SlideShare a Scribd company logo

PBI 9/15/PBI/2007

Download as PPTX, PDF
P
presidenri
Business
1 of 49
New PBI TSI Review and Implementation Services
Veda Praxis: Introduction
Who are we? PT Veda Praxis is your business partner in risk & control advisory. Formed in October 2005 by experienced and dedicated professional who are internationally certified and have wide experiences in variety of industries and professional services in multinational consulting firm and started its business operations in December 2005 “Veda” is originally from Sanskrit language means “Knowledge”. “Praxis” is originally from an ancient European language means “Practicing”.
Our Vision & Mission Vision become your partner in establishing effective business control Mission Deliver value services at full disclosure to our clients Participate on ever-increasing business consciousness in control awareness Build a strong and on-going relationship with our clients in regards to continuous control implementation
Our Value We help you better understand and manage your business risk We assist you improve your business process We assist you improve your operating efficiency We assure the validity of your business information We deliver “down to earth” recommendations and assist you with the implementation We provide cost effective solutions for you
Our Services Risk Management Information Technology Governance Internal Audit Business Process Improvement
Why Veda Praxis We have internationally certified professionals We deliver results according to world class quality standard and based on world class knowledge and methodology combine with local values Extensive knowledge and experience in delivering Control and Risk Based services Committed to work on the basis of knowledge transfer for the clients long term investment instead of creating dependencies from clients to consultants
Background and Point of View
Background Information technology development enables banks to improve operational activities efficiency and services quality to customer. The use of IT in bank’s operational activities exposes new risks to the bank, therefore an effective IT Risk Management is needed IT is a valuable asset to the bank, the management of IT is not just the responsibility of IT working unit, however it is the responsibility of all related parties The IT infrastructure needs to be adequate in terms of Basel II implementation A set of regulations covering the Implementation of Risk Management on the Utilization of Information Technology is needed
Structure of PBI and Guidelines
Our Point of View to PBI ,[object Object]
Every bank has different risk exposure. Therefore, implementation of control is different for each bank and preliminary risk analysis is needed.Why? ,[object Object],[object Object]
General Approach Types Related to Control Selection
Combination of Top-Down and Risk Driven Approach (Optimum Benefit)
Our Services Related to PBI TSI
Review/Assess Service
Implementation Services
Type of Review Service
Quick Scan Review
High Level Review
Full Scope Review
By Area Review
Type of Implementation Service
Full Scope Implementation
By Area Implementation
Review Services Methodology
Review Methodology Define Analyze Review Deliverables Executive Summary Identify PIC Quick Scan Perform Interviews Identify IT Environment Compliance Gap Schedule Interview Management Presentation Analyze IT Complexities Findings & Recommendation Perform High Level Review Identify review scope High Level Perform Detail Review Existing Maturity Full Scope/ By Area Determine Required Maturity Identify Benefits Required Maturity Determine Existing Maturity Identify Risks Maturity Gap
Detail Review Methodology
Quick Scan - Define Define Analyze Review Deliverables ,[object Object]
Persons in charge for every review area is identified. Identify PIC is needed to obtain review information effectively by interviewing the responsible person.
Schedule Interview
An interview schedule is made for every PIC. The interview schedule is made with respect to the PIC’s responsibilities. Timeliness plays an important role since the result of Quick Scan Review is expected in such short time. ,[object Object]
Quick Scan - Review Define Analyze Review Deliverables Perform Interviews Bank’s compliance towards PBI is reviewed using our compliance checklist tools developed based on the “KonsepPedomanPenggunaan TSI olehBank” issued by the Central Bank of Indonesia. The tool will assist the review process to be performed effectively and efficiently. The review is performed solely to obtain a “comply/not comply” information for each control related to the area. The information is obtained only through interviews with related PIC.
Define Analyze Review Deliverables Quick Scan - Deliver Executive Summary Result of all activities in three phase before will be summarized and reported in Executive summary. Compliance Gap A completed compliance checklist is prepared based on the review compliance in previous the phase. Management Presentation The report will be presented to the management.
High Level - Define Define Analyze Review Deliverables The “Define” phase in the High Level Review service has the same activities as those in the Quick Scan services (Identify PIC, Schedule Interview) with the following additional activity: Identify Review Scope Identify scope of PBI TSI high level review. This identification will determine scope of our project review, such as scope of bank’s branches, organizations, processes, procedures, etc.
High Level - Analyze Define Analyze Review Deliverables The “Analyze” phase in the High Level Review service has the same activities as those in the Quick Scan services (Identify IT Environment) with the following additional activity: Analyze IT Complexities Based on the IT Environment identified, the IT complexities will be assessed. The assessment result is used to determine the review areas of focus.
High Level - Review Define Analyze Review Deliverables The “Review” phase in the High Level Review service has the same activities as those in the Quick Scan services (Perform Interviews) with the following additional activity: Perform High Level Review A high level review is performed using more than interview techniques. Documentation reviews, walkthroughs, observations and inspections is done in a high level approach. A high level review will assess bank’s control design effectiveness. How effective a control is implemented will not be assessed.
High Level - Deliver Define Analyze Review Deliverables The “Deliver” phase in the High Level Review service has the same deliverables as those in the Quick Scan services (Executive Summary, Compliance Gap, Management Presentation) with the following additional deliverable: Findings & Recommendation Based on the review, a list of findings and recommendations is prepared. The executive summary will also include a findings and recommendation summary.
Define Define Analyze Review Deliverables The “Define” phase in the By Area/Full Scope Review service has the same activities as those in the Quick Scan plus the High Level services (Identify PIC, Schedule Interview, Identify Review Scope) with the following additional activities: Identify Risks A set of risks (may be provided by the bank) is scored using out tools. The scoring process is performed through workshops with management. Identify Benefits A set of benefits (may be provided by the bank) is scored based on the bank’s business and IT goals. The scoring process is performed through workshops with management.
Analyze Define Analyze Review Deliverables The “Analyze” phase in the By Area/Full Scope Review service has the same activities as those in the Quick Scan plus the High Level services (Identify IT Environment, Analyze IT Complexities) with the following additional activity: Determine Required Maturity The required maturity for each control stated in the “Konsep Pedoman Penggunaan TSI oleh Bank” is set. The process is done through the mapping of each control towards each risk and and benefit.
Analyze Define Analyze Review Deliverables The “Review” phase in the By Area/Full Scope Review service has the same activities as those in the Quick Scan plus the High Level services (Perform Interviews, Perform High Level Review) with the following additional activities: Perform Detail Review A Detail Review is performed using the same techniques as the high level review but on a different depth. The review is done up to the level of determining the control implementation effectiveness. Determine Existing Maturity Existing control maturity level is determined for each control based on the detail review.
Deliver Define Analyze Review Deliverables The “Deliver” phase in the By Area/Full Scope Review service has the same deliverables as those in the Quick Scan plus the High Level services (Executive Summary, Compliance Checklist, Management Presentation, Findings & Recommendation) with the following additional deliverables: Existing Maturity A report document describing the bank’s current control maturity Required Maturity A report document describing the bank’s required control maturity Maturity Gap Based on the existing and required maturity level, a gap analysis is performed.
Detail Implementation Methodology
Implementation Methodology People Process Technology Gap Analysis PLAN Develop IT Plan DO Design Standards, Policies, and Procedures Align IT Organization Design Technology Architecture Implement Standards, Policies, and Procedures Implement IT Organization Implement Systems Improvement Develop/Acquire New Systems OPERATE Monitor and Evaluate CHECK ACT Maintain and Improve
Plan : Develop IT Plan Based on the gap analysis, an IT plan is developed. The plan contains projects to improve the IT in the area of people, process and technology. The project does not necessarily divided by these areas (people, process and technology). A project may involve improvement on all of the areas. PLAN DO CHECK ACT
Do : People Align IT Organization: A design of the IT organization is developed based on the gap analysis. The design is not limited to organization structure and job description, but also committees and other improvements that has significant effect on the aspect of organization (people). The design may include the following: IT Steering Committee Information Security Incident Response Team IT Strategic Plan Training and recruitment plan Implement IT Organization: The IT organization design is implemented. The activities may involve but not limited to recruitment, socialization, training and management meetings. Our services in this phase is limited to assist the bank the new IT Organization socialization. PLAN DO CHECK ACT
Do : Process Design Standards, Policies, and Procedures Standards, policies and procedures are designed based on the PBI. The activities may involve further interviews to the process owner to obtain accurate information on the process. Deliver Standards, Policies, and Procedures The standards, policies and procedures are socialized. The activities may involve: Training and workshops Socializations through emails, banners, etc Our services in this phase is limited to assist the bank in socializing the standards, policies and procedures. PLAN DO CHECK ACT
Do : Technology Design Technology Architecture A future technology architecture is developed as guidelines on improving the technology of the organization. The future architecture will cover all technology aspects; applications, network, information, hardware. Develop/Acquire New System & Implement System Improvement Based on the future technology architecture, improvements are made and new systems are acquired or developed. Our role in this activities is to help the bank to make sure that improvements and new systems are made as required and done using the correct change management framework. We will also perform a Post Implementation Review at the end of each implementation. PLAN DO CHECK ACT
Check Once the implementation is finished and has gone to operation, the bank should monitor and evaluate the operation to Ensure the operational effectiveness of control as required based on the “required control maturity level”. PLAN DO CHECK ACT

Recommended

Bank Indonesia Regulation 9/15/2007 IT Risk Management
Bank Indonesia Regulation 9/15/2007 IT Risk ManagementBank Indonesia Regulation 9/15/2007 IT Risk Management
Bank Indonesia Regulation 9/15/2007 IT Risk ManagementAnjar Priandoyo
 
Core Banking Solution PPT of TCS and SBI
Core Banking Solution PPT of TCS and SBICore Banking Solution PPT of TCS and SBI
Core Banking Solution PPT of TCS and SBIRajesh Kumar
 
Core banking has changed the way you bank
Core banking has changed the way you bankCore banking has changed the way you bank
Core banking has changed the way you bankSushil Deshmukh
 
IT in banking
IT in bankingIT in banking
IT in bankingYash Mehta
 
System architecture for central banks
System architecture for central banksSystem architecture for central banks
System architecture for central banksJean-Marc Lepain
 
Bi risk services 2013
Bi risk services 2013Bi risk services 2013
Bi risk services 2013Rahul Bhan (CA, CIA, MBA)
 
Mi gran familia
Mi gran familia Mi gran familia
Mi gran familia Melissa Granados Fonseca
 
IndonesianCentralBank
IndonesianCentralBankIndonesianCentralBank
IndonesianCentralBankAlbet Nego
 

Recommended

Bank Indonesia Regulation 9/15/2007 IT Risk Management
Bank Indonesia Regulation 9/15/2007 IT Risk ManagementBank Indonesia Regulation 9/15/2007 IT Risk Management
Bank Indonesia Regulation 9/15/2007 IT Risk ManagementAnjar Priandoyo
 
Core Banking Solution PPT of TCS and SBI
Core Banking Solution PPT of TCS and SBICore Banking Solution PPT of TCS and SBI
Core Banking Solution PPT of TCS and SBIRajesh Kumar
 
Core banking has changed the way you bank
Core banking has changed the way you bankCore banking has changed the way you bank
Core banking has changed the way you bankSushil Deshmukh
 
IT in banking
IT in bankingIT in banking
IT in bankingYash Mehta
 
System architecture for central banks
System architecture for central banksSystem architecture for central banks
System architecture for central banksJean-Marc Lepain
 
Bi risk services 2013
Bi risk services 2013Bi risk services 2013
Bi risk services 2013Rahul Bhan (CA, CIA, MBA)
 
Mi gran familia
Mi gran familia Mi gran familia
Mi gran familia Melissa Granados Fonseca
 
IndonesianCentralBank
IndonesianCentralBankIndonesianCentralBank
IndonesianCentralBankAlbet Nego
 
Cb2500 week01 - course introduction importance of mis
Cb2500 week01 - course introduction importance of misCb2500 week01 - course introduction importance of mis
Cb2500 week01 - course introduction importance of miskisstyyy
 
PPT MAGANG
PPT MAGANGPPT MAGANG
PPT MAGANGMita Septiana Hidayah
 
Booklet perbankan indonesia 2016
Booklet perbankan indonesia 2016Booklet perbankan indonesia 2016
Booklet perbankan indonesia 2016Ayi Ahadiat
 
Tugas bi
Tugas biTugas bi
Tugas biSambadyasitumeang
 
Pengertian Perbankan
Pengertian PerbankanPengertian Perbankan
Pengertian PerbankanIAIN Sunan Ampel Surabaya
 
Ailing public sector undertakings
Ailing public sector undertakingsAiling public sector undertakings
Ailing public sector undertakingsNitin Garg
 
Cloud Based Infrastructure for Banking
Cloud Based Infrastructure for BankingCloud Based Infrastructure for Banking
Cloud Based Infrastructure for BankingHeri Supriadi
 
Bank Sentral (Bank Indonesia)
Bank Sentral (Bank Indonesia)Bank Sentral (Bank Indonesia)
Bank Sentral (Bank Indonesia)Ari Raharjo
 
Materi -bank-sentral
Materi -bank-sentralMateri -bank-sentral
Materi -bank-sentralNinda Milasati
 
Bank Sentral : Bank Indonesia (Ekonomi Moneter - BAB 3)
Bank Sentral : Bank Indonesia (Ekonomi Moneter - BAB 3)Bank Sentral : Bank Indonesia (Ekonomi Moneter - BAB 3)
Bank Sentral : Bank Indonesia (Ekonomi Moneter - BAB 3)Bagus Cahyo Jaya Pratama Pratama
 
Sejarah Bank di Indonesia
Sejarah Bank di IndonesiaSejarah Bank di Indonesia
Sejarah Bank di IndonesiaMuhalida Zia
 
Bank indonesia
Bank indonesiaBank indonesia
Bank indonesiaReinhart Tresnadiputra
 
makalah bank indonesia
makalah bank indonesiamakalah bank indonesia
makalah bank indonesiaNisa Ell
 
BANK SENTRAL
BANK SENTRALBANK SENTRAL
BANK SENTRALAlyssa Melani Savira
 
Bank sentral
Bank sentralBank sentral
Bank sentralDwi Anita
 
Sejarah Bank di Indonesa powerpoint
Sejarah Bank di Indonesa powerpointSejarah Bank di Indonesa powerpoint
Sejarah Bank di Indonesa powerpointMuhalida Zia
 
Bank indonesia
Bank indonesia Bank indonesia
Bank indonesia Nisa Ell
 
PPT Hyperlink Bank Sentral
PPT Hyperlink Bank SentralPPT Hyperlink Bank Sentral
PPT Hyperlink Bank Sentralsalmiah mia
 
Bank Sentral
Bank SentralBank Sentral
Bank Sentral9elevenStarUnila
 
BANK SENTRAL ( BANK INDONESIA )
BANK SENTRAL ( BANK INDONESIA )BANK SENTRAL ( BANK INDONESIA )
BANK SENTRAL ( BANK INDONESIA )Nevi Syafitri
 
Qwr iso20000 auditor m04 implementing audit and tooling us 06 apr14
Qwr iso20000 auditor m04 implementing audit and tooling us 06 apr14Qwr iso20000 auditor m04 implementing audit and tooling us 06 apr14
Qwr iso20000 auditor m04 implementing audit and tooling us 06 apr14said missoum
 
Visual Risk Iq + Audimation Deck For Charlotte Iia For Pdf Only
Visual Risk Iq + Audimation Deck For Charlotte Iia For Pdf OnlyVisual Risk Iq + Audimation Deck For Charlotte Iia For Pdf Only
Visual Risk Iq + Audimation Deck For Charlotte Iia For Pdf OnlyJoe Oringel
 

More Related Content

Viewers also liked

Cb2500 week01 - course introduction importance of mis
Cb2500 week01 - course introduction importance of misCb2500 week01 - course introduction importance of mis
Cb2500 week01 - course introduction importance of miskisstyyy
 
Booklet perbankan indonesia 2016
Booklet perbankan indonesia 2016Booklet perbankan indonesia 2016
Booklet perbankan indonesia 2016Ayi Ahadiat
 
Ailing public sector undertakings
Ailing public sector undertakingsAiling public sector undertakings
Ailing public sector undertakingsNitin Garg
 
Cloud Based Infrastructure for Banking
Cloud Based Infrastructure for BankingCloud Based Infrastructure for Banking
Cloud Based Infrastructure for BankingHeri Supriadi
 
Bank Sentral (Bank Indonesia)
Bank Sentral (Bank Indonesia)Bank Sentral (Bank Indonesia)
Bank Sentral (Bank Indonesia)Ari Raharjo
 
Sejarah Bank di Indonesia
Sejarah Bank di IndonesiaSejarah Bank di Indonesia
Sejarah Bank di IndonesiaMuhalida Zia
 
makalah bank indonesia
makalah bank indonesiamakalah bank indonesia
makalah bank indonesiaNisa Ell
 
Bank sentral
Bank sentralBank sentral
Bank sentralDwi Anita
 
Sejarah Bank di Indonesa powerpoint
Sejarah Bank di Indonesa powerpointSejarah Bank di Indonesa powerpoint
Sejarah Bank di Indonesa powerpointMuhalida Zia
 
Bank indonesia
Bank indonesia Bank indonesia
Bank indonesia Nisa Ell
 
PPT Hyperlink Bank Sentral
PPT Hyperlink Bank SentralPPT Hyperlink Bank Sentral
PPT Hyperlink Bank Sentralsalmiah mia
 
BANK SENTRAL ( BANK INDONESIA )
BANK SENTRAL ( BANK INDONESIA )BANK SENTRAL ( BANK INDONESIA )
BANK SENTRAL ( BANK INDONESIA )Nevi Syafitri
 

Viewers also liked (20)

Cb2500 week01 - course introduction importance of mis
Cb2500 week01 - course introduction importance of misCb2500 week01 - course introduction importance of mis
Cb2500 week01 - course introduction importance of mis
 
PPT MAGANG
PPT MAGANGPPT MAGANG
PPT MAGANG
 
Booklet perbankan indonesia 2016
Booklet perbankan indonesia 2016Booklet perbankan indonesia 2016
Booklet perbankan indonesia 2016
 
Tugas bi
Tugas biTugas bi
Tugas bi
 
Pengertian Perbankan
Pengertian PerbankanPengertian Perbankan
Pengertian Perbankan
 
Ailing public sector undertakings
Ailing public sector undertakingsAiling public sector undertakings
Ailing public sector undertakings
 
Cloud Based Infrastructure for Banking
Cloud Based Infrastructure for BankingCloud Based Infrastructure for Banking
Cloud Based Infrastructure for Banking
 
Bank Sentral (Bank Indonesia)
Bank Sentral (Bank Indonesia)Bank Sentral (Bank Indonesia)
Bank Sentral (Bank Indonesia)
 
Materi -bank-sentral
Materi -bank-sentralMateri -bank-sentral
Materi -bank-sentral
 
Bank Sentral : Bank Indonesia (Ekonomi Moneter - BAB 3)
Bank Sentral : Bank Indonesia (Ekonomi Moneter - BAB 3)Bank Sentral : Bank Indonesia (Ekonomi Moneter - BAB 3)
Bank Sentral : Bank Indonesia (Ekonomi Moneter - BAB 3)
 
Sejarah Bank di Indonesia
Sejarah Bank di IndonesiaSejarah Bank di Indonesia
Sejarah Bank di Indonesia
 
Bank indonesia
Bank indonesiaBank indonesia
Bank indonesia
 
makalah bank indonesia
makalah bank indonesiamakalah bank indonesia
makalah bank indonesia
 
BANK SENTRAL
BANK SENTRALBANK SENTRAL
BANK SENTRAL
 
Bank sentral
Bank sentralBank sentral
Bank sentral
 
Sejarah Bank di Indonesa powerpoint
Sejarah Bank di Indonesa powerpointSejarah Bank di Indonesa powerpoint
Sejarah Bank di Indonesa powerpoint
 
Bank indonesia
Bank indonesia Bank indonesia
Bank indonesia
 
PPT Hyperlink Bank Sentral
PPT Hyperlink Bank SentralPPT Hyperlink Bank Sentral
PPT Hyperlink Bank Sentral
 
Bank Sentral
Bank SentralBank Sentral
Bank Sentral
 
BANK SENTRAL ( BANK INDONESIA )
BANK SENTRAL ( BANK INDONESIA )BANK SENTRAL ( BANK INDONESIA )
BANK SENTRAL ( BANK INDONESIA )
 

Similar to PBI 9/15/PBI/2007

Qwr iso20000 auditor m04 implementing audit and tooling us 06 apr14
Qwr iso20000 auditor m04 implementing audit and tooling us 06 apr14Qwr iso20000 auditor m04 implementing audit and tooling us 06 apr14
Qwr iso20000 auditor m04 implementing audit and tooling us 06 apr14said missoum
 
Visual Risk Iq + Audimation Deck For Charlotte Iia For Pdf Only
Visual Risk Iq + Audimation Deck For Charlotte Iia For Pdf OnlyVisual Risk Iq + Audimation Deck For Charlotte Iia For Pdf Only
Visual Risk Iq + Audimation Deck For Charlotte Iia For Pdf OnlyJoe Oringel
 
Sample audit plan
Sample audit planSample audit plan
Sample audit planMaher Manan
 
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S proaxissolutions
 
WLS Services Brochure March 2013
WLS Services Brochure March 2013WLS Services Brochure March 2013
WLS Services Brochure March 2013Mike Wright
 
For model i 4a - 11 - risk assessment in the internal audit department
For model i 4a - 11 - risk assessment in the internal audit departmentFor model i 4a - 11 - risk assessment in the internal audit department
For model i 4a - 11 - risk assessment in the internal audit departmentRajeswaran Muthu Venkatachalam
 
It management audits it management templates
It management audits it management templatesIt management audits it management templates
It management audits it management templatesIT-Toolkits.org
 
Krunal Tidke_Resume
Krunal Tidke_ResumeKrunal Tidke_Resume
Krunal Tidke_ResumeKRUNAL TIDKE
 
The Role of AI and Automation
The Role of AI and Automation The Role of AI and Automation
The Role of AI and Automation mcoello
 
Business Intelligence: Realizing the Benefits of a Data-Driven Journey
Business Intelligence: Realizing the Benefits of a Data-Driven JourneyBusiness Intelligence: Realizing the Benefits of a Data-Driven Journey
Business Intelligence: Realizing the Benefits of a Data-Driven JourneyRob Williams
 
✅ WHY IS ISO 20000-1 CERTIFICATION A GOOD IDEA FOR YOUR ORGANIZATION GROWTH?
✅ WHY IS ISO 20000-1 CERTIFICATION A GOOD IDEA FOR YOUR ORGANIZATION GROWTH?✅ WHY IS ISO 20000-1 CERTIFICATION A GOOD IDEA FOR YOUR ORGANIZATION GROWTH?
✅ WHY IS ISO 20000-1 CERTIFICATION A GOOD IDEA FOR YOUR ORGANIZATION GROWTH?sistemaCertification
 
Sap Risk Advisory Service V1.0
Sap Risk Advisory Service V1.0Sap Risk Advisory Service V1.0
Sap Risk Advisory Service V1.0agc infotech
 
Abidance Cip Presentation
Abidance Cip PresentationAbidance Cip Presentation
Abidance Cip Presentationjamesholler
 
Audit _ Assurance - Internal Audit and Risk Advisory - SBC Credentials.pdf
Audit _ Assurance - Internal Audit and Risk Advisory - SBC Credentials.pdfAudit _ Assurance - Internal Audit and Risk Advisory - SBC Credentials.pdf
Audit _ Assurance - Internal Audit and Risk Advisory - SBC Credentials.pdfSteadfast Business Consulting
 

Similar to PBI 9/15/PBI/2007 (20)

Qwr iso20000 auditor m04 implementing audit and tooling us 06 apr14
Qwr iso20000 auditor m04 implementing audit and tooling us 06 apr14Qwr iso20000 auditor m04 implementing audit and tooling us 06 apr14
Qwr iso20000 auditor m04 implementing audit and tooling us 06 apr14
 
Visual Risk Iq + Audimation Deck For Charlotte Iia For Pdf Only
Visual Risk Iq + Audimation Deck For Charlotte Iia For Pdf OnlyVisual Risk Iq + Audimation Deck For Charlotte Iia For Pdf Only
Visual Risk Iq + Audimation Deck For Charlotte Iia For Pdf Only
 
Sample audit plan
Sample audit planSample audit plan
Sample audit plan
 
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S
 
IT Risk Assessments
IT Risk AssessmentsIT Risk Assessments
IT Risk Assessments
 
overview 2015
overview 2015overview 2015
overview 2015
 
WLS Services Brochure March 2013
WLS Services Brochure March 2013WLS Services Brochure March 2013
WLS Services Brochure March 2013
 
For model i 4a - 11 - risk assessment in the internal audit department
For model i 4a - 11 - risk assessment in the internal audit departmentFor model i 4a - 11 - risk assessment in the internal audit department
For model i 4a - 11 - risk assessment in the internal audit department
 
It management audits it management templates
It management audits it management templatesIt management audits it management templates
It management audits it management templates
 
Basics international cp
Basics international cpBasics international cp
Basics international cp
 
Krunal Tidke_Resume
Krunal Tidke_ResumeKrunal Tidke_Resume
Krunal Tidke_Resume
 
The Role of AI and Automation
The Role of AI and Automation The Role of AI and Automation
The Role of AI and Automation
 
IT Governance - COBIT Perspective
IT Governance - COBIT PerspectiveIT Governance - COBIT Perspective
IT Governance - COBIT Perspective
 
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
 
Business Intelligence: Realizing the Benefits of a Data-Driven Journey
Business Intelligence: Realizing the Benefits of a Data-Driven JourneyBusiness Intelligence: Realizing the Benefits of a Data-Driven Journey
Business Intelligence: Realizing the Benefits of a Data-Driven Journey
 
✅ WHY IS ISO 20000-1 CERTIFICATION A GOOD IDEA FOR YOUR ORGANIZATION GROWTH?
✅ WHY IS ISO 20000-1 CERTIFICATION A GOOD IDEA FOR YOUR ORGANIZATION GROWTH?✅ WHY IS ISO 20000-1 CERTIFICATION A GOOD IDEA FOR YOUR ORGANIZATION GROWTH?
✅ WHY IS ISO 20000-1 CERTIFICATION A GOOD IDEA FOR YOUR ORGANIZATION GROWTH?
 
Sap Risk Advisory Service V1.0
Sap Risk Advisory Service V1.0Sap Risk Advisory Service V1.0
Sap Risk Advisory Service V1.0
 
brochure-kpo-services
brochure-kpo-servicesbrochure-kpo-services
brochure-kpo-services
 
Abidance Cip Presentation
Abidance Cip PresentationAbidance Cip Presentation
Abidance Cip Presentation
 
Audit _ Assurance - Internal Audit and Risk Advisory - SBC Credentials.pdf
Audit _ Assurance - Internal Audit and Risk Advisory - SBC Credentials.pdfAudit _ Assurance - Internal Audit and Risk Advisory - SBC Credentials.pdf
Audit _ Assurance - Internal Audit and Risk Advisory - SBC Credentials.pdf
 

Recently uploaded

Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitHolger Mueller
 
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Tina Ji
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdftbatkhuu1
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxAndy Lambert
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.Aaiza Hassan
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...lizamodels9
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...Paul Menig
 
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurVIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurSuhani Kapoor
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayNZSG
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsMichael W. Hawkins
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRavindra Nath Shukla
 
Best Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in IndiaBest Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in IndiaShree Krishna Exports
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Neil Kimberley
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessAggregage
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Roland Driesen
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsApsara Of India
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...Any kyc Account
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Dave Litwiller
 

Recently uploaded (20)

Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst Summit
 
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdf
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...
 
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurVIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael Hawkins
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 
Best Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in IndiaBest Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in India
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for Success
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
 

PBI 9/15/PBI/2007

  • 1. New PBI TSI Review and Implementation Services
  • 3. Who are we? PT Veda Praxis is your business partner in risk & control advisory. Formed in October 2005 by experienced and dedicated professional who are internationally certified and have wide experiences in variety of industries and professional services in multinational consulting firm and started its business operations in December 2005 “Veda” is originally from Sanskrit language means “Knowledge”. “Praxis” is originally from an ancient European language means “Practicing”.
  • 4. Our Vision & Mission Vision become your partner in establishing effective business control Mission Deliver value services at full disclosure to our clients Participate on ever-increasing business consciousness in control awareness Build a strong and on-going relationship with our clients in regards to continuous control implementation
  • 5. Our Value We help you better understand and manage your business risk We assist you improve your business process We assist you improve your operating efficiency We assure the validity of your business information We deliver “down to earth” recommendations and assist you with the implementation We provide cost effective solutions for you
  • 6. Our Services Risk Management Information Technology Governance Internal Audit Business Process Improvement
  • 7. Why Veda Praxis We have internationally certified professionals We deliver results according to world class quality standard and based on world class knowledge and methodology combine with local values Extensive knowledge and experience in delivering Control and Risk Based services Committed to work on the basis of knowledge transfer for the clients long term investment instead of creating dependencies from clients to consultants
  • 9. Background Information technology development enables banks to improve operational activities efficiency and services quality to customer. The use of IT in bank’s operational activities exposes new risks to the bank, therefore an effective IT Risk Management is needed IT is a valuable asset to the bank, the management of IT is not just the responsibility of IT working unit, however it is the responsibility of all related parties The IT infrastructure needs to be adequate in terms of Basel II implementation A set of regulations covering the Implementation of Risk Management on the Utilization of Information Technology is needed
  • 10. Structure of PBI and Guidelines
  • 11.
  • 12.
  • 13. General Approach Types Related to Control Selection
  • 14. Combination of Top-Down and Risk Driven Approach (Optimum Benefit)
  • 15. Our Services Related to PBI TSI
  • 18. Type of Review Service
  • 27. Review Methodology Define Analyze Review Deliverables Executive Summary Identify PIC Quick Scan Perform Interviews Identify IT Environment Compliance Gap Schedule Interview Management Presentation Analyze IT Complexities Findings & Recommendation Perform High Level Review Identify review scope High Level Perform Detail Review Existing Maturity Full Scope/ By Area Determine Required Maturity Identify Benefits Required Maturity Determine Existing Maturity Identify Risks Maturity Gap
  • 29.
  • 30. Persons in charge for every review area is identified. Identify PIC is needed to obtain review information effectively by interviewing the responsible person.
  • 32.
  • 33. Quick Scan - Review Define Analyze Review Deliverables Perform Interviews Bank’s compliance towards PBI is reviewed using our compliance checklist tools developed based on the “KonsepPedomanPenggunaan TSI olehBank” issued by the Central Bank of Indonesia. The tool will assist the review process to be performed effectively and efficiently. The review is performed solely to obtain a “comply/not comply” information for each control related to the area. The information is obtained only through interviews with related PIC.
  • 34. Define Analyze Review Deliverables Quick Scan - Deliver Executive Summary Result of all activities in three phase before will be summarized and reported in Executive summary. Compliance Gap A completed compliance checklist is prepared based on the review compliance in previous the phase. Management Presentation The report will be presented to the management.
  • 35. High Level - Define Define Analyze Review Deliverables The “Define” phase in the High Level Review service has the same activities as those in the Quick Scan services (Identify PIC, Schedule Interview) with the following additional activity: Identify Review Scope Identify scope of PBI TSI high level review. This identification will determine scope of our project review, such as scope of bank’s branches, organizations, processes, procedures, etc.
  • 36. High Level - Analyze Define Analyze Review Deliverables The “Analyze” phase in the High Level Review service has the same activities as those in the Quick Scan services (Identify IT Environment) with the following additional activity: Analyze IT Complexities Based on the IT Environment identified, the IT complexities will be assessed. The assessment result is used to determine the review areas of focus.
  • 37. High Level - Review Define Analyze Review Deliverables The “Review” phase in the High Level Review service has the same activities as those in the Quick Scan services (Perform Interviews) with the following additional activity: Perform High Level Review A high level review is performed using more than interview techniques. Documentation reviews, walkthroughs, observations and inspections is done in a high level approach. A high level review will assess bank’s control design effectiveness. How effective a control is implemented will not be assessed.
  • 38. High Level - Deliver Define Analyze Review Deliverables The “Deliver” phase in the High Level Review service has the same deliverables as those in the Quick Scan services (Executive Summary, Compliance Gap, Management Presentation) with the following additional deliverable: Findings & Recommendation Based on the review, a list of findings and recommendations is prepared. The executive summary will also include a findings and recommendation summary.
  • 39. Define Define Analyze Review Deliverables The “Define” phase in the By Area/Full Scope Review service has the same activities as those in the Quick Scan plus the High Level services (Identify PIC, Schedule Interview, Identify Review Scope) with the following additional activities: Identify Risks A set of risks (may be provided by the bank) is scored using out tools. The scoring process is performed through workshops with management. Identify Benefits A set of benefits (may be provided by the bank) is scored based on the bank’s business and IT goals. The scoring process is performed through workshops with management.
  • 40. Analyze Define Analyze Review Deliverables The “Analyze” phase in the By Area/Full Scope Review service has the same activities as those in the Quick Scan plus the High Level services (Identify IT Environment, Analyze IT Complexities) with the following additional activity: Determine Required Maturity The required maturity for each control stated in the “Konsep Pedoman Penggunaan TSI oleh Bank” is set. The process is done through the mapping of each control towards each risk and and benefit.
  • 41. Analyze Define Analyze Review Deliverables The “Review” phase in the By Area/Full Scope Review service has the same activities as those in the Quick Scan plus the High Level services (Perform Interviews, Perform High Level Review) with the following additional activities: Perform Detail Review A Detail Review is performed using the same techniques as the high level review but on a different depth. The review is done up to the level of determining the control implementation effectiveness. Determine Existing Maturity Existing control maturity level is determined for each control based on the detail review.
  • 42. Deliver Define Analyze Review Deliverables The “Deliver” phase in the By Area/Full Scope Review service has the same deliverables as those in the Quick Scan plus the High Level services (Executive Summary, Compliance Checklist, Management Presentation, Findings & Recommendation) with the following additional deliverables: Existing Maturity A report document describing the bank’s current control maturity Required Maturity A report document describing the bank’s required control maturity Maturity Gap Based on the existing and required maturity level, a gap analysis is performed.
  • 44. Implementation Methodology People Process Technology Gap Analysis PLAN Develop IT Plan DO Design Standards, Policies, and Procedures Align IT Organization Design Technology Architecture Implement Standards, Policies, and Procedures Implement IT Organization Implement Systems Improvement Develop/Acquire New Systems OPERATE Monitor and Evaluate CHECK ACT Maintain and Improve
  • 45. Plan : Develop IT Plan Based on the gap analysis, an IT plan is developed. The plan contains projects to improve the IT in the area of people, process and technology. The project does not necessarily divided by these areas (people, process and technology). A project may involve improvement on all of the areas. PLAN DO CHECK ACT
  • 46. Do : People Align IT Organization: A design of the IT organization is developed based on the gap analysis. The design is not limited to organization structure and job description, but also committees and other improvements that has significant effect on the aspect of organization (people). The design may include the following: IT Steering Committee Information Security Incident Response Team IT Strategic Plan Training and recruitment plan Implement IT Organization: The IT organization design is implemented. The activities may involve but not limited to recruitment, socialization, training and management meetings. Our services in this phase is limited to assist the bank the new IT Organization socialization. PLAN DO CHECK ACT
  • 47. Do : Process Design Standards, Policies, and Procedures Standards, policies and procedures are designed based on the PBI. The activities may involve further interviews to the process owner to obtain accurate information on the process. Deliver Standards, Policies, and Procedures The standards, policies and procedures are socialized. The activities may involve: Training and workshops Socializations through emails, banners, etc Our services in this phase is limited to assist the bank in socializing the standards, policies and procedures. PLAN DO CHECK ACT
  • 48. Do : Technology Design Technology Architecture A future technology architecture is developed as guidelines on improving the technology of the organization. The future architecture will cover all technology aspects; applications, network, information, hardware. Develop/Acquire New System & Implement System Improvement Based on the future technology architecture, improvements are made and new systems are acquired or developed. Our role in this activities is to help the bank to make sure that improvements and new systems are made as required and done using the correct change management framework. We will also perform a Post Implementation Review at the end of each implementation. PLAN DO CHECK ACT
  • 49. Check Once the implementation is finished and has gone to operation, the bank should monitor and evaluate the operation to Ensure the operational effectiveness of control as required based on the “required control maturity level”. PLAN DO CHECK ACT
  • 50. Act Based on the improvement plan, bank will perform improvements on required areas. We do not provide any services at this stage. PLAN DO CHECK ACT

Editor's Notes

  1. 50 Group Control asalnya adalah sub bab dari Pedoman (yang 10). Dilihat dari sub bab yang ada di pedoman. Basically, dirangkum berdasarkan sub bab-nya.