28
dengan pengendalian SI dan
TI serta risiko bisnis, dan
mengembangkan kebijakan yang
jelas dan praktik yang baik untuk menggendalikan organisasi TI.
2.4.2
Sasaran COBIT
According to Brand and Boonen (2008, p23), the main target groups are
described in the following paragraphs:
a. Managers
Within
organizations
managers
are
the
ones that
hold
execute
responsibility
for
operation of the operation of the enterprise. They need information in order to order
to control the internal operations and to direct business processes. IT is an integral
part of business operations. COBIT can help both business and IT managers to
balance risk and control investment in an often unpredictable IT environment.
b. End-Users
Most
organizations
realize
that
having
the
right
IT
services
is
the
responsibility
of
the
business process
owner.
This
is even
the
case
when
delivery
of
IT
services
is
delegated
to internal
or external
service
providers.
COBIT
offers
a
framework
to
obtain assurance on the security and controls of IT services provided by internal or
external parties.
c. Auditors
In order to provide independent assurance of the quality and applicability of
controls, organizations employ auditors. Often an audit committee at the board or
Top Management Level directs auditing. COBIT helps auditors to structure and
substantiate their opinions and provides advice to management on how to improve
internal controls.
 |