SlideShare uma empresa Scribd logo

Struktur Komponen, Area Fokus, Faktor Desain.pdf

Dhata Praditya
Dhata Praditya

Lecture notes: COBIT 2019

Tecnologia
1 de 47
Baixar para ler offline
1 Team Teaching ISM S1 Sistem Informasi – Fakultas Rekayasa Industri Tata Kelola dan Manajemen Teknologi Informasi Struktur, Komponen, Area Fokus dan Faktor Desain Tata Kelola dan Manajemen TI
2 Outline 1. Components of the Governance System 2. Structure of Governance and Management Objectives 3. COBIT 2019 Focus Areas 4. COBIT 2019 Design Factors
3 1. Components
4 COBIT 2019 Components  Components are factors that, individually and collectively, contribute to the good operations of the enterprise’s governance system over I&T.  Previously known as COBIT enablers.  Components interact with each other, resulting in a holistic governance system for I&T.  Types of Components:  Generic components are described in the COBIT core model and apply in principle to any situation.  Variants are based on generic components but are tailored for a specific purpose or context within a focus area (e.g., for information security, DevOps, a particular regulation)
5 COBIT 2019 Components are: 1. Processes describe an organized set of practices and activities to achieve certain objectives and produce a set of outputs that support achievement of overall IT-related goals. 2. Organizational structures are the key decision-making entities in an enterprise. 3. Principles, policies and frameworks translate desired behavior into practical guidance for day-to-day management. 4. Information is pervasive throughout any organization and includes all information produced and used by the enterprise. COBIT focuses on information required for the effective functioning of the governance system of the enterprise. Components 1 to 4
6 5. Culture, ethics and behavior of individuals and of the enterprise are often underestimated as factors in the success of governance and management activities. 6. People, skills and competencies are required for good decisions, execution of corrective action and successful completion of all activities. 7. Services, infrastructure and applications include the infrastructure, technology and applications that provide the enterprise with the governance system for I&T processing. Components 5 to 7
7 2. Structure COBIT 2019
8 • Example : DSS02-Managed Service Requests and Incidents 1. Objectives
9 • Example : EDM04-Ensured Resource Optimization 2. Goals Cascade
10 3. Applicable Goals and Example Metrics • Example : EDM04-Ensured Resource Optimization
11 4. Component: Process
12 Component: Example of Process Component
13 5. Component: Organizational Structures
14 Organizational Structures and Roles No Role/Structure No Role/Structure 1 Board 18 Project Manager 2 Executive Committee 19 Project Management Office 3 Chief Executive Officer 20 Data Management Function 4 Chief Financial Officer 21 Head Human Resources 5 Chief Operating Officer 22 Relationship Manager 6 Chief Risk Officer 23 Head Architect 7 Chief Information Officer 24 Head Development 8 Chief Technology Officer 25 Head IT Operations 9 Chief Digital Officer 26 Head IT Administration 10 I&T Governance Board 27 Service Manager 11 Architecture Board 28 Information Security Manager 12 Enterprise Risk Committee 29 Business Continuity Manager 13 Chief Information Security Officer 30 Privacy Officer 14 Business Process Owner 31 Legal Counsel 15 Portfolio Manager 32 Compliance 16 Steering (Programs/ Projects) Committee 33 Audit 17 Program Manager Described in detail on page 299 COBIT 2019 Framework Governance and Management Objectives Roles: • Responsible : operational responsibility • Accountable : overall accountability • Consulted : who is providing the input • Informed : who is receiving the information
15 Component: Example of Organizational Structures
16 6. Component: Information Flows and Items
17 Component: Example of Information Flows an Items
18 7. Component: Skills and Competencies • Example : DSS02-Managed Service Requests and Incidents
19 8. Component: Policies and Procedures • Example : DSS02-Managed Service Requests and Incidents
20 9. Component: Culture, Ethics and Behavior • Example : DSS02-Managed Service Requests and Incidents
21 10. Component: Services, Infrastructure and Applications • Example : DSS02-Managed Service Requests and Incidents
22 3. Focus Areas
23 Focus Area  A focus area describes a certain governance topic, domain or issue that can be addressed by a collection of governance and management objectives and their components.  The number of focus areas is virtually unlimited. That is what makes COBIT open-ended.  According to COBIT 2019, Maturity Level is measured within Focus Area Publikasi COBIT Focus Areas by ISACA (per 28 September 2021)
24 Example: Fokus Tata Kelola BUMN as Focus Area Domain No Objective COBIT 2019 Kebijakan Strategis 1 Penetapan Peran TI EDM01 Ensured Governance Framework Setting and Maintenance 2 Perencanaan TI APO02 Managed Strategy 3 Kerangka Kerja Proses dan Organisasi TI APO01 Managed I&T Management Framework 4 Pengelolaan Investasi TI EDM02 Ensured Benefits Delivery 5 Pengelolaan Sumber Daya TI EDM04 APO07 Ensured Resource Optimization Managed Human Resources 6 Pengelolaan Risiko TI EDM03 APO12 Ensured Risk Optimization Managed Risk 7 Pengelolaan Proyek BAI01 BAI11 Managed Programs Managed Projects 8 Identifikasi Kebutuhan dan Solusi BAI02 BAI03 Managed Requirements Definition Managed Solutions Identification and Build Kebijakan Operasional 1 Pengelolaan Layanan TI DSS02 DSS03 Managed Service Requests and Incident Managed Problems 2 Pengelolaan Sekuriti TI APO13 DSS05 Managed Security Managed Security Services 3 Pengelolaan Layanan Pihak Ketiga APO10 Managed Vendors 4 Pengelolaan Operasional DSS01 Managed Operations 5 Pengelolaan Mutu APO11 Managed Quality 6 Transfer Knowledge BAI08 Managed Knowledge 7 Pengelolaan Data Monitor dan Evaluasi Kinerja TI APO14 MEA01 Managed Data Managed Performance and Conformance Monitoring 8 Monitor dan Evaluasi Pengendalian Internal MEA02 Managed System of Internal Control 9 Pengelolaan Kepatuhan Terhadap Regulasi External MEA03 Managed Compliance With External Requirements Mapping Domain Tata Kelola BUMN (sesuai Permen 03/MBU/2018) ke COBIT 2019
25 4. Design Factors
26 COBIT 2019 Design Factors Design factors are factors that can influence the design of an enterprise’s governance system and position it for success in the use of IT. Design factors include any combination of the following: 6. Compliance Requirements 7. Role of IT 8. Sourcing Model for IT 9. IT Implemen- tation Methods 10. Technology Adoption Strategy 11. Enterprise Size 1. Enterprise Strategy 2. Enterprise Goals 3. Risk Profile 4. IT-Related Issues 5. Threat Landscape
27 1. Enterprise Strategy Organizations typically have a primary strategy and, at most, one secondary strategy. Enterprises can have different strategies, which can be expressed as one or more of the following archetypes: Strategy Archetype Explanation Growth/Acquisition The enterprise has a focus on growing (revenues) Innovation/Differentiation The enterprise has a focus on offering different and/or innovative products and services to their clients Cost leadership The enterprise has a focus on short-term cost minimization Client service/Stability The enterprise has a focus on providing stable and client-oriented service
28 Example: Cost Leadership selected as Enterprise Strategy Mc-Donald’s: Low cost position by • Increasing productivity  DSS01: Managed Operations • Eliminating waste  APO11: Managed Quality • Controlling costs  APO06: Managed Budget and Cost
29 2. Enterprise Goals Supporting the enterprise strategy: BSC dimension Ref. Enterprise goal Financial EG01 Portfolio of competitive products and services EG02 Managed business risk EG03 Compliance with external laws and regulations EG04 Quality of financial information Customer EG05 Customer-oriented service culture EG06 Business-service continuity and availability EG07 Quality of management information Internal EG08 Optimization of internal business process functionality EG09 Optimization of business process costs EG10 Staff skills, motivation and productivity EG11 Compliance with internal policies Growth EG12 Managed digital transformation programs EG13 Product and business innovation
30 EG01 : Portfolio of competitive products and services Enterprise Goal Selection Prioritize Management Objectives APO05 : Managed Portfolio Example: Focus on Competitive products and services
31 3. Risk Profile 1 IT investment decision making, portfolio definition & maintenance 2 Program & projects life cycle management 3 IT cost & oversight 4 IT expertise, skills & behavior 5 Enterprise/IT architecture 6 IT operational infrastructure incidents 7 Unauthorized actions 8 Software adoption/usage problems 9 Hardware incidents 10 Software failures 11 Logical attacks (hacking, malware, etc.) 12 Third-party/supplier incidents 13 Noncompliance 14 Geopolitical Issues 15 Industrial action 16 Acts of nature 17 Technology-based innovation 18 Environmental 19 Data & information management
32 4. IT-Related Issues The most common issues include: A Frustration between different IT entities across the organization because of a perception of low contribution to business value B Frustration between business departments (i.e., the IT customer) and the IT department because of failed initiatives or a perception of low contribution to business value C Significant I&T-related incidents, such as data loss, security breaches, project failure and application errors, linked to IT D Service delivery problems by the IT outsourcer(s) E Failures to meet IT-related regulatory or contractual requirements F Regular audit findings or other assessment reports about poor IT performance or reported IT quality or service problems G Substantial hidden and rogue IT spending, that is, I&T spending by user departments outside the control of the normal I&T investment decision mechanisms and approved budgets H Duplications or overlaps between various initiatives, or other forms of wasted resources I Insufficient IT resources, staff with inadequate skills or staff burnout/dissatisfaction J IT-enabled changes or projects frequently failing to meet business needs and delivered late or over budget K Reluctance by board members, executives or senior management to engage with IT, or a lack of committed business sponsorship for IT L Complex IT operating model and/or unclear decision mechanisms for IT-related decisions M Excessively high cost of IT N Obstructed or failed implementation of new initiatives or innovations caused by the current IT architecture and systems O Gap between business and technical knowledge, which leads to business users and information and/or technology specialists speaking different languages P Regular issues with data quality and integration of data across various sources Q High level of end-user computing, creating (among other problems) a lack of oversight and quality control over the applications that are being developed and put in operation R Business departments implementing their own information solutions with little or no involvement of the enterprise IT department (related to end-user computing, which often stems from dissatisfaction with IT solutions and services) S Ignorance of and/or noncompliance with privacy regulations T Inability to exploit new technologies or innovate using I&T
33 Example: IT-Related Issues Failures to meet IT-related regulatory or contractual requirements  MEA-03: Managed Compliance With External Requirements • Monitor local and international laws • Review and adjust policies and procedures • Obtain and report assurance of compliance
34 5. Threat Landscape Threat landscape under which the enterprise operates: Threat Landscape Explanation Normal The enterprise is operating under what are considered normal threat levels. High Due to its geopolitical situation, industry sector or particular profile, the enterprise is operating in a high-threat environment.
35 Example of High Threat Landscape Geopolitical tensions, cyber attacks Focus area: risk management, information security  EDM03: Ensure Risk Optimization  APO12: Managed Risks  APO13: Managed Security  DSS05: Managed Security Services With higher target capability levels
36 Regulatory Environment Explanation Low compliance requirements The enterprise is subject to a minimal set of regular compliance requirements that are lower than average. Normal compliance requirements The enterprise is subject to a set of regular compliance requirements that are common across different industries. High compliance requirements The enterprise is subject to higher-than-average compliance requirements, most often related to industry sector or geopolitical conditions. 6. Compliance requirements Compliance requirements to which the enterprise is subject:
37 Example: Highly Regulated Environment Highly regulated: • Drug manufacturing, Nuclear, Government, Financial High importance of: • Documentation (information) • Procedures and policies • Some roles (organizational structures)
38 7. Role of IT Role of IT for the enterprise: Role of IT Explanation Support IT is not crucial for the running and continuity of the business process and services, nor for their innovation. Factory When IT fails, there is an immediate impact on the running and continuity of the business processes and services. However, IT is not seen as a driver for innovating business processes and services. Turnaround IT is seen as a driver for innovating business processes and services. At this moment, however, there is not a critical dependency on IT for the current running and continuity of the business processes and services. Strategic IT is critical for both running and innovating the organization’s business processes and services.
39 Example: High Involvement of IT-Related Roles • When IT is Strategic to the enterprise • High involvement of IT roles (organizational structure) • Understanding of business by IT  APO02: Managed Strategy  APO08: Managed Relationships
40 Sourcing model for IT that the enterprise adopts: Sourcing Model Explanation Outsourcing The enterprise calls upon the services of a third party to provide IT services. Cloud The enterprise maximizes the use of the cloud for providing IT services to its users. Insourced The enterprise provides for its own IT staff and services. Hybrid A mixed model is applied, combining the other three models in varying degrees. 8. Sourcing Model for IT
41 Example : Sourcing Model for IT Insourced Model: in-house development and hosting  APO03: Managed Enterprise Architecture  APO11: Managed Quality  BAI03: Managed Solution Identification and Build  BAI07: Managed Programs Requirements  BAI10: Managed Configuration
42 IT implementation methods that the enterprise adopts: Sourcing Model Explanation Agile The enterprise uses Agile development working methods for its software development. DevOps The enterprise uses DevOps working methods for software building, deployment and operations. Traditional The enterprise uses a more classic approach to software development (waterfall) and separates software development from operations. Hybrid The enterprise uses a mix of traditional and modern IT implementation, often referred to as “bimodal IT.” 9. IT Implementation Methods
43 Example: IT Implementation Methods Enterprise Implements DevOps  BAI03 Managed solutions identification and build  BAI10 Managed configuration  DSS01 Managed operation
44 Strategy Explanation First mover The enterprise generally adopts new technologies as early as possible and tries to gain first-mover advantage. Follower The enterprise typically waits for new technologies to become mainstream and proven before adopting them. Slow adopter The enterprise is very late with adoption of new technologies. 10. Technology Adaption Strategy Hype-cycle + Technology Adoption Theory + PST-Theory
45 Example : Technology Adoption Strategy Slow mover companies • Kodak: missed opportunity in digital photography • Nokia: developed phones for short term market demands  APO04 : Managed Innovation
46 Sourcing Model Explanation Large enterprise (Default) Enterprise with more than 250 full-time employees (FTEs) Small and medium enterprise Enterprise with 50 to 250 FTEs 11. Enterprise size Enterprise size:
47 Terima Kasih

Recomendados

Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementChristian F. Nissen
 
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docxCHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docxbartholomeocoombs
 
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docxCHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docxketurahhazelhurst
 
Understanding IT Governance and Risk Management
Understanding IT Governance and Risk ManagementUnderstanding IT Governance and Risk Management
Understanding IT Governance and Risk Managementjiricejka
 
IT Governance Presentation by omaha 2008
IT Governance Presentation by omaha 2008IT Governance Presentation by omaha 2008
IT Governance Presentation by omaha 2008ssusera19f45
 
IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing world IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing worldPECB
 
Sharpening the Lens
Sharpening the LensSharpening the Lens
Sharpening the LensRobert Koehler, MsPM, PgMP, PMP, CGEIT
 
Case Study.pdf
Case Study.pdfCase Study.pdf
Case Study.pdfKomalNaik20
 

Recomendados

Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementChristian F. Nissen
 
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docxCHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docxbartholomeocoombs
 
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docxCHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docxketurahhazelhurst
 
Understanding IT Governance and Risk Management
Understanding IT Governance and Risk ManagementUnderstanding IT Governance and Risk Management
Understanding IT Governance and Risk Managementjiricejka
 
IT Governance Presentation by omaha 2008
IT Governance Presentation by omaha 2008IT Governance Presentation by omaha 2008
IT Governance Presentation by omaha 2008ssusera19f45
 
IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing world IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing worldPECB
 
Sharpening the Lens
Sharpening the LensSharpening the Lens
Sharpening the LensRobert Koehler, MsPM, PgMP, PMP, CGEIT
 
Case Study.pdf
Case Study.pdfCase Study.pdf
Case Study.pdfKomalNaik20
 
Marcos cobi t -e-itil-v040811
Marcos cobi t -e-itil-v040811Marcos cobi t -e-itil-v040811
Marcos cobi t -e-itil-v040811faau09
 
Itil introduction
Itil introductionItil introduction
Itil introductionBhalla Mukul
 
COBIT 2019 - DIGITAL TRUST FRAMEWORK
COBIT 2019 - DIGITAL TRUST FRAMEWORKCOBIT 2019 - DIGITAL TRUST FRAMEWORK
COBIT 2019 - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
KT-BIM-R08-GP-05-OIR.pptx
KT-BIM-R08-GP-05-OIR.pptxKT-BIM-R08-GP-05-OIR.pptx
KT-BIM-R08-GP-05-OIR.pptxAsmaaMamdouh9
 
Mergers & Acquisitions - Addressing The Critical IT Issues
Mergers & Acquisitions - Addressing The Critical IT IssuesMergers & Acquisitions - Addressing The Critical IT Issues
Mergers & Acquisitions - Addressing The Critical IT Issuescurtherge
 
Understanding IT Strategy, Sourcing and Vendor Relationships
Understanding IT Strategy, Sourcing and Vendor RelationshipsUnderstanding IT Strategy, Sourcing and Vendor Relationships
Understanding IT Strategy, Sourcing and Vendor RelationshipsGoutama Bachtiar
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGoutama Bachtiar
 
Project Portfolio Optimization and Governance
Project Portfolio Optimization and GovernanceProject Portfolio Optimization and Governance
Project Portfolio Optimization and GovernanceValue Amplify Consulting
 
IT Performance Measurement using IT Governance Metric
IT Performance Measurement using IT Governance MetricIT Performance Measurement using IT Governance Metric
IT Performance Measurement using IT Governance MetricPECB
 
Cobit5
Cobit5Cobit5
Cobit5ISACA-Istanbul
 
It governance & cobit 5
It governance & cobit 5It governance & cobit 5
It governance & cobit 5Laddawan Rattanaruang
 
ICAB - ITA Chapter 1 class 3 - IT Strategy
ICAB - ITA Chapter 1 class 3 - IT StrategyICAB - ITA Chapter 1 class 3 - IT Strategy
ICAB - ITA Chapter 1 class 3 - IT StrategyMohammad Abdul Matin Emon
 
ISE 204 IT Service Management Frameworks.pdf
ISE 204 IT Service Management Frameworks.pdfISE 204 IT Service Management Frameworks.pdf
ISE 204 IT Service Management Frameworks.pdfMarkMandeoya
 
Management summary presentation
Management summary presentationManagement summary presentation
Management summary presentationIT Strategy Group
 
how-to-implement-ecm.ppt
how-to-implement-ecm.ppthow-to-implement-ecm.ppt
how-to-implement-ecm.pptluis267794
 
Chapter 2 analyzing the business case
Chapter 2 analyzing the business caseChapter 2 analyzing the business case
Chapter 2 analyzing the business caseRaquel Miranda
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementChristian F. Nissen
 
It governance 13 may20102
It governance 13 may20102It governance 13 may20102
It governance 13 may20102James Sutter
 
COBIT Intor.pptx
COBIT Intor.pptxCOBIT Intor.pptx
COBIT Intor.pptxcassimjuma08
 
Future of enterprise IT function IBM white paper
Future of enterprise IT function IBM white paperFuture of enterprise IT function IBM white paper
Future of enterprise IT function IBM white paperIBM
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 

Mais conteúdo relacionado

Semelhante a Struktur Komponen, Area Fokus, Faktor Desain.pdf

Marcos cobi t -e-itil-v040811
Marcos cobi t -e-itil-v040811Marcos cobi t -e-itil-v040811
Marcos cobi t -e-itil-v040811faau09
 
KT-BIM-R08-GP-05-OIR.pptx
KT-BIM-R08-GP-05-OIR.pptxKT-BIM-R08-GP-05-OIR.pptx
KT-BIM-R08-GP-05-OIR.pptxAsmaaMamdouh9
 
Mergers & Acquisitions - Addressing The Critical IT Issues
Mergers & Acquisitions - Addressing The Critical IT IssuesMergers & Acquisitions - Addressing The Critical IT Issues
Mergers & Acquisitions - Addressing The Critical IT Issuescurtherge
 
Understanding IT Strategy, Sourcing and Vendor Relationships
Understanding IT Strategy, Sourcing and Vendor RelationshipsUnderstanding IT Strategy, Sourcing and Vendor Relationships
Understanding IT Strategy, Sourcing and Vendor RelationshipsGoutama Bachtiar
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGoutama Bachtiar
 
Project Portfolio Optimization and Governance
Project Portfolio Optimization and GovernanceProject Portfolio Optimization and Governance
Project Portfolio Optimization and GovernanceValue Amplify Consulting
 
IT Performance Measurement using IT Governance Metric
IT Performance Measurement using IT Governance MetricIT Performance Measurement using IT Governance Metric
IT Performance Measurement using IT Governance MetricPECB
 
ISE 204 IT Service Management Frameworks.pdf
ISE 204 IT Service Management Frameworks.pdfISE 204 IT Service Management Frameworks.pdf
ISE 204 IT Service Management Frameworks.pdfMarkMandeoya
 
Management summary presentation
Management summary presentationManagement summary presentation
Management summary presentationIT Strategy Group
 
how-to-implement-ecm.ppt
how-to-implement-ecm.ppthow-to-implement-ecm.ppt
how-to-implement-ecm.pptluis267794
 
Chapter 2 analyzing the business case
Chapter 2 analyzing the business caseChapter 2 analyzing the business case
Chapter 2 analyzing the business caseRaquel Miranda
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementChristian F. Nissen
 
It governance 13 may20102
It governance 13 may20102It governance 13 may20102
It governance 13 may20102James Sutter
 
Future of enterprise IT function IBM white paper
Future of enterprise IT function IBM white paperFuture of enterprise IT function IBM white paper
Future of enterprise IT function IBM white paperIBM
 

Semelhante a Struktur Komponen, Area Fokus, Faktor Desain.pdf (20)

Marcos cobi t -e-itil-v040811
Marcos cobi t -e-itil-v040811Marcos cobi t -e-itil-v040811
Marcos cobi t -e-itil-v040811
 
Itil introduction
Itil introductionItil introduction
Itil introduction
 
COBIT 2019 - DIGITAL TRUST FRAMEWORK
COBIT 2019 - DIGITAL TRUST FRAMEWORKCOBIT 2019 - DIGITAL TRUST FRAMEWORK
COBIT 2019 - DIGITAL TRUST FRAMEWORK
 
KT-BIM-R08-GP-05-OIR.pptx
KT-BIM-R08-GP-05-OIR.pptxKT-BIM-R08-GP-05-OIR.pptx
KT-BIM-R08-GP-05-OIR.pptx
 
Mergers & Acquisitions - Addressing The Critical IT Issues
Mergers & Acquisitions - Addressing The Critical IT IssuesMergers & Acquisitions - Addressing The Critical IT Issues
Mergers & Acquisitions - Addressing The Critical IT Issues
 
Understanding IT Strategy, Sourcing and Vendor Relationships
Understanding IT Strategy, Sourcing and Vendor RelationshipsUnderstanding IT Strategy, Sourcing and Vendor Relationships
Understanding IT Strategy, Sourcing and Vendor Relationships
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
 
Project Portfolio Optimization and Governance
Project Portfolio Optimization and GovernanceProject Portfolio Optimization and Governance
Project Portfolio Optimization and Governance
 
IT Performance Measurement using IT Governance Metric
IT Performance Measurement using IT Governance MetricIT Performance Measurement using IT Governance Metric
IT Performance Measurement using IT Governance Metric
 
Cobit5
Cobit5Cobit5
Cobit5
 
It governance & cobit 5
It governance & cobit 5It governance & cobit 5
It governance & cobit 5
 
ICAB - ITA Chapter 1 class 3 - IT Strategy
ICAB - ITA Chapter 1 class 3 - IT StrategyICAB - ITA Chapter 1 class 3 - IT Strategy
ICAB - ITA Chapter 1 class 3 - IT Strategy
 
ISE 204 IT Service Management Frameworks.pdf
ISE 204 IT Service Management Frameworks.pdfISE 204 IT Service Management Frameworks.pdf
ISE 204 IT Service Management Frameworks.pdf
 
Management summary presentation
Management summary presentationManagement summary presentation
Management summary presentation
 
how-to-implement-ecm.ppt
how-to-implement-ecm.ppthow-to-implement-ecm.ppt
how-to-implement-ecm.ppt
 
Chapter 2 analyzing the business case
Chapter 2 analyzing the business caseChapter 2 analyzing the business case
Chapter 2 analyzing the business case
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT management
 
It governance 13 may20102
It governance 13 may20102It governance 13 may20102
It governance 13 may20102
 
COBIT Intor.pptx
COBIT Intor.pptxCOBIT Intor.pptx
COBIT Intor.pptx
 
Future of enterprise IT function IBM white paper
Future of enterprise IT function IBM white paperFuture of enterprise IT function IBM white paper
Future of enterprise IT function IBM white paper
 

Último

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 

Último (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 

Struktur Komponen, Area Fokus, Faktor Desain.pdf

  • 1. 1 Team Teaching ISM S1 Sistem Informasi – Fakultas Rekayasa Industri Tata Kelola dan Manajemen Teknologi Informasi Struktur, Komponen, Area Fokus dan Faktor Desain Tata Kelola dan Manajemen TI
  • 2. 2 Outline 1. Components of the Governance System 2. Structure of Governance and Management Objectives 3. COBIT 2019 Focus Areas 4. COBIT 2019 Design Factors
  • 4. 4 COBIT 2019 Components  Components are factors that, individually and collectively, contribute to the good operations of the enterprise’s governance system over I&T.  Previously known as COBIT enablers.  Components interact with each other, resulting in a holistic governance system for I&T.  Types of Components:  Generic components are described in the COBIT core model and apply in principle to any situation.  Variants are based on generic components but are tailored for a specific purpose or context within a focus area (e.g., for information security, DevOps, a particular regulation)
  • 5. 5 COBIT 2019 Components are: 1. Processes describe an organized set of practices and activities to achieve certain objectives and produce a set of outputs that support achievement of overall IT-related goals. 2. Organizational structures are the key decision-making entities in an enterprise. 3. Principles, policies and frameworks translate desired behavior into practical guidance for day-to-day management. 4. Information is pervasive throughout any organization and includes all information produced and used by the enterprise. COBIT focuses on information required for the effective functioning of the governance system of the enterprise. Components 1 to 4
  • 6. 6 5. Culture, ethics and behavior of individuals and of the enterprise are often underestimated as factors in the success of governance and management activities. 6. People, skills and competencies are required for good decisions, execution of corrective action and successful completion of all activities. 7. Services, infrastructure and applications include the infrastructure, technology and applications that provide the enterprise with the governance system for I&T processing. Components 5 to 7
  • 8. 8 • Example : DSS02-Managed Service Requests and Incidents 1. Objectives
  • 9. 9 • Example : EDM04-Ensured Resource Optimization 2. Goals Cascade
  • 10. 10 3. Applicable Goals and Example Metrics • Example : EDM04-Ensured Resource Optimization
  • 12. 12 Component: Example of Process Component
  • 14. 14 Organizational Structures and Roles No Role/Structure No Role/Structure 1 Board 18 Project Manager 2 Executive Committee 19 Project Management Office 3 Chief Executive Officer 20 Data Management Function 4 Chief Financial Officer 21 Head Human Resources 5 Chief Operating Officer 22 Relationship Manager 6 Chief Risk Officer 23 Head Architect 7 Chief Information Officer 24 Head Development 8 Chief Technology Officer 25 Head IT Operations 9 Chief Digital Officer 26 Head IT Administration 10 I&T Governance Board 27 Service Manager 11 Architecture Board 28 Information Security Manager 12 Enterprise Risk Committee 29 Business Continuity Manager 13 Chief Information Security Officer 30 Privacy Officer 14 Business Process Owner 31 Legal Counsel 15 Portfolio Manager 32 Compliance 16 Steering (Programs/ Projects) Committee 33 Audit 17 Program Manager Described in detail on page 299 COBIT 2019 Framework Governance and Management Objectives Roles: • Responsible : operational responsibility • Accountable : overall accountability • Consulted : who is providing the input • Informed : who is receiving the information
  • 15. 15 Component: Example of Organizational Structures
  • 16. 16 6. Component: Information Flows and Items
  • 17. 17 Component: Example of Information Flows an Items
  • 18. 18 7. Component: Skills and Competencies • Example : DSS02-Managed Service Requests and Incidents
  • 19. 19 8. Component: Policies and Procedures • Example : DSS02-Managed Service Requests and Incidents
  • 20. 20 9. Component: Culture, Ethics and Behavior • Example : DSS02-Managed Service Requests and Incidents
  • 21. 21 10. Component: Services, Infrastructure and Applications • Example : DSS02-Managed Service Requests and Incidents
  • 23. 23 Focus Area  A focus area describes a certain governance topic, domain or issue that can be addressed by a collection of governance and management objectives and their components.  The number of focus areas is virtually unlimited. That is what makes COBIT open-ended.  According to COBIT 2019, Maturity Level is measured within Focus Area Publikasi COBIT Focus Areas by ISACA (per 28 September 2021)
  • 24. 24 Example: Fokus Tata Kelola BUMN as Focus Area Domain No Objective COBIT 2019 Kebijakan Strategis 1 Penetapan Peran TI EDM01 Ensured Governance Framework Setting and Maintenance 2 Perencanaan TI APO02 Managed Strategy 3 Kerangka Kerja Proses dan Organisasi TI APO01 Managed I&T Management Framework 4 Pengelolaan Investasi TI EDM02 Ensured Benefits Delivery 5 Pengelolaan Sumber Daya TI EDM04 APO07 Ensured Resource Optimization Managed Human Resources 6 Pengelolaan Risiko TI EDM03 APO12 Ensured Risk Optimization Managed Risk 7 Pengelolaan Proyek BAI01 BAI11 Managed Programs Managed Projects 8 Identifikasi Kebutuhan dan Solusi BAI02 BAI03 Managed Requirements Definition Managed Solutions Identification and Build Kebijakan Operasional 1 Pengelolaan Layanan TI DSS02 DSS03 Managed Service Requests and Incident Managed Problems 2 Pengelolaan Sekuriti TI APO13 DSS05 Managed Security Managed Security Services 3 Pengelolaan Layanan Pihak Ketiga APO10 Managed Vendors 4 Pengelolaan Operasional DSS01 Managed Operations 5 Pengelolaan Mutu APO11 Managed Quality 6 Transfer Knowledge BAI08 Managed Knowledge 7 Pengelolaan Data Monitor dan Evaluasi Kinerja TI APO14 MEA01 Managed Data Managed Performance and Conformance Monitoring 8 Monitor dan Evaluasi Pengendalian Internal MEA02 Managed System of Internal Control 9 Pengelolaan Kepatuhan Terhadap Regulasi External MEA03 Managed Compliance With External Requirements Mapping Domain Tata Kelola BUMN (sesuai Permen 03/MBU/2018) ke COBIT 2019
  • 26. 26 COBIT 2019 Design Factors Design factors are factors that can influence the design of an enterprise’s governance system and position it for success in the use of IT. Design factors include any combination of the following: 6. Compliance Requirements 7. Role of IT 8. Sourcing Model for IT 9. IT Implemen- tation Methods 10. Technology Adoption Strategy 11. Enterprise Size 1. Enterprise Strategy 2. Enterprise Goals 3. Risk Profile 4. IT-Related Issues 5. Threat Landscape
  • 27. 27 1. Enterprise Strategy Organizations typically have a primary strategy and, at most, one secondary strategy. Enterprises can have different strategies, which can be expressed as one or more of the following archetypes: Strategy Archetype Explanation Growth/Acquisition The enterprise has a focus on growing (revenues) Innovation/Differentiation The enterprise has a focus on offering different and/or innovative products and services to their clients Cost leadership The enterprise has a focus on short-term cost minimization Client service/Stability The enterprise has a focus on providing stable and client-oriented service
  • 28. 28 Example: Cost Leadership selected as Enterprise Strategy Mc-Donald’s: Low cost position by • Increasing productivity  DSS01: Managed Operations • Eliminating waste  APO11: Managed Quality • Controlling costs  APO06: Managed Budget and Cost
  • 29. 29 2. Enterprise Goals Supporting the enterprise strategy: BSC dimension Ref. Enterprise goal Financial EG01 Portfolio of competitive products and services EG02 Managed business risk EG03 Compliance with external laws and regulations EG04 Quality of financial information Customer EG05 Customer-oriented service culture EG06 Business-service continuity and availability EG07 Quality of management information Internal EG08 Optimization of internal business process functionality EG09 Optimization of business process costs EG10 Staff skills, motivation and productivity EG11 Compliance with internal policies Growth EG12 Managed digital transformation programs EG13 Product and business innovation
  • 30. 30 EG01 : Portfolio of competitive products and services Enterprise Goal Selection Prioritize Management Objectives APO05 : Managed Portfolio Example: Focus on Competitive products and services
  • 31. 31 3. Risk Profile 1 IT investment decision making, portfolio definition & maintenance 2 Program & projects life cycle management 3 IT cost & oversight 4 IT expertise, skills & behavior 5 Enterprise/IT architecture 6 IT operational infrastructure incidents 7 Unauthorized actions 8 Software adoption/usage problems 9 Hardware incidents 10 Software failures 11 Logical attacks (hacking, malware, etc.) 12 Third-party/supplier incidents 13 Noncompliance 14 Geopolitical Issues 15 Industrial action 16 Acts of nature 17 Technology-based innovation 18 Environmental 19 Data & information management
  • 32. 32 4. IT-Related Issues The most common issues include: A Frustration between different IT entities across the organization because of a perception of low contribution to business value B Frustration between business departments (i.e., the IT customer) and the IT department because of failed initiatives or a perception of low contribution to business value C Significant I&T-related incidents, such as data loss, security breaches, project failure and application errors, linked to IT D Service delivery problems by the IT outsourcer(s) E Failures to meet IT-related regulatory or contractual requirements F Regular audit findings or other assessment reports about poor IT performance or reported IT quality or service problems G Substantial hidden and rogue IT spending, that is, I&T spending by user departments outside the control of the normal I&T investment decision mechanisms and approved budgets H Duplications or overlaps between various initiatives, or other forms of wasted resources I Insufficient IT resources, staff with inadequate skills or staff burnout/dissatisfaction J IT-enabled changes or projects frequently failing to meet business needs and delivered late or over budget K Reluctance by board members, executives or senior management to engage with IT, or a lack of committed business sponsorship for IT L Complex IT operating model and/or unclear decision mechanisms for IT-related decisions M Excessively high cost of IT N Obstructed or failed implementation of new initiatives or innovations caused by the current IT architecture and systems O Gap between business and technical knowledge, which leads to business users and information and/or technology specialists speaking different languages P Regular issues with data quality and integration of data across various sources Q High level of end-user computing, creating (among other problems) a lack of oversight and quality control over the applications that are being developed and put in operation R Business departments implementing their own information solutions with little or no involvement of the enterprise IT department (related to end-user computing, which often stems from dissatisfaction with IT solutions and services) S Ignorance of and/or noncompliance with privacy regulations T Inability to exploit new technologies or innovate using I&T
  • 33. 33 Example: IT-Related Issues Failures to meet IT-related regulatory or contractual requirements  MEA-03: Managed Compliance With External Requirements • Monitor local and international laws • Review and adjust policies and procedures • Obtain and report assurance of compliance
  • 34. 34 5. Threat Landscape Threat landscape under which the enterprise operates: Threat Landscape Explanation Normal The enterprise is operating under what are considered normal threat levels. High Due to its geopolitical situation, industry sector or particular profile, the enterprise is operating in a high-threat environment.
  • 35. 35 Example of High Threat Landscape Geopolitical tensions, cyber attacks Focus area: risk management, information security  EDM03: Ensure Risk Optimization  APO12: Managed Risks  APO13: Managed Security  DSS05: Managed Security Services With higher target capability levels
  • 36. 36 Regulatory Environment Explanation Low compliance requirements The enterprise is subject to a minimal set of regular compliance requirements that are lower than average. Normal compliance requirements The enterprise is subject to a set of regular compliance requirements that are common across different industries. High compliance requirements The enterprise is subject to higher-than-average compliance requirements, most often related to industry sector or geopolitical conditions. 6. Compliance requirements Compliance requirements to which the enterprise is subject:
  • 37. 37 Example: Highly Regulated Environment Highly regulated: • Drug manufacturing, Nuclear, Government, Financial High importance of: • Documentation (information) • Procedures and policies • Some roles (organizational structures)
  • 38. 38 7. Role of IT Role of IT for the enterprise: Role of IT Explanation Support IT is not crucial for the running and continuity of the business process and services, nor for their innovation. Factory When IT fails, there is an immediate impact on the running and continuity of the business processes and services. However, IT is not seen as a driver for innovating business processes and services. Turnaround IT is seen as a driver for innovating business processes and services. At this moment, however, there is not a critical dependency on IT for the current running and continuity of the business processes and services. Strategic IT is critical for both running and innovating the organization’s business processes and services.
  • 39. 39 Example: High Involvement of IT-Related Roles • When IT is Strategic to the enterprise • High involvement of IT roles (organizational structure) • Understanding of business by IT  APO02: Managed Strategy  APO08: Managed Relationships
  • 40. 40 Sourcing model for IT that the enterprise adopts: Sourcing Model Explanation Outsourcing The enterprise calls upon the services of a third party to provide IT services. Cloud The enterprise maximizes the use of the cloud for providing IT services to its users. Insourced The enterprise provides for its own IT staff and services. Hybrid A mixed model is applied, combining the other three models in varying degrees. 8. Sourcing Model for IT
  • 41. 41 Example : Sourcing Model for IT Insourced Model: in-house development and hosting  APO03: Managed Enterprise Architecture  APO11: Managed Quality  BAI03: Managed Solution Identification and Build  BAI07: Managed Programs Requirements  BAI10: Managed Configuration
  • 42. 42 IT implementation methods that the enterprise adopts: Sourcing Model Explanation Agile The enterprise uses Agile development working methods for its software development. DevOps The enterprise uses DevOps working methods for software building, deployment and operations. Traditional The enterprise uses a more classic approach to software development (waterfall) and separates software development from operations. Hybrid The enterprise uses a mix of traditional and modern IT implementation, often referred to as “bimodal IT.” 9. IT Implementation Methods
  • 43. 43 Example: IT Implementation Methods Enterprise Implements DevOps  BAI03 Managed solutions identification and build  BAI10 Managed configuration  DSS01 Managed operation
  • 44. 44 Strategy Explanation First mover The enterprise generally adopts new technologies as early as possible and tries to gain first-mover advantage. Follower The enterprise typically waits for new technologies to become mainstream and proven before adopting them. Slow adopter The enterprise is very late with adoption of new technologies. 10. Technology Adaption Strategy Hype-cycle + Technology Adoption Theory + PST-Theory
  • 45. 45 Example : Technology Adoption Strategy Slow mover companies • Kodak: missed opportunity in digital photography • Nokia: developed phones for short term market demands  APO04 : Managed Innovation
  • 46. 46 Sourcing Model Explanation Large enterprise (Default) Enterprise with more than 250 full-time employees (FTEs) Small and medium enterprise Enterprise with 50 to 250 FTEs 11. Enterprise size Enterprise size: