A.

PEMETAAN COBIT 5
a. Identifikasi Tujuan Bisnis
Tabel 1 Identifikasi Tujuan Bisnis ke Balanced Scorecard (BSC)

Tujuan BSC No. COBIT 5 Enterprise Goal

Perusahaan Dimention Benefits
Realisation
1. Stakeholder value of business
investments
2. Portfolio of competitive product and
service
P
Keuangan 3. Maneged business risk (safeguarding
of assets)
4. Compliance with external laws and
regulations
P
5. Financial Transparancy
6. Customer-oriented service culture
7. Business service continuity and
availability
P
8. Agile responses to a changing
Customer business environtment
Logistic Centre 9. Information-based strategic decision
Oil dan Gas making
P
10. Optimization of service delivery
costs
S
11. Optimization of business process
functionality
P
12. Optimization of business process
costs
S
Internal 13. Managed business change
programmes
S
14. Operational and staff productivity P
15. Compliance with internal policies S
Learning 16. Skilled and motivated people P
and 17. Product and Business innovation
culture P
Growth
1. Stakeholder value of business
investments
S
2. Portfolio of competitive product and
service
P
Keuangan 3. Maneged business risk (safeguarding
of assets)
S
4. Compliance with external laws and
regulations
S
Produk Unggulan
5. Financial Transparancy S
6. Customer-oriented service culture S
7. Business service continuity and
availability
P
Customer Agile responses to a changing
8. P
business environtment
9. Information-based strategic decision S
 making
10. Optimization of service delivery
costs
P
11. Optimization of business process
functionality
S
12. Optimization of business process
costs
S
Internal 13. Managed business change
programmes
S
14. Operational and staff productivity S
15. Compliance with internal policies S
Learning 16. Skilled and motivated people P
and 17. Product and Business innovation
culture P
Growth
1. Stakeholder value of business
investments
S
2. Portfolio of competitive product and
service
P
3. Maneged business risk (safeguarding
of assets)
S
4. Compliance with external laws and
regulations
S
Keuangan 5. Financial Transparancy S
6. Customer-oriented service culture S
7. Business service continuity and
availability
S
8. Agile responses to a changing
Customer business environtment
S
Membangun
Kapal s/d 60.000 9. Information-based strategic decision
making
P
DWT Optimization of service delivery
10. S
costs
11. Optimization of business process
functionality
P
12. Optimization of business process
costs
P
Internal 13. Managed business change
programmes
S
14. Operational and staff productivity S
15. Compliance with internal policies S
Learning 16. Skilled and motivated people P
and 17. Product and Business innovation
culture P
Growth
1. Stakeholder value of business
investments
S
2. Portfolio of competitive product and
service
P
Penjualan Maneged business risk (safeguarding
Keuangan 3. S
mencapai 600M of assets)
4. Compliance with external laws and
regulations
S
5. Financial Transparancy P
 6. Customer-oriented service culture P
7. Business service continuity and
availability
P
8. Agile responses to a changing
Customer business environtment
P
9. Information-based strategic decision
making
S
10. Optimization of service delivery
costs
S
11. Optimization of business process
functionality
S
12. Optimization of business process
costs
S
Internal 13. Managed business change
programmes
S
14. Operational and staff productivity P
15. Compliance with internal policies S
Learning 16. Skilled and motivated people P
and 17. Product and Business innovation
culture P
Growth
Net Profit Margin 1. Stakeholder value of business
investments
S
14%
2. Portfolio of competitive product and
service
S
Keuangan 3. Maneged business risk (safeguarding
of assets)
S
4. Compliance with external laws and
regulations
S
5. Financial Transparancy P
6. Customer-oriented service culture S
7. Business service continuity and
availability
S
8. Agile responses to a changing
Customer business environtment
S
9. Information-based strategic decision
making
S
10. Optimization of service delivery
costs
P
11. Optimization of business process
functionality
S
12. Optimization of business process
costs
P
Internal 13. Managed business change
programmes
S
14. Operational and staff productivity P
15. Compliance with internal policies S
Learning 16. Skilled and motivated people P
and 17. Product and Business innovation
culture P
Growth
Dari 4 tujuan bisnis yang dimiliki oleh PT IKI kemudian dipetakan terhadap 17 tujuan bisnis
dalam COBIT 5 yang terdapat pada 4 dimensi yaitu Keuangan, Pelanggan, Proses Bisnis
Internal, dan Pelajaran dan pertumbuhan. Dengan memetakan berdasarkan 17 tujuan bisnis
berdasarkan COBIT 5. Hasilnya hanya berfokus pada Penjualan mencapai 600M yang
berkaitan dengan tujuan bisnis PT IKI adalah berkaitan dengan 2,5,6,7,8,14,16,17.

b. Identifikasi Tujuan TI
Tabel 2 Identifikasi Tujuan Bisnis TI ke BSC

Tujuan Perusahaan

Portfolio of competitive products and service

Financial Transparency

Customer-oriented service culture

Business service continuity and available

Agile response to a changing business environment

Operational and staff productivity

Skilled and motivated people

Product and business innovation culture

2 5 6 7 8 14 16 17
Tujuan Kegiatan TI Financial Customer Internal L&G
01 Alignment of IT and business
P P
strategy
02 IT compliance and support for
business compliance with
external laws and regulation
03 Commitment of executive
management for making IT- P
related decision
04 Managed IT-related business
P
risk
05 Realized benefits from IT-
enabled investments and
services portfolio
 06 Transparency of IT cost
P
benefits and risk
07 Delivery of IT services in line
with business requirements
08 Adequate use of
applications,information and P P
technology solutions
09 IT agility P P P P
10 Security of information,
processing infrastructure and P
applications
11 Optimization of IT assets,
P P
recourses and capabilities P
12 Enablement and support of
business processes by integrating
P
application and technology into
business processes
13 Delivery of programmes
delivering benefits on time, on
P
budget, and meeting requirement
and quality standards
14 Availability of reliable and useful
P
information for decision making
15 IT compliance with internal
policies
16 Competent and motivated business
P P
and IT personnel
17 Knowledge, expertise, and
P P P
initiatives for business innovation

Dari hasil pemetaan pada tujuan bisnis terhadap tujuan TI dapat dilihat 1 tujuan TI yang
berkaitan kuat yaitu pada nomor 9 yaitu Ketangkasan TI (IT agibility). Sehingga focus
kami yaitu pada tujuan TI nomor 9 untuk dilakukan pemetaan dengan proses TI pada
COBIT 5.

c. Pemetaan tujuan TI dengan Proses dalam COBIT 5

Tabel 3 Pemetaan Tujuan TI dengan Proses COBIT
Tujuan Bisnis
Proses bisnis 09. IT Agility
EDM01 Ensure governance framework setting and
P
maintenance
EDM02 Ensure Benefit Delivery S
EDM03 Ensure Risk Optimisation S
EDM04 Ensure Resource Optimisation P
EDM05 Ensure Stakeholder Transparency S
APO01 Manage the IT Management Framework P
APO02 Manage Strategy P
APO03 Manage Enterprise Architecture S
APO04 Manage Innovation P
APO05 Manage Portfolio S
APO06 Manage Budget and Cost S
APO07 Manage Human Resources S
APO08 Manage Relationship P
APO09 Manage Service Agreements P
APO10 Manage Suppliers S
APO11 Manage Quality S
APO12 Manage Risk S
APO13 Manage Security P
BAI01 Manage Programmers and Projects S
BAI02 Manage Requirements Definition S
BAI03 Manage Solution Identification and Build S
BAI04 Manage Availability and Capacity P
BAI05 Manage Organizational Change Enablement S
BAI06 Manage Changes P
BAI07 Manage Change Acceptance and Transitioning P
BAI08 Manage Knowledge S
BAI09 Manage Assets P
BAI10 Manage Configuration P
DSS01 Manage Operations P
DSS02 Manage Service Requests and Incidents S
DSS03 Manage Problems S
DSS04 Manage Continuity P
DSS05 Manage Security Services P
DSS06 Manage Business Process Control S
MEA01 Monitor, Evaluate and Assess Performance and
S
Conformance
MEA02 Monitor, Evaluate and Assess the System of
S
Internal Control
MEA03 Monitor, Evaluate and Assess Compliance with
P
External Requirements

Setelah dilakukan pemetaan terhadap tujuan TI perusahaan selanjutnya dilakukan pemetaan

terhadap 37 proses TI yang ada pada COBIT 5. Dari 37 proses yang memiliki keterkaitan
yang kuat adalah sebanyak 17 proses yaitu pada EDM01, EDM04, APO01,APO02,APO04,
APO08, APO09, APO13, BAI04,BAI06, BAI07, BAI09,BAI10, DSS01, DSS04, DSS05
dan MEA04. Sehingga proses TI tersebut akan menjadi focus pada tugas ini. Dipilihnya
kategori Primary karena pada tugas ini ingin mengetahui hubungan antara tujuan bisnis
dengan tujuan TI yang memiliki keterkaitan paling dominan.
Tabel 4 Tabel Aktivitas Cobit 5
Governance: Evaluate, Direct, Monitor (EDM)
01 Evaluate the governance system
EDM01 02 Direct the governance system
03 Monitor the governance systems
01 Evaluate value optimization
EDM02 02 Direct value optimization
03 Monitor value optimization
01 Evaluate risk management
EDM03 02 Direct risk management
03 Monitor risk management
01 Evaluate resource management
EDM04 02 Direct resource management
03 Monitor resource management
01 Evaluate stakeholder repoting
requirements
EDM05 02 Direct stakeholder communication and
repoting
03 Monitor stakeholder communication

Management: Align, Plan and Organize (APO)

01 Define the organizational structure

02 Establish roles and responsibilities
03 Maintain the enablers of the management
system
04 Communicate management objective and
direction
APO01 05 Optimize the placemet of the IT function
06 Define information (data) and system
ownership
07 Manage continual improvement of
processes
08 Maintain compliance with policies and
procedures
01 Understand enterprise direction
02 Assess the current environment,
capabilities and performance
03 Define the target IT capabilities
APO02
04 Conduct a gap analysis
05 Define the strategic plan and road map
06 Communicate the IT strategy and
direction
APO03 01 Develop the enterprise architecture vision
 02 Define reference architecture
03 Select opportunities and solutions
04 Define architecture implementation
05 Provide enterprise architecture services
01 Create an environment conducive to
innovation
02 Maintain an understanding of the
enterprise environment
03 Monitor and scan the technology
environment
APO04
04 Assess the potential of emerging
technologies and innovation ideas
05 Recommend appropriate further
initiatives
06 Monitor the implementation and use of
innovation
01 Establish the target investment mix
02 Determine the availability and sources of
funds
03 Evaluate and select programmes to fund
APO05
04 Monitor, optimize and report investment
portfolio performance
05 Maintain portfolios
06 Manage benefits achievement
01 Manage finance and accounting
02 Prioritise resource allocation
APO06 03 Create and maintain budgets
04 Model and allocate cost
05 Manage cost
01 Maintain adequate and appropriate
staffing
02 Identify key IT personnel
03 Maintain the skills and competencies of
APO07 personnel
04 Evaluate employee job performance
05 Plan and track the usage of IT and
business human resources
06 Manage contact staff
01 Understand business expectation
02 Identify opportunities, risk, and
constraints for IT to enhance the business
APO08 03 Manage the business relationship
04 Co-ordinate and communicate
05 Provide input to continual improvement
of service
 01 Identify IT services
Catalogue IT-enabled services
02 Catalogue IT-enabled services
APO09
03 Define and prepare service agreements
04 Monitor and report service levels
05 Review service agreements and contracts
01 Identify and evaluate supplier
relationship and contracts
02 Select suppliers
03 Manage supplier relationships and
APO10
contracts
04 Manage supplier risk
05 Monitor supplier performance and
compliance
01Establish a quality management systems
(QMS)
02 Define and manage quality standards,
practices and procedures
03 Focus quality management on customers
APO11 04 Perform quality monitoring, control, and
reviews
05 Integrate quality management into
solutions for development and service
delivery
06 Maintain continuous improvement
01 Collect data
02 Analyze risk
03 Maintain a risk profile
APO12 04 Articulate risk
05 Define a risk management action
portfolio
06 Respond to risk
01 Establish and maintain an ISMS
02 Define and manage an information
APO13
security risk treatment plan
03 Monitor and review the ISMS

Management: Build, Acquire and Implement (BAI)

01 Maintain a standard approach for

programme and project management
02 Initiate a programme
BAI01
03 Manage stakeholder engagement
04 Develop and maintain the programme
plan
 05 Launch and execute the programme
06 Monitor, control and report on the
programme outcomes
07 Start up and initiate projects within a
programme
08 Plan project
09 Manage programme and project quality
10 Manage programme and project risk
11 Monitor and control project
12 Manage project resources and work
packages
13 Close a project or iteration
14 Close a programme
01 Define and maintain business functional
and technical requirements
02 Perform a feasibility study and formulate
BAI02 alternative solution
03 Manage requirement risk
04 Obtain approval of requirements and
solution
01 Design high-level solutions
02 Design detailed solution components
03 Develop solution components
04 Procure solution components
05 Build solutions
06 Perform quality assurance
BAI03
07 prepare for solution testing
08 Execute solution testing
09 Manage changes to requirements
10 Maintain solution
11 Define IT services and maintain the
service portfolio
01 Assess current availability, performance
and capacity and create a baseline
02 Assess business impact
03 Plan for new changed service
BAI04 requirements
04 Monitor and review availability and
capability
05 Investigate and address availability,
performance and capacity issues
01 Establish the desire to change
02 Form an effective implementation team
BAI05
03 Communicate desired visiin
04 Empower role player and identify short-
 term wins
05 Enable operation and use
06 Embed new approaches
07 Sustain changes
01 Evaluate, prioritize and authorize change
request
BAI06 02 Manage emergency changes
03 Track and report changer status
04 Close and document the changes
01 Establish an implementation plan
02 Plan business process, system and data
conversion
03 Plan acceptance tests
04 Establish a test environment
BAI07
05 Perform acceptance tests
06 Promote to production and manage
releases
07 Provide early production support
08 Perform a post-implementation review
01 Nurture and facilitate a knowledge-
sharing culture
02 identify and classify sources of
information
BAI08
03 organize and contextualize information
into knowledge
04 use and share knowledge
05 Evaluate and retire information
01 Identify and record current assets
02 Manage critical assets
BAI09 03 Manage the assets life cycle
04 Optimize asset costs
05 Manage licences
01 Establish and maintain a configuration
model
02 Establish and maintain a configuration
repository and baseline
BAI10 03 Maintain and control configuration
reports
04 Produce status and configuration reports
05 Verify and review integrity of the
configuration repository

Management: Deliver, Service and Support (DSS)

01 Perform operational procedures
DSS01
02 Manage outsourced IT services
 03 Monitor IT infrastructure
04 Manage the environment
05 Manage facilities
01 Define incident and service request
classification schemes
02 Record, classify and prioritize request and
incidents
03 Verify, approve and fulfill service request
DSS02
04 Investigate, diagnose and allocate
incidents
05 Resolve and recover from incidents
06 Close service request an incidents
07 Track status and produce reports
DSS03 01 Identify and classify problems
02 Investigate and diagnose problems
03 Raise known errors
04 Resolve and close problems
05 Perform proactive problem management
01 Define the business continuity policy,
objectives and scope
02 Maintain a continuity strategy
03 Develop and implement a business
continuity response
DSS04 04 Exercise, test and review the BCP
05 Review, maintain and improve the
continuity response
06 Conduct continuity plan training
07 Manage backup arrangements
08 Conduct post-resumption review
01 Protect against malware
02 Manage network and connectivity
security
03 Manage endpoint security
04 Manage user identity and logical access
DSS05
05 Manage physical access to IT assets
06 Manage sensitive documents and output
devices
07 Monitor the infrastructure for security-
related events
01 Align control activities embedded in
business processes with enterprise objectives
02 Control the processing of information
DSS06
03 Manage roles, responsibility, access
privileges and levels of authority
04 Manage errors and exceotions
 05 Ensure traceability of information events
and accountabilities
06 Secure information assets

Management: Monitor, Evaluate and Assess (MEA)