COBIT yaitu Control Objectives for Information and Related Technology yang merupakan audit sistem informasi dan dasar pengendalian yang dibuat oleh Information Systems Audit and Control Association (ISACA), dan Information Technology Governance Institute (ITGI) pada tahun 1992, untuk memberikan informasi yangdiperlukan perusahaan dalam mencapai tujuannya, maka prinsip dasar COBIT menjelaskan (Simonsson & Johnson, 2006):
1. Business information requirements, terdiri dari: Effectiveness, Efficiency, Integrity, Availability, and Reliability of information.
2. High-Level IT Processes, terdiri dari: IT Domains (Planning and Organisation, Acquisition & Implementation, Delivery & Support, Monitoring and Evaluation); IT Process (IT strategy, Computer operations, Incident handling, Acceptance testing, Change management, Contingency planning, Problem management); Activities (Record new problem, Analyse, Propose solution, Monitor solution, Record known problem.)
3. Information Technology Resource: Expert staff, Applications, Technology, Facilities, Database Management System, Hardware, Software, Multimedia.
COBIT memiliki cakupan yang sangat luas dan belum tentu semua organisasi memiliki atau mencakup keseluruhan proses-proses tersebut. (Kania, 2011) menjelaskan setiap perusahaan memiliki ragam dan jangkauan pemanfaatan terhadap teknologi informasi dan tidak semua langkah dalam COBIT dapatditerapkan, hanya pada bagian tertentu yang dengan sesuai kebutuhan Perusahaan. Selaras dengan apa yang telah dijelaskan (ITGI, 2007) Standar ini tidak menuntutpenerapan pada setiap komponen tapi dapat memilih pada bagian-bagian yang terkaitsaja.
Perbandingan model COBIT dengan Model lain seperti ditunjukan padatabel 2.1 dibawah ini (Mapping, 2011).
Tabel 2.1 Tabel cakupan COBIT 4.1 dalam domain PO dan ME disbanding model lain
Tabel 2.2 Tabel cakupan Domain COBIT 4.1 dibandingkam dengan Luftman
Framework (sumber: Luftman, 2004 & Simonsson, 2008)
Domain
|
COBIT 4.1
|
LUFTMAN
|
PO1
|
Define a strategic IT plan.
|
LG1. Business strategic planning
|
PO2
|
Define the information
architecture.
|
LSA1. Traditional, Enabler/Driver,
External
LSA2. Standards ArticulationLSA3. Architectural Integration: Functional
Organization, Enterprise, nter-enterprise
|
PO3
|
Determine technological
direction.
|
LSA2. Standards Articulation
LSA5. Agility, Flexibility
LC6. Liaison(s)
|
PO4
|
Define the IT processes,
organisation and relationships.
|
LS2. Cultural locus of Power
LS3. Management Style
LS4. Change Readiness
LP4. IT Program Management
LG6. Steering Committee(s)
LC5. Knowledge Sharing
|
PO5
|
Manage the IT investment.
|
LP1. Business Perception of IT Value
LG6. Steering Committee(s)
LG5. IT Investment Management
|
PO6
|
Communicate management aims
and direction.
|
LC1. Understanding of Business by IT
LC2. Understanding of IT by Business
LC3. Inter/Intra- organizational
Learning/Education
LC4. Protocol Rigidity
LC5. Knowledge Sharing
|
PO7
|
Manage IT human resources.
|
LS2. Cultural locus of Power
LS4. Change Readiness
LS6. Education, Cross-Training
|
PO8
|
Manage quality.
|
LM7. Continuous Improvement
|
PO9
|
Assess and manage IT risks.
|
LG5. IT Investment Management
LP3. Shared Goals, Risk,Rewards/Penalties LP4. IT Program Management
|
PO10
|
Manage projects.
|
LS7. Social, Political, Trusting
Interpersonal Environment LP3. Shared Goals, Risk, Rewards/Penalties
LG7. Prioritization Process
|
ME1
|
Monitor and evaluate IT
performance
|
LS7. Social, Political, Trusting
Interpersonal Environment LP3. Shared Goals, Risk, Rewards/Penalties
LG7. Prioritization Process
|
ME2
|
Monitor and evaluate internal
control
|
LM7. Continuous Improvement
LP1. Business Perception of IT Value
|
ME3
|
Ensure compliance with external
requirements
|
LM3. Service Level
LG3. Reporting/Organization
Structure
|
ME4
|
Provide IT governance
|
LC1. Understanding of Business by IT
LC2. Understanding of IT by
Business
|
Tabel 2.3 Tabel cakupan Domain COBIT 4.1dibandingkan dengan pwC Framework
(sumber: PricewaterhouseCoopers, 2003)
Domain
|
Descripts (Plan and Organise)
|
pwC Focused
|
PO1
|
Define a strategic IT plan.
|
pwC1. Define stakeholder
expectations
pwC2. Articulate theMission pwC3. Develop a Formal
Strategic plan
|
PO2
|
Define the information architecture.
|
pwC1. Define stakeholder
expectations
|
PO3
|
Determine technological direction.
|
pwC1. Define stakeholder
expectations
|
PO4
|
Define the IT processes, organisation
and relationships.
|
pwC1. Define stakeholder
expectations
|
PO5
|
Manage the IT investment.
|
pwC5. Establish current and multiyear Budgets |
PO6
|
Communicate management aims and
direction.
|
pwC2. Articulate the Mission
|
PO7
|
Manage IT human resources.
|
pwC7. Assess Needed Skill Sets
|
PO8
|
Manage quality.
|
pwC8. Develop or acquire
enabling infrastructure, methodology and technology
|
PO9
|
Assess and manage IT risks.
|
pwC4. Assess Risk and Develop
the audit plan
|
PO10
|
Manage projects.
|
pwC1. Define stakeholder
expectations
|
Domain
|
Descripts (Monitor and Evaluate)
| |
ME1
|
Monitor and evaluate IT performance
|
pwC8. Develop or acquire
enabling infrastructure, methodology and technology
|
ME2
|
Monitor and evaluate internal control
|
pwC8. Develop or acquire
enabling infrastructure, methodology and technology
|
ME3
|
Ensure compliance with external
requirements
|
pwC8. Develop or acquire
enabling infrastructure, methodology and technology
|
ME4
|
Provide IT governance
|
pwC3. Develop a Formal
Strategic plan |
Selain itu menurut (Ridley et al. 2006) COBIT adalah kerangka kontrol yang paling tepat untuk membantu organisasi memastikan keselarasan antarapenggunaan Teknologi Informasi dan tujuan bisnis. Dapat di simpulkan bahwa dari keseluruah teknologi informasi Frameworkyang paling sering digunakan dan mencakup keseluruhan tata kelola teknologi informasi adalah COBIT karena COBIT Framework bergerak sebagai integrator dari praktik IT governance dan juga yang dipertimbangkan kepada petinggi manajemen atau manager; manajemen teknologi informasi dan bisnis; para ahli governance, asuransi dan keamanan; dan juga para ahli auditor teknologi informasi dan kontrol. COBIT Framework dibentuk agar dapat berjalan berdampingan dengan standar danbest practices yang lainnya (Setiawan, 2010)
Fokus Proses COBIT digambarkan oleh model proses yang membagi teknologi informasi menjadi empat domain dan 34 proses sesuai dengan bidang yang bertanggung jawab terhadap perencanaan, membangun, menjalankan dan memonitor implementasi teknologi informasi, dan juga memberikan pandangan end-to-endteknologi informasi. Gambar dibawah ini menunjukan proses dari COBIT:
Gambar 2.1 Kerangka kerja COBIT (ITGI, 2007)
Sumber :
