April 4, 2013
Agenda
April 4, 2013
What is CobiT?
CobiT (Control Objectives for Information and Related Technology) is globally accepted as being the most comprehensive work for IT governance, organization, as well as IT process and risk management CobiT menyediakan praktek-praktek yang baik untuk manajemen proses IT in a manageable and logical structure, meeting the multiple needs of enterprise management by bridging the gaps between business risks, technical issues, control needs and performance measurement requirements. The CobiT mission is to research, develop, publicize and promote an authoritative, up-to-date, international set of generally accepted information technology control objectives for day-to-day use by business managers and auditors.
April 4, 2013
April 4, 2013
Apakah COBIT?
Control Objective for information and related technologies Standar tatakelola teknologi informasi yang dikeluarkan oleh ISACA www.isaca.org
April 4, 2013
April 4, 2013
Komponen CobiT
Executive Summary
Management Guidelines
Menjelaskan konsep kunci dan prinsip prinsip utama . Untuk memastikan perusahana berhasil mencapai tujuan maka perusahaan perlu mengelola secara efektif keterkaitan antara proses bisnis dan sistem informasi. Bagian ini tersusun atas model kematangan, CSF, KGI dan KPI Frame work menjelaskan 34 tujuan pengendalian tingkat tinggi yang tersusun atas 4 domain. Setiap framework juga mengidentifikasikan 7 kriteria informasi dan sumberdaya TIK yang memiliki dampak terhadap pengendalian tingkat tinggi
Framework
April 4, 2013
Komponen CobiT
Control Objectives
Audit Guidelines
Bagian ini menyediakan berbagai aspek yang perlu digambarkan untuk menyusun kebijakan dan prkatek yang baik bagi pengendalian TIK. Merupakan panduan cara penerapan audit Alat yang disediakan untuk melakukan beberapa benchmarking dari COBIT
Implementation Toolset
April 4, 2013
CobiT Components
Executive Summary Framework There is a method The method is
Control Objectives
Audit Guidelines
Implementation Toolset Here is how you implement Management Guidelines Here is how you measure
April 4, 2013
April 4, 2013
10
CobiT Framework
April 4, 2013
11
Kriteria informasi
EFFECTIVENESS
Informasi relevan dengan proses bisnis meliputi tepat waktu, benar, bermanfaat
AVAILABILITY
EFFICIENCY
COMPLIANCE
kerahasiaan
CONFIDENTIALITY
RELIABILITY OF INFORMATION
Relates to the provision of appropriate information for the workforce of the organization
INTEGRITY
April 4, 2013
12
Sumberdaya
Organizations - People : keterampilan staff, awareness and produktivitas untuk merencanakan, mengorganisasikan, mencari, menyediakan, mendukung and me-monitor sistem informasi dan layanannya. Sistem Aplikasi : pemahaman terhadap sitem informasi manual dan yang otomatis(berbasis komputer). teknologi : meliputi perangkat keras, sistem operasi, sistem manajemen basis data,jaringan, multimedia dll. Fasilitas: Sumberdaya untuk melindungi fasilitas dan teknologi yang tersedia(ruangan dll). Data : obyek data, berisfat teks, suara, gambar dll.
April 4, 2013
13
Domain COBIT
Domain ini meliputi taktik dan strategi dan memfokuskan pada cara TI dapat memberikan kontribusi yang optimal bagi tujuan bisnis
Untuk merealisasikan strategi TIK, solusi TI harus diidentifikasi, dikembangkan diterapkan dan diintergrasikan terhadap proses bisnis
April 4, 2013
14
Domain ini fokus pada penyediaan layanan yang dibutuhkan yang meliputi level operasional, keamanan serta aspek pelatihan
Monitoring
Semua proses TIK perlu diakses setiap waktu untuk dimonitor kualitasnya.
April 4, 2013
15
CobiT IT Processes
Planning and Organization PO1 - Define a strategic IT plan PO2 - Define the information architecture PO3 - Determine the technological direction PO4 - Define the IT organization and relationships PO5 - Manage the investment PO6 - Communicate management aims and directions PO7 - Manage human resources PO8 - Ensure compliance with external requirements PO9 - Assess risks PO10 - Manage project
AI1 - Identify solutions AI2 - Acquire and maintain application software AI3 - Acquire and maintain technology architecture AI4 - Develop and maintain IT procedures AI5 - Install and accredit systems AI6 - Manage changes
April 4, 2013
16
CobiT IT Processes
Delivery and Support DS1 - Define Service Levels DS2 - Manage third-party services DS3 - Manage performance and capacity DS4 - Ensure continuous service DS5 - Ensure system security DS6 - Identify and attribute costs DS7 - Educate and train users DS8 - Assist and advise IT customers DS9 - Manage the configuration DS10 - Manage problems and incidents DS11 - Manage data DS12 - Manage facilities DS13 - Manage operations
Monitoring
M1 - Monitor the processes M2 - Assess the internal control adequacy M3 - Obtain independent assurance M4 - Provide for independent audit
April 4, 2013
17
KPI
KPIs are a measure of how well the process is performing. KPI adalah ukuran sejauhmana proses berjalan KPI dapat digunakan untuk memprediksi keberhasilan atau kegagalan Fokus pada proses dan dimensi pembelajaran pada balance scorecard Diwujudkan dalam terminologi yang terukur Dapat digunakan untuk membantu memperbaiki proses TI
18
April 4, 2013
System downtime Throughput and response times Amount of errors and rework Number of staff trained in new technology and customer service skills Benchmark comparisons Number of non-compliance reportings Reduction in development and processing time
April 4, 2013
19
Financial
up Satisfaction of existing customers # of new customers reached # of new service delivery channels
Information
Learning
services Developments on schedule & budget Throughput & response times Amount of errors and rework
April 4, 2013
20
Deskripsi proses
The control of
Kriteria Informasi
S S P
IT Processes
which satisfy
Business Requirements
is enabled by
Control Statements
Sumberdaya
and considers
Control Practices
KGIs
KPIs
Maturity Model
0 - Management processes are not applied at
all 1 - Processes are ad hoc and disorganised 2 - Processes follow a regular pattern 3 - Processes are documented and communicated 4 - Processes are monitored and measured 5 - Best practices are followed and automated
April 4, 2013
21
Merupakan hal paling penting yang perlu dilakukan untuk mencapai tujuan Dapat dicari-dapat diukur- merupakan karakteristik dari organsiasi dan proses bisnis Dapat bersifat strategis, teknologis, organisasional atau bersifat prosedural Fokus pada pencarian, pemeliharaan dan perluasan kemampuan, keterampilan dan perilaku Dinyatakan dalam terminologi proses.
CSF
April 4, 2013
22
Kinerja TIK diukur dalam terminologi keuangan, sebagai kepuasan konsumen, efektiftas dan kapasitas masadepan; Reward berdasarkan pada ukuran kinerja ini. Proses selaras dengan strategi TIK dan dengan tujuan bisnis.
April 4, 2013
23
Process Description
The control of
IT Processes
which satisfy
S S
Business Requirements
Information Criteria
is enabled by
Control Statements
Resources
and considers
Control Practices
KGIs
KPIs
Maturity Model
0 - Management processes are not applied at
all 1 - Processes are ad hoc and disorganised 2 - Processes follow a regular pattern 3 - Processes are documented and communicated 4 - Processes are monitored and measured 5 - Best practices are followed and automated
Maturity Model
April 4, 2013
24
Kesimpulan
April 4, 2013
25