Hasil Pencarian  ::  Simpan CSV :: Kembali

Abstrak :
Untuk menjamin pencapaian kinerja berkelanjutan, salah satu strategi PT. Semen Gresik (Persero) Tbk. adalah meningkatkan kualitas aset utamanya yaitu information capital. Sejak kuartal IV tahun 2007, sejalan dengan penyusunan strategi dan pengembangan bisnis Perseroan, dilakukan pula penyusunan strategi dan masterplan khusus bidang program teknologi informasi dan komunikasi (ICT) yang dinilai memiliki peran strategis dalam mencapai tujuan bisnis Perseroan. Investasi dana dan kepedulian manajemen yang sedemikian besar terhadap implementasi master plan program ICT, memerlukan adanya pemeriksaan terhadap tata kelola teknologi informasi dan komunikasi Perseroan apakah sejalan dengan strategi bisnis dan mampu menjadi penguat faktor penunjang. Audit tata kelola teknologi informasi dan komunikasi menggunakan Maturity Assesment Tools - COBIT 4.1 yaitu penilaian tujuan bisnis melalui IT Balanced Scorecard dan audit proses TI untuk memperoleh gambaran tingkat kematangan saat ini dan kesenjangan terhadap rencana jangka pendek maupun jangka panjang yang masih perlu diperbaiki. Dari hasil audit, diperoleh tingkat kematangan tata kelola teknologi informasi dan komunikasi Perseroan saat ini berada pada level antara 2 (Repeatable but Intuitive) dan 3 (Defined Process). Perbaikan mendasar yang diperlukan adalah pembentukan unit kerja yang bertanggung jawab terhadap pelaksanaan internal kontrol TI serta dokumentasi kebijakan umum dan proses tata kelola teknologi informasi dan komunikasi, sehingga pengawasan terhadap pelaksanaan kebijakan dapat dilakukan secara efektif dan menjamin adanya penerapan IT Governance.

---

To ensure the achievement of sustainable performance, one of PT. Semen Gresik (Persero) strategies is to improve the quality of information capital. Since the fourth quarter of 2007, in line with it's formulation of strategy and business development roadmap, the Company also prepares the strategy and master plan of information and communication technology (ICT) to support the business strategies. The Company considers that ICT has a strategic role in achieving the Company business goals. Investment funds and great concern of management on the implementation of ICT master plan, requires audit on Information and Communication Technology governance, to review whether its implementation in line with the company's business strategies and effectively function as supporting factors in achieving the goals of the company. The audit of ICT governance use the Maturity Assesment Tools - COBIT 4.1, by scoring the business goals using IT Balanced Scorecard to determine the IT goals, and ICT audit process to obtain the current maturity level and to acquire the gap from the sort and long term maturity level target that needs to be fixed. The audit results show that current maturity level of the company's ICT is in score range of 2 (Repeatable but Intuitive) and 3 (Defined Process). The fundamental improvements is necessary to establish working unit that responsible for the implementation of ICT internal controls and documentation of IT governance policies. It will enable the company to monitor the policy implementation effectively and ensure adequate implementation of IT Governance.

Abstrak :
PT XYZ sebagai objek penelitian adalah perusahaan yang dimiliki oleh Pemerintah Indonesia bergerak dalam bidang asuransi sosial, sebagaimana ditetapkan dalam Peraturan Pemerintah (PP), untuk menyelenggarakan Progam Asuransi Sosial Pegawai Negeri Sipil yang terdiri dari Program Dana Pensiun Pegawai Negeri Sipil (PNS) dan Tabungan Hari Tua (THT) dengan tujuan untuk meningkatkan kesejahteraan Pegawai Negeri pada saat memasuki usia pensiun. Perencanaan Strategis TI yang telah disusun menyatakan bahwa TI PT XYZ belum pernah melakukan audit TI dengan menggunakan Kerangka Kerja CobiT. Penelitian ini mengukur tingkat kematangan TI PT XYZ dengan menggunakan Kerangka Kerja CobiT 4.1 untuk kemudian diberikan rekomendasi agar tingkat kematangannya dapat meningkat. Berdasarkan hasil pengukuran tingkat kematangan ini, TI PT XYZ rata-rata berada pada tingkat 2 (Repeatable but Intuitive) yang berarti bahwa TI PT XYZ telah memiliki prosedur standar atas sebagian besar proses TI-nya yang disertai dengan dokumentasi, dan dikomunikasikan melalui pelatihan, namun belum memadai dan belum mampu untuk mendeteksi deviasi yang terjadi. Agar tingkat kematangannya dapat meningkat secara simultan, maka harus dilakukan perbaikan secara bertahap terhadap seluruh proses bisnis termasuk pembenahan kelengkapan prosedur dan dokumentasi, peningkatan kompetensi SDM, pembentukan dan optimalisasi organ pendukung serta dilakukannya audit TI.

---

PT XYZ as the object of research is a company owned by the Government of Indonesia is engaged in social insurance, as stipulated in Government Regulation (PP), to organize a Social Insurance Program Civil Service consisting of the Pension Fund for Pegawai Negeri Sipil (PNS) and Tabungan Hari Tua (THT) with the aim to improve the welfare PNS at retirement age. IT Strategic Plan has been prepared stating that the IT PT XYZ had never done an audit of IT using COBIT Framework. This study measured the level of IT maturity PT XYZ using the COBIT Framework 4.1 to then make recommendations in order to increase the level of maturity. Based on the results of measurements of the level of maturity, IT PT XYZ on average are at level 2 (Repeatable but Intuitive) meaning that IT PT XYZ has a standard procedure for most of its IT processes are accompanied by documentation, and communicated through training, but inadequate and have not been able to detect deviations that occur. In order to increase the level of maturity simultaneously, then it must be gradual improvement of the entire business process including revamping procedures and completeness of documentation, improving the competence of human resources, establishment and optimization of organ support and IT audit done.

Abstrak :
ABSTRAK<>br> Laporan magang ini membahas pelaksanaan audit sistem informasi di KAP ABC. Pembahasan yang dilakukan merupakan hasil dari observasi selama pelaksanaan magang di KAP ABC, serta hasil dari studi literatur atas teori dan standar yang berkaitan. Standar yang digunakan dalam laporan magang ini merupakan International Standard on Auditing yang berkaitan dengan sistem informasi, yaitu diantaranya ISA 315, ISA 330, ISA 530, dan ISA 265. Hasil laporan magang ini menyimpulkan bahwa pelaksanaan audit sistem informasi di KAP ABC telah sesuai dengan teori yang terkait dan standar ISA 315, ISA 330, ISA 530, dan ISA 265.

---

ABSTRACT<>br> This internship report discusses the implementation of information system audit in KAP ABC. The discussion undertaken is the result of observations during the internship at KAP ABC, as well as the results of a literature study of related theories and standards. The standards used in this internship report is the International Standards on Auditing related to information system, including ISA 315, ISA 330, ISA 530, and ISA 265. The result of this internship report concludes that the implementation of information system audit in KAP ABC has been in accordance with prevailing theory and standard ISA 315, ISA 330, ISA 530, and ISA 265.

Abstrak :
ABSTRAK
Peran sistem informasi dan teknologi informasi dalam sebuah organisasi sangatlah penting untuk mengatur jalannya proses bisnis menjadi lebih efektif dan efisien sehingga dapat meningkatkan kualitas layanan dan mempermudah dalam pengelolaannya. Proses operasional manajemen jaringan yang sudah dilakukan di PT XYZ merupakan salah satu upaya dari perusahaan untuk menjaga performansi layanan kepada pelanggan. Penelitian ini diawali dengan adanya masalah performansi layanan yang belum mencapai target seperti yang telah ditentukan, hal ini disebabkan karena proses operasional manajemen jaringan yang sudah ada belum dapat meningkatkan performansi layanan. Salah satu faktor penting yang menjadi penyebabnya yaitu belum adanya antisipasi terhadap serangan cybersecurity yang sering muncul dan mengganggu kualitas layanan. Dari permasalahan yang ada, penelitian ini akan menjawab hal tersebut dengan pembentukan suatu Security Operation Center SOC yang akan dicapai melalui analisa arsitektur keamanan perusahaan yang akan dilihat dari perspektif bisnis.Dengan menggunakan kerangka kerja dari integrasi TOGAF dan SABSA, penelitian ini mencoba menyusun solusi yang tepat tentang bagaimana merancang SOC yang sesuai dengan kebutuhan bisnis di PT XYZ. Metode pengumpulan data yang akan dilakukan adalah melalui wawancara dengan para pemangku kepentingan, dan observasi terhadap kondisi bisnis dan kondisi infrastruktur teknologi informasi yang ada. Penelitian ini menghasilkan rancangan SOC yang dapat membantu mengatasi permasalahan keamanan cyber yang terkait dengan kualitas layanan perusahaan.

---

ABSTRACT
The role of information systems and information technology in an organization is very important to manage the business process becomes more effective and efficient so it can improve the quality of service and simplify the management. The operational network management process that has been done in PT XYZ is one of the efforts of the company to maintain the service performance to the customers. This research begins with the existence of service performance problems that have not reached the target as predetermined, this is because the existing operational network management process has not been able to improve the service performance. One of the important factors that become the cause is the lack of anticipation of cybersecurity attacks that often arise and disrupt the quality of service. From that problems, this research will resolve it with the establishment of a Security Operation Center SOC which achieved through analysis of enterprise security architecture that will be viewed from a business perspective.Using framework integration TOGAF and SABSA, this research tries to devise an appropriate solution of how to design SOC that fit with the business needs of PT XYZ. Data collection methods that will be conducted are through interviews with stakeholders, and observation of business conditions and the existing information technology infrastructure. This research resulted in a SOC design that can help to address cyber security issues which related to the quality of corporate services.

Abstrak :
Sistem informasi merupakan salah satu hal yang dibutuhkan oleh perusahaan untuk menyediakan informasi yang tepat waktu, cepat, akurat, dan relevan dalam bentuk yang terorganisir. Sistem informasi membawa berbagai efisiensi dan kemudahan namun membawa risiko baru. Oleh sebab itu, dibutuhkan pengendalian pada sistem informasi yang dapat menjaga dan mengelola risiko-risiko tersebut. Laporan magang ini menjelaskan audit atas sistem informasi (pengendalian-pengendalian pada sistem informasi) pada PT. CTR yang dilaksanakan oleh penulis selama menjalani program magang. ......Having Information System is an important requirement for most of companies to be able providing timely, fast, accurate and relevant information in well organized form. The availability of Information System will help to create work efficiency, however, it also brings some risks. Therefore, it is required to have an appropriate control of the Information System to watch and properly manage all appeared risks. This Internship Report provides auditing process and control upon information system at PT. CTR where the writer was assigned to work on internship program.

Abstrak :
Penelitian ini bertujuan untuk menganalisis tata kelola teknologi informasi (TI) pada PT XYZ. TI merupakan bagian vital dalam mendukung aktivitas-aktivitas bisnis perusahaan. Penggunaan TI membutuhkan tata kelola TI yang bertujuan untuk memaksimalkan manfaat TI yang diperoleh dengan menjaga keseimbangan antara optimalisasi tingkat risiko TI dan sumber daya. Analisis tata kelola TI pada PT XYZ dilakukan dengan penilaian tingkat kapabilitas TI yang berfokus pada proses TI domain Deliver, Service, Support (DSS) berdasarkan kerangka COBIT 5. Penilaian tingkat kapabilitas bertujuan untuk mengetahui kemampuan proses TI dalam memenuhi tujuan bisnis perusahaan saat ini maupun yang diproyeksikan. Penilaian menggunakan pendekatan COBIT 5 self-assessment. Data yang digunakan dalam penilaian tingkat kapabilitas diperoleh melalui proses wawancara dan dokumen-dokumen PT XYZ yang berkaitan dengan penilaian. Berdasarkan hasil penilaian, tingkat kapabilitas domain DSS berada pada level 3,5 (established process) yang menunjukkan bahwa penggunaan TI telah berjalan berdasarkan standar prosedur yang ditetapkan perusahaan dan memiliki pengukuran kinerja proses, akan tetapi beberapa proses belum memiliki kontrol proses. ......This thesis aims to analyze the governance of information technology (IT) on PT XYZ. IT is a vital part in supporting the company's business activities. The use of IT requires IT governance to maximize the benefits of IT, by maintaining the balance between optimizing the level of IT-related risk and resources. The analysis of governance of information technology on PT XYZ is carried out by assessing the level of IT capability that focuses on the IT process of domain Deliver, Service, Support (DSS) based on the COBIT 5 framework. The capability level assessment aims to determine the ability of IT processes to meet current and future company objectives. The capability assessment is based on COBIT 5 self-assessment approach. Data used in this assessment was obtained by conducting interview and from documents related to the assessment. Based on the assessment results, the DSS domain capability level is at level 3.5 (established process) which indicates that the use of IT has been performed based on standard procedures defined by the company and has performance measurement, but some processes do not have control processes.

Abstrak :
Perusahaan menggunakan teknologi informasi untuk berbagai hal khususnya meningkatkan efektifitas dan efisiensi, agar dapat meningkatkan daya saing. Namun investasi dalam teknologi informasi umumnya tidak murah, dan karena itu manajemen perlu memastikan bahwa sasaran penggunaan teknologi informasi tersebut dapat atau telah tercapai. IT audit merupakan salah satu cara untuk memberikan keyakinan mengenai hal ini. Selain jasa audit laporan keuangan, pada umumnya Kantor Akuntan Publik juga memberikan jasa-jasa lain, diantaranya adalah jasa IT Audit. Upaya pengembangan jasa- jasa lain dalam KAP ini sangat menarik untuk dicermati, karena jasa-jasa tersebut bukan merupakan bisnis inti dari KAP. Salah satu yang menarik untuk dicermati adalah upaya pengembangan jasa IT Audit pada KAP XYZ, dimana KAP XYZ sendiri mengalami pertumbuhan yang luar biasa yaitu mulai dari memiliki karyawan sekitar 100 orang di tahun 1992 menjadi sekitar 1.500 di tahun 2010, melalui berbagai proses, termasuk diantaranya merger. Penelitian dilakukan pada KAP XYZ, yang telah mengembangkan IT Audit Group dari sejak tahun 1996. Pendekatan penelitian adalah dengan mempelajari laporan-laporan IT Audit Group dan melakukan analisa terhadap berbagai kasus yang telah dihadapi, terkait dengan penugasan seperti Data Analysis, Computer Fraud, IT Governance dan Security Review. Disamping itu, dilakukan kajian mengenai teori Product Life Cycle terhadap pengembangan IT Audit Group atas dua jenis kelompok jasa IT Audit Group, yaitu internal dan eksternal. Ilustrasi analisa SWOT juga dipaparkan, sebagai pembahasan penyusunan rencana bisnis pengembangan IT Audit Group. Berdasarkan hasil analisa dapat disimpulkan bahwa perkembangan IT Audit Group di KAP XYZ sangat dipengaruhi oleh perkembangan KAP itu sendiri, yaitu merger, dan lahirnya regulasi-regulasi baru yang terkait dengan IT, termasuk diantaranya Sarbanes Oxley dan juga regulasi khusus mengenai IT yang dikeluarkan oleh Bank Indonesia. Namun demikian, seperti layaknya suatu produk, jasa IT Audit yang diberikan oleh IT Audit Group untuk kebutuhan internal, sebagai bagian dari audit laporan keuangan, pada akhirnya mengalami masa maturity. Pada fase ini, IT Audit Group diharapkan dapat melakukan terobosan-terobosan baru, dan khususnya mengembangkan lebih lanjut jasa IT audit kepada pihak eksternal. Analisa pengembangan IT Audit juga dilakukan dengan melihat aspek manusia (SDM), yang merupakan faktor terpenting dalam strategi pengembangan group IT Audit di KAP XYZ. Berdasarkan upaya pengembangan SDM IT Audit Group dan kasus-kasus yang dihadapi dapat diidentifikasi beberapa karakteristik keahlian yang perlu dimiliki oleh IT Audit Group. Karakteristik ini tidak hanya terkait dengan perlunya dibangun suatu kompetensi yang sesuai jenis jasa yang diberikan, melainkan juga aspek non-teknis lain misalnya kemampuan komunikasi dan kepemimpinan. ......Company uses IT for many purposes, especially effectiveness and efficiency, to increase their level of competitiveness. The investment in IT is not cheap, and therefore management must assure that the initial objective of investing in IT can be achieved. IT Audit is one of the method to assist management to provide assurance of the success of their investment in IT. Besides financial statements audit, Audit Firm also provides other services such as IT audit. Observing the firm practice to develop other services like this would bring up some valuable and unique insights, because they are not the core business of the Audit Firm. It is interested to understand the way this non-core service, IT Audit Group is being developed, along the way the Firm itself experiencing a significant growth from having employee of around 100 in 1992, to 1,500 in 2010, including through mergers. The observation is made to KAP XYZ, which started the development of IT Audit Group in 1996. The research is based on analysing the reports and also analysis to various cases encountered in the assignments, such as Data Analysis, Computer Fraud, IT Governance dan Security Review. Additionally, further analysis is conducted using Product Life Cycle Theory and the two types of IT Audit Services in KAP XYZ (Internal and External). An illustration of the SWOT analysis is also explained as part of the discussion of formulating IT Audit Group business plan. Based on the analysis, it can be concluded that the development of IT Audit Group in KAP XYZ is significantly influenced by the growth of the KAP itself, i.e. merger, and the introduction of new regulations relating to IT, including among others, Sarbanes Oxley and specific regulation such as those issued by Bank Indonesia. As like a product, however, the IT Audit Service that is provided to the internal, has entered its maturity phase. In this phase, the IT Audit Group is expected to come up with breakthrough and especially to further develop the potential of its special IT Audit Services, to the external. An analysis of the development of IT Audit Group is also made through assessment of people aspect, which is one of the most important factor in the strategy of IT Audit Group. Based on the assessment and also dealing with various cases, we can identify some competency characteristics that must be possessed by the IT Audit Group. These characteristics are not only related to the importance of building up skills relating to types of assignment, but also those non-technical aspects such as communication skills and leadership.

Abstrak :
The basics of IT audit : purposes, processes, and practical information provides you with a thorough, yet concise overview of IT auditing. Packed with specific examples, this book gives insight into the auditing process and explains regulations and standards such as the ISO-27000, series program, CoBIT, ITIL, Sarbanes-Oxley, and HIPPA. IT auditing occurs in some form in virtually every organization, private or public, large or small. The large number and wide variety of laws, regulations, policies, and industry standards that call for IT auditing make it hard for organizations to consistently and effectively prepare for, conduct, and respond to the results of audits, or to comply with audit requirements.

Abstrak :
This book is updated to address cloud computing, web-based applications, and server virtualization, the fourth edition of this bestselling text provides a comprehensive overview of IT controls and audits. It facilitates a fundamental understanding of IT governance, controls, auditing applications, systems development, and operations. Supporting and analyzing the COBIT model, the book prepares IT professionals for the CISA and CGEIT exams. With summary sections, exercises, review questions, and references for further readings, it promotes the mastery of the concepts and practical implementation of controls needed to effectively manage IT resources. Updated to address cloud computing, web-based applications, and server virtualization, the fourth edition of this bestselling text provides a comprehensive overview of IT controls and audits. It facilitates a fundamental understanding of IT governance, controls, auditing applications, systems development, and operations. Supporting and analyzing the COBIT model, the book prepares IT professionals for the CISA and CGEIT exams. With summary sections, exercises, review questions, and references for further readings, it promotes the mastery of the concepts and practical implementation of controls needed to effectively manage IT resources"--Provided by publisher. Preface This book is designed to meet the increasing need for information technology (IT) and audit professionals to understand IT governance and controls required to manage this key resource. This book can be used by IT and audit professionals to gain an understanding of IT governance, controls and audit practices. This book aligns to and supports the Control Objectives for Information and Related Technology (Cobi T) model and assists in preparation for the Certified Information Systems Auditor (CISA) exam. Exhibit 1 provides a map of this text to the CISA exam. Exam (%) CISA Examination Content Areas to Model Curriculum (Undergraduate) IT Audit and Control IT Planning and Organization IT Acquisition Implementation IT Delivery and Support Advanced Topics Title and Description 14 The IS audit process Provides IS audit services in accordance with IS audit standards, guidelines, and best practices to assist the organization in ensuring that its IT and business systems are protected and controlled"--Provided by publisher.