Audit Sistem Informasi Berbasis Framework COBIT

Control Objective for Information and related Technology, disingkat COBIT, adalah suatu panduan standar praktik manajemen teknologi informasi. Cobit dirancang sebagai alat penguasaan IT yang membantu dalam pemahaman dan memanage resiko, manfaat serta evaluasi yang berhubungan dengan IT. Standar COBIT dikeluarkan oleh IT Governance Institute yang merupakan bagian dari ISACA. COBIT 4.0 merupakan versi terbaru.

Disusun oleh Information Systems Audit and Control Foundation (ISACF®) pada tahun 1996. Edisi kedua dari COBIT diterbitkan pada tahun 1998. Pada tahun 2000 dirilis COBIT 3.0 oleh ITGI (Information Technology Governance Institute) dan COBIT 4.0 pada tahun 2005. Rilis terakhir COBIT 4.1 dirilis pada tahun 2007.

COBIT merupakan standar yang dinilai paling lengkap dan menyeluruh sebagai framework IT audit karena dikembangkan secara berkelanjutan oleh lembaga swadaya profesional auditor yang tersebar di hampir seluruh negara. Dimana di setiap negara dibangun chapter yang dapat mengelola para profesional tersebut.Target pengguna dari framework COBIT adalah organisasi/perusahaan dari berbagai latar belakang dan para profesional external assurance. Secara manajerial target pengguna COBIT adalah manajer, pengguna dan profesional TI serta pengawas/pengendali profesional. Secara resmi tidak ada sertifikasi profesional resmi yang diterbitkan oleh ITGI atau organisasi manapun sebagai penyusun standar COBIT. Di Amerika Serikat standar COBIT sering digunakan dalam standar sertifikasi Certified Public Accountants (CPAs) danChartered Accountants (CAs) berdasarkan Statement on Auditing Standards (SAS) No. 70 Service Organisations review, Systrust certification or Sarbanes-Oxley compliance.

Lingkup kriteria informasi yang sering menjadi perhatian dalam COBIT adalah:

o   Effectiveness

Menitikberatkan pada sejauh mana efektifitas informasi dikelola dari data-data yang diproses oleh sistem informasi yang dibangun.

o   Efficiency

Menitikberatkan pada sejauh mana efisiensi investasi terhadap informasi yang diproses oleh sistem.

o   Confidentiality

Menitikberatkan pada pengelolaan kerahasiaan informasi secara hierarkis.

o   Integrity

Menitikberatkan pada integritas data/informasi dalam sistem.

o   Availability

Menitikberatkan pada ketersediaan data/informasi dalam sistem informasi.

o   Compliance

Menitikberatkan pada kesesuaian data/informasi dalam sistem informasi.

o   Reliability

Menitikberatkan pada kemampuan/ketangguhan sistem informasi dalam pengelolaan data/informasi.

 

Framework COBIT terdiri dari 34 high-level control objective, dimana tiap-tiap IT proses dikelompokkan dalam empat domain utama:

1.  Planning and Organization

mencakup strategi dan taktik yang menyangkut identifikasi tentang bagaimana TI dapat memberikan kontribusi terbaik dalam pencapaian tujuan bisnis organisasi sehingga terbentuk sebuah organisasi yang baik dengan infrastruktur teknologi yang baik pula.

PO1    Define a strategic information technology plan

PO2    Define the information architecture

PO3    Determine the technological direction

PO4    Define the IT organisation and relationships

PO5    Manage the investment in information technology

PO6    Communicate management aims and direction

PO7    Manage human resources

PO8    Ensure compliance with external requirements

PO9    Assess risks

PO10  Manage projects

PO11  Manage quality

2. Acquisition and Implementation

identifikasi solusi TI dan kemudian diimplementasikan dan diintegrasikan dalam proses bisnis untuk mewujudkan strategi TI.

AI1  Identify automated solutions

AI2  Acquire and maintain application software

AI3  Acquire and maintain technology infrastructure

AI4  Develop and maintain IT procedures

AI5  Install and accredit systems

AI6  Manage changes

3. Delivery and Support

domain yang berhubungan dengan penyampaian layanan yang diinginkan, yang terdiri dari operasi pada sistem keamanan dan aspek kesinambungan bisnis sampai dengan pengadaan training.

DS1     Define and manage service levels

DS2     Manage third-party services

DS3     Manage performance and capacity

DS4     Ensure continuous service

DS5     Ensure systems security

DS6     Identify and allocate costs

DS7     Educate and train users

DS8     Assist and advise customers

DS9     Manage the configuration

DS10   Manage problems and incidents

DS11   Manage data

DS12   Manage facilities

DS13   Manage operations

4. Monitoring

semua proses TI perlu dinilai secara teratur dan berkala bagaimana kualitas dan kesesuaiannya dengan kebutuhan kontrol

M1 Monitor the process

M2 Assess internal control adequacy

M3 Obtain independent assurance

M4 Provide for independent audit

 

http://anaksistem.blogspot.com/2011/12/audit-sistem-informasi-berbasis.html

Balanced Scorecard

The Balanced Scorecard

The Balanced Scorecard is a strategic performance management framework that has been designed to help an organisation monitor its performance and manage the execution of its strategy. In a recent world-wide study on management tool usage, the Balanced Scorecard was found to be the sixth most widely used management tool across the globe which also had one of the highest overall satisfaction ratings. In its simplest form the Balanced Scorecard breaks performance monitoring into four interconnected perspectives: Financial, Customer, Internal Processes and Learning & Growth.

 

Balanced Scorecard Perspectives

Here are the definition for the four Balanced Scorecard perspectives:

• The Financial Perspective covers the financial objectives of an organisation and allows managers to track financial success and shareholder value.
• The Customer Perspective covers the customer objectives such as customer satisfaction, market share goals as well as product and service attributes.
• The Internal Process Perspective covers internal operational goals and outlines the key processes necessary to deliver the customer objectives.
• The Learning and Growth Perspective covers the intangible drivers of future success such as human capital, organisational capital and information capital including skills, training, organisational culture, leadership, systems and databases.

   

  From Measurement Dashboards to Strategy Maps

  When it was first introduced the Balanced Scorecard perspectives were presented in a four-box model (see Figure above). Early adopters created Balanced Scorecards that were primarily used as improved performance measurement systems and many organisations produced management dashboards to provide a more comprehensive at a glance view of key performance indicators in these four perspectives.

  However, this four box model has now been superseded by a Strategy Map (see Figure below for the generic template), which is at the heart of modern Balanced Scorecards. A Strategy Map places the four perspectives in relation to each other to show that the objectives support each other. For more information see also our white papers ‘What is a modern Balanced Scorecard’ and ‘How to create a strategy map’

 

Cause-and-Effect Logic

A Strategy Map highlights that delivering the right performance in the one perspective (e.g. financial success) can only be achieved by delivering the objectives in the other perspectives (e.g. delivering what customers want). You basically create a map of interlinked objectives. For example:

• The objectives in the Learning and Growth Perspective (e.g. developing the right competencies) underpin the objectives in the Internal Process Perspective (e.g. delivering high quality business processes).
• The objectives in the Internal Process Perspective (e.g. delivering high quality business processes) underpin the objectives in the Customer Perspectives (e.g. gaining market share and repeat business).
• Delivering the customer objectives should then lead to the achievement of the financial objectives in the Financial Perspective.

Strategy maps therefore outline what an organisations wants to accomplish (financial and customer objectives) and how it plans to accomplish it (internal process and learning and growth objectives). This cause-and-effect logic is one of the most important elements of best-practice Balanced Scorecards. It allows companies to create a truly integrated set of strategic objectives on a single page. For a large number of real-world best practice examples please visit our case study section
The danger with the initial four-box model was that companies can easily create a number of objectives and measures for each perspective without ever linking them. This can lead to silo activities as well as a strategy that is not cohesive or integrated.

 

Key Benefits of using Balanced Scorecards

1. Better Strategic Planning – The Balanced Scorecard provides a powerful framework for building and communicating strategy. The business model is visualised in a Strategy Map which forces managers to think about cause-and-effect relationships. The process of creating a Strategy Map ensures that consensus is reached over a set of interrelated strategic objectives. It means that performance outcomes as well as key enablers or drivers of future performance (such as the intangibles) are identified to create a complete picture of the strategy.
2. Improved Strategy Communication & Execution – The fact that the strategy with all its interrelated objectives is mapped on one piece of paper allows companies to easily communicate strategy internally and externally. We have known for a long time that a picture is worth a thousand words. This ‘plan on a page’ facilities the understanding of the strategy and helps to engage staff and external stakeholders in the delivery and review of strategy. In the end it is impossible to execute a strategy that is not understood by everybody.
3. Better Management Information – The Balanced Scorecard approach forces organisations to design key performance indicators for their various strategic objectives. This ensures that companies are measuring what actually matters. Research shows that companies with a BSC approach tend to report higher quality management information and gain increasing benefits from the way this information is used to guide management and decision making.
4. Improved Performance Reporting – companies using a Balanced Scorecard approach tend to produce better performance reports than organisations without such a structured approach to performance management. Increasing needs and requirements for transparency can be met if companies create meaningful management reports and dashboards to communicate performance both internally and externally.
5. Better Strategic Alignment – organisations with a Balanced Scorecard are able to better align their organisation with the strategic objectives. In order to execute a plan well, organisations need to ensure that all business and support units are working towards the same goals. Cascading the Balanced Scorecard into those units will help to achieve that and link strategy to operations.
6. Better Organisational Alignment – well implemented Balanced Scorecards also help to align organisational processes such as budgeting, risk management and analytics with the strategic priorities. This will help to create a truly strategy focused organisation.

    

   Readmore :

   http://www.ap-institute.com/Balanced%20Scorecard.html

Information Technology Infrastructure Library

The Information Technology Infrastructure Library (ITIL) is a globally recognized collection ofbest practices for information technology (IT) service management. The United Kingdom’s Central Computer and Telecommunications Agency (CCTA) created ITIL in response to growing dependence on information technology for meeting business needs and goals. ITILprovides businesses with a customizable framework of best practices to achieve quality service and overcome difficulties associated with the growth of IT systems. Hewlett-Packard Co. and Microsoft are two businesses that use ITIL as part of their own best practices frameworks.

ITIL is organized into “sets” of books which are defined by related functions: service strategy, service design, managerial, service transition, service operation and continual service improvement. software. In addition to the books, which can be purchased online, ITIL services and products include training, qualifications, software tools and user groups such as the IT Service Management Forum (itSMF)

Definition

A comprehensive set of documents, which defines best practices and accepted techniques in the Information Technology community. This set of guidelines is widely used in both the public and private sector, essentially providing companies with a blueprint on how to organize and manage information technology operations at the company. The library is constantly updated to ensure accuracy and to include emerging technological advances.

Read more: http://www.businessdictionary.com/definition/Information-Technology-Infrastructure-Library-ITIL.html#ixzz2O54GHp3h

http://searchdatacenter.techtarget.com/definition/ITIL