Matakuliah : A0214/Audit Sistem Informasi
Tahun
: 2007
Pertemuan 9-10
IT STRATEGY AND STANDARDS
Bina Nusantara
Linking Business and IT
Business
Business and IT should
be linked through
continuous alignment of:
* Strategic
* Tactical
* And Operational
Planning
Bina Nusantara
Information Technology
Business Strategy
Information Technology
Strategy
Organizational and
Business Strategy
Information Technology
Infrastructure
Program Planning and
Managemeng
Program Planning and
Management
Execution,
Implementation, and
Measurement
Execution,
Implementation, and
Measurement
Strategic Information Technology Planning Cycle
Business / IT Alignment through
Business Strategy
Prioritazion & Funding of
Projects and Programs
Global
Architecture
Direction
Business / IT Alignment
through Business
Strategy
Corporate and Project
Specific Architecture
Other
External
Request
Evaluation
Technology
Steering
Committee
Technology
Requests
Long
Term
Other
External
Industry
Analysis,
Vendor,
Expert Input
Operations and
Intrastructure
Requests
Planning Updates and Monitoring
And Control
Planning Review and Feedback
Bina Nusantara
Review Process and Program
Revisions
ARCHITECTURE AND STANDARDS
•
•
•
•
Bina Nusantara
The IT strategy provides a vision for the IT organization and architecture translates vision
into infrastructure.
Cost cutting measures can be effective in the short time, but long term cost saving
requires standardizing and simplifying applications and infrastructure.
Standards guide industries and organizations in selecting hardware and software and in
developing new applications.
Once there is an understanding of the organization’s objectives and IT strategy; that
strategy needs to be translated into operation plans. Operating plans will define the
projects that will be initiated and the service level expected of IT.
ARCHITECTURE AND STANDARDS
• Policies and Procedures
– Systems architecture
– Testing and Validation or requirements and systems
– Documentation
• Audit Involvement
– Control Objectives for Information and related Technology (COBIT)
– Committee of Sponsoring Organization of the Treadway Commision (COSO)
Bina Nusantara
Technology Risk Management
Select system and
prepare for
assessment
Focal point and
business managers
Hold meetings to rank
information criticality and
identify existing controls
Business
unit
managers
Document and
disseminate results
Focal Point
Focal point, business
managers, and information
technology staff
Corporate existing controls
with mandatory and
optional control
requirements
Focal point, business
managers, and information
technology staff
Legend
Process
Individuals
involved
Where
results
reported
Approve risk acceptance
Corporate information risk
coordinator and focal point
committee
No
Risk acceptance
statement
Are
there
gaps?
Yes
Is it
feasible
to fix
the gaps ?
Yes
Decision
Recommend solutions to
correct gaps
Document
Focal point and business
managers
The Risk Management Process
Bina Nusantara
Corporate
level
management
Information
databases
Develop risk acceptance
statement
No
Business unit head focal
point, business managers,
and focal point committee
Technology Risk Management
•
•
•
•
Bina Nusantara
Identification
Measurement
Control
Monitoring of risk
Risk Controls
• Preventive Controls
• Detective Controls
• Corrective Controls
Bina Nusantara