3. E
D
W
A
R
D
M
U
N
I
R
,
C
I
S
A
C
D
C
P
I
T
I
L
F
(edward.munir@gmail.com)
WHAT ARE IT POLICY, PROCESS AND PROCEDURE
Policies and procedures are critical governance tools in every
enterprise. Where policies dictate the rules, procedures explain how
these same rules are practically applied in real life. Taken as a
collective, policies and procedures set expectations for behaviors
and activities, as well as provide mechanisms to enforce these
expectations. [INFOTECH]
IT policies help organizations to properly
articulate the organization’s desired
behavior, mitigate risk and contribute
to achieving the organization’s goals.
[ISACA]
POLICY: The set of basic principles and associated guidelines,
formulated and enforced by the governing body of an organization, to
direct and limit its actions in pursuit of long-term goals.
PROCESS: Sequence of interdependent and linked procedures which, at
every stage, consume one or more resources (employee time, energy,
machines, money) to convert inputs (data, material, parts, etc.) into
outputs. These outputs then serve as inputs for the next stage until a
known goal or end result is reached.
PROCEDURE: A fixed, step-by-step sequence of activities or course of
action (with definite start and end points) that must be followed in the
same order to correctly perform a task. Repetitive procedures are
called routines.
Businessdictionary.com
6. E
D
W
A
R
D
M
U
N
I
R
,
C
I
S
A
C
D
C
P
I
T
I
L
F
(edward.munir@gmail.com)
WHY WE NEED THEM
Each service needs to have policies and procedures to
help them guide the actions of all individuals involved in the
service.
INTERNAL CONTROL
• Compliance
• Operational Needs
• Managing Risks
• Continuous Improvement
Standardized process → Managed process
10. E
D
W
A
R
D
M
U
N
I
R
,
C
I
S
A
C
D
C
P
I
T
I
L
F
(edward.munir@gmail.com)
COMMON CHARACTERISTICS
GOOD POLICIES
Policies are written in
clear, concise, simple
language.
Policy statements
address what is the rule
rather than how to
implement the rule.
Designated “policy
experts” (identified by
title in each document)
are readily available to
interpret policies and
resolve problems.
Policies represent a
consistent, logical
framework for
operations.
Outcomes are clearly stated.
Assumptions are clear and explicit.
There is linkage to organisational direction.
Due process in the development stage has been observed.
Stakeholders have been included in the development.
Public interest has been given a high priority.
Organisational expectations have been met.
The policy is likely to be both efficient and effective.
Outcomes are stated in measurable terms.
There is a capacity to evaluate outcomes.
It has been appropriately funded and resource.
There is clear accountability.
It follows all appropriate laws.
It is enforceable.
It is historically informed.
Ideas have been tested prior to implementation.
Article Source: http://EzineArticles.com/5562525
11. E
D
W
A
R
D
M
U
N
I
R
,
C
I
S
A
C
D
C
P
I
T
I
L
F
(edward.munir@gmail.com)
COMMON CHARACTERISTICS
GOOD PROCEDURES
Procedures are tied to policies. Making
explicit this relationship along with how the
procedure helps the organization achieve
its goals.
Procedures are developed with the
customer/user in mind. Well developed
and thought out procedures provide
benefits to the procedure user.
There needs to be a sense of ownership
among procedure users. For this reason, it
helps to involve users in the development
of campus procedures.
The procedures are understandable.
Procedures should be written so that what
needs to be done can be easily followed
by all users.
• Prosedur menunjang tercapainya
hasil proses tujuan organisasi.
• Memiliki standar hasil yang
diharapkan secara terukur.
• Terdapat PIC yang jelas pada tiap
activities, dan sesuai RACI/RASCI
yang ditetapkan.
• Prosedur mampu menciptakan
adanya pengawasan yang baik
dan menggunakan biaya yang
seoptimal mungkin.
• Prosedur menunjukan urutan-
urutan yang logis dan sederhana.
Ada “start” s/d “finish”
• Prosedur menunjukan adanya
penetapan keputusan/hasil dan
tanggung jawab.
12. E
D
W
A
R
D
M
U
N
I
R
,
C
I
S
A
C
D
C
P
I
T
I
L
F
(edward.munir@gmail.com)
COMMON COMPONENTS
POLICY:
Appointment of individuals who have
the authority to approve policies and
their associated responsibilities
Determination of the consequences
for failing to comply with given
policies
Definition of a process for handling
exceptions to policies
Definition of a method for measuring
and monitoring compliance with
policies
Definition of the scope of the policy
and the group of stakeholders that
has to follow the policy
[ISACA]
(RACI/RASCI matrix)
13. E
D
W
A
R
D
M
U
N
I
R
,
C
I
S
A
C
D
C
P
I
T
I
L
F
(edward.munir@gmail.com)
COMMON COMPONENTS
Komponen Pendukung Prosedur:
Halaman judul. Ini meliputi 1) judul prosedur, 2) nomor identifikasi SOP, 3) tanggal
diterbitkan atau revisi, 4) nama badan/divisi/cabang di mana SOP diterapkan, dan 5)
tanda tangan mereka yang menyiapkan dan menyetujui SOP tersebut. Bagian ini
dapat menggunakan format apa saja, selama informasi yang disampaikan jelas.
Daftar Isi. Ini hanya perlu jika SOP Anda cukup panjang, untuk memudahkan referensi.
Yang akan Anda temukan di sini adalah kerangka standar sederhana.
Jaminan Kualitas/Kontrol Kualitas. Sebuah prosedur bukanlah prosedur yang baik jika
tidak dapat diperiksa. Siapkan materi dan detail yang diperlukan sehingga pembaca
dapat memastikan mereka memperoleh hasil yang diinginkan. Materi ini dapat
meliputi dokumen-dokumen lain, misalnya seperti sampel evaluasi kinerja.
Referensi. Pastikan untuk menuliskan seluruh referensi yang digunakan atau yang
penting. Jika Anda menggunakan referensi SOP lain, pastikan untuk melampirkan
informasi yang diperlukan dalam lampiran.
14. E
D
W
A
R
D
M
U
N
I
R
,
C
I
S
A
C
D
C
P
I
T
I
L
F
(edward.munir@gmail.com)
COMMON COMPONENTS
Komponen utama Prosedur:
Cakupan dan penerapan. Dengan kata lain, menggambarkan tujuan proses, batasan-batasannya, serta
bagaimana proses ini digunakan. Meliputi standar, persyaratan regulasi, peran dan tanggung jawab, serta
input dan output.
Metodologi dan prosedur. Inti permasalahannya -- buat daftar langkah-langkah dengan detail yang penting,
termasuk perlengkapan yang diperlukan dan sesuai RACI/RASCI matrix. Cantumkan pula prosedur-prosedur
yang berurutan serta faktor-faktor penentu keputusan. Kemukakan "pengandaian" dan kemungkinan adanya
gangguan atau pertimbangan keselamatan.
Klarifikasi terminologi dan pengertian diagram. Jelaskan akronim, singkatan, dan seluruh frasa yang bukan
merupakan istilah umum.
Peringatan kesehatan dan keselamatan. Untuk dituliskan dalam bagian terpisah dan bersama dengan
langkah-langkah saat terjadi masalah. Jangan melewatkan bagian ini.
Perlengkapan dan persediaan yang digunakan. Daftar lengkap hal-hal yang dibutuhkan dan kapan serta di
mana dapat menemukan perlengkapan, standar perlengkapan, dll.
Peringatan dan gangguan. Pada dasarnya, bagian troubleshooting. Cantumkan kemungkinan masalah yang
dapat terjadi, apa yang harus diwaspadai, dan apa yang dapat mempengaruhi produk akhir yang ideal.
Beri masing-masing topik ini bagiannya sendiri (umumnya dinyatakan dengan angka atau huruf) agar SOP Anda tidak
mengandung kalimat-kalimat panjang yang membingungkan dan untuk memudahkan referensi.
Ini bukanlah daftar lengkap, melainkan baru sebagian kecil langkah-langkah prosedural. Organisasi Anda dapat
menyebutkan aspek-aspek lain yang membutuhkan perhatian.