SlideShare a Scribd company logo

Capability_Assessment_of_IT_Governance_Using_the_2.pdf

Thilak Pathirage -Senior IT Gov and Risk Consultant
Thilak Pathirage -Senior IT Gov and Risk Consultant

Maturity assessment framework

Education
1 of 6
Download to read offline
International Journal of Science, Technology & Management ISSN: 2722 - 4015 http://ijstm.inarah.co.id 1034 Capability Assessment Of IT Governance Using The 2019 COBIT Framework For The IT Business Consultant Industry Maximillian Brian Hardjadinata1 , JansenWiratama2* 1,2 Information Systems Department, Universitas Multimedia Nusantara, Tangerang, Banten, 15810, Indonesia. * Corresponding Author: Email: jansen.wiratama@umn.ac.id Abstract. Most Indonesian businesses need help with business alignment with information technology. COBIT is one of the frameworks controlled by IT Governance. COBIT 2019, the most recent COBIT framework, assesses information technology governance and capability levels at PT Kwadran Lima, Indonesia. Capability is measured by interviews regarding COBIT operations using a specified process domain. The COBIT Design Toolkit was used to establish the process domains. The process domains acquired were APO12-Managed Risk, BAI10-Managed Configuration, and DSS03-Managed Problem. These three domains solve challenges at PT Kwadran Lima in Indonesia. The process domain was assessed through interviews using the RACI Chart. Following the collection of measurement results, suggestions are made based on the findings of the evaluation results. According to the findings, PT Kwadran Lima Indonesia is still at level 2 to reach level 3. As a result, a proposal is made to develop or design a team whose tasks and responsibilities are to plan and execute ways of collecting categorization and associated data analysis of Information Technology risk for the Company to achieve level 3. Keywords: Capability Level, COBIT 2019, IT Governance, and Raci Chart I. INTRODUCTION Current technological developments are important and considerably influence the lives of individuals and groups of individuals. All activities, such as Health, Government, Industry, and Education, utilize technology as a valuable and important asset in their daily activities [1]. Information Technology, also known as IT, is an aspect that is very difficult to separate from human life for several reasons. Humans are now very dependent on this technology. The Internet is an integral part of Information Technology [2]. Effective and efficient management of Information Technology (IT), often referred to as IT, is the key to integrating the use of IT in a company with the goals and business needs of the organization. It takes the right strategy and management to achieve this. The importance of implementing Good Governance mechanisms in the use of IT requires more attention to the IT governance model used, as well as process control and service delivery within the organization. Thus, IT can be more effective and efficient, aligning with organizational goals [3].COBIT 2019 is a globally accepted framework that provides principles, practices, tools and models to increase the trust and value of Enterprise Information Systems[4]. COBIT 2019 will be used as an IT Governance framework to help PT Kwadran Lima Indonesia achieve its business goals by evaluating corporate governance and aligning it with IT services. On average, companies that use IT Governance often have 20% more income than those that do not [5]. PT Kwadran Lima Indonesia is a BPO service provider focusing on core competencies. Founded in 2012, this company provides human resource services for IT and non-IT, as well as Business Process Outsourcing and Maintenance Services. By providing the best service for human resources, PT Kwadran Lima Indonesia helps clients run their businesses with better efficiency and focus [6]. PT Kwadran Lima faces several serious problems that have the potential to hinder its business processes. The owner of PT Kwadran Lima said that this problem could slow down the operational process of PT Kwadran Lima Indonesia. Some of the issues identified by the owner included attendance system errors in recording employee attendance and the need for a tracking system to monitor employee performance, which resulted in a lack of effectiveness in supervision. The impact of these problems is felt by the company and the employees who work there. Employees' attendance on weekdays needs to be properly recorded, which impacts HRD's difficulties in paying.
International Journal Of Science, Technology & Management ISSN: 2722 - 4015 http://ijstm.inarah.co.id 1035 The company owner explained that even though risk management had been carried out properly, problems such as the tracking system and employee attendance still occurred. Therefore, measurements were taken using COBIT 2019 to evaluate the success rate of risk management at PT Kwadran Lima Indonesia and to understand why incidents such as tracking problems and system presence still occur.PT Kwadran Lima Indonesia needs to do a system audit to fix existing issues and overcome problems that hinder business processes. The audit will recommend repairs and improvements to the company's hampered systems and risk management. PT Kwadran Lima Indonesia will be assessed for its capabilities using three management objectives from each predetermined domain, namely APO12, BAI10, and DSS03. The determination of the domain is based on the mapping results that have been carried out through interviews with PT Kwadran Lima Indonesia. The level of capability will be measured using these predetermined domains. This assessment aims to improve the efficiency and effectiveness of the system used and risk management at PT Kwadran Lima Indonesia by utilizing the recommendations provided by COBIT 2019. II. METHODS This research adopts the 2019 COBIT framework to measure the capability level at PT Kwadran Lima, Indonesia. The research approach used is quantitative because it involves measuring data to assess the level of capability. Data was collected through interviews with respondents and also through literature studies. The interview results will be evaluated and calculated to get the value of the capabilities. In addition, the interview will also use the COBIT 2019 Tool Kit provided by ISACA to facilitate the evaluation process [7]. Literature Study is used to gain additional knowledge about COBIT 2019. The Literature Study used is the official COBIT book created by ISACA with the title "COBIT 2019 FRAMEWORK: INTRODUCTION & METHODOLOGY" and several journal articles related to information management systems. The books and journal articles used can assist this research so that they can assess the capability level of a company and can provide audit recommendations needed by the company. Previous research is also used as a reference to assist the process of carrying out this research. Some of the titles from the last research used are Comparative Study of Cobit 5 and Cobit 2019 as an Information Technology Governance Audit Framework , Analysis and Design of Information Technology Governance Using the 2019 Cobit Framework in a Company in Indonesia [9], Identifikasi Level Pengelolaan Tata Kelola Siperumkim Kota Salatiga Berdasarkan Cobit 2019 [10], Identification of Governance Management Levels Manage Salatiga City Siperumkim Based on Cobit 2019 [11], Application of the 2019 COBIT Framework in Information Technology Audits at Sambas Polytechnic [12], COBIT 5: How Capable PT GTI Governing Innovation, Human Resource, and Knowledge Aspect [13], and COBIT 5: Capability Level at PT Supra Boga Lestari [14]. COBIT 2019 has a governance system designed for organizations. Design Factor also supports a corporate governance system design to achieve the system's success using Information and Technology (IT) [15]. According to previous research, the company has already implemented the service and support of information technology governance, which is well demonstrated by their operational procedures in providing services to internal and external customers, incident handling procedures, and maintenance control of appropriate business processes [17]. It is vital to assess the level of competency in corporate information technology governance [18]. Fig 1. Design Factor
International Journal Of Science, Technology & Management ISSN: 2722 - 4015 http://ijstm.inarah.co.id 1036 Based on Fig 1, there is a display of Design Factors, which consists of 11 sections, namely Enterprise Strategy, Enterprise Goals, Risk Profile, IT Related Issues, Threat Landscape, Compliance Requirements, Role of IT, Sourcing Model for IT, IT Implementation Methods, Technology Adoption Strategy, and Enterprise Size. Users can choose a mapping that suits their needs with these eleven factors. This mapping can be done using the COBIT Design ToolKit, developed by ISACA (Information Systems Audit and Control Association), which focuses on IT governance. Mapping using this tool can make it easier for users to evaluate the organization and calculate the capability level.The level of capability is used to measure the assessment that has been carried out. There are 4 levels, namely Not Achieved (1-15%), Partially Achieved (15-50%), Largely Achieved (50-85%), and Fully Achieved (85-100%). The capability level starts from 2 to 5 and is declared a level up if the average value obtained is 85% or greater.Appropriate steps are carried out to obtain the desired results so that recommendations can be given immediately. This stage begins with the planning stage, then fieldwork, reporting, and follow-up taken from Gallegos' book [16]. a) Planning stage: After choosing PT Kwandran Lima as the research object, the initial planning will be determined at the planning stage. At this stage, it will evaluate the organizational structure, and current problems, determine the framework tools for conducting audits, and determine the scope of the audit to be carried out. At this stage, there will also be an explanation regarding the purpose of the audit to be carried out on the research object, where this study will measure the extent of risk management in the research object, namely PT Kwadran Lima Indonesia. This research will use COBIT 2019 to measure the governance system audit of PT Kwadran Lima, Indonesia. b) Field Work stage: At this stage, interviews will be conducted to determine the data needed as a measurement tool so that measurements can be carried out immediately. Interviews will be shown with related parties with the required data. The first interview was performed using the COBIT design toolkit to determine the supporting factors within the company, from DF1 to DF11. The results obtained are as follows: 1. PT Kwadran Lima Indonesia is currently in the stage of a company that is still developing and has a business process that provides services to clients who need them. 2. PT Kwadran Lima Indonesia attaches importance to several aspects, such as a good portfolio of the company's products and services, Maintaining the company's business risks, prioritizing sustainable services and business availability, and the expertise of the company's employees. 3. PT Kwadran Lima Indonesia has several risks which, according to the auditor, have a fairly high chance to the company, namely the nature of employees who are lacking and inappropriate actions, such as when you want to resign/ leave the office, you don't do a 1-month notice, so the company will find it difficult to find a replacement. Incidents such as hardware, software, and malware are also fairly high risk if they occur in the company. Natural disasters are also fairly high risk because the company's sustainability can be threatened due to natural disasters. 4. PT Kwadran Lima Indonesia also explained that it currently has 55 employees, and 33 people are in the Information Technology division. c) Reporting stage: From the data obtained at the fieldwork stage, the next step is to select the domain process so that the capability level measurement process can be carried out immediately. The process domains obtained are APO12-Managed Risk, BAI10-Managed Configuration, and DSS03-Managed Problem. Measurement will involve a predetermined domain process and will conduct interviews with related parties responsible for the activities therein. After the measurement, the next step is to provide a recommendation report to PT Kwadran Lima Indonesia regarding the recommendations for improvements and improvements obtained.
International Journal Of Science, Technology & Management ISSN: 2722 - 4015 http://ijstm.inarah.co.id 1037 d) Follow-up stage: At this stage, a report regarding recommendations for improvement and improvement will be provided to PT Kwadran Lima Indonesia so that repairs and modifications can be implemented immediately. Next is to get feedback from the company on whether the recommendations given will be used and implemented by PT Kwadran Lima Indonesia. III. RESULT AND DISCUSSION Interviews will be conducted based on the mapping results carried out using the COBIT Design Toolkit to obtain 3 suitable domain processes to help PT Kwadran Lima Indonesia improve company problems and performance. The process domains obtained are APO12-Managed Risk, BAI10-Managed Configuration, and DSS03-Managed Problems. The assessment will be conducted by conducting interviews covering the activities of each sub-domain, where APO12-Managed Risk has 6 sub-domains, BAI10- Managed Configuration has 5 sub-domains, and DSS03-Managed Problems has 5 sub-domains. Interviews will be conducted with the Auditee, who is fully responsible for his duties in the organization. Interviews will be conducted online via Zoom Meeting, and questions will use audit documents because the audit documents already provide a column for questions for activities from each subdomain. Interviews will be conducted with the responsible Auditee from each process domain. To determine which Auditee is undertaken reliably, it is necessary to map using the Raci Chart so that later the roles of each member in PT Kwadran Lima Indonesia will be known. The first is to use the APO12-Managed Risk domain process. Table 1. Capability Level Assessment Results Domain Process Average Score APO12-Managed Risk 68% BAI10-Managed Configuration 75% DSS03-Managed Problem (level 2) 89% DSS03-Manged Problem (Level 3) 84.5% From all the assessment results obtained, the following recommendations for improvement and improvement will be made to improve the findings obtained. The current level and company targets will be determined in the Gap Analysis, and the following are the results of the Gap Analysis. Fig 2. Gap Analysis With the capability assessment results carried out at PT Kwadran Lima Indonesia, the next step is to determine the Gap Analysis or analysis of the distance between the current level and the target desired by the company. In the APO12-Managed Risk domain process, the current level is past level 2, and the desired target is level 3, which determines that this domain process still has 1 distance between the current level and the desired target. Next, in the BAI10-Managed Configuration domain process, the current level is at level 2, and the target the company wants is level 3, so that it is the same as the previous domain process that the BAI10-Managed Configuration domain process still has a distance of 1 level from the target the company wants. Next, the last one is the DSS03-Managed Problem, which is currently at level 3, and the desired target is level 3, so the company has reached the desired target for now, and it can be ensured that the distance between the current level and the target is zero. Or no distance. With the results of this gap analysis, PT Kwadran Lima Indonesia will be given an audit recommendation based on the findings obtained through a capability assessment carried out previously. With this audit recommendation, PT Kwadran Lima Indonesia can achieve the desired target and increase its target so that the company is getting bigger and growing. A gap analysis will be made into tables and charts, APO12-Managed Risk BAI10-Managed Configuration DSS03-Managed Problem Current Level 2 2 3 Target Level 3 3 3 Gap 1 1 0 2 2 3 3 3 3 1 1 0
International Journal Of Science, Technology & Management ISSN: 2722 - 4015 http://ijstm.inarah.co.id 1038 making it easier for PT Kwadran Lima Indonesia to find the distance between their level and their target. The following are recommendations for improvements that need to be carried out by PT Kwadran Lima Indonesia. Table 2. Improvement Recommendations APO12-Managed Risk Level 2 APO12-Managed Risk and BAI10-Managed Configuration Sub Domain Activity Due Date PIC APO12.01 (1) PT Kwadran Lima Indonesia can form or design a team whose duties and responsibilities are to design and implement a method of collecting classification and analysis of data related to IT risks. PT Kwadran Lima Indonesia can also start by identifying what IT tools are already used to collect and analyze IT risk data. PT Kwadran Lima Indonesia can also implement analysis assistance such as SWOT (Strength, Weakness, Opportunities, Threats) so that organizations know their strengths and weaknesses against their IT scope. August 2023 Lini Wong APO12.01 (2) PT Kwadran Lima Indonesia can provide additional duties and responsibilities or recruit new employees whose purpose is to keep records related to IT activities in the company. The recording process carried out by this recruiter can be made by recording the type of risk, the impact resulting from the risk, the source of the problem, and when the risk arises for the company. August 2023 Lini Wong BAI10.03 (3) PT Kwadran Lima Indonesia can use new employees recruited to improve findings from the APO12.01 subdomain (2) by understanding how important it is to update the company's detailed configuration item items so that the formation of Configuration Management Databases (CMDBs) can be implemented immediately. October 2023 Lini Wong Table 3. Improvement Recommendations DSS03-Managed Problem Level 2 DSS03-Managed Problem Sub-domain Activity Due Date PIC DSS03.01 (2) PT Kwadran Lima Indonesia can conduct consultations on Risk Management related to improvements that need to be made first, starting from the worst impact on the company's operations to impacts that can be tolerated. August 2023 Lini Wong Recommendations for improvements can be immediately implemented by PT Kwadran Lima Indonesia so that they can fix all the problems that exist today. Based on the current issues, namely the constraints on the PT Kwadran Lima Indonesia system and still deficiencies in their Risk Management, recommendations need to be prioritized for the APO12-Managed Risk domain process because this domain process already includes an increase in risk management. IV. CONCLUSION The conclusion obtained from this study is that PT Kwadran Lima Indonesia still needs several aspects that must be developed in terms of management, such as recruiting or creating a new competent and expert team to deal with the current deficiencies of PT Kwadran Lima Indonesia. The predetermined domain process was successfully carried out as a capability assessment tool to determine the level of capability of the current management system of PT Kwadran Lima, Indonesia.This assessment process will start from level 2 following the COBIT 2019 guidebook. After the assessment, the results will come out, where the result of the APO12-Managed Risk domain process is 68% and is declared to have stopped at level 2, while the company has a target of level 3. The BAI10-Managed Configuration domain process has a value of 75% and is declared to stop at level 2, while the company has a target at level 3. The third domain process, namely DSS03-Managed Problem, has a value of 89% and is declared to be up to level 3 because it has passed the minimum increase value of 85%. The DSS03-Managed Problem level 3 domain process has a total value of 84.5% and is declared to have stopped at level 3, and this is already the target of PT Kwadran Lima Indonesia. After the capability level is obtained, a gap analysis will be made to determine the current level gap with the company's target. In the APO12-Managed Risk domain process, the level gap is 1 level. The BAI10- Managed Configuration domain process has a level gap of 1 level. The DSS03-Managed Problem domain process has a gap distance of 0 because they have met the desired target. After the gap analysis, the next recommendation will be made to PT Kwadran Lima Indonesia. These recommendations are divided into 2 categories: recommendations for improvement and recommendations for improvement. Recommendations
International Journal Of Science, Technology & Management ISSN: 2722 - 4015 http://ijstm.inarah.co.id 1039 for improvement are based on activities in subdomains that have deficiencies. In contrast, recommendations for improvement are given for how PT Kwadran Lima Indonesia should implement it in their company so that their capability value can rise to the target level they want.After the recommendations are given to the company, the results can be implemented. They can improve the company's performance to compete against other companies engaged in the same field and even get better. V. ACKNOWLEDGMENTS We thank PT Kwadran Lima Indonesia as the Research object for their significant assistance and Universitas Multimedia Nusantara for the support. They made a substantial contribution that was crucial to accomplishing this research. We want to express our sincere appreciation to our Information Systems Department colleagues, whose wise advice and knowledge were extremely helpful to us during the research process. They made significant contributions that influenced this study's direction and raised its level of excellence. REFERENCES [1] L. Y. Siregar and M. I. P. Nasution, “Perkembangan Teknologi Informasi Terhadap Peningkatan Bisnis Online,” HIRARKI J. Ilm. Manaj. dan Bisnis, vol. 02, no. 01, pp. 71–75, 2020. [2] “Pengantar Teknologi Informasi - Abdul Karim, Budianto Bangun, Kusmanto, Iwan Purnama, Syaiful Zuhri Harahap, Deci Irmayani, Marnis Nasution, Musthafa Haris, Rahmadani , Ibnu Rasyid Munthe, - Google Books.” [3] H. Waheed, H. Hussin, and M. J. Mohamed Razi, “The influence of IT leaders’ leadership behaviour on IT governance performance in higher Education: A literature Review,” Proc. - Int. Conf. Inf. Commun. Technol. Muslim World 2018, ICT4M 2018, pp. 254–259, 2018, doi: 10.1109/ICT4M.2018.00054. [4] ISACA, Governance and Management Objectives. 2018. [Online]. Available: https://www.isaca.org/resources/cobit [5] W. van Grembergen and S. de Haes, “Introduction to the minitrack on IT governance and its mechanisms,” Proc. Annu. Hawaii Int. Conf. Syst. Sci., vol. 2018-Janua, pp. 4877–4879, 2018, doi: 10.24251/hicss.2022.801.“About Us – PT Kwadran Lima Indonesia.” [7] ISACA, COBIT® 2019 Implementation Guide: Implementing and Optimizing an Information and Technology Governance Solution. 2018. [8] S. A. Maulana, “Kajian Perbandingan Cobit 5 dengan Cobit 2019 sebagai Framework Audit Tata Kelola Teknologi Informasi,” vol. 6, no. 1, p. 6, 2021. [9] D. Darmawan and A. F. Wijaya, “Analisis dan Desain Tata Kelola Teknologi Informasi Menggunakan Framework COBIT 2019 pada PT. XYZ,” J. Comput. Inf. Syst. Ampera, vol. 3, no. 1, pp. 1–17, 2022, doi: 10.51519/journalcisa.v3i1.139. [10] A. Safitri, I. Syafii, and K. Adi, “Identifikasi Level Pengelolaan Tata Kelola SIPERUMKIM Kota Salatiga berdasarkan COBIT 2019,” J. RESTI (Rekayasa Sist. dan Teknol. Informasi), vol. 5, no. 3, pp. 429–438, 2021, doi: 10.29207/resti.v5i3.3060. [11] A. P. W. Dio Febrilian Tanjung*1, Aulia Oktaviana2, “Analisis Manajemen Risiko Startup Pada Masa Pandemi Covid-19 Startup Risk Management Analysis During Covid-19 Pandemic Using,” J. Teknol. Inf. dan Ilmu Komput., vol. 8, no. 3, pp. 635–642, 2021, doi: 10.25126/jtiik.202184914. [12] M. Saleh, I. Yusuf, and H. Sujaini, “Penerapan Framework COBIT 2019 pada Audit Teknologi Informasi di Politeknik Sambas,” J. Edukasi dan Penelit. Inform., vol. 7, no. 2, p. 204, 2021, doi: 10.26418/jp.v7i2.48228. [13] D. A. Sudarnoto and R. I. Desanti, “COBIT 5 : How Capable PT GTI Governing Innovation , Human Resource , and Knowledge Aspect ?,” vol. 12, no. 2, 2022. [14] S. Informasi and U. M. Nusantara, “COBIT 5 : Tingkat Kapabilitas pada PT Supra Boga Lestari,” vol. IX, no. 1, pp. 18–23, 2018. [15] S.Y.Lee,A Ramasamy, and J. H.Rhee, Introduction and Methodology. 2018. doi: 10.1007/978-3-642-55058-4_1. [16] I. Hartati, “Framework Cobit 4.1 Untuk Audit Sistem Informasi Pada Perwakilan Badan Kependudukan Dan Keluarga Berencana Nasional (BKKBN) Provinsi ABCD,” 2018. [17] W. Wella, “Audit Sistem Informasi Menggunakan Cobit 5.0 Domain DSS pada PT Erajaya Swasembada, Tbk”, Ultima InfoSys : Jurnal Ilmu Sistem Informasi, vol. 7, no. 1, pp. 38-44, Jun. 2016. [18] D. Sanjaya and M. Fianty, “Measurement of Capability Level Using COBIT 5 Framework (Case Study: PT Andalan Bunda Bijak)”, Ultima InfoSys : Jurnal Ilmu Sistem Informasi, vol. 13, no. 2, pp. 68-76, Jan. 2023.

Recommended

The measurement of maturity level of information technology service based on ...
The measurement of maturity level of information technology service based on ...The measurement of maturity level of information technology service based on ...
The measurement of maturity level of information technology service based on ...TELKOMNIKA JOURNAL
 
StudyCase-EDM-Cobit5
StudyCase-EDM-Cobit5StudyCase-EDM-Cobit5
StudyCase-EDM-Cobit5MochammadIhzaRizkyKa
 
Core model of information technology governance system design in local govern...
Core model of information technology governance system design in local govern...Core model of information technology governance system design in local govern...
Core model of information technology governance system design in local govern...TELKOMNIKA JOURNAL
 
Employee Performance Measurement in Teleworking Using Balanced Scorecard
Employee Performance Measurement in Teleworking Using Balanced Scorecard Employee Performance Measurement in Teleworking Using Balanced Scorecard
Employee Performance Measurement in Teleworking Using Balanced Scorecard IJECEIAES
 
Improvement of IT Governance Case Study Government Institution Region X
Improvement of IT Governance Case Study Government Institution Region XImprovement of IT Governance Case Study Government Institution Region X
Improvement of IT Governance Case Study Government Institution Region Xijtsrd
 
Implementation of a Decision System for a Suitable IT Governance Framework
Implementation of a Decision System for a Suitable IT Governance FrameworkImplementation of a Decision System for a Suitable IT Governance Framework
Implementation of a Decision System for a Suitable IT Governance FrameworkIJCSIS Research Publications
 
Business process monitoring system in supporting information technology gover...
Business process monitoring system in supporting information technology gover...Business process monitoring system in supporting information technology gover...
Business process monitoring system in supporting information technology gover...journalBEEI
 
ITS 833 – INFORMATION GOVERNANCEChapter 10 - Information Go.docx
ITS 833 – INFORMATION GOVERNANCEChapter 10 - Information Go.docxITS 833 – INFORMATION GOVERNANCEChapter 10 - Information Go.docx
ITS 833 – INFORMATION GOVERNANCEChapter 10 - Information Go.docxvrickens
 

Recommended

The measurement of maturity level of information technology service based on ...
The measurement of maturity level of information technology service based on ...The measurement of maturity level of information technology service based on ...
The measurement of maturity level of information technology service based on ...TELKOMNIKA JOURNAL
 
StudyCase-EDM-Cobit5
StudyCase-EDM-Cobit5StudyCase-EDM-Cobit5
StudyCase-EDM-Cobit5MochammadIhzaRizkyKa
 
Core model of information technology governance system design in local govern...
Core model of information technology governance system design in local govern...Core model of information technology governance system design in local govern...
Core model of information technology governance system design in local govern...TELKOMNIKA JOURNAL
 
Employee Performance Measurement in Teleworking Using Balanced Scorecard
Employee Performance Measurement in Teleworking Using Balanced Scorecard Employee Performance Measurement in Teleworking Using Balanced Scorecard
Employee Performance Measurement in Teleworking Using Balanced Scorecard IJECEIAES
 
Improvement of IT Governance Case Study Government Institution Region X
Improvement of IT Governance Case Study Government Institution Region XImprovement of IT Governance Case Study Government Institution Region X
Improvement of IT Governance Case Study Government Institution Region Xijtsrd
 
Implementation of a Decision System for a Suitable IT Governance Framework
Implementation of a Decision System for a Suitable IT Governance FrameworkImplementation of a Decision System for a Suitable IT Governance Framework
Implementation of a Decision System for a Suitable IT Governance FrameworkIJCSIS Research Publications
 
Business process monitoring system in supporting information technology gover...
Business process monitoring system in supporting information technology gover...Business process monitoring system in supporting information technology gover...
Business process monitoring system in supporting information technology gover...journalBEEI
 
ITS 833 – INFORMATION GOVERNANCEChapter 10 - Information Go.docx
ITS 833 – INFORMATION GOVERNANCEChapter 10 - Information Go.docxITS 833 – INFORMATION GOVERNANCEChapter 10 - Information Go.docx
ITS 833 – INFORMATION GOVERNANCEChapter 10 - Information Go.docxvrickens
 
ITS 833 – INFORMATION GOVERNANCEChapter 10 - Information Go.docx
ITS 833 – INFORMATION GOVERNANCEChapter 10 - Information Go.docxITS 833 – INFORMATION GOVERNANCEChapter 10 - Information Go.docx
ITS 833 – INFORMATION GOVERNANCEChapter 10 - Information Go.docxdonnajames55
 
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACACobit 2019 framework by ISACA
Cobit 2019 framework by ISACAMDFazlaRabbiAbir
 
Proposal of a Framework of Lean Governance and Management of Enterprise IT
Proposal of a Framework of Lean Governance and Management of Enterprise ITProposal of a Framework of Lean Governance and Management of Enterprise IT
Proposal of a Framework of Lean Governance and Management of Enterprise ITMehran Misaghi
 
CRITICAL SUCCESS FACTORS FOR INFORMATION TECHNOLOGY INFRASTRUCTURE LIBRARY IM...
CRITICAL SUCCESS FACTORS FOR INFORMATION TECHNOLOGY INFRASTRUCTURE LIBRARY IM...CRITICAL SUCCESS FACTORS FOR INFORMATION TECHNOLOGY INFRASTRUCTURE LIBRARY IM...
CRITICAL SUCCESS FACTORS FOR INFORMATION TECHNOLOGY INFRASTRUCTURE LIBRARY IM...ijait
 
Governance Tools Boyd Carter 2006
Governance Tools Boyd Carter 2006Governance Tools Boyd Carter 2006
Governance Tools Boyd Carter 2006Freelancer Training
 
IRJET- A Web-Based Career Spot for Placement Activities and Data Analysis
IRJET- A Web-Based Career Spot for Placement Activities and Data AnalysisIRJET- A Web-Based Career Spot for Placement Activities and Data Analysis
IRJET- A Web-Based Career Spot for Placement Activities and Data AnalysisIRJET Journal
 
COBIT Intor.pptx
COBIT Intor.pptxCOBIT Intor.pptx
COBIT Intor.pptxcassimjuma08
 
WLS Services Brochure March 2013
WLS Services Brochure March 2013WLS Services Brochure March 2013
WLS Services Brochure March 2013Mike Wright
 
Case Study.pdf
Case Study.pdfCase Study.pdf
Case Study.pdfKomalNaik20
 
An IT Service Reporting Framework for Effective Implementation of ITIL Contin...
An IT Service Reporting Framework for Effective Implementation of ITIL Contin...An IT Service Reporting Framework for Effective Implementation of ITIL Contin...
An IT Service Reporting Framework for Effective Implementation of ITIL Contin...Nancy Ideker
 
IT Performance Measurement using IT Governance Metric
IT Performance Measurement using IT Governance MetricIT Performance Measurement using IT Governance Metric
IT Performance Measurement using IT Governance MetricPECB
 
COBIT 2019 - DIGITAL TRUST FRAMEWORK
COBIT 2019 - DIGITAL TRUST FRAMEWORKCOBIT 2019 - DIGITAL TRUST FRAMEWORK
COBIT 2019 - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
Noemi, a collaborative management for ict process improvement in sme experien...
Noemi, a collaborative management for ict process improvement in sme experien...Noemi, a collaborative management for ict process improvement in sme experien...
Noemi, a collaborative management for ict process improvement in sme experien...christophefeltus
 
Noemi, a collaborative management for ict process improvement in sme experien...
Noemi, a collaborative management for ict process improvement in sme experien...Noemi, a collaborative management for ict process improvement in sme experien...
Noemi, a collaborative management for ict process improvement in sme experien...Luxembourg Institute of Science and Technology
 
Audit rizkie hafizzah
Audit rizkie hafizzahAudit rizkie hafizzah
Audit rizkie hafizzahRizkie Hafizzah
 
Accounting Information System (AIS) Alignment And Non-Financial Performance I...
Accounting Information System (AIS) Alignment And Non-Financial Performance I...Accounting Information System (AIS) Alignment And Non-Financial Performance I...
Accounting Information System (AIS) Alignment And Non-Financial Performance I...CSCJournals
 
PSY-520 Graduate StatisticsTopic 7 – MANOVA ProjectDirec.docx
PSY-520 Graduate StatisticsTopic 7 – MANOVA ProjectDirec.docxPSY-520 Graduate StatisticsTopic 7 – MANOVA ProjectDirec.docx
PSY-520 Graduate StatisticsTopic 7 – MANOVA ProjectDirec.docxwoodruffeloisa
 
Report
ReportReport
ReportAlok Chaudhary
 
empirical study on the status of moroccan information systems and proposition...
empirical study on the status of moroccan information systems and proposition...empirical study on the status of moroccan information systems and proposition...
empirical study on the status of moroccan information systems and proposition...INFOGAIN PUBLICATION
 
Multi-objective IT Project Selection Model for Improving SME Strategy Deploym...
Multi-objective IT Project Selection Model for Improving SME Strategy Deploym...Multi-objective IT Project Selection Model for Improving SME Strategy Deploym...
Multi-objective IT Project Selection Model for Improving SME Strategy Deploym...IJECEIAES
 
Cybersecurity-Audit-A-Case-Study-for-SME.pdf
Cybersecurity-Audit-A-Case-Study-for-SME.pdfCybersecurity-Audit-A-Case-Study-for-SME.pdf
Cybersecurity-Audit-A-Case-Study-for-SME.pdfThilak Pathirage -Senior IT Gov and Risk Consultant
 
ISACA Cyber-Audit-Certificate-Exam-Guide_Eng_0819.pdf
ISACA Cyber-Audit-Certificate-Exam-Guide_Eng_0819.pdfISACA Cyber-Audit-Certificate-Exam-Guide_Eng_0819.pdf
ISACA Cyber-Audit-Certificate-Exam-Guide_Eng_0819.pdfThilak Pathirage -Senior IT Gov and Risk Consultant
 

More Related Content

Similar to Capability_Assessment_of_IT_Governance_Using_the_2.pdf

ITS 833 – INFORMATION GOVERNANCEChapter 10 - Information Go.docx
ITS 833 – INFORMATION GOVERNANCEChapter 10 - Information Go.docxITS 833 – INFORMATION GOVERNANCEChapter 10 - Information Go.docx
ITS 833 – INFORMATION GOVERNANCEChapter 10 - Information Go.docxdonnajames55
 
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACACobit 2019 framework by ISACA
Cobit 2019 framework by ISACAMDFazlaRabbiAbir
 
Proposal of a Framework of Lean Governance and Management of Enterprise IT
Proposal of a Framework of Lean Governance and Management of Enterprise ITProposal of a Framework of Lean Governance and Management of Enterprise IT
Proposal of a Framework of Lean Governance and Management of Enterprise ITMehran Misaghi
 
CRITICAL SUCCESS FACTORS FOR INFORMATION TECHNOLOGY INFRASTRUCTURE LIBRARY IM...
CRITICAL SUCCESS FACTORS FOR INFORMATION TECHNOLOGY INFRASTRUCTURE LIBRARY IM...CRITICAL SUCCESS FACTORS FOR INFORMATION TECHNOLOGY INFRASTRUCTURE LIBRARY IM...
CRITICAL SUCCESS FACTORS FOR INFORMATION TECHNOLOGY INFRASTRUCTURE LIBRARY IM...ijait
 
Governance Tools Boyd Carter 2006
Governance Tools Boyd Carter 2006Governance Tools Boyd Carter 2006
Governance Tools Boyd Carter 2006Freelancer Training
 
IRJET- A Web-Based Career Spot for Placement Activities and Data Analysis
IRJET- A Web-Based Career Spot for Placement Activities and Data AnalysisIRJET- A Web-Based Career Spot for Placement Activities and Data Analysis
IRJET- A Web-Based Career Spot for Placement Activities and Data AnalysisIRJET Journal
 
WLS Services Brochure March 2013
WLS Services Brochure March 2013WLS Services Brochure March 2013
WLS Services Brochure March 2013Mike Wright
 
An IT Service Reporting Framework for Effective Implementation of ITIL Contin...
An IT Service Reporting Framework for Effective Implementation of ITIL Contin...An IT Service Reporting Framework for Effective Implementation of ITIL Contin...
An IT Service Reporting Framework for Effective Implementation of ITIL Contin...Nancy Ideker
 
IT Performance Measurement using IT Governance Metric
IT Performance Measurement using IT Governance MetricIT Performance Measurement using IT Governance Metric
IT Performance Measurement using IT Governance MetricPECB
 
Noemi, a collaborative management for ict process improvement in sme experien...
Noemi, a collaborative management for ict process improvement in sme experien...Noemi, a collaborative management for ict process improvement in sme experien...
Noemi, a collaborative management for ict process improvement in sme experien...christophefeltus
 
Accounting Information System (AIS) Alignment And Non-Financial Performance I...
Accounting Information System (AIS) Alignment And Non-Financial Performance I...Accounting Information System (AIS) Alignment And Non-Financial Performance I...
Accounting Information System (AIS) Alignment And Non-Financial Performance I...CSCJournals
 
PSY-520 Graduate StatisticsTopic 7 – MANOVA ProjectDirec.docx
PSY-520 Graduate StatisticsTopic 7 – MANOVA ProjectDirec.docxPSY-520 Graduate StatisticsTopic 7 – MANOVA ProjectDirec.docx
PSY-520 Graduate StatisticsTopic 7 – MANOVA ProjectDirec.docxwoodruffeloisa
 
empirical study on the status of moroccan information systems and proposition...
empirical study on the status of moroccan information systems and proposition...empirical study on the status of moroccan information systems and proposition...
empirical study on the status of moroccan information systems and proposition...INFOGAIN PUBLICATION
 
Multi-objective IT Project Selection Model for Improving SME Strategy Deploym...
Multi-objective IT Project Selection Model for Improving SME Strategy Deploym...Multi-objective IT Project Selection Model for Improving SME Strategy Deploym...
Multi-objective IT Project Selection Model for Improving SME Strategy Deploym...IJECEIAES
 

Similar to Capability_Assessment_of_IT_Governance_Using_the_2.pdf (20)

ITS 833 – INFORMATION GOVERNANCEChapter 10 - Information Go.docx
ITS 833 – INFORMATION GOVERNANCEChapter 10 - Information Go.docxITS 833 – INFORMATION GOVERNANCEChapter 10 - Information Go.docx
ITS 833 – INFORMATION GOVERNANCEChapter 10 - Information Go.docx
 
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACACobit 2019 framework by ISACA
Cobit 2019 framework by ISACA
 
Proposal of a Framework of Lean Governance and Management of Enterprise IT
Proposal of a Framework of Lean Governance and Management of Enterprise ITProposal of a Framework of Lean Governance and Management of Enterprise IT
Proposal of a Framework of Lean Governance and Management of Enterprise IT
 
CRITICAL SUCCESS FACTORS FOR INFORMATION TECHNOLOGY INFRASTRUCTURE LIBRARY IM...
CRITICAL SUCCESS FACTORS FOR INFORMATION TECHNOLOGY INFRASTRUCTURE LIBRARY IM...CRITICAL SUCCESS FACTORS FOR INFORMATION TECHNOLOGY INFRASTRUCTURE LIBRARY IM...
CRITICAL SUCCESS FACTORS FOR INFORMATION TECHNOLOGY INFRASTRUCTURE LIBRARY IM...
 
Governance Tools Boyd Carter 2006
Governance Tools Boyd Carter 2006Governance Tools Boyd Carter 2006
Governance Tools Boyd Carter 2006
 
IRJET- A Web-Based Career Spot for Placement Activities and Data Analysis
IRJET- A Web-Based Career Spot for Placement Activities and Data AnalysisIRJET- A Web-Based Career Spot for Placement Activities and Data Analysis
IRJET- A Web-Based Career Spot for Placement Activities and Data Analysis
 
COBIT Intor.pptx
COBIT Intor.pptxCOBIT Intor.pptx
COBIT Intor.pptx
 
WLS Services Brochure March 2013
WLS Services Brochure March 2013WLS Services Brochure March 2013
WLS Services Brochure March 2013
 
Case Study.pdf
Case Study.pdfCase Study.pdf
Case Study.pdf
 
An IT Service Reporting Framework for Effective Implementation of ITIL Contin...
An IT Service Reporting Framework for Effective Implementation of ITIL Contin...An IT Service Reporting Framework for Effective Implementation of ITIL Contin...
An IT Service Reporting Framework for Effective Implementation of ITIL Contin...
 
IT Performance Measurement using IT Governance Metric
IT Performance Measurement using IT Governance MetricIT Performance Measurement using IT Governance Metric
IT Performance Measurement using IT Governance Metric
 
COBIT 2019 - DIGITAL TRUST FRAMEWORK
COBIT 2019 - DIGITAL TRUST FRAMEWORKCOBIT 2019 - DIGITAL TRUST FRAMEWORK
COBIT 2019 - DIGITAL TRUST FRAMEWORK
 
Noemi, a collaborative management for ict process improvement in sme experien...
Noemi, a collaborative management for ict process improvement in sme experien...Noemi, a collaborative management for ict process improvement in sme experien...
Noemi, a collaborative management for ict process improvement in sme experien...
 
Noemi, a collaborative management for ict process improvement in sme experien...
Noemi, a collaborative management for ict process improvement in sme experien...Noemi, a collaborative management for ict process improvement in sme experien...
Noemi, a collaborative management for ict process improvement in sme experien...
 
Audit rizkie hafizzah
Audit rizkie hafizzahAudit rizkie hafizzah
Audit rizkie hafizzah
 
Accounting Information System (AIS) Alignment And Non-Financial Performance I...
Accounting Information System (AIS) Alignment And Non-Financial Performance I...Accounting Information System (AIS) Alignment And Non-Financial Performance I...
Accounting Information System (AIS) Alignment And Non-Financial Performance I...
 
PSY-520 Graduate StatisticsTopic 7 – MANOVA ProjectDirec.docx
PSY-520 Graduate StatisticsTopic 7 – MANOVA ProjectDirec.docxPSY-520 Graduate StatisticsTopic 7 – MANOVA ProjectDirec.docx
PSY-520 Graduate StatisticsTopic 7 – MANOVA ProjectDirec.docx
 
Report
ReportReport
Report
 
empirical study on the status of moroccan information systems and proposition...
empirical study on the status of moroccan information systems and proposition...empirical study on the status of moroccan information systems and proposition...
empirical study on the status of moroccan information systems and proposition...
 
Multi-objective IT Project Selection Model for Improving SME Strategy Deploym...
Multi-objective IT Project Selection Model for Improving SME Strategy Deploym...Multi-objective IT Project Selection Model for Improving SME Strategy Deploym...
Multi-objective IT Project Selection Model for Improving SME Strategy Deploym...
 

More from Thilak Pathirage -Senior IT Gov and Risk Consultant

More from Thilak Pathirage -Senior IT Gov and Risk Consultant (12)

Cybersecurity-Audit-A-Case-Study-for-SME.pdf
Cybersecurity-Audit-A-Case-Study-for-SME.pdfCybersecurity-Audit-A-Case-Study-for-SME.pdf
Cybersecurity-Audit-A-Case-Study-for-SME.pdf
 
ISACA Cyber-Audit-Certificate-Exam-Guide_Eng_0819.pdf
ISACA Cyber-Audit-Certificate-Exam-Guide_Eng_0819.pdfISACA Cyber-Audit-Certificate-Exam-Guide_Eng_0819.pdf
ISACA Cyber-Audit-Certificate-Exam-Guide_Eng_0819.pdf
 
Auditing-Cybersecurity in the enterprise
Auditing-Cybersecurity in the enterpriseAuditing-Cybersecurity in the enterprise
Auditing-Cybersecurity in the enterprise
 
ISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochureISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochure
 
cobit 2019 -current-user - ISACA Publication
cobit 2019 -current-user - ISACA Publicationcobit 2019 -current-user - ISACA Publication
cobit 2019 -current-user - ISACA Publication
 
Introduction to ISACA COBIT-2019 Framwork.pdf
Introduction to ISACA COBIT-2019 Framwork.pdfIntroduction to ISACA COBIT-2019 Framwork.pdf
Introduction to ISACA COBIT-2019 Framwork.pdf
 
Social media-assessment
Social media-assessmentSocial media-assessment
Social media-assessment
 
Sql securitytesting
Sql securitytestingSql securitytesting
Sql securitytesting
 
Cissp nda
Cissp ndaCissp nda
Cissp nda
 
Risk based it auditing for non it auditors (basics of it auditing) final 12
Risk based it auditing for non it auditors (basics of it auditing) final 12Risk based it auditing for non it auditors (basics of it auditing) final 12
Risk based it auditing for non it auditors (basics of it auditing) final 12
 
314
314314
314
 
Composite indicators
Composite indicatorsComposite indicators
Composite indicators
 

Recently uploaded

Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 

Recently uploaded (20)

Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 

Capability_Assessment_of_IT_Governance_Using_the_2.pdf

  • 1. International Journal of Science, Technology & Management ISSN: 2722 - 4015 http://ijstm.inarah.co.id 1034 Capability Assessment Of IT Governance Using The 2019 COBIT Framework For The IT Business Consultant Industry Maximillian Brian Hardjadinata1 , JansenWiratama2* 1,2 Information Systems Department, Universitas Multimedia Nusantara, Tangerang, Banten, 15810, Indonesia. * Corresponding Author: Email: jansen.wiratama@umn.ac.id Abstract. Most Indonesian businesses need help with business alignment with information technology. COBIT is one of the frameworks controlled by IT Governance. COBIT 2019, the most recent COBIT framework, assesses information technology governance and capability levels at PT Kwadran Lima, Indonesia. Capability is measured by interviews regarding COBIT operations using a specified process domain. The COBIT Design Toolkit was used to establish the process domains. The process domains acquired were APO12-Managed Risk, BAI10-Managed Configuration, and DSS03-Managed Problem. These three domains solve challenges at PT Kwadran Lima in Indonesia. The process domain was assessed through interviews using the RACI Chart. Following the collection of measurement results, suggestions are made based on the findings of the evaluation results. According to the findings, PT Kwadran Lima Indonesia is still at level 2 to reach level 3. As a result, a proposal is made to develop or design a team whose tasks and responsibilities are to plan and execute ways of collecting categorization and associated data analysis of Information Technology risk for the Company to achieve level 3. Keywords: Capability Level, COBIT 2019, IT Governance, and Raci Chart I. INTRODUCTION Current technological developments are important and considerably influence the lives of individuals and groups of individuals. All activities, such as Health, Government, Industry, and Education, utilize technology as a valuable and important asset in their daily activities [1]. Information Technology, also known as IT, is an aspect that is very difficult to separate from human life for several reasons. Humans are now very dependent on this technology. The Internet is an integral part of Information Technology [2]. Effective and efficient management of Information Technology (IT), often referred to as IT, is the key to integrating the use of IT in a company with the goals and business needs of the organization. It takes the right strategy and management to achieve this. The importance of implementing Good Governance mechanisms in the use of IT requires more attention to the IT governance model used, as well as process control and service delivery within the organization. Thus, IT can be more effective and efficient, aligning with organizational goals [3].COBIT 2019 is a globally accepted framework that provides principles, practices, tools and models to increase the trust and value of Enterprise Information Systems[4]. COBIT 2019 will be used as an IT Governance framework to help PT Kwadran Lima Indonesia achieve its business goals by evaluating corporate governance and aligning it with IT services. On average, companies that use IT Governance often have 20% more income than those that do not [5]. PT Kwadran Lima Indonesia is a BPO service provider focusing on core competencies. Founded in 2012, this company provides human resource services for IT and non-IT, as well as Business Process Outsourcing and Maintenance Services. By providing the best service for human resources, PT Kwadran Lima Indonesia helps clients run their businesses with better efficiency and focus [6]. PT Kwadran Lima faces several serious problems that have the potential to hinder its business processes. The owner of PT Kwadran Lima said that this problem could slow down the operational process of PT Kwadran Lima Indonesia. Some of the issues identified by the owner included attendance system errors in recording employee attendance and the need for a tracking system to monitor employee performance, which resulted in a lack of effectiveness in supervision. The impact of these problems is felt by the company and the employees who work there. Employees' attendance on weekdays needs to be properly recorded, which impacts HRD's difficulties in paying.
  • 2. International Journal Of Science, Technology & Management ISSN: 2722 - 4015 http://ijstm.inarah.co.id 1035 The company owner explained that even though risk management had been carried out properly, problems such as the tracking system and employee attendance still occurred. Therefore, measurements were taken using COBIT 2019 to evaluate the success rate of risk management at PT Kwadran Lima Indonesia and to understand why incidents such as tracking problems and system presence still occur.PT Kwadran Lima Indonesia needs to do a system audit to fix existing issues and overcome problems that hinder business processes. The audit will recommend repairs and improvements to the company's hampered systems and risk management. PT Kwadran Lima Indonesia will be assessed for its capabilities using three management objectives from each predetermined domain, namely APO12, BAI10, and DSS03. The determination of the domain is based on the mapping results that have been carried out through interviews with PT Kwadran Lima Indonesia. The level of capability will be measured using these predetermined domains. This assessment aims to improve the efficiency and effectiveness of the system used and risk management at PT Kwadran Lima Indonesia by utilizing the recommendations provided by COBIT 2019. II. METHODS This research adopts the 2019 COBIT framework to measure the capability level at PT Kwadran Lima, Indonesia. The research approach used is quantitative because it involves measuring data to assess the level of capability. Data was collected through interviews with respondents and also through literature studies. The interview results will be evaluated and calculated to get the value of the capabilities. In addition, the interview will also use the COBIT 2019 Tool Kit provided by ISACA to facilitate the evaluation process [7]. Literature Study is used to gain additional knowledge about COBIT 2019. The Literature Study used is the official COBIT book created by ISACA with the title "COBIT 2019 FRAMEWORK: INTRODUCTION & METHODOLOGY" and several journal articles related to information management systems. The books and journal articles used can assist this research so that they can assess the capability level of a company and can provide audit recommendations needed by the company. Previous research is also used as a reference to assist the process of carrying out this research. Some of the titles from the last research used are Comparative Study of Cobit 5 and Cobit 2019 as an Information Technology Governance Audit Framework , Analysis and Design of Information Technology Governance Using the 2019 Cobit Framework in a Company in Indonesia [9], Identifikasi Level Pengelolaan Tata Kelola Siperumkim Kota Salatiga Berdasarkan Cobit 2019 [10], Identification of Governance Management Levels Manage Salatiga City Siperumkim Based on Cobit 2019 [11], Application of the 2019 COBIT Framework in Information Technology Audits at Sambas Polytechnic [12], COBIT 5: How Capable PT GTI Governing Innovation, Human Resource, and Knowledge Aspect [13], and COBIT 5: Capability Level at PT Supra Boga Lestari [14]. COBIT 2019 has a governance system designed for organizations. Design Factor also supports a corporate governance system design to achieve the system's success using Information and Technology (IT) [15]. According to previous research, the company has already implemented the service and support of information technology governance, which is well demonstrated by their operational procedures in providing services to internal and external customers, incident handling procedures, and maintenance control of appropriate business processes [17]. It is vital to assess the level of competency in corporate information technology governance [18]. Fig 1. Design Factor
  • 3. International Journal Of Science, Technology & Management ISSN: 2722 - 4015 http://ijstm.inarah.co.id 1036 Based on Fig 1, there is a display of Design Factors, which consists of 11 sections, namely Enterprise Strategy, Enterprise Goals, Risk Profile, IT Related Issues, Threat Landscape, Compliance Requirements, Role of IT, Sourcing Model for IT, IT Implementation Methods, Technology Adoption Strategy, and Enterprise Size. Users can choose a mapping that suits their needs with these eleven factors. This mapping can be done using the COBIT Design ToolKit, developed by ISACA (Information Systems Audit and Control Association), which focuses on IT governance. Mapping using this tool can make it easier for users to evaluate the organization and calculate the capability level.The level of capability is used to measure the assessment that has been carried out. There are 4 levels, namely Not Achieved (1-15%), Partially Achieved (15-50%), Largely Achieved (50-85%), and Fully Achieved (85-100%). The capability level starts from 2 to 5 and is declared a level up if the average value obtained is 85% or greater.Appropriate steps are carried out to obtain the desired results so that recommendations can be given immediately. This stage begins with the planning stage, then fieldwork, reporting, and follow-up taken from Gallegos' book [16]. a) Planning stage: After choosing PT Kwandran Lima as the research object, the initial planning will be determined at the planning stage. At this stage, it will evaluate the organizational structure, and current problems, determine the framework tools for conducting audits, and determine the scope of the audit to be carried out. At this stage, there will also be an explanation regarding the purpose of the audit to be carried out on the research object, where this study will measure the extent of risk management in the research object, namely PT Kwadran Lima Indonesia. This research will use COBIT 2019 to measure the governance system audit of PT Kwadran Lima, Indonesia. b) Field Work stage: At this stage, interviews will be conducted to determine the data needed as a measurement tool so that measurements can be carried out immediately. Interviews will be shown with related parties with the required data. The first interview was performed using the COBIT design toolkit to determine the supporting factors within the company, from DF1 to DF11. The results obtained are as follows: 1. PT Kwadran Lima Indonesia is currently in the stage of a company that is still developing and has a business process that provides services to clients who need them. 2. PT Kwadran Lima Indonesia attaches importance to several aspects, such as a good portfolio of the company's products and services, Maintaining the company's business risks, prioritizing sustainable services and business availability, and the expertise of the company's employees. 3. PT Kwadran Lima Indonesia has several risks which, according to the auditor, have a fairly high chance to the company, namely the nature of employees who are lacking and inappropriate actions, such as when you want to resign/ leave the office, you don't do a 1-month notice, so the company will find it difficult to find a replacement. Incidents such as hardware, software, and malware are also fairly high risk if they occur in the company. Natural disasters are also fairly high risk because the company's sustainability can be threatened due to natural disasters. 4. PT Kwadran Lima Indonesia also explained that it currently has 55 employees, and 33 people are in the Information Technology division. c) Reporting stage: From the data obtained at the fieldwork stage, the next step is to select the domain process so that the capability level measurement process can be carried out immediately. The process domains obtained are APO12-Managed Risk, BAI10-Managed Configuration, and DSS03-Managed Problem. Measurement will involve a predetermined domain process and will conduct interviews with related parties responsible for the activities therein. After the measurement, the next step is to provide a recommendation report to PT Kwadran Lima Indonesia regarding the recommendations for improvements and improvements obtained.
  • 4. International Journal Of Science, Technology & Management ISSN: 2722 - 4015 http://ijstm.inarah.co.id 1037 d) Follow-up stage: At this stage, a report regarding recommendations for improvement and improvement will be provided to PT Kwadran Lima Indonesia so that repairs and modifications can be implemented immediately. Next is to get feedback from the company on whether the recommendations given will be used and implemented by PT Kwadran Lima Indonesia. III. RESULT AND DISCUSSION Interviews will be conducted based on the mapping results carried out using the COBIT Design Toolkit to obtain 3 suitable domain processes to help PT Kwadran Lima Indonesia improve company problems and performance. The process domains obtained are APO12-Managed Risk, BAI10-Managed Configuration, and DSS03-Managed Problems. The assessment will be conducted by conducting interviews covering the activities of each sub-domain, where APO12-Managed Risk has 6 sub-domains, BAI10- Managed Configuration has 5 sub-domains, and DSS03-Managed Problems has 5 sub-domains. Interviews will be conducted with the Auditee, who is fully responsible for his duties in the organization. Interviews will be conducted online via Zoom Meeting, and questions will use audit documents because the audit documents already provide a column for questions for activities from each subdomain. Interviews will be conducted with the responsible Auditee from each process domain. To determine which Auditee is undertaken reliably, it is necessary to map using the Raci Chart so that later the roles of each member in PT Kwadran Lima Indonesia will be known. The first is to use the APO12-Managed Risk domain process. Table 1. Capability Level Assessment Results Domain Process Average Score APO12-Managed Risk 68% BAI10-Managed Configuration 75% DSS03-Managed Problem (level 2) 89% DSS03-Manged Problem (Level 3) 84.5% From all the assessment results obtained, the following recommendations for improvement and improvement will be made to improve the findings obtained. The current level and company targets will be determined in the Gap Analysis, and the following are the results of the Gap Analysis. Fig 2. Gap Analysis With the capability assessment results carried out at PT Kwadran Lima Indonesia, the next step is to determine the Gap Analysis or analysis of the distance between the current level and the target desired by the company. In the APO12-Managed Risk domain process, the current level is past level 2, and the desired target is level 3, which determines that this domain process still has 1 distance between the current level and the desired target. Next, in the BAI10-Managed Configuration domain process, the current level is at level 2, and the target the company wants is level 3, so that it is the same as the previous domain process that the BAI10-Managed Configuration domain process still has a distance of 1 level from the target the company wants. Next, the last one is the DSS03-Managed Problem, which is currently at level 3, and the desired target is level 3, so the company has reached the desired target for now, and it can be ensured that the distance between the current level and the target is zero. Or no distance. With the results of this gap analysis, PT Kwadran Lima Indonesia will be given an audit recommendation based on the findings obtained through a capability assessment carried out previously. With this audit recommendation, PT Kwadran Lima Indonesia can achieve the desired target and increase its target so that the company is getting bigger and growing. A gap analysis will be made into tables and charts, APO12-Managed Risk BAI10-Managed Configuration DSS03-Managed Problem Current Level 2 2 3 Target Level 3 3 3 Gap 1 1 0 2 2 3 3 3 3 1 1 0
  • 5. International Journal Of Science, Technology & Management ISSN: 2722 - 4015 http://ijstm.inarah.co.id 1038 making it easier for PT Kwadran Lima Indonesia to find the distance between their level and their target. The following are recommendations for improvements that need to be carried out by PT Kwadran Lima Indonesia. Table 2. Improvement Recommendations APO12-Managed Risk Level 2 APO12-Managed Risk and BAI10-Managed Configuration Sub Domain Activity Due Date PIC APO12.01 (1) PT Kwadran Lima Indonesia can form or design a team whose duties and responsibilities are to design and implement a method of collecting classification and analysis of data related to IT risks. PT Kwadran Lima Indonesia can also start by identifying what IT tools are already used to collect and analyze IT risk data. PT Kwadran Lima Indonesia can also implement analysis assistance such as SWOT (Strength, Weakness, Opportunities, Threats) so that organizations know their strengths and weaknesses against their IT scope. August 2023 Lini Wong APO12.01 (2) PT Kwadran Lima Indonesia can provide additional duties and responsibilities or recruit new employees whose purpose is to keep records related to IT activities in the company. The recording process carried out by this recruiter can be made by recording the type of risk, the impact resulting from the risk, the source of the problem, and when the risk arises for the company. August 2023 Lini Wong BAI10.03 (3) PT Kwadran Lima Indonesia can use new employees recruited to improve findings from the APO12.01 subdomain (2) by understanding how important it is to update the company's detailed configuration item items so that the formation of Configuration Management Databases (CMDBs) can be implemented immediately. October 2023 Lini Wong Table 3. Improvement Recommendations DSS03-Managed Problem Level 2 DSS03-Managed Problem Sub-domain Activity Due Date PIC DSS03.01 (2) PT Kwadran Lima Indonesia can conduct consultations on Risk Management related to improvements that need to be made first, starting from the worst impact on the company's operations to impacts that can be tolerated. August 2023 Lini Wong Recommendations for improvements can be immediately implemented by PT Kwadran Lima Indonesia so that they can fix all the problems that exist today. Based on the current issues, namely the constraints on the PT Kwadran Lima Indonesia system and still deficiencies in their Risk Management, recommendations need to be prioritized for the APO12-Managed Risk domain process because this domain process already includes an increase in risk management. IV. CONCLUSION The conclusion obtained from this study is that PT Kwadran Lima Indonesia still needs several aspects that must be developed in terms of management, such as recruiting or creating a new competent and expert team to deal with the current deficiencies of PT Kwadran Lima Indonesia. The predetermined domain process was successfully carried out as a capability assessment tool to determine the level of capability of the current management system of PT Kwadran Lima, Indonesia.This assessment process will start from level 2 following the COBIT 2019 guidebook. After the assessment, the results will come out, where the result of the APO12-Managed Risk domain process is 68% and is declared to have stopped at level 2, while the company has a target of level 3. The BAI10-Managed Configuration domain process has a value of 75% and is declared to stop at level 2, while the company has a target at level 3. The third domain process, namely DSS03-Managed Problem, has a value of 89% and is declared to be up to level 3 because it has passed the minimum increase value of 85%. The DSS03-Managed Problem level 3 domain process has a total value of 84.5% and is declared to have stopped at level 3, and this is already the target of PT Kwadran Lima Indonesia. After the capability level is obtained, a gap analysis will be made to determine the current level gap with the company's target. In the APO12-Managed Risk domain process, the level gap is 1 level. The BAI10- Managed Configuration domain process has a level gap of 1 level. The DSS03-Managed Problem domain process has a gap distance of 0 because they have met the desired target. After the gap analysis, the next recommendation will be made to PT Kwadran Lima Indonesia. These recommendations are divided into 2 categories: recommendations for improvement and recommendations for improvement. Recommendations
  • 6. International Journal Of Science, Technology & Management ISSN: 2722 - 4015 http://ijstm.inarah.co.id 1039 for improvement are based on activities in subdomains that have deficiencies. In contrast, recommendations for improvement are given for how PT Kwadran Lima Indonesia should implement it in their company so that their capability value can rise to the target level they want.After the recommendations are given to the company, the results can be implemented. They can improve the company's performance to compete against other companies engaged in the same field and even get better. V. ACKNOWLEDGMENTS We thank PT Kwadran Lima Indonesia as the Research object for their significant assistance and Universitas Multimedia Nusantara for the support. They made a substantial contribution that was crucial to accomplishing this research. We want to express our sincere appreciation to our Information Systems Department colleagues, whose wise advice and knowledge were extremely helpful to us during the research process. They made significant contributions that influenced this study's direction and raised its level of excellence. REFERENCES [1] L. Y. Siregar and M. I. P. Nasution, “Perkembangan Teknologi Informasi Terhadap Peningkatan Bisnis Online,” HIRARKI J. Ilm. Manaj. dan Bisnis, vol. 02, no. 01, pp. 71–75, 2020. [2] “Pengantar Teknologi Informasi - Abdul Karim, Budianto Bangun, Kusmanto, Iwan Purnama, Syaiful Zuhri Harahap, Deci Irmayani, Marnis Nasution, Musthafa Haris, Rahmadani , Ibnu Rasyid Munthe, - Google Books.” [3] H. Waheed, H. Hussin, and M. J. Mohamed Razi, “The influence of IT leaders’ leadership behaviour on IT governance performance in higher Education: A literature Review,” Proc. - Int. Conf. Inf. Commun. Technol. Muslim World 2018, ICT4M 2018, pp. 254–259, 2018, doi: 10.1109/ICT4M.2018.00054. [4] ISACA, Governance and Management Objectives. 2018. [Online]. Available: https://www.isaca.org/resources/cobit [5] W. van Grembergen and S. de Haes, “Introduction to the minitrack on IT governance and its mechanisms,” Proc. Annu. Hawaii Int. Conf. Syst. Sci., vol. 2018-Janua, pp. 4877–4879, 2018, doi: 10.24251/hicss.2022.801.“About Us – PT Kwadran Lima Indonesia.” [7] ISACA, COBIT® 2019 Implementation Guide: Implementing and Optimizing an Information and Technology Governance Solution. 2018. [8] S. A. Maulana, “Kajian Perbandingan Cobit 5 dengan Cobit 2019 sebagai Framework Audit Tata Kelola Teknologi Informasi,” vol. 6, no. 1, p. 6, 2021. [9] D. Darmawan and A. F. Wijaya, “Analisis dan Desain Tata Kelola Teknologi Informasi Menggunakan Framework COBIT 2019 pada PT. XYZ,” J. Comput. Inf. Syst. Ampera, vol. 3, no. 1, pp. 1–17, 2022, doi: 10.51519/journalcisa.v3i1.139. [10] A. Safitri, I. Syafii, and K. Adi, “Identifikasi Level Pengelolaan Tata Kelola SIPERUMKIM Kota Salatiga berdasarkan COBIT 2019,” J. RESTI (Rekayasa Sist. dan Teknol. Informasi), vol. 5, no. 3, pp. 429–438, 2021, doi: 10.29207/resti.v5i3.3060. [11] A. P. W. Dio Febrilian Tanjung*1, Aulia Oktaviana2, “Analisis Manajemen Risiko Startup Pada Masa Pandemi Covid-19 Startup Risk Management Analysis During Covid-19 Pandemic Using,” J. Teknol. Inf. dan Ilmu Komput., vol. 8, no. 3, pp. 635–642, 2021, doi: 10.25126/jtiik.202184914. [12] M. Saleh, I. Yusuf, and H. Sujaini, “Penerapan Framework COBIT 2019 pada Audit Teknologi Informasi di Politeknik Sambas,” J. Edukasi dan Penelit. Inform., vol. 7, no. 2, p. 204, 2021, doi: 10.26418/jp.v7i2.48228. [13] D. A. Sudarnoto and R. I. Desanti, “COBIT 5 : How Capable PT GTI Governing Innovation , Human Resource , and Knowledge Aspect ?,” vol. 12, no. 2, 2022. [14] S. Informasi and U. M. Nusantara, “COBIT 5 : Tingkat Kapabilitas pada PT Supra Boga Lestari,” vol. IX, no. 1, pp. 18–23, 2018. [15] S.Y.Lee,A Ramasamy, and J. H.Rhee, Introduction and Methodology. 2018. doi: 10.1007/978-3-642-55058-4_1. [16] I. Hartati, “Framework Cobit 4.1 Untuk Audit Sistem Informasi Pada Perwakilan Badan Kependudukan Dan Keluarga Berencana Nasional (BKKBN) Provinsi ABCD,” 2018. [17] W. Wella, “Audit Sistem Informasi Menggunakan Cobit 5.0 Domain DSS pada PT Erajaya Swasembada, Tbk”, Ultima InfoSys : Jurnal Ilmu Sistem Informasi, vol. 7, no. 1, pp. 38-44, Jun. 2016. [18] D. Sanjaya and M. Fianty, “Measurement of Capability Level Using COBIT 5 Framework (Case Study: PT Andalan Bunda Bijak)”, Ultima InfoSys : Jurnal Ilmu Sistem Informasi, vol. 13, no. 2, pp. 68-76, Jan. 2023.