Atrinawati 2021 J. Phys. Conf. Ser. 1803 012033
Atrinawati 2021 J. Phys. Conf. Ser. 1803 012033
Atrinawati 2021 J. Phys. Conf. Ser. 1803 012033
Email: [email protected]*
Abstract. University XYZ is a state university in East Kalimantan, which established in 2014. All of its
academic and non-academic activities are supported by information technology managed by the
Information and Communication Technology Unit (ICT Unit). University XYZ implements an
information technology governance system that aims to support the University XYZ business strategy and
goals optimally. Information technology governance systems must be well managed to support business
process activities in University XYZ. This study aims to evaluate the capability of information
technology governance system using the COBIT 2019 framework. This study uses COBIT 2019 design
tools and core model to evaluate University XYZ governance system, then provide assistance in
determining a governance system that is adjusted to the COBIT 2019 capability level assessment. The
result of this research is a recommendation of the core model or process and the capability level that must
be implemented by University XYZ. This research will conclude that there are 11 Governance and
Management Objectives that have a priority of more than 50%. This study conducts an evaluation phase
of the core model or process so that recommendations are obtained for the development of information
technology governance.
1. Introduction
University XYZ was established in 2014. In 2019/2020, University XYZ has 5 majors and 14 study
programs, namely physics, mathematics, mechanical engineering courses, electrical engineering,
chemical engineering, material engineering and metallurgy, civil engineering, regional and city
planning, shipping engineering, information systems, informatics, industrial engineering,
environmental engineering, and marine engineering with a total of 3247 students and 156 teaching
staff (PDDIKTI). University XYZ is a tertiary institution focused on technology to support the needs
of the industrial world, through various educational programs at University XYZ, it is expected to
increase the knowledge and skills of human resources that will have an impact on improving
technological mastery and increasing capital productivity.
Information & Technology have become an essential also inseparable part some of the business
processes. Using I&T in organizations is making I&T governance much more significant problem.
Van Grembergen and De Haes (2010) has clearly illustrated that I&T governance must be inclusive of
governance corporate [1]. Good corporate governance can affect the level of confidence and more
secure investment protection in the future. In addition, information technology that is not managed
properly will certainly affect the quality of company performance [6]. Also based on Regulation of the
Minister of Research, Technology and Higher Education Number 62 the Year 2017 concerning
Information Technology Governance in the Environment Ministry of Research, Technology and
Higher Education, states that for the alignment of information technology planning, development and
implementation, it is necessary to have technology governance integrated information at universities
[2]. Higher education, through its organizational unit, develops Information Technology Governance
in which consists of Information Technology Governance Structure, Enterprise Architecture,
Content from this work may be used under the terms of the Creative Commons Attribution 3.0 licence. Any further distribution
of this work must maintain attribution to the author(s) and the title of the work, journal citation and DOI.
Published under licence by IOP Publishing Ltd 1
ICERIA 2020 IOP Publishing
Journal of Physics: Conference Series 1803 (2021) 012033 doi:10.1088/1742-6596/1803/1/012033
2. Methodology
This research methodology uses the Governance System Design Workflow contained in the 2019
COBIT methodology handbook [3]. This methodology contains several stages, namely understanding
the context and strategy of the company, determining the initial scope of the government system,
improving the scope of the government system, the design of governance systems, concluding
capability level assessment. The image of the research methodology is as follows:
2
ICERIA 2020 IOP Publishing
Journal of Physics: Conference Series 1803 (2021) 012033 doi:10.1088/1742-6596/1803/1/012033
a. Data collection
The steps taken to collect data are through previous research and interviews. Previous research
has resulted in 11 core model process that is important to University XYZ. The interview aims
to find data that has not been obtained from the analysis of available documents. Interviews
were conducted using questions in design toolkit provided by COBIT 2019 with several
stakeholders at University XYZ.
b. Process Capability Levels
This stage aims to find the capability level that suits the information technology governance
system of University XYZ. The level of process capability is measured using the
characteristics of the Capability and Maturity Model Integration (CMMI). The level of ability
is characterized by Level 0, Level 1, Level 2, Level 3, Level 4, and Level 5. The explanation
for each of these characteristics is as follows:
1. Level 0 - This process lacks basic capabilities and reflects an incomplete approach to
addressing governance and management objectives or does not fulfil the intent of any
process practice.
2. Level 1 - This process more or less achieves its goal through the adoption of an
incomplete set of activities that can be categorized as initial or intuitive and less
organized.
3. Level 2 - This process achieves its objective through implementing a series of basic, but
complete, activities that can be categorized as undertaken.
4. Level 3 - The process of achieving its objectives in a much more organized manner using
organizational assets. Processes are usually well defined.
5. Level 4 - The process of achieving its objectives is well defined, and its performance is
measured quantitatively.
6. Level 5 - The process of achieving its objectives, well defined, its performance is
measured to improve performance, and continuous improvement is carried out [3].
Determining the capability level is obtained by dividing the number of activities that have
been carried out by the total activity of University XYZ and multiplying by 100% so that the
appropriate capability level is obtained.
c. Rating Process Activities
The assessment criteria used to evaluate the components of the process are NPFL, namely
Not, Partially, Largely, and Fully. The University XYZ is considered to have met the core
model at a certain level if the process assessment criteria at that level are Fully. The
information on the percentage of each assessment criterion is as follows:
1. Fully (F) - Proficiency level is achieved by more than 85 percent.
2. Partially (P) - Proficiency level is achieved more than equal to 15 percent and less than
equal to 50 percent.
3. Largely (L) - Proficiency level is achieved more than equal to 50 percent and less than
equal to 85 percent.
4. Note (N) - The proficiency level is less than 15 percent attainable [3].
After getting the capability level value, it can be determined that the rating process activities
are under the criteria of Not, Partially, Largely, or Fully.
d. Focus Area Maturity Levels
Sometimes a higher level is required to declare damage free performance applicable to
individual process capability ratings. The maturity level can be used for that purpose. COBIT
2019 defines maturity level as a measure of performance at the focus area level [3]. In this
research, the process being measured is a process that has only Suggested Capability Levels 3
and 4.
e. Recommendations
By using the 2019 COBIT framework, it can provide recommendations for companies in
regulating IT governance and provide business flexibility to create practical governance
solutions tailored specifically for their organizational goals and objectives [7]. The
recommendations given by COBIT 2019 follow the existing activities at the currently
3
ICERIA 2020 IOP Publishing
Journal of Physics: Conference Series 1803 (2021) 012033 doi:10.1088/1742-6596/1803/1/012033
achieved capability level so that they can continue to the next capability level. This
recommendation is also useful for developing further information technology governance
because University XYZ can find out what are the shortcomings of the current information
technology governance system.
Governance/Management
Reference Priority
Objectives
Managed Enterprise
APO03 70
Architecture
APO08 Managed Relationship 60
Managed Service
APO09 75
Agreements
APO11 Managed Quality 50
APO12 Managed Risk 55
APO13 Managed Security 115
APO14 Managed Data 105
Managed Solutions
BAI03 55 Figure 2. Overview of the current condition of
Identification & Build
Managed IT Changes 100
University XYZ with the target condition
BAI06
DSS04 Managed Continuity 70
Managed Security
DSS05 80
Services
4
ICERIA 2020 IOP Publishing
Journal of Physics: Conference Series 1803 (2021) 012033 doi:10.1088/1742-6596/1803/1/012033
Understand the company's current goals and objectives. Work in the strategic plan process to
ensure that I&T related company architectural opportunities are utilized in the development of
strategic plans.
Analyze stakeholder focus, business capability requirements, scope, constraints, and
principles, create an architectural vision.
5
ICERIA 2020 IOP Publishing
Journal of Physics: Conference Series 1803 (2021) 012033 doi:10.1088/1742-6596/1803/1/012033
6
ICERIA 2020 IOP Publishing
Journal of Physics: Conference Series 1803 (2021) 012033 doi:10.1088/1742-6596/1803/1/012033
7
ICERIA 2020 IOP Publishing
Journal of Physics: Conference Series 1803 (2021) 012033 doi:10.1088/1742-6596/1803/1/012033
8
ICERIA 2020 IOP Publishing
Journal of Physics: Conference Series 1803 (2021) 012033 doi:10.1088/1742-6596/1803/1/012033
9
ICERIA 2020 IOP Publishing
Journal of Physics: Conference Series 1803 (2021) 012033 doi:10.1088/1742-6596/1803/1/012033
4. Conclusions
This research conducted at the University XYZ produced 11 Governance and Management Objectives,
which had a priority of more than 50% based on the results of the assessment using the 2019 COBIT
Governance System Toolkit V 1.0. 11. This research has formulated recommendations for University
XYZ to improve their I&T governance. Several processes still did not meet the recommended
capability level, namely APO03, APO08, APO09, APO11, APO12, APO13, APO14, BAI03, BAI06,
DSS04 and DSS05. Furthermore, University XYZ can conduct implement the recommendations based
on the priority.
10
ICERIA 2020 IOP Publishing
Journal of Physics: Conference Series 1803 (2021) 012033 doi:10.1088/1742-6596/1803/1/012033
5. References
[1] Jairak, K., & Praneetpolgrang, P. (2013). Applying IT governance balanced scorecard and
importance-performance analysis for providing IT governance strategy in university.
Information Management & Computer Security, 21(4), 228–249.
[2] Kemenristekdikti, “Tata kelola teknologi informasi di lingkungan kementerian riset, teknologi,
dan pendidikan tinggi,” Jakarta, 2017.
[3] ISACA, COBIT 2019 Framework: Introduction and Methodology, USA: ISACA, 2018.
[4] ISACA, COBIT 2019 Governance and Management Objectives, USA: ISACA, 2018.
[5] Saputra, Hendy M.J., “Penyesuaian sistem tata kelola pada institut teknologi kalimantan dengan
menggunakan COBIT 2019,” unpublished.
[6] Anjani, G. S. (2014). Evaluasi Rekomendasi Perbaikan Layanan TI Badan Pengatur Hilir
Minyak dan Gas Bumi berdasarkan Kerangka Kerja COBIT 5 dan ITIL V3. Universitas
Indonesia.
[7] Governance. (2018). COBIT 2019 Framework: Governance and Management Objectives.
Schaumburg: ISACA.
Acknowledgements
Acknowledgement for XYZ University, especially for Personnel ICT Department of University XYZ
that giving the change for us to perform this research, and thank you for Academic and Student Affairs
Department that ready for collaboration for succeeding this research, and thank you for all teams that
have worked hard to solve the problem at ICT Department.
11