Professional Documents
Culture Documents
Mapping Togaf
Mapping Togaf
the capability of their IT processes. This may be a precursor to undertaking more rigorous evidenced-based assessment. The a
based on the COBIT PAM used in the COBIT 5 Assessment Programme, but does not require evidentiary requirements in supp
assessment, nor does it require use of the COBIT PAM; sufficient information from the PAM and a full self-assessment templa
provided that simplifies the process without the need to reference the other two guides in the COBIT Assessment Programme
© ISACA 2013 All rights reserved.
Instructions
1. It is recommended that the assessment be undertaken by a small team or reviewed by a team of IT management and/or ass
although independent assessors are not required for this.
1. Use the Process results tab (example in appendix A of the guide) to summarize your results of the assessments
2. If a more rigoruous assessment is required and/or evidentiary requirements to be produced then use the full assessor guide
templates at 3. and 4. of the toolkit
3. You are required to start at level 1 because that is where the specfic questions are asked about the process outomes and p
achieved.
4. At Level 1 For each process be assessed ask if the process is achieveing its outcomes, answer yes or no; include any relevan
support your conclusion.
5. For Level 1 you can RATE each of the outcomes but the assessment approach requires an overall assessment rating at the p
attribute level PA1.1
6. At higher levels you are no longer looking at specific process outcomes but at overall generic goals shown for each of the le
7. To PASS a particular level the process must be rated Largely or Fully, to move onto the next level all attributes must be rated
example if PA2.1 is Largely and PA2.2 Fully, you are deemed to be at Level 2 but the overall Level 2 rating must be a Fully to be
assess at higher levels.
8. Use this process as a 'pre-cursor' to a more detailed assessment and not as the definitive assessment of your IT processes
Proses 2
Proses 1
governance system
govermance system
govermance system
EDM01.02 Direct the
EDM01 RACI Chart
A
A
A
A
A
Dekan Fakultas Board
R
R
R
R
R
Ketua Program Studi Sistem Komputer Chief Executive Officer
C
C
C
C
C
C
C
C
C
C
R
R
R
R
R
RACI Chart
I
I
I
R
R
R
R
R
I
I
I
I
I
I
I
I
I
C
C
C
C
C
I
I
I
Architecture Board
I
I
C
C
C
C
Compliance
C
C
C
Audit
R
R
R
Chief Information Officer
C
C
C
Head Architect
I
I
C
Head Development
I
I
C
Head IT Operations
I
I
Head IT Administration
I
I
Service Manager
I
I
Information Security Manager
I
I
Business Continuity Manager
I
I
Privacy Officer
PROCESS ASSESSMENT RESULTS PROCESS ASSESSMENT RESULTS
Enterprise Goals
Optimisation of service
Portfolio of comvetitive
Financial transparency
products and services
changing bussiness
information-based
innovation culture
Manage business
Agile response to
business precess
strategic desition
Business service
Compliance with
Compliance with
(safeguarding of
internal policies
Optimisation of
Optimisation of
service culture
continuity and
delivery costs
functionality
productivity
enviroment
regulations
availability
assets)
making
people
01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17
Learni
IT-related Goals Financial Customer Internal ng and
Groth
Aligmentt of IT and Business
01 strategy P P S P S P P S P S P S S
commitment of excekutive
Financial
09 IT agaility S P S S P P S S S P
Security of nformation,
10 processing infrastructure and P P P P
applications
Optimisation of IT asset,
11 resource and capabilites P S S P S P S S S
Enablement support of
bisiness processes by
Internal
Delivery of programmes
delivering benefits, on time, on
13 budget, and meeting P S S S S S P
requirements and quality
standard
business innovation
requirements
regulations
capabilites
personnel
IT agaility
01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17
Learning and
COBIT 5 Process Financial Customer Internal
Groth
BAI01 P S P P S S S S P S S
Manage Programmes and Projects
BAI02 Manage Requirements Definition P S S S S P S S S S P S S S
Build, Acquire and Implement
BAI04 S S P S S P S P S
Manage Availability and Capacity
Manage Organisational Change
BAI05 Enablement S S S S P S S S P P
DSS06 S P P S S S S S S S S
Manage Business Process Controls
Monitor, Evaluate and Assess
Monitor, Evaluate
Financial 4 Kepatuhan dengan hukum dan peraturan eksternal Mengikuti peraturan Mentri Pendidikan tentang aturan dan kebijakan sistem pembelajaran.
6 Budaya layanan yang berorientasi pada pelanggan Terciptanya rasa puas terhadap semua fasilitas, pelayanan dan informasi yang telah diberikan.
Customer Terciptanya proses pengambilan keputusan yang disesuaikan dengan kebutuhan sistem dengan melakukan
9 pengambilan keputusan strategis berbasis informasi
kordinasi dengan pihak terkait guna keberlangsungan sistem
Internal 15 Kepatuhan dengan kebijakan internal Memberikan wadah agar terciptanya kordinasi yang baik antara para pimpinan untuk keberlangsungan penglolaan
sistem
Learning and Groth 16 Orang-orang yang terampil dan terdorong Memberikan wadah kepada user agar mendapatkan kemudahan dalam memperoleh informasi
IT-related Goals
Learning and Groth 16 Tenaga bisnis dan TI yang kompeten dan bermotivasi Mempberdayakan tenaga TI yang nantinya akan menangani kesalahan , update sistem agar memenuhi sandar
Proses
Kapabilitas Level 0
Kapabilitas Level 1
Kapabilitas Level 2
Kapabilitas Level 3
Kapabilitas Level 4
Kapabilitas Level 5
Abbreviation
N
P
L
P
Tingkat Kapabilitas
Incomplete proses, dimana proses tata kelola TI tidak dilaksanakan atau gagal untuk mencapai tujuan proses itu sendiri.
Performed proses, dimana proses dikerjakan secara adhoc dan tidak terorganisasi, oleh karenanya sangat tergantung pada kem
Managed proses, dimana proses yang dikerjakan telah terrencana, terpantau, didokumentasikan, dan disesuaikan agar dapat
Estabilished proses, dimana proses yang terimplementasi sebelumnya dilaksanakan berdasarkan standar dari suatu proses, un
Predictable proses, dimana proses yang diimplementasikan sebelumnya, saat ini diimplementasikan untuk menggunakan bata
Optimizing proses, proses sudah dikembangkan secara berkelanjutan untuk mencapai tujuan organisasi.
Achieved
0 - 15% achievemeent
>15 - 50% achievemeent
>50 - 85% achievemeent
>85 - 100% achievemeent
ujuan proses itu sendiri.
a sangat tergantung pada kemampuan individual
, dan disesuaikan agar dapat memenuhi objektifitas yang telah diidentifikasi sebelumnya
standar dari suatu proses, untuk tercapainya outcome dari proses tersebut. Proses didokumentasikan dan dikomunikasikan dalam rangka
kan untuk menggunakan batasan yang terdefinisi untuk mencapai output yang dihasilkan. Disini proses dimonitor, diukur dan diprediksi.
Description
Not achieveed Proses penilaian tata kelola TI tidak terpenuhi
Partially achieveed Proses penilaian tata kelola TI terpenuhi sebagian
Largely achieveed Proses tata kelola TI terpenuhi sebagian besar
Fully achieveed Proses tata kelola TI terpenuhi keseluruhan skor tinggi
Ti
Ke
Tingkat 5
Kapabilitas Kesenjan
Proses
As Is To Be gan
EDM03 4 5 1
APO01 4 5 1
APO13 3 5 2
DSS05 3 5 2
MEA02 3 5 2
munikasikan dalam rangka efisiensi organisasi
or, diukur dan diprediksi.
Chart Title
Tingkat Kapabilitas As Is To Be
Kesenjangan
1
5
5 2
4 3
Figure 22- Mapping COBIT 5 Enterprise Goals to IT-related Goals
Enterprise Goals
comvetitive products
Stakehoder value of
changing bussiness
Custemer -oriented
Agile response to
service delivery
Optimisation of
service culture
and services
invesments
enviroment
Portfolio of
business
costs
01 02 06 08 10
IT-related Goals Financial Customer
commitment of excekutive
03 management for making IT- P S S
related decisions
Delivery of IT service in line
Cust
ome
09 IT agaility S P S P
Internal
Optimisation of IT asset,
11 resource and capabilites P S S P
IT compliance with internal
15 policies
Optimisation of IT-related Goals
S
P
P
S
11
business precess Enterprise Goals
functionality
Optimisation of
P
S
12
business prosess
costs
Internal
Manage business
S
S
S
P
13
change programmes
Compliance with
P
15
internal policies
Procuct and
S
P
S
S
17
business innovation
and
Groth
culture
Learning
Figure 13- Mapping COBIT 5 Enterprise Goals to IT-related Goals
IT-related Goals
Security of nformation,
Transparcy if IT costs,
support for business
Aligmentt of IT and
IT Compliance and
Business strategy
infrastructure and
external laws and
applications
regulations
processing
01 02 06 10
COBIT 5 Process Financial Internal
Manage the IT
Align, Plan
APO01 P P S
Management Framework
Manage Human
APO07 P S S
Resources
Evaluat
Assess
e and
Conformance
Optimisation of IT
asset, resource and
P
S
P
P
11
capabilites IT-related Goals
o IT-related Goals
Delivery of
Internal
programmes
S
P
S
S
13
delivering benefits, on
time, on budget, and
meeting
IT requirements
compliance with
and quality
internal standard
policies
P
S
S
P
P
15 Knowledge, expertise
and initiatves for
S
P
P
S
17
Learning business innovation
and Groth
Monitor, Deliver, Align, Plan
Evaluate, Direct
Evaluate and Service and and
and Monitor
Assess Support Organise
DSS05
APO07
MEA01
EDM03
Services
Resources
Framework
COBIT 5 Process
Ensure Risk
Optimisation
APO01 Management
Manage the IT
Manage Human
Manage Security
and Conformance
Assess Performance
Monitor, Evaluate and
Aligmentt of IT and
S
S
P
P
S
01
Business strategy
IT Compliance and
support for business
compliance with
S
P
S
P
S
02
regulations
Transparcy if IT costs,
S
P
06
Security of nformation,
processing
S
P
S
S
P
10
infrastructure and
applications
Optimisation of IT
asset, resource and
P
S
P
P
11
capabilites
IT-related Goals
Figure 13- Mapping COBIT 5 Enterprise Goals to IT-related Goals
Internal
ated Goals
Delivery of
T-related Goals
programmes delivering
Internal
benefits, on time, on
S
P
S
S
budget, and meeting
13
requirements and
quality standard
IT compliance with
P
S
S
P
P
15
internal policies
Knowledge, expertise
and initiatves for
S
P
P
S
17
business innovation
Learning
and Groth
EDM03 Ensure Risk Optimisation
Purpose Satisfy the business requirement of having stable, cost-effective,
integrated and standard application systems, resources and capabilities
that meet current and future business requirements.
Level 1 PA 1.1 The The following Overall rating for the process
Performe implemented process process
d achieves its process outcomes are
purpose. being achieved:
EDM03-O1 Risk
thresholds are
defined and
communicated
and key IT-
related risks are
known.
EDM03-O2 The
enterprise is
managing critical
IT-related
enterprise risks
effectively and
efficiently.
EDM03-O3 IT-
related enterprise
risks do not
exceed risk
appetite and the
impact of IT risk
to enterprise
value is identified
and managed.
APO01 Define the Management Framework for IT
Purpose
Satisfy the business requirement of supplying accurate and timely control
over current and future IT services, associated risks and responsibilities.
Level 1 PA 1.1 The The following Overall rating for the process
Performe implemented process process outcomes
d achieves its process are being achieved:
purpose.
APO01-O1 An up-
to-date and
effective IT control
framework are
defined and
maintained
- APO01-O1A The
IT organisation
structure is fully
defined including
management
structures, roles and
responsibilities
- APO01-O1B
Operational and
communication
guidelines for the IT
organisation are
defined
- APO01-O1C The
ownership of
information and
systems is clearly
defined.
- APO01-O1D The
structure and
processes of the IT
organisation support
the enterprise
strategy and
operating model.
APO1-O2. A set of
policies is defined
and maintained
- APO01-O2A IT
policies have been
fully defined
- APO01-O2B IT
objectives and
policies are
understood and
followed by all
relevant staff and
stakeholders
APO01-O3 The IT
control framework
is effectively
implemented and
communicated
- APO01-O3A
Supporting enablers,
for the IT control
framework are
effectively
implemented and
communicated
- APO01-O3B IT
personnel and
stakeholders
understand their
roles and
responsibiltiies
APO07 Manage Human Resources
Purpose Satisfy the business requirement of aligning a
ng accurate and timely control and security requirements, and doing so in a t
ed risks and responsibilities. cost.
Largely
Achieved Fully Assess whether the following
Criteria
(50% - Achieved outcomes are achieved.
85%) (85-100%)
Level 0 The process is not At this level, there is little
Incomplet implemented, or fails to achieve or no evidence of any
e its process purpose. achievement of the
process purpose.
ating for the process Level 1 PA 1.1 The implemented The following process
Performe process achieves its process outcomes are being
d purpose. achieved:
APO07-O1 The IT
organisational
structure and
relationships are
flexible and
responsive.
- APO07-O1A The IT
organisation structure
provides the necessary
roles and responsibilities
to achieve
organisational goals.
- APO07-O1B Risks of
overdependence on key
resources are mitigated
APO07- O2 Human
resoures are
effectively and
efficiently managed.
- APO07-O2A The
enterprise has sufficient
human resources to
achieve organisational
goals
- APO07-O2B
Personnel have the
required skills,
competencies and
abilities to achieve
organsiational goals.
- APO07-O2C Staff
performance is regularly
reviewed and evaluated.
- APO07-O2D
Consultants and
contract staff comply
with policies and
contractual agreements
DSS05
usiness requirement of aligning available applications with business
equirements, and doing so in a timely manner and at a reasonable
PA 1.1 The implemented process The following process Overall rating for the process
achieves its process purpose. outcomes are being
achieved:
DSS05-O1 Networks
and communications
security meet business
needs.
DSS05-O2 Information
processed on, stored on
and transmitted by
endpoint devices is
protected.
DSS05-O4 Physical
measures to protect
information from
unauthorised access,
damage and interference
when being processed,
stored or transmitted
have been implemented.
DSS05-O5 Electronic
information is properly
secured when strored,
transmitted or destroyed
MEA01 Monitor and Evaluate Performance and Conformance
Purpose
th laws, regulations Satisfy the business requirement of integrating IT
governance and complying with laws, regulations
Criteria
Fully Assess whether the following
Criteria Are Met
Achieved outcomes are achieved.
Y/N
(85-100%)
Level 0 The process is not implemented, or At this level, there
Incomplet fails to achieve its process purpose. is little or no
e evidence of any
achievement of the
process purpose.
e process Level 1 PA 1.1 The implemented process The following Overall ra
Performe achieves its process purpose. process outcomes
d are being achieved:
MEA01-O1
Stakeholders
approve the goals
and metrics.
MEA01-O2
Processes are
measured against
agreed-upon goals
and metrics.
MEA01-O3 The
enterprise
monitoring,
assessing and
informing approach
is effective and
operational.
MEA01-O4 Goals
and metrics are
integrated within
enterprise
monitoring systems.
MEA01-O5 Process
reporting on
performance and
conformance is
useful and timely.
s requirement of integrating IT governance with enterprise
mplying with laws, regulations and contracts.
Partially Largely
Comment Not Achieved Achieved Fully
achieved (15% - (50% - Achieved
(0-15%) 50%) 85%) (85-100%)
c) Required
competencies and roles for
performing a process are
identified as part of the
standard process.
d) Required
infrastructure and work
environment for
performing a process are
identified as part of the
standard process.
e) Required
infrastructure and work
environment for
performing the defined
process are made
available, managed and
maintained.
c) Quantitative
objectives for process
performance in support of
relevant business goals are
established.
d) Measures and
frequency of measurement
are identified and defined in
line with process
measurement objectives
and quantitative objectives
for process performance.
e) Results of
measurement are collected,
analysed and reported in
order to monitor the extent
to which the quantitative
objectives for process
performance are met.
f) Measurement results
are used to characterise
process performance.
b) Control limits of
variation are established for
normal process
performance.
d) Improvement
opportunities derived from
new technologies and
process concepts are
identified.
e) An implementation
strategy is established to
achieve the process
improvement objectives.
b) Implementation of all
agreed changes is managed
to ensure that any
disruption to the process
performance is understood
and acted upon.
c) Based on actual
performance, effectiveness
of process change is
evaluated against the
defined product
requirements and process
objectives to determine
whether results are due to
common or special causes.
Fully
Achieved (85-
100%)
Figure 22- Mapping COBIT 5 Enterprise Goals to IT-related Goals
Enterprise Goals
information-based strategic
Custemer -oriented service
innovation culture
desition making
and availability
delivery costs
programmes
productivity
policies
culture
06 07 08 09 10 13 14 15 16 17
Learning and
IT-related Goals Customer Internal
Groth
IT Compliance and support for business
02 compliance with external laws and P
regulations
Security of nformation, processing
10 infrastructure and applications P P
16 IT personnel S S P P S
Security of nformation,
of reliabele
quality information
delivering benefits, on
meeting requirements
Knowledge, expertise
time, on budget, and
standard
asset, resource and
business innovation
for decision making
motivated business
IT compliance with
Optimisation of IT
infrastructure and
and IT personnel
Competen and
programmes
applications
processing
Delivery of
capabilites
Availability
and useful
10 11 13 14 15 16 17
COBIT 5 Process Internal Learning and Groth
Ensure Governance
Evaluate, Direct and Monitor
Ensure Resource
EDM04 P S P S
Optimisation
Ensure Stakeholder
EDM05 S S S S
Transparency
Manage the IT
APO01 S P S S P P P
Management Framework
APO02 Manage Strategy S S S S S P
Manage Enterprise
APO03 S P S S
Architecture
Align, Plan and Organise
Conformance
Monitor, Evaluate and
Assess