This document discusses conducting an IT governance audit of PDAM Tirta Patriot in Bekasi, Indonesia using the COBIT 5 framework. PDAM Tirta Patriot has implemented IT systems but still has deficiencies, including undocumented business processes and insufficient IT staff. An audit is needed to evaluate the IT unit's capabilities. The study uses Analytical Hierarchy Process to prioritize the domains of APO01, MEA01, and APO07. It finds that the current capability levels for these domains are all below the target level of 2. Recommendations are provided based on unfulfilled work products.
The measurement of maturity level of information technology service based on ...TELKOMNIKA JOURNAL
Institutions are currently progressing on IT development and maximization in order to advance for good IT governance. Lack of comprehensive requirements analysis of IT utilization may lead to hindrances within IT development from achieving effective outcomes. This quantitative study employs control objective for information & related technology (COBIT 5) business framework to assess and identify the maturity level of IT service, primarily within the domain of delivery, service, and support (DSS). Data were obtained through questionnaire, observation, and documentation. The result reveals that the average maturity level of IT service is in level 3 (established); by which the study recommends for enhancements and upgrades in IT performance and service within the scope of compliance and IT service application and support.
This is a summary of Control Objectives for Information and related Technology audit framework. Anyone can understand COBIT-19 framework within few slides. COBIT was published by ITGI, a nonprofit research entity created by ISACA
Presenting VALIT Frameworks and Comparing between Them and Other Enterprise A...Eswar Publications
It is necessary for each organization to move towards process-focused that it is supported and presided by information technology (IT). IT is considered as a part of processes field. In the information technology era, especially with the advent of network-based economy, organizations plans must be performed based on an architectural design deserving Information Society. Enterprise Architecture provides a framework to design organization based on Information Technology. Val IT framework is not related to enterprise architecture frameworks, but rather to IT governance. IT governance is indeed a paradigm in which it is attempted to make all activities and enterprise mechanisms for the planning, organizing, implementation and control of IT aligned and
consistent. This study first discusses the introduction of this framework; then, a comparison between this framework and COBIT as well as between enterprise architecture and Val IT will be done.
The measurement of maturity level of information technology service based on ...TELKOMNIKA JOURNAL
Institutions are currently progressing on IT development and maximization in order to advance for good IT governance. Lack of comprehensive requirements analysis of IT utilization may lead to hindrances within IT development from achieving effective outcomes. This quantitative study employs control objective for information & related technology (COBIT 5) business framework to assess and identify the maturity level of IT service, primarily within the domain of delivery, service, and support (DSS). Data were obtained through questionnaire, observation, and documentation. The result reveals that the average maturity level of IT service is in level 3 (established); by which the study recommends for enhancements and upgrades in IT performance and service within the scope of compliance and IT service application and support.
This is a summary of Control Objectives for Information and related Technology audit framework. Anyone can understand COBIT-19 framework within few slides. COBIT was published by ITGI, a nonprofit research entity created by ISACA
Presenting VALIT Frameworks and Comparing between Them and Other Enterprise A...Eswar Publications
It is necessary for each organization to move towards process-focused that it is supported and presided by information technology (IT). IT is considered as a part of processes field. In the information technology era, especially with the advent of network-based economy, organizations plans must be performed based on an architectural design deserving Information Society. Enterprise Architecture provides a framework to design organization based on Information Technology. Val IT framework is not related to enterprise architecture frameworks, but rather to IT governance. IT governance is indeed a paradigm in which it is attempted to make all activities and enterprise mechanisms for the planning, organizing, implementation and control of IT aligned and
consistent. This study first discusses the introduction of this framework; then, a comparison between this framework and COBIT as well as between enterprise architecture and Val IT will be done.
Improvement of IT Governance Case Study Government Institution Region Xijtsrd
The use of information technology in government processes will increase the efficiency, effectiveness, transparency, and accountability of government administration. Utilization of IT within an organization requires a system to manage IT better as well as the required audit of information technology that can be run in accordance as the expected. IT Audit is an important matter that must be carried out within an organization, also including the Government Institution Region X which utilize the technology of information as supporting the process of the public servicing. The audit of information technology is carried out with the purpose of fixing the critical point or problems that often occur in the process within the institution. As the result of study using the framework of COBIT 5, it shows the level of capability of five IT processes selected are at a lower level, namely APO07 at the level 2, EDM04 at the level 1, DSS01 at the level 1, BAI01 at the level 1, and APO08 at the level 1, whereas the expectation of capabilities of the organization’s leader is at the level 4. The results of the audit of information technology that has been made, shows the difference of the level of gap between the current maturity level with the maturity level based on the organization’s leader. In this study, will be getting suggestions and improvement recommendations according to the framework of COBIT 5 and ITIL 2011. Agus Ade Muliyana Krisna | Gusti Made Arya Sasmita | Gusti Agung Ayu Putri "Improvement of IT Governance (Case Study: Government Institution Region X)" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-6 , October 2020, URL: https://www.ijtsrd.com/papers/ijtsrd33496.pdf Paper Url: https://www.ijtsrd.com/engineering/information-technology/33496/improvement-of-it-governance-case-study-government-institution-region-x/agus-ade-muliyana-krisna
Governance of IT
COBIT Background
COBIT and Other frameworks
COBIT Principles
COBIT Goals
COBIT Objectives
COBIT Components
COBIT Design factors
COBIT Focus areas
COBIT Performance management
Designing and implementing a governance system
Proposal of a Framework of Lean Governance and Management of Enterprise ITMehran Misaghi
Technology and Information are vital to the success of companies.
To leverage the successes in IT projects, companies have at their
disposal, references globally accepted as good practices (COBIT,
ITIL, PMBOK, ISO, TOGAF, etc.). In spite of this, it is still great
the magnitude of spending on IT projects poorly designed or
improperly implemented. This paper presents a brief description
of standards and good practices related to governance and
management of enterprise IT, defines the Lean Thinking, Lean IT, the Processes Management, the Portfolio, Program and Project
Management, and the Work System Theory, and highlights the
purpose of them, showing their characteristics and suggests a
Framework of Lean Governance and Management of Enterprise
IT, by demonstrating how the standards and good practices
presented can work together, because it advocates that the Lean
Thinking, the Process, Portfolio, Program, and Project
Management, and the Work System Theory complement the
standards and good practices of Governance and Management of
Enterprise IT with an approach not referenced in these standards
and good practic
CHAPTER 10
INFORMATION GOVERNANCE
Information Governance and Information
Technology Functions
ITS 833
Dr. Mia Simmons
Chapter Overview
■ This chapter will cover pages 189-206 in
your book.
■ This chapter discusses how Information
Technology (IT) aligns directly with the
success of Information Governance.
2
What is Information Technology?
■ Information technology (IT) is a core function impacted by
information governance (IG) efforts.
– The IT side, shared responsibility for IG means the IT
department itself must take a closer look at IT processes
and activities with an eye to IG.
– A focus on improving IT efficiency, software development
processes, and data quality will help contribute to the
overall IG program effort
3
CIO & IT Leaders Key Focus Areas
■ Four IG areas for successful delivery of IG efforts:
1. Don’t focus on technology, focus on business impact
■ IT needs to become more business savvy, more businesslike, more
focused on delivering business benefits that can help the organization
to meet its business goals and achieve its business objectives.
2. Customize your IG approach for your specific business, folding in
any industry-specific best practices possible.
■ there are components that are common to all industries, but tailoring
your approach to your organization is the only way to deliver real
business value and results
3. Make the business case for IG by tying it to business objectives
■ The business case must be presented in order to gain executive
sponsorship, which is an essential component of any IG effort.
4. Standardize use of business terms
■ IG requires a cross-functional effort, so you must be speaking the
same language, which means the business terms you use in your
organization must be standardize
4
Data
Governance
■ Data is big, data is growing, data is
valuable, and the insights that can be
gained by analyzing clean, reliable data
with the latest analytic tools are a sort of
new currency.
■ focuses on information quality from the
ground up (at the lowest or root level), so
that subsequent reports, analyses and
conclusions are based on clean, reliable,
trusted data (or records) in database
tables
■ Data governance is a newer, hybrid
quality control discipline that includes
elements of data quality, data
management, IG policy development,
business process improvement, and
compliance and risk management.
■ Data governance with real-time analytics
and business intelligence (BI) software
not only can yield insights into significant
and emerging trends but also can provide
solid information for decision makers to
use in times of crisis—or opportunity.
5
Steps to Governing Data
Effectively
1. Recruit a strong executive sponsor.
2. Assess your current state
3. Set the ideal state vision and strategy.
4. Compute the value of your data.
5. Asses Risk
6. Implement a going-forward strategy
7. Assign accountabili.
CHAPTER 10
INFORMATION GOVERNANCE
Information Governance and Information
Technology Functions
ITS 833
Dr. Mia Simmons
Chapter Overview
■ This chapter will cover pages 189-206 in
your book.
■ This chapter discusses how Information
Technology (IT) aligns directly with the
success of Information Governance.
2
What is Information Technology?
■ Information technology (IT) is a core function impacted by
information governance (IG) efforts.
– The IT side, shared responsibility for IG means the IT
department itself must take a closer look at IT processes
and activities with an eye to IG.
– A focus on improving IT efficiency, software development
processes, and data quality will help contribute to the
overall IG program effort
3
CIO & IT Leaders Key Focus Areas
■ Four IG areas for successful delivery of IG efforts:
1. Don’t focus on technology, focus on business impact
■ IT needs to become more business savvy, more businesslike, more
focused on delivering business benefits that can help the organization
to meet its business goals and achieve its business objectives.
2. Customize your IG approach for your specific business, folding in
any industry-specific best practices possible.
■ there are components that are common to all industries, but tailoring
your approach to your organization is the only way to deliver real
business value and results
3. Make the business case for IG by tying it to business objectives
■ The business case must be presented in order to gain executive
sponsorship, which is an essential component of any IG effort.
4. Standardize use of business terms
■ IG requires a cross-functional effort, so you must be speaking the
same language, which means the business terms you use in your
organization must be standardize
4
Data
Governance
■ Data is big, data is growing, data is
valuable, and the insights that can be
gained by analyzing clean, reliable data
with the latest analytic tools are a sort of
new currency.
■ focuses on information quality from the
ground up (at the lowest or root level), so
that subsequent reports, analyses and
conclusions are based on clean, reliable,
trusted data (or records) in database
tables
■ Data governance is a newer, hybrid
quality control discipline that includes
elements of data quality, data
management, IG policy development,
business process improvement, and
compliance and risk management.
■ Data governance with real-time analytics
and business intelligence (BI) software
not only can yield insights into significant
and emerging trends but also can provide
solid information for decision makers to
use in times of crisis—or opportunity.
5
Steps to Governing Data
Effectively
1. Recruit a strong executive sponsor.
2. Assess your current state
3. Set the ideal state vision and strategy.
4. Compute the value of your data.
5. Asses Risk
6. Implement a going-forward strategy
7. Assign accountabili ...
With the rapid evolution of Information Technology (IT) applications, and practices across the organization, appropriate IT Governance (ITG) has become essential to an organization’s success. The use of IT has become pervasive in every facet of the organisations’ endeavours in supporting and evolving each aspect of the business. As IT is associated with risk and value opportunities, a comprehensive, high-level system is required in each organization to minimise the associated risks and optimize value. The fact that the IT value to be achieved due to effective IT governance is related to efficient and cost effective IT delivery, innovation and business impact. This presentation highlights the Critical Success Factors (CSFs) needed for the successful and effective implementation of ITG.
GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001IJNSA Journal
In this paper, after giving a brief definition of Information Security Management Systems (ISMS), ISO 27001, IT governance and COBIT, pros and cons of implementing only COBIT, implementing only IS0 27001 and implementing both COBIT and ISO 27001 together when governing information security in enterprises will be issued.
Improvement of IT Governance Case Study Government Institution Region Xijtsrd
The use of information technology in government processes will increase the efficiency, effectiveness, transparency, and accountability of government administration. Utilization of IT within an organization requires a system to manage IT better as well as the required audit of information technology that can be run in accordance as the expected. IT Audit is an important matter that must be carried out within an organization, also including the Government Institution Region X which utilize the technology of information as supporting the process of the public servicing. The audit of information technology is carried out with the purpose of fixing the critical point or problems that often occur in the process within the institution. As the result of study using the framework of COBIT 5, it shows the level of capability of five IT processes selected are at a lower level, namely APO07 at the level 2, EDM04 at the level 1, DSS01 at the level 1, BAI01 at the level 1, and APO08 at the level 1, whereas the expectation of capabilities of the organization’s leader is at the level 4. The results of the audit of information technology that has been made, shows the difference of the level of gap between the current maturity level with the maturity level based on the organization’s leader. In this study, will be getting suggestions and improvement recommendations according to the framework of COBIT 5 and ITIL 2011. Agus Ade Muliyana Krisna | Gusti Made Arya Sasmita | Gusti Agung Ayu Putri "Improvement of IT Governance (Case Study: Government Institution Region X)" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-6 , October 2020, URL: https://www.ijtsrd.com/papers/ijtsrd33496.pdf Paper Url: https://www.ijtsrd.com/engineering/information-technology/33496/improvement-of-it-governance-case-study-government-institution-region-x/agus-ade-muliyana-krisna
Governance of IT
COBIT Background
COBIT and Other frameworks
COBIT Principles
COBIT Goals
COBIT Objectives
COBIT Components
COBIT Design factors
COBIT Focus areas
COBIT Performance management
Designing and implementing a governance system
Proposal of a Framework of Lean Governance and Management of Enterprise ITMehran Misaghi
Technology and Information are vital to the success of companies.
To leverage the successes in IT projects, companies have at their
disposal, references globally accepted as good practices (COBIT,
ITIL, PMBOK, ISO, TOGAF, etc.). In spite of this, it is still great
the magnitude of spending on IT projects poorly designed or
improperly implemented. This paper presents a brief description
of standards and good practices related to governance and
management of enterprise IT, defines the Lean Thinking, Lean IT, the Processes Management, the Portfolio, Program and Project
Management, and the Work System Theory, and highlights the
purpose of them, showing their characteristics and suggests a
Framework of Lean Governance and Management of Enterprise
IT, by demonstrating how the standards and good practices
presented can work together, because it advocates that the Lean
Thinking, the Process, Portfolio, Program, and Project
Management, and the Work System Theory complement the
standards and good practices of Governance and Management of
Enterprise IT with an approach not referenced in these standards
and good practic
CHAPTER 10
INFORMATION GOVERNANCE
Information Governance and Information
Technology Functions
ITS 833
Dr. Mia Simmons
Chapter Overview
■ This chapter will cover pages 189-206 in
your book.
■ This chapter discusses how Information
Technology (IT) aligns directly with the
success of Information Governance.
2
What is Information Technology?
■ Information technology (IT) is a core function impacted by
information governance (IG) efforts.
– The IT side, shared responsibility for IG means the IT
department itself must take a closer look at IT processes
and activities with an eye to IG.
– A focus on improving IT efficiency, software development
processes, and data quality will help contribute to the
overall IG program effort
3
CIO & IT Leaders Key Focus Areas
■ Four IG areas for successful delivery of IG efforts:
1. Don’t focus on technology, focus on business impact
■ IT needs to become more business savvy, more businesslike, more
focused on delivering business benefits that can help the organization
to meet its business goals and achieve its business objectives.
2. Customize your IG approach for your specific business, folding in
any industry-specific best practices possible.
■ there are components that are common to all industries, but tailoring
your approach to your organization is the only way to deliver real
business value and results
3. Make the business case for IG by tying it to business objectives
■ The business case must be presented in order to gain executive
sponsorship, which is an essential component of any IG effort.
4. Standardize use of business terms
■ IG requires a cross-functional effort, so you must be speaking the
same language, which means the business terms you use in your
organization must be standardize
4
Data
Governance
■ Data is big, data is growing, data is
valuable, and the insights that can be
gained by analyzing clean, reliable data
with the latest analytic tools are a sort of
new currency.
■ focuses on information quality from the
ground up (at the lowest or root level), so
that subsequent reports, analyses and
conclusions are based on clean, reliable,
trusted data (or records) in database
tables
■ Data governance is a newer, hybrid
quality control discipline that includes
elements of data quality, data
management, IG policy development,
business process improvement, and
compliance and risk management.
■ Data governance with real-time analytics
and business intelligence (BI) software
not only can yield insights into significant
and emerging trends but also can provide
solid information for decision makers to
use in times of crisis—or opportunity.
5
Steps to Governing Data
Effectively
1. Recruit a strong executive sponsor.
2. Assess your current state
3. Set the ideal state vision and strategy.
4. Compute the value of your data.
5. Asses Risk
6. Implement a going-forward strategy
7. Assign accountabili.
CHAPTER 10
INFORMATION GOVERNANCE
Information Governance and Information
Technology Functions
ITS 833
Dr. Mia Simmons
Chapter Overview
■ This chapter will cover pages 189-206 in
your book.
■ This chapter discusses how Information
Technology (IT) aligns directly with the
success of Information Governance.
2
What is Information Technology?
■ Information technology (IT) is a core function impacted by
information governance (IG) efforts.
– The IT side, shared responsibility for IG means the IT
department itself must take a closer look at IT processes
and activities with an eye to IG.
– A focus on improving IT efficiency, software development
processes, and data quality will help contribute to the
overall IG program effort
3
CIO & IT Leaders Key Focus Areas
■ Four IG areas for successful delivery of IG efforts:
1. Don’t focus on technology, focus on business impact
■ IT needs to become more business savvy, more businesslike, more
focused on delivering business benefits that can help the organization
to meet its business goals and achieve its business objectives.
2. Customize your IG approach for your specific business, folding in
any industry-specific best practices possible.
■ there are components that are common to all industries, but tailoring
your approach to your organization is the only way to deliver real
business value and results
3. Make the business case for IG by tying it to business objectives
■ The business case must be presented in order to gain executive
sponsorship, which is an essential component of any IG effort.
4. Standardize use of business terms
■ IG requires a cross-functional effort, so you must be speaking the
same language, which means the business terms you use in your
organization must be standardize
4
Data
Governance
■ Data is big, data is growing, data is
valuable, and the insights that can be
gained by analyzing clean, reliable data
with the latest analytic tools are a sort of
new currency.
■ focuses on information quality from the
ground up (at the lowest or root level), so
that subsequent reports, analyses and
conclusions are based on clean, reliable,
trusted data (or records) in database
tables
■ Data governance is a newer, hybrid
quality control discipline that includes
elements of data quality, data
management, IG policy development,
business process improvement, and
compliance and risk management.
■ Data governance with real-time analytics
and business intelligence (BI) software
not only can yield insights into significant
and emerging trends but also can provide
solid information for decision makers to
use in times of crisis—or opportunity.
5
Steps to Governing Data
Effectively
1. Recruit a strong executive sponsor.
2. Assess your current state
3. Set the ideal state vision and strategy.
4. Compute the value of your data.
5. Asses Risk
6. Implement a going-forward strategy
7. Assign accountabili ...
With the rapid evolution of Information Technology (IT) applications, and practices across the organization, appropriate IT Governance (ITG) has become essential to an organization’s success. The use of IT has become pervasive in every facet of the organisations’ endeavours in supporting and evolving each aspect of the business. As IT is associated with risk and value opportunities, a comprehensive, high-level system is required in each organization to minimise the associated risks and optimize value. The fact that the IT value to be achieved due to effective IT governance is related to efficient and cost effective IT delivery, innovation and business impact. This presentation highlights the Critical Success Factors (CSFs) needed for the successful and effective implementation of ITG.
GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001IJNSA Journal
In this paper, after giving a brief definition of Information Security Management Systems (ISMS), ISO 27001, IT governance and COBIT, pros and cons of implementing only COBIT, implementing only IS0 27001 and implementing both COBIT and ISO 27001 together when governing information security in enterprises will be issued.
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Acetabularia Information For Class 9 .docxvaibhavrinwa19
Acetabularia acetabulum is a single-celled green alga that in its vegetative state is morphologically differentiated into a basal rhizoid and an axially elongated stalk, which bears whorls of branching hairs. The single diploid nucleus resides in the rhizoid.
1. Information Technology Governance Audit
Using the COBIT 5 Framework (Case Study
of PDAM Tirta Patriot Kota Bekasi)
Lisda Awalia Aprilianti #1
, Eko Darwiyanto *2
, Yanuar Firdaus Arie #3
# School of Computing, Telkom University, Indonesia
Jl. Telekomunikasi, Jl. Ters. Buah Batu, Kec. Dayeuh Kolot, Bandung, Jawa Barat. Indonesia. 40257.
1 lisdaawalia@students.telkomuniversity.ac.id
2
ekodarwiyanto@telkomuniversity.ac.id
3 yanuarfirdaus@telkomuniversity.ac.id
Abstract
PDAM Tirta Patriot has implemented information systems for its business process but still has
deficiencies, including some business processes that do not have documented guidelines and
procedures. Furthermore, the human resources in PDAM Tirta Patriot are insufficient for improving
IT governance due to the lack of reliable personnel in the IT unit. Given the importance of IT for
PDAM, an audit is needed to evaluate the capability of the IT unit in managing IT. COBIT 5 provides
a goals cascade to align the company with its business goals. However, the goals cascade does not
provide priority to IT-related goals. Therefore, for prioritizing IT-related goals, this research uses
Analytical Hierarchy Process (AHP). From the AHP result, the selected domains are APO01,
MEA01, and APO07. This research aims to determine the current capability level and analyze the
gap between it and the chosen target capability level, precisely level 2. The current capability level
of PDAM Tirta Patriot from domain APO01 is 1, MEA01 is 0, and APO07 is 0, which means none
of those have reached the target capability level. Recommendations are given based on the
unfulfilled work product for domains that do not reach the target capability level.
Keywords: AHP, COBIT 5, IT governance, PDAM Tirta Patriot.
Abstrak
PDAM Tirta Patriot telah mengimplementasikan sistem informasi dalam proses bisnisnya. Namun
masih memiliki kekurangan, diantaranya terdapat proses bisnis yang belum memililki pedoman dan
prosedur yang terdokumentasi. Selain itu, kondisi SDM PDAM Tirta Patriot yang belum cukup
untuk meningkatkan tata kelola IT, dikarenakan masih kurangnya personil yang dapat diandalkan
dalam unit IT. Mengingat pentingnya IT bagi PDAM, dibutuhkan sebuah audit untuk mengevaluasi
kemampuan unit IT dalam mengelola IT agar selaras dengan tujuan perusahaan. COBIT 5
menyediakan mekanisme goals cascade untuk menyelaraskan perusahaan dengan tujuan bisnisnya.
Namun, mekanisme tersebut tidak memberikan prioritas terhadap pemilihan IT-related goals. Oleh
sebab itu, penelitian ini dibantu metode Analytical Hierarchy Process (AHP) yang berguna untuk
memilih prioritas IT-related goals. Dari hasil AHP, domain yang digunakan adalah APO01,
MEA01, serta APO07. Tujuan penelitian ini untuk mengetahui current capability level PDAM, serta
menganalisis kesenjangannya dengan target capability level yang dipilih yaitu level 2. Current
capability level PDAM Tirta Patriot dari domain APO01 adalah level 1, MEA01 level 0, serta
APO07 level 0, yang berarti ketiga domain tersebut tidak ada yang mencapai target capability level.
Untuk domain yang tidak mencapai target, diberikan rekomendasi sesuai dengan work product yang
tidak terpenuhi.
Kata Kunci: AHP, COBIT 5, IT governance, PDAM Tirta Patriot.
I. INTRODUCTION
N today’s business world, information technology (IT) has become an essential element of progress, as many
companies depend on IT to maintain and accelerate organizational growth [1]. In its development, IT requires
I
OPEN ACCESS
ISSN 2460-9056
socj.telkomuniversity.ac.id/indojc
Ind. Journal on Computing
Vol. 6, Issue. 2, September 2021. pp. 11-22
doi:10.34818/indojc.2021.6.2.563
Received on Mei, 2021. Accepted on September, 2021
2. governance to aid in the use of information technology to accomplish the goal of the organizations [2]. An IT
audit helps to assess the organization to function optimally and on target according to its business process [3].
PDAM Tirta Patriot is a BUMD-owned company established following the Bekasi City Regional Regulation
number 02 of 2006. PDAM Tirta Patriot has already implemented information systems for business operations,
but it also has deficiencies in information management. Including some processes that do not have documented
procedures and guidelines. Furthermore, the condition of human resources in PDAM Tirta Patriot is insufficient
for improving IT governance due to the lack of reliable staff in the IT unit, which was indicated by having only
one reliable IT unit. Also, even though the IT unit was formatted in 2016 [4], but until December 2019, PDAM
still relied on an IT consultant who previously managed IT in PDAM Tirta Patriot [5].
To realize the BUMN/BUMD implementation of an independent water supply system, the Institution for the
Improvement of the Drinking Water Supply System requires strengthening the management of BUMD to
PDAM. So that it is carried out with good governance, such as increasing the effectiveness and efficiency,
whether technical, management, or financial, it also necessitates implementing an information system to
monitor and evaluate the facilities’ efficiency [6].
The existing problems can be identified by measuring the performance of implementing IT governance in the
company. From the existing problems and considering the importance of IT in the business process,
measurement is needed to maintain IT governance to remain effective following the company’s goals [7].
PDAM Tirta Patriot has never conducted an audit for the IT unit. So, this research was conducted to determine
the current condition of the IT unit’s capabilities in managing IT. An audit for IT governance is needed to
evaluate the IT governance that already operated in compliance with the approved standard, guidelines,
regulations, and practices [8].
COBIT, ITIL, and ISO/IEC 27000 families are the most widely used today for managing information systems
[9]. ITIL is wholly based on IT and how it can be handled to have benefited [10]. If ISO covers relevant
guidelines, processes, requirements, and procedures, ITIL only focuses on the logical stage of the process,
inscribing what can be performed but not how [11]. Also, ISO 27001 is concerned chiefly with information
security, while COBIT covers a broader range of topics [12]. COBIT, because of its broad coverage, can serve
as an integrator and can be mapped into enterprise goals – IT-related goals (EGIT) that cover specific areas
[11].
Control Objective for Information and Related Technology (COBIT) 5 provides a systematic structure to help
businesses meet their IT governance and management goals. It allows IT to be regulated and managed
comprehensively for all types of organizations, whether private, non-profit, or public sector. Every organization
works in a different context, so it needs customized governance and management system. COBIT 5 has five
domains and 37 processes for conducting an audit. The domains are Evaluate, Direct, and Monitor (EDM),
Align, Plan, and Organise (APO), Build, Acquire, and Implement (BAI), Deliver, Service, and Support (DSS),
and Monitor, Evaluate, and Assess (MEA) [13].
Many authors have selected the COBIT 5 framework when implementing IT governance audits. One of those
is the audit at PDAM Tirta Satria by Alief Maulana Hisyam et al... However, there is no systemic approach for
selecting the audit domain [14]. Therefore, this research presents an approach that identifies the prioritized IT-
related goals that lead to the selecting audit domains that are more related to the company’s goals. This approach
uses Analytical Hierarchy Process (AHP) using the company’s governance objective indicator in a balanced
scorecard (BSC) [15]. This research also identifies the current capability level of the IT governance in PDAM
Tirta Patriot and provides recommendations based on COBIT 5 for the improvement that is expected to be
implemented so that the IT unit can be in optimal condition for its target level. The domains that are used in
this research are APO01 (Manage the IT Management Framework), MEA01 (Monitor, Evaluate, and Assess
Performance and Conformance), and also APO07 (Manage Human Resource).
II. LITERATURE REVIEW
A. Audit of Information Technology
Aprilianti et al.
Information Technology Governance Audit... 12
3. Information Technology (IT) is no longer regarded simply as helping the business process but also supporting
business strategy to achieve organizational objectives [16]. To assess and ensure the compliance of IT
management with the provisions and standards to the organizations, an audit of IT needs to be carried out so
that improvements can be made more explicitly under a framework for performance improvements [17].
Control Objectives for Information and Related Technology (COBIT) 5, Information Technology
Infrastructure Library (ITIL), and International Organization for Standardization (ISO) 27000 families are the
most valuable and common EGIT frameworks currently in use. ISO 270001 is mainly concerned with
information security. It covers relevant guidelines, processes, requirements, and procedures. COBIT 5 ensures
that governance is achieved through the whole enterprise, including policies, people, information, structures,
and applications [10], [11].
COBIT can be mapped to EGIT frameworks that cover specific areas in greater depth, such as ITIL. However,
ITIL is entirely focused on IT and how it can be handled to achieve the benefits such as improve service quality
and return on investment. There are few flaws in ITIL. Its implementations show a lack of standards, guidelines,
and manuals. It also focuses on the logical level of processes, instructing what to do but not how to do it [11].
The organizations have been required to follow many EGIT practices due to increasing market demands and
compliance criteria. Organizations are commonly implementing COBIT in practices. COBIT 5 provides a
Process Reference Model (PRM), a systemic practice that helps an organization achieve its IT governance and
management goals. PRMs are often linked to Process Assessment Model (PAM), which contains all of the
information needed to evaluate the capability of the process [10], [11], [12]. COBIT 5 also provides a goals
cascade for transforming stakeholder needs into specific enterprise goals, IT-related goals (ITrG), and enabler
goals. It efficiently facilitates the alignment between enterprise needs and their IT solution. Goals cascade
consists of stakeholder drivers that influence stakeholder needs, and stakeholder needs cascade to enterprise
goals, enterprise goals cascade to IT-related goals, and IT-related goals cascade to enabler goals [13].
B. COBIT 5 Process Assessment Model
The process assessment model is the basis for evaluating the capability for each process of COBIT 5. It is
made out of 2 dimensions; the process dimension and the capability dimensions. The process dimension consists
of classified domains such as Evaluate, Direct, and Monitor (EDM), Align, Plan, and Organise (APO), Build,
Acquire, and Implement (BAI), Deliver, Service, and Support (DSS), and Monitor, Evaluate, and Assess (MEA)
[18].
Meanwhile, the capability dimension consists of a set of process attributes organized into capability levels.
The capability level consists of 6 levels as shown in Table I. Each of the process attributes is evaluated using
six rating scales according to ISO/IEC 15504 [7]. Each process attribute is determined by whether the process
attributes at that level have been largely or fully achieved as shown in Table III [18].
TABLE I
CAPABILITY LEVEL
Level Description
Level 0 Incomplete Process Process fails to be implemented and has no proof of achievement
Level 1 Performed Process Process achieves its purpose
Level 2 Managed Process Process has reached level 1 with the addition of planning, documentation,
monitoring
Level 3 Established Process Process has reached level 2 with the standard and can achieve the purpose
Level 4 Predictable process Process has reached level 3 but can already be predicted
Level 5 Optimizing Process Process has reached level 4 and continues to be improved for innovation
TABLE II
RATING SCALES
Abbreviation Description % Achieved
N Not achieved 0% to 15% achievement
Ind. Journal on Computing Vol. 6, Issue. 2, September 2021 13
4. P Partially achieved > 15% to 50% achievement
L Largely achieved > 50% to 85% achievement
F Fully achieved > 85% to 100% achievement
TABLE III
PROCESS ATTRIBUTE RATING
Scale Process Attribute Rating
Level 1 Process Performance Largely or fully achieved
Level 2
Process Performance Fully achieved
Performance Management Largely or fully achieved
Work Product Management Largely or fully achieved
C. Analytical Hierarchy Process (AHP)
AHP is known as an excellent approach for dealing with complex decision-making [19]. It facilitates the
systematic assessment of alternatives with multiple objective and evaluation criteria [15]. In this research, the
objective is to prioritize the attribute of COBIT 5, which consists of enterprise goals and IT-related goals. The
AHP is the effective method for resolving problems with hierarchically criteria and alternatives with multiple
objectives [20]. It is expected that AHP will be able to solve a complex problem using a hierarchy of criteria to
determine priorities or weights [21]. Furthermore, AHP includes a valuable approach for assessing the
consistency of the decision maker’s evaluation, therefore decreasing bias in the decision-making process [19].
It requires a pairwise comparison matrix to use AHP [15], which compares entities to decide whether the entities
are similar or not [22].
𝑀 = [
1 𝛼12 𝛼13 𝛼14
𝛼21 1 𝛼23 𝛼24
𝛼31 𝛼32 1 𝛼34
𝛼41 𝛼42 𝛼43 1
] (1)
The example of a pairwise comparison matrix can be seen in the M matrix (1). The M is a four-by-four
matrix with rows and columns in order of financial, customer, internal, learning and growth. We can get the ij
matrix element (𝛼) by comparing the i-th row and j-th column [15]. For example, to obtain the value of α12, we
have to compare the first row of the matrix (financial) with the second column of the matrix (customer). For the
ii component, it becomes 1 since the same object obtains the same evaluation (e.g., comparing financial to
financial). To get the ij matrix elements for this research, it is further discussed in section III, where the matrix
will be transformed into Table V. The AHP functions by generating weights for each evaluation criteria [19]
which is further discussed in Section III in Table VI. The higher the weight score, the more important it is [19].
III. RESEARCH METHOD
A. The Flowchart of the Research
The following is the research flowchart that starts with the planning stage, implementation of COBIT 5
goals cascade, process assessment model, and recommendation.
Aprilianti et al.
Information Technology Governance Audit... 14
5. Fig. 1. The Flowchart of the Research
B. Planning Stage
The planning stage is initiated with finding the problem of IT governance in PDAM Tirta Patriot along with
the research objectives. Then, Focus Group Discussion (FGD) was conducted with several stakeholders of
PDAM Tirta Patriot to determine the governance objective, which is the resource optimization that leads to the
selection of audited domain. Also, the target capability level is set in level 2.
C. COBIT 5 Goal Cascade
After determining the governance objective and target level, we collected data about stakeholders’ needs to
manage their IT governance by following the COBIT 5 Goals Cascade. First, determining the stakeholder needs,
and then cascading into enterprise goals. Next, enterprise goals cascade into IT-related goals, and last, cascade
them into enabler goals. We then distributed a questionnaire about enterprise goals (EG) provided by ISACA
to the stakeholders. There are 12 selected enterprise goals of PDAM Tirta Patriot from the questionnaire: EG-
01, EG-03, EG-04, EG-05, EG-06, EG-07, EG-10, EG-11, EG-12, EG-14, EG-15, EG-16 as shown in
Attachment 1.
Achievement of enterprise goals requires the number of IT-related outcomes represented by IT-related goals
(ITrG) [10]. Therefore, a mapping between EG and ITrG was done by choosing the value that has Primary (P).
From the mapping, the selected ITrG are ITrG-01, ITrG-02, ITrG-03, ITrG-04, ITrG-05, ITrG-06, ITrG-07,
ITrG-08, ITrG-09, ITrG-10, ITrG-11, ITrG-12, ITrG-14, ITrG-15, ITrG-16 as shown in Attachment 2.
D. Analytic Hierarchy Process (AHP)
ISACA develops enterprise goals by using a balanced scorecard (BSC) in the form of a table, which shows
the relationship between the goal of the enterprise and the three main governance objectives; benefit realization,
risk optimization, and resource optimization with the value of Primary (P) and Secondary (S) [23]. From the
Ind. Journal on Computing Vol. 6, Issue. 2, September 2021 15
6. result of FGD, as shown in Attachment 3, the stakeholder selected the resource optimization for this research.
There are four dimensions in BSC, financial, customer, internal, also learning and growth.
There is a relationship between governance objective and each of the BSC dimensions as shown in Attachment
4, with Primary (P), Secondary (S), and none distinctions. P is assigned with 1, S is assigned with 0.5, and none
is assigned with 0. For example, to calculate for financial (F) dimension and the governance objective is
resource optimization (R), so the equation for this is expressed in the following equation [15].
∑𝐹𝑅 = 1 ∗ (𝑁𝑢𝑚𝑏𝑒𝑟𝑜𝑓 𝑃 ∈ 𝐹 ∩ 𝑅) + 0.5 ∗ (𝑁𝑢𝑚𝑏𝑒𝑟𝑜𝑓 𝑆 ∈ 𝐹 ∩ 𝑅) (2)
There are 4 S in the financial dimension, meaning that (0.5*4) = 2. For customer dimension, there are 2 P and
2 S, that means (1*2) + (0.5*2) = 3. Complete the process until learning and growth dimension. Then, to get
the mean of the weight is dividing it by the number of enterprise goals in each dimension.
TABLE IV
A MEASURE OF BSC ATTRIBUTE
A measure of BSC Attribute
Financial (F) Customer (C) Internal (I) Learning and Growth (LnG)
2 3 3,5 1
Mean of The Weight
2/5 3/5 3,5/5 1/2
To use AHP, it needs a pairwise comparison matrix [15]. Value in the matrix is obtained by comparing each
of the means of the weight of the BSC dimension. For example, when comparing the mean of financial with
mean of customer, the mean of financial is 2/5 and mean of the customer is 3/5. Therefore, (2/5)/(3/5) = (2/3),
which means the financial is 2/3 more important than the customer. Complete the calculation until all of the
cells are filled. Then, calculate the sum of columns for each dimension.
TABLE V
MATRIX PAIRWISE COMPARISON AND SUMS OF THE COLUMNS
Matrix Pairwise Comparison
Financial Customer Internal Learning and Growth
Financial 1 2/3 2/3,5 4/5
Customer 3/2 1 3/3,5 6/5
Internal 3,5/2 3,5/3 1 7/5
Learning and Growth 5/4 5/6 5/7 1
Sum of Columns 5,5 3,666 3,142 4,4
To get the weight of each BSC attribute, divide the value of each cell by their sums of columns. Complete the
process until all cells are filled, then calculate the sum of rows. For the weight, divide the sum of rows by 4
(because there are four dimensions) to obtain the average.
TABLE VI
THE WEIGHT OF EACH BSC ATTRIBUTE
The Weight of Each BSC Attribute
F C I LnG sum of rows weight
F 0,182 0,182 0,182 0,182 0,727 0,182
C 0,273 0,273 0,273 0,273 1,091 0,273
I 0,318 0,455 0,318 0,318 1,409 0,352
LnG 0,227 0,227 0,227 0,227 0,909 0,227
The AHP methodology needs to calculate the Consistency Index (CI) to ensure the resulting weight is reliable.
Aprilianti et al.
Information Technology Governance Audit... 16
7. If the CI is less than 0.1, meaning that the comparison is consistent [15]. In this comparison, the CI value is
0.035534, meaning that this comparison is consistent. The following equation shows the calculated CI.
𝐶𝐼 = (
𝜆𝑚𝑎𝑥 − 𝑛
𝑛 − 1
) =
(4.106602 − 4)
4 − 1
= 0.035534 (3)
The matrix shows that the highest value of the BSC dimension is the internal dimension, which means that
the internal dimension is the first alternative for prioritizing IT-related goals (ITrG).
TABLE VII
PRIORITIZED ITRG
No. Dimension IT-related goals
1 Internal
ITrG-09 IT agility
ITrG-10 Security of information, processing infrastructure, and application
ITrG-11 Optimization of IT assets, resource, and capabilities
ITrG-12
Enablement and support of business process by integrating applications
and technology into business process
ITrG-14 Availability of reliable and useful information for decision making
ITrG-15 IT compliance with internal policies
After getting the prioritized ITrG, the next step is mapping the ITrG to the enabler goal by taking the highest
value of Primary (P) [24]. The mapping can be done by following COBIT 5 guidelines in the book of Enabling
Process by ISACA [23]. The mapping with a high value of P between ITrG to enabler goal can be seen in Table
VIII below.
TABLE VIII
A MAPPING BETWEEN ITRG AND ENABLER GOAL
ITrG-09 ITrG-10 ITrG-11 ITrG-12 ITrG-13 ITrG-14 ITrG-15 SUM P
EDM03 P S S P 2
EDM04 P P S 2
APO01 P S P S S S P 3
APO03 P S P S S 2
APO04 P P S S 2
APO07 S S P P S 2
APO12 S P P S S 2
APO13 P P 2
BAI04 S P S P 2
BAI10 S S P P S 2
DSS03 S P S P S 2
MEA01 S S P S S P 2
From the mapping, the domain APO01 has the highest value of P that is equal to 3. However, 11 domains
have the same value of P that is equal to 2. In this case, the stakeholders selected the most related domains to
the company’s needs [25] which are MEA01 and APO07. So, the domains for this research are APO01 (Manage
the IT Management Framework), MEA01 (Monitor, Evaluate, and Assess Performance and Conformance), and
APO07 (Manage Human Resource).
E. Process Assessment Model
Process assessment is carried out by giving questionnaires to several stakeholders by using RACI Chart. The
RACI chart is used to determine respondents on the capability level questionnaire [17]. RACI Chart consists of
R (Responsible), A (Accountable), C (Consulted), I (Informed). The organizational structure of PDAM Tirta
Patriot does not fully correspond to the RACI chart in COBIT 5. Therefore the mapping results are
Ind. Journal on Computing Vol. 6, Issue. 2, September 2021 17
8. representative of the RACI chart in COBIT 5. Here is the mapping between the organizational structure of
PDAM Tirta Patriot and the RACI Chart. The details may be found in Attachment 5.
TABLE IX
A MAPPING BETWEEN COBIT 5 STAKEHOLDER AND ORGANIZATIONAL STRUCTURE OF PDAM TIRTA PATRIOT
COBIT 5 Stakeholders Organizational Structure of PDAM Tirta Patriot
Chief Executive Officer (CEO) Direktur Utama PDAM Tirta Patriot
Head of Human Resource (Head of HR) Kabag Kepegawaian PDAM Tirta Patriot
Compliance Kabag Pengawas Internal PDAM Tirta Patriot
Head of IT Administration Kasubag IT PDAM Tirta Patriot
The questionnaires are only given to RACI’s roles in each domain process. Here is an example of RACI’s
roles in the domain process of MEA01 in the organizational structure of PDAM Tirta Patriot. The details may
be found in Attachment 6.
TABLE X
THE EXAMPLE OF RACI IN DOMAIN PROCESS MEA01
Domain CEO Head of HR Compliance Head of IT Administration
MEA01.01 A C C I
MEA01.02 I C I
MEA01.03 C I
MEA01.04 C C C
MEA01.05 I C C C
We can analyze the current capability level and the gap between the current capability level and the target
capability level for each domain from the questionnaires. The target capability level that stakeholders selected
is level 2.
F. Recommendation
After getting the gap analysis, recommendations are given based on the unfulfilled work product/general work
product for each process attribute in each domain. Recommendations are expected for each process attribute to
meet its target level.
IV. RESULTS AND DISCUSSION
The following results from the process assessment of the current capability level of IT governance in PDAM
Tirta Patriot in the domains APO01, MEA01, and APO07. The assessment process is carried out by matching
the answer of the questionnaire with collections of evidence in the form of a work product or generic work
product for each domain. The details may be found in Attachment 7.
A. Capability Level
TABLE XI
CAPABILITY LEVEL APO01
APO01
Process
Attribute
% Base
Practice
(% BPs)
% Outcomes
(% Os)
Work
Product
(WPs)
Percen
tage
Rating Level
1.1
(Process
Performance)
BP01 = 100 %
BP02 = 50 %
BP03 = 100 %
BP04 = 100 %
BP05 = 100 %
Os01 ((BP01 + BP02 +
BP03 + BP05 + BP07 +
BP08)/6) =
(100%+50%+100%+100
%)/6 = 58.33 %
WP05, WP06,
WP07, WP08,
WP01, WP13,
WP03, WP04.
(58.33
% +
50%)/
2 =
L
1
Aprilianti et al.
Information Technology Governance Audit... 18
9. BP06 = 0 %
BP07 = 0 %
BP08 = 0 %
Os02 ((BP04 + BP06)/2)
= (100%)/2= 50 %
54.1
%
2.1
(Performance
Management)
% Base Practice (% BPs)
Percen
tage
Rating
GP2.1.1
= 0%
GP2.1.2
= 0%
GP2.1.3
= 0%
GP2.1.4
= 0%
GP2.1.5
= 100%
GP2.1.6
= 0%
(100%
)/6 =
16.7%
P
TABLE XII
CAPABILITY LEVEL MEA01
MEA01
Process
Attribute
% Base Practice
(% BPs)
% Outcomes
(% Os)
Work
Product
(WPs)
Percentage Rating Level
1.1
(Process
Performance)
BP01 = 0 %
BP02 = 0 %
BP03 = 0 %
BP04 = 100 %
BP05 = 100 %
Os01 ((BP01)/1) = 0%
WP05, WP06,
WP07.
(100% +
100 %)/5
= 40 %
P 0
Os02 ((BP02)/1) = 0%
Os03 ((BP03)/1) = 0%
Os04 ((BP05)/1) =
100%
Os05 ((BP04)/1) =
100%
TABLE XIII
CAPABILITY LEVEL APO07
APO07
Process
Attribute
% Base Practice
(% BPs)
% Outcomes
(% Os)
Work
Product
(WPs)
Percentage Rating Level
1.1
(Process
Performance)
BP01 = 33. 3 %
BP02 = 100 %
BP03 = 33.3 %
BP04 = 33.3 %
BP05 = 0 %
BP06 = 100 %
Os01 (BP01 + BP02 +
BP05)/3 = (33.3% +
100 %)/3 = 44.43 % WP01, WP05,
WP08, WP13,
WP14, WP15.
(44.43% +
55.53%)/2
= 49.98 %
P 0
Os02 ((BP03 + BP04 +
BP06)/3 = ((33.3% +
33.3% + 100%)/3 =
55.53%
The percentage in the process attribute (PA) is adjusted to the rating scale in Table II. The percentage of
domain APO01 PA 1.1 is 54.1%, which means it has rating scale of largely achieved (L). In this case, if the
percentage is >50%, it can be continued to the next PA according to the criteria in Table III. Since PA 1.1 is
largely achieved so that it can be continued to PA 2.1. PA 2.1 has a percentage of 16.7%, which means it is
partially achieved (P) since the rating is partially achieved, so it cannot be continued to PA 2.2.
Next, the percentage of domain MEA01 PA 1.1 is 40%, which means it is partially achieved (P), so it cannot
be continued to PA 2.1. The percentage of domain APO07 PA 1.1 is 49.98%, which means it is partially
achieved (P), so it cannot be continued to PA 2.1. None of the domains have reached the target capability level,
precisely level 2.
B. Gap Analysis
After getting the current capability level of each domain, the gap between the current capability level and
target capability level can be seen in Table XIV below.
Ind. Journal on Computing Vol. 6, Issue. 2, September 2021 19
10. TABLE XIV
GAP ANALYSIS
Process
Name
Process Capability Level Current
Capability
Level
Target Capability
Level
Gap
1 2
PA 1.1 PA 2.1 PA 2.2
APO01 54.1 % 16.7 % - 1 2 1
MEA01 40% - - 0 2 2
APO07 49.98% - - 0 2 2
C. Recommendation
Recommendations are provided based on the unfulfilled work product (WP) or generic work product (GWP)
based on the book of Process Assessment Model (PAM): Using COBIT 5 [26]. Recommendations can be seen
in Table XV, Table XVI, and Table XVII below.
TABLE XV
RECOMMENDATION FOR APO01
APO01
Process
Attribute
Work Product
(WP)/General
Work Product
(GWP)
Recommendation
1.1
APO01-WP02
Take remedial actions for non-compliance to maintain compliance with
policies and procedures
APO01-WP09 Conduct supervisory practices in determining IT roles and responsibilities
APO01-WP10
Conduct a capability assessment to manage the continual improvement of
process business
APO01-WP11
Conduct process improvement opportunities to manage the continual
improvement of business process
APO01-WP12
Establish performance goals and metrics for continual improvement of
business process
APO01-WP14 Create data classification guidelines to define system ownership
APO01-WP15 Create data security and control guidelines to define system ownership
APO01-WP16 Create data integrity procedures to define system ownership
2.1
APO01-GWP1.1 Create outline documentation about managing the IT management
APO01-GWP2.1 Create a detailed process plan of the objectives for managing IT management
APO01-GWP2.2 Create a detailed process plan of the objectives for managing IT management
APO01-GWP9.2 Create performance records that provide outcomes for managing IT
APO01-GWP4.3 Create a quality record of action when performance is not achieved
APO01-GWP1.4 Create documentation that provides the process owner and RACI
APO01-GWP2.4 Create a plan that includes performance experience and skill requirement
APO01-GWP1.6 Create documentation that provides supplier, customer, and RACI
APO01-GWP2.6 Create a plan that provides details of the communication plan
TABLE XVI
RECOMMENDATION FOR MEA01
MEA01
Process
Attribute
Work Product
(WP)/General Work
Product (GWP)
Recommendation
1.1
MEA01-WP01
Make requirements for monitoring IT activities in the form of daily/weekly
reports or in dashboard system
MEA01-WP02 Establish approved monitoring goals and metrics for monitoring activities
MEA01-WP03 Set the targets of performance and conformance of monitoring activities
Aprilianti et al.
Information Technology Governance Audit... 20
11. MEA01-WP04 After conducting monitoring, then create documents for processed
monitoring data
TABLE XVII
RECOMMENDATION FOR APO07
APO07
Process
Attribute
Work Product
(WP)/General Work
Product (GWP)
Recommendation
1.1
APO07-WP02 Establish competency and career development plans for IT employee
APO07-WP03 Establish personnel sourcing plans for IT employee
APO07-WP04 Create skills and competencies matrix of each IT employee
APO07-WP06 Reviewing the IT employee skill and competencies matrix reports
APO07-WP07
Evaluating employee job performance by making report of IT employee
personnel goals
APO07-WP09
Evaluating employee performance by making improvement plans for IT
employee
APO07-WP10 Make records regarding the inventory of business and IT human resources
APO07-WP11 Create document about resourcing shortfall analyses
APO07-WP12 Create records about resource utilization
V. CONCLUSION
Based on the assessment process results, PDAM Tirta Patriot has not reached the target capability level,
precisely level 2 in the domains APO01, MEA01, and APO07. The current capability level of APO01 is level
1, and both MEA01 and APO07 are in level 0. Therefore, the gap between the current capability level and the
target capability level in APO01 is 1, and both MEA01 and APO07 are 2.
Domain APO01 can reach the rating scale of largely achieved (L), meaning that there is evidence of
systematic approach and significant achievement, but some weaknesses are related to the attribute. Domain
MEA01 and APO07 can reach the rating scale of partially achieved (P), meaning that there is some evidence of
an approach and some achievements, but some achievements may be unpredictable. Recommendations are
provided based on the unfulfilled work products/general work products that have not been achieved/existed in
each process attribute.
ACKNOWLEDGMENT
The author would like to thank God, parents, family, university lecturers, especially TA supervisors Bapak
Eko Darwiyanto, S.T., M.T., and Bapak Yanuar Firdaus, S.T., M.T., PDAM Tirta Patriot Kota Bekasi, myself,
and also friends.
REFERENCES
[1] L. Al Omari, “IT Governance Evaluation : Adapting and Adopting The COBIT Framework for Public Sector Organisations,” p.
266, 2016.
[2] A. S. Abdul Hakim, Hoga Saragih, “Evaluasi Tata Kelola Teknologi Informasi dengan Framework COBIT 5 di Kementrian
ESDM (Studi Kasus pada Pusat Data dan Teknologi Informasi ESDM),” doi: 10.1017/CBO9781107415324.004.
[3] A. Al-Hatmi, “Analysis of ICT Strategic Alignment In a Public Organisation,” p. 306, 2012.
[4] Walikota Bekasi, “Berita daerah kota bekasi,” Keputusan Walikota Bekasi No 45 Tahun 2016, pp. 1–18, 2016.
[5] PDAM Tirta Patriot, “Perjanjian Kerjasama PDAM Tirta Patriot Tentang Perpanjangan Kontrak,” Bekasi, 2019.
[6] Badan Peningkatan Penyeleggaraan Sistem Penyediaan Air Minum, “Rencana Strategis Badan Peningkatan Penyeleggaraan
Sistem Penyediaan Air Minum,” 2018.
[7] A. D. Andriana, “Audit Tata Kelola Teknologi Informasi ( It Governance ) Di Pdam Tirtawening Kota Bandung Menggunakan
Cobit 5 Universitas Komputer Indonesia,” 2014.
Ind. Journal on Computing Vol. 6, Issue. 2, September 2021 21
Attachment: https://drive.google.com/file/d/1W0L0ckUxEZS2kXFWcwqd1_jKesrk4WLb/view?usp=sharing
12. [8] I. W. S. Pramana, P. R. Iswardani, and P. A. Mertasana, “IT Governance Evaluation of Hotel Warehouse Section Using the
COBIT 5 Framework,” Int. J. Eng. Emerg. Technol., vol. 3, no. 2, pp. 5–12, 2018.
[9] Y. Ozdemir, H. Basligil, P. Alcan, and B. M. Kandemirli, “Evaluation and Comparison of Cobit, ITIL and ISO27K1 / 2 Standards
Within the Framework of Information Security,” Int. J. Tech. Res. Appl., vol. 11, no. 11, pp. 22–24, 2014.
[10] ISACA, “Lessons Learned While Combining COBIT 5 and ITIL.” [Online]. Available: https://www.isaca.org/resources/news-
and-trends/industry-news/2019/lessons-learned-while-combining-cobit-5-and-
itil?__cf_chl_captcha_tk__=8af20d71d8e65061ff051408e4f90a446083d26d-1621921478-0-
AeAbJUOmLQwYSgMNtMUG6TEyu43UYhWZJRU53lWjIKIYOCcEz_K05Ptb_WrcDFm. [Accessed: 25-May-2021].
[11] B. Sony and L. Borges, “Comparison of COBIT 5 and ITIL V3 using Semantic Analysis,” no. October, 2018.
[12] R. Almeida, R. Lourinho, M. M. Da Silva, and R. Pereira, “A model for assessing COBIT 5 and ISO 27001 simultaneously,”
Proceeding - 2018 20th IEEE Int. Conf. Bus. Informatics, CBI 2018, vol. 1, no. July, pp. 60–69, 2018, DOI:
10.1109/CBI.2018.00016.
[13] J. W. Lainhart, COBIT 5: A business framework for the governance and management of enterprise IT COBIT 5. 2012.
[14] A. M. Hisyam, A. Wiratama, and A. D. Arianto, “Evaluasi TI PDAM Tirta Satria Menggunakan Framework Cobit 5 pada Domain
MEA ( Monitor , Evaluate , And Assess ) Universitas Amikom Purwokerto,” vol. 5, pp. 1–8, 2019.
[15] J. Lee, J. Lee, and K. Lee, “A study on the priority decision making of processes for IT governance based on the IT-related goals
of COBIT 5,” Proc. 31st Int. Bus. Inf. Manag. Assoc. Conf. IBIMA 2018 Innov. Manag. Educ. Excell. Through Vis. 2020, pp.
5445–5455, 2018.
[16] Cynthia Octaria, “Audit Tata Kelola Teknologi Informasi di Universitas Lampung Menggunakan Framework COBIT 5 Fokus
Domain EDM (Evaluate, Direct and Monitor),” Univ. Lampung, 2017.
[17] D. F. Murad, E. Fernando, M. Irsan, R. R. Kosala, B. Ranti, and S. H. Supangkat, “Implementation of COBIT 5 Framework for
Academic Information System Audit Perspective: Evaluate, Direct, and Monitor,” Proc. ICAITI 2018 - 1st Int. Conf. Appl. Inf.
Technol. Innov. Toward. A New Paradigm. Des. Assist. Technol. Smart Home Care, pp. 102–107, 2018, DOI:
10.1109/ICAITI.2018.8686700.
[18] P. Copy and R. R. Sabilillah, “COBIT Self-assessment Guide: Using COBIT 5.”
[19] A. Mutiara, Prihandoko, E. Prasetyo, and C. Widya, “Analyzing COBIT 5 IT Audit Framework Implementation Using AHP
Methodology,” Int. J. Informatics Vis., vol. 1, no. 2, pp. 33–39, 2017, DOI: 10.30630/joiv.1.2.18.
[20] T. L. Saaty, “The Fundamentals of Decision Making and Priority Theory with the Analytic Hierarchy Process,” Vol. VI AHP
Ser. , 478 pp., RWS Publ., 2000 (revised). ISBN 0- 9620317-6-3.
[21] A. Arief, D. Natsir, A. Khairan, and D. I. Sensuse, “IT Governance Audit and Determination of Work Priorities Using Analytical
Hierarchy Process: Case Study the Government of North Maluku, Indonesia,” J. Phys. Conf. Ser., vol. 1577, no. 1, 2020, DOI:
10.1088/1742-6596/1577/1/012046.
[22] J. Ramík, Pairwise Comparisons Method: Theory and Applications in Decision Making, vol. 690. 2020.
[23] ISACA, Enabling Processes. 2012.
[24] I. Maghfiroh, Murahartawaty, and R. Mulyana, “Analisis dan Perancangan Tata Kelola TI Menggunakan COBIT 4.1 Domain
Deliver And Support (DS) PT XYZ,” J. Sist. Inf. (Journal Inf. Syst., vol. 12, pp. 82–89, 2016.
[25] E. Hardiansyah, E. Darwiyanto, and I. Asror, “Audit Tata Kelola Teknologi Informasi Menggunakan Framework COBIT 5 pada
Domain DSS dan MEA (Studi Kasus : Bappeda Kabupaten Tulungagung),” e-Proceeding Eng., vol. 6 No. 2, no. 3, pp. 8727–
8740, 2019.
[26] ISACA, COBIT ® Process Assessment Model (PAM): Using COBIT ® 5. 2013.
Aprilianti et al.
Information Technology Governance Audit... 22