IT GOV DISCUSSION

Strictly Confidential ©PT Metrodata Electronics, Tbk. 2020

IT Governance

“IT Governance merupakan bagian dari Tata Kelola

Perusahaan yang berfokus pada pengelolaan
Teknologi Informasi agar selaras dengan strategi
perusahaan.”
 AGENDA

BUMPER
8 Pilar Solusi PT MII
Sertifikasi PT MII

ISO/IEC 27001:2013

ISO 9001:2008
Solusi
Portfolio
Portfolio
 Konsultan
Management Area:
• CISA (Certified Information System Auditor)
• CISM (Certified Information Security Manager)
• CCISO (Chief Information Security Officer)
• Lead Auditor ISO 27001
• Lead Auditor ISO 20000
• Lead Auditor ISO 22301
• Risk Management Level 1
• COBIT v5
• ITIL 3 Intermediate Level Certified
• ITIL 3 Foundation Certified
• ITIL 4 Foundation Certified
• TOGAF v9 Certified
High Quality and Having Very Good Competence
Technical Area (Security):
• Offensive Security Certified Professional
• GIAC Continuous Monitoring Certification
• GIAC Incident Handler
• Global Industrial Cyber Security Professional
(GICSP)
• CAST 612 (Advanced Mobile Hacking & Forensics)
• Certified Ethical Hacker
• Certified Security Analyst
• Certified EC-Council Instructor
• Certified Network Defender
• eMAPT
 IT Governance Projects
NO PROJECTS DELIVERABLES NOTES
1 IT Governance Maturity 1. IT Governance Maturity • Metodology: CMMI – Cobit 4.1
Assessment 2. Rekomendasi • Rekomendasi: Cobit 4.1; Cobit 5.0; ITIL;
3. Roadmap Implementasi ISO 27001; dll
2 IT Governance Development Proses TI
Kebijakan TI
Prosedur TI
Organisasi TI + Job Desc
3 Pendampingan Implementasi IT • Bersifat Advisory
Governance • Bucket Mandays
4 Workshop IT Governance Cobit 5; Cobit 4.0; ITIL Praktis dan disesuaikan dengan kebutuhan
perusahaan
COBIT 5 PRINCIPLES
 1. Meeting Stakeholder Needs

Stakeholder Needs
DRIVE

Governance Objective: Value Creation

Benefit Risk Resource

Realization Optimization Optimization
Cobit 5 Cascading
2. Covering the Enterprise End to End
2. Covering the Enterprise End to End
3. Applying Single Integrated Framework
3. Applying Single Integrated Framework
3. Applying Single Integrated Framework
4. Enabling a Holistic Approach
5. Separating Governance from Management
 DISKUSI
“How to Implement IT”
IT is a Journey
The Implementation is an art

SCIENCE ART
The IT Life Cycle
 The IT Life Cycle

Proses Dekomposisi
 Struktur Kebijakan
Dokumen berisi garis-garis haluan tata Kelola apa yang harus, boleh dan tidak
boleh di lakukan.
Policy Contoh : Perusahaan harus memiliki Master Plan Tl dan dijadikan sebagai
acuan di setiap perencanaan dan pengembangan Tl Perusahaan.

Dokumen berisi tata kelola detail namun bersifat umum

Standar dan berlaku di seluruh unit kerja
Contoh : Standar Katalog Layanan Teknologi Informasi

Dokumen berisi langkah-langkah tentang bagaimana untuk mencapai sebuah

Prosedur aktifitas.
Contoh : Prosedur Perubahan, Prosedur Permintaan Layanan
Struktur Kebijakan
Tata Kelola Perusahaan
Permen BUMN No. 1
Tahun 2011

Tata Kelola TI
Permen BUMN No. 2
Tahun 2013

Manajemen TI

Tata Kelola TI Aplikasi

Infrastruktur

SDM
 Struktur Kebijakan
1. Kebijakan strategis:
1.1. Penetapan peran TI BUMN.
1.2. Perencanaan TI.
1.3. Kerangka kerja proses dan organisasi TI.
1.4. Pengelolaan Investasi TI.
1.5. Pengelolaan Sumber Daya TI.
1.6. Pengelolaan Risiko TI.
1.7. Pengelolaan Proyek (Project Management).
1.8. Penanganan Kebutuhan dan Identifikasi Solusi
(Identify Automated Solution).
2. Kebijakan Operasional
2.1. Pengelolaan layanan TI.
2.2. Pengelolan sekuriti TI.
2.3. Pengelolaan layanan pihak ketiga.
2.4. Pengelolaan operasional.
2.5. Pengelolaan mutu.
2.6. Transfer Knowledge.
2.7. Pengelolaan Data Monitor & Evaluasi Kinerja TI.
2.8. Monitor & Evaluasi Pengendalian Internal.
2.9. Pengelolaan compliance external regulation.
 Organisasi TI

IT Head

Organisasi TI adalah motor penggerak

proses-proses TI
 Organisasi TI

Pool of Experts Pool of Experts Pool of Experts Pool of Experts

Organisasi TI
Organisasi TI
 IT Governance
Maturity Assessment
COBIT 4.1
BUSINESS OBJECTIVES AND
GOVERNANCE OBJECTIVES

C O B I T
ME1 Monitor and evaluate IT FRAMEWORK
PO1 Define a strategic IT plan.
performance. INFORMATION
PO2 Define the information
ME2 Monitor and evaluate
architecture.
internal control.
Efficiency Integrity PO3 Determine technological
ME3 Ensure compliance with
Effectiveness Availability direction.
external requirements.
Compliance PO4 Define the IT processes,
ME4 Provide IT governance. Confidentiality
organisation and
Reliability relationships.
MONITOR PLAN PO5 Manage the IT investment.
AND AND PO6 Communicate management
EVALUATE ORGANISE aims and direction.
IT PO7 Manage IT human resources.
DS1 Define and manage service RESOURCES PO8 Manage quality.
levels.
PO9 Assess and manage IT risks.
DS2 Manage third-party services.
PO10 Manage projects.
DS3 Manage performance and
capacity.
DS4 Ensure continuous service. Applications
Information
DS5 Ensure systems security. AI1 Identify automated solutions.
Infrastructure
DS6 Identify and allocate costs. People AI2 Acquire and maintain
DS7 Educate and train users. application software.
DELIVER ACQUIRE
DS8 Manage service desk and AND AI3 Acquire and maintain
AND
incidents. SUPPORT IMPLEMENT technology infrastructure.
DS9 Manage the configuration. AI4 Enable operation and use.
DS10 Manage problems. AI5 Procure IT resources.
DS11 Manage data. AI6 Manage changes.
DS12 Manage the physical AI7 Install and accredit solutions
environment. and changes.
DS13 Manage operations.
Metode Pengukuran
Metode Pengukuran
Awareness &
Merupakan kesadaran dan komunikasi terhadap proses-proses TI
Communication

Policies Plan &

Bagaimana Kebijakan dan Prosedur pendukung TI
Procedures

Tools & Automation Memiliki tools pendukung dalam menjalankan proses TI

Bagaimana personil TI memiliki kemampuan dalam menjalankan proses TI,

Skill & Expertise
termasuk pemberian training/pelatihan dan sertifikasi

Responsibilities &
Tugas dan tanggung jawab proses TI pada COBIT tercantum dalam Jobdesk TI
Accountability

Goal Setting Terdapat pengukuran berupa KPI ataupun indicator keberhasilan pekerjaan
Measurement terhadap proses TI
Nilai Kematangan Proses Tata Kelola TI
Nilai Kematangan Proses Tata Kelola TI
Analisis Pada setiap Domain
 Analysis Pada Setiap Proses
Awareness & Communication
• Perushaan telah memiliki inisiasi akan penting nya perencanaan strategis IT, hal ini dibuktikan dengan
Awareness & Communication adanya kegiatan penyusunan IT Master Plan di tahun 2020.
• Perushaan telah memiliki roadmap IT namun belum terdapat business alignment antara IT dengan
bisnis.
Goal Setting Polices Plan &
Measurement Procedures Policies Plan & Procedures
1 • Sudah terdapat Kebijakan dan Prosedur Rencana Strategis TI, namun pada actual nya prosedur dan
kebijakan tersebut belum berjalan karena tidak adanya dokumen IT Master Plan.

3 2 Tools & Automation

• Belum terdapat tools khusus yang digunakan dalam melakukan penyusunan dan mengelola IT Master
Plan, masih sebatas penggunaan tools sederhana seperti Ms Office.
1,83 Skill & Expertise
• Belum terdapat personil TI yang mendapatkan training ataupun sertifikasi di area IT Master Plan, namun

3 1 kebutuhan ini sudah di identifikasi dari tahun 2019.

Responsibilities & Accountability

• Tugas dan tanggung jawab pengelolaan rencana strategis TI sudah tercantum dalam jobdesk Manager
Responsibility & 1 Tools & Sistem & TI. → dibuat hanya untuk kebutuhan audit (
Accountability Automation
Goal Setting Measurement
• Penyusunan IT Master Plan menjadi KPI Kepala Departemen dan Risiko di tahun 2020, yang merupakan
Skill & Expertise
turunan dari GCG.
 Analysis Pada Setiap Proses
REKOMENDASI

Awareness & Communication:

- Tidak ada

Policies, Plan and Procedures:

- Menyesuaikan Kebijakan Tata Kelola TI Pasal 7 tentang Manajemen TI agar sesuai dengan PERMEN BUMN yaitu tentang Pengelolaan Perencanaan TI
- Menyusun dan mensahkan Prosedur Perencanaan Strategis TI
- Melakukan review terhadap dokumen IT Master Plan minimal 1 tahun sekali apakah terdapat perubahan bisnis atau tidak, dan melakukan monitoring terhadap
program-program TI

Tools and Automation:

- Dapat mulai mengadopsi tools yang dapat membantu penyusunan dokumen IT Master Plan seperti Archimate, serta tools Aris dan Alfabet apabila dibutuhkan

Skill & Expertise:

- Memberikan training kepada personil yang bertanggung jawab terhadap Perencanaan strategis TI berupa Togaf 9.1 Foundation, apabila diperlukan dilakukan
sertifikasi Togaf 9.1 Certified
- Menetapkan fungsi yang bertanggung jawab dalam mengelola Perencanaan Strategis TI
- Menambahkan minimum kompetensi di jobdesc pada fungsi yang mengelola Perencanaan Strategis TI

Responsibility and Accountability:

- Menambahkan tugas dan tanggung jawab terhadap pengelolaan rencana strategis TI pada jobdesc yang menjalankan fungsi perencanaan

Goal Setting & Measurement:

- Menambahkan KPI berupa review dokumen IT Master Plan, minimal terdapat indicator kerja berupa review dokumen IT Master Plan pada jobdesc
Analysis Pada Setiap Atribut Penilaian

3.02 2.44 2.30

Awareness & Communication Policies, Plan & Procedures Responsibility & Accountability

1.82 1.79 1.17

Tools & Automation Skill & Expertise Goal Setting & Measurement
High Level Implementation Roadmap
IT Governance Workshop
Peserta Workshop

IT Managements

Leaders

IT Staff

IT Governance PIC
Metodologi Workshop & Durasi

Course Method Duration

• Customized based on specific • 3 Days Workshop

needs
• Illustrative, interactive and is
extensive practical experience
• Case Study Material
• Place and accommodation will be
subject to be discussed
Metodologi Workshop & Durasi

Course Method Duration

• Customized based on specific • 3 Days Workshop

needs
• Illustrative, interactive and is
extensive practical experience
• Case Study Material
• Place and accommodation will be
subject to be discussed
 Metodologi Workshop & Durasi

PURCHACE Result
Report
Training
Syllabus
Discussion
Development

Discussion: Syllabus Development: Training: Report:

• Mendiskusikan goal • MII Menyusun materi • Pelaksanaan • MII memberikan
dari workshop workshop workshop sesuai laporan pelaksanaan
• Menyepakati Scope of • +- 5 days dengan kesepakatan Workshop
Workshop
• Menyepakati jadwal
• 1 day
IT Governance Consultants
 Hardadi Jaya
Job History
Education
• Technical Consulting Manager at PT Mitra Integrasi
• Gunadarma Univesity – S1 Informatika
Information System
Oct 2013 – present
• Curtin University of Technology
– S2 CommerceInformation • Acting IT Head Operations at Kementerian Keuangan
System RI
Jan 2013 - September 2013
Certification: • Service Desk Manager at Kementerian Keuangan RI
Hardadi Jaya • COBIT 5 January 2009 - December 2012

Position: Consulting Manager • ITILv3 Intermediate, • IT Staff at Kementerian Keuangan RI

Experience : 19 Years • ITILv3 Foundation, Jan 2001 - December 2008

• ITILv4 Foundation, * IT Technical Support at Warta Kota
• LA ISO 27001, Januari 1999 – Desember 2001
• CCISO,
• CEP.
 Luthfy Burhanuddin
Luthfy Burhanuddin
Position: Senior Consultant
Experience : 15 Years
Education Job History
• Universitas Islam Negeri – S1 Teknologi • Senior Consultant at PT Mitra Integrasi
Informasi Informatika
• Universitas Gadjah Mada – S2 Strategi Ap 2016 – present
Bisnis
• Riset Teknologi Indonesia
Jul 2014 – Mar 2016
Certification:
• Assistant Manager at Bukopin
• COBIT5 Foundation
June 2008 - Nov 2010
• ITILv3 Foundation
• ITILv4 Foundation
• Prince2 Foundation
 Alivia Yulfitri
Alivia Yulfitri
Position: Senior Consultant
Experience : 23 Years
Education
• Bandung Institute of Technology
(ITB) - S2 – Informatics
2006 - 2008
• University of Padjadjaran
S1 – Computer Science
1993 - June 1998
Certification:
• TOGAF 9.1 Level 1 & 2
Job History
• 1997 – 1999 PT. Indosat
System Analyst - Programmer
• 1999 – 2010 PT. Pasifik Satelit Nusantara
Head of ERP Development System - System Analyst -
Programmer
• 2010 – 2016 PNS Kementerian Energi Sumber Daya dan
Mineral/KESDM
▪ Kepala Sub Bagian Transformasi Organisasi: Unit Khusus
Menteri (Reformasi) KESDM
▪ Perencana TI dan Kerjasama Dalam dan
Luar Negeri: PUSDATIN Kementerian ESDM dan
Badan Diklat ESDM
• 2016-2017 Data Governance Consultant, PT. Surveyor
Indonesia
• 2017 – Present Data Governance and IT Master Plan
Consultant, PT. MII
 Muhi Budi Noor
Education

Mercu Buana University – S1 Information System

Certification
• Lead Auditor ISO 27001
• ITIL® Foundation Certificate
• Certified Ethical Hacker (CEH)
Muhi Budi Noor
• Risk Management – 2nd Level
Position: Senior Consultant
• Web Application Developers (BNSP)
Experience : 18 Years
Job History
• Technical Consultant at PT Mitra Integrasi Informatika
Sept 2019 – present
• Information System & Audit Development Head at PT.
Bank Panin Dubai Syariah
August 2016 – August 2019
• IT Auditor Dept. Head at PT. Bank Muamalat Indonesia
Feb 2013 – august 2016
• IT Service Desk Coordinator, Programmer & IT
Operations at PT Bank Bukopin TBK
Feb 2002 – January 2013
 Wisnu Aji
EDUCATION: JOB HISTORY:
STMIK Sinar Nusantara (Bachelor’s • ITSM Consultant at PT. Mitra Integrasi
Degree) Informatika (Metrodata Group)

Information System Nov 2018 to Current

• Managed Services Project Manager at Danone
April 2015 to Nov 2018
CERTIFICATION:
• Project Manager Quality Assurance at PT PP
Wisnu Aji ITIL® Foundation Certificate London Sumatra Indonesia

Position: Consultant Project Management December 2012 to April 2013

Experience : 12 Years • Project Manager at British Petroleum Berau

Indonesia (Managed Services Project)
(June 2012 to December 2012)
 Radityo Prio Ndaru
Education
• Bina Nusantara University – S1 Information System
• Bina Nusantara University – S2 Information System

Certification: Job History

• TOGAFv9.1 • ITSP Consultant at PT Mitra Integrasi Informatika

Radityo Priyo Ndaru • ITILv3 Foundation Nov 2016 – present

Position: Consultant • IT Consultant at PT Matrica Consulting

Oct 2013 - September 2016
Experience : 7 Years
• IT Staff at PT Beyond Cipta Solusi
Agustus 2012 - October 2013
 M. Fachfrizal H. Putra
EDUCATION: JOB HISTORY:
2013 – 2018 • Technical Consultant Departemen
Universitas Bina Nusantara (Master Degree) Consulting Service Delivery at MII Project
ITSM (Bank Indonesia)
Master of Technology Information
November 2018 – present
2008 – 2013
• Technical Consultant at Project ITMP PT
Universitas Bina Nusantara (Bachelor Degree) ASABRI

Computer Science April 2018 – June 2018

Moch Fachrizal Yuansyah
• Technical Consultant Disaster Recovery Plan
Position: Consultant
CERTIFICATION: Pertamina Patra Niaga
Experience : 7 Years February 2017 – May 2017
ITIL® Foundation Certificate
Cisco Certified Network Associate