Available via license: CC BY-SA 4.0
Content may be subject to copyright.
1
Identification of IT Governance Capability Level of COBIT
2019 at The KOMINFO City of Bitung, North Sulawesi
Cherry Lumingkewas1, Joe Yuan Mambu*2, Andria K. Wahyudi3
1Fakultas Ekonomi dan Bisnis, Universitas Klabat
23Fakultas Ilmu Komputer, Universitas Klabat
e-mail:1cherry@unklab.ac.id, *2joeyuan.mambu@unklab.ac.id, 3andriawahyudi@unklab.ac.id
Abstract
Effective information technology governance (ITG) is vital for managing risks and ensuring proper
oversight of IT in government organizations and enterprises. However, many organizations struggle
with implementing effective ITG strategies, resulting in a higher likelihood of cybersecurity breaches,
operational inefficiencies, and financial losses. This study addresses the urgency of improving ITG by
assessing the capability level of ITG within the Ministry of Communication and Information Technology
(KOMINFO) in Bitung, North Sulawesi, using the widely recognized COBIT 2019 framework. By
conducting interviews with key IT personnel, the study quantifies the capability level of eleven core
models and highlights areas that require improvement. The results underscore the critical importance
of designing and implementing effective IT governance to mitigate risks and enhance IT oversight in
government organizations and enterprises. The study's findings can serve as a foundation for future
efforts to improve IT governance in KOMINFO and other organizations, ultimately contributing to a
safer and more secure IT environment.
Keywords: IT Governance, IT Audit, COBIT 2019, Capability Level
Identifikasi Tingkat Kapabilitas Tata Kelola TI Menggunakan
COBIT 2019 Pada KOMINFO Kota Bitung Sulawesi Utara
Abstrak
Governance teknologi informasi (TI) yang efektif sangat penting untuk mengelola risiko dan
memastikan pengawasan TI yang tepat di organisasi pemerintah dan perusahaan. Namun, banyak
organisasi kesulitan mengimplementasikan strategi governance TI yang efektif, yang dapat
menyebabkan peluang terjadinya pelanggaran keamanan siber, ketidakefisienan operasional, dan
kerugian keuangan yang lebih tinggi. Studi ini mengatasi urgensi peningkatan governance TI dengan
menilai tingkat kemampuan governance TI di Kementerian Komunikasi dan Informatika (KOMINFO) di
Bitung, Sulawesi Utara, menggunakan kerangka kerja COBIT 2019 yang diakui secara luas. Dengan
melakukan wawancara dengan personel TI utama, studi ini mengukur tingkat kemampuan sebelas
model inti dan menyoroti area yang perlu ditingkatkan. Hasil penelitian menekankan pentingnya
merancang dan menerapkan governance TI yang efektif untuk mengurangi risiko dan meningkatkan
pengawasan TI di organisasi pemerintah dan perusahaan. Temuan studi ini dapat menjadi dasar untuk
upaya peningkatan governance TI di KOMINFO dan organisasi lainnya, yang pada akhirnya akan
berkontribusi pada lingkungan TI yang lebih aman dan terlindungi.
Kata kunci: Tata Kelola IT, Audit IT, COBIT 2019, Capability Level
1. Introduction
Information Technology Governance, or IT Governance, is important in monitoring or managing
information technology and the risks in a company and even agencies. Without good governance in a
company, it will not be easy to see how high the performance of IT implementation is a company. To
achieve the vision and mission of the company, the company requires IT Governance that can increase
Jurnal TeIKa, Volume 13, Nomor 1, April 2023
2
maximum profits [2]. The problem of Information Technology Governance is the responsibility of
companies and government agencies such as the Ministry of Communication and Information
Technology (KOMINFO).
The KOMINFO is part of the national ministry of the Indonesian government. Public services for
communication and information technology in the community are managed and administered by
KOMINFO. It makes KOMINFO an important agency in the continuity of the service process to the local
community. Tasks and functions that are part of the KOMINFO to organize government affairs in terms
of helping to provide data collection related to information from the public to the government include
several things, namely, the policies formulation and determination and policies in the resource
management and guidance field and providing administrative support within the KOMINFO and others
[3]. The KOMINFO has many duties and responsibilities in supporting services for the community. To
help it, they need to structure good technology and system governance so that services can be
conducted properly.
IT Governance can be done with various frameworks, including COBIT (Control Objective for
Information and related Technology). COBIT is an IT governance framework intended for management,
staff, the IT department, to business people to ensure the confidentiality and availability of company
data integrity; that has five scopes: EDM Domain regulating evaluation to framework briefing, APO
Domain regulating to planning framework, BAI Domain building to framework implementation, DSS
Domain serving user services, and MEA Domain providing performance evaluation of framework [4].
COBIT can measure the balance of information technology with business objectives to create the
expected business alignment. COBIT is also a framework recommendation based on SOE Ministerial
Regulation No. PER-03/MBU/02/2018 [5]. It is of utmost urgency that KOMINFO undergoes an
assessment with the latest COBIT audit framework, COBIT 2019, as it has never been assessed with
it.
With the design of IT governance, it is expected to help find out what design factors affect
governance in the company. Therefore, this research aims a to identify the capability level on the ITG
design at Bitung City’s KOMINFO, by using the 2019 COBIT framework. COBIT 2019 can result in a
structured governance system to see the management and important priorities in the company in
maximizing IT. Thus, the research question would be “What is the COBIT 2019 capability level does
the KOMINFO of Bitung City has?” and this research is about to answer it.
2. Literature Review
Information Technology Governance
Information Technology (IT) governance is an obligation of executive management managers in
implementing the IT strategies monitoring and implementation to maintain alignment between IT and
business processes, matrix introduction to determine the value of IT and manage IT risks maximally.
IT governance can provide the right solution for organizations, such as government organizations and
specialized companies, in developing IT investments and implementation and equalizing the risks [6].
In addition, IT governance is responsible for ensuring that the various resources owned by the company
or organization have been utilized as well as possible to get competitive opportunities and flexibility. In
other words, IT governance leverages the principles that exist in the organization for IT units [7].
COBIT 2019
COBIT 2019 (Control Objective for Information and related Technology) is the most recent version
of COBIT, created and published by ISACA, which contains guidelines on IT governance and corporate
IT management following the needs of each company, in which there are 40 core objectives divided
between governance and management referred to as the Cobit Core Model [8]. There are five domains
in the Cobit Core Model with two main principles: governance contains Evaluate Direct Monitor (EDM)
domain, which purpose is to evaluate, direct, and monitor organizational strategies achievement.
Meanwhile, management contains domains: Align Plan and Organize (APO), which purpose is to discuss
all matters concerning the organization, strategies, and supporting activities for IT, and Build Acquire
and Implementation (BAI), which purpose is to interpret, acquire, and implement IT solutions, also
Deliver Service and Support (DSS), which purpose is to discuss operational matters, support for IT
Identification of IT Governance Capability Level of COBIT 2019
at The KOMINFO City of Bitung, North Sulawesi
3
services and security, then lastly Evaluate and Assess Monitor (MEA), which purpose is to monitor the
performance and match of IT with the internal control objectives, internal performance targets and
external requirements. In each domain in COBIT 2019, there is a process in it called objective [9].
3. Research Methodology
Figure 1 Research Methodology
We use the methodology provided by COBIT 2019, namely the 2019 COBIT Governance System
Design Workflow [5]. The steps are as follows:
1. Identification of Issues
In this stage, IT Governance was evaluated at the Bitung City Department of KOMINFO, where
the results were not properly and well implemented, as well as infrastructure support which mostly still
relies on internal sources that make the IT governance performance less optimal.
2. Literature Studies
This literature study stage is to review what parts of this study are needed, in this case, making
or searching for what is needed to be used in the study and searching from several research sources
related to similar cases that have been made. The development that has been made can help the group
do this task so that it can be completed properly.
3. Understanding the Corporate Context and Strategy
In this stage, which uses the Governance System Design Workflow in COBIT 2019, a context
determination is conducted to understand more clearly what the company will do to see what risks can
be accepted.
4. Data Gathering for IT Governance System
IT Governance-related data gathered through interview with stakeholders which will contribute to
the IT Governance System of COBIT 2019
Jurnal TeIKa, Volume 13, Nomor 1, April 2023
4
5. Analyze results from the Design Factor
This stage is to analyze and determine the results from the ten design factors set by COBIT 2019.
This process is done to identify an organization's required parts to see what is required in the company.
The result will show which COBIT 2019 core models are acknowledged as priority and which are not.
This measurement is shown as ability level.
COBIT 2019 defines four levels of ability that represent the level of capability maturity of an
organization in terms of the effective implementation of governance and management practices. The
four levels of ability are:
• Level 1: Initial - Ad hoc and unstructured practices with no formalized processes in place.
• Level 2: Managed - Processes are established and managed, but they may not be well-
documented or consistently applied across the organization.
• Level 3: Established - Processes are well-defined, documented, and consistently applied across
the organization.
• Level 4: Optimized - Processes are continually improved and optimized to achieve
organizational goals and objectives.
These levels are designed to help organizations assess their current maturity level and identify
areas where they need to improve their governance and management practices. By implementing the
practices outlined in COBIT 2019, organizations can move up the levels of ability and improve their
overall effectiveness in achieving their goals and objectives.
6. Concluding the Governance System Design
From each stage, this final stage will connect all the inputs and considerations from everything
made at the previous stage until, finally, conclusions can be drawn from all the system's methods in
governance. The conclusion of the managed part results in a system design that can be managed and
adapted by the company system.
4. Results and Analysis
Corporate Strategy
Here is a graph from Design Factor 1 on the Importance of Each Enterprise Strategy Archetype
Figure 2 Assessment of Corporate Strategy Design Factor
For the main and second priorities value of the company strategy, in this case, the Bitung City
Department of KOMINFO is the Client Service/Stability with importance 5 because the Bitung City
Department of KOMINFO, which acts as a government agency, is more focused on public services to
provide stable services to the people of Bitung City, therefore becomes their priority. While Cost
Identification of IT Governance Capability Level of COBIT 2019
at The KOMINFO City of Bitung, North Sulawesi
5
Leadership with important 4 is the second priority because the Bitung City Department of KOMINFO, in
addition to focusing on public services, also focuses on saving costs or utilizing existing budgets as
effectively and efficiently as possible. Growth/Acquisition has an importance of 1 because it is different
from companies that focus on Money Oriented. The Bitung City Department of KOMINFO focuses on
the public services of the Bitung City community. Furthermore, finally, Innovation/Differentiation has
importance 1, because the Bitung City Department of KOMINFO is more mobile in the field of followers
or will only apply new technology when the technology is stable, different from innovators who
implement a new thing without following other parties.
Target of the Company
According to COBIT 2019, the company target is divided into four perspectives: financial,
customer, internal, and growth. The assessment of the targets of the government agency of the Bitung
City Department of KOMINFO is as follows:
Figure 3 Assessment of Design Factor for Corporate Purpose
The objective value of the Bitung City Department of KOMINFO in the financial perspective is for
EG01 —Portfolio of competitive products and services is worth 3 because the Bitung City Department
of KOMINFO is part of the government that focuses on community service, regarding products and
3
3
5
4
5
5
5
4
4
5
4
4
4
EG01—Portfolio of competitive products and
services
EG02—Managed business risk
EG03—Compliance with external laws and
regulations
EG04—Quality of financial information
EG05—Customer-oriented service culture
EG06—Business-service continuity and availability
EG07—Quality of management information
EG08—Optimization of internal business process
functionality
EG09—Optimization of business process costs
EG10—Staff skills, motivation and productivity
EG11—Compliance with internal policies
EG12—Managed digital transformation programs
EG13—Product and business innovation
Design Factor 2 Enterprise Goals (Input)
Jurnal TeIKa, Volume 13, Nomor 1, April 2023
6
services only focus so that the public can accept applications, EG02 —Managed business risk is worth
3 because there are no unmanaged risks because all risks must be resolved, EG03 —Compliance with
external laws and regulations is worth 5 because compliance with the law is mandatory, especially in
government agencies, EG04 —Quality of financial information is 5 because for openness about finance
to the community this is very important to be done by government agencies such as the Bitung City
Department of KOMINFO.
The goal value of the Bitung City Department of KOMINFO in the customer perspective is for EG05
- Customer-oriented service culture is worth 5 because the Bitung City Department of KOMINFO does
focus on community services, EG06 - Business-service continuity and availability is worth 5 because
this is very important for the Bitung City Department of KOMINFO, EG07 —Quality of management
information is worth 5. After all, it is very important given the amount of data in the Bitung City
Department of KOMINFO.
The goal value of the Bitung City Department of KOMINFO in the Internal perspective is EG08 —
Optimization of internal business process functionality is worth 5 because the optimization, especially
in the IT sector, is very important, EG09 —Optimization of business process costs is worth 4 because
this year the cost issue is an important thing from previous years due to the procurement of servers
and others to support the direction from the Mayor to make Bitung City Digital, EG10 —Staff skills,
motivation, and productivity are worth 4 because this is important given that the Bitung City Department
of KOMINFO focuses on community services, EG11 —Compliance with internal policies is worth 4
because for compliance, moreover, in the IT sector, it must comply with the regulations in the agency.
The value for the Bitung City Department of KOMINFO in the growth perspective is EG12 —
Managed digital transformation programs worth 4 because digital transformation is the highest thing
for the Bitung City Department of KOMINFO, and finally for EG13 —Product and business innovation
worth 4 because this is important, especially for government agencies such as the Bitung City
Department of KOMINFO.
Risk Profile
Design factor 3 is the next stage to identify the risks owned by the Bitung City Department of
KOMINFO, North Sulawesi. The assessment conducted is based on the level of impact (impact) resulting
from the risk, if the risk occurs with the level of impact assessment as follows: 1 = very low (very low),
2 = low (low), 3 = medium (medium), 4 = high (high), 5 = very high (very high). And to assess the
level of risk occurrence, the risk likelihood assessment is used as follows: 1 = rare (1% - 20% occur),
2 = unlikely (21% - 40% occur). 3 = possible (41% - 60% occur), 4 = likely (61% - 80% occur) and
5 = almost (81% - 100% occur). The assessment of the risk profile of the government agency of the
Department of Communication and Information Technology is as follows:
In the risk scenario category, IT investment decision making, portfolio definition & maintenance
at the Bitung City Department of KOMINFO has a risk rating of 10 with an impact of 5 for the smooth
running of the company and the likelihood of this risk scenario is 2 because it has happened. Programs
& projects life cycle management has a risk rating of 2 with an impact of 2 and a likelihood of 1 because
KOMINFO still does not use I&T. IT cost & oversight at the Bitung City Department of KOMINFO has
a risk rating of 15 with an impact of 5 and the likelihood of this risk scenario is 3, because an error in
IT investment at the Bitung City Department of KOMINFO will affect the company's performance. IT
expertise, skills & behavior has a risk rating of 20, with an impact of 5, and the likelihood of this risk
scenario is 4 because, in the Bitung City Department of KOMINFO itself, there is a need for a division
of work that does not only depend on one person. Enterprise/IT architecture has a risk rating of 25
with an impact of 5 and the likelihood of a risk scenario of 5 because if there is a failure in adopting
and exploiting a new program, the Bitung City Department of KOMINFO cannot do anything and also
suffer losses because it cannot use it. IT operational infrastructure incidents have a risk rating of 25
with an impact of 5, and the likelihood of this risk scenario is 5 because if there is accidental damage
to IT equipment, IT staff errors in performing system maintenance, updating the system, and errors in
entering information conducted by IT staff and other matters related to IT infrastructure, it will hinder
the performance of the Bitung City Department of KOMINFO. Unauthorized actions have a risk rating
of 10 with the impact of the risk scenario of 5, and the likelihood of this risk rating is 2 because of
software damage or modifications and manipulation of software and data in the Bitung City Department
Identification of IT Governance Capability Level of COBIT 2019
at The KOMINFO City of Bitung, North Sulawesi
7
of KOMINFO by the irresponsible party, it can make the performance of the Bitung City Department of
KOMINFO messy or irregular.
Figure 4 Risk Profile Factor Design Assessment
Software adoption/use problems have a risk rating of 15 with an impact of 5, and the likelihood of
this risk scenario is 3 because if the user does not use the software properly, then the objectives of the
Bitung City Department of KOMINFO will not be achieved. Hardware incidents have a risk rating of 10
with an impact of 5, and the likelihood of this risk scenario is 2 because if in the Bitung City Department
of KOMINFO there is a failure of the hardware used can stop all operations from the Bitung City
Department of KOMINFO, but the possibility of happening is not too frequent. Software failures have a
risk rating of 6 with an impact of 3, and the likelihood of this risk scenario is 2 because the Bitung City
Department of KOMINFO will immediately replace the software with the backup they have. Logical
attacks (hacking, malware, and others) have a risk rating of 25 with an impact of 5, and the likelihood
of this risk scenario is 5 because cyberattacks can threaten confidential data important to KOMINFO
and occur almost every day.
Third-party/supplier incidents have a risk rating of 1 with an impact of 1, and the likelihood of this
risk scenario is 1 because the Bitung City Department of KOMINFO does not use cloud services and is
not recommended to use cloud services. Non-compliance has a risk rating of 3 with an impact of 1 and
a likelihood of risk scenario of 3 because the regulations made by the Bitung City Department of
KOMINFO internal have been adjusted to the operation of the Bitung City Department of KOMINFO.
Geopolitical issues have a risk rating of 4 with an impact of 4, and the likelihood of this risk scenario is
1 because, with the intervention of the government or national policy, it may not be following the policy
of the Bitung City Department of KOMINFO. However, there is no possibility that this will happen yet.
Industrial action has a risk rating of 5 with an impact of 5, and the likelihood of this risk scenario is 1
because if this scenario occurs at the Bitung City Department of KOMINFO, operational activities will
be completely stopped. However, there is no possibility that this will happen yet. Acts of nature have a
risk rating of 5 with an impact of 5, and the likelihood of this risk scenario is 1 because natural disasters
can damage the important operating system of the Ministry of Communication and Information
Technology, but this is rarely the case at the Bitung City Department of KOMINFO.
Technology-based innovation has a risk rating of 3 with an impact of 3, and the likelihood of this
risk scenario is 1 because the Bitung City Department of KOMINFO does not have to update its
Jurnal TeIKa, Volume 13, Nomor 1, April 2023
8
technology to the latest has never happened at the Bitung City Department of KOMINFO. Environmental
has a risk rating of 5 with an impact of 1 and a likelihood of risk scenario of 5 because the Bitung City
Department of KOMINFO has prepared backup hardware or backup power to overcome this. Data and
information management has a risk rating of 5 with an impact of 5, and the likelihood of this risk
scenario is 1 because irresponsible parties can misuse sensitive data leaks in the Bitung City Department
of KOMINFO.
Issues Related to Technology and Information
Here is a graph from Design Factor 4 on the Importance of Each Generic IT-Related Issue (Figure
5):
Figure 5 Assessment of Design Factor Problems Related to Technology and Information
For the first input of Design Factor 4 regarding the Company, there is an issue of dissatisfaction
among various IT departments in the company because of a common sense of contribution to business
value, which has importance 3, which is a serious issue. Furthermore, there is an issue of dissatisfaction
between the Business department and the IT department because of a failed business or low
Identification of IT Governance Capability Level of COBIT 2019
at The KOMINFO City of Bitung, North Sulawesi
9
contribution to business value, which has importance 2, namely, there is an issue. Furthermore, in the
company, there are issues regarding significant IT-related incidents, such as data loss, security
breaches, project failures, application errors, and others, which have importance 2; namely, there are
issues. Furthermore, in the company, there is an issue of service delivery problems by IT outsourcing,
which has an importance of 1, i.e., there is no issue. Furthermore, there is an issue of failure to meet
regulatory or contractual requirements related to IT, having importance 2; namely, there is an issue.
Furthermore, in the company, there is an issue with regular audit reports regarding the assessment
of poor IT performance or reported problems, having importance 2; namely, there is an issue.
Furthermore, in the company, there are hidden and fraudulent IT expenditures, such as IT expenditures
in user departments that are out of control and not following the approved budget, having importance
of 1, i.e., there are no issues. Furthermore, in the company, there are issues regarding overlap between
existing ideas and the waste of resources; because of this, it has importance 3, which is a serious issue.
Furthermore, there are issues regarding the insufficient IT resources or the lack of skills of existing IT
employees, having importance 3, namely serious issues. Furthermore, in the company, there are issues
regarding projects that support IT often failing to meet the company's business needs, or the project
is often late and exceeds the specified budget, which has importance 1, which is no issue.
Furthermore, there are issues regarding the lack of involvement of company executive members
or senior management with IT, having importance of 1, i.e., there are no issues. Furthermore, in the
company, there are issues regarding complex IT models, so it is unclear whether decisions related to
IT have importance 2; namely, there are issues. Furthermore, there are issues regarding IT costs that
are too high, having importance 2; namely, there are issues. Furthermore, in the company, there are
issues regarding inhibition or failure of innovation caused by the current IT system architecture that is
not supportive, has importance 3, which is a serious issue. Furthermore, in the company, there is an
issue of the gap between business and IT, which causes business users and specialists in IT to have
different communication and not understanding, having importance 2; namely, there is an issue.
Furthermore, there are issues with data quality and integration in various sources, which have 3
serious issues. Furthermore, there are issues in the company regarding the lack of supervision and
quality control of existing applications; in this case, applications being developed/used have an
importance of 1, i.e., there are no issues. Furthermore, in the company, there are issues regarding
business departments that apply their information with little or even no involvement from the IT
department, which has 3 serious issues. Furthermore, in the company, there is an issue of ignorance
and non-compliance with security and privacy regulations, which has importance 1, i.e., there is no
issue. Furthermore, finally, in the company, there is an issue of inability to use/utilize new technology
or innovate using Information & Technology (I&T), which has importance 2; namely, there is an issue.
Threat Landscape
In this Design Factor, there are 2 categories: high and normal. The Bitung City Department of
KOMINFO has 0% at high and 100% at normal because the BitungCity Department of KOMINFO can
prevent and control existing threats, so it operates at a normal threat level. Here is a graph from Design
Factor 5 on the Importance of Threat Landscape (Figure 6):
Jurnal TeIKa, Volume 13, Nomor 1, April 2023
10
Figure 6 Threat Landscape Factor Design Assessment
Compliance Needs
Here is a graph from Design Factor 6 on the Importance of Compliance Requirements:
Figure 7 Design Factor Assessment of Compliance Needs
In this Design Factor, there are 2 categories: high and normal. KOMINFO has a high of 100%
because the Bitung City Department of KOMINFO, as a government agency, must follow the
government's regulations. Therefore, the level of compliance from the Bitung City Department of
KOMINFO is very high.
Role of Information Technology
Here is a graph from Design Factor 7 on the Importance of the Role of IT:
Figure 8 Assessment of Design Factor Role of Information Technology
This Design Factor has 4 categories of IT roles: support, factory, turnaround, and strategic. The
Bitung City Department of KOMINFO has an important strategic role because it can help run and
innovate in the process of providing information in addition to all matters related to IT that the Bitung
City Department of KOMINFO handles. Meanwhile, the second category that plays an important role is
the factory because when IT fails, it will directly impact the operational activities of the Bitung City
Department of KOMINFO.
Information Technology Resource Model
Here is a graph from Design Factor 8 on the Importance of the Sourcing Model for IT:
1
4
2
5
0 1 2 3 4 5
Support
Factory
Turnaround
Strategic
Design Factor 7 Role of IT (Input)
Identification of IT Governance Capability Level of COBIT 2019
at The KOMINFO City of Bitung, North Sulawesi
11
Figure 9 Assessment of Design Factor Information Technology Source Model
This Design Factor has 3 categories of IT resources: outsourcing, cloud, and insourced. The Bitung
City Department of KOMINFO has an insourced of 100% by the Bitung City Department of KOMINFO
does not use third parties as IT resources and prefers to store its data to prevent important data from
being leaked.
Information Technology Implementation Methods
Here is a graph from Design Factor 9 on the Importance of IT Implementation Methods:
Figure 10 Assessment of Design Factor Information Technology Implementation Model
In this Design Factor, there are 3 categories of IT implementation methods: agile, DevOps, and
traditional. The Bitung City Department of KOMINFO has an agile of 100% because the Bitung City
Department of KOMINFO uses agile as a method for developing applications, and if errors occur, they
can still be corrected or reworked.
Information Technology Adoption Strategy
Here is a graph from Design Factor 10 on the Importance of Technology Adoption Strategy:
Jurnal TeIKa, Volume 13, Nomor 1, April 2023
12
Figure 11 Assessment of Design Factor for Information Technology Adoption Strategy
In this Design Factor, there are 3 strategies to adopt new technologies: first mover, follower, and
slow adopter. The Bitung City Department of KOMINFO has a follower of 90% because the Bitung City
Department of KOMINFO focuses on companies with technology that is easy to use and widely used.
When the technology has stabilized, the Bitung City Department of KOMINFO will implement the new
technology. The latter is as slow as 10% because of existing regulations or regulations. The Bitung City
Department of KOMINFO is sometimes late in adopting new technology.
Company size
This Design Factor aims to see the size of the company based on the number of employees working
for the company or, in this case, a government agency, namely the Ministry of Communication and
Information Technology (KOMINFO) of Bitung City. Concerning this Design Factor, data was obtained
from the head of the IT Department staff related to the information of employees working at the Bitung
City KOMINFO agency.
Table 1 Design Factor 11 (Enterprise Size)
No.
Industry:
Suitable Options
1.
Large
(Companies with more than 250 full time
employees)
2.
Small & Medium
(Companies with 50 to 250 employees)
ü
Based on the results of the data obtained conducted with the head of the IT Department staff that
the agency of the Ministry of Communication and Information Technology (KOMINFO) of Bitung City
has a company with several 50 to 250 employees, including approximately 30 Heads of Office, Civil
servants, up to the Freelance Daily Worker (THL). Thus, Table 4.11 shows companies of the Small &
Medium type
Identification of IT Governance Capability Level of COBIT 2019
at The KOMINFO City of Bitung, North Sulawesi
13
4.12 Results of Information Technology Governance Design
Figure 12 Results of Information Technology Governance Design
The results of the ten Design Factors described above are in the form of a core model with a
priority level and capabilities suggested by COBIT 2019. The target of information technology
governance that gets a priority value of 75 or more will get an ability value of 4, which gets a priority
value of 50 or more will get an ability value of 4. Those who get a priority value of 25 or more will get
an ability value of 2, and those who get a priority value of 25 or less will get an ability value of 1.
The Figure 12 and Table 2 shows the result of the Design Factor of information technology
governance that have been obtained.
Table 2 Results of IT Governance Capability
Core Model
Priorities
Proficiency Level
Suggestions
EDM01—Ensured Governance Framework Setting & Maintenance
0
1
EDM02—Ensured Benefits Delivery
0
1
Jurnal TeIKa, Volume 13, Nomor 1, April 2023
14
EDM03—Ensured Risk Optimization
15
1
EDM04—Ensured Resource Optimization
20
1
EDM05—Ensured Stakeholder Engagement
0
1
APO01—Managed I&T Management Framework
0
1
APO02—Managed Strategy
-15
1
APO03—Managed Enterprise Architecture
-40
1
APO04—Managed Innovation
-20
1
APO05—Managed Portfolio
-10
1
APO06—Managed Budget & Costs
0
1
APO07—Managed Human Resources
-25
1
APO08—Managed Relationships
25
2
APO09—Managed Service Agreements
-20
1
APO10—Managed Vendors
-35
1
APO11—Managed Quality
-15
1
APO12—Managed Risk
35
2
APO13—Managed Security
40
2
APO14—Managed Data
0
1
BAI01—Managed Programs
35
2
BAI02—Managed Requirements Definition
100
4
BAI03—Managed Solutions Identification & Build
100
4
BAI04—Managed Availability & Capacity
-40
1
BAI05—Managed Organizational Change
50
3
BAI06—Managed IT Changes
70
3
BAI07—Managed IT Change Acceptance and Transitioning
55
2
BAI08—Managed Knowledge
15
2
BAI09—Managed Assets
35
2
BAI10—Managed Configuration
35
2
BAI11—Managed Projects
0
1
DSS01—Managed Operations
40
2
DSS02—Managed Service Requests & Incidents
35
2
DSS03—Managed Problems
35
2
DSS04—Managed Continuity
40
2
DSS05—Managed Security Services
55
3
DSS06—Managed Business Process Controls
5
1
MEA01—Managed Performance and Conformance Monitoring
-35
1
MEA02—Managed System of Internal Control
-10
1
MEA03—Managed Compliance with External Requirements
20
1
MEA04—Managed Assurance
10
1
5. Conclusions
After conducting the research, the governance system design for the Government Agency
Department of the Ministry of Communication and Information Technology of Bitung City has been
obtained. Twenty-four core models are recommended to have an ability level of 1, including EDM01,
EDM02, EDM03, EDM04, EDM05, APO01, APO02, APO03, APO04, APO05, APO06, APO07, APO09,
APO10, APO11, APO14, BAI04, BAI08, BAI11, DSS06, MEA01, MEA02, MEA03, and MEA04. 11 core
Identification of IT Governance Capability Level of COBIT 2019
at The KOMINFO City of Bitung, North Sulawesi
15
models are recommended to have an ability level of 2 including APO08, APO12, APO13, BAI01, BAI07,
BAI09, BAI10, DSS01, DSS02, DSS03, and DSS04. 3 core models are recommended to have an ability
level of 3, including BAI05, BAI05, and DSS05. 2 core models are recommended to have an ability level
of 4, namely BAI02 and BAI03. This research was only until designing the governance system, and the
evaluation process was not conducted on the process or core model in COBIT 2019.
The ability levels assigned to each core model are intended to reflect the maturity level of the
processes associated with each model. The 24 core models recommended to have an ability level of 1
are likely to represent the basic foundational processes that should be established before moving up to
higher levels of maturity. The 11 core models recommended to have an ability level of 2 are likely to
represent processes that have been established and are being managed but may still require further
improvement. The 3 core models recommended to have an ability level of 3 are likely to represent
processes that are well-defined, documented, and consistently applied across the organization. Finally,
the 2 core models recommended to have an ability level of 4 are likely to represent processes that are
continually being improved and optimized to achieve organizational goals and objectives. It is important
to note that the evaluation process was only conducted on the design of the governance system and
not on the individual processes or core models, which may require further evaluation to determine their
actual ability levels.
6. References
[1] I. A. Huda, “Perkembangan Teknologi Informasi dan Komunikasi (TIK) Terhadap Kualitas
Pembelajaran Di Sekolah Dasar”,
Jurnal Pendidikan dan Konseling
, vol. 2, no. 1, pp. 121-125, April
2020.
[2] A. W. N. Putra, A. Sunyoto, and A. Nasiri, “Perencanaan Audit Tata Kelola Teknologi Informasi
Laboratorium Kalibrasi Menggunakan COBIT 2019 (Studi Kasus: Laboratorium Kalibrasi BSML
Regional II),”
Jurnal Fisikom
, vol. 10, no. 3, pp. 7, 241-247, 2020.
[3] Kementerian Komunikasi dan Informatika, “Profil,” Kementerian Komunikasi Dan Informatika
Republik Indonesia, 2021. Accessed on: Nov 24, 2021. Available: https://www.kominfo.go.id/profil
[4] U. F. Khusniah, L. Abdurrahman, and I. Santosa, “Analisis Dan Perancangan Tata Kelola Teknologi
Informasi BUMN Pada Proses Penetapan Peran Dan Perencanaan Teknologi Informasi
Menggunakan Kerangka Kerja COBIT 2019 [STUDI KASUS : PT POS Indonesia (Persero)],”
eProceedings of Engineering
, vol. 7, no.2, Aug. 2020
[5] N. Aristawidya, A. Amalia, and I. Santosa, “Analisis Dan Perancangan Tata Kelola Teknologi
Informasi BUMN Pada Proses Monitor Dan Evaluasi Pengendalian Internal Serta Pengelolaan
Compliance External Regulation Menggunakan COBIT 2019 [Studi Kasus: PT Nindya Karya
(Persero)],”
eProceedings of Engineering
, vol. 7, no.2, pp. 19, Dec 2019
[6] N. F. Najwa and T. D. Susanto, “Kajian dan Peluang Penelitian Tata Kelola Teknologi Informasi:
Ulasan Literatur”,
JTIIK
, vol. 5, no. 5, pp. 517, Oct. 2018, doi: 10.25126/jtiik.201855827.
[7] “Audit Tata Kelola Teknologi Informasi Pada Perguruan Tinggi Menggunakan Cobit 5 Fokus Proses
Pelayanan”,
jikstik
, vol. 19, no. 1, Mar. 2020, doi: 10.32409/jikstik.19.1.162.
[8] B. Sarifah, R. Fauzi, and I. Santosa, “Analisis Dan Perancangan Proses Manajemen Sistem Kontrol
Internal TI Menggunakan Kerangka Kerja COBIT 2019 di PT INTI (PERSERO)”,
eProceedings of
Engineering
, vol 7, no. 2, Aug. 2020
[9] M. A. Aditya, R. D. Mulyana, and A. Mulyawan, “Perbandingan COBIT 2019 dan ITIL V4 Sebagai
Panduan Tata Kelola Teknologi Management IT”,
Jurnal Computech& Bisnis
, vol. 2019, no.2, pp.
100-105, Dec. 2019