Kisi-kisi IT Governance -...
-
Upload
phunghuong -
Category
Documents
-
view
219 -
download
0
Transcript of Kisi-kisi IT Governance -...
Kisi-kisi IT Governance
Session 15-16 / Chapter 6: DOMAINS AND PROCESSES
1. COBIT 5 Domains : Versi COBIT 5
2. Process of COBIT 5
• Notes:
Kelima domain bukan subjek tetapi lebih ke fungsionalnya.
ELearning By Argyasiany 1901462334
Some processes may be more important for one organization than another. The process DS 4—
ensure continuous service for example will be of high importance in a financial organization.
Indeed, if the IT systems of a commercial bank are not available for a certain time, this may
have a negative impact on the financial results of the bank
• Contoh:
Example EDM2 – Benefits Delivery
Pengambil keputusan adalah Board Director. Domain EDM merupakan domain pertama diluar
operasional.
ELearning By Argyasiany 1901462334
Session 19-20 / Chapter 7: IMPLEMENTATION OF GEIT WITH COBIT 5
Translating COBIT: mencocokkan antara domain dengan process yang relevan. Menyusun materi
reference model (mengacu ke text book dan e-book PAM)
1. Pain points and triggers to assist implementation of GEIT
2. Lifecycle Approach to Implementation (Implementation of COBIT 5) A life cycle approach can help us make choices. It implies that everyone in the whole chain of a product’s life cycle, from cradle to grave, has a responsibility and a role to play, taking into account all the relevant impacts on the economy, the environment and the society.
Session 21-22 / Chapter 8: COBIT 5 PROCESS ASSESSMENT MODEL
1. COBIT 5 PROCESS ASSESSMENT MODEL (PAM) Identifikasi Domain – proses – maturity level
ELearning By Argyasiany 1901462334
Advantages:
Reliable and Repeatable because specific practices (Best Practices and Generic Practices) and specific
work products (Work Product and Generic Work Products) have been defined
2. Process Assessment Model – Rating Scale
3. Process Assessment Model – Level 0 – 4 • Within the Process Assessment Model (PAM) level 0, indicates that the IT process is not
implemented or “fails to achieve its process purpose. At this level, there is little or no evidence of
any systematic achievement of the process purpose.”
• At level 1 the “implemented process achieves its process purpose.” At level 1, however, the
process cannot be said to be under control.
• At level 2, the process is “implemented in a managed fashion (planned, monitored, and adjusted)
and its work products are appropriately established, controlled, and maintained.”
ELearning By Argyasiany 1901462334
• At level 3, the process is implemented “using a defi ned process that is capable of achieving its
process outcomes.”
• At level 4, the process “operates within defined limits to achieve its process outcomes,” and fi
nally at level 5, the process is “continuously improved to meet relevant current and projected
business goals”
4. Assessment Outcome (isaca.org/cobit) a. Detailed level—First, the outcomes were presented in a detailed manner describing how
to improve the individual processes to close the gap toward the target capability. These
outcomes were discussed with the process owners. The main goal was to make the
process owners aware of the growth and benefits of the process capability. For example,
the process BAI02 Manage requirements definition can help bridge the gap toward
capability by making the process owner accountable for the decisions on the
requirements, driven by the needs of the business. Because the process owner was not
comfortable with the requirements definition, he let the SSC decide what was good for
his business. Making the process owners accountable and supporting their collaboration
within the committes responsible agreeing on the requirements and the requirements
definition process enable better decision making on the needed requirements for
business applications, addressing the advisable level of detail, availability, security, etc.
b. Overall level—Next, the outcomes were aggregated (based on causes) from a challenge
point of view and presented and discussed with the SSC CIO and management team. The
outcomes focused on points of improvement that would make the most impact. For the
SSC, this meant maintaining the processes that were identified as most impactful and
improving those that could be most effective in closing the gap by addressing specific
challenges and irregularities.
c. Creating accountability—Two of the most common themes that emerged in the survey
were poor governance and the lack of an accountability framework. The goal of the SSC
sessions was to improve the expectations the BoD has of the SSC by developing an agreed-
upon charter to deliver the appropriate services.
Session 25-26 / Chapter 9: COBIT 5 RESOURCES
1. COBIT 5 RESOURCES
ELearning By Argyasiany 1901462334