Kisi-kisi IT Governance

Session 15-16 / Chapter 6: DOMAINS AND PROCESSES

1. COBIT 5 Domains : Versi COBIT 5

2. Process of COBIT 5

• Notes:

Kelima domain bukan subjek tetapi lebih ke fungsionalnya.

ELearning By Argyasiany 1901462334

Some processes may be more important for one organization than another. The process DS 4—

ensure continuous service for example will be of high importance in a financial organization.

Indeed, if the IT systems of a commercial bank are not available for a certain time, this may

have a negative impact on the financial results of the bank

• Contoh:

Example EDM2 – Benefits Delivery

Pengambil keputusan adalah Board Director. Domain EDM merupakan domain pertama diluar

operasional.

ELearning By Argyasiany 1901462334

Session 19-20 / Chapter 7: IMPLEMENTATION OF GEIT WITH COBIT 5

Translating COBIT: mencocokkan antara domain dengan process yang relevan. Menyusun materi

reference model (mengacu ke text book dan e-book PAM)

1. Pain points and triggers to assist implementation of GEIT

2. Lifecycle Approach to Implementation (Implementation of COBIT 5) A life cycle approach can help us make choices. It implies that everyone in the whole chain of a product’s life cycle, from cradle to grave, has a responsibility and a role to play, taking into account all the relevant impacts on the economy, the environment and the society.

Session 21-22 / Chapter 8: COBIT 5 PROCESS ASSESSMENT MODEL

1. COBIT 5 PROCESS ASSESSMENT MODEL (PAM) Identifikasi Domain – proses – maturity level

ELearning By Argyasiany 1901462334

Advantages:

Reliable and Repeatable because specific practices (Best Practices and Generic Practices) and specific

work products (Work Product and Generic Work Products) have been defined

2. Process Assessment Model – Rating Scale

3. Process Assessment Model – Level 0 – 4 • Within the Process Assessment Model (PAM) level 0, indicates that the IT process is not

implemented or “fails to achieve its process purpose. At this level, there is little or no evidence of

any systematic achievement of the process purpose.”

• At level 1 the “implemented process achieves its process purpose.” At level 1, however, the

process cannot be said to be under control.

• At level 2, the process is “implemented in a managed fashion (planned, monitored, and adjusted)

and its work products are appropriately established, controlled, and maintained.”

ELearning By Argyasiany 1901462334

• At level 3, the process is implemented “using a defi ned process that is capable of achieving its

process outcomes.”

• At level 4, the process “operates within defined limits to achieve its process outcomes,” and fi

nally at level 5, the process is “continuously improved to meet relevant current and projected

business goals”

4. Assessment Outcome (isaca.org/cobit) a. Detailed level—First, the outcomes were presented in a detailed manner describing how

to improve the individual processes to close the gap toward the target capability. These

outcomes were discussed with the process owners. The main goal was to make the

process owners aware of the growth and benefits of the process capability. For example,

the process BAI02 Manage requirements definition can help bridge the gap toward

capability by making the process owner accountable for the decisions on the

requirements, driven by the needs of the business. Because the process owner was not

comfortable with the requirements definition, he let the SSC decide what was good for

his business. Making the process owners accountable and supporting their collaboration

within the committes responsible agreeing on the requirements and the requirements

definition process enable better decision making on the needed requirements for

business applications, addressing the advisable level of detail, availability, security, etc.

b. Overall level—Next, the outcomes were aggregated (based on causes) from a challenge

point of view and presented and discussed with the SSC CIO and management team. The

outcomes focused on points of improvement that would make the most impact. For the

SSC, this meant maintaining the processes that were identified as most impactful and

improving those that could be most effective in closing the gap by addressing specific

challenges and irregularities.

c. Creating accountability—Two of the most common themes that emerged in the survey

were poor governance and the lack of an accountability framework. The goal of the SSC

sessions was to improve the expectations the BoD has of the SSC by developing an agreed-

upon charter to deliver the appropriate services.

Session 25-26 / Chapter 9: COBIT 5 RESOURCES

1. COBIT 5 RESOURCES

ELearning By Argyasiany 1901462334

Promosi cara dapat COBIT dan sertifikasi CISA. Sertifikasi ada yang untuk trainer ada yang untuk master

trainer.

2. COBIT 5 Foundation (Road Map)

ELearning By Argyasiany 1901462334