ArticlePDF Available

Identification of IT Governance Capability Level of COBIT 2019 at The KOMINFO City of Bitung, North Sulawesi

Authors:

Abstract and Figures

Effective information technology governance (ITG) is vital for managing risks and ensuring proper oversight of IT in government organizations and enterprises. However, many organizations struggle with implementing effective ITG strategies, resulting in a higher likelihood of cybersecurity breaches, operational inefficiencies, and financial losses. This study addresses the urgency of improving ITG by assessing the capability level of ITG within the Ministry of Communication and Information Technology (KOMINFO) in Bitung, North Sulawesi, using the widely recognized COBIT 2019 framework. By conducting interviews with key IT personnel, the study quantifies the capability level of eleven core models and highlights areas that require improvement. The results underscore the critical importance of designing and implementing effective IT governance to mitigate risks and enhance IT oversight in government organizations and enterprises. The study's findings can serve as a foundation for future efforts to improve IT governance in KOMINFO and other organizations, ultimately contributing to a safer and more secure IT environment.
Content may be subject to copyright.
1
Identification of IT Governance Capability Level of COBIT
2019 at The KOMINFO City of Bitung, North Sulawesi
Cherry Lumingkewas1, Joe Yuan Mambu*2, Andria K. Wahyudi3
1Fakultas Ekonomi dan Bisnis, Universitas Klabat
23Fakultas Ilmu Komputer, Universitas Klabat
e-mail:1cherry@unklab.ac.id, *2joeyuan.mambu@unklab.ac.id, 3andriawahyudi@unklab.ac.id
Abstract
Effective information technology governance (ITG) is vital for managing risks and ensuring proper
oversight of IT in government organizations and enterprises. However, many organizations struggle
with implementing effective ITG strategies, resulting in a higher likelihood of cybersecurity breaches,
operational inefficiencies, and financial losses. This study addresses the urgency of improving ITG by
assessing the capability level of ITG within the Ministry of Communication and Information Technology
(KOMINFO) in Bitung, North Sulawesi, using the widely recognized COBIT 2019 framework. By
conducting interviews with key IT personnel, the study quantifies the capability level of eleven core
models and highlights areas that require improvement. The results underscore the critical importance
of designing and implementing effective IT governance to mitigate risks and enhance IT oversight in
government organizations and enterprises. The study's findings can serve as a foundation for future
efforts to improve IT governance in KOMINFO and other organizations, ultimately contributing to a
safer and more secure IT environment.
Keywords: IT Governance, IT Audit, COBIT 2019, Capability Level
Identifikasi Tingkat Kapabilitas Tata Kelola TI Menggunakan
COBIT 2019 Pada KOMINFO Kota Bitung Sulawesi Utara
Abstrak
Governance teknologi informasi (TI) yang efektif sangat penting untuk mengelola risiko dan
memastikan pengawasan TI yang tepat di organisasi pemerintah dan perusahaan. Namun, banyak
organisasi kesulitan mengimplementasikan strategi governance TI yang efektif, yang dapat
menyebabkan peluang terjadinya pelanggaran keamanan siber, ketidakefisienan operasional, dan
kerugian keuangan yang lebih tinggi. Studi ini mengatasi urgensi peningkatan governance TI dengan
menilai tingkat kemampuan governance TI di Kementerian Komunikasi dan Informatika (KOMINFO) di
Bitung, Sulawesi Utara, menggunakan kerangka kerja COBIT 2019 yang diakui secara luas. Dengan
melakukan wawancara dengan personel TI utama, studi ini mengukur tingkat kemampuan sebelas
model inti dan menyoroti area yang perlu ditingkatkan. Hasil penelitian menekankan pentingnya
merancang dan menerapkan governance TI yang efektif untuk mengurangi risiko dan meningkatkan
pengawasan TI di organisasi pemerintah dan perusahaan. Temuan studi ini dapat menjadi dasar untuk
upaya peningkatan governance TI di KOMINFO dan organisasi lainnya, yang pada akhirnya akan
berkontribusi pada lingkungan TI yang lebih aman dan terlindungi.
Kata kunci: Tata Kelola IT, Audit IT, COBIT 2019, Capability Level
1. Introduction
Information Technology Governance, or IT Governance, is important in monitoring or managing
information technology and the risks in a company and even agencies. Without good governance in a
company, it will not be easy to see how high the performance of IT implementation is a company. To
achieve the vision and mission of the company, the company requires IT Governance that can increase
Jurnal TeIKa, Volume 13, Nomor 1, April 2023
2
maximum profits [2]. The problem of Information Technology Governance is the responsibility of
companies and government agencies such as the Ministry of Communication and Information
Technology (KOMINFO).
The KOMINFO is part of the national ministry of the Indonesian government. Public services for
communication and information technology in the community are managed and administered by
KOMINFO. It makes KOMINFO an important agency in the continuity of the service process to the local
community. Tasks and functions that are part of the KOMINFO to organize government affairs in terms
of helping to provide data collection related to information from the public to the government include
several things, namely, the policies formulation and determination and policies in the resource
management and guidance field and providing administrative support within the KOMINFO and others
[3]. The KOMINFO has many duties and responsibilities in supporting services for the community. To
help it, they need to structure good technology and system governance so that services can be
conducted properly.
IT Governance can be done with various frameworks, including COBIT (Control Objective for
Information and related Technology). COBIT is an IT governance framework intended for management,
staff, the IT department, to business people to ensure the confidentiality and availability of company
data integrity; that has five scopes: EDM Domain regulating evaluation to framework briefing, APO
Domain regulating to planning framework, BAI Domain building to framework implementation, DSS
Domain serving user services, and MEA Domain providing performance evaluation of framework [4].
COBIT can measure the balance of information technology with business objectives to create the
expected business alignment. COBIT is also a framework recommendation based on SOE Ministerial
Regulation No. PER-03/MBU/02/2018 [5]. It is of utmost urgency that KOMINFO undergoes an
assessment with the latest COBIT audit framework, COBIT 2019, as it has never been assessed with
it.
With the design of IT governance, it is expected to help find out what design factors affect
governance in the company. Therefore, this research aims a to identify the capability level on the ITG
design at Bitung City’s KOMINFO, by using the 2019 COBIT framework. COBIT 2019 can result in a
structured governance system to see the management and important priorities in the company in
maximizing IT. Thus, the research question would be “What is the COBIT 2019 capability level does
the KOMINFO of Bitung City has?” and this research is about to answer it.
2. Literature Review
Information Technology Governance
Information Technology (IT) governance is an obligation of executive management managers in
implementing the IT strategies monitoring and implementation to maintain alignment between IT and
business processes, matrix introduction to determine the value of IT and manage IT risks maximally.
IT governance can provide the right solution for organizations, such as government organizations and
specialized companies, in developing IT investments and implementation and equalizing the risks [6].
In addition, IT governance is responsible for ensuring that the various resources owned by the company
or organization have been utilized as well as possible to get competitive opportunities and flexibility. In
other words, IT governance leverages the principles that exist in the organization for IT units [7].
COBIT 2019
COBIT 2019 (Control Objective for Information and related Technology) is the most recent version
of COBIT, created and published by ISACA, which contains guidelines on IT governance and corporate
IT management following the needs of each company, in which there are 40 core objectives divided
between governance and management referred to as the Cobit Core Model [8]. There are five domains
in the Cobit Core Model with two main principles: governance contains Evaluate Direct Monitor (EDM)
domain, which purpose is to evaluate, direct, and monitor organizational strategies achievement.
Meanwhile, management contains domains: Align Plan and Organize (APO), which purpose is to discuss
all matters concerning the organization, strategies, and supporting activities for IT, and Build Acquire
and Implementation (BAI), which purpose is to interpret, acquire, and implement IT solutions, also
Deliver Service and Support (DSS), which purpose is to discuss operational matters, support for IT
Identification of IT Governance Capability Level of COBIT 2019
at The KOMINFO City of Bitung, North Sulawesi
3
services and security, then lastly Evaluate and Assess Monitor (MEA), which purpose is to monitor the
performance and match of IT with the internal control objectives, internal performance targets and
external requirements. In each domain in COBIT 2019, there is a process in it called objective [9].
3. Research Methodology
Figure 1 Research Methodology
We use the methodology provided by COBIT 2019, namely the 2019 COBIT Governance System
Design Workflow [5]. The steps are as follows:
1. Identification of Issues
In this stage, IT Governance was evaluated at the Bitung City Department of KOMINFO, where
the results were not properly and well implemented, as well as infrastructure support which mostly still
relies on internal sources that make the IT governance performance less optimal.
2. Literature Studies
This literature study stage is to review what parts of this study are needed, in this case, making
or searching for what is needed to be used in the study and searching from several research sources
related to similar cases that have been made. The development that has been made can help the group
do this task so that it can be completed properly.
3. Understanding the Corporate Context and Strategy
In this stage, which uses the Governance System Design Workflow in COBIT 2019, a context
determination is conducted to understand more clearly what the company will do to see what risks can
be accepted.
4. Data Gathering for IT Governance System
IT Governance-related data gathered through interview with stakeholders which will contribute to
the IT Governance System of COBIT 2019
Jurnal TeIKa, Volume 13, Nomor 1, April 2023
4
5. Analyze results from the Design Factor
This stage is to analyze and determine the results from the ten design factors set by COBIT 2019.
This process is done to identify an organization's required parts to see what is required in the company.
The result will show which COBIT 2019 core models are acknowledged as priority and which are not.
This measurement is shown as ability level.
COBIT 2019 defines four levels of ability that represent the level of capability maturity of an
organization in terms of the effective implementation of governance and management practices. The
four levels of ability are:
Level 1: Initial - Ad hoc and unstructured practices with no formalized processes in place.
Level 2: Managed - Processes are established and managed, but they may not be well-
documented or consistently applied across the organization.
Level 3: Established - Processes are well-defined, documented, and consistently applied across
the organization.
Level 4: Optimized - Processes are continually improved and optimized to achieve
organizational goals and objectives.
These levels are designed to help organizations assess their current maturity level and identify
areas where they need to improve their governance and management practices. By implementing the
practices outlined in COBIT 2019, organizations can move up the levels of ability and improve their
overall effectiveness in achieving their goals and objectives.
6. Concluding the Governance System Design
From each stage, this final stage will connect all the inputs and considerations from everything
made at the previous stage until, finally, conclusions can be drawn from all the system's methods in
governance. The conclusion of the managed part results in a system design that can be managed and
adapted by the company system.
4. Results and Analysis
Corporate Strategy
Here is a graph from Design Factor 1 on the Importance of Each Enterprise Strategy Archetype
Figure 2 Assessment of Corporate Strategy Design Factor
For the main and second priorities value of the company strategy, in this case, the Bitung City
Department of KOMINFO is the Client Service/Stability with importance 5 because the Bitung City
Department of KOMINFO, which acts as a government agency, is more focused on public services to
provide stable services to the people of Bitung City, therefore becomes their priority. While Cost
Identification of IT Governance Capability Level of COBIT 2019
at The KOMINFO City of Bitung, North Sulawesi
5
Leadership with important 4 is the second priority because the Bitung City Department of KOMINFO, in
addition to focusing on public services, also focuses on saving costs or utilizing existing budgets as
effectively and efficiently as possible. Growth/Acquisition has an importance of 1 because it is different
from companies that focus on Money Oriented. The Bitung City Department of KOMINFO focuses on
the public services of the Bitung City community. Furthermore, finally, Innovation/Differentiation has
importance 1, because the Bitung City Department of KOMINFO is more mobile in the field of followers
or will only apply new technology when the technology is stable, different from innovators who
implement a new thing without following other parties.
Target of the Company
According to COBIT 2019, the company target is divided into four perspectives: financial,
customer, internal, and growth. The assessment of the targets of the government agency of the Bitung
City Department of KOMINFO is as follows:
Figure 3 Assessment of Design Factor for Corporate Purpose
The objective value of the Bitung City Department of KOMINFO in the financial perspective is for
EG01 Portfolio of competitive products and services is worth 3 because the Bitung City Department
of KOMINFO is part of the government that focuses on community service, regarding products and
3
3
5
4
5
5
5
4
4
5
4
4
4
EG01Portfolio of competitive products and
services
EG02Managed business risk
EG03Compliance with external laws and
regulations
EG04Quality of financial information
EG05Customer-oriented service culture
EG06Business-service continuity and availability
EG07Quality of management information
EG08Optimization of internal business process
functionality
EG09Optimization of business process costs
EG10Staff skills, motivation and productivity
EG11Compliance with internal policies
EG12Managed digital transformation programs
EG13Product and business innovation
Design Factor 2 Enterprise Goals (Input)
Jurnal TeIKa, Volume 13, Nomor 1, April 2023
6
services only focus so that the public can accept applications, EG02 Managed business risk is worth
3 because there are no unmanaged risks because all risks must be resolved, EG03 —Compliance with
external laws and regulations is worth 5 because compliance with the law is mandatory, especially in
government agencies, EG04 Quality of financial information is 5 because for openness about finance
to the community this is very important to be done by government agencies such as the Bitung City
Department of KOMINFO.
The goal value of the Bitung City Department of KOMINFO in the customer perspective is for EG05
- Customer-oriented service culture is worth 5 because the Bitung City Department of KOMINFO does
focus on community services, EG06 - Business-service continuity and availability is worth 5 because
this is very important for the Bitung City Department of KOMINFO, EG07 Quality of management
information is worth 5. After all, it is very important given the amount of data in the Bitung City
Department of KOMINFO.
The goal value of the Bitung City Department of KOMINFO in the Internal perspective is EG08
Optimization of internal business process functionality is worth 5 because the optimization, especially
in the IT sector, is very important, EG09 Optimization of business process costs is worth 4 because
this year the cost issue is an important thing from previous years due to the procurement of servers
and others to support the direction from the Mayor to make Bitung City Digital, EG10 Staff skills,
motivation, and productivity are worth 4 because this is important given that the Bitung City Department
of KOMINFO focuses on community services, EG11 Compliance with internal policies is worth 4
because for compliance, moreover, in the IT sector, it must comply with the regulations in the agency.
The value for the Bitung City Department of KOMINFO in the growth perspective is EG12
Managed digital transformation programs worth 4 because digital transformation is the highest thing
for the Bitung City Department of KOMINFO, and finally for EG13 Product and business innovation
worth 4 because this is important, especially for government agencies such as the Bitung City
Department of KOMINFO.
Risk Profile
Design factor 3 is the next stage to identify the risks owned by the Bitung City Department of
KOMINFO, North Sulawesi. The assessment conducted is based on the level of impact (impact) resulting
from the risk, if the risk occurs with the level of impact assessment as follows: 1 = very low (very low),
2 = low (low), 3 = medium (medium), 4 = high (high), 5 = very high (very high). And to assess the
level of risk occurrence, the risk likelihood assessment is used as follows: 1 = rare (1% - 20% occur),
2 = unlikely (21% - 40% occur). 3 = possible (41% - 60% occur), 4 = likely (61% - 80% occur) and
5 = almost (81% - 100% occur). The assessment of the risk profile of the government agency of the
Department of Communication and Information Technology is as follows:
In the risk scenario category, IT investment decision making, portfolio definition & maintenance
at the Bitung City Department of KOMINFO has a risk rating of 10 with an impact of 5 for the smooth
running of the company and the likelihood of this risk scenario is 2 because it has happened. Programs
& projects life cycle management has a risk rating of 2 with an impact of 2 and a likelihood of 1 because
KOMINFO still does not use I&T. IT cost & oversight at the Bitung City Department of KOMINFO has
a risk rating of 15 with an impact of 5 and the likelihood of this risk scenario is 3, because an error in
IT investment at the Bitung City Department of KOMINFO will affect the company's performance. IT
expertise, skills & behavior has a risk rating of 20, with an impact of 5, and the likelihood of this risk
scenario is 4 because, in the Bitung City Department of KOMINFO itself, there is a need for a division
of work that does not only depend on one person. Enterprise/IT architecture has a risk rating of 25
with an impact of 5 and the likelihood of a risk scenario of 5 because if there is a failure in adopting
and exploiting a new program, the Bitung City Department of KOMINFO cannot do anything and also
suffer losses because it cannot use it. IT operational infrastructure incidents have a risk rating of 25
with an impact of 5, and the likelihood of this risk scenario is 5 because if there is accidental damage
to IT equipment, IT staff errors in performing system maintenance, updating the system, and errors in
entering information conducted by IT staff and other matters related to IT infrastructure, it will hinder
the performance of the Bitung City Department of KOMINFO. Unauthorized actions have a risk rating
of 10 with the impact of the risk scenario of 5, and the likelihood of this risk rating is 2 because of
software damage or modifications and manipulation of software and data in the Bitung City Department
Identification of IT Governance Capability Level of COBIT 2019
at The KOMINFO City of Bitung, North Sulawesi
7
of KOMINFO by the irresponsible party, it can make the performance of the Bitung City Department of
KOMINFO messy or irregular.
Figure 4 Risk Profile Factor Design Assessment
Software adoption/use problems have a risk rating of 15 with an impact of 5, and the likelihood of
this risk scenario is 3 because if the user does not use the software properly, then the objectives of the
Bitung City Department of KOMINFO will not be achieved. Hardware incidents have a risk rating of 10
with an impact of 5, and the likelihood of this risk scenario is 2 because if in the Bitung City Department
of KOMINFO there is a failure of the hardware used can stop all operations from the Bitung City
Department of KOMINFO, but the possibility of happening is not too frequent. Software failures have a
risk rating of 6 with an impact of 3, and the likelihood of this risk scenario is 2 because the Bitung City
Department of KOMINFO will immediately replace the software with the backup they have. Logical
attacks (hacking, malware, and others) have a risk rating of 25 with an impact of 5, and the likelihood
of this risk scenario is 5 because cyberattacks can threaten confidential data important to KOMINFO
and occur almost every day.
Third-party/supplier incidents have a risk rating of 1 with an impact of 1, and the likelihood of this
risk scenario is 1 because the Bitung City Department of KOMINFO does not use cloud services and is
not recommended to use cloud services. Non-compliance has a risk rating of 3 with an impact of 1 and
a likelihood of risk scenario of 3 because the regulations made by the Bitung City Department of
KOMINFO internal have been adjusted to the operation of the Bitung City Department of KOMINFO.
Geopolitical issues have a risk rating of 4 with an impact of 4, and the likelihood of this risk scenario is
1 because, with the intervention of the government or national policy, it may not be following the policy
of the Bitung City Department of KOMINFO. However, there is no possibility that this will happen yet.
Industrial action has a risk rating of 5 with an impact of 5, and the likelihood of this risk scenario is 1
because if this scenario occurs at the Bitung City Department of KOMINFO, operational activities will
be completely stopped. However, there is no possibility that this will happen yet. Acts of nature have a
risk rating of 5 with an impact of 5, and the likelihood of this risk scenario is 1 because natural disasters
can damage the important operating system of the Ministry of Communication and Information
Technology, but this is rarely the case at the Bitung City Department of KOMINFO.
Technology-based innovation has a risk rating of 3 with an impact of 3, and the likelihood of this
risk scenario is 1 because the Bitung City Department of KOMINFO does not have to update its
Jurnal TeIKa, Volume 13, Nomor 1, April 2023
8
technology to the latest has never happened at the Bitung City Department of KOMINFO. Environmental
has a risk rating of 5 with an impact of 1 and a likelihood of risk scenario of 5 because the Bitung City
Department of KOMINFO has prepared backup hardware or backup power to overcome this. Data and
information management has a risk rating of 5 with an impact of 5, and the likelihood of this risk
scenario is 1 because irresponsible parties can misuse sensitive data leaks in the Bitung City Department
of KOMINFO.
Issues Related to Technology and Information
Here is a graph from Design Factor 4 on the Importance of Each Generic IT-Related Issue (Figure
5):
Figure 5 Assessment of Design Factor Problems Related to Technology and Information
For the first input of Design Factor 4 regarding the Company, there is an issue of dissatisfaction
among various IT departments in the company because of a common sense of contribution to business
value, which has importance 3, which is a serious issue. Furthermore, there is an issue of dissatisfaction
between the Business department and the IT department because of a failed business or low
Identification of IT Governance Capability Level of COBIT 2019
at The KOMINFO City of Bitung, North Sulawesi
9
contribution to business value, which has importance 2, namely, there is an issue. Furthermore, in the
company, there are issues regarding significant IT-related incidents, such as data loss, security
breaches, project failures, application errors, and others, which have importance 2; namely, there are
issues. Furthermore, in the company, there is an issue of service delivery problems by IT outsourcing,
which has an importance of 1, i.e., there is no issue. Furthermore, there is an issue of failure to meet
regulatory or contractual requirements related to IT, having importance 2; namely, there is an issue.
Furthermore, in the company, there is an issue with regular audit reports regarding the assessment
of poor IT performance or reported problems, having importance 2; namely, there is an issue.
Furthermore, in the company, there are hidden and fraudulent IT expenditures, such as IT expenditures
in user departments that are out of control and not following the approved budget, having importance
of 1, i.e., there are no issues. Furthermore, in the company, there are issues regarding overlap between
existing ideas and the waste of resources; because of this, it has importance 3, which is a serious issue.
Furthermore, there are issues regarding the insufficient IT resources or the lack of skills of existing IT
employees, having importance 3, namely serious issues. Furthermore, in the company, there are issues
regarding projects that support IT often failing to meet the company's business needs, or the project
is often late and exceeds the specified budget, which has importance 1, which is no issue.
Furthermore, there are issues regarding the lack of involvement of company executive members
or senior management with IT, having importance of 1, i.e., there are no issues. Furthermore, in the
company, there are issues regarding complex IT models, so it is unclear whether decisions related to
IT have importance 2; namely, there are issues. Furthermore, there are issues regarding IT costs that
are too high, having importance 2; namely, there are issues. Furthermore, in the company, there are
issues regarding inhibition or failure of innovation caused by the current IT system architecture that is
not supportive, has importance 3, which is a serious issue. Furthermore, in the company, there is an
issue of the gap between business and IT, which causes business users and specialists in IT to have
different communication and not understanding, having importance 2; namely, there is an issue.
Furthermore, there are issues with data quality and integration in various sources, which have 3
serious issues. Furthermore, there are issues in the company regarding the lack of supervision and
quality control of existing applications; in this case, applications being developed/used have an
importance of 1, i.e., there are no issues. Furthermore, in the company, there are issues regarding
business departments that apply their information with little or even no involvement from the IT
department, which has 3 serious issues. Furthermore, in the company, there is an issue of ignorance
and non-compliance with security and privacy regulations, which has importance 1, i.e., there is no
issue. Furthermore, finally, in the company, there is an issue of inability to use/utilize new technology
or innovate using Information & Technology (I&T), which has importance 2; namely, there is an issue.
Threat Landscape
In this Design Factor, there are 2 categories: high and normal. The Bitung City Department of
KOMINFO has 0% at high and 100% at normal because the BitungCity Department of KOMINFO can
prevent and control existing threats, so it operates at a normal threat level. Here is a graph from Design
Factor 5 on the Importance of Threat Landscape (Figure 6):
Jurnal TeIKa, Volume 13, Nomor 1, April 2023
10
Figure 6 Threat Landscape Factor Design Assessment
Compliance Needs
Here is a graph from Design Factor 6 on the Importance of Compliance Requirements:
Figure 7 Design Factor Assessment of Compliance Needs
In this Design Factor, there are 2 categories: high and normal. KOMINFO has a high of 100%
because the Bitung City Department of KOMINFO, as a government agency, must follow the
government's regulations. Therefore, the level of compliance from the Bitung City Department of
KOMINFO is very high.
Role of Information Technology
Here is a graph from Design Factor 7 on the Importance of the Role of IT:
Figure 8 Assessment of Design Factor Role of Information Technology
This Design Factor has 4 categories of IT roles: support, factory, turnaround, and strategic. The
Bitung City Department of KOMINFO has an important strategic role because it can help run and
innovate in the process of providing information in addition to all matters related to IT that the Bitung
City Department of KOMINFO handles. Meanwhile, the second category that plays an important role is
the factory because when IT fails, it will directly impact the operational activities of the Bitung City
Department of KOMINFO.
Information Technology Resource Model
Here is a graph from Design Factor 8 on the Importance of the Sourcing Model for IT:
1
4
2
5
0 1 2 3 4 5
Support
Factory
Turnaround
Strategic
Design Factor 7 Role of IT (Input)
Identification of IT Governance Capability Level of COBIT 2019
at The KOMINFO City of Bitung, North Sulawesi
11
Figure 9 Assessment of Design Factor Information Technology Source Model
This Design Factor has 3 categories of IT resources: outsourcing, cloud, and insourced. The Bitung
City Department of KOMINFO has an insourced of 100% by the Bitung City Department of KOMINFO
does not use third parties as IT resources and prefers to store its data to prevent important data from
being leaked.
Information Technology Implementation Methods
Here is a graph from Design Factor 9 on the Importance of IT Implementation Methods:
Figure 10 Assessment of Design Factor Information Technology Implementation Model
In this Design Factor, there are 3 categories of IT implementation methods: agile, DevOps, and
traditional. The Bitung City Department of KOMINFO has an agile of 100% because the Bitung City
Department of KOMINFO uses agile as a method for developing applications, and if errors occur, they
can still be corrected or reworked.
Information Technology Adoption Strategy
Here is a graph from Design Factor 10 on the Importance of Technology Adoption Strategy:
Jurnal TeIKa, Volume 13, Nomor 1, April 2023
12
Figure 11 Assessment of Design Factor for Information Technology Adoption Strategy
In this Design Factor, there are 3 strategies to adopt new technologies: first mover, follower, and
slow adopter. The Bitung City Department of KOMINFO has a follower of 90% because the Bitung City
Department of KOMINFO focuses on companies with technology that is easy to use and widely used.
When the technology has stabilized, the Bitung City Department of KOMINFO will implement the new
technology. The latter is as slow as 10% because of existing regulations or regulations. The Bitung City
Department of KOMINFO is sometimes late in adopting new technology.
Company size
This Design Factor aims to see the size of the company based on the number of employees working
for the company or, in this case, a government agency, namely the Ministry of Communication and
Information Technology (KOMINFO) of Bitung City. Concerning this Design Factor, data was obtained
from the head of the IT Department staff related to the information of employees working at the Bitung
City KOMINFO agency.
Table 1 Design Factor 11 (Enterprise Size)
No.
Industry:
Suitable Options
1.
Large
(Companies with more than 250 full time
employees)
2.
Small & Medium
(Companies with 50 to 250 employees)
ü
Based on the results of the data obtained conducted with the head of the IT Department staff that
the agency of the Ministry of Communication and Information Technology (KOMINFO) of Bitung City
has a company with several 50 to 250 employees, including approximately 30 Heads of Office, Civil
servants, up to the Freelance Daily Worker (THL). Thus, Table 4.11 shows companies of the Small &
Medium type
Identification of IT Governance Capability Level of COBIT 2019
at The KOMINFO City of Bitung, North Sulawesi
13
4.12 Results of Information Technology Governance Design
Figure 12 Results of Information Technology Governance Design
The results of the ten Design Factors described above are in the form of a core model with a
priority level and capabilities suggested by COBIT 2019. The target of information technology
governance that gets a priority value of 75 or more will get an ability value of 4, which gets a priority
value of 50 or more will get an ability value of 4. Those who get a priority value of 25 or more will get
an ability value of 2, and those who get a priority value of 25 or less will get an ability value of 1.
The Figure 12 and Table 2 shows the result of the Design Factor of information technology
governance that have been obtained.
Table 2 Results of IT Governance Capability
Core Model
Priorities
Proficiency Level
Suggestions
EDM01Ensured Governance Framework Setting & Maintenance
0
1
EDM02Ensured Benefits Delivery
0
1
Jurnal TeIKa, Volume 13, Nomor 1, April 2023
14
EDM03Ensured Risk Optimization
15
1
EDM04Ensured Resource Optimization
20
1
EDM05Ensured Stakeholder Engagement
0
1
APO01Managed I&T Management Framework
0
1
APO02Managed Strategy
-15
1
APO03Managed Enterprise Architecture
-40
1
APO04Managed Innovation
-20
1
APO05Managed Portfolio
-10
1
APO06Managed Budget & Costs
0
1
APO07Managed Human Resources
-25
1
APO08Managed Relationships
25
2
APO09Managed Service Agreements
-20
1
APO10Managed Vendors
-35
1
APO11Managed Quality
-15
1
APO12Managed Risk
35
2
APO13Managed Security
40
2
APO14Managed Data
0
1
BAI01Managed Programs
35
2
BAI02Managed Requirements Definition
100
4
BAI03Managed Solutions Identification & Build
100
4
BAI04Managed Availability & Capacity
-40
1
BAI05Managed Organizational Change
50
3
BAI06Managed IT Changes
70
3
BAI07Managed IT Change Acceptance and Transitioning
55
2
BAI08Managed Knowledge
15
2
BAI09Managed Assets
35
2
BAI10Managed Configuration
35
2
BAI11Managed Projects
0
1
DSS01Managed Operations
40
2
DSS02Managed Service Requests & Incidents
35
2
DSS03Managed Problems
35
2
DSS04Managed Continuity
40
2
DSS05Managed Security Services
55
3
DSS06Managed Business Process Controls
5
1
MEA01Managed Performance and Conformance Monitoring
-35
1
MEA02Managed System of Internal Control
-10
1
MEA03Managed Compliance with External Requirements
20
1
MEA04Managed Assurance
10
1
5. Conclusions
After conducting the research, the governance system design for the Government Agency
Department of the Ministry of Communication and Information Technology of Bitung City has been
obtained. Twenty-four core models are recommended to have an ability level of 1, including EDM01,
EDM02, EDM03, EDM04, EDM05, APO01, APO02, APO03, APO04, APO05, APO06, APO07, APO09,
APO10, APO11, APO14, BAI04, BAI08, BAI11, DSS06, MEA01, MEA02, MEA03, and MEA04. 11 core
Identification of IT Governance Capability Level of COBIT 2019
at The KOMINFO City of Bitung, North Sulawesi
15
models are recommended to have an ability level of 2 including APO08, APO12, APO13, BAI01, BAI07,
BAI09, BAI10, DSS01, DSS02, DSS03, and DSS04. 3 core models are recommended to have an ability
level of 3, including BAI05, BAI05, and DSS05. 2 core models are recommended to have an ability level
of 4, namely BAI02 and BAI03. This research was only until designing the governance system, and the
evaluation process was not conducted on the process or core model in COBIT 2019.
The ability levels assigned to each core model are intended to reflect the maturity level of the
processes associated with each model. The 24 core models recommended to have an ability level of 1
are likely to represent the basic foundational processes that should be established before moving up to
higher levels of maturity. The 11 core models recommended to have an ability level of 2 are likely to
represent processes that have been established and are being managed but may still require further
improvement. The 3 core models recommended to have an ability level of 3 are likely to represent
processes that are well-defined, documented, and consistently applied across the organization. Finally,
the 2 core models recommended to have an ability level of 4 are likely to represent processes that are
continually being improved and optimized to achieve organizational goals and objectives. It is important
to note that the evaluation process was only conducted on the design of the governance system and
not on the individual processes or core models, which may require further evaluation to determine their
actual ability levels.
6. References
[1] I. A. Huda, Perkembangan Teknologi Informasi dan Komunikasi (TIK) Terhadap Kualitas
Pembelajaran Di Sekolah Dasar”,
Jurnal Pendidikan dan Konseling
, vol. 2, no. 1, pp. 121-125, April
2020.
[2] A. W. N. Putra, A. Sunyoto, and A. Nasiri, “Perencanaan Audit Tata Kelola Teknologi Informasi
Laboratorium Kalibrasi Menggunakan COBIT 2019 (Studi Kasus: Laboratorium Kalibrasi BSML
Regional II),”
Jurnal Fisikom
, vol. 10, no. 3, pp. 7, 241-247, 2020.
[3] Kementerian Komunikasi dan Informatika, “Profil,” Kementerian Komunikasi Dan Informatika
Republik Indonesia, 2021. Accessed on: Nov 24, 2021. Available: https://www.kominfo.go.id/profil
[4] U. F. Khusniah, L. Abdurrahman, and I. Santosa, “Analisis Dan Perancangan Tata Kelola Teknologi
Informasi BUMN Pada Proses Penetapan Peran Dan Perencanaan Teknologi Informasi
Menggunakan Kerangka Kerja COBIT 2019 [STUDI KASUS : PT POS Indonesia (Persero)],”
eProceedings of Engineering
, vol. 7, no.2, Aug. 2020
[5] N. Aristawidya, A. Amalia, and I. Santosa, “Analisis Dan Perancangan Tata Kelola Teknologi
Informasi BUMN Pada Proses Monitor Dan Evaluasi Pengendalian Internal Serta Pengelolaan
Compliance External Regulation Menggunakan COBIT 2019 [Studi Kasus: PT Nindya Karya
(Persero)],”
eProceedings of Engineering
, vol. 7, no.2, pp. 19, Dec 2019
[6] N. F. Najwa and T. D. Susanto, “Kajian dan Peluang Penelitian Tata Kelola Teknologi Informasi:
Ulasan Literatur”,
JTIIK
, vol. 5, no. 5, pp. 517, Oct. 2018, doi: 10.25126/jtiik.201855827.
[7] “Audit Tata Kelola Teknologi Informasi Pada Perguruan Tinggi Menggunakan Cobit 5 Fokus Proses
Pelayanan”,
jikstik
, vol. 19, no. 1, Mar. 2020, doi: 10.32409/jikstik.19.1.162.
[8] B. Sarifah, R. Fauzi, and I. Santosa, “Analisis Dan Perancangan Proses Manajemen Sistem Kontrol
Internal TI Menggunakan Kerangka Kerja COBIT 2019 di PT INTI (PERSERO)”,
eProceedings of
Engineering
, vol 7, no. 2, Aug. 2020
[9] M. A. Aditya, R. D. Mulyana, and A. Mulyawan, “Perbandingan COBIT 2019 dan ITIL V4 Sebagai
Panduan Tata Kelola Teknologi Management IT”,
Jurnal Computech& Bisnis
, vol. 2019, no.2, pp.
100-105, Dec. 2019
... Tata Kelola Teknologi Informasi atau IT Governance merupakan hal yang penting dalam pengawasan atau pengelolaan teknologi informasi dan risiko dalam suatu perusahaan bahkan instansi. Tanpa tata kelola yang baik, perusahaan akan sulit untuk melihat seberapa tinggi kinerja penerapan TI suatu perusahaan [4]. Tujuan TKTI yaitu memastikan bahwa pemanfaatan Teknologi Informasi dalam suatu organisasi dilakukan secara efektif untuk mencapai tujuan bisnis yang sudah ditetapkan. ...
Article
Full-text available
Teknologi informasi yang berkembang pesat saat ini sangat mempengaruhi kondisi bisnis perusahaan sehingga dibutuhkan tata kelola teknologi informasi. COBIT 2019 merupakan kerangka kerja tata kelola teknologi informasi yang memiliki standarisasi untuk melakukan penerapan tata kelola teknologi informasi. Kantor Wilayah Kementerian Hukum dan Hak Asasi Manusia Provinsi Kepulauan Riau merupakan perusahaan pemerintahan yang bergerak di bidang pelayanan hukum dan HAM. Tujuan penelitian ini adalah untuk mengetahui tingkat kapabilitas proses TI saat ini (as-is) dan tingkat kapabilitas proses TI yang diharapkan (to-be) serta memberikan rekomendasi dan saran pada tata kelola TI yang lebih baik bagi Kanwil Kemenkumham Provinsi Kepri. Penelitian ini dilakukan menggunakan standar framework COBIT 2019. Dari objektif proses yang ada, didapatkan 8 objektif yang sesuai dengan penelitian, yaitu APO04 – Managed Innovation, APO07 – Managed Human Resources, APO13 – Managed Security, BAI02 – Managed Requirements Definitions, BAI03 – Managed Solutions Identification and Build, DSS03 – Managed Problems, DSS05 – Managed Security Services, MEA01 – Managed Performance and Conformance Monitoring, EDM01 – Ensured Governance Framework Setting and Maintenance. Hasil dari penelitian ini menunjukkan pada objektif proses APO04 dan EDM01 berada pada tingkat kemampuan level 4 (as-is) dengan nilai kemampuan APO04 dan EDM01 sebesar 100%, untuk DSS03 dan MEA01 berada pada tingkat kemampuan level 5 (as-is) dengan nilai kemampuan DSS03 dan MEA01 sebesar 100%, untuk APO07 dan APO13 berada pada tingkat kemampuan level 2 (as-is), dan untuk domain BAI03 dan DSS05 berada pada tingkat kemampuan level 1 (as-is).
... Cobit adalah kerangka kerja IT Governance yang dirancang untuk melibatkan manajemen, staf, departemen TI, hingga pelaku bisnis, untuk memastikan kerahasiaan, ketersediaan data perusahaan dan integritasnya. COBIT mampu mengukur sejauh mana keseimbangan antara teknologi informasi dan tujuan bisnis untuk menciptakan penyesuaian bisnis yang diinginkan [7]. Selain itu, COBIT juga diakui sebagai kerangka yang direkomendasikan berdasarkan peraturan menteri BUMN Nomor PER-03/MBU/02/2018 [8]. ...
Article
Full-text available
Information Technology Governance plays a very important role in managing all company needs. Especially in the world of education, technology plays a very important role in carrying out the vision and mission of all educational service needs. However, there are many problems experienced and the order of infrastructure and how to manage it that is not maximized so that it makes the order not run well. Because this can lead to various problems from the course of the education service process. Therefore, a framework such as COBIT 2019 is needed which has become the main guideline in improving the effectiveness and efficiency of information technology management in various organizations, including universities. This journal aims to assess COBIT 2019 framework users at various higher education institutions to determine the level of capability and gaps that generally occur. Through a Systematic Literature (SLR) approach, the journal details a number of significant findings, including an in-depth understanding of how COBIT 2019 is adopted and implemented in higher education settings. With Research Question (RQ) i.e. RQ1 Which domains in IT Governance are the main focus for most colleges and high schools implementing the COBIT 2019 framework, RQ2 What are the capability levels and advice provided in most higher education institutions implementing the COBIT 2019 framework. The results of this study found 13 articles that met the inclusion criteria, after identifying titles, abstracts, and conclusions from 48 articles that fell into the exclusion criteria. From the screening of these journals, the results show that the main focus of universities and colleges in implementing the COBIT 2019 framework is on the DSS05 domain. In many higher education institutions that implement the COBIT 2019 framework, the level of capability tends to depend on a strong understanding of best practices in managing IT operations, because there are many universities that have not been able to achieve the desired capability targets. As such, these institutions are required to continuously improve their capabilities in the face of dynamic IT environment changes and strengthen efforts to maintain the resilience of their operational systems.
... In Indonesia, several researches also has been done such as auditing an non-profit or educational institution as well as for profit companies [10,11] Information Technology Management (IT Governance) is a policy framework and a series of organizational processes aimed at ensuring that the implementation of Information Technology (IT) supports the achievement of organizational goals. One of the standards used to support IT governance is COBIT (Control Objectives for Information and Related Technology) [12]. COBIT is a framework that can address a wide range of issues because, in its use, it can provide an overview of IT strategy and governance, as well as modern thinking combined with resource management and techniques in IT implementation [13]. ...
Article
Full-text available
Information Technology can determine competitiveness and the ability to improve performace, as well as enhance effectiveness and efficienc for businesses, IT Governance can be considered successful when it aligns with organizational goals and the implementation for IT itself. Therefore, it is necessary to evaluate its maturity level. COBIT 2019 is one of the audit frameworks that can be used to control the Governance of information technology. PT. Daya Adicipta Wisesa is the subject of this research, with the aim of determining whether the implemented IT Governance has the desired Capability Level and to indentify the level of gaps in IT Governance based on the COBIT 2019 framework. Ater analyzing the 11 design factors of COBIT 2019, seven priority onjectives were found to have a target capability level 4, which is 80% namely APO13, BAI04, DSS01, DSS02, DSS03, DSS04, and DSS05. Then, the capability level calculation was conducted, and the priority onbjectives were determined as follows: APO13 achieved capability level 5, BAI03 achieved capability level 4, DSS01 achieved capability level 5, DSS02 achieved capability level 5, DSS03 achieved capability level 4, DSS04 achieved capability level 5, and DSS05 acvieved capability level 4, with a rating of fully achieved for the process activity category.
Article
Full-text available
The development of information technology today has had a significant impact on various aspects of human life, including in the industrial sector. One example is the integration of information technology in company operations to use it as a supporting tool for sending data and information which is the main reference for organizational management in decision making. To measure the level of capability of the IT system used, companies can use the COBIT 2019 framework, which not only helps in assessing the suitability of IT systems, but also provides recommendations for solutions to problems faced by the company. For example, research results show that problems related to data backup failures have been identified in Domain DSS01, with recommended solutions such as implementing policies related to information security from outsourced employees, establishing internal management processes, setting up timely incident tickets, and implementing recommendations to overcome non-compliance.
Article
Full-text available
Penelitian ini bertujuan untuk melihat seberapa jauh perkembangan Teknologi Informasi dan Komunikasi (TIK) dalam dunia pendidikan khususnya sekolah dasar. Pemanfaatan TIK dalam pendidikan pada penelitian ini lebih dikerucutkan lagi pada proses pembelajarannya. Guru dapat memanfaatkan TIK untuk memeprsiapkan proses pembelajaran dan atau ketika proses pembelajaran berlangsung. Dengan TIK guru dapat menambah bahan ajar dan mencari referensi tentang metode pembelajaran yang tepat untuk siswanya. Dalam pembelajaran guru dapat menyampaikan materi dengan lebih mudah diterima oleh siswa dengan bantuan pemanfaatan TIK. Penerapan TIK juga tidak hanya semata-mata langsung diterapkan, tetapi juga harus melihat karakteristik siswanya. Maka proses pembelajaran akan berkualitas dan bermakna dengan pemanfaatan TIK yang sesuai dengan karakteristik siswa.
Article
Full-text available
p>Perkembangan transisi Teknologi Informasi (TI) saat ini menyebabkan penelitian terkait dengan tata kelola TI semakin meningkat.Tata kelola TI berperan besar dalam sebuah organisasi karena telah berubahnya peran dan relevansi TI dalam organisasi sehingga diperlukan pemahaman yang jelas terkait dengan tata kelola TI saat ini.Tujuan penulisan ulasanliteratur ini yaitu untuk mengulas perkembangan topik Tata Kelola dan peluang penelitian lebih lanjutterkait tata kelola TI sehingga dapat memberikan pemahaman tentang tata kelola TI. Metodologi yang digunakan pada ulasan literatur ini mencakup: 1) pendefinisian pertanyaan penelitian; 2) penetapan sumber literatur; 3) penentuan kata kunci pencarian literatur; 4) Pemilihan literatur; dan 5) ekstraksi data dan sintesis.Berdasarkan hasil ulasan literatur yang dilakukan, penelitian tata kelola TI secara luas diterapkan pada organisasi bisnis.Terdapat beberapa metode dan kombinasi dari beberapa metode yang digunakan dalam tata kelola TI, mencakup Control Objectives for Information and Related Technologies (COBIT), Information Technology Infrastructure Library (ITIL), Information Technology Balanced Scorecard (IT-BSC), dan metode-metode lain. Tren penelitianyang saat ini banyak dilakukan mencakup cloud computing governance, criteria success factor IT governance, penerapan dan atau evaluasi tata kelola dengan berbagai metode pada sektor bisnis, tata kelola TI pada universitas, peran tata kelola dalam pemerintahan dan rumah sakit. Peluang penelitian direkomendasikan berdasarkan future dan limitasi dari masing-masing paper yang dibahas. Abstract The development of the current Information Technology (IT) transition has led to more research on IT governance. IT governance plays a major role in an organization because it has changed the role and relevance of IT in the organization so that a clear understanding of current IT governance is needed. The purpose of this literature review is to review the development of Governance topics and further research opportunities related to IT governance so as to provide an understanding of IT governance. The methodology used in this literature review includes: 1) defining research questions; 2) determination of literature sources; 3) the determination of literature search keywords; 4) Selection of literature; and 5) data extraction and synthesis. Based on the results of the literature review conducted, IT governance research is widely applied to business organizations. There are several methods and combinations of several methods used in IT governance, including Control Objectives for Information and Related Technologies (COBIT), Information Technology Infrastructure Library (ITIL), Information Technology Balanced Scorecard (IT-BSC), and other methods . Current research trends include cloud computing governance, IT governance success factor criteria, governance implementation and or evaluation with various methods in the business sector, IT governance at universities, governance roles in government and hospitals. Research opportunities are recommended based on the future and limitations of each paper discussed. </p
  • A W N Putra
  • A Sunyoto
  • A Nasiri
A. W. N. Putra, A. Sunyoto, and A. Nasiri, "Perencanaan Audit Tata Kelola Teknologi Informasi Laboratorium Kalibrasi Menggunakan COBIT 2019 (Studi Kasus: Laboratorium Kalibrasi BSML Regional II)," Jurnal Fisikom, vol. 10, no. 3, pp. 7, 241-247, 2020.
Kementerian Komunikasi Dan Informatika Republik Indonesia
  • Kementerian Komunikasi Dan Informatika
Kementerian Komunikasi dan Informatika, "Profil," Kementerian Komunikasi Dan Informatika Republik Indonesia, 2021. Accessed on: Nov 24, 2021. Available: https://www.kominfo.go.id/profil
Analisis Dan Perancangan Tata Kelola Teknologi Informasi BUMN Pada Proses Penetapan Peran Dan Perencanaan Teknologi Informasi Menggunakan Kerangka Kerja COBIT
  • U F Khusniah
  • L Abdurrahman
  • I Santosa
U. F. Khusniah, L. Abdurrahman, and I. Santosa, "Analisis Dan Perancangan Tata Kelola Teknologi Informasi BUMN Pada Proses Penetapan Peran Dan Perencanaan Teknologi Informasi Menggunakan Kerangka Kerja COBIT 2019 [STUDI KASUS : PT POS Indonesia (Persero)]," eProceedings of Engineering, vol. 7, no.2, Aug. 2020
Analisis Dan Perancangan Tata Kelola Teknologi Informasi BUMN Pada Proses Monitor Dan Evaluasi Pengendalian Internal Serta Pengelolaan Compliance External Regulation Menggunakan COBIT
  • N Aristawidya
  • A Amalia
  • I Santosa
N. Aristawidya, A. Amalia, and I. Santosa, "Analisis Dan Perancangan Tata Kelola Teknologi Informasi BUMN Pada Proses Monitor Dan Evaluasi Pengendalian Internal Serta Pengelolaan Compliance External Regulation Menggunakan COBIT 2019 [Studi Kasus: PT Nindya Karya (Persero)]," eProceedings of Engineering, vol. 7, no.2, pp. 19, Dec 2019
Analisis Dan Perancangan Proses Manajemen Sistem Kontrol Internal TI Menggunakan Kerangka Kerja COBIT 2019 di PT INTI (PERSERO)
  • B Sarifah
  • R Fauzi
  • I Santosa
B. Sarifah, R. Fauzi, and I. Santosa, "Analisis Dan Perancangan Proses Manajemen Sistem Kontrol Internal TI Menggunakan Kerangka Kerja COBIT 2019 di PT INTI (PERSERO)", eProceedings of Engineering, vol 7, no. 2, Aug. 2020
Perbandingan COBIT 2019 dan ITIL V4 Sebagai Panduan Tata Kelola Teknologi Management IT
  • M A Aditya
  • R D Mulyana
  • A Mulyawan
M. A. Aditya, R. D. Mulyana, and A. Mulyawan, "Perbandingan COBIT 2019 dan ITIL V4 Sebagai Panduan Tata Kelola Teknologi Management IT", Jurnal Computech& Bisnis, vol. 2019, no.2, pp. 100-105, Dec. 2019