IT Governance Implementation Research Articles

EVALUATION OF IT GOVERNANCE USING COBIT 2019 ON REGIONAL ASSET MANAGEMENT AGENCY OF DKI JAKARTA

An adequate level of IT availability can obtained by implementing IT Governance, which pay attention to all related issues service readiness, including services and resources. This research aimed to assess the IT Governance capability at the Regional Asset Management Agency (BPAD), a government institution responsible for asset management. The study specifically focused on issues related to data and information management, including leadership and risk management challenges. Using the COBIT 2019 Framework, data were collected through interviews and observations. The respondent of this research are 4 who work in the Data and Information Sub-Sector and one Head of Asset Administration. The findings revealed that the EDM 05 process achieved a capability level of 4, surpassing the organization's target. However, the APO 08 and APO 12 processes were rated at level 2, highlighting areas in need of improvement. The study provides recommendations to enhance BPAD's performance and optimize its business activities.

PENGUKURAN TINGKAT KEMATANGAN TATA KELOLA TEKNOLOGI INFORMASI STUDI KASUS: PT. TRIPLE “A”

In today's digital age, information technology (IT) plays a vital role in supporting and improving a company's business performance. This article measures the degree of IT governance maturity in PT. Triple “A” Securities using the Weill and Ross IT Governance model as well as the COBIT 4.1 framework. The scope of the research includes the analysis of the plan and organize process in COBIT 4.1 and the measurement of the maturity rate using the COBIT 4.1 Maturity Model. The results of the study show that some IT processes in PT are at the initial (initial) and repeatable (repeatable) maturity levels, with an average maturity rating of 1.85, indicating that the company is between level 1 (ad hoc) and level 2 (repetable). Further analysis is done on IT decisions, business strategy, IT strategy, and process control. The conclusions of this study provide insight into the IT governance patterns that exist in the PT. Triple “A” Securities and suggest areas of improvement to improve the maturity of IT governance in the future. This research is also expected to be a benchmark for companies in managing IT more effectively and efficiently, as well as identifying obstacles and encouraging the implementation of good IT governance.

The Effect of IT Governance Implementation on Decision-Making Performance (Case Study in PT XYZ)

This study aims to determine the effect of IT governance implementation on decision-making performance. This study uses qualitative data and population of the research is from interview data with 5 respondents from PT XYZ in different divisions, which are Management Information System division, Finance division, and consultant. The data analyzed using Atlas.ti software for processing qualitative data. The results of the study show that the implementation of IT Governance at PT XYZ has a significant impact on decision-making performance by focusing on performance measurement and establishing clear KPIs for evaluation. Furthermore, the adoption of an ERP system allows all business units to function within an integrated framework, improving their ability to make quicker, more reliable, and data-driven decisions.

EVALUASI SISTEM INFORMASI REGISTRASI (SIREG) SELEKSI PENERIMAAN MAHASISWA BARU (SIPENMARU) POLITEKNIK KESEHATAN KEMENKES SURAKARTA MENGGUNAKAN FRAMEWORK COBIT 2019

Health Polytechnic of the Ministry of Health Surakarta uses the Registration Information System (SIREG) as a tool for New Student Admission Selection (SIPENMARU) processing registration data in order to improve efficiency, performance and provide valid information . In implementing the Registration Information System, In the use of SIREG to date, no audit or evaluation of the implementation of the system has ever been carried out. Given the importance of the function of SIREG on performance performance in new student admission services, it is necessary to conduct an evaluation related to the assessment of the maturity level of the implementation of the SIREG application, with this evaluation it can determine the extent of the implementation of IT governance, especially in the Registration Information System. From this, the purpose of this study is to evaluate the maturity level of the Registration Information System. This research uses reference to the COBIT 2019 Framework framework domain, namely APO (Align, Plan and Organize): APO-04 and APO-12. The results of the maturity level research in the objective domain APO04 (Innovation Management) get a value of 3.3 with Level 3 Category: Defined and there is a gap of 1.7 so that agencies still need to prepare documentation related to the evaluation and follow-up of innovations in IT governance development, especially in the Registration Information System to achieve a maturity level achievement index of 4 (Quantitative), the objective domain APO12 (Risk Management) gets a value of 1.89 with Level 2 Category: Manage, and there is a gap of 3.11 so that agencies still need to prepare documentation related to planning, monitoring, evaluation and follow-up of IT governance risk management, especially in the Registration Information System to achieve a maturity level achievement index of 3 (Defined).

Penerapan Information Technology Infrastructure Library di Perusahaan Persero

Along with the times, many companies implement IT governance to create effectiveness and efficiency that can grow the company to become faster and bigger. The purpose of this paperwork is to find out the weaknesses and strengths regarding the implementation of IT governance, as well as lessons learned from PT Pos Indonesia Balikpapan City, PT Telkomsel, and PT PLN. The use of methods and data collection in making paperwork is through qualitative analysis and library research. From the research results, it can be stated that service quality is an important thing in these state-owned companies because it can affect customer satisfaction and requires the Information Technology Infrastructure Library version 3.0 (ITILv3) framework in evaluating or managing IT services effectively and efficiently.

IT Governance and Audit Risk in Jordanian Companies: The Moderating Role of Audit Quality

Purpose: In order to better understand how IT governance COBIT5 (planning and organization (PO), acquisition and implementation (AI), support and delivery (SD), monitoring and evaluation (ME), guidance and control (GC), and audit risks interact in Jordanian businesses, this study will examine the moderating role of audit quality. Design/methodology/approach: This study uses a mixed method combining quantitative and qualitative method. Primary data: IT governance and audit risk with questionnaires distributed to 528 workers from each of the 176 Jordanian companies. The three employees served as a representative sample from the finance, internal audit, and IT departments. Secondary data: Using SPSS software, the data was analyzed to determine the audit quality using the financial statements of Jordanian businesses listed on the Amman Stock Exchange for the year 2020. Results and conclusion: The results of this study have shown that the COBIT5 framework is an important accountability mechanism for motivating expected behavior in the workplace when it comes to technology use. Audit risk is directly affected by the IT governance structure. Practical implications: This study is important for companies in Jordan, by presenting an integrated framework in this study that combines IT governance, audit risks and audit quality. This study was expected to facilitate the companies' efforts by ensuring a sufficient degree of confidence in the applied accounting system and improving the information security within the system to maintain the organizations and audit quality at the same time. Originality/value: This study adds to the body of knowledge on IT governance, audit risk, and audit quality that has concentrated on developing nations, particularly Jordan.

Penyelarasan Tujuan dan Sasaran Bisnis Teknologi Informasi Menggunakan Kerangka Kerja COBIT 4.1

In carrying out its business strategy the company is now using information technology (IT) as a support to get certainty effective and efficient that the business strategy is working as expected. Thus IT is now becoming an integral part and integrated with an organization's business objectives so that the evaluation and monitoring of the effectiveness of the company's information technology governance are urgently required in order to know the extent of the application of IT in the company will affect the achievement of the vision, mission or strategic objectives. One very important process, aligning with business objectives and IT objectives. In this paper the alignment is done by reference to the standard IT governance good that standardization Framework COBIT 4.1 and in this paper also presents examples and techniques based on research that has been done, how to align business goals and objectives of IT, to find the appropriate evaluation in preparing IT governance based on best practices in accordance standardization COBIT. By knowing this alignment will allow companies to rearrange and implementing IT governance within the enterprise so that internal controls will be the utilization of IT can be applied to evaluate the shortcomings, weaknesses, and can improve the performance of IT in line and in accordance with its business strategy.

Evaluasi Tata Kelola Repository Perpustakaan UIN SUSKA Menggunakan COBIT 2019

The development of information technology is very influential on the business world and organizations so that IT governance is needed. This information technology is expected to be useful for stakeholders in making decisions. COBIT 2019 is an IT governance framework that meets the standards in implementing IT governance. The library at UIN Suska Riau has implemented information technology in storing and managing student final assignments or what is known as the UIN SUSKA RIAU Repository system. In conducting a business evaluation, the implementation of the Repository system needs to be maintained, monitored and evaluated for IT governance to determine the process and management of IT usage. After the analysis, it can be seen that the results of the evaluation using the EDM 01, EDM 02 and EDM 03 domains, show that IT governance in the library is at level 3 - established. With some notes that must be analyzed in the EDM 01 domain there is still a lack of communication in IT management, in the EDM 02 domain the application of IT values is not optimal, and what needs to be considered in EDM 03 is the lack of awareness of IT risks.

Analysis of Information Technology Governance Using Domain EDM in the SMP XYZ Jakarta

The main goal of this study is to assess SMP XYZ Jakarta's IT governance implementation and maturity. This report provides a complete analysis, strategic recommendations, and strategies for enhancing system efficiency and functionality to improve operational outcomes. A COBIT 5 maturity value evaluation at SMP XYZ Jakarta found GAP Analysis shortcomings in many domains. In particular, EDM01 and EDM02 exhibit possible governance structure and benefit distribution concerns with discrepancies of -0.33 and -0.16, respectively. Risk optimization is substantial for EDM03, which has a positive disparity of 0.34. EDM04 emphasizes efficient resource allocation with a differential of -0.33, whereas EDM05 signals stakeholder transparency needs with 0.17. The governance structure's strengths and weaknesses are shown by the average domain disparity of -0.31. Data from questionnaires reveal proficiency in subdomains like EDM01 governance framework construction. Also noted were benefits delivery (EDM02) and risk optimization (EDM03). EDM04 and EDM05's predicted level 3 progress supports SMP XYZ Jakarta's ambitious governance framework improvement target.

Design Factors in Evaluating and Formulating IT Governance Systems in Public Organizations

The application of information technology (IT) by central and regional governments to public services is intended to efficiently and effectively improve performance and public services. However, many studies have shown the ineffective application of IT. In Gorontalo province, this can be seen in the e-readiness value of Gorontalo province as a prerequisite for successful IT implementation, which is still at 58.15 points, which means that it is at a moderate level of readiness. This shows that implementing IT governance in the local government of Gorontalo province is still not optimal in terms of performance or public services. This study aims to identify the design factors that need to be considered when implementing IT Governance to achieve better public service performance. This study uses a quantitative approach based on a survey method. The results showed six models at Level 3: BAI06, BAI07, DSS01, DSS03, DSS04, and DSS05. In addition, four models were at level 4: APO12, APO13, BAI10, and DSS02. Levels 3 and 4 show that the IT governance capability of the Gorontalo provincial government in each model is not yet optimal. This study recommends that the Gorontalo provincial government evaluate and formulate an effective IT Governance system by focusing on each model's IT Governance design factors to improve public service performance.

Measurement of IT Security Governance Capabilities Using COBIT 2019 at Indonesian Business Sector

IT governance implementation in companies has occurred in the enterprise sector up to the BUMN scale. As stated in the Regulation of the Minister of Foreign Affairs Number 2 of 2013, Article 2(1) binds the business world. In the corporate sector, there are IT security issues. The measurement process uses the COBIT 2019 framework. The measurements taken will provide an analysis of the capacity level and gaps. Data was collected using quantitative (questionnaire) and qualitative (documentary studies and interviews) methods. The three relevant subdomains to measure are APO12 – Risk Management, APO13 – Managed Security, and DSS05 – Managed Security Services. The results of the capacity measurement show that the APO12 subdomain is at level 2, APO13 is at level 2, and DSS05 is stopped at level 2. These results indicate that there is a gap in the DSS05 subdomain. The results obtained show recommendations for improvement and level increase, especially in the DSS05 subdomain. The enterprise sector needs improvements in endpoint security policies, access policies, and event logs in IT incidents.

Information Technology Risks and Governance Disclosure: Evidence From Top 40 JSE Listed Companies

The study analyzed the extent to which information technology in the 40 JSE-listed companies discloses (IT) risks and governance. It also identified the similarities and differences between the South African King IV governance and other international IT governance and risk disclosure codes. We employed a qualitative content analysis technique and found that 32 of the top 40 JSE-listed entities (80%) completely complied with King IV and other international standards. In contrast, eight of the top forty JSE-listed businesses (20%) partly complied. Moreover, 79% (19/24) of provisions in King IV are similar to that of the international standards, while 21% (5/24) differ. The findings imply that most of the top 40 JSE-listed firms are protected from the consequences of non-compliance with IT risks and governance disclosure, such as going concern risk, fraud, and data manipulations. We also confirmed that King IV provisions regarding IT risks and governance aligned substantially with global standards, enhancing multinational firms' implementation of efficient IT risks and governance.

Leveraging COBIT 2019 to Implement IT Governance in Mineral Mining Company

Leveraging COBIT 2019 to Implement IT Governance in Mineral Mining Company

DESIGN OF INFORMATION TECHNOLOGY GOVERNANCE IN THE INFORMATION TECHNOLOGY DIVISION OF PT PLN USING THE FRAMEWORK COBIT 2019

In order to support the company's main business objectives, PLN UP3 Manokwari has implemented Information Technology (IT) which is structurally managed and implemented by the information technology division. However, information technology management in the IT division has not yet implemented information technology governance. To support the ongoing management of information technology, the information technology division of PLN UP3 Manokwari still uses the system manually. Manual management of information technology has many risks, this causes the company's main business objectives to not be achieved optimally. The method used in this study refers to the 2019 COBIT framework. From data analysis, it is known that the level of capability of the selected IT governance process in this study is the process in the domain EDM03, APO03, APO12, APO13, BAI01, BAI03, BAI06, BAI07, BAI11 , and DSS05 are mostly still at level 2, while the capability level expected by companies is mostly at level 4. The results of this study are in the form of recommendations for improvements aimed at achieving the expected level of capability by companies and design of IT governance as a reference for the IT Division PT PLN UP3 Manokwari in managing better IT processes to support the achievement of the company's main business objectives.

CAUSES OF INEFFECTIVE IMPLEMENTATION OF IT GOVERNANCE IN RISK MANAGEMENT: A SYSTEMATIC LITERATURE REVIEW

Information Technology Governance is currently widely implemented in companies. One of the domains that can be of concern is risk management. The application of TKTI in this domain can help companies identify, evaluate, reduce, and manage risks related to their business to achieve company goals better. In this case, three frameworks can be considered, including NIST, ISO 27001, and Octave, but implementing these frameworks only sometimes goes as planned. This study aims to identify the factors that cause the ineffectiveness of implementing Information Technology Governance (ITG) in the risk management domain using the NIST, ISO 27001, and Octave frameworks. Through an analysis of existing literature and data processing, this study found that factors such as lack of understanding of the framework, lack of adequate resources, and implementation challenges play an essential role in ineffectiveness. This study concludes by providing valuable insights for organizations seeking to strengthen their risk management capabilities.

Leveraging COBIT 2019 Framework to Implement IT Governance in Business Process Outsourcing Company

The company specializes in delivering information and technology services to businesses operating in the same industry. Recognizing the pivotal role of information technology in achieving its vision, mission, and goals, the company emphasizes the proper implementation of IT governance to drive overall company success. To evaluate the management of IT resources, the study employs the COBIT-2019 framework for measurement. The data collection approach encompasses interviews, questionnaires, observation, and document analysis. The findings indicate that most IT governance processes currently operate at level 2 capability. However, the company aspires to reach level 3 for these processes. Consequently, recommendations are proposed to enhance these processes based on the best practices outlined in COBIT-2019. Key suggestions include implementing performance measurements and facilitating access to knowledge repositories to foster skill and competency development.

A Literature Review: Implementation of Information Technology Governance in Indonesia

The current phase of technological development requires companies in Indonesia to take advantage of IT investments to support every business process in it. However, information technology governance is needed to avoid the mismatch of IT utilization with the company's business objectives. There are many frameworks needed to measure IT governance. In this study, the Cobit framework. This research is a Literature Review study to answer RQ1, which is related to the criteria for the literature study following the research, and RQ2 regarding the most frequently used domains. Of the 48 selected journals, 15 journals were found that matched the research criteria. The most frequently used domains in the 15 journals were the DSS (Deliver, Service, and Support) domain at number one and EDM (Evaluate, Direct, Monitor) at number two. DSS domain will recommend focusing on information technology service upgrades and organizational support. In contrast, the EDM domain will evaluate the available system.

CAN CYBER RISK OF HEALTH CARE FIRMS BE INSURED? A MULTINOMIAL LOGISTIC REGRESSION MODEL

ABSTRACT The healthcare sector is prone to Distributed Denial-of-Service and Ransomware attacks owing to unsecured networks and software. This results in stalling of outpatient and inpatient operations of a hospital. In this study, we propose an H-CRAM model that computes the risk of a cyber-attack based on the threat appraisal component of the Protection Motivation Theory (PMT) using multinomial logistic regression. We also hypothesize that training the healthcare staff, implementing IT governance, and intervening technology will decrease the probability of the occurrence of a cyber threat. The severity of the risk is computed using Collective Risk Modelling. Next, based on the coping appraisal component of PMT, Rational Choice Theory, and NIST guidelines, we propose that the CIO of a healthcare firm should first reduce the cyber-risk by investing in encrypting Electronic Health Records, Security Incident and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) tools. Then pass the residual cyber risk to a cyber insurer.

Evaluating a Framework for Implementing IT Governance in Uganda's Higher Institutions of Learning

The reliance on IT in day-to-day organization activities raises concern about how to deal with its increasing complexity. Managing IT necessitates implementing IT governance to realize the benefits of IT use. However, there is a lack of suitable frameworks to implement IT governance. For higher institutions of learning (HILs) in Uganda, the case is not different; hence, there is need to provide a framework to implement IT governance in Uganda's HILs. This paper therefore applies design science research principles to evaluate a framework for implementing IT governance in HILs in the context of Uganda. It was mainly achieved using a previous study in this environment as a basis. Framework evaluation was conducted using case study and expert opinion methods. Contrarily, the evaluation criteria was based on the framework understandability, ease of use, usefulness, and completeness. Results from the evaluation showed the framework satisfactorily implements IT governance in Uganda's HILs.

Leverage the COBIT 2019 Design Toolkit in an SME Context: A Multiple Case Study

Organizations today exploit IT to achieve business value and competitive advantages; it is the disruptive effect of digital transformation. However, investing in IT without proper control and governance over enterprise IT (GEIT) can expose organizations to cyber-risks and IT project failures. This problem affects both multinationals and small organizations. In particular, small and medium-sized enterprises (SMEs) struggle to implement IT-governance also due to the complexity of the standard IT-governance frameworks. In this study, five case studies were conducted with five manufacturing companies in Italy whose headquarters are located in the Lombardy region to investigate the potential benefits for IT practitioners of using the COBIT 2019 Design Toolkit, an Excel spreadsheet that facilitates the development of a governance system. The results are encouraging, the IT practitioners appreciated the COBIT 2019 Design Toolkit to map the IT resources and issues, prioritize the most important governance and management objectives, and align business and IT strategy. However, some criticalities emerged, for instance, the limited prescriptive power of the tool and the language, which is sometimes difficult to understand for IT practitioners. It should also be noted that current IT-governance implementation in Italian manufacturing SMEs appears to be very limited. Further, it should be highlighted that this study was using COBIT 2019 before ISACA issued “COBIT for Small and Medium Enterprises Using COBIT 2019” which could already have a positive impact on the level of comprehension.
 Keywords: COBIT 2019, IT-governance, IT-governance frameworks, multiple case study