Pengelolaan Risiko Organisasi: Penilaian Risiko I&T berdasarkan COBIT (Bag.2)

Penilaian risiko I&T bertujuan agar dapat melihat risiko-risiko yang secara signifikan mempengaruhi pencapaian tujuan organisasi. Berdasarkan COBIT 5 for Risk terdapat beberapa hal yang diperhatikan untuk melakukan penilaian risiko seperti tipe risiko, kategori risiko serta faktor risiko, yang digunakan sebagai informasi awal untuk membangun skenario risiko dan kontrol risikonya.

  1. Tipe Risiko
    1. IT benefit / value enablement risk
      Risiko berkaitan dengan manfaat atau nilai risiko TI terhadap peningkatan efisiensi dan efektivitas pencapaian tujuan organisasi
    2. IT programme and project delivery risk
      Risiko berkaitan program dan proyek risiko TI yang memberikan kontribusinya sebagai solusi bisnis
    3. IT operations and service delivery risk
      Risiko terkait dengan stabilitas operasional, ketersediaan, perlindungan dan pemulihan layanan
  2. Kategori Risiko
    1. Portfolio establishment and maintenance
    2. Programme/ projects life cycle management (programme/ project initiation, economics, delivery, quality and termination)
    3. IT investment decision making
    4. IT expertise and skills
    5. Staff operations (human error and malicious intent)
    6. Information (data breach: damage, leakage and access)
    7. Architectural (vision and design)
    8. Infrastructure (hardware, operating system and controlling technology) (selection/ implementation, operations and decommissioning)
    9. Software
    10. Business ownership of IT
    11. Supplier selection/performance, contractual compliance, termination of service and transfer
    12. Regulatory compliance
    13. Geopolitical
    14. Infrastructure theft or destruction
    15. Malware
    16. Logical attacks
    17. Industrial action
    18. Environmental
    19. Acts of Nature
    20. Innovation
  3. Faktor Risiko
    1. Faktor Kontekstual
      1. Internal
        1. Enterprise goals and objectives
        2. Strategic importance of IT in the enterprise
        3. Complexity of IT
        4. Complexity of the enterprise
        5. Degree of change
        6. Change management capability
        7. The risk management philosophy
        8. Operating model
        9. Strategic priorities
        10. Culture of the enterprise
        11. Financial capacity
      2. External
        1. Market/economic factors
        2. Rate of change in the market in which the enterprise operates
        3. Competitive environment
        4. Geopolitical situation
        5. Regulatory environment
        6. Technology status and evolution
        7. Threat landscape

 

Sumber: COBIT 5 for Risk

One Reply to “Pengelolaan Risiko Organisasi: Penilaian Risiko I&T berdasarkan COBIT (Bag.2)”

Leave a Reply

Your email address will not be published. Required fields are marked *