COBIT Control Objectives for Information and related Technology
Manajemen I dan T <ul><li>Meningkatnya kebergantungan suatu perusahaan terhadap informasi dan system yg menyediakannya </l...
Fase IT Awareness <ul><li>Centralized Information and Technology suatu institusi dimana semua hal yg terkait dgn IT dibeba...
sisfo sales sales sales manajemen Business Process Owner <ul><li>3 Actor dalam proses bisnis : </li></ul><ul><li>Submitter...
Management’s Questions <ul><li>How far should we go in IT? </li></ul><ul><li>Is the cost justified by the benefit? </li></...
Support    Enabler <ul><li>IT sbg Support : perusahaan mengedepankan dan memprioritaskan operasional sebagai tulang pungg...
IT Management Guideline <ul><li>Key Goal Indicators </li></ul><ul><li>Key Performance Indicators </li></ul><ul><li>Critica...
Control <ul><li>Definisi : policies, procedures, practices, and organizational structures designed to provide reasonable a...
IT Control Objective <ul><li>Definisi : statement of the desired result or purpose to be achieved by implementing control ...
IT Governance <ul><li>Definisi: A structure of relationship and process to direct and control the enterprise in order to a...
IT Governance <ul><li>IT is aligned with the business, enables the business and maximizes benefits </li></ul><ul><li>IT re...
Control vs. Risk <ul><li>Manajemen harus memutuskan besar investasi yg cukup untuk menjamin security dan control di bidang...
Control Objective Level <ul><li>Primary : the degree to which the defined control objective directly impacts the informati...
Data Sales <ul><li>Informasi Sales Order </li></ul><ul><li>Nama produk : Speedy </li></ul><ul><li>Bandwidth : 1 Mbps </li>...
Control Objective Principle the control of which satisfy is enabled by considering
Process Control
COBIT IT Process <ul><li>7 Information </li></ul><ul><li>5 IT Resources </li></ul><ul><li>4 Domains </li></ul><ul><li>34 C...
Information <ul><li>Effectiveness </li></ul><ul><li>Efficiency </li></ul><ul><li>Confidentiality </li></ul><ul><li>Integri...
Information <ul><li>Effectiveness ,  how information being relevant and pertinent to the business process as well as being...
IT Resources <ul><li>People </li></ul><ul><li>Application system </li></ul><ul><li>Technology </li></ul><ul><li>Facilities...
IT Resources <ul><li>People ,  including staff skills, awareness, and productivity to plan, organize, acquire, deliver, su...
Planning & Organization <ul><li>PO1 : define a strategy IT plan </li></ul><ul><li>PO2 : define the information architectur...
Acquisition & Implementation <ul><li>AI1 : identify automated solution </li></ul><ul><li>AI2 : acquire and maintain applic...
Delivery & Support <ul><li>DS1 : define and manage service levels </li></ul><ul><li>DS2 : manage third-party services </li...
Monitoring <ul><li>M1 : monitor the process </li></ul><ul><li>M2 : assess internal control adequacy </li></ul><ul><li>M3 :...
http://www.imtelkom.ac.id
Upcoming SlideShare
Loading in …5
×

COBIT

1,147 views

Published on

explaining IT Governance using COBIT, a course material at IMTelkom (http://www.imtelkom.ac.id)

Published in: Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,147
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
116
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

COBIT

  1. 1. COBIT Control Objectives for Information and related Technology
  2. 2. Manajemen I dan T <ul><li>Meningkatnya kebergantungan suatu perusahaan terhadap informasi dan system yg menyediakannya </li></ul><ul><li>Meningkatnya kerentanan terhadap ancaman </li></ul><ul><li>Meningkatnya cakupan dan biaya investasi di bidang I dan T </li></ul><ul><li>Meningkatnya kemampuan teknologi yg mampu mengubah organisasi dan praktek bisnis, dan sekaligus membuat kesempatan baru dan mengurangi biaya </li></ul>
  3. 3. Fase IT Awareness <ul><li>Centralized Information and Technology suatu institusi dimana semua hal yg terkait dgn IT dibebankan pada 1 unit </li></ul><ul><li>Distributed Information and Technology suatu institusi dimana hal-hal yg terkait dgn IT dibebankan ke unit terkait </li></ul><ul><li>Distributed Role suatu institusi dimana setiap unit telah sadar wewenang-nya masing2 di dalam proses bisnis </li></ul>
  4. 4. sisfo sales sales sales manajemen Business Process Owner <ul><li>3 Actor dalam proses bisnis : </li></ul><ul><li>Submitter </li></ul><ul><li>Approval </li></ul><ul><li>Execution </li></ul><ul><li>3 Role dalam proses bisnis : </li></ul><ul><li>Data Owner </li></ul><ul><li>Application Owner </li></ul><ul><li>Business Process Owner </li></ul>
  5. 5. Management’s Questions <ul><li>How far should we go in IT? </li></ul><ul><li>Is the cost justified by the benefit? </li></ul><ul><li>What are the indicators of good performance? </li></ul><ul><li>What are the critical success factor? </li></ul><ul><li>What are the risk of not achieving our objectives? </li></ul><ul><li>What do others do? </li></ul><ul><li>How do we measure and compare? </li></ul>
  6. 6. Support  Enabler <ul><li>IT sbg Support : perusahaan mengedepankan dan memprioritaskan operasional sebagai tulang punggung perusahaan, IT berfungsi sbg pendukung operasional </li></ul><ul><li>IT sbg Enabler : perusahaan mengedepankan IT sbg tulang punggung yg menggerakkan operasional, operasional ada setelah IT ada </li></ul>
  7. 7. IT Management Guideline <ul><li>Key Goal Indicators </li></ul><ul><li>Key Performance Indicators </li></ul><ul><li>Critical Success Factors </li></ul><ul><li>Maturity Models </li></ul>
  8. 8. Control <ul><li>Definisi : policies, procedures, practices, and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected </li></ul>
  9. 9. IT Control Objective <ul><li>Definisi : statement of the desired result or purpose to be achieved by implementing control procedures in a particular IT activity </li></ul>
  10. 10. IT Governance <ul><li>Definisi: A structure of relationship and process to direct and control the enterprise in order to achieve the enterprise’s goal by adding value while balancing risk versus return over IT and its process </li></ul><ul><li>Enterprise’s Goal </li></ul><ul><li>Business Process </li></ul><ul><li>Risk </li></ul><ul><li>Control </li></ul>
  11. 11. IT Governance <ul><li>IT is aligned with the business, enables the business and maximizes benefits </li></ul><ul><li>IT resources are used responsibly </li></ul><ul><li>IT related risks are managed appropriately </li></ul>Direct Report <ul><li>Manage risks : </li></ul><ul><ul><li>Security </li></ul></ul><ul><ul><li>Reliability </li></ul></ul><ul><ul><li>Compliance </li></ul></ul><ul><li>Realize Benefits </li></ul><ul><ul><li>Increase automation </li></ul></ul><ul><ul><li>Decrease cost </li></ul></ul>
  12. 12. Control vs. Risk <ul><li>Manajemen harus memutuskan besar investasi yg cukup untuk menjamin security dan control di bidang IT </li></ul><ul><li>Manajemen harus dapat menyeimbangkan antara Risk dan Control bahkan di lingkungan yang tidak bisa diprediksi spt IT </li></ul><ul><li>Security dan Control hanya mengatur Risk, tidak bisa meniadakan </li></ul><ul><li>Tingkat Risk tidak bisa diketahui dan diukur secara pasti </li></ul><ul><li>Manajemen harus memutuskan level Risk yang masih bisa diterima oleh perusahaan </li></ul>
  13. 13. Control Objective Level <ul><li>Primary : the degree to which the defined control objective directly impacts the information criterion concerned </li></ul><ul><li>Secondary : the degree to which the defined control objective satisfies only to a lesser extent or indirectly the information criterion concerned </li></ul><ul><li>Blank : could be applicable; however, requirements are more appropriately satisfied by another criterion in this process and/or by another process </li></ul>
  14. 14. Data Sales <ul><li>Informasi Sales Order </li></ul><ul><li>Nama produk : Speedy </li></ul><ul><li>Bandwidth : 1 Mbps </li></ul><ul><li>Harga jual : Rp 800.000,- </li></ul><ul><li>Nama Kastamer : PT. Air Muncul </li></ul><ul><li>Alamat : Jl. Telekomunikasi 1x </li></ul><ul><li>Tipe Kastamer : ISP </li></ul><ul><li>Nama Pemilik : Bpk. Bambang </li></ul><ul><li>Nomor Telpon pemilik : 022-70707070 </li></ul>
  15. 15. Control Objective Principle the control of which satisfy is enabled by considering
  16. 16. Process Control
  17. 17. COBIT IT Process <ul><li>7 Information </li></ul><ul><li>5 IT Resources </li></ul><ul><li>4 Domains </li></ul><ul><li>34 Control Objectives </li></ul><ul><li>318 Measurement </li></ul>IT Resources
  18. 18. Information <ul><li>Effectiveness </li></ul><ul><li>Efficiency </li></ul><ul><li>Confidentiality </li></ul><ul><li>Integrity </li></ul><ul><li>Availability </li></ul><ul><li>Compliance </li></ul><ul><li>Reliability </li></ul>
  19. 19. Information <ul><li>Effectiveness , how information being relevant and pertinent to the business process as well as being delivered in a timely, correct, consistent, and usable manner </li></ul><ul><li>Efficiency , concerns the provision of information through optimal use of resources </li></ul><ul><li>Confidentiality , concerns the protection of sensitive information from unauthorized disclosure </li></ul><ul><li>Integrity , relates to accuracy and completeness of information as well as to its validity </li></ul><ul><li>Availability , relates to information being available when required by the business process now and in the future </li></ul><ul><li>Compliance , deals with complying with those laws, regulations, and contractual arrangements to which the business process is subject </li></ul><ul><li>Reliability , relates to the provision of appropriate information for management to operate the entity and for management to exercise its financial and compliance reporting responsibilities </li></ul>
  20. 20. IT Resources <ul><li>People </li></ul><ul><li>Application system </li></ul><ul><li>Technology </li></ul><ul><li>Facilities </li></ul><ul><li>Data </li></ul>
  21. 21. IT Resources <ul><li>People , including staff skills, awareness, and productivity to plan, organize, acquire, deliver, support, and monitor information system and service </li></ul><ul><li>Application system , sum of manual and programmed procedures </li></ul><ul><li>Technology , covers hardware, OS, DBMS, network, multimedia, etc </li></ul><ul><li>Facilities , all resources to house and support information system </li></ul><ul><li>Data , are objects in their widest sense (external and internal), structured and unstructured, graphics, sound, etc </li></ul>
  22. 22. Planning & Organization <ul><li>PO1 : define a strategy IT plan </li></ul><ul><li>PO2 : define the information architecture </li></ul><ul><li>PO3 : determine the technological direction </li></ul><ul><li>PO4 : define the IT organization and relationship </li></ul><ul><li>PO5 : manage the IT investment </li></ul><ul><li>PO6 : communicate management aims and direction </li></ul><ul><li>PO7 : manage human resource </li></ul><ul><li>PO8 : ensure compliance with external requirements </li></ul><ul><li>PO9 : assess risks </li></ul><ul><li>PO10 : manage projects </li></ul><ul><li>PO11 : manage quality </li></ul>
  23. 23. Acquisition & Implementation <ul><li>AI1 : identify automated solution </li></ul><ul><li>AI2 : acquire and maintain application software </li></ul><ul><li>AI3 : acquire and maintain technology infrastructure </li></ul><ul><li>AI4 : develop and maintain procedures </li></ul><ul><li>AI5 : install and accredit systems </li></ul><ul><li>AI6 : manage changes </li></ul>
  24. 24. Delivery & Support <ul><li>DS1 : define and manage service levels </li></ul><ul><li>DS2 : manage third-party services </li></ul><ul><li>DS3 : manage performance and capacity </li></ul><ul><li>DS4 : ensure continuous service </li></ul><ul><li>DS5 : ensure systems security </li></ul><ul><li>DS6 : identify and allocate costs </li></ul><ul><li>DS7 : educate and train users </li></ul><ul><li>DS8 : assist and advice customers </li></ul><ul><li>DS9 : manage the configuration </li></ul><ul><li>DS10 : manage problems and incidents </li></ul><ul><li>DS11 : manage data </li></ul><ul><li>DS12 : manage facilities </li></ul><ul><li>DS13 : manage operations </li></ul>
  25. 25. Monitoring <ul><li>M1 : monitor the process </li></ul><ul><li>M2 : assess internal control adequacy </li></ul><ul><li>M3 : obtain independent assurance </li></ul><ul><li>M4 : provide for independent audit </li></ul>
  26. 26. http://www.imtelkom.ac.id

×