1

Tata Kelola dan Manajemen Teknologi Informasi

Manajemen TI Domain APO

Team Teaching ISM

S1 Sistem Informasi – Fakultas Rekayasa Industri

 2

Outline
1. APO01 - Managed I&T Resources
Management Framework 8. APO08 - Managed
2. APO02 - Managed Strategy Relationships
3. APO03 - Managed Enterprise 9. APO09 - Managed Service
Architecture Agreements
4. APO04 - Managed Innovation 10. APO10 - Managed Vendors
5. APO05 - Managed Portfolio 11. APO11 - Managed Quality
6. APO06 - Managed Budget and 12. APO12 - Managed Risk
Costs 13. APO13 - Managed Security
7. APO07 - Managed Human 14. APO14 - Managed Data
 APO01 - Managed I&T Management Framework 3

Purpose: Implement a consistent management approach for enterprise governance requirements to be met.

Practice Short Description

APO01.01 Design the management system

for enterprise I&T Design a management system tailored to the needs of the enterprise.

APO01.02 Communicate management Communicate awareness and promote understanding of alignment and I&T objectives to stakeholders
objectives, direction and decisions made throughout the enterprise.
APO01.03 Implement management Define target process capability levels and implementation priority based on the management system
processes design.
APO01.04 Define and implement the Put in place the required internal and extended organizational structures (e.g., committees) per the
organizational structures management system design, enabling effective and efficient decision making.
APO01.05 Establish roles and Define and communicate roles and responsibilities for enterprise I&T, including authority levels,
responsibilities responsibilities and accountability.
APO01.06 Optimize the placement of the IT Position the IT capabilities in the overall organizational structure to reflect the strategic importance and
function operational dependency of IT within the enterprise.
APO01.07 Define information (data) and
system ownership Define and maintain responsibilities for ownership of information (data) and information systems.

APO01.08 Define target skills and

competencies Define the required skills and competencies to achieve relevant management objectives.

APO01.09 Define and communicate policies Put in place procedures to maintain compliance with and performance measurement of policies and other
and procedures components of the control framework.

3
 APO01 - Managed I&T Management Framework 4

Purpose: Implement a consistent management approach for enterprise governance requirements to be met.

Practice Short Description

APO01.10 Define and implement Define and implement infrastructure, services and applications to support the governance and
infrastructure, services and applications management system.
APO01.11 Manage continual improvement
of the I&T management system Continually improve processes and other management system components.

4
 APO01 - Managed I&T Management Framework 5

Purpose: Implement a consistent management approach for enterprise governance requirements to be met.

5
 APO02 - Managed Strategy 6

Purpose: Support the digital transformation strategy of the organization and deliver
the desired value through a road map of incremental changes.

Practice Short Description

APO02.01 Understand enterprise context Understand the enterprise context (industry drivers, relevant regulations, basis for competition), its current
and direction way of working and its ambition level in terms of digitization.
APO02.02 Assess current capabilities, Assess the performance of current I&T services and develop an understanding of current business and I&T
performance and digital maturity of the
enterprise capabilities (both internal and external).
Based on the understanding of enterprise context and direction, define the target I&T products and services
APO02.03 Define target digital capabilities
and required capabilities.
Identify gaps between current and target environments and describe the high-level changes in the
APO02.04 Conduct a gap analysis
enterprise architecture.
APO02.05 Define the strategic plan and Develop a holistic digital strategy, in cooperation with relevant stakeholders, and detail a road map that
road map defines the incremental steps required to achieve the goals and objectives.
APO02.06 Communicate the I&T strategy Create awareness and understanding of the business and I&T objectives and direction, as captured in the
and direction I&T strategy, through communication to appropriate stakeholders and users throughout the enterprise.

6
 APO02 - Managed Strategy 7

Purpose: Support the digital transformation strategy of the organization and deliver
the desired value through a road map of incremental changes.

7
 APO03 - Managed Enterprise Architecture 8

Purpose: Represent the different building blocks that make up the enterprise and its interrelationships as well as
the principles guiding their design and evolution over time.

Practice Short Description

APO03.01 Develop the enterprise The architecture vision provides a first-cut, high-level description of the baseline and target architectures,
architecture vision covering the business, information, data, application and technology domains.
The reference architecture describes the current and target architectures for the business, information, data,
APO03.02 Define reference architecture
application and technology domains.
APO03.03 Select opportunities and Rationalize the gaps between baseline and target architectures, accounting for both business and technical
solutions perspectives, and logically group them into project work packages.
APO03.04 Define architecture
implementation Create a viable implementation and migration plan in alignment with the program and project portfolios.

APO03.05 Provide enterprise architecture

services Provide enterprise architecture services within the enterprise.

8
 APO03 - Managed Enterprise Architecture 9

Purpose: Represent the different building blocks that make up the enterprise and its interrelationships as well as
the principles guiding their design and evolution over time.

9
 APO04 - Managed Innovation 10

Purpose: Achieve competitive advantage, business innovation, improved customer experience, and
improved operational effectiveness and efficiency by exploiting I&T developments and emerging technologies.

Practice Short Description

APO04.01 Create an environment Create an environment that is conducive to innovation, considering methods such as culture, reward,
conducive to innovation collaboration, technology forums, and mechanisms to promote and capture employee ideas.
APO04.02 Maintain an understanding of the Maintain an adequate understanding of enterprise strategy, competitive environment and other constraints,
enterprise environment so that opportunities enabled by new technologies can be identified.
APO04.03 Monitor and scan the technology Set up a technology watch process to perform systematic monitoring and scanning of the enterprise’s
environment external environment to identify emerging technologies that have the potential to create value.
APO04.04 Assess the potential of emerging Analyze identified emerging technologies and/or other I&T innovative suggestions to understand their
technologies and innovative ideas business potential.
APO04.05 Recommend appropriate further Evaluate and monitor the results of proof-of-concept initiatives and, if favorable, generate
initiatives recommendations for further initiatives. Gain stakeholder support.
APO04.06 Monitor the implementation and Monitor the implementation and use of emerging technologies and innovations to ensure that the
use of innovation promised benefits are realized and to identify lessons learned.

10
 APO04 - Managed Innovation 11

Purpose: Achieve competitive advantage, business innovation, improved customer experience, and
improved operational effectiveness and efficiency by exploiting I&T developments and emerging technologies.

11
 APO05 - Managed Portfolio 12

Purpose: Optimize the performance of the overall portfolio of programs in response to individual program,
product and service performance and changing enterprise priorities and demand.

Practice Short Description

APO05.01 Determine the availability and Determine potential sources of funds, different funding options and the implications of the funding source
sources of funds on the investment return expectations.
APO05.02 Evaluate and select programs to Based on requirements for the overall investment portfolio mix and the I&T strategic plan and road map,
fund evaluate and prioritize program business cases and decide on investment proposals.
APO05.03 Monitor, optimize and report on On a regular basis, monitor and optimize the performance of the investment portfolio and individual
investment portfolio performance programs throughout the entire investment life cycle.

APO05.04 Maintain portfolios Maintain portfolios of investment programs and projects, I&T products and services, and I&T assets.

Monitor the benefits of providing and maintaining appropriate I&T products, services and capabilities,
APO05.05 Manage benefits achievement
based on the agreed and current business case.

12
 APO05 - Managed Portfolio 13

Purpose: Optimize the performance of the overall portfolio of programs in response to individual program,
product and service performance and changing enterprise priorities and demand.

13
 APO06 - Managed Budget and Costs 14

Purpose: Foster a partnership between IT and enterprise stakeholders to enable the effective and efficient use of
I&T-related resources and provide transparency and accountability of the cost and business value of solutions and services.

Practice Short Description

Establish and maintain a method to manage and account for all I&T-related costs, investments and
APO06.01 Manage finance and accounting
depreciation as an integral part of enterprise financial systems and accounts.
Implement a decision-making process to prioritize the allocation of resources and establish rules for
APO06.02 Prioritize resource allocation
discretionary investments by individual business units.
Prepare a budget reflecting investment priorities based on the portfolio of I&T-enabled programs and I&T
APO06.03 Create and maintain budgets
services.

APO06.04 Model and allocate costs Establish and use an I&T costing model based, for example, on the service definition.

APO06.05 Manage costs Implement a cost management process that compares actual costs against budget.

14
 APO06 - Managed Budget and Costs 15

Purpose: Foster a partnership between IT and enterprise stakeholders to enable the effective and efficient use of
I&T-related resources and provide transparency and accountability of the cost and business value of solutions and services.

15
 APO07 - Managed Human Resources 16

Purpose: Optimize human resources capabilities to meet enterprise objectives.

Practice Short Description

APO07.01 Acquire and maintain adequate Establish and maintain a method to manage and account for all I&T-related costs, investments and
and appropriate staffing depreciation as an integral part of the enterprise financial systems and accounts.
Identify key IT personnel. Use knowledge capture (documentation), knowledge sharing, succession planning
APO07.02 Identify key IT personnel
and staff backup to minimize reliance on a single individual performing a critical job function.
APO07.03 Maintain the skills and Define and manage the skills and competencies required of personnel. Regularly verify that personnel have
competencies of personnel the competencies to fulfill their roles on the basis of their education, training and/or experience.
APO07.04 Assess and recognize/reward Conduct timely, regular performance evaluations against individual objectives derived from enterprise
employee job performance goals, established standards, specific job responsibilities, and the skills and competency framework.
APO07.05 Plan and track the usage of IT Understand and track the current and future demand for business and IT human resources with
and business human resources responsibilities for enterprise I&T.
Ensure that consultants and contract personnel who support the enterprise with I&T skills know and comply
APO07.06 Manage contract staff
with the organization’s policies and meet agreed contractual requirements.

16
 APO07 - Managed Human Resources 17

Purpose: Optimize human resources capabilities to meet enterprise objectives.

17
 APO08 - Managed Relationships 18

Purpose: Enable the right knowledge, skills and behaviors to create improved outcomes, increased confidence,
mutual trust and effective use of resources that stimulate a productive relationship with business stakeholders.

Practice Short Description

APO08.01 Understand business

expectations Understand current business issues, objectives and expectations for I&T.
APO08.02 Align I&T strategy with business Align I&T strategies with current business objectives and expectations to enable IT to be a value-add
expectations and identify opportunities for
IT to enhance the business partner for the business and a governance component for enhanced enterprise performance.

APO08.03 Manage the business Manage the relationship between the IT service organization and its business partners. Ensure that
relationship relationship roles and responsibilities are defined and assigned, and communication is facilitated.
Work with all relevant stakeholders and coordinate the end-to-end delivery of I&T services and solutions
APO08.04 Coordinate and communicate
provided to the business.
APO08.05 Provide input to the continual Continually improve and evolve I&T-enabled services and service delivery to the enterprise to align with
improvement of services. changing enterprise objectives and technology.

18
 APO08 - Managed Relationships 19

Purpose: Enable the right knowledge, skills and behaviors to create improved outcomes, increased confidence,
mutual trust and effective use of resources that stimulate a productive relationship with business stakeholders.

19
 APO09 - Managed Service Agreements 20

Purpose: Ensure that I&T products, services and service levels meet current and future enterprise needs.

Practice Short Description

Analyze business requirements and the degree to which I&T-enabled services and service levels support
APO09.01 Identify I&T services
business processes.

APO09.02 Catalog I&T-enabled services Define and maintain one or more service catalogues for relevant target groups.

APO09.03 Define and prepare service

agreements Define and prepare service agreements based on options in the service catalogues.

Monitor service levels, report on achievements and identify trends. Provide the appropriate management
APO09.04 Monitor and report service levels
information to aid performance management.
APO09.05 Review service agreements and
contracts Conduct periodic reviews of the service agreements and revise when needed.

20
 APO09 - Managed Service Agreements 21

Purpose: Ensure that I&T products, services and service levels meet current and future enterprise needs.

21
 APO10 - Managed Vendors 22

Purpose: Optimize available I&T capabilities to support the I&T strategy and road map,
minimize the risk associated with nonperforming or noncompliant vendors, and ensure competitive pricing.

Practice Short Description

APO10.01 Identify and evaluate vendor

relationships and contracts Continuously search for and identify vendors and categorize them into type, significance and criticality.

Select suppliers according to a fair and formal practice to ensure a viable best fit based on specified
APO10.02 Select vendors
requirements.
APO10.03 Manage vendor relationships Formalize and manage the supplier relationship for each supplier. Manage, maintain and monitor contracts
and contracts and service delivery.
Identify and manage risk relating to vendors’ ability to continually provide secure, efficient and effective
APO10.04 Manage vendor risk
service delivery.
APO10.05 Monitor vendor performance Periodically review overall vendor performance, compliance to contract requirements and value for money.
and compliance Address identified issues.

22
 APO10 - Managed Vendors 23

Purpose: Optimize available I&T capabilities to support the I&T strategy and road map,
minimize the risk associated with nonperforming or noncompliant vendors, and ensure competitive pricing.

23
 APO11 - Managed Quality 24

Purpose: Ensure consistent delivery of technology solutions and services to meet the quality requirements
of the enterprise and satisfy stakeholder needs.

Practice Short Description

APO11.01 Establish a quality management Establish and maintain a quality management system (QMS) that provides a standard, formal and
system (QMS) continuous approach to quality management of information.
APO11.02 Focus quality management on Focus quality management on customers by determining their requirements and ensuring integration in
customers quality management practices.
APO11.03 Manage quality standards,
practices and procedures and integrate Identify and maintain standards, procedures and practices for key processes to guide the enterprise in
quality management into key processes and meeting the intent of the agreed quality management standards (QMS).
solutions
APO11.04 Perform quality monitoring, Monitor the quality of processes and services on an ongoing basis, in line with quality management
control and reviews standards.
APO11.05 Maintain continuous
improvement Maintain and regularly communicate an overall quality plan that promotes continuous improvement.

24
 APO11 - Managed Quality 25

Purpose: Ensure consistent delivery of technology solutions and services to meet the quality requirements
of the enterprise and satisfy stakeholder needs.

25
 APO12 - Managed Risk 26

Purpose: Integrate the management of I&T-related enterprise risk with overall enterprise risk management (ERM)
and balance the costs and benefits of managing I&T-related enterprise risk.

Practice Short Description

APO12.01 Collect data Identify and collect relevant data to enable effective I&T-related risk identification, analysis and reporting.

APO12.02 Analyze risk Develop a substantiated view on actual I&T risk, in support of risk decisions.

Maintain an inventory of known risk and risk attributes, including expected frequency, potential impact and
APO12.03 Maintain a risk profile
responses.
Communicate information on the current state of I&T-related exposures and opportunities in a timely
APO12.04 Articulate risk
manner to all required stakeholders for appropriate response.
APO12.05 Define a risk management action
portfolio Manage opportunities to reduce risk to an acceptable level as a portfolio.

Respond in a timely manner to materialized risk events with effective measures to limit the magnitude of
APO12.06 Respond to risk
loss.

26
 APO12 - Managed Risk 27

Purpose: Integrate the management of I&T-related enterprise risk with overall enterprise risk management (ERM)
and balance the costs and benefits of managing I&T-related enterprise risk.

27
 APO13 - Managed Security 28

Purpose: Keep the impact and occurrence of information security incidents within the enterprise’s risk appetite levels.

Practice Short Description

APO13.01 Establish and maintain an Establish and maintain an information security management system (ISMS) that provides a standard, formal
information security management system and continuous approach to information security management, enabling secure technology and business
(ISMS)
processes that are aligned with business requirements.
APO13.02 Define and manage an Maintain an information security plan that describes how information security risk is to be managed and
information security and privacy risk
treatment plan aligned with enterprise strategy and enterprise architecture.

APO13.03 Monitor and review the Maintain and regularly communicate the need for, and benefits of, continuous improvement in information
information security management system security. Collect and analyze data about the information security management system (ISMS), and improve
(ISMS)
its effectiveness. Correct nonconformities to prevent recurrence.

28
 APO13 - Managed Security 29

Purpose: Keep the impact and occurrence of information security incidents within the enterprise’s risk appetite levels.

29
 APO14 - Managed Data 30

Purpose: Ensure effective utilization of the critical data assets to achieve enterprise goals and objectives.

Practice Short Description

APO14.01 Define and communicate the Define how to manage and improve the organization’s data assets, in line with enterprise strategy and
organization’s data management strategy
and roles and responsibilities objectives.

APO14.02 Define and maintain a consistent Create, approve, update and promote consistent business terms and definitions to foster shared data usage
business glossary across the organization.
Establish the processes and infrastructure for specifying and extending metadata about the organization’s
APO14.03 Establish the processes and
infrastructure for metadata management data assets, fostering and supporting data sharing, ensuring compliant use of data, improving
responsiveness to business changes and reducing data-related risk.
Define an integrated, organizationwide strategy to achieve and maintain the level of data quality required
APO14.04 Define a data quality strategy
to support the business goals and objectives.
APO14.05 Establish data profiling Implement standardized data profiling methodologies, processes, practices, tools and templates that can be
methodologies, processes and tools applied across multiple data repositories and data stores.
APO14.06 Ensure a data quality assessment Provide a systematic approach to measure and evaluate data quality according to processes and
approach techniques, and against data quality rules.
APO14.07 Define the data cleansing Define the mechanisms, rules, processes, and methods to validate and correct data according to predefined
approach business rules.
APO14.08 Manage the life cycle of data Ensure that the organization understands, maps, inventories and controls its data flows through business
assets processes over the data life cycle, from creation or acquisition to retirement.
30
 APO14 - Managed Data 31

Purpose: Ensure effective utilization of the critical data assets to achieve enterprise goals and objectives.

Practice Short Description

APO14.09 Support data archiving and Ensure that data maintenance satisfies organizational and regulatory requirements for availability of
retention historical data.
APO14.10 Manage data backup and
restore arrangements Manage availability of critical data to ensure operational continuity.

31
 APO14 - Managed Data 32

Purpose: Ensure effective utilization of the critical data assets to achieve enterprise goals and objectives.

32
 33

Information Input Example of APO Domain

 Information Input Example of APO Domain 34

Objective Practice Input Description

APO01 - Managed I&T APO01.02 Communicate management objectives,

Management Framework direction and decisions made EDM01.02 Enterprise governance communication

APO02.01 Understand enterprise context and Outside

APO02 - Managed Strategy SWOT analysis
direction COBIT
APO03 - Managed Enterprise APO03.01 Develop the enterprise APO03.01
Architecture architecture vision APO02.05 Strategic road map

APO04.03 Monitor and scan the technology Outside

APO04 - Managed Innovation Emerging technologies
environment COBIT

APO05 - Managed Portfolio APO05.02 Evaluate and select programs to fund APO06.03 IT budget

APO06 - Managed Budget and

APO06.02 Prioritize resource allocation APO05.02 Program business case
Costs
APO07 - Managed Human APO07.04 Assess and recognize/reward employee
Resources job performance APO04.01 Recognition and reward program

User confirmation of satisfactory fulfilment or

APO08 - Managed Relationships APO08.03 Manage the business relationship DSS02.06
resolution
APO09 - Managed Service Customer requirements for quality
APO09.03 Define and prepare service agreements APO11.02
Agreements management
APO10.01 Identify and evaluate vendor Outside
APO10 - Managed Vendors Vendor contracts
relationships and contracts COBIT
34
 Information Input Example of APO Domain 35

Objective Practice Input Description

APO11.03 Manage quality standards, practices Outside

APO11 - Managed Quality and procedures and integrate quality Industry good practices
management into key processes and solutions COBIT

APO12 - Managed Risk APO12.01 Collect data DSS02.07 Incident status and trends report

APO13.01 Establish and maintain an information Outside

APO13 - Managed Security Enterprise security approach
security management system (ISMS) COBIT
APO14.01 Define and communicate the
APO14 - Managed Data organization’s data management strategy and APO01.06 Data classification guidelines
roles and responsibilities.

35
 36

Thank You
That’s all