Ray Farhan Mubarak,Melissa Indah Fianty

DOI: https://doi.org/10.51519/journalisi.v5i3.545

2023-09-01

Journal of Information Systems and Informatics

Abstract:The integration of Information Technology (IT) in companies comes with its own set of challenges. One major issue is the loss of operational data, which directly affects the company's workflow and disrupts its activities. To tackle this problem, the company assesses its IT capability using the COBIT 2019 framework. This framework outlines the objectives of different IT processes and assigns predetermined values to each process. The assessment reveals three levels of IT capability for specific processes within the company: EDM03 (Ensured Risk Optimization) at level 3, APO13 (Managed Security) at level 2, and MEA03 (Managed Compliance with External Requirements) at level 3. The company aims to reach level 4 for these processes. Consequently, recommendations for improvement primarily focus on enhancing the management of information security risks and information security management systems, as well as increasing compliance with policies and regulations.

Punto Widharto,Zaldy Suhatman,Rizal Fathoni Aji

DOI: https://doi.org/10.12928/telkomnika.v20i2.21668

2022-04-01

TELKOMNIKA (Telecommunication Computing Electronics and Control)

Abstract:The very close involvement of technology in the banking industry makes almost all banking activities and products currently dependent on information technology (IT). PT BPRS Bhakti Sumekar (PT BBS Bank) is one of the banks that realizes the importance of IT in the digital era and has included IT as part of the company's strategic plan. The company states that compliance with regulations, best practices, and standards is key to a successful IT implementation. In this study, the measurement of the capability level of corporate IT governance was conducted to determine what IT priorities were based on the company's strategic objectives and what recommendations could be given based on best practices to improve IT services in support of the company's strategic goals. The framework to be used is control objective for information and related technology (COBIT); the most widely used framework suitable for service-oriented organizations. The results of research using COBIT 2019 show how IT governance is needed by the company and what should be prioritized. The measurement results found that there is still a gap between management's expectations and the current level of capability and provide recommendations on what companies need to improve performance in order to meet expectations.

Jesslyn Kurniawan,Wella Wella

DOI: https://doi.org/10.31937/si.v14i2.3223

2023-12-21

Abstract:PT XYZ is a management consulting company in Jakarta. This company has many products related to information technology. Therefore, measuring the capability of information technology governance at PT XYZ was carried out. The measurement of information technology governance capability is based on problems that are often faced by companies in terms of project management followed by problems related to the company's IT budget and human resources skilled in information technology. Capability measurement is carried out using COBIT 2019 with a qualitative approach. Using data collection methods with interviews and literature study. The results of the data collection showed that there were 3 COBIT 2019 domain processes that matched the company's problems, namely APO06 - Managed Budget and Costs, APO07 - Managed Human Resources, and BAI11 - Managed Projects. The results of the capability measurement carried out concluded that the three selected domain processes namely APO06, APO07, and BAI11 were achieved at level 2 or can be categorized as Fully Achieved so that companies get several recommendations for improvement to improve the quality of their information technology governance and reach a higher level.

Samsinar Samsinar,Rudolf Sinaga

DOI: https://doi.org/10.19184/bst.v10i2.30325

2022-06-28

BERKALA SAINSTEK

Abstract:Reliable and up-to-date information services are one of the parameters for the achievement of an organization's performance, including for a university, which is currently required to be able to adapt to technological advances to produce graduates who can master information technology to support the competence of their respective fields. The curriculum changes launched by the current government are also proof that the application of information technology in higher education is a must. Seeing this, universities have a difficult task, especially at the implementation stage of implementing information technology, because they must prepare not only infrastructure but also human resources who can develop good information system governance. Therefore it is necessary to carry out an IT governance audit. From the results of observations made, XYZ College has utilized information technology in academic services and other information services. However, it was found that information technology governance does not yet have a standard so that it is considered not to be able to meet the desired goals, and instead will cause various problems including uncontrolled operational costs and other problems. The purpose of this study is to measure the performance of information technology governance at XYZ College using the COBIT 2019 framework. Based on the results of an audit conducted from 7 EGIT components, namely processes, organizational structure, information flow and items, people skills and competencies, policies and procedures, culture, ethical behavior, and service infrastructure and application are on average at level 3, it can be concluded that the application of information technology has been running, the infrastructure is adequate but does not have good governance procedures or standards. It is recommended that XYZ Higher Education make standards for information technology governance as well as periodic evaluations of the use of all components of information technology, both software, hardware, and brainware.

Sherly Sherly,Melissa Indah Fianty

DOI: https://doi.org/10.34288/jri.v6i2.267

2024-03-11

Jurnal Riset Informatika

Abstract:This research aims to enhance information technology (IT) governance in a financial technology company by focusing on peer-to-peer lending services. The main challenges faced by the company involve a lack of system design details, leading to post-implementation imperfections and negative impacts on business process performance, including unnecessary delays and adjustments. The lack of transparency in system evaluation is also a hindrance caused by incomplete recording of test results. Therefore, this research aims to address these challenges by utilizing the COBIT 2019 framework. The study employs a qualitative approach, utilizing data obtained through interviews and literature studies supported by the COBIT Tool Kit. The analysis is conducted on three main objectives: security management, solution identification, and IT change management, to identify disparities between the current status and desired targets. The analysis results highlight the need for improvements in specific aspects, including the lack of system design details, more precise information in the change process, and deficiencies in recording test results. Recommendations for improvement involve the development of more detailed guidelines for system design, enhanced documentation of changes, and improvements in testing instructions and result reporting. Additionally, recommendations focus on enhancing capabilities through proactive evaluation, refining security plans, developing more adaptive solution acquisition strategies, and improving testing practices. Thus, this research underscores the importance of strategic improvements within the IT and Information Systems governance framework to shape a more effective and transparent operational environment in Financial Technology companies.

English Else

Jonathan Sutanto,Melissa Indah Fianty

DOI: https://doi.org/10.33379/gtech.v8i2.4114

2024-04-05

Abstract:This research was conducted with the main objective of evaluating and improving Information Technology (IT) Governance in an Indonesian media company facing significant challenges due to digital transformation. In the methodological approach, the study utilized the COBIT 2019 framework, involving planning, field implementation, reporting, and follow-up processes. The results of the capability level evaluation revealed a gap between actual achievements and desired targets, especially in the aspects of Managed Innovation (APO04) and Managed IT Changes (BAI06). The implications of these findings emphasize the need for improvements in activities related to managed innovation and IT change. The conclusion of this research underscores the urgency of effective IT governance in navigating the dynamics of digital transformation. It is hoped that these findings will serve as a guide for media companies and other organizations to formulate robust IT policies, enhance sustainable operations, and drive innovation in this digital era.

Agustin Simatupang,Henricus Judi Adrianto

DOI: https://doi.org/10.21456/vol14iss2pp162-170

2024-03-05

JURNAL SISTEM INFORMASI BISNIS

Abstract:The development of Information Technology (IT) is rapidly growing and has increasing risks. Based on the Decision of the Ministry of State-Owned Enterprises S-122-MBU-DSI-05-2021 regarding the implementation guidelines for the assessment of IT Maturity Levels, companies are required to carry out an independent assessment of the maturity level of information technology. This research aims to assess the governance of IT risk management using the COBIT 2019 framework. The research method was carried out using descriptive qualitative methods using the COBIT 2019 framework and literature review, as well as through interviews, observations, questionnaires and review of company documents. The assessment results showed an average maturity level of 3.00 (Established) for 2 COBIT 2019 processes which were considered relevant to Information Technology Risk Management. On average, the 2019 COBIT processes have been implemented at PT XYZ is already running well with the IT risk management maturity level at level 3 and initiatives are still needed to reach maturity level 4 or better. Maturity level 3 means the process has been managed and achieved its goals in a more organized manner using organizational assets and resources. The process has been well defined with policies and standard operating procedures for the process and is carried out in accordance with good risk management and supports the Good Corporate Governance. In the process of increasing the maturity level of information technology risk management to higher level, there are 7 (seven) main recommendations to be implemented so that the information technology risk management process can improve and the implementation of recommendations from the assessment results will be prioritized in the implementation roadmap IT according to Company needs and targets.

Anugrahi Bawani Sipayung,Roni Yunis,Elly Elly,

DOI: https://doi.org/10.34010/injuratech.v2i2.8085

2022-12-01

International Journal of Research and Applied Technology

Abstract:IT governance evaluation can help organizations to improve the quality of IT services, reduce risks, maximize IT performance and achieve their goals effectively. Mikroskil University is one of the universities that utilize the use of IT in supporting its business processes. Mikroskil University has an IT unit/department that is responsible for IT management and IT governance as well as dealing with IT/IS-related issues, namely the Information System and Digital Transformation (SITD). Based on the initial study conducted, several problems arise in higher education IT governance, so it is necessary to carry out an evaluation. This evaluation uses the COBIT 2019 framework because it is more flexible and there are design factors that can make it easier to get process objectives that will be evaluated as the main focus of the organization. This framework makes it easier for researchers to evaluate processes in universities. The domain that becomes the objective of IT governance in this research is BAI11 (Managed projects). The results of this study indicate that the capability level of Mikroskil University is at level 1 (performed). Meanwhile, the maturity level is at level 2 (managed). Based on the results of the capability and maturity level values, a gap value will be sought to be used as a basis for making recommendations for improvement. The results of this study provide recommendations for improvement to achieve the expected targets of higher education. Mikroskil University's capability level is at level 1 (performed). Meanwhile, the maturity level is at level 2 (managed). Based on the results of the capability and maturity level values, a gap value will be sought to be used as a basis for making recommendations for improvement. The results of this study provide recommendations for improvement to achieve the expected targets of higher education. Mikroskil University's capability level is at level 1 (performed). Meanwhile, the maturity level is at level 2 (managed). Based on the results of the capability and maturity level values, a gap value will be sought to be used as a basis for making recommendations for improvement. The results of this study provide recommendations for improvement to achieve the expected targets of higher education.

Jason Nathanael Holman,Ririn Ikana Desanti

DOI: https://doi.org/10.31937/si.v15i1.3475

2024-06-03

Abstract:Information technology (IT) management is a process that a corporation or organization must carry out, particularly in terms of data management. The research employs a case study of a pipe manufacturer that has implemented a human resources system to manage employee information. To avoid problems in the data management process that can impede company performance, the company must have good information technology governance capabilities in the data management process. This research will focus on measuring and evaluating the capability of information technology governance at the company, as well as making recommendations to improve the company's existing IT governance. The COBIT 2019 framework will be used to assess the company's IT governance capabilities using qualitative data collected from collaborative interviews with the company and supported by previous research literature. The measurement focus will be on IT infrastructure for data management and operations management to support the data management process. APO01 - Managed I&T Management Framework, APO14 - Managed Data, and DSS01 - Managed Operations are the COBIT 2019 processes to be monitored. The study's findings include the realization of IT governance capabilities in the APO01 domain and a lack of IT governance capabilities in the other two domains, namely APO14 and DSS01. The capability level is stopped at level 2 for the APO14 and DSS01 domains, which is one level below the declared aim of level 3. The recommendations will center on enhancing the IT governance skills of the two domains that fail to meet the company's capability targets.

Inna Madiyaningsih,Kalamullah Ramli

DOI: https://doi.org/10.31943/gw.v14i2.476

2023-08-15

Gema Wiralodra

Abstract:Based on the report security year 2022 from company Z in the ICT sector, it was found that on the report firewall security, 96% of level threat is level critical, and 4% is level high. Report email security is session domain 27.3%; Session limits 15.35 %; Forti Guard AntiSpam-IP 3.11%, and the rest is receipt verification; directory filter and access control relay denied. With the challenge of current cyber-attacks, precious data assets need analysis to measure the the level of IT maturity that can ensure stakeholders' interest and maximize benefits and opportunities through technology information. We overcome limitations by analyzing IT maturity using COBIT 5. Research focused only on the APO13 and DSS05 process domains. A study was done to identify the problems based on results observation, checking, and use of a questionnaire in a direct manner. Measurement is done through method evaluation self and interviews deep with the IT team and all power expert who has COBIT certification 5. Analysis results show that the measurement level for the APO13 domain is 3, and for DSS05 is level 2. These results still need to be below the set level 4 target management; therefore, building a framework to monitor, track, and record security data in real time is necessary. With the build framework, Work can help lower the threat level from a critical level to a high level and increase the COBIT Maturity Level to APO13 and DSS05 according to organizational targets.

Rokhman Fauzi,Rahmat Mulyana

DOI: https://doi.org/10.25124/ijies.v4i02.75

2020-07-30

International Journal of Innovation in Enterprise System

Abstract:The assessment of IT governance maturity is part of the assurance function. The assessment is carried out to ensure technology support in achieving business goals. In this context, companies should comply with regulations, as well as the need to continue to improve the quality of implementation of IT governance. The average value of PT X's IT governance maturity in Year 2 has increased from 3.21 to 3.26. There is an increase in the average score of 0.05 over one year. Success factors in implementing IT governance must be maintained and encouraged to continue the grow. This research was conducted to identify what organizational initiatives to increase the maturity and what the key factors are. Factors identification is done using evidence analysis method based on CSF references and attributes criteria. The results of the analysis obtained key factors that strengthen the maturity. The main factors are CSF2 providing IT infrastructure that supports the development and exchange of IT applications and services (21.72%), and CSF4 staff development to meet professional IT HR qualifications (17.39%). On the other hand, maturity attribute which gave the biggest contribution was ATR1 related to policies and procedures (34.6%), and ATR3 related to defining goals and actions (30.77%).

Fathimatus Zahrotun Nisa',Ganes Dwi Febrianti,Navy Nurlyn Ajrina

DOI: https://doi.org/10.47065/bulletincsr.v4i1.313

2023-12-13

Abstract:The use of Information Technology (IT) is an important part of all business activities, especially in the service sector. It is important to ensure the security, availability and integrity of their systems. The impact of failure in IT Risk Management greatly influences success. The implementation of IT Risk Management is needed to be able to help companies in the event of losses. In its use, a framework is needed that functions to identify, evaluate and manage existing risks. Therefore, this research will show the COBIT framework that is suitable for managing existing risk management. This research was carried out using the Systematic Literature Review method which started from the stages of formulating research questions, literature search, literature selection, data extraction and discussion aimed at answering Research Questions. In this research, 25 articles were found which were used as literature sources. The research results show that COBIT 2019 is the version of COBIT most often used in IT Risk Management in the industrial service sectors. In implementing COBIT, companies face various challenges such as lack of in-depth understanding of COBIT, lack of work process documentation and lack of operational standards for risk control and incompatibility of IT strategy with company strategy. This research also found that there are 8 points of COBIT implementation strategy to help service industry companies achieve organizational goals more effectively and efficiently through IT risk management.

Fachrizal,*Ahmad Nurul Fajar,,

DOI: https://doi.org/10.35940/ijitee.a3965.039520

2020-03-30

International Journal of Innovative Technology and Exploring Engineering

Abstract:The purpose of this research is to know the priority IT process in IT department at XYZ Organization and to know the level of capability in each IT process priority at IT department at XYZ organization. The data used and processed in this research were obtained from interviews with IT Director, IT Governance Supervisor, IT Development Supervisor, IT Operations Supervisor and Information Management Supervisor, and also observed the processes in the IT department. The result is obtained by priority IT processes and the level of capability in each of the priority IT processes at XYZ Organization. Based on the case study analysis, in order to create IT governance in accordance with the standards in the COBIT 5 framework, the organization have to improve IT governance thoroughly and continuously and fulfill the criteria in the COBIT 5 framework for all IT process in XYZ Organization.

Elisabet Dela Marcela,Melissa Indah Fianty

DOI: https://doi.org/10.33022/ijcs.v12i4.3353

2023-08-30

Indonesian Journal of Computer Science

Abstract:The utilization of the Peoplesoft Campus Solution (MyUMN) technology, which has become excessively outdated, necessitates an evaluation, development, and rejuvenation of MyUMN to address any occurring issues with definitive solutions. An assessment of the Information Technology governance capability level is carried out using the COBIT 2019 framework. This research focuses on the following specific objectives: BAI03 (Managed Solutions Identification and Build), BAI06 (Managed IT Changes), and BAI07 (Managed IT Change Acceptance and Transitioning). The measurement results reveal that the capability levels for all three objectives are at level 2, while the targeted capability level is at level 4. Consequently, there exists a gap between these two levels. Recommendations encompass prioritizing the documentation of application development and conducting routine reviews of all completed change requests to ensure the alignment of change requests

Ramadhan Syaeful Bahri,Yeffry Handoko Putra

DOI: https://doi.org/10.34010/aisthebest.v8i2.12175

2024-01-31

is The Best Accounting Information Systems and Information Technology Business Enterprise this is link for OJS us

Abstract:This study aims to establish a framework for governing information systems in Micro, Small, and Medium Enterprises (MSMEs), focusing on decision-making processes in advanced and emerging MSME clusters. COBIT 5 is employed to identify variables and guide the research stages. The research will specifically examine MSMEs located in Bandung District. The evaluation of governance quality for each target, which includes Nurtured MSMEs and Advanced MSMEs, involves utilizing the Process Assessment Model (PAM) derived from COBIT 5. In addition to gathering preliminary data through interviews and surveys conducted in Bandung District, this initial investigation also involved a comparative analysis of various methods employed in prior research about the study's subject matter. The findings from this study reveal that the data processing procedures for MSMEs in the Bandung Regency involve the use of computer/laptop devices. However, certain MSMEs face challenges in adequately managing the acquired data, emphasizing the necessity for more effective data management to ensure the produced data attains the quality required for constructing a model for advanced MSMEs. On the contrary, some other MSMEs in the Bandung Regency exhibit proficient data management practices, conducting regular evaluations of data and information, and basing their decisions on the analyzed data. These two scenarios serve as benchmarks for understanding the decision-making processes of both emerging and advanced MSMEs about data. The aspiration is that the outcomes of this study can serve as a benchmark, offering best practices for MSMEs to enhance the quality of their Decision-Making and achieve excellence in their business operations.

Fathoni,Novita Simbolon,Dinna Yunika Hardiyanti

DOI: https://doi.org/10.1088/1742-6596/1196/1/012033

2019-03-01

Journal of Physics: Conference Series

Abstract:Stakeholders in a company have a right knowing about optimizing information security management. It can affect a company's performances and reputation. Information is the biggest business driver in an organization or company. This research aims to measure the capability of the company which is implemented information security governance that impacts on enterprise risk. The Loan Debit Network Corporation system is the main system that supports the company's business process for corporate lending transactions management. The capability level measurement is based on COBIT 5.0 for Information security and ISO 27001: 2013 Guidelines as a value against the Information Security Governance component rating. It starts with aligning organizational goals from COBIT 5.0 perspectives to obtain five COBIT 5.0 IT processes. The current capability is at level 2.5. Improvement recommendation from level 2.8 to level 3 refers to best practice recommended by COBIT 5.0 for Information Security.

Enas Amjed Alsaleem,Norhayati Mat Husin

DOI: https://doi.org/10.26668/businessreview/2023.v8i2.1236

2023-02-16

International Journal of Professional Business Review

Abstract:Purpose: The goal of this study is to ascertain how the COBIT 5 framework, which consists of (Planning and organization, Acquire and implementation, Support and Delivery, Monitoring and evaluation, Guidance and Control), affects audit risk. Theoretical framework: IT governance (ITG) is a strategic and administrative procedure that aids in an organization's efficient and responsible usage of IT. The efficacy of audit control and audit process can be significantly impacted by COBIT5. Design/methodology/approach: This study used a quantitative approach, with questionnaires distributed to 450 workers from each of the 150 Jordanian companies. The three employees served as a representative sample from the finance, internal audit, and IT departments. A total of 371 sets of questionnaires were returned with complete responses and were further examined. The data analysis employed descriptive analysis, Pearson correlation, and multiple linear regressions. Findings: The results of this investigation revealed that every independent variable, including Cobit 5, had a favorable and substantial impact on the decrease of audit risk. one of the most important results of this study showed that Monitoring and evaluation is one of the most influential dimensions of ITG to reducing audit risks, and perhaps this may be due to the nature of the delivery of IT within companies’ systems and the implementation of their applications and services to be delivered. Research, Practical & Social implications: This study helps Jordanian companies to enhance the application of information technology governance, which contributes to raising the level of efficiency of their accounting systems and enabling them to compete. Originality/value: The findings showed that are a limited number of studies on IT governance and audit risk that have focused on developing countries, especially Jordan, and this is where the research comes in –to fill up the gap.

Darwin Aridarno Sudarnoto,Wella Wella,Ririn Ikana Desanti

DOI: https://doi.org/10.31937/si.v12i2.2400

2022-04-12

Abstract:The performance of information technology governance by PT GTI has not been optimal and there has never been a measurement of information technology governance capability. Based on these problems, it is necessary to measure the capability of information technology governance and make an appropriate information technology management recommendation that can be used as a guide—the measurement of the COBIT 5.0 framework. The data collection method consisted of observation, questionnaires, and interviews. The data collection results will produce findings, impacts, and recommendations for PT GTI. Measuring the capability of information technology governance used includes Planning, Preparation, Implementation, and Measurement Reporting. The study focused on 3 IT processes and obtained the following capability level results: APO04 Manage Innovation got a score of 78.4% and stopped at level 3, APO07 Managed Human Resource with a score of 81.07% and stopped at level 1, and BAI08 Manage Knowledge got to score 61% and stop at level 2.

L H Atrinawati,E Ramadhani,T P Fiqar,Y T Wiranti,A I N F Abdullah,H M J Saputra,D B Tandirau,H M J Saputra and D B Tandirau

DOI: https://doi.org/10.1088/1742-6596/1803/1/012033

2021-02-19

Journal of Physics: Conference Series

Abstract:University XYZ is a state university in East Kalimantan, which established in 2014. All of its academic and non-academic activities are supported by information technology managed by the Information and Communication Technology Unit (ICT Unit). University XYZ implements an information technology governance system that aims to support the University XYZ business strategy and goals optimally. Information technology governance systems must be well managed to support business process activities in University XYZ. This study aims to evaluate the capability of information technology governance system using the COBIT 2019 framework. This study uses COBIT 2019 design tools and core model to evaluate University XYZ governance system, then provide assistance in determining a governance system that is adjusted to the COBIT 2019 capability level assessment. The result of this research is a recommendation of the core model or process and the capability level that must be implemented by University XYZ. This research will conclude that there are 11 Governance and Management Objectives that have a priority of more than 50%. This study conducts an evaluation phase of the core model or process so that recommendations are obtained for the development of information technology governance.

Ananda E S Setyadji,Arief R R Putrananda,Daffa H Permadi,Rais I Nustara,Reyhan B Pratama,Tegar A Masyhuda,Eva Hariyanti

DOI: https://doi.org/10.33387/jiko.v6i2.6182

2023-08-06

JIKO (Jurnal Informatika dan Komputer)

Abstract:Information Technology Governance is currently widely implemented in companies. One of the domains that can be of concern is risk management. The application of TKTI in this domain can help companies identify, evaluate, reduce, and manage risks related to their business to achieve company goals better. In this case, three frameworks can be considered, including NIST, ISO 27001, and Octave, but implementing these frameworks only sometimes goes as planned. This study aims to identify the factors that cause the ineffectiveness of implementing Information Technology Governance (ITG) in the risk management domain using the NIST, ISO 27001, and Octave frameworks. Through an analysis of existing literature and data processing, this study found that factors such as lack of understanding of the framework, lack of adequate resources, and implementation challenges play an essential role in ineffectiveness. This study concludes by providing valuable insights for organizations seeking to strengthen their risk management capabilities.