Professional Documents
Culture Documents
net/publication/347375655
CITATIONS READS
13 973
4 authors, including:
All content following this page was uploaded by Ahmad Ishlahuddin on 23 December 2021.
Abstract— The rise of online learning has made information Integrated College of Technology XYZ-edu (XYZ College)
technology (IT) as an essential part of every educational which is responsible for the education process and the
institution. IT enabled business initiatives and requires major Information Systems Technology Agency (XYZ Agency)
investments that, if not managed properly, may impair rather which is responsible for managing IT resources throughout the
than improve the organization's performance. IT governance in XYZ-edu [11]. Despite having a subunit that focusing on
educational institution in the current pandemic era is needed to managing IT, based on author observations and interview with
actualize digital transformations that are safe, effective and the Chair of XYZ Agency, XYZ-edu still has many IT related
accountable. This research explores the use of COBIT 2019, an problems. One problem that often occurs is the unstandardized
IT governance framework, to evaluate the maturity of selected
stage of software development that is not in accordance with
IT process in a small higher education institution located in
best practice, causing many problems in the future. With the
Depok. The data collected using the combination of interviews,
questionnaires, and document studies. The results of this study existence of this research, XYZ-edu guides to make digital
indicate the level of maturity of the organization is at level 0 transformations that are currently urgently needed during the
(incomplete), while the target level is 2. Recommendations for pandemic era period in distance learning activities.
improvement processes are made in reference to best practices The aforementioned problem indicates that the IT
at COBIT 2019 to help achieving the target. governance in XYZ-edu does not perform well. The
aforementioned problem into a research question and the
Keywords— information technology, it governance, cobit
2019, educational institution, maturity level
purpose of conducting research, therefore the research
question is "What is the maturity level of Information
I. INTRODUCTION Technology governance in small size Higher Education
Institute using COBIT 2019 framework?". Given that
Information technology is becoming an increasingly information technology is very important to support the
important role in supporting the operation of educational teaching and learning process, more analysis is needed to
institutions. Moreover, in the midst of such a pandemic era, assess the level of maturity and gaps in IT Governance at
educational institutions are required to move their services XYZ-edu. In this study, the framework used to measure the IT
online with a very limited time adjustment. The COVID19 governance maturity level is COBIT 2019. COBIT 2019 has
pandemic era forced most of the affected areas to carry out chosen because of its flexibility and openness, which is
distance learning activities because of health and safety. At the suitable for small size organizations that lack the resources
Indonesian Chancellors' Forum conference, the Minister of sufficient to implement good IT governance. And COBIT is a
Education and Culture invited to take advantage of the framework that can help the implementation of IT Governance
efficiency presented by technology in building joint strength by considering all aspects both in terms of people, skills,
in realizing advanced educational institutions. Thus, they need competencies, services, infrastructure, and applications [5].
to prepare a better IT infrastructure to support the sudden Limitations of COBIT, COBIT does not decide on the best IT
change from traditional to online learning. Information strategy, the best architecture, or how much IT can or should
technology is considered as an important yet expensive cost, COBIT does not fully describe the IT environment of an
investment in many industries, including education. However, organization, COBIT is not a framework for managing
many educational institutions are failed to manage its business processes, COBIT is not a framework (IT- ) technical
information technology. This failure may lead to fatal for managing all technologies [6].
consequence such as the decline of education quality and the
loss of a potential student. To reduce these risks, educational This study uses 6 domains to see the maturity level of IT
institutions need to implement IT governance in accordance governance at XYZ-edu, namely stakeholders’ involvement,
with best practice standards. In [1]-[4] it is mentioned that the management support, financial support, organizational effect
successful implementation of IT governance with best- internally, the strategic alignment between IT and business, IT
practice standards. Thus, the IT investment can be used staffing management, and IT structure. The six domains were
optimally and will not goes to waste. chosen because they are critical factors that influence the
success of IT Governance in an organization [7]. The previous
This study is conducted in a small higher educational research results indicate the need for monitoring from the
institution called XYZ-edu that was established in the 1960s. leadership of the duties of each stakeholder, making SOP
XYZ-edu focus on preparing IT graduates that mastering related to management changes and quality assurance SIAK
practical skills and having a good character. In order to [8].
achieve its goal, XYZ-edu has two subunits, namely
the
236
© IEEE 2020. This article is free to access and download, along with rights
for full text and data mining, re-use and analysis
Authorized licensed use limited to: IEEE Xplore. Downloaded on December 23,2021 at 03:25:52 UTC from IEEE Xplore. Restrictions apply.
2020 3rd International Conference on Computer and Informatics Engineering (IC2IE)
This paper is arranged as follows: Section 2 presents a [14]. COBIT 2019 was published as a guideline for every
literature review of IT Governance and COBIT 2019. Section organization to be able to move fast, be dynamic, innovate,
3 provides the research methodology that was employed for and get closer to its customers. There are three main changes
this study. The data collection and analysis methods are to COBIT 2019 when compared to COBIT 5. First, there is an
discussed. The research results are presented in Section 4. improvement in the maturity model for the IT governance
Section 5 presents the research implications as well the process. Next, COBIT 2019 changes the basic principles that
conclusion of the paper. are used from 5 principles to 6 principles, namely Provide
Stakeholder Value, Holistic Approach, Dynamic Governance
II. LITERATURE STUDY System, Governance Distracted from Management, Tailored
A. IT Governance to Enterprise Needs, and End-to-End Governance System.
Lastly, COBIT 2019 adds new objectives that adjust the
IT governance is part of overall organizational current industry development. This includes managed data,
governance, which involves stakeholders to ensure the managed programs, and managed assurance [1], [4].
sustainability of IT in institutions that can support the goals
and strategies of the organization [9]. Additionally, IT III. RESEARCH METHODS
governance can be defined as an instrument for controlling
This study uses a case study research approach. Case
and managing IT resources such as infrastructure technology
studies were carried out at XYZ-edu, specifically the
and the people involved in it. Basically, IT governance is
Information Technology and Systems Agency (XYZ
needed in all organizations, including universities or higher
Agency), which served as an IT managing division in the
educational institutions [10]. This is reinforced by the high
XYZ-edu environment. The study has been conducted from
dependence of educational institutions on information
October 2019 until June 2020.
technology, especially in the current pandemic era. Examples
of IT use in educational institutions are the utilization of A. Data Collection
academic information systems, wireless networks, and e- For data collection, researchers conduct interviews, study
learning platforms [11]. However, the increasing need for IT documentation, and distribute questionnaires are a challenge
in organizations is often accompanied by an increase in the in the middle of the pandemic era. The interview is used
complexity of its management. Considering that IT through online discussions as a first step to identify the
investment is expensive, it is necessary to have a relational, conditions of IT management at XYZ-edu and existing
processing, and structured mechanism that can be obtained problems. There were five respondents interviewed in total
through an IT Governance framework [12]. (Table II). Meanwhile, the document study method was
There are several frameworks that can be used to conducted through the analysis of the 2018 XYZ College
conducting IT governance in an organization. A comparison accreditation e-book forms. The results of the document study
of IT governance frameworks can be seen in Table I. From were used to complete the description of the conditions of IT
this table, it can be concluded that COBIT is an IT governance management at XYZ-edu. Finally, this study also uses a
management guide that can help organizations meet business questionnaire online using google form based on framework
challenges in the areas of compliance with regulations, risk COBIT 2019 process. The results of this questionnaire are
management, and align IT strategies with organizational goals used as a basis for determining the maturity level of IT
[13]. Therefore, researchers use COBIT as a guide in Governance at XYZ-edu.
managing IT governance at XYZ-edu.
TABLE II. DATA RESPONDEN
TABLE I. THE COMPARISON OF IT GOVERNANCE FRAMEWORK No Position Working Experience
Framework Goals Targeted Audiences 1 Chairman of XYZ College 14 years 4 months
CMII Provides guidance for System and application
process development development leader 2 Vice Chairman I XYZ 20 years 4 months
COSO Improve supervision of the Leaders, management, College
organization by determining users, and internal 3 Vice Chairman II XYZ 22 years
integrated systems auditors College
ISO 20000 A set of process management Management level 4 Vice Chairman III XYZ 13 years 6 months
to produce effective services College
TOGAF Provide strategies to achieve Division/person that are 5 Chairperson of the Internal 7 years 8 months
goals by building enterprise responsible for EA Quality Assurance Agency
architecture management XYZ College
COBIT Provides IT governance Internal organizations, 6 Director of XYZ Agency 20 years 3 months
guidelines for business, IT practitioners, and
7 Head of IT Infrastructure 3 years 3 months
risk, information security and consultants Division of XYZ Agency
quality assurance
8 Head of System Development 9 years 4 months
B. COBIT 2019 and Management of XYZ
Agency
COBIT (Control Objectives for Information and Related
Technology) is a framework for IT governance and
B. Analysis Methods
management [6]. This framework helps organizations create
optimal value from IT use by balancing existing benefits with This research consists of several important steps as
risk optimization and using resources in creating benefit illustrated in Fig. 1. First, the authors conduct a preliminary
realization [5]. interview and perform goal cascading to identify existing
problems in xyz-edu. then, we identify the process from
ISACA has released the latest version of COBIT which
COBIT 2019 that is related to the identified problems. next,
replaces the previous version of COBIT 5 to COBIT 2019
237
Authorized licensed use limited to: IEEE Xplore. Downloaded on December 23,2021 at 03:25:52 UTC from IEEE Xplore. Restrictions apply.
2020 3rd International Conference on Computer and Informatics Engineering (IC2IE)
we evaluate the it governance maturity level and determine that are the focus of XYZ-edu IT Governance capability
the target of maturity level by using questionnaires and management (see Table IV).
interviews. the questionnaires are adopted from COBIT 2019
guidelines that are related with xyz-edu existing problems.
we then conduct gap analysis between the current maturity TABLE III. CRITERIA OF EACH MATURITY LEVEL ON COBIT 2019
level and the target. lastly, we construct a set of
Level Criteria
recommendations to help xyz-edu to achieve their target of it
governance maturity level. Level 0 • Lack of basic skills.
(Incomplete) • An incomplete approach to dealing with
governance and management objectives.
• May or may not meet the intent of any process
practice.
Level 1 This process more or less achieves its objectives
(Initial) through the application of an incomplete set of
activities which can be categorized as initial or
intuitive (not very organized).
Level 2 The process of achieving its objectives through the
(Managed) implementation of a complete set of basic activities
that can be categorized as done.
Level 3 The process of achieving its objectives in a far more
Fig. 1 Research Methodology (Define) organized way using organizational assets. The
process is usually well defined.
C. Measuring IT Governance Maturity Level Level 4 The process of achieving its objectives, is well
(Quantitative) defined, and its performance is measured
After determining the COBIT 2019 processes that are (quantitatively).
prioritized in the improvement process, an assessment of the Level 5 The process of achieving its objectives, is well
capability of the process is carried out. The capability level is (Optimize) defined, its performance is measured to improve
performance and continuous improvement is made.
calculated based on the average output (outcome) attributes of
each selected process. Then, the value is converted into
achievement categories based on ranking compiled according
to guidelines from COBIT 2019. C. Mapping Alignment Goals to COBIT 2019 Process
Next, the selection of priority process domains ends with
If the assessment at one level meets the categories of
mapping on alignment goals with COBIT 2019 processes. The
achieved (L) or fully achieved (F), then that level has been
nine selected alignment goals are then mapped into the IT
successfully achieved and can be assessed to the next level.
Governance process within the COBIT 2019 framework
The measurement scale uses the rating level at COBIT 2019
through the generic table provided in the 2019 COBIT
is consisted of 4 categories. First, 0-15% achievement is
guidelines. By using this mapping, stakeholders can align
considered as not achieved. Meanwhile, >15-50% and >50-
business investment made possible by IT with the goals of
85% are considered as partially and largely achieved,
organizational goals and organizational performance [5]. Fig.
respectively. Lastly, indicators that have >85-100%
3 illustrates an example of mapping COBIT 2019 alignment
achievement is considered as fully achieved. All of the
goals to related processes that will be evaluated for
indicators will be calculated to determine the level of maturity
capabilities.
for each process. Table III shows the criteria of six maturity
level on COBIT 2019 [5].
IV. RESEARCH FINDINGS
A. Mapping Organizational Goals to Enterprise Goals
To be able to know the process that is the focus of
measurement, it is first necessary to map the organization's
goals to the enterprise goals. The author studies a document
that is completed with interviews with stakeholders to
complete this stage. The XYZ-edu organizational objectives
contained in the 2014-2018 XYZ College Strategic Plan are
mapped into the enterprise goals contained in the 2019 COBIT
guidelines. The mapping results can be seen in Fig. 2. Among
the 13 enterprise goals that are stated in COBIT 2019, there
are 8 enterprise goals that are related to XYZ-edu goals.
Mapping of Enterprise Related Goals to Alignment Goals
B. Mapping of Enterprise Related Goals to Alignment
Fig. 2 Mapping Organizational Goals to Enterprise Goals
Goals
The eight enterprise goals obtained were then mapped to TABLE IV. MAPPING RESULTS FROM ENTERPRISE RELATED GOALS TO
the alignment goals of COBIT 2019. This was done to obtain ALIGNMENT GOALS
targets related to IT management at XYZ-edu based on Perspective Code Alignment Goals
interviews with the XYZ Agency team. The overall alignment
goals chosen are alignment goals because they have Primary Financial AG03 Realized benefits from I&T enabled
scale. The results of this stage are the nine alignment goals investments and services portfolio
238
Authorized licensed use limited to: IEEE Xplore. Downloaded on December 23,2021 at 03:25:52 UTC from IEEE Xplore. Restrictions apply.
2020 3rd International Conference on Computer and Informatics Engineering (IC2IE)
Perspective Code Alignment Goals
Customer AG05 Delivery of I&T services in line with TABLE V. MAPPING THE PROBLEM TO THE RELEVANT
business requirements COBIT 2019 PROCESS
AG06 Agility to turn business requirements
Pain Points Problems Description COBIT
into operational solutions
Process
Internal AG08 Enabling and supporting business
Complicated IT Constraints related to the lack of EDM01,
processes by integrating applications and
assurance efforts equality of views related to the EDM02,
technology
due to the role and value of IT and APO01,
AG09 Delivery of programs on time, on budget
entrepreneurial communication between APO07
and meeting requirements and quality
nature of many of business and IT.
standards
the business units
AG11 I&T compliance with internal policies Complex IT The availability of operational APO04,
Learning AG12 Competent and motivated staff with operating models mechanisms has not yet been BAI01,
Growth mutual understanding of technology and due to the Internet met regarding the amount of BAI02
business service-based investment invested in internet
AG13 Knowledge, expertise and initiatives for business models in bandwidth and online-based SI
business innovation use development.
Implementation of The obstacles caused by the EDM04,
reasonable levels of establishment of IT EDM07
IT management, organizations are derived from
given a highly the main organizations that have
technical and, at different structures, jobs, and
times, volatile IT policies, as a result of the
workforce different internal and external
circumstances.
Successful and on- Constraints stemming from the EDM01,
time delivery of new poor management of EDM02,
and innovative performance, performance and EDM04,
services in a highly IT portfolio, so information APO01,
competitive market about rapid IT development is APO07
not known by many parties.
239
Authorized licensed use limited to: IEEE Xplore. Downloaded on December 23,2021 at 03:25:52 UTC from IEEE Xplore. Restrictions apply.
2020 3rd International Conference on Computer and Informatics Engineering (IC2IE)
EDM02 - Ensured Benefits Create and maintain a portfolio of IT investment programs, IT services, and IT assets, form the basis of
the current IT budget and support IT strategic and goal planning.
Delivery
Identify the categories of Information Systems, applications, data, IT services, infrastructure, IT assets,
IT resources, skills, activities, controls, and communication links needed to support an organization's
strategy.
APO01 Manage the IT Implement COBIT 2019 goals alignment strategy and organizational strategy design factors to decide
Management Framework management priorities, and their implementation.
Develop a model of the IT Governance target process specifically for the organization, based on the
selection of priority management goals (output from the cascade goals and design factor exercises).
APO02 – Managed Strategy Development planning, adjustments and maintenance of the development of the external environment.
Planning, monitoring, and adjusting to the priorities of organizational strategy changes to cut costs,
increase customer satisfaction, or increase competitiveness with digital transformation, to create new
business models.
APO04 – Managed There is an innovation plan that includes risk appetite, a proposed budget for innovation initiatives and
Innovation innovation goals.
Prepare the technology monitoring process and carry out external environmental monitoring and
scanning, including appropriate websites, journals, and conferences, to identify emerging technologies
and their potential value for the organization.
APO07 – Managed Human As a precaution and safety measure, provide guidance on the minimum annual vacation time that must
Resources be taken by employees.
Documenting information sharing, planning, employee reserves, training initiatives, and job rotations to
minimize dependency on an individual who performs important job functions.
BAI01 Manage Programs Appoint a dedicated manager for the program, with commensurate competencies and skills to manage
and Projects the program effectively and efficiently.
Determine funding, costs, schedules and interdependence of several projects.
BAI02 Manage Determine and prioritize information, functional and technical requirements, based on the design of
Requirements Definition confirmed stakeholder requirements.
Identify the actions needed for the acquisition or development of solutions based on organizational
architecture.
EDM04 - Ensured Resource Targets of process performance have been well identified.
Optimization The performance of planned and monitored processes is characterized by process planning.
240
Authorized licensed use limited to: IEEE Xplore. Downloaded on December 23,2021 at 03:25:52 UTC from IEEE Xplore. Restrictions apply.
2020 3rd International Conference on Computer and Informatics Engineering (IC2IE)
maturity in accordance with the 2019 COBIT guidelines. The [3] Widjajanto, B. ,. (2018). Alignment Model of Quality Assurance
contribution that can be given in this research is to increase System of Higher Education And Performance Measurement
Based on Framework COBIT 5. International Seminar on
XYZ-edu productivity by creating alignment between Application for Technology of Information and Communication
business and IT and the latest innovations from adoption (iSemantic) (pp. 207-213). Semarang: IEEE.
technology from planned IT investments by identifying the [4] Wasilah, Nugroho, L. E., Santosa, P. I., & Ferdiana, R. (2017).
requirements of IT Governance activities for continuous Recommendation of cloud computing use for the academic data
improvement. storage in University in Lampung Province, Indonesia.
International Annual Engineering Seminar (InAES). Yogyakarta:
Based on the discussion of the capability level assessment IEEE.
process and recommendations for improvement made in this [5] ISACA, COBIT 2019: Framework Governance and Management
study, there are several conclusions that can be drawn. First, Objectives. Schaumburg: ISACA, 2018.
the capability level for the nine processes is at level 0 [6] ISACA, COBIT 2019: Introduction and Methodology.
(incomplete) and one process is at level 1 (performed). The Schaumburg: ISACA, 2018.
results of the assessment indicate that XYZ-edu has not [7] Z. Alreemy, V. Chang, R. Walters, and G. Wills, “Critical success
implemented activities in the application of IT Governance, factors (CSFs) for information technology governance (ITG),” Int.
J. Inf. Manage., vol. 36, no. 6, pp. 907–916, 2016.
especially in IT operations. If reviewed the current conditions,
[8] Asqia, M. D. (2018). Analysis of the Maturity Level of IT
XYZ-edu is still lacking in planning, evaluating, and Governance in Academic Information Systems Based on
monitoring and documenting each IT activity and process. and Framework COBIT 5: A Case Study Academic Information
the level of maturity is at level 0 (incomplete) activity cannot System XYZ-edu. Integrated Technology Journal, Vol.4, No.1.
be completed for the purpose of IT governance and [9] P. Weil and J. W. Ross, “IT Governance: How Top Performers
management in the focus area. Manage IT,” Int. J. Eletronic Gov. Res., vol. 1, no. 4, pp. 63–67,
2005.
Researchers provide advice and input to related elements, [10] I. S. Bianchi and R. D. Sousa, “IT governance maturity in higher
namely: given the role of IT currently has a strategic position education: A study in Brazilian and Portuguese Universities,” in
for the survival of XYZ-edu, the existence of IT committees Atas da Conferencia da Associacao Portuguesa de Sistemas de
can be sought to be formed with the hope that alignment can Informacao, 2018, vol. 2018–October.
be made in the direction and objectives of IT development in [11] M. Coen and U. Kelly, “Information management and governance
XYZ-edu and so that the problem of miss communication in UK higher education institutions: Bringing IT in from the cold,”
Perspect. Policy Pract. High. Educ., vol. 11, no. 1, pp. 7–11, 2007.
among stakeholders can be minimized, It is necessary to
[12] I. S. Bianchi and R. D. Sousa, “IT Governance Mechanisms in
improve the culture of documentation of the various activities Higher Education,” in Procedia Computer Science, 2016, vol. 100,
carried out and the documentation of forms of communication pp. 941–946.
from and to various parties concerned with the XYZ agency. [13] A. D. Dewantara, “Measurement Capability Level of Information
Technology Governance Based on Framework COBIT 5: A Case
VI. ACKNOWLEDGMENT Study Data and Information Center Arsip Nasional Republik
Indonesia (ANRI),” Universitas Indonesia, 2015.
We would like to thank the Directorate of Research and
[14] ITGI, “COBIT 2019 VS COBIT 5,” 2019. [Online]. Available:
Development of Universitas Indonesia (DRP UI) for their
https://itgid.org/cobit-2019-vs-cobit-5/.
support through PUTI Grant 2020 (Grant No. NKB-
[15] Fitroh, “Assessment Maturity Level of IT Governance in
878/UN2.RST/HKP.05.00/2020). Academic Information System Based on domain PO dan AI
COBIT 4.0 A Case: UIN Syarif Hidayatullah Jakarta,” Stud.
REFERENCES Inform. J. Sist. Inf., 2011.
[1] Nyonawan, M. S. (2018). Evaluation of Information Technology
Governance in STMIK Mikroskil Using COBIT 5 Framework.
International Conference on Information Management and
Technology (pp. 137-142). Jakarta: IEEE.
[2] Vira Septiyana Kasma, S. S. (2019). Design of e-Government
Security Governance System Using COBIT 2019. IEEE. Bandung.
241
Authorized licensed use limited to: IEEE Xplore. Downloaded on December 23,2021 at 03:25:52 UTC from IEEE Xplore. Restrictions apply.
View publication stats