8/13/2019 Information System Audit - Basic
1/2
Individual Assignment
Dasar-Dasar Audit Sistem Informasi Ekstensi
CHAPTER 1CHAPTER 3 (TOTAL POINT = 40)
TERMS QUESTIONS
Please do explainthe terms below:
1. What COSOstands for? (2 points)2. What are the differences
between attest servicesand advisory services? (2 points)3. What are
the 3 types of risks? (3 points)4. What are general types of
management assertions? (4 points)5. What are the key elements of a
disaster recovery plan? (4 points)6. Which chapter from Peraturan
Bank Indonesia covering Information Technology whichbe
basedto review the internal audit work? (3 points)
PRACTICED QUESTIONS
A. Please determine some of detection risks probably occurred in
these following statements?(In other words, what could go wrong in
these following statements?) (6 points)
At the end of the month, the HR and payroll data are interfaced
from PeopleSoft system
to SAP to be calculated.Every 2 am, the system would
automatically back up the financially significant data from
the system to the back-up tape.
The system would automatically calculate the interest for each
customer.
B. Please determine what kind of assertions is hit by these
following controls; (See page 7. Itcould be one or combination of
Existence and Occurrence, Completeness, Rights and
Obligations, Valuation or Allocation and Presentation and
Disclosure) (4 points)
The system automatically calculates the price based on foreign
exchange (forex) rate.
The Account Payable (AP) clerk performs 3-way matching between
Purchase Order (PO)against invoice and Good Receipt (GR) before the
invoice could be processed any
further.
C. Please identify whether the control; (6 points)Automated or
manual
Preventive or detective
Otherwise, just leave as an activity.
1. Password over the operating system is reviewed in a regular
basis.
8/13/2019 Information System Audit - Basic
2/2
2. Every day, the system automatically backs up the financially
significant data and that isperiodically tested for
recoverability.
3. The access control matrix for vendor master data is reviewed
in a timely basis to ensurethe appropriateness of access level.
D. Please choose whether the scenarios related to segregation of
duties below are either; (6points)
Appropriate compare to best practice
Not too appropriate compare to best practice
1. The user access matrix for payroll application is defined by
IT department and beingreviewed by payroll supervisor.
2. The audit trail for SQL database is set by a database
administrator (staff) and beingreviewed by another database
administrator (department head).
3. An account payable staff could create PO (Purchase Order),
while the entire accountpayable supervisor could create and approve
PO.
