Improve IT Governance Research Articles

Information Technology Governance Between Iso 38500, Risk It and Val It in Private University

This study explores the application of the ISO 38500, Risk IT, and Val IT frameworks in improving IT governance at the university. ISO 38500 provides general guidance for IT management by boards of directors, while Risk IT focuses on IT risk management and Val IT focuses on managing the value of IT investments. Qualitative research methods were used, including interviews with key stakeholders at Pamulang University. The research results show that the integration of the ISO 38500, Risk IT, and Val IT frameworks has helped universities optimize strategic decision-making regarding IT. Implementation of this framework increases transparency, accountability and holistic IT risk management across the university. However, challenges faced include a lack of deep understanding of the framework and the need to ensure consistency in implementation. Recommendations for the university include more intensive training for staff, strengthening communication between different units, and developing performance metrics that align with the university's strategic goals. This research makes an important contribution to the practical understanding of implementing effective IT governance in higher education environments, by highlighting the benefits and challenges of integrating the ISO 38500, Risk IT, and Val IT frameworks.

Evaluation of IT Risk Management in DISKOMINFO of Magelang Regency using COBIT Framework 2019 Objectve EDM03 & APO12

Purpose: This research aims to measure the current condition level (capability level) of DISKOMINFO and then conduct a Gap analysis so that it can provide recommendations for improving IT governance related to IT risk management.Design/methodology/approach: The framework used is COBIT 2019, which will focus on 2 objectives: EDM03 (Evaluate, Direct, and Monitor) & APO12 (Align, Plan, and Organize). The data used in this study were obtained through interviews, observation, and distribution of questionnaires which had been mapped using the RACI Chart.Findings/result: The results of the assessment show that the capability level/capability level according to DISKOMINFO is level 2 for each objective. Recommendations focus on making documentation of risk management activities in the form of risk guidelines, risk acceptance, activities for risk management methods, as well as the application of risk management evaluation of IT which is used by DISKOMINFO on a regular basis.Originality/value/state of the art:From various types of risk management research with different frameworks, this research will use the COBIT 2019 performance standards to carry out information technology risk management. Where COBIT 2019 is the latest version of COBIT which was prepared to help companies manage and manage resources to achieve existing goals. COBIT 2019 has a broader scope than ISO SO/IEC 17799:2005 which includes a combination of principles that have been embedded and known as reference models (such as COSO), and are aligned with IT standard infrastructure.

Identification of IT Governance Capability Level of COBIT 2019 at The KOMINFO City of Bitung, North Sulawesi

Effective information technology governance (ITG) is vital for managing risks and ensuring proper oversight of IT in government organizations and enterprises. However, many organizations struggle with implementing effective ITG strategies, resulting in a higher likelihood of cybersecurity breaches, operational inefficiencies, and financial losses. This study addresses the urgency of improving ITG by assessing the capability level of ITG within the Ministry of Communication and Information Technology (KOMINFO) in Bitung, North Sulawesi, using the widely recognized COBIT 2019 framework. By conducting interviews with key IT personnel, the study quantifies the capability level of eleven core models and highlights areas that require improvement. The results underscore the critical importance of designing and implementing effective IT governance to mitigate risks and enhance IT oversight in government organizations and enterprises. The study's findings can serve as a foundation for future efforts to improve IT governance in KOMINFO and other organizations, ultimately contributing to a safer and more secure IT environment.

A multi-method study on the barriers of the blockchain technology application in the cold supply chains

PurposeThe cold supply chain industry is still emerging and digital transformation is in the nascent stage in this industry. This paper argues that there are various barriers to implementing blockchain technology in the cold supply chain and aims to develop and validate a model for overcoming key barriers to implementing blockchain technology in the cold supply chain.Design/methodology/approachThe adoption of blockchain technology was proposed through interpretive structural modeling (ISM) and further it is validated using structural equation modeling (SEM).FindingsIn this study, ten key barriers to implementing blockchain technology in the cold supply chain were identified, modelled and analysed. Poor leadership style of top management was found to be the most important barriers to implementing blockchain technology in the cold supply chain. The results of SEM indicate that all the paths are supported. The findings showcase the barriers responsible for the lack of blockchain technology infrastructure that ultimately impacts the cold supply chains.Practical implicationsThis study highlights the fact that the fate of blockchain technology infrastructure development depends on the leadership style of top management. Demonstrating good leadership style by top management can help overcome the barriers. A good leader pulls the entire team instead of pushing the team. A good leader can guide the entire team to improve IT governance, financial investment, digital footprint, digital readiness, skills and collaboration with service providers to implement blockchain technology. Not only that, a good leader provides mental strength to the team and helps overcome the fear of implementing blockchain in the cold supply chain. A good leader demonstrates good administrative skills and focus on security and privacy policies.Originality/valueThis is a novel contribution towards analysing the key barriers to implementing blockchain technology in the South African cold supply chain using the integrated ISM–MICMAC and SEM approach.

Business Architecture Modeling in Public Services of the Papua Police

The system at The Papua Police Department requires good and sustainable management and maintenance, one of which is the implementation of IT Governance. The objectives of this study are Explain in detail the conditions of IT Governance in the Papua Police Department; Explain the capability level of IT Governance in the Papua Police Department; Develop a draft for improving IT Governance in the Papua Police Department. This study uses business architecture, the results based on the business architecture which can be used as recommendations for IT governance at the Papua Police Department. The business architecture carried out consists of proposals, namely the public services of the Papua Regional Police are integrated at one application door or web pages that are integrated with public service institutions where there will be coordination and continuity in responding to information, as well as applications or web pages that can input information, data and all kinds of information will be archived neatly so that when tracing the information you want to search for will be more easy, input data automatically, archiving data digitally. Then a gap analysis was carried out and 6 gaps were found between the current and proposed public service business architecture model of the Papua Regional Police. Keywords: IT Governance, Architecture Business, Papua Police Department, IT Services

Capability Level Analysis of IT Governance Using COBIT 5 on Continuity and Availability Of Services (Case Study: LMS Spada Wimaya)

Purpose: This study aims to assess the capability level to determine the condition of the capability level as-is, to-be, gap analysis and provide recommendations for improving IT governance in the continuity and availability process of LMS Spada Wimaya service. Design/methodology/approach: The capability level assessment refers to the COBIT 5 Process Assessment Model (PAM) assessment criteria with the research stages adopting the COBIT 5 Assessment Process Activities. Findings/result: Based on the urgency and problems that occur in LMS Spada Wimaya related to the continuity of service availability, the appropriate COBIT 5 enterprise goals are chosen, namely Business Service Continuity and Availability which describes in achieving the vision and mission goals of UPN "Veteran" Yogyakarta related to the procurement of LMS Spada Wimaya. The process of mapping results is prioritized based on impact and importance. The results of the assessment of the current capability level (as-is) in the BAI06, DSS03, DSS05, and MEA01 processes are at level 2 with the expected target capability level (to-be) at level 3 with a gap level of 1. DSS01, DSS02, and DSS04 are at level 1 with a target capability level (to-be) expected at level 3 with a gap level of 2. output criteria, setting performance goals and targets, making Standard Operating Procedures (SOP), conducting performance assessments to ensure compliance. Originality/value/state of the art: This study has the same focus as previous research, which is measuring the ability of the IT governance level with the criteria for the COBIT 5 Model Assessment Criteria (PAM), but is implemented in a different case study and the focus of the process is in accordance with the results of mapping the alignment of organizational goals with COBIT 5 IT goals according to urgency and problems that describe in achieving the vision and mission of the object of research.

EVALUATION OF MOBILE APPLICATION BPJSTKU USING COBIT 5 FRAMEWORK (STUDY CASE: BPJS KETENAGAKERJAAN)

BPJS as a social security to provides protection to all workers in Indonesian utilize especially mobile application in providing information and services to all BPJS customer anytime and anywhere without having to BPJS branch office. Beginning in 2019 BPJS has mobile application with the name as a continuation of BPJSTK Mobile has been made previously. The addition of new features and improvements to the mobile application apparently still provides problem and complaints from workers addressed to the BPJS branch office, BPJS complaints services, and BPJS contact center. For this reason, it’s necessary to evaluate the implementation of mobile application as a whole to assist BPJS in achieving the objectives to improving IT governance and management of BPJS . This study aims to evaluate the mobile application using the COBIT 5 which has been implemented in BPJS . In this case the evaluation will be carried out using , service, and support (DSS) domain and the domain monitor, evaluate, and assess (MEA) which in the end will be measured the capability level as well as recommendations for improvement and gap analysis on the mobile application .

Monitoring system based on ELK Stack to improve IT governance

Currently, monitoring tools in the market help to maintain in optimal conditions the IT infrastructure and thus improve the IT management of an organization providing a strategic alignment. Objective: The objective of the study is to analyze how to respond quickly to incidents that originate in IT resources, through a monitoring system based on ELK Stack, leading to an improvement in IT governance within the organization. A review of different sources of bibliographic documents no older than 5 years and with articles described as research was made. Within IT governance, a monitoring tool based on ELK Stack generates flexibility by generating reports with clean data and facilitates decision making through dynamic dashboards. ELK Stack being an Open Source framework, divided into 3 tools with different purposes, prioritizes the adaptation of adequate monitoring to an organization's plans with IT. The implementation of a monitoring system not only improves the response time to incidents, but also improves the performance of personnel at the operational level and at the managerial level.

Pengukuran Tingkat Kapabilitas Tata Kelola Teknologi Informasi Menggunakan Framework Cobit 5 dan Rekomendasi Perbaikan (Studi Kasus: Badan Pengembangan Teknologi Informasi)

This study aims to measure the level of IT Governance capability and provide recommendations for improving IT Governance in Information Technology Development Institute using COBIT 5. The domains chosen in this research are APO and BAI in order to improve IT services and optimize IT implementation in BPTI environment. The research method used are interviews and questionnaires in obtaining research data. Based on the results of the study, it was found that the measurement of the eight selected processes indicated that most of the processes were already at level 1, and a few were at level 0. Based on the results of prioritization, the process that became the top priority in making improvements was APO07, namely Managing Human Resources. This research was only carried out in eight processes which were in accordance with previously mapped, so that this research was more complete and comprehensive, it could be carried out using other process areas in COBIT 5.

Information Technology Capability Process Measurement in Organization using Cobit 5

The purpose of this research is to know the priority IT process in IT department at XYZ Organization and to know the level of capability in each IT process priority at IT department at XYZ organization. The data used and processed in this research were obtained from interviews with IT Director, IT Governance Supervisor, IT Development Supervisor, IT Operations Supervisor and Information Management Supervisor, and also observed the processes in the IT department. The result is obtained by priority IT processes and the level of capability in each of the priority IT processes at XYZ Organization. Based on the case study analysis, in order to create IT governance in accordance with the standards in the COBIT 5 framework, the organization have to improve IT governance thoroughly and continuously and fulfill the criteria in the COBIT 5 framework for all IT process in XYZ Organization.

EVALUASI TATA KELOLA DAN AUDIT SISTEM INFORMASI RUMAH SAKIT GANESHA DENGAN MENGGUNAKAN KERANGKA KERJA COBIT 5

Ganesha Hospital has implemented IT using SIMRS Ganesha in collaboration with Vendor CV Nayaka to create the system. But there are still problems in the application of the Ganesha SIMRS. In its application there are still errors in recording the patient's medical records that have an impact on the determination of patient medication as well as inputting patient administration payment data, this problem is included in the EDM4 domain (ensuring resource optimization) and APO7 (managing human resources), BPJS verification issues, namely for BPJS verification. health cost control and the absence of BPJS system integration, this problem is included in the DSS6 domain (managing and controlling business processes) and patient database maintenance has not been done, and if maintenance is not done, then the data in Ganesha Hospital is invalid this problem is included in the domain MEA3 (monitor, evaluate and evaluate conformity with external needs). Because there are still obstacles in the information technology governance system at Ganesha Hospital it is deemed necessary to be studied more deeply by evaluating governance. The method of research carried out based on the COBIT 5 framework uses the EDM4, APO7, DSS6, and MEA3 domains. Furthermore, calculations are performed with the ISO / IEC 15504 capability model. The results of the maturity of IT governance at SIMRS Ganesha are obtained with an average of 2.77 and are at level 3 (Established) with an average gap value of 2.23. To improve IT governance at Ganesh Hospital, it must improve governance in the EDM4, APO7, DSS6, and MEA3 domains according to recommendations.

PENGUKURAN MATURITY LEVEL CONTROL OBJECTIVE KE-8 DOMAIN DELIVERY AND SUPPORT : MANAGE SERVICE DESK AND INCIDENTS (Studi Kasus pada SIMAK di STMIK Mardira Indonesia)

In order for Higher Education to get maximum benefits and benefits, it is necessary to have a well structured Information Technology management. The implementation of information technology at STMIK Mardira Indonesia is one of which is the Academic and Student Management Information System that has been running from 2002 and continues to develop along with the increase in data managed and its functions. Maturity Level shows the condition of the success of IT governance and recommendations that can improve IT governance in accordance with the main objectives of STMIK Mardira Indonesia. The COBIT 4.1 domain used is the DS domain (delivery & support) and the focus of control objectives is DS8-Manage Service Desk and Incidents, the results of the DS8 maturity level calculation, as-is maturity level 2. While the want (to-be) that is level 3 By looking at maturity level 2, it is necessary to recommend to take corrective action in accordance with the Maturity Attribute that has been set through the COBIT 4.1 Framework Keywords : Information Systems, Information Technology Governance, COBIT 4.1 DOI: 10.5281/zenodo.3232913

Integrating Internal Control Frameworks for Effective Corporate Information Technology Governance

Abstract This paper analyzes and proposes how several internal control frameworks can be integrated to achieve effective corporate information technology governance. The fundamental tenet of the current literature in this area is that neither a single framework nor non-integrated multiple frameworks would suffice in achieving effective information technology security and governance. Using the extant literature, a deductive approach, and focusing on three popularized internal control frameworks ERM, COSO, and COBIT5, we propose a framework that can help organizations effectively and efficiently achieve information technology governance through their interaction. An integrated framework is one that links the key control objectives to strategic business objectives and, in doing so, addresses IT governance principles at both a strategic and operational level, whilst aligning IT and business management understanding of the key risk areas that characterize the organization’s goals (Goosen and Rudman, 2013). In addition, this fundamental alignment is expected to eliminate unnecessary controls and processes which in turn help improving IT governance. We expect firms seeking to adopt the proper IT governance to utilize the proposed integrated framework.

Antecedents of IT Governance Effectiveness: An Empirical Examination in Brazilian Firms

ABSTRACTAlthough some authors have stated that effective IT governance is crucial for any organization to achieve its corporate goals, little empirical research is available supporting the assumptions regarding the factors that determine the effectiveness of IT governance. This paper analyzes the main IT governance domains (i.e., IT strategic alignment, IT risk management, IT value delivery, IT resource management, and IT performance management) and the presence of several IT governance mechanisms that constitute antecedents of IT governance effectiveness. We used partial least squares (PLS) structural equation modeling to test our hypotheses based on survey data from 87 large Brazilian companies. Our results show IT strategic alignment, IT value delivery, IT risk management, and IT performance management have a positive and significant impact on the effectiveness of IT governance. Further, we found associations of structural, procedural, and relational mechanisms with the main IT governance domains suggesting their adoption can improve IT governance within organizations.

Improving Strategic Alignment

This study aims at providing organizations with new insight on how IT governance practices impact strategic alignment. The research is conducted as an in-depth case study in a large, multinational manufacturing and service company. The case reveals that improving IT governance practices is not sufficient to achieve high alignment, when the understanding of strategic value of IT is lacking. Improved alignment would require that IT is perceived as a strategic function in the organization and the IT governance treated accordingly. Bringing business and IT socially and culturally closer to each other is also required, but improving alignment on the social and cultural dimensions is dependent on the existence of the strategic direction: achieving alignment is difficult without common objectives between business and IT people. In general, the study illustrates limited impact of IT governance practices on alignment without requisite strategic direction.

An Analysis of Information Technology on Data Processing by using Cobit Framework

Information technology and processes is inter connected, directing and controlling the company in achieving corporate goals through value-added and balancing the risks and benefits of information technology. This study is aimed to analyze the level of maturity (maturity level) on the data process and produced information technology recommendations that can be made as regards the management of IT to support the academic performance of the service to be better. Maturity level calculation was done by analyzing questionnaires on the state of information technology. The results of this study obtainable that the governance of information technology in data processing in Mataram ASM currently quite good. Current maturity value for the data processing has the value 2.69. This means that the company / organization already has a pattern of repeatedly done in managing the activities related to data management processes. Based on the data analysis, there is an effect on the current conditions and expected conditions can be taken solution or corrective actions to improve IT governance in the process of data management at ASM Mataram gradually.

IT governance in the Brazilian central government: developments and constraints

This paper is based on a case study conducted from October 2011 to August 2012 in the Secretariat for Logistics and Information Technology SLTI of the Ministry of Planning, Budget and Management in Brazil. SLTI was successful in improving IT governance in the central government from the mid-2000s onwards, through the adoption of initiatives focused on: 1 enacting, disseminating and enforcing rules and regulations; 2 human resources training and skill development; 3 providing technical assistance through consultancies. The Secretariat effectively disseminated throughout public bodies of the central government the importance of establishing IT committees, conducting IT procurement planning and designing an IT strategy. Nonetheless, this study also shows a number of drawbacks that need to be addressed to further improve IT governance in the Brazilian central government. Particularly, it is necessary to increase the participation of non-IT management staff in the IT committees as a way of promoting greater alignment between IT strategies and organisational objectives and to intensify communication exchange between IT divisions in order to avoid duplication of procurement procedures and inefficient allocation of financial and human resources.

Detection of Strategies in IT Organizations through an Integrated IT Compliance Model

In the past few years, many frameworks and standards have been developed to cover different aspects of IT to provide best practices, such as COBIT, ITIL, CMMI, ISO/IEC 20000, ISO/IEC 38500 and ISO/IEC 27000, and improve IT governance and IT service management in organizations. This research presents how self-assessments for IT standards improve significantly the strategic and tactical evaluation of IT requirements. Self-assessments measure the state of an organization in relation to experts’ recommendations of a specific framework. As a result of the number and excellence of the current standards, the authors propose a Compliance Model (MOPLACO) that uses, as a starting point, a combination of self-assessments and standards to plan the early strategic and tactical stages of the IT departments.