Lampiran Materi ITGM Minggu Ke-6 - Risk Calculation Tools

EXISTING/PLANNED CONTROLS
RISK SCENARIO
ESSENTIAL
ANALISA RISIKO LEVEL BENEFIT STRATEGIS ORGANISASI
Yes
Yes
Yes
Yes
Yes
Yes
IT Programme
selection
Yes
Yes
Yes
Yes
New
Technologies
Yes
Yes
Yes
Yes
Yes
Yes
Technology
Selection
Yes
Yes
Yes
Yes
Yes
IT Investment
Decision Making
IT Investment
Decision Making
Yes
Yes
Accountability
over IT
Yes
Yes
Yes
Yes
Yes
Integration IT
Within business
processes
State of
Infrastructure
Technologies
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Ageing of
application
software
Ageing of
application
software
Architecture
Agility and
Flexibility
Yes
Yes
Regulatory
Compliance
Yes
Yes
Yes
Yes
IT Staf
IT Expertise and
Skills
Yes
Yes
Yes
Yes
ANALISA RISIKO LEVEL PROYEK TI

Yes
Yes
Yes
Yes
Software
Implementation
Yes
Yes
IT Project
Termination
Yes
IT Project
Termination
Yes
IT Project
Economics
Yes
Yes
Project Delivery
Yes
Yes
Yes
Yes
Project Quality
ANALISA RISIKO LEVEL OPERASI INFRASTRUKTUR DAN FASILITAS TI

Yes
Yes
Selection/
Yes
Performance of
Yes
third-party
suppliers
Infrastructure
Theft
Destruction of
infrastructure
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
IT Staf
IT Staf
Yes
Yes
Yes
Yes
IT Expertise and
Skill
Infrastructure
(hardware)
Yes
Yes
Yes
Yes
System Capacity
Yes
Yes
Ageing of
infrastructural
software
Utilities
Performance
Yes
Yes
Yes
Yes
Industrial Action
Yes
Yes
Data(base)
integrity
Data(base)
integrity
Data(base)
integrity (cont.)
Operational IT
Errors
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Contractual
Compliance
Environmental
Acts of nature
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
ANALISA RISIKO LEVEL OPERASI APLIKASI BISNIS

Yes
Yes
Ageing of
application
software
Selection/
Performance of
third-party
suppliers
Yes
Yes
Yes
Yes
Yes
Yes
Yes
IT Staf
IT Staf
Yes
Yes
Yes
Yes
IT Expertise and
Skill
Software
Integrity
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Software
Performance
Yes
System Capacity
System Capacity
Yes
Yes
Ageing of
infrastructural
software
Yes
Yes
Yes
Malware
Yes
Yes
Yes
Yes
Yes
Logical Attacks
Yes
Yes
Logical Attacks
(cont.)
Yes
Yes
Yes
Information
Media
Catatan:
Control Efectiveness (CE) disi 0 atau 1
Value Likelihood:
CE > 85%
50% < CE 85%
30% < CE 50%
15% < CE 30%
CE 15%
1
2
3
4
5
Kategori Impact dari SK Direksi tentang Manajemen Risiko

Valuasi Risk:
1 < Risk 4
4 < Risk 6
6 < Risk 12
Risk > 12
Rendah
Moderat
Tinggi
Extreme
EXISTING/PLANNED CONTROLS
TITLE
VEL BENEFIT STRATEGIS ORGANISASI

IT Value Management
IT Portfolio Management
Technological Direction Planning
IT Strategy COmmittee
IT Steering Committee
Prioritisation Within IT Budget
Definition and Maintenance of Business Functional and
Technical Requirements
CONTROL
EFFECTIVENESS
1
8.33%
Evaluate and Assign Relative Scores to Programme Business

Cases
Communication of IT Objectives and Direction
Define an Appropriate Investment Mix
Create Overall Investment Portfolio View
Evaluate the Initial Programme Concept Business Case
Monitor Future Trends and Regulations
Translate the Business Strategy and Goals into IT Strategy
and Goals
Enterprise Information Architecture Model
Define an Appropriate Investment Mix
0.00%
IT Architecture Board
0.00%

Risk Analysis Report
Feasibility Study and Formulation of Alternative Courses of
Action
Requirements and Feasibility Decision and Approval
Perform Analysis of Alternatives IT Strategic Plan
IT Strategic Plan
Technological Infrastructure Plan
Prioritisation Within IT Budget
Project Scope Statement
Develop a Clear and Complete Understanding of the
Candidate Programme
Stakeholder Commitment
Establish, Implement and Communicate Roles,
Responsibilities and Accountabilities
0.00%
0.00%
Relationships
Benefit Management
Establish Organisational Structures
Understand the Current and Future Demand (for business
human resources)
Knowledge Transfer to Business Management supervision
0.00%
Develop an Understanding of the Significance of IT and Role

of Governance
IT Strategy Committee
Benefit Management
Establish Efective Reporting Lines
Establish, Implement and Communicate Roles,
Responsibilities and Accountabilities
Understand the Current and Future Demand (for business
human resources)
Business-IT Alignment
Organisational Placement of the IT Function
Relationships
Ensure Alignment and Integration of Business and IT
Strategies With Key Business Goals
Identify Oppor-tunities for IT to Influence and Support the
Business Strategy
Assessment of Current Capability and Performance
Technology Standards
Infrastructure Maintenance
IT Strategic Plan
Technological Infrastructure Acquisition Plan
Infrastructure Resource Protection and Availability
Preventive Maintenance for Hardware
Major Upgrades to Existing Systems
Application Software Maintenance
IT Strategic Plan
0.00%
0.00%
0.00%

Feasibility Study and Formulation of Alternative Courses of
Action
Processing Integrity and Validity
Output Review, Reconciliation and Error Handling
Business-IT Alignment
IT Policy and Control Environment
Identification of External Legal, Regulatory and Contractual
Compliance Requirements
0.00%
0.00%
Evaluation of Compliance With External Requirements
Personnel recruitment
Personel training
Dependence upon individuals
IT Organization structure
Job Change and termination
Create and inventory of IT HR
Understand the current and future (IT HR)
Identify shortfall (between current & future)
Personnel recruitment and retentions
Personel training
Dependence upon individuals
Employee job performance evaluation
Personel competencies
Job Change and termination
Create and inventory of IT HR
Understand the current and future (IT HR)
VEL PROYEK TI
Software Quality Assurance (QA)
Knowledge Transfer to Operations and Support Staf
Implementation Plan
Final Acceptance Test
Knowledge Transfer to Business Management
Knowledge Transfer to End Users
Training
Test Plan
Post-implementation Review
Accuracy, Completeness and Authenticity Checks
Transaction Authentication and Integrity
Project Performance Measurement, Reporting and Monitoring
Project Closure
0.00%
0.00%
0.00%
0.00%
0.00%
Retire the Programme

IT Budgeting
Cost Management
Definition and Collection of Monitoring Data
Define Reporting Methods and Techniques
Monitor and Report on Programme (solution delivery)
Performance
Cost Management
0.00%

Define Reporting Methods and Techniques
Project Closure
Monitor and Report on Programme (solution delivery)
Performance
Develop a Benefits Realisation Plan
Development and Acquisition Standards
Project Quality Plan
Project Closure
VEL OPERASI INFRASTRUKTUR DAN FASILITAS TI
Supplier Selection
Supplier Relationship Management
Supplier Risk Management
Supplier Performance Monitoring
Procurement Control
Supplier Contract Management
Resources Acquisition
IT Policies Management
Personnel Clearance Procedures
Cost Model Maintenance
Physical Security Measures
Physical Access
Physical Access
Physical Facilities Management
Protection Against Environmental Factors
Personnel Recruitment and Retention
Personnel Training
Dependence Upon Individuals
IT Organisational Structure
Job Change and Termination
0.00%
0.00%
0.00%
0.00%
0.00%
0.00%
Create and Maintain an Inventory of IT Human Resources

Understand the Current and Future Demand (for IT human
resources)
Identify Shortfalls (between current and future IT human
resource demand)
Personnel Training
Employee Job Performance Evaluation
Personnel Competencies
0.00%

resources)
resource demand)
Physical Access
Configuration Integrity Review
Performance and Capacity Planning
Current Performance and Capacity
Future Performance and Capacity
IT Resources Availability
Monitoring and Reporting
IT Services Recovery and Resumption
Physical Facilities Management
Service Level Agreements
IT Continuity Plans
Data and System Ownership
Change Standards and Procedures
Enterprise Data Dictionary and Data Syntax Rules
Data Classification Scheme
0.00%
0.00%
0.00%
0.00%
0.00%
0.00%
Impact Assessment, Prioritisation and Authorisation

Configuration integrity review
Storage and Retention Arrangements
Media Library Management System
Backup and Restoration
Security Requirements for Data Management
Personnel Training
Identification of Education and Training Needs
Delivery of Training and Education
Operations Procedures and Instructions
IT Continuity Plans
Source Data Preparation and Authorization
Source Data Collection and Entry
Identification of External Legal, Regulatory and Contractual
Compliance Requirements
Evaluation of Compliance With External Req.
Positive Assurance of Compliance
IT Policy and Control Environment
Monitoring of Service Level Achievements
Site Selection and Layout
Procurement Control
Site Selection and Layout
Protection Against Environmental Factors
IT Continuity Plans
VEL OPERASI APLIKASI BISNIS
Major Upgrades to Existing Systems
IT Strategic Plan
Supplier Selection
Supplier Risk Management
Supplier Performance Monitoring
Procurement Control
Resources Acquisition
Personnel Training
0.00%
0.00%
0.00%
0.00%
0.00%
0.00%
0.00%
0.00%
0.00%

resources)
resource demand)
Personnel Training
Employee Job Performance Evaluation
Personnel Competencies
0.00%

resources)
resource demand)
Development of Application Software
Change Standards and Procedures
Post-implementation Review
Identity Management
Configuration Integrity Review
Accuracy, Completeness and Authenticity Checks
Quality Measurement, Monitoring & Review
0.00%
Malicious Software Prevention, Detection and Correction

Problem Tracking and Resolution
Reporting and Trend Analysis
Accuracy, Completeness, Authenticity Checks
Output Review, Reconciliation & Error Handling
Performance and Capacity Planning
Current Performance and Capacity
0.00%
0.00%
0.00%
Future Performance and Capacity

Security Testing, Surveillance and Monitoring
0.00%
0.00%

Policy, Standard and Procedures Rollout
IT Continuity Plans
Security Testing, Surveillance and Monitoring
0.00%

Network Security
Data and System Ownership
Policy,Standard and Procedures Rollout
Application Security and Availability
Management of IT Security
Identity Management
Protection of Security Technology
Accuracy, Completeness, Authenticity Checks
Output Review, Reconciliation, Error Handling
Storage and Retention Arrangements
Disposal
Backup and Restoration
Exchange of Sensitive Data
Media Library Management System
Physical Access
Sensitive Documents and Output Devices
(CE) disi 0 atau 1
0.00%
0.00%
SK Direksi tentang Manajemen Risiko
IMPACT ANALYSIS
LIKELIHOOD
Impact 1
5
Impact 2
Impact 3
Impact 4
Impact 5
2
IMPACT
RISK VALUATION
(MAX)
RISK VALUATION
(AVERAGE)
Impact 6
Max Impact
Average
Impact
Rating
Value
Rating
1.3333333333
10
Tinggi
6.666666667
#DIV/0!
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
#DIV/0!
Rendah
#DIV/0!
RISK VALUATION
(AVERAGE)
Value
Tinggi
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!
#DIV/0!

Lampiran Materi ITGM Minggu Ke-6 - Risk Calculation Tools

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Lampiran Materi ITGM Minggu Ke-6 - Risk Calculation Tools

Uploaded by

Copyright:

Available Formats

EXISTING/PLANNED CONTROLS

ANALISA RISIKO LEVEL PROYEK TI

ANALISA RISIKO LEVEL OPERASI INFRASTRUKTUR DAN FASILITAS TI

ANALISA RISIKO LEVEL OPERASI APLIKASI BISNIS

Kategori Impact dari SK Direksi tentang Manajemen Risiko

VEL BENEFIT STRATEGIS ORGANISASI

Evaluate and Assign Relative Scores to Programme Business

Communication of IT Objectives and Direction

Develop an Understanding of the Significance of IT and Role

Technological Infrastructure Plan

Evaluation of Compliance With External Requirements

Retire the Programme

Project Performance Measurement, Reporting and Monitoring

Create and Maintain an Inventory of IT Human Resources

Create and Maintain an Inventory of IT Human Resources

Impact Assessment, Prioritisation and Authorisation

Job Change and Termination

Create and Maintain an Inventory of IT Human Resources

Malicious Software Prevention, Detection and Correction

Future Performance and Capacity

Malicious Software Prevention, Detection and Correction

Malicious Software Prevention, Detection and Correction

(CE) disi 0 atau 1

SK Direksi tentang Manajemen Risiko

You might also like