COBIT

COBIT Control Objectives for Information and related Technology

Manajemen I dan T Meningkatnya kebergantungan suatu perusahaan terhadap informasi dan system yg menyediakannya Meningkatnya kerentanan terhadap ancaman Meningkatnya cakupan dan biaya investasi di bidang I dan T Meningkatnya kemampuan teknologi yg mampu mengubah organisasi dan praktek bisnis, dan sekaligus membuat kesempatan baru dan mengurangi biaya

Fase IT Awareness Centralized Information and Technology suatu institusi dimana semua hal yg terkait dgn IT dibebankan pada 1 unit Distributed Information and Technology suatu institusi dimana hal-hal yg terkait dgn IT dibebankan ke unit terkait Distributed Role suatu institusi dimana setiap unit telah sadar wewenang-nya masing2 di dalam proses bisnis

sisfo sales sales sales manajemen Business Process Owner 3 Actor dalam proses bisnis : Submitter Approval Execution 3 Role dalam proses bisnis : Data Owner Application Owner Business Process Owner

Management’s Questions How far should we go in IT? Is the cost justified by the benefit? What are the indicators of good performance? What are the critical success factor? What are the risk of not achieving our objectives? What do others do? How do we measure and compare?

Support  Enabler IT sbg Support : perusahaan mengedepankan dan memprioritaskan operasional sebagai tulang punggung perusahaan, IT berfungsi sbg pendukung operasional IT sbg Enabler : perusahaan mengedepankan IT sbg tulang punggung yg menggerakkan operasional, operasional ada setelah IT ada

IT Management Guideline Key Goal Indicators Key Performance Indicators Critical Success Factors Maturity Models

Control Definisi : policies, procedures, practices, and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected

IT Control Objective Definisi : statement of the desired result or purpose to be achieved by implementing control procedures in a particular IT activity

IT Governance Definisi: A structure of relationship and process to direct and control the enterprise in order to achieve the enterprise’s goal by adding value while balancing risk versus return over IT and its process Enterprise’s Goal Business Process Risk Control

IT Governance IT is aligned with the business, enables the business and maximizes benefits IT resources are used responsibly IT related risks are managed appropriately Direct Report Manage risks : Security Reliability Compliance Realize Benefits Increase automation Decrease cost

Control vs. Risk Manajemen harus memutuskan besar investasi yg cukup untuk menjamin security dan control di bidang IT Manajemen harus dapat menyeimbangkan antara Risk dan Control bahkan di lingkungan yang tidak bisa diprediksi spt IT Security dan Control hanya mengatur Risk, tidak bisa meniadakan Tingkat Risk tidak bisa diketahui dan diukur secara pasti Manajemen harus memutuskan level Risk yang masih bisa diterima oleh perusahaan

Control Objective Level Primary : the degree to which the defined control objective directly impacts the information criterion concerned Secondary : the degree to which the defined control objective satisfies only to a lesser extent or indirectly the information criterion concerned Blank : could be applicable; however, requirements are more appropriately satisfied by another criterion in this process and/or by another process

Data Sales Informasi Sales Order Nama produk : Speedy Bandwidth : 1 Mbps Harga jual : Rp 800.000,- Nama Kastamer : PT. Air Muncul Alamat : Jl. Telekomunikasi 1x Tipe Kastamer : ISP Nama Pemilik : Bpk. Bambang Nomor Telpon pemilik : 022-70707070

Control Objective Principle the control of which satisfy is enabled by considering

COBIT IT Process 7 Information 5 IT Resources 4 Domains 34 Control Objectives 318 Measurement IT Resources

Information Effectiveness Efficiency Confidentiality Integrity Availability Compliance Reliability

Information Effectiveness , how information being relevant and pertinent to the business process as well as being delivered in a timely, correct, consistent, and usable manner Efficiency , concerns the provision of information through optimal use of resources Confidentiality , concerns the protection of sensitive information from unauthorized disclosure Integrity , relates to accuracy and completeness of information as well as to its validity Availability , relates to information being available when required by the business process now and in the future Compliance , deals with complying with those laws, regulations, and contractual arrangements to which the business process is subject Reliability , relates to the provision of appropriate information for management to operate the entity and for management to exercise its financial and compliance reporting responsibilities

IT Resources People Application system Technology Facilities Data

IT Resources People , including staff skills, awareness, and productivity to plan, organize, acquire, deliver, support, and monitor information system and service Application system , sum of manual and programmed procedures Technology , covers hardware, OS, DBMS, network, multimedia, etc Facilities , all resources to house and support information system Data , are objects in their widest sense (external and internal), structured and unstructured, graphics, sound, etc

Planning & Organization PO1 : define a strategy IT plan PO2 : define the information architecture PO3 : determine the technological direction PO4 : define the IT organization and relationship PO5 : manage the IT investment PO6 : communicate management aims and direction PO7 : manage human resource PO8 : ensure compliance with external requirements PO9 : assess risks PO10 : manage projects PO11 : manage quality

Acquisition & Implementation AI1 : identify automated solution AI2 : acquire and maintain application software AI3 : acquire and maintain technology infrastructure AI4 : develop and maintain procedures AI5 : install and accredit systems AI6 : manage changes

Delivery & Support DS1 : define and manage service levels DS2 : manage third-party services DS3 : manage performance and capacity DS4 : ensure continuous service DS5 : ensure systems security DS6 : identify and allocate costs DS7 : educate and train users DS8 : assist and advice customers DS9 : manage the configuration DS10 : manage problems and incidents DS11 : manage data DS12 : manage facilities DS13 : manage operations

Monitoring M1 : monitor the process M2 : assess internal control adequacy M3 : obtain independent assurance M4 : provide for independent audit

http://www.imtelkom.ac.id

COBIT

More Related Content

What's hot (19)

Similar to COBIT (20)

More from Telkom Institute of Management (20)

Recently uploaded (20)

COBIT