Tatakelola

TIK berdasarkan COBIT

February 23, 2018 1

 Agenda
 Apakah tatakelola TIK?
 CobiT Essentials
 CobiT Framework

February 23, 2018 2

 What is CobiT?
 CobiT (Control Objectives for Information and Related Technology)
is globally accepted as being the most comprehensive work for IT
governance, organization, as well as IT process and risk
management
 CobiT menyediakan praktek-praktek yang baik untuk manajemen
proses IT in a manageable and logical structure, meeting the
multiple needs of enterprise management by bridging the gaps
between business risks, technical issues, control needs and
performance measurement requirements.
 The CobiT mission is to research, develop, publicize and promote an
authoritative, up-to-date, international set of generally accepted
information technology control objectives for day-to-day use by
business managers and auditors.

February 23, 2018 3

 Apakah tatakelola TIK
IT governance is the responsibility of executives and
the board of directors, and consists of the
leadership, organisational structures and Processes
that ensure that the enterprise’s IT sustains and
extends the organisation’s strategies and
objectives.(cobit 4.0 executive summary)
IT governance adalah tanggung jawab eksekutif dan dewan
direksi, dan terdiri dari kepemimpinan, struktur organisasi
dan Proses yang memastikan bahwa IT perusahaan
mendukung dan memperluas strategi dan
tujuan organisasi.

February 23, 2018 4

 Apakah COBIT?
 Control Objective for information and related
technologies
 Standar tatakelola teknologi informasi yang
dikeluarkan oleh ISACA
www.isaca.org

February 23, 2018 5

February 23, 2018 6
 Komponen CobiT
 Executive Summary
 Menjelaskan konsep kunci dan prinsip prinsip utama .
 Management Guidelines
 Untuk memastikan perusahana berhasil mencapai
tujuan maka perusahaan perlu mengelola secara
efektif keterkaitan antara proses bisnis dan sistem
informasi. Bagian ini tersusun atas model
kematangan, CSF, KGI dan KPI
 Framework
 Frame work menjelaskan 34 tujuan pengendalian
tingkat tinggi yang tersusun atas 4 domain. Setiap
framework juga mengidentifikasikan 7 kriteria
informasi dan sumberdaya TIK yang memiliki dampak
terhadap pengendalian tingkat tinggi

February 23, 2018 7

 Komponen CobiT
 Control Objectives
 Bagian ini menyediakan berbagai aspek yang perlu
digambarkan untuk menyusun kebijakan dan prkatek
yang baik bagi pengendalian TIK.
 Audit Guidelines
 Merupakan panduan cara penerapan audit
 Implementation Toolset
 Alat yang disediakan untuk melakukan beberapa
benchmarking dari COBIT

February 23, 2018 8

 CobiT Components
Executive Summary There is a method…

Framework The method is…

Control Objectives Minimum controls are…

Audit Guidelines Here is how you audit…

Implementation Toolset Here is how you implement…

Management Guidelines Here is how you measure…

February 23, 2018 9

 Tujuan Pokok COBIT

February 23, 2018 10

 CobiT Framework

February 23, 2018 11

 Kriteria informasi
Informasi relevan dengan Informasi tersedia ketika
EFFECTIVENESS proses bisnis meliputi tepat AVAILABILITY dibutuhkan
waktu, benar, bermanfaat

Terkait dengan pemanfaatan Berkaitan dengan ketetapan

EFFICIENCY sumberdaya secara optimal COMPLIANCE hukum, dan persetujuan
kontrak
.

kerahasiaan Relates to the provision of

RELIABILITY OF
CONFIDENTIALITY appropriate information for
INFORMATION the workforce of the
organization

Berkaitan dengan keakuratan

dan kelengkapan informasi
INTEGRITY

February 23, 2018 12

 Sumberdaya
 Organizations - People : keterampilan staff,
awareness and produktivitas untuk merencanakan,
mengorganisasikan, mencari, menyediakan, mendukung
and me-monitor sistem informasi dan layanannya.
 Sistem Aplikasi : pemahaman terhadap sitem
informasi manual dan yang otomatis(berbasis
komputer).
 teknologi : meliputi perangkat keras, sistem operasi,
sistem manajemen basis data,jaringan, multimedia dll.
 Fasilitas: Sumberdaya untuk melindungi fasilitas dan
teknologi yang tersedia(ruangan dll).
 Data : obyek data, berisfat teks, suara, gambar dll.

February 23, 2018 13

 Domain COBIT
 Planning and Organization
 Domain ini meliputi taktik dan strategi dan memfokuskan pada
cara TI dapat memberikan kontribusi yang optimal bagi tujuan
bisnis

 Acquisition and Implementation

 Untuk merealisasikan strategi TIK, solusi TI harus diidentifikasi,
dikembangkan diterapkan dan diintergrasikan terhadap proses
bisnis

February 23, 2018 14

 The Four CobiT Domains
 Delivery and Support
 Domain ini fokus pada penyediaan layanan yang dibutuhkan
yang meliputi level operasional, keamanan serta aspek pelatihan

 Monitoring
 Semua proses TIK perlu diakses setiap waktu untuk dimonitor
kualitasnya.

February 23, 2018 15

 CobiT IT Processes
Planning and Organization
Acquisition and


 PO1 - Define a strategic IT plan 

 PO2 - Define the information
architecture Implementation
 PO3 - Determine the technological  AI1 - Identify solutions
direction
 PO4 - Define the IT organization and  AI2 - Acquire and maintain
relationships application software
PO5 - Manage the investment
AI3 - Acquire and maintain


 PO6 - Communicate management aims
and directions technology architecture
PO7 - Manage human resources

 AI4 - Develop and maintain
PO8 - Ensure compliance with external
IT procedures

requirements
 PO9 - Assess risks  AI5 - Install and accredit
 PO10 - Manage project systems
PO11 - Manage quality
AI6 - Manage changes



February 23, 2018 16

 CobiT IT Processes
 Delivery and Support
 DS1 - Define Service Levels
 Monitoring
 DS2 - Manage third-party services
 M1 - Monitor the processes
 DS3 - Manage performance and  M2 - Assess the internal
capacity control adequacy
 DS4 - Ensure continuous service
 M3 - Obtain independent
 DS5 - Ensure system security
assurance
 DS6 - Identify and attribute costs
 DS7 - Educate and train users
 M4 - Provide for
 DS8 - Assist and advise IT
independent audit
customers
 DS9 - Manage the configuration
 DS10 - Manage problems and
incidents
 DS11 - Manage data
 DS12 - Manage facilities
 DS13 - Manage operations

February 23, 2018 17

 KPI
 Key Performance Indicators (KPI)
 KPI’s are a measure of “how well” the process is
performing.
 KPI adalah ukuran sejauhmana proses berjalan
 KPI dapat digunakan untuk memprediksi keberhasilan
atau kegagalan
 Fokus pada proses dan dimensi pembelajaran pada
balance scorecard
 Diwujudkan dalam terminologi yang terukur
 Dapat digunakan untuk membantu memperbaiki
proses TI

February 23, 2018 18

 Key Performance Indicators dalam proses
TIK yang umum
 System downtime
 Throughput and response times
 Amount of errors and rework
 Number of staff trained in new technology and
customer service skills
 Benchmark comparisons
 Number of non-compliance reportings
 Reduction in development and processing time

February 23, 2018 19

 Financial
• # of IT customers

Contoh • Cost per IT customer

• Cost-efficiency of IT
processes up
ukuran • Delivery of IT value per
employee
Customer Process
kinerja • Level of service delivery
up
• Availability of systems &
services
•
(BSC)
Satisfaction of existing • Developments on
customers schedule & budget
• Information
# of new customers • Throughput & response
reached times
• # of new service delivery • Amount of errors and
channels rework
Learning
• Staff productivity &
morale
• # of staff trained in new
techno/services
• Value delivery per
employee up
• Increased availability
knowledge systems

February 23, 2018 20

Deskripsi proses
The control of
Kriteria Informasi
IT Processes SS P
which satisfy
Business  
Requirements is enabled by

Control Sumberdaya
Statements and considers

Control
Practices

KGI’s Maturity Model

 0 - Management processes are not applied at
 all
Critical 
 1 - Processes are ad hoc and disorganised
2 - Processes follow a regular pattern
Success KPI’s 3 - Processes are documented and
communicated

Factors 

4 - Processes are monitored and measured
5 - Best practices are followed and automated


February 23, 2018 21

 CSF
 Merupakan hal paling penting yang perlu
dilakukan untuk mencapai tujuan
 Dapat dicari-dapat diukur- merupakan
karakteristik dari organsiasi dan proses bisnis
 Dapat bersifat strategis, teknologis,
organisasional atau bersifat prosedural
 Fokus pada pencarian, pemeliharaan dan
perluasan kemampuan, keterampilan dan
perilaku
 Dinyatakan dalam terminologi proses.

February 23, 2018 22

 Critical Success Factors dalam proses TIK yang
umum
 Kinerja TIK diukur dalam terminologi keuangan,
sebagai kepuasan konsumen, efektiftas dan kapasitas
masadepan; Reward berdasarkan pada ukuran kinerja
ini.
 Proses selaras dengan strategi TIK dan dengan
tujuan bisnis.

February 23, 2018 23

Process Description
The control of
Information
IT Processes SS P
Criteria
which satisfy
Business  
Requirements is enabled by

Control Resources
Statements and considers

Control
Practices

KGI’s Maturity Model

 0 - Management processes are not applied at
Critical Success Factors 
CSF



all
Maturity
1 - Processes are ad hoc and disorganised
2 - Processes follow a regular pattern

3 - Processes are documented and



KPI’s


Model
communicated
4 - Processes are monitored and measured
  5 - Best practices are followed and automated


February 23, 2018 24

 Kesimpulan

 Anda telah belajar tentang tatakelola TIK

berdasarkan framework COBIT

February 23, 2018 25