INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 8, ISSUE 10, OCTOBER 2019 ISSN 2277-8616 IT Capability Level at Indonesia Higher : A Systematic Literature Review

Natalia Limantara, Raymond Kosala, Benny Ranti, Suhono Harso Supangkat

Abstract— Information Systems has an important role in supporting business processes that run in an institution. To ensure the implementation of information systems in line with institutional objectives, the information system must be managed properly by implementing IT Governance. Educational institutions also have an interest in this matter. To be able to compete with other educational institutions and ensure the quality of the three pillars of education (teaching, research, and community service) can run well, IT management in educational institutions must use the principles of IT Governance. The extent to which universities in Indonesia have implemented IT governance will be discussed in this article. Using a systematic literature review method, the author will discuss how the level of maturity of IT Governance from six universities in Indonesia. From these results will be obtained suggestions for the implementation of IT Governance that can be applied in universities in Indonesia.

Index Terms— COBIT 5, Higher Education, Indonesia, IT Governance, Capability Level ————————————————————

1 INTRODUCTION well. The three most widely used frameworks are COBIT, INFORMATION systems have an important role in ITIL, and ISO. supporting business processes that run within an institution. The purpose of this article is to find out how IT governance Information systems can help institutions to achieve their is applied in educational institutions in Indonesia. By studying vision, mission, and goals. of information the literature previously written, the author will look at how systems is the key to supporting this achievement. To support universities in Indonesia have implemented this IT good governance of information systems, it is necessary to governance in IT management. The author found 6 have a mechanism of IT Governance. IT Governance is the universities that are discussed in this article, which consists of ability of management, executive management and IT 2 public universities and 4 private universities. management to control the formulation and implementation of IT strategies and to ensure the integration of business and 2 LITERATURE REVIEW IT [1]. 2.1 IT Governance The ability to manage IT applies not only to companies, but ITGI (IT Governance Institute) defines IT governance as also to educational institutions. Educational institutions are leadership, organizational structure and processes that ensure beginning to see the importance of IT governance in IT that IT can sustainably develop the mission and goals of the management. How IT Governance can help to ensure that organization [2]. The three most important elements of the IT every process carried out and every IT investment spent can governance framework are the process, the structure and the benefit educational institutions. In addition, educational relational mechanism [3]. Process means the formalization and institutions must begin to develop IT and SI strategies that are institutionalization of IT strategy decisions or IT monitoring separate from institutional strategies in order to gain procedures. Structure means formal mechanisms and competitive advantage. structures to connect the business and IT decision-making Educational institutions also have an interest in the use of functions. While the relational mechanism involves an active IT. Three main activities within educational institutions, involvement of company executives, IT management and namely education, research, and community service must be business leaders [3]. The application of IT governance is supported by good use of IT. With the use of good and influenced by internal and external factors. Some factors that appropriate IT, academic and non-academic activities can run influence the implementation of IT governance include corporate culture, corporate structure, strategy, company size, industry, maturity, ethics and trust [2]. ————————————————  Natalia Limantara, Information Systems Department, School of Information Systems, and Computer Science Department, BINUS Graduate 2.2 IT Governance in Higher Education Institution Program – Doctor of Computer Science, Bina Nusantara University, Education institution started using IT to support the Jakarta, Indonesia 11480. E-mail: [email protected] learning and research process. In this facility, different types  Raymond Kosala, Computer Science Department, BINUS Graduate Program – Doctor of Computer Science, Bina Nusantara University, of IT are used to support various activities in it. The Jakarta, Indonesia 11480. E-mail: [email protected] application of IT governance requires the coordination of  Benny Ranti, Computer Science Department, BINUS Graduate Program – many parties and the commitment of management [4]. The IT Doctor of Computer Science, Bina Nusantara University, Jakarta, Indonesia 11480. E-mail: [email protected] strategic plan must plan in detail how IT should be developed,  Suhono Harso Supangkat, Sekolah Teknik Elektro dan Informatika, used and implemented in order to support learning and Institut Teknologi Bandung, Bandung, Indonesia. E-mail: research activities. IT governance is needed to ensure that [email protected] these goals can be achieved.

2085 IJSTR©2019 www.ijstr.org INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 8, ISSUE 10, OCTOBER 2019 ISSN 2277-8616

2.3 IT Governance Capability Level Indonesia. Capability levels in IT Governance can be found in the COBIT framework (Control Objectives for Information and 4 FINDINGS Related Technology). COBIT has been widely used to measure how well processes have been developed to support internal This article will discuss the Capability level of IT Governance control. The capability levels in COBIT 5 are divided into 6 from 6 universities in Indonesia, namely Atma Jaya University levels: 0 (incomplete process), 1 (performed process), 2 Yogyakarta [9], Udayana University [10], Bina Nusantara (managed process), 3 (established process), 4 (predictable University [11], UP2TI Faculty of Science and Mathematics process), and 5 (optimizing process)[5]. COBIT 5 is divided Diponegoro University [12], STMIK MBM [13], dan Dian into two areas namely governance and management. Nuswantoro University [14]. Table 1 shows summary of the Governance has 5 processes in 1 domain while management in articles used.. COBIT 5 has 32 processes which are divided into 4 domains TABLE 1 namely Align, Plan, and Organize (APO); Build, Acquire and SUMMARY OF ARTICLES Implement (BAI); Deliver, Service, and Support (DSS); and Publicatio Monitor, Evaluate, and Assess (MEA) [6]. COBIT was chosen Title Author Type to assess capability level in educational institutions because n Year the process in COBIT is in line with the planning stages in the Information Gabriella Sabatini, field of education and based on a survey of Price Waterhouse technology Djoko Budiyanto 2017 C Coopers in 2005, 75% of companies that use COBIT find governance Setyohadi, Yohanes COBIT very useful [7]. assessment in…[9] Sigit Purnomo Ayu Indah Saridevi, Evaluation of Dewa Made Integrated University 2019 C Wiharta, Nyoman Management…[10] Putra Sastra Information Angellia Debora Technology Service 2018 C Suryawan, Veronica Performance…[11] Beta Noranita, Capability Level at Satriyo Adhy, Ragil Faculty Information 2018 C Saputra, Rizal Technology…[12] Muhammad Wang Gunawan, Applying COBIT 5 in Engelina Prisca Higher Kalensun, Ahmad 2018 C Education…[13] Nurul Fajar, Sfenrianto Budi Widjajanto, Alignment Model of Dewi Agustini Fig 1. COBIT 5 [8] Quality Assurance 2018 C Santoso, Nova Rijati System of…[14]

3 METHODOLOGY Notes : C = Conference ; J = Journal This article was prepared using a systematic literature review approach. The first stage is the search process, where in this Capability level evaluation at the six universities uses the stage the keywords and databases are determined. The COBIT framework. To get the results of measurements at the keywords used in this article are: six universities, data collection was done using different methods. Data collection methods and respondents from the (“IT Governance” OR “ICT Governance” OR “COBIT”) AND six universities can be seen in table 2. (“University” OR “universities” OR “Higher Education”) TABLE 2 DATA COLLECTION TECHNIQUE To limit search, this article uses one database only, Scopus (www.scopus.com). The second stage is to determine the Data Collection Source Respondents exclusion criteria: the paper used has a publication time Technique between 2017 and 2019, deletes papers that do not use English, Survey, interview, IT Manager, Decision [9] and deletes papers that have incomplete information. From document study Maker the two stages above, 26 relevant documents were found in Questionnaire, literature the Scopus database. Of the 26 documents which, based on the [10] studies, observations, Students abstracts contained in these documents, the author found 14 interviews relevant documents. In the end, 6 documents were found that 65 Staffs from Deputy Vice [11] Questionnaire could answer the questions in this article, in which the six Rectors of Operation articles wrote about IT Governance at universities in [12] Questionnaires, interviews Dean III, UP2TI chairman 2086 IJSTR©2019 www.ijstr.org INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 8, ISSUE 10, OCTOBER 2019 ISSN 2277-8616

Data Collection Governan Source Respondents Management Technique ce Source and 4 UP2TI staff EDM APO BAI DSS MEA Secretary and head of programmers, directors, DSS03 at [13] Observation, interview CEO of the school, and level 3. school managers including DSS04 & IT manager DSS05 at Interview, observation, Level 4. [14] survey, documentation Not defined [11] - - - Level 2 - study EDM03 Each university has different characteristics so that the at Level 2. - object of IT Governance assessed is also different. In [12], the [12] - - - EDM04 IT Governance Capability Level assessment was carried out at at Level 1 the Faculty level only, namely the UP2TI (Management Unit APO02, BAI05 at and Information Technology Services) Faculty of Science and EDM05 APO09 at level MEA01, Mathematics Diponegoro University. UP2TI is responsible for at level level 1. BAI02 at MEA02, [14] - providing services related to information technology and EDM02 APO05, level MES03 at information systems for all academics at the Faculty of Science at level 2 APO07 at BAI08 at level 1. and Mathematics at Diponegoro University. Whereas in the level 2 Level 0 other five universities, the capability level assessment of IT Governance was carried out at the university level but with Capabillity level 0 (zero) means that the process is run different objects. The objects assessed at each university can be incorrectly or cannot achieve the expected goals. In [14], the seen in table 3. BAI08 (manage knowledge) process is still at level 0, which is related to the IT capability of employees working in this field. TABLE 3 Based on six literatures used, only Udayana University and RESEARCH OBJECTS Diponegoro University succeeded in reaching level 4. Source Research Objects Level Udayana University reached level 4 on two processes namely Information technology that support DSS04 (manage continuity) and DSS05 (manage security [9] education activities and operational University services) while Diponegoro University reached level 4 in one activities process namely EDM04 (ensure resource optimization). Level Academic Information System (IMISSU – 4 means that the process is implemented within certain [10] Integrated Management Information University boundary that allow the achievement of the results of the System of Udayana University) process. Based on [13], STMIK MBM implements COBIT 5 Information systems that support daily after experiencing problems related to data management [11] operational processes at Deputy Vice University where all major business processes still do data Rector of Operations documentation manually which causes the possibility of data UP2TI Faculty of Science and Faculty / loss and causes many complaints from students and staff. The [12] Mathematics (Management Unit and implementation of IT Governance in STMIK MBM has a Information Technology Services) Department positive impact on stakeholders where they can make an Redesign academic system and [13] University integration between the education system, business, and the IT developing e-learning application system. The application of IT Governance provides benefits Information technology in whole [14] University for STMIK MBM, among others, providing the right solution university for business and IT management, analysis and delivery of resource performance, and cost efficiency. Research on Based on the data collection activities that have been capability level of IT Governance in education institutions has carried out, table 4 shows the results of the IT governance also been carried out in Brunei Darussalam [7]. Data collected capability level of each research object in each university. through interviews with Directors and Chief Information

Officers of the ICT division at the four universities involved TABLE 4 with the research object are various information systems used IT GOVERNANCE CAPABILITY LEVEL to support the university's operational activities. It was noted Governan that there are no universities with a steering committee, only Management ce two universities that have strategic plans for ICT, and only Source half have the ability to identify and prioritize ICT projects. The EDM APO BAI DSS MEA value of capability level of IT Governance in the four universities is at the level of 1.46 to 1.80. The capability level of [9] - Level 3 Level 3 Level 3 Level 3 universities in Indonesia is slightly higher compared to DSS01, universities in Brunei Darussalam. [10] - - - - DSS02, & 2087 IJSTR©2019 www.ijstr.org INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 8, ISSUE 10, OCTOBER 2019 ISSN 2277-8616

5 CONCLUSIONS Information System Using COBIT 5 Domain DSS,‖ in 2018 International Conference on Smart Green COBIT 5 is a framework that is widely used in the application Technology in Electrical and Information Systems of IT Governance in educational institutions. This article (ICSGTEIS), 2018, pp. 210–214. discusses six literatures on IT Governance capability level in [11] A. Debora Suryawan and Veronica, ―Information six universities in Indonesia. It was found if there were still Technology Service Performance Management Using universities that had COBIT processes at level 0 and the COBIT and ITIL Frameworks : A Case Study,‖ in 2018 highest level that was achieved was level 4. Based on the International Conference on Information Management literature used there were no universities that had reached and Technology (ICIMTech), 2018, pp. 223–228. level 5. With this condition it can be concluded if the [12] B. Noranita, R. Saputra, S. Adhy, and R. Muhammad, implementation of IT Governance in educational institutions is ―Capability Level at Faculty Information Technology still at an early stage. For further research, researchers could Unit Using COBIT 5,‖ in 2018 2nd International Conference on Informatics and Computational focus their discussion on the archetype of IT Governance to be Sciences (ICICoS), 2018, pp. 1–6. implemented in educational institutions because literature that [13] W. Gunawan, E. P. Kalensun, A. N. Fajar, and addresses this has not yet been found. Sfenrianto, ―Applying COBIT 5 in Higher Education,‖ IOP Conf. Ser. Mater. Sci. Eng., vol. 420, p. 012108, REFERENCES Oct. 2018. [1] W. Van Grembergen, S. De Haes, and E. Guldentops, [14] B. Widjajanto, D. Agustini Santoso, and N. Riiati, ―Structures, Processes and Relational Mechanisms for ―Alignment Model of Quality Assurance System of IT Governance,‖ in Strategies for Information Higher Education And Performance Measurement Technology Governance, W. Van Grembergen, Ed. Based on on Framework CobiT 5,‖ in 2018 Hershey PA: Idea Group Inc., 2004. International Seminar on Application for Technology of [2] B. A. Ajayi and H. Hussin, ―Conceptualizing Information Information and Communication, 2018, pp. 207–213. Technology Governance Model for Higher Education: An Absorptive Capacity Approach,‖ Bull. Electr. Eng. Informatics, vol. 7, no. 1, pp. 117–124, 2018. [3] S. De Haes and W. Van Grembergen, ―Analysing the Relationship between IT Governance and Business/IT Alignment Maturity,‖ in Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008), 2008, pp. 428–428. [4] Y. Tjong, S. Adi, H. Prabowo, and R. Kosala, ―Benefits to implementing IT governance in higher education: (Systematic literature review),‖ in 2017 International Conference on Information Management and Technology (ICIMTech), 2017, pp. 35–38. [5] I. Bianchi and R. D. Sousa, ―IT Governance Maturity in Higher Education: A study in Brazilian and Portuguese Universities,‖ in 2018 Proceedings, 2018. [6] A. Pasquini and E. Galiè, ―COBIT 5 and the Process Capability Model. Improvements Provided for IT Governance Process,‖ in Proceedings of FIKUSZ ’13 Symposium for Young Researchers, 2013, pp. 67–76. [7] A. H. Seyal, S. H. Poon, and S. Tajuddin, ―A Preliminary Evaluation of ICT Centers Performance Using COBIT Framework: Evidence from Institutions of Higher Learning in Brunei Darussalam,‖ in Computational Intelligence in Information Systems, Advances in Intelligent Systems and Computing 532, S. Phon-Amnuaisuk, Ed. Switzerland: Springer International Publishing, 2017, pp. 235–244. [8] ISACA, ―Introduction to COBIT 5,‖ 2012. [Online]. Available: https://www.isaca.org/SiteCollectionDocuments/Intro- COBIT5.pdf. [9] G. Sabatini, D. B. Setyohadi, and W. P. Y. S. Purnomo, ―Information technology governance assessment in universitas Atma Jaya Yogyakarta using COBIT 5 framework,‖ in 2017 4th International Conference on Electrical Engineering, Computer Science and Informatics (EECSI), 2017, pp. 1–5. [10] A. I. Saridewi, D. M. Wiharta, and N. P. Sastra, ―Evaluation of Integrated University Management 2088 IJSTR©2019 www.ijstr.org