Focus Area

STRATEGIC ALIGNMENT

VALUE DELIVERY

Focuses on ensuring the

Is about executing the value

linkage of business and IT

plans;
on defining, maintaining
and validating the IT value
proposition;
and on aligning IT
operations with enterprise
operations

proposition throughout the

delivery cycle,
ensuring that IT delivers the
promised benefits against
the strategy,
concentrating on optimizing
costs and proving the
intrinsic value of IT

Focus Area
RESOURCE MANAGEMENT

Is about the optimal

investment in, and the

proper management of,
critical IT resources:
applications, information,
infrastructure and people.
Key issues relate to the
optimisation of knowledge
and infrastructure.

RISK MANAGEMENT
Requires risk awareness by

senior corporate officers, a

clear understanding of the
enterprises appetite for risk,
understanding of
compliance requirements,
transparency about the
significant risks to the
enterprise, and embedding
of risk management
responsibilities in the
organisation

Focus Area
PERFORMANCE MEASUREMENT

Tracks and monitors strategy implementation, project

completion, resource usage, process performance and

service delivery, using, for example, balanced scorecards
that translate strategy into action to achieve goals
measurable beyond conventional accounting

 DRIVER
Strategic alignment
Resource management
Performance measurement
OUTCOMES
Value delivery
Risk management

Focus area of ITG is a

continuous life cycle
which can be entered at
any point.
Usually one starts with
the strategy and its
alignment
throughout
the enterprise

IT Governance
Framework
TATA KELOLA - AUDIT SI/TI

Amalia Anjani A.
anjani.arifiyanti@gmail.com

IT resources
Applications are the automated user

systems and manual procedures that

process the information.
Information is the data, in all their
forms, input, processed and output by
the information systems in whatever
form is used by the business.
Infrastructure is the technology and
facilities (i.e., hardware, operating
systems, database management
systems, networking, multimedia, and
the environment that houses and
supports them) that enable the
processing of the applications.
People are the personnel required to
plan, organize, acquire, implement,
deliver, support, monitor and evaluate
the information systems and services.
They may be internal, outsourced or
how the business goals for IT influence how the IT
contracted as required.

resources need to be managed by the IT processes to

deliver ITs goals.

COBIT domain
Plan and Organise (PO)

Provides direction to solution

delivery (AI) and service
delivery (DS)
Acquire and Implement
(AI)Provides the solutions
and passes them to be
turned into services
Deliver and Support (DS)
Receives the solutions and
makes them usable for end
users
Monitor and Evaluate
(ME)Monitors all processes
to ensure that the direction
provided is followed

IT GENERAL CONTROLS AND

APPLICATION CONTROLS
General controls are controls embedded in IT processes
and services. Examples include:
Systems development
Change management

Security
Computer operations

Controls embedded in business process applications

are commonly referred to as application controls. Examples
include:
Completeness
Accuracy
Validity
Authorization
Segregation of duties