Evaluation of IT Governance at Office X using the COBIT 5 Framework
on
JURNAL ILMIAH MERPATI VOL. 9, NO. 1 APRIL 2021
p-ISSN: 2252-3006
e-ISSN: 2685-2411
Evaluation of IT Governance at Office X using the COBIT 5 Framework
I Putu Gede Agus Krissna Bayu Eka Pamana PNa1, A.A. Kompiang Oka Sudanaa2, Ni Kadek Ayu Wirdiania3, Ida Bagus Ananda Paramarthaa4
aDepartment of Information Technology, Engineering Faculty, Udayana University
Bukit Jimbaran, Bali, Indonesia-803611 e-mail: 1[email protected], 2[email protected], 3[email protected], 4[email protected]
Abstract
The IT governance audit aims to define the level of importance (maturity level) of a company or government agency. IT governance audit is essential because if governance is not implemented correctly, the harmony between IT is beneficial to support business processes, and standard procedures will not be achieved. One of the agencies that require the implementation of good IT governance is Office X in Badung Regency. Office X in Badung Regency has a function in developing ICT infrastructure through application development, public service content, and ICT networks to improve public services. Conditions that occur in the field are frequent errors caused by internal and external parties that negatively impact the data management of Office X. The audit process begins with research include conducting literature studies, conducting interviews, determining critical points. After obtaining a critical point, continue mapping the enterprise goals, mapping the enterprise goals with IT-related goals, and mapping related the goals with the COBIT process. The next process is processing the maturity questionnaire data level, capability questionnaire, GAP, and finally making recommendations for improvements and suggestions. The audit results show that four IT processes need to be given recommendations for improvement, namely MEA 01, EDM 01, APO 07, DSS02.
Keywords: IT Audit, IT Governance, COBIT 5, Maturity Level, Capability Level
Information technology is currently an essential part of companies/governments in increasing the transparency, effectiveness, and efficiency of corporate business processes or government administration processes and encouraging overall organizational management [1] [2]. One of the government agencies that perform IT governance is Office X in Badung Regency.
Office X in Badung Regency is one of the government agencies responsible for processing information in government circles. Office X plays an essential role in developing ICT infrastructure through application development, public service content, and ICT networks to improve public services. Public services play an important role in activities organized by the Regional, Central, and Environmental Governments to meet every citizen's basic needs [3]. Data management is providing information systems for the public and information systems and networks within the agency itself. It must be well maintained and organized.
The current condition in the field, namely the management of data at Office X, seems not good because errors often occur caused by internal and external parties and have a negative impact on data management in agencies. Based on these problems, an information technology governance audit needs to be carried out to find existing problems and make it easier to manage all information flows.
COBIT 5 provides analysis and framework to help governments/companies achieve the objectives and management aspects of IT governance. COBIT 5 designed the model to be globally acceptable to assist analysis, including maximizing IT's maturity level throughout the organization or company [4].
The audit carried out in this journal uses the COBIT 5 framework to improve IT governance in Office X to make it easier to manage all flows and all data communications that occur in agencies. Previous research on IT audits has been conducted, including an audit of the Evaluation of IT Governance at Office X using the COBIT 5 Framework (I Putu Gede Agus 1 Krissna Bayu Eka Pamana PN)
IT Governance design using the COBIT 5 in the Janeponto Regency Government. The study found that the eight COBIT processes had not been fully implemented so that the objectives of the method had not been achieved, and there was a gap between the current state and the targets set in each process [5]. Subsequent research is evaluating IT governance at the DPRD secretariat of South Sumatra Province using COBIT 5. This study aims to recognize, determine the condition and level of maturity of Information Technology governance, as great as to give recommendations for improvement using COBIT 5. The results of the maturity level are obtained from the average distribution value is 2.24, namely Managed Process [6]. The IT governance audit research is intended to conduct an audit at Office X in Badung Regency by measuring IT governance's importance and providing recommendations for improvements.
The research methodology describes the stages of research that carry the process of conducting an audit with COBIT 5.
The stages carried out in governance research include conducting literature studies, conducting interviews, determining critical points. After obtaining a critical point, the mapping of enterprise goals is carried out, the mapping enterprise goals with IT-related goals, and the mapping related goals with the COBIT process. The next process is processing the maturity questionnaire data level, capability questionnaire, GAP, and finally making recommendations for improvements and suggestions.
Figure 1. Research Stage
-
Figure 1 is a research stage of IT governance, starting from the beginning to the end. The first stage is a literature study. This stage is to search for references, fundamental sources of theory, and supporting information to strengthen the research study. This initial stage aims to understand better the concepts of governance, framework standards, and other supporting concepts used in research. The second stage is conducting interviews. The interview stage functions to find out what the problem is in the current governance at Office X. The third stage is the critical point. At this stage, the researcher makes a breakdown of each problem, then concludes which is the primary reference.
The fourth stage is to do some mapping, including enterprise goals (identification of business goals), the enterprise goals with IT-related goals (identification of the business goals with IT goals), and the mapping related goals (IT goals) with the COBIT process. The fifth stage is a questionnaire, where the questionnaire will be distributed to each board of directors/employees to get results from the level of maturity. The next stage is to measure the capability level value at Office X based on the capability level questionnaire results. A gap occurs because there is a distinction between the target capability and the current capability level. The final stage is to provide recommendations for improvements and suggestions.
Data collection has an essential role in research to determine the level of maturity of IT performance management. The data collection process in this study was obtained based on interviews and questionnaires.
-
a. Interview, which is a data collection method by asking questions directly to obtain survey data. Interviews were conducted in order to find out what the problem is in the current governance at Office X.
-
b. Questionnaires, a data collection method that contains a list of questions, where the list of questions is designed in detail and completely, which has been adjusted to COBIT 5. The questionnaire will be distributed to each board of directors/employees, aiming to obtain information on the agency's problems and get the level of maturity. The questionnaire distributed was the level of maturity questionnaire and capability questionnaire.
Table 1. Example of a Maturity Questionnaire
|
Maturity Questionnaire | |||
|
No IT Process |
STP |
TP CP P |
SP |
|
Level |
Level Level Level |
Level | |
|
= 1 |
= 2 = 3 = 4 |
= 5 | |
|
1 Develop and maintain an IT business plan to | |||
|
respond to disruptions and maintain the availability of company information. |
Table 1 is an example of a maturity levels questionnaire. The level of maturity questionnaire aims to determine the IT processes considered necessary by the agency's toplevel management. Information from each level of importance, namely SP (Very Important), P (Important), CP (Quite Important), TP (Not Important), and STP (Very Not Important). The level of maturity questionnaire refers to the IT COBIT 5 process standard. After going through the calculation process for the level of importance, four processes that have the highest value are selected, which are then calculated for the score and level of capability.
Table 2. The score for the Capability Level Questionnaire
Status
Not Achieved
At this stage, the process has not been performed and has not reached its goals.
Partially Achieved
At this stage, a systematic approach has been made to the implementation of the process, but some parts of the process cannot be implemented.
Largely Achieved
At this stage, a systematic approach has been taken to implement the process. The purpose of doing the starting process reached.
Fully Achieved
At this stage, the process has been entirely performed and achieved its objectives.
Score 0 – 15 %
>15 – 50 %
>50 – 85 %
>85 – 100 %
A process can be said to be at the level if it gets largely achieved or fully achieved values. If the process gets a value below it, the process cannot yet be at the assessed process level. An IT process can go to the next level if the current level assessment is fully achieved or is in the value range> 85 -100. The capability level questionnaire scores refer to the PAM document using the COBIT 5 Toolkit Self Assessment Templates.
The literature study describes the literature carrying the research process of the IT Governance Audit of Office X with COBIT.
Information technology audit is a form of an operational audit. However, the current information technology audit is a particular type of audit unit that aims to improve information technology governance [7].
Information Technology Governance is a process to ensure that company goals accomplish by evaluating stakeholders, needs, conditions, and choices [8]. One of the keys to IT governance is to focus on aligning information technology (IT) with business objectives [9]. It can be implemented by building relational processes, structures, and mechanisms to manage IT assets, thereby achieving strong IT alignment and ultimately increasing the return on investment that supports IT [10]. Information technology governance can be said to be a combination of corporate governance and information technology management.
COBIT is a result and documentation guide that helps auditors, stakeholders, and links business control models and Information Technology control models [11] [12]. COBIT 5 is a framework applied to increase and measure Information Technology governance [13]. COBIT 5 is COBIT 4.1 combined with Val Information Technology 2.0 and Risk Information Technology, to create a new version of the COBIT framework, namely COBIT 5 [14]. Val IT 2.0 contains a
governance framework to increase the business value of IT applications. Whereas Risk IT contains a framework to address the gap between general and detailed risk management frameworks (closely related to IT).
Control Objectives Information and Related Technology (COBIT 5) generally has five basic principles, namely [15] :
-
1. Meeting Stakeholder Needs
There are company efforts to build value for stakeholders by maintaining stability between realization, optimization of risk, and use of resources.
-
2. Covering the Enterprise End-to-End
Useful for integrating corporate IT governance within corporate governance. The IT governance system used by COBIT 5 can seamlessly integrate into the corporate governance system. This second principle is needed to regulate and manage corporate IT wherever information is processed, both internal and external IT services.
-
3. Implementing a Single Integrated Framework
There are various standards related to IT, each of which guides IT activities. COBIT 5 is in line with another relevant standards and frameworks at a high level. Therefore, COBIT 5 can be used as an overarching framework for corporate governance and management.
-
4. Enabling a Holistic Approach
Effective and efficient corporate governance and management need a holistic approach by considering several interacting components.
-
5. Separating Governance from Management
COBIT offers a reasonably clear distinction between governance and management. They cover a variety of different activities, serve different purposes, and need different organizational structures.
The results and discussion explain the audit process in several stages, such as determining critical points, identifying business goals mapping processes, IT objectives and business processes, distributing questionnaires, and providing best practice suggestions for business process improvement.
After conducting interviews with Office X in Badung Regency, several critical points or problems that often occur in their business processes were found. The following are critical points obtained from problems that often occur in companies.
-
1. The low competence of civil servants who perform the functions of the Communication and Information Technology sector so it still needs improvement.
-
2. The authority of Office X in collecting and accessing government administration information within the internal government environment has not fully accommodated the implementation of duties and functions of the Communication and Information Technology Sector.
-
3. Lack of public access to information on government administration.
-
4. The e-Government database and services are not yet integrated between the Central Government and Local Governments, or Provincial Governments and Regency/City Governments.
-
5. Potential misuse of websites and information on government administration by irresponsible parties.
Based on the five critical points obtained, a mapping of the business goals in the COBIT 5 framework will be carried out. This business goal consists of 17 parts divided into four perspectives in the Balanced Scorecard, namely in Table 3.
Table 3. Business Goals COBIT 5
|
Performance Perspective |
No. |
Business Goals |
|
Financial |
1. |
The Stakeholder value of a business investment |
|
Perspective |
2. |
Competitive the portfolio of services and products |
|
3. |
Management of business risk, especially asset protection | |
|
4. |
Compliance with regulations and external laws | |
|
5. |
Financial transparency | |
|
Customer |
6. |
Be oriented to customer culture |
|
Perspective |
7. |
Continuous availability of business services |
|
8. |
Quick response to changing business environment | |
|
9. |
Decision making strategy based on available information | |
|
10. |
Optimization of service costs | |
|
Internal Perspective |
11. |
Optimization of business process functions |
|
12. |
Optimization of business process costs | |
|
13. |
Manage to change business programs | |
|
14. |
Productive staff and operations | |
|
15. |
Compliance with internal policies | |
|
Learning & Growth |
16. |
Skilled and motivated employees |
|
Perspective |
17. |
Products and business innovations based on culture |
Based on the above business goals, the mapping process is carried out between the critical points that have been obtained and business goals based on COBIT 5 with the results, as in Table 4.
Table 4. Mapping Critical Points with Business Goals
|
Source |
Critical Point |
No. |
Business Goals |
|
Office X Badung |
The low competence of civil servants in carrying out their field functions |
16 |
Skilled and motivated employees |
|
Regency |
The authority in the internal environment |
15 |
Compliance with internal |
|
has not fully accommodated the implementation of duties and functions Lack of public access to information on |
8 |
policies Quick response to | |
|
government administration The e-Government database and services |
7 |
changing business environment Continuous availability of | |
|
are not yet integrated Potential misuse of websites and |
3 |
business services Management of business | |
|
information |
risk, especially asset protection |
Table 4 results from the mapping between the critical points obtained with business objectives based on COBIT 5. The critical points are obtained from interviews with employees at the X Office in Badung Regency. Then the results of the critical point are mapping the business objectives contained in the COBIT 5 framework. Then the results of critical mapping with five Business Goals are obtained.
The business goals that have been obtained from the process of mapping critical points against COBIT 5 business goals will then be carried out, mapping between the business goals and IT goals based on COBIT 5 with the results as in Table 5.
Table 5. Mapping Business Goals with IT Goals
|
No. |
Business Goals IT Goals |
|
3 |
Management of business risk, especially asset protection 4, 10, 16 |
|
7 |
Continuous availability of business services 4, 10, 14 |
|
8 |
Quick response to changing business environment 1, 7, 9, 17 |
|
15 |
Compliance with internal policies 2, 10, 15 |
|
16 |
Skilled and motivated employees 16 |
Based on the results of the mapping between Business Goals and IT Goals, the IT Goals can be seen in Table 6.
Table 6. IT Goals
No. IT Goals
-
1 Aligning IT among business strategy
-
2 IT compliance as well as for regulatory compliance and support external legal
-
4 Addressing IT problems linked to business risks
-
7 Delivery of IT services according to business needs.
-
9 IT agility
-
10 Information security, applications, and processing infrastructure
-
14 The availability of credible information and helpful for decision making
-
15 IT compliance with the internal policies
-
16 IT personnel who are competent and have the motivation to the existing business
-
17 Expertise and initiatives for business innovation
Identification of the IT Process is the final stage in selecting the IT Process. Mapping with IT processes related to IT goals consists of five domains, namely APO (Align, Plan, and Organize), BAI (Build, Acquire, and Implement), DSS (Deliver, Service, and Support), EDM (Evaluate, Direct, and Monitor), MEA (Monitor, Evaluate, and Assess).
Table 7. Mapping IT Goals with IT Processes
|
No. |
IT Goals |
IT Processes | ||||
|
EDM |
APO |
BAI |
DSS |
MEA | ||
|
1. |
Aligning IT among business strategy |
EDM01 |
APO01 APO02 APO08 |
BAI02 |
- |
- |
|
2. |
IT compliance as well as for regulatory |
- |
APO01 |
BAI10 |
DSS05 |
MEA02 |
|
compliance and support external legal |
APO12 | |||||
|
4. |
Addressing IT problems linked to |
- |
APO12 |
BAI01 |
DSS01 |
MEA01 |
|
business risks |
APO13 |
BAI06 |
DSS02 |
MEA02 | ||
|
DSS04 DSS05 DSS06 |
MEA03 | |||||
|
7. |
Delivery of IT services according to |
EDM05 |
APO02 |
BAI04 |
DSS01 |
MEA01 |
|
business needs. |
APO08 |
BAI06 |
DSS02 | |||
|
APO09 |
DSS04 | |||||
|
APO11 |
DSS05 DSS06 | |||||
|
9. |
IT agility |
EDM04 |
APO01 |
BAI08 |
- |
- |
|
10. |
Information security, applications, and |
- |
APO12 |
BAI06 |
DSS05 |
- |
|
processing infrastructure |
APO13 | |||||
|
14. |
The availability of credible information and |
- |
APO09 |
BAI04 |
DSS04 |
- |
|
helpful for decision making |
BAI10 | |||||
|
15. |
IT compliance with the internal policies |
- |
APO01 |
- |
- |
MEA01 MEA02 |
|
16. |
IT personnel who are competent and |
EDM04 |
APO01 |
- |
- |
- |
|
have the motivation to the existing business |
APO07 | |||||
|
17. |
Expertise and initiatives for business |
- |
APO01 |
BAI08 |
- |
- |
|
innovation |
APO02 APO07 APO08 | |||||
Table 7 is the result of the mapping of IT process that has been obtained. This IT process is the basis for creating a search questionnaire related to the critical points obtained at an early stage. Before making the questionnaire, the IT process will be described in advance, obtained in table 8.
Table 8. Description of IT processes
|
Domain |
IT Process |
|
EDM01 EDM04 EDM05 APO01 APO02 APO07 APO08 APO09 APO11 APO12 APO13 BAI01 BAI02 BAI04 BAI06 |
Ensuring management and Maintenance of Governance Ensuring Resource Optimisation Ensuring Stakeholder Transparency Managing an IT Management Framework Managing Strategy Managing Human Resources Managing Relationship Managing Service Contracts Managing Quality Managing Risk Managing Security Managing Programmes and Projects Managing Requirements Definition Managing Availability and Capacity Managing Changes |
|
BAI08 |
Managing Knowledge |
|
BAI10 |
Managing Configuration |
|
DSS01 |
Managing Operations |
|
DSS02 |
Managing Incidents and Service Requests |
|
DSS04 |
Managing Sustainability |
|
DSS05 |
Managing Security Service |
|
DSS06 |
Managing Business |
|
MEA01 |
Process Control Monitor, Evaluate and Assess Performance and Conformance |
|
MEA02 |
Monitor, Evaluate, and Assess the Method of Internal Control |
|
MEA03 |
Monitor, Evaluate and Assess Compliance with External Requirements |
The RACI arrangement of each process associated with the Office X business process is completed with the entities associated with each process along with the individual entity RACI levels. The RACI graph can be followed in Table 9.
Table 9. RACI Chart at Office X
Activities
Entity 1 2 3 4 5 6
They were ensuring that the things needed by the service are fulfilled R and providing guidance to subordinates in their respective areas of duty.
Implement standardization of information exchange for cross-sectoral A information databases.
Decide on strengthening public communication resources and providing R access to information.
Assessing the already running system, whether it is following the A expected results, there are problems or not.
We are developing service reengineering business processes within A the X Office and other Smart City Stakeholders.
The determination of the RACI Chart has been adjusted to the process of understanding the level of importance based on IT process references the results of mapping business goals and IT goals. The entity RACI chart is the top-level management of the respondent to fill out the Maturity Questionnaire. The component of the RACI Chart, namely Responsible (R) is the person who carries out the activity, the Accountable (A) is the person who is finally responsible and has the power to decide a case, Consult (C) is the person who requires feedback or suggestions and contributes to the activity, Informs (I) is a person who needs to understand the result of a decision or action. The RACI chart entity consists of the Head of Services (1), the PIP Division (2), (3) the PKP Division, the ICT Sector (4), the eGovernment Division (5), General (6).
The maturity questionnaire was designed about the COBIT 5 IT Process standard. The questionnaire of interest was given to respondents from the company's top-level management. The interest questionnaire results are used to identify IT processes necessary by the company to be audited. An example of a draft interest questionnaire is presented in Table 10.
Table 10. Example of a Draft Maturity Questionnaire
|
Maturity Questionnaire | |
|
Domain |
Statement STP TP CP P SP Level 1 2 3 4 5 |
|
EDM01 |
Ensuring management and Maintenance of Governance. Clarify responsibilities and authorities that are in line with the company's strategy and goals. For example, agencies can provide information about the agency's vision and mission, objectives, and architecture to its employees. |
|
APO01 |
Managing an IT Management Framework. Maintain and explain the use of IT with company policies. For example, agency policies in carrying out tasks/projects are completed in approximately six months to carry out system testing. |
|
BAI01 |
Managing Programmes and Projectss. Manage any programs and projects in line with company strategy in a coordinated manner. |
|
DSS04 |
Managing Sustainability Develop and maintain an IT business plan to respond to disruptions and maintain the availability of company information. |
|
MEA03 |
Monitor, Evaluate and Assess Compliance with External Requirements. Evaluate the IT processes and IT business processes supported under laws, regulations, and contract terms. Ensures that terms have been recognised and met and integrates IT compliance with agency compliance as a whole. |
The Maturity Questionnaire has five weight values, namely Very Not Important (STP) with a weight value of 1, Not Important (TP) with a weight value of 2, Quite Important (CP) with a weight value of 3, Important (P) with a weight value of 4, and Very Important (SP) with a weight value of 5. The importance level questionnaire produces the highest four process domains. Table 8 below shows the four process domains with the highest values.
Table 11. IT Process Domain End Results and Descriptions
IT Process
Descriptions
MEA01
EDM01
APO07
Provides transparency of the performance and conformity and achievement of goals. Ensuring responsibility and authority in line with the company's strategy and objectives.
Ensure optimal management, placement, decision-making rights and human resource skills.
DSS02 Provide timely and effective responses to stakeholders.
The capability questionnaire was designed referring to the PAM Using COBIT 5 Toolkit Self Assessment Templates document. The capability questionnaire was given to the head of department and staff of Office X. The results of the capability questionnaire are applied to determine the level of the process capability being audited. An example of a draft capability questionnaire from the APO07 domain is presented in Table 12.
Table 12. Example of a Draft Capability Questionnaire APO07
Critical Point 1
The low competence of civil servants in carrying out their field
No. Level functions Score
Process: APO07 (0-100)
Provide the infrastructure approach used to ensuring structuring, placement, decision-making rights, and human resource. This covers how to communicate roles and responsibilities, learning and increase plans, and performance supported by competent skill and motivated person.
-
1. 1.1 a. Placement of State Civil Apparatus officers in each division
according to their field of competence.
The draft capability level questionnaire consists of the problem points used in the questionnaire statement, a description of the IT process domain and the score filled in by the respondent.
The gap or gap level from capability level is the difference between expected capability (expected target level) with current capability (current level value). The gap between the four audited IT processes is shown in Table 13 below.
Table 13. Gap Capability Level
|
Proses TI |
Current Capability (CC) |
Expected Capability (EC) |
GAP (EC-CC) |
|
MEA01 |
2 |
5 |
3 |
|
EDM01 |
3 |
5 |
2 |
|
APO07 |
2 |
5 |
3 |
|
DSS02 |
3 |
5 |
2 |
The recommendation to improve Office X Badung Regency is directed towards the expected capability level, namely the 5-optimized capability level. The calculation starts from the lower level to the capability level above it in sequence. The IT process capability level gap can be overcome by using the guidelines from COBIT 5, so the next step is to address improvements to Office X Badung Regency to get to the expected capability level. Table 13 below is the recommendation given to Office X Badung Regency.
Table 13. Suggestions and Recommendations
No. Domain Suggestions and Recommendations
-
1. MEA 01 The existing condition in the Office X Badung Regency has not carried out planning and monitoring for data collection and process definition. Recommendations from researchers make planning and monitoring for data collection from the definition of the process to minimize the occurrence of deviations. Besides, researchers also pay attention to agencies making each summary of work report documentation, which is easy to implement and adapted to various needs.
-
2. EDM 01 The IT process, IT goals, and SOP policies that apply at the X Office in Badung Regency have reached the process. However, to achieve the expected process, namely the predictable process or the one that has been measured, it is necessary to periodically evaluate the system. The researcher recommends that it is necessary to regularly optimize governance and meet needs regularly, namely by conducting meetings and testing the process's implementation with an agreed period. The purpose of conducting the trial is so that the running process can fulfill other processes and later can fulfill the business plan.
-
3. APO 07 The implementation of work assignments at the Office X agency in Badung Regency has operated well. However, the knowledge and competence of several staff and employees still do not fully know each role and function. The agency can overcome conditions like this by optimizing in conducting more detailed socialization to staff and employees at the Office X of Badung Regency and by proper communication and division of tasks according to competence to work optimally.
-
4. DSS 02 Office X in Badung Regency can provide timely and effective responses to requests and access to the community and other stakeholders and provide solutions to all types of problems.
The conclusion from this research's implementation is that a series of audit processes carried out at the Office X in Badung Regency was carried out to identify business goals, identify IT goals, and identify IT processes, followed by processing and analyzing data and providing recommendations. The results concluded that the four highest domains were the most appropriate recommendations for improving IT governance, namely MEA01 (Ensuring management and Maintenance of Governance), EDM01 (Ensuring management and Maintenance of Governance), DSS02 (Managing Incidents and Service Requests), and APO07 (Managing Human Resources).
References
-
[1] S. Oktavia, “AUDIT TATA KELOLA TEKNOLOGI INFORMASI MENGGUNAKAN
FRAMEWORK COBIT 5 (Studi Kasus: PT Pelabuhan Indonesia II (Persero) Cabang Panjang).” Perpustakaan Universitas Teknokrat Indonesia, 2017.
-
[2] I. Riadia and E. Handoyoc, “Security Analysis of GRR Rapid Response Network using
COBIT 5 Framework,” Lontar Komput. J. Ilm. Teknol. Inf., vol. 10, no. 1, 2019.
-
[3] I. M. Sukarsa et al., “Evaluation of E-Government Maturity Models in Sub-District Public
Services in Indonesia Using the SPBE Framework,” J. RESTI (Rekayasa Sist. Dan Teknol. Informasi), vol. 4, no. 2, pp. 243–253, 2020.
-
[4] N. Utami, I. P. A. Bayupati, and I. K. A. Purnawan, “Audit Capability EAM menggunakan
COBIT 5 dan ISO 55002 pada Perusahaan Kelistrikan Negara,” J. MERPATI, vol. 4, no. 3, 2016.
-
[5] J. Gerung and K. L. Barat, “Perancangan Tata Kelola TI Dengan Menggunakan
Framework Cobit 5 (Studi Kasus: Pemerintah Kab. Jeneponto),” J. Teknol. Inf. dan Komput., vol. 1, no. 1, pp. 10–15, 2016.
-
[6] S. Damayanti, E. S. Negara, and D. Diana, “EVALUASI TATA KELOLA TI PADA
SEKRETARIAT DPRD PROVINSI SUMATERA SELATAN MENGGUNAKAN COBIT 5,” J. Bina Komput., vol. 1, no. 2, pp. 90–100, 2019.
-
[7] M. Sari, “Audit Tata Kelola Ti Menggunakan Kerangka Kerja Cobit Pada Domain Ds Dan
Me Di Perusahaan Kreavi Informatika Solusindo,” 2016.
-
[8] F. S. Sulaeman, “Audit Sistem Informasi Framework Cobit 5,” Media J. Inform., vol. 7,
no. 2, 2017.
-
[9] H. T. Sihotang and H. Lumbantoruan, “Evaluasi Tingkat Kematangan Tata Kelola
Teknologi Informasi Dan Komunikasi (TIK) Dengan Framework Cobit 5.0 Pada STMIK Pelita Nusantara Medan,” J. Mantik Penusa, vol. 3, no. 1.1, 2019.
-
[10] T. Huygh, S. De Haes, A. Joshi, and W. Van Grembergen, “Answering key global IT management concerns through IT governance and management processes: A COBIT 5 View,” in Proceedings of the 51st Hawaii International Conference on System Sciences, 2018.
-
[11] A. Amrulloh, G. Wibisono, and A. R. Mido, “Audit Tata Kelola Teknologi Informasi Pada Perguruan Tinggi Menggunakan Cobit 5 Fokus Proses Pelayanan,” J. Ilm. KOMPUTASI, vol. 19, no. 1, pp. 115–120, 2020.
-
[12] I. P. A. A. Putra, I. M. Sukarsa, and I. P. A. Bayupati, “Audit TI Kinerja Manajemen PT. X Dengan Frame Work Cobit 4.1,” Lontar Komput. J. Ilm. Teknol. Inf., vol. 6, no. 1, pp. 13– 24, 2015.
-
[13] M. A. Putri, I. Aknuranda, and W. F. Mahmudy, “Maturity evaluation of information technology governance in PT DEF using Cobit 5 Framework,” J. Inf. Technol. Comput.
Sci., vol. 2, no. 1, pp. 19–27, 2017.
-
[14] C. Anindita, I. K. A. Purnawan, and N. M. I. M. Mandenni, “Penerapan COBIT 5 Pada Audit Tata Kelola Teknologi Informasi Perusahaan X,” J. Ilm. Merpati (Menara Penelit. Akad. Teknol. Informasi), pp. 244–252.
-
[15] D. A. Anggoro, “Analisis Kepatuhan Karyawan Terhadap Kebijakan Pengamanan Data pada PT XYZ dengan Standar COBIT 5,” J. Ilm. Univ. Bakrie, vol. 2, no. 05, 2014.
Evaluation of IT Governance at Office X using the COBIT 5 Framework (I Putu Gede Agus 12
Krissna Bayu Eka Pamana PN)
Discussion and feedback