![Page 1: ITIL & COBIT O6PLM Kevin Lisay – 1501147113 Rendy Winarta – 1501149226 Steven Ekaputranto - 1501148362 Stefani Trifosa – 1501158893 Gladys Natalia – 1501165476](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649e3c5503460f94b2e625/html5/thumbnails/1.jpg)
ITIL & COBITO6PLMKevin Lisay – 1501147113Rendy Winarta – 1501149226Steven Ekaputranto - 1501148362Stefani Trifosa – 1501158893Gladys Natalia – 1501165476
![Page 2: ITIL & COBIT O6PLM Kevin Lisay – 1501147113 Rendy Winarta – 1501149226 Steven Ekaputranto - 1501148362 Stefani Trifosa – 1501158893 Gladys Natalia – 1501165476](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649e3c5503460f94b2e625/html5/thumbnails/2.jpg)
Background Information Technology is a thing that can’t be
missed in this modern world. Effectiveness and efficiency that IT offers are great and gives so much benefit. Any company especially the big one can’t endure to use IT nowadays.
In order to make the structure of IT operates really well, many of company use ITIL (Information Technology Infrastructure Library), which is a set of document a set of documents which defines best practices and accepted techniques in Information Technology community. Also COBIT (Control objectives for information and related technology) that helps top tier user (managers, IT professionals and assurance professionals) develop IT itself.
![Page 3: ITIL & COBIT O6PLM Kevin Lisay – 1501147113 Rendy Winarta – 1501149226 Steven Ekaputranto - 1501148362 Stefani Trifosa – 1501158893 Gladys Natalia – 1501165476](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649e3c5503460f94b2e625/html5/thumbnails/3.jpg)
Scope
1. Implementation of Information Technology Infrastructure Library.
2. Implementation of Control Objective for Information and Related Technology.
3. Differences between Information Technology Infrastructure Library and Control Objective for Information and Related Technology.
![Page 4: ITIL & COBIT O6PLM Kevin Lisay – 1501147113 Rendy Winarta – 1501149226 Steven Ekaputranto - 1501148362 Stefani Trifosa – 1501158893 Gladys Natalia – 1501165476](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649e3c5503460f94b2e625/html5/thumbnails/4.jpg)
What is ITIL (Information Technology Infrastructure Library)ITIL is the most widely adopted
approach for IT Service Management in the world. It provides a practical, no-nonsense framework for identifying, planning, delivering and supporting IT services to the business.
![Page 5: ITIL & COBIT O6PLM Kevin Lisay – 1501147113 Rendy Winarta – 1501149226 Steven Ekaputranto - 1501148362 Stefani Trifosa – 1501158893 Gladys Natalia – 1501165476](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649e3c5503460f94b2e625/html5/thumbnails/5.jpg)
COBIT? (Control objectives for information and related technology)A model designed to control the IT
function. This model was originally developed by the Information System Audit and control foundation (ISACF).
COBIT support IT governance by providing a comprehensive description of the control objectives for IT processes and by offering the possibility of examining the maturity of these processes.
![Page 6: ITIL & COBIT O6PLM Kevin Lisay – 1501147113 Rendy Winarta – 1501149226 Steven Ekaputranto - 1501148362 Stefani Trifosa – 1501158893 Gladys Natalia – 1501165476](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649e3c5503460f94b2e625/html5/thumbnails/6.jpg)
Implementation of Information Technology Infrastructure Library.
![Page 7: ITIL & COBIT O6PLM Kevin Lisay – 1501147113 Rendy Winarta – 1501149226 Steven Ekaputranto - 1501148362 Stefani Trifosa – 1501158893 Gladys Natalia – 1501165476](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649e3c5503460f94b2e625/html5/thumbnails/7.jpg)
1.Process Implementation
Objective The objective of this document is to provide a template for
developing process implementation plans that will be usable across a wide range of diverse organizations
Program Management
![Page 8: ITIL & COBIT O6PLM Kevin Lisay – 1501147113 Rendy Winarta – 1501149226 Steven Ekaputranto - 1501148362 Stefani Trifosa – 1501158893 Gladys Natalia – 1501165476](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649e3c5503460f94b2e625/html5/thumbnails/8.jpg)
2. Process Implementation Projects
Process, People And Technology (The Integrated Project Plan)◦ Project Timelines◦ Expected Project Deliverables
Implementation Roles◦ Process Owner◦ Core Process Team◦ Stakeholder Groups And Subject Matter Experts◦ Internal and External Process Advisors
Pink Elephant Consulting RolesHigh Level Process Model Development
![Page 9: ITIL & COBIT O6PLM Kevin Lisay – 1501147113 Rendy Winarta – 1501149226 Steven Ekaputranto - 1501148362 Stefani Trifosa – 1501158893 Gladys Natalia – 1501165476](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649e3c5503460f94b2e625/html5/thumbnails/9.jpg)
3. Process Embedding Strategy
Process Workshops / Training◦ Develop Lesson Plans◦ Schedule Workshop And Process Embedding Date◦ Coaching Period◦ Initial Process Review And Adjustment
Detailed Activities (Project Check List)◦ People Involved◦ Awareness Campaign◦ Systems Implementation Activities◦ Support Tools◦ Post Implementation and Audit◦ Other Considerations
![Page 10: ITIL & COBIT O6PLM Kevin Lisay – 1501147113 Rendy Winarta – 1501149226 Steven Ekaputranto - 1501148362 Stefani Trifosa – 1501158893 Gladys Natalia – 1501165476](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649e3c5503460f94b2e625/html5/thumbnails/10.jpg)
4. Evaluationof The Project
Post Project ReviewAuditing Using Quality
Parameters◦Generic Quality Parameters for IT
Service Management◦Process Specific Quality Parameters
for IT Service Management
![Page 11: ITIL & COBIT O6PLM Kevin Lisay – 1501147113 Rendy Winarta – 1501149226 Steven Ekaputranto - 1501148362 Stefani Trifosa – 1501158893 Gladys Natalia – 1501165476](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649e3c5503460f94b2e625/html5/thumbnails/11.jpg)
Implementation of Control Objective for Information and Related Technology.
![Page 12: ITIL & COBIT O6PLM Kevin Lisay – 1501147113 Rendy Winarta – 1501149226 Steven Ekaputranto - 1501148362 Stefani Trifosa – 1501158893 Gladys Natalia – 1501165476](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649e3c5503460f94b2e625/html5/thumbnails/12.jpg)
1. BackgroundThe bank in the given case is a global
conglomerate with operations in more than 50 countries and with more than 125,000 employees across the globe. The bank’s technology teams are located throughout the world to support global lines of business. The IT teams include development centers that are part of the bank and others that are outsourced to vendors, as well as technology back offices that support IT infrastructure and services. The bank had a history of multiple governance and assurance templates and processes followed by different teams, regions and locations. Hence, the key challenge was to create a common governance and assurance process across technology teams.
![Page 13: ITIL & COBIT O6PLM Kevin Lisay – 1501147113 Rendy Winarta – 1501149226 Steven Ekaputranto - 1501148362 Stefani Trifosa – 1501158893 Gladys Natalia – 1501165476](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649e3c5503460f94b2e625/html5/thumbnails/13.jpg)
2. Use of COBITDefining a framework to use—
Control objective framework (COF)
Identifying a standard definition of ‘entities’ against which risks and controls were to be evaluated—Key entity management model
Identifying a risk management process—Risk and control assessment (RCA)
![Page 14: ITIL & COBIT O6PLM Kevin Lisay – 1501147113 Rendy Winarta – 1501149226 Steven Ekaputranto - 1501148362 Stefani Trifosa – 1501158893 Gladys Natalia – 1501165476](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649e3c5503460f94b2e625/html5/thumbnails/14.jpg)
Defining COF It should act as a tool to facilitate the effective
assessment of risks and controls within technology.
It should act as a reporting framework to demonstrate how technology satisfies reporting regulatory requirements, including those of Sarbanes-Oxley.
It should act as an aid to drive management assurance.
The steps in implementing COF using COBIT included:
Identify principal risks Identify level II risks Identify control objectives
![Page 15: ITIL & COBIT O6PLM Kevin Lisay – 1501147113 Rendy Winarta – 1501149226 Steven Ekaputranto - 1501148362 Stefani Trifosa – 1501158893 Gladys Natalia – 1501165476](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649e3c5503460f94b2e625/html5/thumbnails/15.jpg)
![Page 16: ITIL & COBIT O6PLM Kevin Lisay – 1501147113 Rendy Winarta – 1501149226 Steven Ekaputranto - 1501148362 Stefani Trifosa – 1501158893 Gladys Natalia – 1501165476](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649e3c5503460f94b2e625/html5/thumbnails/16.jpg)
Benefit of Defining COF
Prior to implementing this framework, each entity, organization and location had its own set of controls. COBIT helped in developing and managing a single list of controls for each type of risk through the mapping of needed controls to COBIT. In turn, this assisted with the attestation of each type of risk, which provided confidence to senior executives on the reporting and attestation process. Subsequently, a risk assessment process was developed to define risks and controls. This helped in ensuring that adequate controls were deployed to cover the principal risks and level II risks.
![Page 17: ITIL & COBIT O6PLM Kevin Lisay – 1501147113 Rendy Winarta – 1501149226 Steven Ekaputranto - 1501148362 Stefani Trifosa – 1501158893 Gladys Natalia – 1501165476](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649e3c5503460f94b2e625/html5/thumbnails/17.jpg)
Identifying Entities for Managing Risks and Controls◦Process entities◦Supporting services entities◦Technology entities◦Project entities
![Page 18: ITIL & COBIT O6PLM Kevin Lisay – 1501147113 Rendy Winarta – 1501149226 Steven Ekaputranto - 1501148362 Stefani Trifosa – 1501158893 Gladys Natalia – 1501165476](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649e3c5503460f94b2e625/html5/thumbnails/18.jpg)
Defining and Implementing the RCA Process
![Page 19: ITIL & COBIT O6PLM Kevin Lisay – 1501147113 Rendy Winarta – 1501149226 Steven Ekaputranto - 1501148362 Stefani Trifosa – 1501158893 Gladys Natalia – 1501165476](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649e3c5503460f94b2e625/html5/thumbnails/19.jpg)
Training Key Stakeholders
One of the main challenges was to explain the entire process to all of the stakeholders with different backgrounds and understanding of risks and controls and at various locations. The challenge was managed by creating additional training programs at various levels.
![Page 20: ITIL & COBIT O6PLM Kevin Lisay – 1501147113 Rendy Winarta – 1501149226 Steven Ekaputranto - 1501148362 Stefani Trifosa – 1501158893 Gladys Natalia – 1501165476](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649e3c5503460f94b2e625/html5/thumbnails/20.jpg)
Differences Between ITIL and COBIT
![Page 21: ITIL & COBIT O6PLM Kevin Lisay – 1501147113 Rendy Winarta – 1501149226 Steven Ekaputranto - 1501148362 Stefani Trifosa – 1501158893 Gladys Natalia – 1501165476](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649e3c5503460f94b2e625/html5/thumbnails/21.jpg)
- ITIL - COBITControl FocusedUses IT MetricsUsed by auditors in
SOXCritical Success
FactorsIncludes a
discussion of qualityIncludes a
discussion of process maturity
Strong concentration on processes
Security is a very important component
Focused on service delivery
Has a broad base of adopting organizations with lessons learned
Has an organization certification schema
![Page 22: ITIL & COBIT O6PLM Kevin Lisay – 1501147113 Rendy Winarta – 1501149226 Steven Ekaputranto - 1501148362 Stefani Trifosa – 1501158893 Gladys Natalia – 1501165476](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649e3c5503460f94b2e625/html5/thumbnails/22.jpg)
Here is a table explaining COBIT, ITIL, and one other framework (CMMi) for SOX :
![Page 23: ITIL & COBIT O6PLM Kevin Lisay – 1501147113 Rendy Winarta – 1501149226 Steven Ekaputranto - 1501148362 Stefani Trifosa – 1501158893 Gladys Natalia – 1501165476](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649e3c5503460f94b2e625/html5/thumbnails/23.jpg)
Another table describing COBIT, ITIL, another framework (CMMi) for non-SOX Objectives
![Page 24: ITIL & COBIT O6PLM Kevin Lisay – 1501147113 Rendy Winarta – 1501149226 Steven Ekaputranto - 1501148362 Stefani Trifosa – 1501158893 Gladys Natalia – 1501165476](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649e3c5503460f94b2e625/html5/thumbnails/24.jpg)
![Page 25: ITIL & COBIT O6PLM Kevin Lisay – 1501147113 Rendy Winarta – 1501149226 Steven Ekaputranto - 1501148362 Stefani Trifosa – 1501158893 Gladys Natalia – 1501165476](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56649e3c5503460f94b2e625/html5/thumbnails/25.jpg)