Control Objective for Information and related Technology
COBIT yaitu
Control Objectives
for
Information
and
Related Technology yang merupakan audit sistem informasi dan dasar pengendalian yang dibuat oleh Information Systems Audit and Control
Association (ISACA), dan Information Technology Governance
Institute (ITGI) pada
tahun 1992, untuk memberikan informasi yang diperlukan perusahaan dalam mencapai tujuannya, maka
prinsip dasar
COBIT
menjelaskan (Simonsson
& Johnson, 2006):
1.
Business information
requirements,
terdiri dari: Effectiveness, Efficiency,
Integrity, Availability, and Reliability of
information.
2.
High-Level
IT Processes, terdiri
dari: IT Domains (Planning and Organisation, Acquisition & Implementation,
Delivery &
Support, Monitoring and Evaluation); IT Process (IT strategy, Computer operations, Incident handling,
Acceptance testing, Change
management, Contingency
planning, Problem management);
Activities (Record new problem, Analyse, Propose solution,
Monitor solution, Record
known problem.)
3. Information Technology
Resource: Expert
staff,
Applications,
Technology,
Facilities, Database Management
System, Hardware, Software,
Multimedia.
COBIT memiliki cakupan yang sangat luas dan belum tentu semua
organisasi
memiliki atau mencakup keseluruhan
proses-proses tersebut. (Kania, 2011) menjelaskan setiap perusahaan memiliki ragam dan jangkauan pemanfaatan
terhadap teknologi informasi dan tidak semua langkah dalam COBIT dapat diterapkan, hanya
pada bagian tertentu yang dengan sesuai kebutuhan Perusahaan. Selaras dengan apa yang telah dijelaskan
(ITGI, 2007) Standar ini tidak menuntut penerapan pada
setiap komponen tapi dapat memilih pada bagian-bagian yang
terkait saja.
Perbandingan model COBIT dengan Model lain seperti ditunjukan pada tabel
2.1 dibawah ini (Mapping, 2011).
Tabel 2.1
Tabel
cakupan COBIT 4.1 dalam domain PO
dan ME disbanding model
lain
Tabel 2.2
Tabel
cakupan Domain COBIT 4.1dibandingkan dengan
Luftman
Framework (sumber:
Luftman, 2004 & Simonsson, 2008)
Domain
|
COBIT 4.1
|
LUFTMAN
|
PO1
|
Define a strategic IT plan.
|
LG1. Business strategic
planning
|
PO2
|
Define the information
architecture.
|
LSA1. Traditional, Enabler/Driver,
External
LSA2. Standards Articulation
LSA3. Architectural Integration: Functional
Organization, Enterprise, nter-enterprise
|
PO3
|
Determine
technological
direction.
|
LSA2. Standards Articulation
LSA5. Agility, Flexibility
LC6. Liaison(s)
|
PO4
|
Define the IT processes,
organisation and relationships.
|
LS2. Cultural locus of Power
LS3. Management Style
LS4. Change Readiness
LP4. IT Program Management
LG6. Steering Committee(s)
LC5. Knowledge Sharing
|
PO5
|
Manage the IT investment.
|
LP1. Business Perception
of IT Value
LG6. Steering Committee(s)
LG5. IT Investment Management
|
PO6
|
Communicate management
aims
and direction.
|
LC1. Understanding of Business
by IT
LC2. Understanding of IT by Business
LC3. Inter/Intra- organizational
Learning/Education
LC4. Protocol Rigidity
LC5. Knowledge Sharing
|
PO7
|
Manage IT human resources.
|
LS2. Cultural locus of Power
LS4. Change Readiness
LS6. Education, Cross-Training
|
PO8
|
Manage quality.
|
LM7.
Continuous Improvement
|
PO9
|
Assess and manage
IT risks.
|
LG5. IT Investment Management
LP3. Shared Goals, Risk,
|
Rewards/Penalties
LP4. IT Program Management
|
||
PO10
|
Manage projects.
|
LS7. Social, Political,
Trusting
Interpersonal Environment LP3. Shared Goals, Risk, Rewards/Penalties
LG7. Prioritization
Process
|
ME1
|
Monitor
and evaluate IT
performance
|
LS7. Social, Political,
Trusting
Interpersonal Environment LP3. Shared Goals, Risk, Rewards/Penalties
LG7. Prioritization
Process
|
ME2
|
Monitor
and evaluate internal
control
|
LM7.
Continuous Improvement
LP1. Business Perception
of IT Value
|
ME3
|
Ensure compliance with external
requirements
|
LM3.
Service Level
LG3. Reporting/Organization
Structure
|
ME4
|
Provide IT governance
|
LC1. Understanding of Business
by IT
LC2. Understanding of IT by
Business
|
Tabel 2.3 Tabel
cakupan Domain COBIT 4.1dibandingkan dengan pwC Framework
(sumber: PricewaterhouseCoopers, 2003)
Domain
|
Descripts (Plan and
Organise)
|
pwC Focused
|
PO1
|
Define a strategic IT plan.
|
pwC1. Define stakeholder
expectations
pwC2. Articulate the Mission pwC3.
Develop a Formal
Strategic
plan
|
PO2
|
Define the information architecture.
|
pwC1. Define stakeholder
expectations
|
PO3
|
Determine
technological
direction.
|
pwC1. Define stakeholder
expectations
|
PO4
|
Define the IT processes, organisation
and relationships.
|
pwC1. Define stakeholder
expectations
|
PO5
|
Manage the IT investment.
|
pwC5. Establish current and multi
|
year Budgets
|
||
PO6
|
Communicate management
aims and
direction.
|
pwC2. Articulate the Mission
|
PO7
|
Manage IT human resources.
|
pwC7. Assess
Needed Skill Sets
|
PO8
|
Manage quality.
|
pwC8. Develop
or acquire
enabling infrastructure,
methodology and technology
|
PO9
|
Assess and manage
IT risks.
|
pwC4. Assess
Risk and Develop
the audit plan
|
PO10
|
Manage projects.
|
pwC1. Define stakeholder
expectations
|
Domain
|
Descripts (Monitor
and Evaluate)
|
|
ME1
|
Monitor
and evaluate IT performance
|
pwC8. Develop
or acquire
enabling infrastructure,
methodology and technology
|
ME2
|
Monitor
and evaluate internal
control
|
pwC8. Develop
or acquire
enabling infrastructure,
methodology and technology
|
ME3
|
Ensure compliance with external
requirements
|
pwC8. Develop
or acquire
enabling infrastructure,
methodology and technology
|
ME4
|
Provide IT governance
|
pwC3. Develop
a Formal
Strategic
plan
|
Selain itu menurut (Ridley
et
al. 2006) COBIT adalah kerangka kontrol yang paling tepat untuk membantu organisasi memastikan keselarasan
antara penggunaan Teknologi Informasi
dan
tujuan bisnis.
Dapat di simpulkan bahwa dari keseluruah teknologi informasi Framework
yang paling sering digunakan dan mencakup keseluruhan tata kelola
teknologi informasi adalah COBIT karena COBIT Framework bergerak sebagai integrator dari
praktik IT governance dan juga yang dipertimbangkan kepada petinggi manajemen atau
manager; manajemen teknologi informasi dan bisnis; para ahli governance, asuransi dan keamanan; dan juga para
ahli auditor teknologi informasi dan kontrol.
COBIT Framework dibentuk agar dapat berjalan berdampingan dengan standar dan best
practices yang lainnya (Setiawan, 2010)
Fokus Proses
COBIT digambarkan oleh
model proses yang
membagi teknologi informasi menjadi empat
domain dan 34 proses sesuai
dengan bidang yang
bertanggung jawab terhadap perencanaan, membangun, menjalankan dan memonitor
implementasi teknologi informasi, dan juga memberikan
pandangan end-to-end teknologi informasi. Gambar dibawah ini
menunjukan proses dari
COBIT:
Gambar 2.1
Kerangka kerja COBIT
(ITGI,
2007)
Sumber
Komentar
Posting Komentar