EVALUASI PENGENDALIAN SISTEM INFORMASI PENJUALAN, PIUTANG, DAN PENERIMAAN KAS PADA PT. EASTERN PEARL FLOUR MILLS
Rykha Oktavia dan Irine Novita Wibowo dan Yulius Information Systems, School of Information Systems, BINUS University
Abstrak
Perkembangan teknologi informasi telah mempengaruhi berbagai aktivitas pada berbagai organisasi dimana teknologi informasi tersebut tidak hanya membawa dampak positif, tetapi juga dampak negatif bagi dunia usaha. Guna meminimalisasi kerugian yang mungkin terjadi, perusahaan harus mengevaluasi sistem berjalan agar tetap sesuai dengan standar dan ketentuan yang berlaku dalam perusahaan tersebut. Tujuan dari penelitian ini ialah untuk menganalisis dan mengevaluasi tingkat pengendalian dari sistem informasi penjualan, piutang, dan penerimaan kas pada proses bisnis berjalan, mengidentifikasi masalah dan risiko yang mungkin terjadi, serta memberikan rekomendasi dan saran yang dapat digunakan untuk mencegah dan mengurangi dampak dari risiko tersebut. M etode penelitian antara lain dengan menggunakan metode studi pustaka dan studi lapangan berupa wawancara, observasi dan check list. Hasil yang dicapai dari evaluasi pengendalian sistem informasi penjualan, piutang, dan penerimaan kas adalah berupa
analisa data yang disajikan dalam bentuk temuan dan rekomendasi sebagai saran perbaikan atas masalah yang terjadi dalam perusahaan. Simpulan, perusahaan sebaiknya lebih sering melakukan evaluasi terhadap sumber daya TI yang dimiliki perusahaan, baik aplikasi maupun hal-hal lain yang berkaitan untuk meminimalkan probabilitas terjadinya risiko dan memaksimalkan potensi yang dimiliki agar perusahaan dapat mencapai target yang telah ditetapkan.
Kata Kunci: Evaluasi, Pengendalian, Penjualan, Piutang, Sistem Informasi
1. Pendahuluan Perkembangan teknologi informasi telah mempengaruhi berbagai aktivitas pada berbagai organisasi, seperti halnya dengan yang dikatakan oleh Tugas (Assessing the Level of Information Technology (IT) Processes Performance and Capability Maturity in the Philippine Food, Beverage, and Tobacco (FBT) Industry Using COBIT Framework, 2010), “The advent of information technology has significantly influenced and changed how businesses are being managed and monitored today”[6]. Hal tersebut menegaskan bahwa teknologi informasi yang berkembang sekarang ini telah membawa dampak positif dan negatif bagi dunia usaha. Guna meminimalisasi kerugian yang mungkin terjadi, perusahaan harus mengevaluasi sistem berjalan agar tetap sesuai dengan standar dan ketentuan yang berlaku dalam perusahaan tersebut. Seperti yang dikatakan oleh Cereola and Cereola (Breach of Data at TJX: An Instructional Case Used to Study COSO and COBIT, with a Focus on Computer Controls, Data Security, and Privacy Legislation, August 2011), “Information technology is highly vulnerable to security threats. Potential security weaknesses, inherent in information and communication technology, create not only technical problems for IT, but also internal control problems for 2
management”[1]. Pengendalian dalam pemanfaatan teknologi informasi diperlukan karena dalam penerapannya memungkinkan terjadi kesalahan, baik yang disebabkan oleh perangkat teknologi informasi maupun oleh pengguna teknologi informasi itu sendiri. Pengendalian sistem informasi akan berdampak pada tingkat efektivitas dan efisiensi kinerja dari teknologi informasi yang diterapkan. Oleh sebab itu, perlu dilakukan pengamanan terhadap aset perusahaan berupa integritas data dan informasi, hardware, software beserta brainware. Untuk memastikan bahwa sistem informasi yang digunakan telah sesuai dengan yang diharapkan, perusahaan dapat melakukan audit sistem informasi. Seperti kutipan dari Ramanathan, Plassmann, Ramamoorthy (Role of an Auditing and Reporting Service in Compliance Management, April 2007), “Auditing is the process of maintaining detailed, secure records of critical activities in a business environment. Such records are referred to as audit logs. The critical activities recorded could be related to security, content management, business transactions, and so on”[5]. Internal audit berperan dalam menjalankan fungsi pengendalian atas aktivitas bisnis perusahaan. Guna menguatkan peran dan tanggung jawab tersebut, The Institute of Internal Auditors (IIA), dalam M ajdalawieh and Zaghloul (Paradigm Shift in Information Systems Auditing, 2008), “Internal audit is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes”[4]. Oleh sebab itu fungsi internal audit dalam transaksi bisnis perusahaan diharapkan untuk lebih diperhatikan.
3
Oleh karena luasnya sistem informasi yang diterapkan dalam perusahaan, maka dilakukan pembatasan ruang lingkup penelitian; yaitu pada sistem penjualan, piutang dan penerimaan kas yang sedang berjalan pada PT. Eastern Pearl Flour M ills. Ruang lingkup yang dibahas meliputi: a. Sistem informasi penjualan, piutang dan penerimaan kas yang dimulai dari pemesanan barang oleh customer sampai laporan penerimaan kas. b. M elakukan evaluasi pengendalian sistem informasi dalam bidang penjualan, piutang, dan penerimaan kas dengan menggunakan COBIT.
Tujuan dari diadakannya penelitian ini adalah: a. M enganalisis dan mengevaluasi apakah pengendalian sistem informasi penjualan, piutang, dan penerimaan kas pada PT. EPFM telah berjalan dengan baik dan benar. b. M engidentifikasi masalah dan risiko yang mungkin terjadi pada sistem penjualan, piutang, dan penerimaan kas PT. EPFM . c. M emberikan rekomendasi untuk mencegah dan mengurangi dampak dari risiko yang mungkin terjadi dalam sistem penjualan, piutang, dan penerimaan kas pada PT. EPFM.
2. Panduan Umum Untuk memperoleh data dan teori penunjang yang lengkap dan akurat, maka digunakan metode sebagai berikut:
4
a. M etode Studi Pustaka (Library Research) M etode pengumpulan data yang dilakukan dengan membaca buku literatur atau bacaan yang berhubungan secara langsung maupun tidak langsung dengan penelitian yaitu evaluasi pengendalian sistem informasi. Selain itu, metode pengumpulan data juga dilakukan dengan mereview hasil penelitian yang telah dilakukan sebelumnya oleh peneliti lain mengenai evaluasi pengendalian sistem informasi yang sudah didokumentasikan ke dalam literatur maupun buku. Dengan demikian dapat diperoleh informasi mengenai sistem yang telah dirancang sebelumnya untuk dapat mengidentifikasi kelemahan dan keunggulannya, sehingga dapat dijadikan pertimbangan dalam mengevaluasi pengendalian sistem informasi yang dilakukan. b. M etode Studi Lapangan (Field Research) Di samping penelitian studi pustaka, juga dilakukan metode studi lapangan yang dilakukan dengan beberapa cara, yaitu : 1. Wawancara (Interview) Dilakukan dengan melakukan tanya jawab secara langsung dengan pihak-pihak yang terkait untuk memperoleh data-data tentang perusahaan yang berkaitan dengan pembahasan skripsi ini. 2. Observasi Pengumpulan data dilakukan dengan cara mendatangi perusahan dan melakukan pengamatan secara langsung terhadap kegiatan operasional dan penggunaan sistem informasi penjualan, piutang, dan penerimaan kas pada PT. Eastern Pearl Flour M ills.
5
3. Check List Daftar pertanyaan yang telah disiapkan untuk diberikan kepada pihak yang berkepentingan dalam perusahaan yang jawabannya hanya berkisar “Ya” dan ”Tidak”.
3. Hasil Penelitian Evaluasi pengendalian sistem informasi yang dibahas tersebut menggunakan metode COBIT, dimana mencakup empat domain pengendalian, yaitu: a. Plan and Organize b. Acquire and Implement c. Deliver and Support d. Monitor and Evaluate
Gambar 1 Four Boards IT Control Process Domain Sumber: Accounting Information System (2008, p251)
6
3.1 Plan and Organize M encakup strategi dan taktik, menekankan pada identifikasi bagaimana teknologi informasi dapat memberikan kontribusi terbaik dalam pencapaian tujuan perusahaan dan dapat memberikan yang terbaik untuk pencapaian objektif bisnis. Dimana dalam PT. EPFM ditemukan bahwa TI telah diimplementasikan sesuai dengan perencanaan strategis dan taktis yang memberi panduan atas pelaksanaan dan pengembangan TI perusahaan, perusaahaan telah memelihara dan mendukung perencanaan TI agar mempermudah user dalam melakukan penyebaran informasi, melakukan monitoring terhadap perencanaan untuk memastikan bahwa TI benar-benar membawa manfaat bagi kelancaran kinerja perusahaan, menciptakan lingkungan kerja yang kondusif agar karyawan dapat bekerja dengan maksimal, penyediaan layanan pengelolaan investasi TI, adanya pengevaluasian terhadap kebijakan dan pengendalian lingkungan TI, adanya kriteria tertentu dalam recruitment karyawan, serta adanya standar dan prosedur yang digunakan untuk menjamin kualitas informasi yang dihasilkan. 3.2 Acquire and Implement Untuk merealisasi strategi teknologi informasi yang telah dirancang tersebut, solusi teknologi
informasi
selanjutnya
akan
diidentifikasi,
dibangun,
diimplementasi,
dan
diintegrasikan ke dalam proses bisnis. Dalam PT. EPFM , telah tersedia persyaratan dalam hal pemeliharaan dan pengembangan TI dimana turut pula diadakan analisis risiko guna mengurangi dampak dari risiko yang mungkin terjadi, software yang digunakan perusahaan telah dikostumisasi sesuai dengan kebutuhan dari 7
perusahaan, memproteksi sumber daya TI yang ada seperti software, hardware, serta brainwarenya, memberikan pengetahuan bagi manajemen bisnis dan end user agar sistem yang digunakan dapat berjalan dengan efektif dan efisien, adanya prosedur pengendalian dalam pemenuhan sumber daya TI guna memberikan perlindungan terhadap manajemen yang menggunakannya, telah adanya pengelolaan terhadap perubahan darurat, serta permberian training terhadap semua divisi. 3.3 Delivery and Support M emusatkan pada penyerahan aktual dari syarat layanan dengan jarak dari semua operasi keamanan tradisional dan aspek urutan untuk pelatihan. Perusahaan menyadari pentingnya kepuasan yang diterima oleh customer dan membuat kerangka kerja manajemen yang mengatur tingkat layanan customer tersebut, adanya pengelolaan kinerja dan kapasitas sumber daya TI dengan melakukan perencanaan, penilaian, pengawasan, perkiraan, dan pelaporan, adanya kerangka kerja keberlanjutan TI yang lebih tanggap dan kritis akan sumber daya TI perusahaan, memahami akan pentingnya pengamanan sistem yang diterapkan, telah melakukan pengalokasian biaya TI, melakukan evaluasi terhadap training yang telah diberikan, menyediakan sarana penampung keluhan layanan customer, mampu mengidentifikasi dan memberi solusi atas masalah yang terjadi pada sistem, telah melakukan back up data secara berkala, serta telah memperhatikan keamanan fisik perusahaan. 3.4 Monitoring and Evaluating
8
M elakukan semua proses teknologi yang perlu dinilai secara teratur agar kualitas dan kelengkapannya tetap berdasarkan pada persyaratan control yang berlaku. Perusahaan telah melakukan pemantauan dan pengevaluasian performa TI, namun sayangnya tidak dengan metode khusus, dimana hasilnya didokumentasikan dalam bentuk laporan TI, dan penyediaan IT Governance dalam perusahaan telah sesuai dengan standar yang ditetapkan sehingga sumber daya yang digunakan tidak melebihi batas yang telah ditetapkan dalam perencanaan sebelumnya.
4. Simpulan Setelah diadakannya pengevaluasian sistem informasi dalam bidang penjualan, piutang, dan penerimaan kas pada PT. Eastern Pearl Flour M ills dengan menggunakan metode COBIT, maka dapat ditarik simpulan sebagai berikut: 1. Perusahaan memprioritaskan fungsi dari Komite Strategi TI agar memastikan ketentuan TI benar-benar sesuai dengan kebijakan perusahaan, membuat penentuan level prioritas investasi program TI, mengalokasikan biaya TI dengan spesifik, serta membuat standarisasi dan dokumentasi manajemen kualitas TI agar kualitasnya dapat dijaga. 2. Perusahaan terus memantau laporan analisa risiko TI agar dampak risiko dapat diminimalisasi, membuat batasan penggunaan pengoperasian sistem, membuat standarisasi dan dokumentasi perubahan darurat agar dapat dikontrol dengan jelas, serta membuat perencanaan pengalihan data dan sistem agar kinerjanya menjadi lebih optimal. 3. Perusahaan mengadakan evaluasi kontrak dengan penyedia layanan internal-eksternal TI dengan rutin agar perubahan sistem dapat diperhitungkan dengan masak, membuat laporan
9
pengawasan performa dan kapasitas TI secara rutin, serta membuat standar dan kriteria khusus dalam penggunaan password. 4. Perusahaan menentukan dan menetapkan suatu metode khusus yang telah terstandarisasi agar proses pengawasan dan pengevaluasian performa TI lebih mudah dilaksanakan, melakukan evaluasi dan penilaian performa TI secara berkala agar risiko dapat dideteksi dan ditindaklanjuti dengan solusi perbaikan sedini mungkin, serta senantiasa memantau standar penyediaan sumber daya TI agar tidak melebihi batas yang telah ditetapkan sebelumnya.
Daftar Pustaka [1] Cereola, S. J., & Cereola, R. J. (2011). Breach of Data at TJX: An Instructional Case Used to Study COSO and COBIT, with a Focus on Computer Controls, Data Security, and Privacy Legislation. Cereola, Sandra J; Cereola, Ronald J, 521-545. [2] Ebben, J. J., & Johnson, A. C. (2011). Cash Conversion Cycle M anagement in Small Firms: Relationships with Liquidity, Invested Capital, and Firm Performance. Journal of Small Business and Entrepreneurship, 18. [3] Kasavana, M . L. (1994). Computers and M ultiunit Food-Service Operations. Cornell Hospitality Quarterly. [4] M ajdalawieh, M ., & Zaghloul, I. (2008). PRACTICE FORUM Paradigm shift in information systems auditing. Managerial Editing Journal , 352-367.
10
[5] Ramanathan, J., Cohen, R. J., Plassmann, E., & Ramamoorthy, K. (2007). Role of an auditing and reporting service in compliance management. IBM Systems Journal , 305-318. [6] Tugas, F. C. (2010). Assessing the Level of Information Technology (IT) Processes Performance and Capability M aturity in the Philippine Food, Beverage, and Tobacco (FBT) Industry Using the COBIT Framework. Academy of Information and Management Sciences Journal , 45-68. [7] Anand, Sanjaya. (2006). Sarbanes-Oxley Guide for Finance and Information Technology Professionals (2nd ed). USA: John Wiley & Sons. [8] Basalamah, A. S. (2011). Auditing PDE Dengan Standar IAI Edisi 5. Depok: Usaha Kami. [9] Brand, Koen & Boonen, Harry. (2005). IT Governance Based on Cobit 4.1 : Management Guide. UK: Van Haren Publishing. [10] Cannon, David L. (2011). CISA Certified Information Systems Auditor Study Guide. Indiana : Wiley Publishing, Inc. [11] Cascarino, Richard E. (2007). Auditor’s Guide to Information System Auditing. New Jersey: John Wiley & Sons, Inc. [12] Dube, D. P., & Gulati, V. P. (2005). Information system audit and assurance. New Delhi: Tata M CGraw-Hill. [13] Elder, Randal J., Beasley, M ark S. & Arens, Alvin A. (2010). Auditing and Assurance Service. 13th edition. New Jersey: Pearson Education, Inc.
11
[14] Gelinas, Ulric J. & Dull, Richard B. (2008). Accounting Information Systems. USA: Thomson - South Western. [15] IT Governance Institute. (2007). CobIT (4.1th ed). Framework, Control Objectives, Management Guidelines and Maturity Model. U SA: ITGI. [16] M oeller, Robert R. (2009). Sarbanes- Brink's Modern Internal Auditing: A Common Body of Knowledge. New Jersey: John Wiley & Sons. [17] M oeller, Robert R. (2008). Sarbanes-Oxley Internal Controls, Effective Auditing With AS5, CobIT, and ITIL. USA: John Wiley & Sons. [18] Restianto, Yanuar E. & Bawono, Icuk Rangga. (2011). Audit Sistem Informasi Menggunakan Acitve Data for Excel. Yogyakarta: ANDI. [19] Sarno, R. (2009). Audit Sistem & Teknologi Informasi. Surabaya: ITS Press. [20] Weygandt, Jerry J., Kimmel, Paul D. & Kieso, Donald E. (2011). Financial Accounting IRFS edition. USA: John Wiley & Sons, Inc.
12
THE EVALUATION OF SALES, ACCOUNT RECEIVABLES, AND CASH RECEIPT INFORMATION SYSTEM CONTROL IN PT. EASTERN PEARL FLOUR MILLS
Rykha Oktavia and Irine Novita Wibowo and Yulius Information Systems, School of Information Systems, BINUS University
Abstract
Development of information technology has affected the various activities of the organizations where information technology does not only bring a positive impact, but also the negative impact to the business world. In order to minimize losses that might occur, company must evaluate the running system in order to remain in accordance with applicable standards and regulations within the company. The purpose of this research is to analyze and evaluate the control level of sales, receivables, and cash receipts information systems in the business process running, identify problems and risks that may occur, as well as provide recommendations and advices that can be used to prevent and reduce the impact of those risks . The research methods that are used, such as library research and field studies in the form of interviews, observation and check list. The results obtained from the control evaluation of the sales, receivables, and cash receipts information systems is data analysis form that are presented in the form of findings and recommendations as suggestions on problems within the company. For conclusion, the company
should evaluate the company’s IT resources more frequently, either applications or other matters relating, to minimize risks and maximize the potential probability of occurrence for the company to achieve the set targets.
Key Words: Control, Evaluation, Information Systems, Receivables, Sales
1. Introduction The development of information technology has affected a variety of activities in various organizations, as Tugas said (Assessing the Level of Information Technology (IT) Performance and Capability Maturity Processes in the Philippine Food, Beverage, and Tobacco (FBT) Industry Using COBIT Framework, 2010), "The advent of information technology has significantly influenced and changed how businesses are being managed and monitored today"[6]. It is asserted that information technology has brought a growing list of positive and negative impacts to the business world. In order to minimize losses that might occur, company must evaluate the system runs in order to remain in accordance with applicable standards and regulations within the company. As said by Cereola and Cereola (Breach of data at TJX: An Instructional Case Used to Study the COSO and COBIT, with a Focus on Computer Controls, Data Security, and Privacy Legislation, August 2011), "Information technology is highly vulnerable to security threats. Potential security weaknesses, inherent in information and communication technology, not only create technical problems for IT, but also internal control problems for management"[1]. The Control in the use of information technology is required because in the practice, it may allow an
2
error occurs, whether caused by the device by the user of information technology and information technology itself. The Control of information system will have an impact on the effectiveness and efficiency of the applied information technology performance. Therefore, it is necessary to secure all of corporate assets and data integrity of information, hardware, software and its brain ware. To ensure that the information system used was as expected, the company may conduct an audit of information systems. Like the quote from Ramanathan, Plassmann, Ramamoorthy (Role of an Auditing and Reporting Service in Compliance Management, April 2007), "Auditing is a process of maintaining detailed, secure records of critical activities in a business environment. Such records are referred to audit logs. The critical activities recorded could be related to security, content management, business transactions, and so on"[5]. The Internal audit has a role in the control of the company's business activities. In order to strengthen the role and responsibilities, The Institute of Internal Auditors (IIA), in Majdalawieh and Zaghloul (Paradigm Shift in Information Systems Auditing, 2008), "Internal audit is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, Disciplined approach to evaluate the effectiveness of improve and risk management, control and governance processes"[4]. Therefore, the functions of internal audit in the company's business transactions are expected to be emphasized. Due to the extent of information systems applied in the company, the restrictions on the scope of research carried out, such as the system of sales, accounts receivables and cash receipts that are running on the PT. Eastern Pearl Flour Mills. The scopes covered include:
3
a. Sales, receivables and cash receipts information systems that start from ordering goods by the customer to report the cash receipt. b. Evaluate information systems controls in sales, accounts receivable, and cash receipts using COBIT. The purpose of this research were: a. Analyze and evaluate whether the control of information systems sales, receivables, and cash receipts on the PT. EPFM has gone well and correctly. b. To identify problems and risks that may occur in sales, receivables, and cash receipts systems PT. EPFM. c. Provide recommendations to prevent and reduce the impact of risks that may occur in sales, receivables, and cash receipts systems on the PT. EPFM.
2. General Guidelines To obtain the supporting data and theories that are complete and accurate, so the following methods are used: a. Library Research Methods of data collection which is done by reading the literature or reading books that related directly or indirectly by the study which is the evaluation of systems information controls. In addition, methods of data collection is done by reviewing the results of research that has been done previously by other researchers regarding the evaluation of information system controls that have been documented in the literature and books. Thus, it can obtain 4
information on systems that have been previously designed to identify flaws and advantages, so it can be taken into consideration in evaluating the control of information systems conducted. b. Field Research In addition to the literature study, a field study method is also conducted which is done in several ways, namely: 1. Interview Done by direct questioning by the parties concerned to obtain data about a company that deals with the discussion of this thesis. 2. Observation The data was collected by approaching companies and direct observation of operations and use of sales, receivables, and cash receipts information systems on the PT. Eastern Pearl Flour Mills. 3. Check List The list of questions that have been prepared to be given to interested parties within the company that the answer is only about "Yes" and "No".
3. Results & Discussions Evaluation of information systems control is discussed using COBIT, which includes four domains of control, namely: a. Plan and Organize b. Acquire and Implement 5
c. Deliver and Support d. Monitor and Evaluate
Gambar 1 Four Boards IT Control Process Domain Sumber: Accounting Information System (2008, p251)
3.1 Plan and Organize Includes strategies and tactics, emphasizing the identification of how information technology can best contribute to the achievement of corporate goals and can provide the best for the achievement of business objectives. In the PT. EPFM it can be found that IT has been implemented in accordance with strategic planning and tactical execution and provides guidance on IT development company, has been maintaining and supporting standard enterprise IT planning in order to facilitate the user in the dissemination of information, monitoring of planning to ensure that IT really brings benefits for the smooth performance of the company, creating a conducive working environment for the 6
employee to work so they can work in maximum performance, the provision of IT investment management services, the evaluation of policy and control of the IT environment, the specific criteria in the recruitment of employees, as well as the standards and procedures used to ensure the quality of information produced. 3.2 Acquire and Implement To realize the information technology strategy that has been designed, the next information technology solutions will be identified, built, implemented, and integrated into business processes. In PT. EPFM, the requirements in terms of maintenance and development of IT has provided which also participated in a risk analysis conducted in order to reduce the impact of risks that may occur, the software that company customized according to the needs of the company, protect existing IT resources such as software, hardware, and brain ware, provide knowledge for business management and end users to the system used to be effective and efficient, the control procedures in compliance with IT resources in order to provide protection against the use of management, change in the management of emergencies, as well as training for all divisions. 3.3 Delivery and Support Focus on the actual delivery of services provided by the distance from the traditional security operations and all aspects of the order for the training. Company recognize the importance of customer satisfaction that is received by the management and create a framework that regulates the level of customer service, performance 7
management and capacity of IT resources to do the planning, assessment, supervision, estimates, and reporting, the IT continuity framework that is more responsive and be critical corporate IT resources, understand the importance of securing the system implemented, made the allocation of IT costs, evaluate the training given, providing customer service complaints reservoir means, able to identify and provide solutions for the problems that occur in the system, has done back up data regularly, and noticed the physical security of the company. 3.4 Monitoring and Evaluating
Doing all the technologies processes that need to be assessed regularly to keep the quality and completeness based on the applicable control requirements. The company has conducted monitoring and evaluation of IT performance, but unfortunately not with a specific method, where the results are documented in the form of IT reporting, and provision of IT Governance within the company complies with the standards established so that the resources which are used, does not exceed the limits set in previous planning.
4. Conclusion After evaluating the information systems in the areas of sales, accounts receivable, and cash receipts on the PT. Eastern Pearl Flour Mills using COBIT, the conclusion can be drawn as follows: 1. Companies to prioritize the functions of the IT Strategy Committee to ensure the provision of IT in strict accordance with company policy, make a determination of the priority level of IT 8
investment program, allocating IT costs to the specific, as well as create standardization and documentation of IT quality management so the quality can be maintained. 2. The Company continues to monitor the IT risk analysis report so the impact of risks can be minimized, making use of the operating system limitation, making standardization and documentation of emergency changes that can be controlled clearly, and make plans for the transfer of data and systems performance become more optimal. 3. The Company conduct an evaluation contract with the internal-external providers of IT regularly so the changes to the system can be calculated, make a monitoring report of the performance and capacity of IT regularly, and make specific criteria and standards for the use of passwords. 4. The Company determines and establishes a specific method that has been standardized so that the process of monitoring and evaluating performance of IT is easier to implement, and evaluate IT performance assessments at regular intervals so that risks can be detected and followed up with a improvement solution as early as possible, and continuously monitor standards for the provision of IT resources not exceed a predetermined limit.
References [1] Cereola, S. J., & Cereola, R. J. (2011). Breach of Data at TJX: An Instructional Case Used to Study COSO and COBIT, with a Focus on Computer Controls, Data Security, and Privacy Legislation. Cereola, Sandra J; Cereola, Ronald J, 521-545.
9
[2] Ebben, J. J., & Johnson, A. C. (2011). Cash Conversion Cycle Management in Small Firms: Relationships with Liquidity, Invested Capital, and Firm Performance. Journal of Small Business and Entrepreneurship, 18. [3] Kasavana, M. L. (1994). Computers and Multiunit Food-Service Operations. Cornell Hospitality Quarterly. [4] Majdalawieh, M., & Zaghloul, I. (2008). PRACTICE FORUM Paradigm shift in information systems auditing. Managerial Editing Journal , 352-367. [5] Ramanathan, J., Cohen, R. J., Plassmann, E., & Ramamoorthy, K. (2007). Role of an auditing and reporting service in compliance management. IBM Systems Journal , 305-318. [6] Tugas, F. C. (2010). Assessing the Level of Information Technology (IT) Processes Performance and Capability Maturity in the Philippine Food, Beverage, and Tobacco (FBT) Industry Using the COBIT Framework. Academy of Information and Management Sciences Journal , 45-68. [7] Anand, Sanjaya. (2006). Sarbanes-Oxley Guide for Finance and Information Technology Professionals (2nd ed). USA: John Wiley & Sons. [8] Basalamah, A. S. (2011). Auditing PDE Dengan Standar IAI Edisi 5. Depok: Usaha Kami. [9] Brand, Koen & Boonen, Harry. (2005). IT Governance Based on Cobit 4.1 : Management Guide. UK: Van Haren Publishing. [10] Cannon, David L. (2011). CISA Certified Information Systems Auditor Study Guide. Indiana : Wiley Publishing, Inc. 10
[11] Cascarino, Richard E. (2007). Auditor’s Guide to Information System Auditing. New Jersey: John Wiley & Sons, Inc. [12] Dube, D. P., & Gulati, V. P. (2005). Information system audit and assurance. New Delhi: Tata MCGraw-Hill. [13] Elder, Randal J., Beasley, Mark S. & Arens, Alvin A. (2010). Auditing and Assurance Service. 13th edition. New Jersey: Pearson Education, Inc. [14] Gelinas, Ulric J. & Dull, Richard B. (2008). Accounting Information Systems. USA: Thomson - South Western. [15] IT Governance Institute. (2007). CobIT (4.1th ed). Framework, Control Objectives, Management Guidelines and Maturity Model. USA: ITGI. [16] Moeller, Robert R. (2009). Sarbanes- Brink's Modern Internal Auditing: A Common Body of Knowledge. New Jersey: John Wiley & Sons. [17] Moeller, Robert R. (2008). Sarbanes-Oxley Internal Controls, Effective Auditing With AS5, CobIT, and ITIL. USA: John Wiley & Sons. [18] Restianto, Yanuar E. & Bawono, Icuk Rangga. (2011). Audit Sistem Informasi Menggunakan Acitve Data for Excel. Yogyakarta: ANDI. [19] Sarno, R. (2009). Audit Sistem & Teknologi Informasi. Surabaya: ITS Press. [20] Weygandt, Jerry J., Kimmel, Paul D. & Kieso, Donald E. (2011). Financial Accounting IRFS edition. USA: John Wiley & Sons, Inc.
11