Tatakelola TIK berdasarkan COBIT

April 4, 2013

Agenda

Apakah tatakelola TIK? CobiT Essentials CobiT Framework

April 4, 2013

What is CobiT?

CobiT (Control Objectives for Information and Related Technology) is globally accepted as being the most comprehensive work for IT governance, organization, as well as IT process and risk management CobiT menyediakan praktek-praktek yang baik untuk manajemen proses IT in a manageable and logical structure, meeting the multiple needs of enterprise management by bridging the gaps between business risks, technical issues, control needs and performance measurement requirements. The CobiT mission is to research, develop, publicize and promote an authoritative, up-to-date, international set of generally accepted information technology control objectives for day-to-day use by business managers and auditors.

April 4, 2013

Apakah tatakelola TIK

IT governance is the responsibility of executives and the board of directors, and consists of the leadership, organisational structures and Processes that ensure that the enterprises IT sustains and extends the organisations strategies and objectives.(cobit 4.0 executive summary) IT governance adalah tanggung jawab eksekutif dan dewan direksi, dan terdiri dari kepemimpinan, struktur organisasi dan Proses yang memastikan bahwa IT perusahaan mendukung dan memperluas strategi dan tujuan organisasi.

April 4, 2013

Apakah COBIT?

Control Objective for information and related technologies Standar tatakelola teknologi informasi yang dikeluarkan oleh ISACA www.isaca.org

April 4, 2013

April 4, 2013

Komponen CobiT

Executive Summary

Management Guidelines

Menjelaskan konsep kunci dan prinsip prinsip utama . Untuk memastikan perusahana berhasil mencapai tujuan maka perusahaan perlu mengelola secara efektif keterkaitan antara proses bisnis dan sistem informasi. Bagian ini tersusun atas model kematangan, CSF, KGI dan KPI Frame work menjelaskan 34 tujuan pengendalian tingkat tinggi yang tersusun atas 4 domain. Setiap framework juga mengidentifikasikan 7 kriteria informasi dan sumberdaya TIK yang memiliki dampak terhadap pengendalian tingkat tinggi

Framework

April 4, 2013

Komponen CobiT

Control Objectives

Audit Guidelines

Bagian ini menyediakan berbagai aspek yang perlu digambarkan untuk menyusun kebijakan dan prkatek yang baik bagi pengendalian TIK. Merupakan panduan cara penerapan audit Alat yang disediakan untuk melakukan beberapa benchmarking dari COBIT

Implementation Toolset

April 4, 2013

CobiT Components
Executive Summary Framework There is a method The method is

Control Objectives
Audit Guidelines

Minimum controls are

Here is how you audit

Implementation Toolset Here is how you implement Management Guidelines Here is how you measure

April 4, 2013

Tujuan Pokok COBIT

April 4, 2013

10

CobiT Framework

April 4, 2013

11

Kriteria informasi
EFFECTIVENESS

Informasi relevan dengan proses bisnis meliputi tepat waktu, benar, bermanfaat

AVAILABILITY

Informasi tersedia ketika dibutuhkan

EFFICIENCY

Terkait dengan pemanfaatan sumberdaya secara optimal

COMPLIANCE

Berkaitan dengan ketetapan hukum, dan persetujuan kontrak .

kerahasiaan
CONFIDENTIALITY

RELIABILITY OF INFORMATION

Relates to the provision of appropriate information for the workforce of the organization

INTEGRITY

Berkaitan dengan keakuratan dan kelengkapan informasi

April 4, 2013

12

Sumberdaya

Organizations - People : keterampilan staff, awareness and produktivitas untuk merencanakan, mengorganisasikan, mencari, menyediakan, mendukung and me-monitor sistem informasi dan layanannya. Sistem Aplikasi : pemahaman terhadap sitem informasi manual dan yang otomatis(berbasis komputer). teknologi : meliputi perangkat keras, sistem operasi, sistem manajemen basis data,jaringan, multimedia dll. Fasilitas: Sumberdaya untuk melindungi fasilitas dan teknologi yang tersedia(ruangan dll). Data : obyek data, berisfat teks, suara, gambar dll.

April 4, 2013

13

Planning and Organization

Domain COBIT

Domain ini meliputi taktik dan strategi dan memfokuskan pada cara TI dapat memberikan kontribusi yang optimal bagi tujuan bisnis

Acquisition and Implementation

Untuk merealisasikan strategi TIK, solusi TI harus diidentifikasi, dikembangkan diterapkan dan diintergrasikan terhadap proses bisnis

April 4, 2013

14

Delivery and Support

The Four CobiT Domains

Domain ini fokus pada penyediaan layanan yang dibutuhkan yang meliputi level operasional, keamanan serta aspek pelatihan

Monitoring

Semua proses TIK perlu diakses setiap waktu untuk dimonitor kualitasnya.

April 4, 2013

15

CobiT IT Processes

Planning and Organization PO1 - Define a strategic IT plan PO2 - Define the information architecture PO3 - Determine the technological direction PO4 - Define the IT organization and relationships PO5 - Manage the investment PO6 - Communicate management aims and directions PO7 - Manage human resources PO8 - Ensure compliance with external requirements PO9 - Assess risks PO10 - Manage project

Acquisition and Implementation

PO11 - Manage quality

AI1 - Identify solutions AI2 - Acquire and maintain application software AI3 - Acquire and maintain technology architecture AI4 - Develop and maintain IT procedures AI5 - Install and accredit systems AI6 - Manage changes

April 4, 2013

16

CobiT IT Processes

Delivery and Support DS1 - Define Service Levels DS2 - Manage third-party services DS3 - Manage performance and capacity DS4 - Ensure continuous service DS5 - Ensure system security DS6 - Identify and attribute costs DS7 - Educate and train users DS8 - Assist and advise IT customers DS9 - Manage the configuration DS10 - Manage problems and incidents DS11 - Manage data DS12 - Manage facilities DS13 - Manage operations

Monitoring

M1 - Monitor the processes M2 - Assess the internal control adequacy M3 - Obtain independent assurance M4 - Provide for independent audit

April 4, 2013

17

KPI

Key Performance Indicators (KPI)

KPIs are a measure of how well the process is performing. KPI adalah ukuran sejauhmana proses berjalan KPI dapat digunakan untuk memprediksi keberhasilan atau kegagalan Fokus pada proses dan dimensi pembelajaran pada balance scorecard Diwujudkan dalam terminologi yang terukur Dapat digunakan untuk membantu memperbaiki proses TI
18

April 4, 2013

Key Performance Indicators dalam proses TIK yang umum

System downtime Throughput and response times Amount of errors and rework Number of staff trained in new technology and customer service skills Benchmark comparisons Number of non-compliance reportings Reduction in development and processing time

April 4, 2013

19

Financial

Contoh ukuran kinerja (BSC)

# of IT customers Cost per IT customer Cost-efficiency of IT Delivery of IT value per

Customer Level of service delivery
employee processes up

up Satisfaction of existing customers # of new customers reached # of new service delivery channels

Process Availability of systems &

Information

Learning

services Developments on schedule & budget Throughput & response times Amount of errors and rework

Staff productivity &

morale # of staff trained in new techno/services Value delivery per employee up Increased availability knowledge systems

April 4, 2013

20

Deskripsi proses
The control of

Kriteria Informasi
S S P

IT Processes
which satisfy

Business Requirements

is enabled by

Control Statements

Sumberdaya
and considers

Control Practices

Critical Success Factors

KGIs
KPIs

Maturity Model
0 - Management processes are not applied at
all 1 - Processes are ad hoc and disorganised 2 - Processes follow a regular pattern 3 - Processes are documented and communicated 4 - Processes are monitored and measured 5 - Best practices are followed and automated

April 4, 2013

21

Merupakan hal paling penting yang perlu dilakukan untuk mencapai tujuan Dapat dicari-dapat diukur- merupakan karakteristik dari organsiasi dan proses bisnis Dapat bersifat strategis, teknologis, organisasional atau bersifat prosedural Fokus pada pencarian, pemeliharaan dan perluasan kemampuan, keterampilan dan perilaku Dinyatakan dalam terminologi proses.

CSF

April 4, 2013

22

Critical Success Factors dalam proses TIK yang umum

Kinerja TIK diukur dalam terminologi keuangan, sebagai kepuasan konsumen, efektiftas dan kapasitas masadepan; Reward berdasarkan pada ukuran kinerja ini. Proses selaras dengan strategi TIK dan dengan tujuan bisnis.

April 4, 2013

23

Process Description
The control of

IT Processes
which satisfy

S S
Business Requirements

Information Criteria

is enabled by

Control Statements

Resources
and considers

Control Practices

Critical Success Factors CSF

KGIs
KPIs

Maturity Model
0 - Management processes are not applied at
all 1 - Processes are ad hoc and disorganised 2 - Processes follow a regular pattern 3 - Processes are documented and communicated 4 - Processes are monitored and measured 5 - Best practices are followed and automated

Maturity Model

April 4, 2013

24

Kesimpulan

Anda telah belajar tentang tatakelola TIK berdasarkan framework COBIT

April 4, 2013

25