21
23. Corporate vs EnterpriseGovernance
Enterprise governance applies to full scope of the
organization regardless of the industry
For instances:Government encompassing all ministries;
private sector encompassing all subsidiaries; military
encompassing air, water, land forces
Constitutes the entire accountability framework of an
organization
Conformance (corporate governance): governance
structures and accountability assignment
Performance (business governance): strategy definition and
value creation to help BoD make strategic decisions, take
risks and key performance drivers
3/11/2014 22
24. Ever since Corporate Scandals…
High-profile collapses of Enron and MCI Inc in 2001–2002
while most of them involved accounting fraud
Drawn public and regulator interest in releasing newAct
and Laws: Sarbanes-OxleyAct (Sarbox or SOX) in 2002
By now most of implementation is based onThe Cadbury
Report (UK, 1992), OECD’s Principles ofCorporate
Governance (1998 and 2004) and US SOX
Cadbury and OECD features general principles businesses
expected to operate to assure proper governance
SOX legislates several principles recommended by two
frameworks above
3/11/2014 23
25. Regulatory Compliance
Sarbannes-Oaxley
Auditor to review financial statement and issue an opinion
CEO and CFO attest financial statement
Board Audit Committee accommodate financial expert as
independent members
External audit firms as audit partners to rotate every 5
years
Not provide certain types of assurance consulting services
UK Bribery Act in 2010
Illegal to bribe government/private citizens or making
facilitating payment
Requires corporations to establish controls to prevent
bribery3/11/2014 24
26. Regulatory Compliance (cont’d)
Indonesia
Pedoman Umum GoodCorporate
Governance from Komite Nasional
UU No. 40 of 2007 on Private Limited and
GCG practices
Regulation form Ministry of state-owned
No. PER-09/MBU/2012 onGCG
implementation for state-owned
enterprises
3/11/2014 25
27. Driving Factors
Indonesia Case
International Finance Corporation (IFC) highlighting
GCG in private sectors
Tied-up with Otoritas Jasa Keuangan (OJK), they
develop “CorporateGovernance Road Map” and
“IndonesiaCorporate Governance Manual” to identify
and tackle problems and challenges on the
implementation and its regulations
It covers but not limited to stockholder rights,
safeguarding minority stockholders, company
management best practice, openness and transparency
3/11/2014 26
28. Understanding The Requirements
Rights and equitable treatment of
shareholders
Respect shareholders rights and help
shareholders to exercise them
Interests of other stakeholders
Legal, contractual, social, and market driven
obligations to non-shareholder stakeholders
(employees, investors, creditors, suppliers, local
communities, customers, and policy makers)
3/11/2014 27
29. Understanding its Requirements (cont’d)
Role and responsibilities of the board
Relevant skills and understanding to review and challenge
management performance
Integrity and ethical behavior
Fundamental requirement in choosing corporate officers and
board members
Code of conduct for their directors and executives that
promotes ethical and responsible decision making
Disclosure and transparency
Publicizes roles and responsibilities of board and
management
3/11/2014 28
30. Possible Deployment Models
OECD Principles oftenly referenced by countries developing
local codes or guidelines
UNISAR of Guidance on Good Practices in Corporate
Governance Disclosure
Consists of more than 50 disclosure items across 5 broad
categories
AUDITING
Board and management structure and process
Corporate responsibility and compliance
Financial transparency and information disclosure
Ownership structure and exercise of control rights
3/11/2014 29
32. How IS Plays its Part (cont’d)
GCG involves decision-making, accountability,
and monitoring
Decisions require relevant and reliable
information
Accountability involves measuring, reporting,
and transparency
Monitoring involves systems and feedback
IS Auditor’s primary role is to check whether
information systems is reliable, accountable
and credible to produce important information
3/11/2014 31
33. How IS Plays its Part (cont’d)
Deploying Risk-based IS Audit
Leveraging CAAT & other software
Capitalizing frameworks of or from:
BSMR (Badan Sertifikasi Manajemen Resiko)
ISO31000 on ERM (Enterprise Risk Management)
ISACA’s Risk IT and COBIT
PMI’s PMBOK
SOX
IIA Framework
3/11/2014 32
34. How IS Plays its Part (cont’d)
Always be mindful that auditing involves
PUBLIC responsibility that is more
important than relationship with CLIENT
Auditors must express their view on the
appropriateness – not just acceptability – of
IS principles used or proposed to be used
Reveal the transparency and completeness
of the disclosures
3/11/2014 33
35. Audit Committee Should…
Accommodate mainly non-executive directors
(all have finance & accounting backgrounds and
expertise)
Approve appointment of auditors
Establish the audit fees
Approve all non-audit services provided by
auditors
Meet with the auditor independently of the rest
of the board
3/11/2014 34