Lampiran Materi ITGM Minggu ke-6 - Risk Calculation Tools.xlsx

Sheet1RISK SCENARIOEXISTING/PLANNED CONTROLSLIKELIHOODIMPACT ANALYSISIMPACTRISK VALUATION (MAX)RISK VALUATION (AVERAGE)ESSENTIALTITLECONTROL EFFECTIVENESSImpact 1Impact 2Impact 3Impact 4Impact 5Impact 6Max ImpactAverage ImpactRatingValueRatingValueANALISA RISIKO LEVEL BENEFIT STRATEGIS ORGANISASIIT Programme selectionYesIT Value Management18.33%512121.333333333310Tinggi6.6666666667TinggiYesIT Portfolio ManagementYesTechnological Direction PlanningYesIT Strategy COmmittee YesIT Steering CommitteeYesPrioritisation Within IT BudgetYesDefinition and Maintenance of Business Functional and Technical RequirementsYesEvaluate and Assign Relative Scores to Programme Business Cases Communication of IT Objectives and DirectionDefine an Appropriate Investment MixCreate Overall Investment Portfolio ViewEvaluate the Initial Programme Concept Business CaseNew TechnologiesYesTechnological Direction Planning0.00%50ERROR:#DIV/0!00ERROR:#DIV/0!ERROR:#DIV/0!YesMonitor Future Trends and RegulationsYesTranslate the Business Strategy and Goals into IT Strategy and GoalsEnterprise Information Architecture ModelDefine an Appropriate Investment MixTechnology SelectionYesIT Architecture Board0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!YesCommunication of IT Objectives and DirectionYesDefinition and Maintenance of Business Functional and Technical RequirementsYesRisk Analysis ReportYesFeasibility Study and Formulation of Alternative Courses of ActionYesRequirements and Feasibility Decision and ApprovalYesPerform Analysis of Alternatives IT Strategic PlanIT Strategic PlanEnterprise Information Architecture ModelTechnological Infrastructure PlanIT Steering CommitteePrioritisation Within IT BudgetProject Scope StatementDevelop a Clear and Complete Understanding of the Candidate ProgrammeIT Investment Decision MakingYesIT Steering Committee0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!YesStakeholder CommitmentYesEstablish, Implement and Communicate Roles, Responsibilities and AccountabilitiesRelationshipsBenefit ManagementEstablish Organisational StructuresUnderstand the Current and Future Demand (for business human resources)Accountability over ITYesKnowledge Transfer to Business Management supervision0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!YesDevelop an Understanding of the Significance of IT and Role of GovernanceIT Strategy CommitteeIT Steering CommitteeBenefit ManagementStakeholder CommitmentEstablish Effective Reporting LinesEstablish Organisational StructuresEstablish, Implement and Communicate Roles, Responsibilities and AccountabilitiesUnderstand the Current and Future Demand (for business human resources)Integration IT Within business processesYesBusiness-IT Alignment0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!YesOrganisational Placement of the IT FunctionYesRelationshipsYesStakeholder CommitmentYesEnsure Alignment and Integration of Business and IT Strategies With Key Business GoalsYesEstablish Organisational StructuresYesIdentify Oppor-tunities for IT to Influence and Support the Business StrategyIT Architecture BoardIT Steering CommitteeCommunication of IT Objectives and DirectionDefinition and Maintenance of Business Functional and Technical RequirementsState of Infrastructure TechnologiesYesAssessment of Current Capability and Performance0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!YesTechnological Infrastructure PlanYesTechnology StandardsYesInfrastructure MaintenanceIT Strategic PlanTechnological Direction PlanningTechnological Infrastructure Acquisition PlanInfrastructure Resource Protection and AvailabilityPreventive Maintenance for HardwareAgeing of application softwareYesMajor Upgrades to Existing Systems0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!YesApplication Software MaintenanceAssessment of Current Capability and PerformanceIT Strategic PlanTechnological Direction PlanningTechnological Infrastructure PlanTechnology StandardsFeasibility Study and Formulation of Alternative Courses of ActionProcessing Integrity and ValidityOutput Review, Reconciliation and Error HandlingArchitecture Agility and FlexibilityYesTechnological Direction Planning0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!Business-IT AlignmentEnterprise Information Architecture ModelIT Architecture BoardRegulatory ComplianceYesIT Policy and Control Environment0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!YesIdentification of External Legal, Regulatory and Contractual Compliance RequirementsEvaluation of Compliance With External RequirementsIT StaffYesPersonnel recruitment0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!YesPersonel trainingYesDependence upon individualsIT Organization structureJob Change and terminationCreate and inventory of IT HRUnderstand the current and future (IT HR)Identify shortfall (between current & future)IT Expertise and SkillsYesPersonnel recruitment and retentions0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!YesPersonel trainingYesDependence upon individualsYesEmployee job performance evaluationPersonel competenciesJob Change and terminationCreate and inventory of IT HRUnderstand the current and future (IT HR)ANALISA RISIKO LEVEL PROYEK TISoftware ImplementationYesSoftware Quality Assurance (QA)0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!YesKnowledge Transfer to Operations and Support StaffYesImplementation PlanYesFinal Acceptance TestKnowledge Transfer to Business ManagementKnowledge Transfer to End UsersTrainingTest PlanPost-implementation ReviewAccuracy, Completeness and Authenticity ChecksProcessing Integrity and ValidityOutput Review, Reconciliation and Error HandlingTransaction Authentication and IntegrityIT Project TerminationYesProject Performance Measurement, Reporting and Monitoring0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!YesProject ClosureYesRetire the ProgrammeIT Steering CommitteeIT BudgetingCost ManagementDefinition and Collection of Monitoring DataDefine Reporting Methods and TechniquesMonitor and Report on Programme (solution delivery) PerformanceIT Project EconomicsYesCost Management0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!YesProject Performance Measurement, Reporting and MonitoringIT Steering CommitteeDefine Reporting Methods and TechniquesProject DeliveryYesProject Performance Measurement, Reporting and Monitoring0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!YesProject ClosureYesMonitor and Report on Programme (solution delivery) PerformanceDevelop a Benefits Realisation PlanProject QualityYesDevelopment and Acquisition Standards0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!YesProject Quality PlanTechnology StandardsStakeholder CommitmentProject ClosureANALISA RISIKO LEVEL OPERASI INFRASTRUKTUR DAN FASILITAS TISelection/ Performance of third-party suppliersYesSupplier Selection0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!YesSupplier Relationship ManagementYesSupplier Risk ManagementYesSupplier Performance MonitoringProcurement ControlSupplier Contract ManagementResources AcquisitionInfrastructure TheftYesIT Policies Management0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!YesPersonnel Clearance ProceduresYesInfrastructure Resource Protection and AvailabilityYesCost Model MaintenanceYesPhysical Security MeasuresPhysical AccessDestruction of infrastructureYesPhysical Security Measures0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!YesPhysical AccessYesPhysical Facilities ManagementProtection Against Environmental FactorsIT StaffYesPersonnel Recruitment and Retention0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!YesPersonnel TrainingYesDependence Upon IndividualsIT Organisational StructureJob Change and TerminationCreate and Maintain an Inventory of IT Human ResourcesUnderstand the Current and Future Demand (for IT human resources)Identify Shortfalls (between current and future IT human resource demand)IT Expertise and SkillYesPersonnel Recruitment and Retention0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!YesPersonnel TrainingYesDependence Upon IndividualsYesEmployee Job Performance EvaluationPersonnel CompetenciesJob Change and TerminationCreate and Maintain an Inventory of IT Human ResourcesUnderstand the Current and Future Demand (for IT human resources)Identify Shortfalls (between current and future IT human resource demand)Infrastructure (hardware)YesInfrastructure Resource Protection and Availability0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!YesPhysical Security MeasuresYesPhysical AccessConfiguration Integrity ReviewSystem CapacityYesPerformance and Capacity Planning0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!Infrastructure MaintenanceCurrent Performance and CapacityFuture Performance and CapacityIT Resources AvailabilityMonitoring and ReportingAgeing of infrastructural softwareYesTechnological Infrastructure Plan0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!YesIT Architecture BoardYesDefinition and Maintenance of Business Functional and Technical RequirementsYesInfrastructure MaintenanceTechnological Infrastructure Acquisition PlanInfrastructure Resource Protection and AvailabilityUtilities PerformanceYesIT Services Recovery and Resumption0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!YesPhysical Facilities ManagementService Level AgreementsIT Resources AvailabilityIT Continuity PlansIndustrial ActionIT Organisational Structure0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!Personnel Recruitment and RetentionDependence Upon IndividualsData(base) integrityYesData and System Ownership0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!YesChange Standards and ProceduresEnterprise Data Dictionary and Data Syntax RulesData Classification SchemeDevelopment and Acquisition StandardsImpact Assessment, Prioritisation and AuthorisationConfiguration integrity reviewData(base) integrity (cont.)Storage and Retention Arrangements0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!Media Library Management SystemBackup and RestorationSecurity Requirements for Data ManagementOperational IT ErrorsYesPersonnel Training0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!YesIT Services Recovery and ResumptionYesIdentification of Education and Training NeedsYesDelivery of Training and EducationYesOperations Procedures and InstructionsIT Continuity PlansSource Data Preparation and AuthorizationSource Data Collection and EntryContractual ComplianceYesSupplier Contract Management0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!YesSupplier Relationship ManagementYesIdentification of External Legal, Regulatory and Contractual Compliance RequirementsYesEvaluation of Compliance With External Req. YesPositive Assurance of ComplianceIT Policy and Control EnvironmentMonitoring of Service Level AchievementsEnvironmentalYesTechnological Infrastructure Acquisition Plan0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!YesSite Selection and LayoutTechnological Direction PlanningProcurement ControlActs of natureYesIT Services Recovery and Resumption0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!YesSite Selection and LayoutYesProtection Against Environmental FactorsIT Continuity PlansPhysical Security MeasuresANALISA RISIKO LEVEL OPERASI APLIKASI BISNISAgeing of application softwareYesMajor Upgrades to Existing Systems0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!YesApplication Software MaintenanceAssessment of Current Capability and PerformanceIT Strategic PlanTechnological Direction PlanningSelection/ Performance of third-party suppliersYesSupplier Selection0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!YesSupplier Relationship ManagementYesSupplier Risk ManagementYesSupplier Performance MonitoringProcurement ControlSupplier Contract ManagementResources AcquisitionIT StaffYesPersonnel Recruitment and Retention0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!YesPersonnel TrainingYesDependence Upon IndividualsIT Organisational StructureJob Change and TerminationCreate and Maintain an Inventory of IT Human ResourcesUnderstand the Current and Future Demand (for IT human resources)Identify Shortfalls (between current and future IT human resource demand)IT Expertise and SkillYesPersonnel Recruitment and Retention0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!YesPersonnel TrainingYesDependence Upon IndividualsYesEmployee Job Performance EvaluationPersonnel CompetenciesJob Change and TerminationCreate and Maintain an Inventory of IT Human ResourcesUnderstand the Current and Future Demand (for IT human resources)Identify Shortfalls (between current and future IT human resource demand)Software IntegrityYesDevelopment of Application Software0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!YesApplication Software MaintenanceYesChange Standards and ProceduresYesPost-implementation ReviewYesIdentity ManagementYesConfiguration Integrity ReviewYesAccuracy, Completeness and Authenticity ChecksYesProcessing Integrity and ValidityYesOutput Review, Reconciliation and Error HandlingYesTransaction Authentication and IntegrityDevelopment and Acquisition StandardsQuality Measurement, Monitoring & ReviewSoftware Quality Assurance (QA)Malicious Software Prevention, Detection and CorrectionSoftware PerformanceYesApplication Software Maintenance0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!YesMonitoring and ReportingYesProblem Tracking and ResolutionSoftware Quality Assurance (QA)Reporting and Trend AnalysisSource Data Preparation and AuthorizationSource Data Collection and EntryAccuracy, Completeness, Authenticity ChecksProcessing Integrity and ValidityOutput Review, Reconciliation & Error HandlingTransaction Authentication and IntegritySystem CapacityYesPerformance and Capacity Planning0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!Infrastructure MaintenanceCurrent Performance and CapacityFuture Performance and CapacityIT Resources AvailabilityMonitoring and ReportingAgeing of infrastructural softwareYesTechnological Infrastructure Plan0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!YesIT Architecture BoardYesDefinition and Maintenance of Business Functional and Technical RequirementsYesInfrastructure MaintenanceTechnological Infrastructure Acquisition PlanInfrastructure Resource Protection and AvailabilityMalwareYesSecurity Testing, Surveillance and Monitoring0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!YesMalicious Software Prevention, Detection and CorrectionIT Policies ManagementPolicy, Standard and Procedures RolloutLogical AttacksYesIT Policies Management0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!YesIT Continuity PlansYesSecurity Testing, Surveillance and MonitoringYesMalicious Software Prevention, Detection and CorrectionYesNetwork SecurityYesSecurity Requirements for Data ManagementData and System OwnershipPolicy,Standard and Procedures RolloutApplication Security and AvailabilityManagement of IT SecurityIdentity ManagementLogical Attacks (cont.)Protection of Security Technology0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!Source Data Preparation and AuthorizationSource Data Collection and EntryAccuracy, Completeness, Authenticity ChecksProcessing Integrity and ValidityOutput Review, Reconciliation, Error HandlingTransaction Authentication and IntegrityInformation MediaYesStorage and Retention Arrangements0.00%50ERROR:#DIV/0!0RendahERROR:#DIV/0!ERROR:#DIV/0!YesDisposalYesBackup and RestorationExchange of Sensitive DataMedia Library Management SystemSecurity Requirements for Data ManagementPhysical Security MeasuresPhysical AccessSensitive Documents and Output DevicesCatatan:Control Effectiveness (CE) disi 0 atau 1Value Likelihood:CE > 85%150% < CE 85%230% < CE 50%315% < CE 30%4CE 15%5Kategori Impact dari SK Direksi tentang Manajemen RisikoValuasi Risk:1 < Risk 4Rendah4 < Risk 6Moderat6 < Risk 12TinggiRisk > 12Extreme