Lembar Kerja Pemeriksaan Bahan Bacaan: 1. Lance M. Turcato (2006). Integrating COBIT® into the IT Audit Process (Planning, Scope Development, Practices). ISACA. 2. Federal Financial Institutions Examination Council (2003). IT EXAMINATION HANDBOOK: AUDIT. 3. Federal Financial Institutions Examination Council (2006). IT EXAMINATION HANDBOOK: INFORMATION SECURITY 4. Federal Financial Institutions Examination Council (1996). IT EXAMINATION HANDBOOK: INFORMATION SYSTEM, VOLUME 1. 5. FEDERAL INFORMATION SYSTEM CONTROLS AUDIT MANUAL (FISCAM). United States Government Accountability Office., 2009.
16
Embed
Lembar Kerja Pemeriksaan - Gunadarma Universitybhermana.staff.gunadarma.ac.id/Downloads/files/39328/LHP.pdf · Lembar Kerja Pemeriksaan ... lembar kerja, laporan, dll) IT Audit Universe.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Lembar Kerja Pemeriksaan Bahan Bacaan: 1. Lance M. Turcato (2006). Integrating COBIT® into the IT Audit
Process (Planning, Scope Development, Practices). ISACA. 2. Federal Financial Institutions Examination Council (2003). IT
EXAMINATION HANDBOOK: AUDIT. 3. Federal Financial Institutions Examination Council (2006). IT
EXAMINATION HANDBOOK: INFORMATION SECURITY 4. Federal Financial Institutions Examination Council (1996). IT
EXAMINATION HANDBOOK: INFORMATION SYSTEM, VOLUME 1. 5. FEDERAL INFORMATION SYSTEM CONTROLS AUDIT MANUAL
(FISCAM). United States Government Accountability Office., 2009.
Drilling Down to the Technology Infrastructure
MYOB, Value Plus, Zahir, Excell, dll
PC Stand Alone (Windows/Open Sources)
Understanding the Technology Infrastructure
Semakin kompleks infrastruktur IT maka semakin kompleks pemeriksaannya
(ruang lingkup, lembar kerja, laporan, dll)
IT Audit Universe
Security Audit Universe
Map Audit Universe To COBIT®
ACCESS RIGHTS ADMINISTRATION
Financial institutions should have an effective process to administer access rights. The process should include:
• Assigning users and devices only the access required to perform their required functions,
• Updating access rights based on personnel or system changes,
• Reviewing periodically users’ access rights at an appropriate frequency based on the risk to the application or system, and
• Designing appropriate acceptable-use policies and require users to agree to them in writing.
Examples (FFIEC, 2006)
Policies, Standards, Guidelines & Procedures
COBIT® Control Assessment Questionnaire
Examples (FFIEC)
Work Program
Work Program (FISCAM) Information System Controls Audit Planning Checklist
Organization and Key Systems/Applications
Kodifikasi/ Kearsipan
Work Program (FISCAM) Application Level General Controls (AS) - AS-2: Implement effective application access controls