Definisi (3)• Specifying the decision rights and accountability framework to encourage desirable behavior in using IT (Peter Weill & Jeanne W Ross – MIT, 2004).• The system by which the current and future use of ICT is directed and controlled. It involves evaluating and directing the plans for the use of ICT to support the organization and monitoring this use to achieve plans. It includes the strategy and policies for using ICT within an organization (Australian Standard on Corporate Governance of ICT, 2005).
COBIT 4.1 & IT Governance IT GOVERNANCE Planning & Organisation Acquire & Implement Deliver & Support Monitor & Evaluate PO1 Define a Strategic IT Plan AI1 Identify Automated DS1 Define and Manage ME1 Monitor and Evaluate PO2 Define the Information Solutions Service Levels IT Performance Architecture AI2 Acquire and Maintain DS2 Manage Third-party ME2 Monitor and Evaluate PO3 Determine Technological Application Software Services Internal Control Direction AI3 Acquire and Maintain DS3 Manage Performance ME3 Ensure Compliance PO4 Define the IT Processes, Technology Infrastructure and Capacity With External Requirements Organisation and Relationships AI4 Enable Operation and Use DS4 Ensure Continuous Service ME4 Provide IT Governance PO5 Manage the IT Investment AI5 Procure IT Resources DS5 Ensure Systems Security PO6 Communicate AI6 Manage Changes DS6 Identify and Allocate Costs Management Aims and AI7 Install and Accredit DS7 Educate and Train Users Direction Solutions and Changes DS8 Manage Service Desk and PO7 Manage IT Human Incidents Resources DS9 Manage the Configuration PO8 Manage Quality DS10 Manage Problems PO9 Assess and Manage DS11 Manage Data IT Risks DS12 Manage the Physical PO10 Manage Projects Environment DS13 Manage Operations
Boundaries of Business, General andApplication Controls
Maturity Models Non- existent Initial Repeatable Defined Managed Optimised 0 1 2 3 4 5 Legend for symbols used Legend for rankings used Enterprise current status 0 - Management processes are not applied at all 1 - Processes are ad hoc and disorganised International standard guidelines 2 - Processes follow a regular pattern 3 - Processes are documented and communicated Industry best practice 4 - Processes are monitored and measured 5 - Best practices are followed and automated Enterprise strategy