DOI: 10.14421/ijid.2022.

3381 IJID (International Journal on Informatics for Development), e-ISSN: 2549-7448

Vol. 11, No. 1, 2022, Pp. 152-161

Evaluation and Implementation of IT Governance

Using the 2019 COBIT Framework at the
Department of Food Security, Agriculture and
Fisheries of Balangan Regency

Rini Audia Bambang Sugiantoro

Department of Informatics Department of Informatics
UIN Sunan Kalijaga UIN Sunan Kalijaga
Yogyakarta, Indonesia Yogyakarta, Indonesia
audiarini03@gmail.com bambang.sugiantoro@uin-suka.ac.id

Article History
Received March 7th, 2022
Revised June 28th, 2022
Accepted June 28th, 2022
Published August, 2022

Abstract— The food security, fisheries and agriculture services work with local government to help the community. In carrying out
its work, the government applies information technology to achieve the goals. Therefore, it is necessary to have an IT governance
design to ensure the alignment of the government’s objectives and the use of IT. Governance is an important asset to measure the
effectiveness and efficiency of work process improvement using IT. This research is conducted because there has never been an IT
governance design assessment. The analysis and design of IT governance at government agencies are carried out using the COBIT
2019 framework to measure the level of IT capability. The research method used is descriptive qualitative by conducting interviews
with influential government parties. This study obtained an IT governance design and detected important processes for the domains
used, namely EDM04, APO04, APO07, APO08, APO11, BAI03, BAI08, BAI10.

Keywords— information technology; IT governance design; effectiveness; efficiency; IT governance design assessment
 IJID (International Journal on Informatics for Development), e-ISSN: 2549-7448
Vol. 11, No. 1, 2022, Pp. 152-161

process, determination of the level of importance,

1 INTRODUCTION determination of maturity ratings and providing advice as
At this time, information technology used by the well as repairs. The flowchart of making recommendations
government or called electronic government (e-government) can be shown in Fig. 2.
is an absolute necessity and must be continuously developed
as an acceleration tool in strategic policy and decision making
[1]. IT is no longer only seen as a support but has become a
major part of the organization to be more competitive in the Start
organization. Work patterns, employee performance, and
management systems in an organization have changed
because of the role of IT. It is recognized that IT improves Observation and
corporate governance practices because critical business Review of literature
interview
processes will usually be automated, and directors rely on
information provided by IT systems [2].
IT governance is one of the most important parts of the Identify business
successful implementation of good governance. Governance Identify critical
goals
measures the effectiveness and efficiency to improve the points
company's business processes through IT-related structures.
The benefit obtained by the company implementing IT
governance includes risk and resource optimization. This Alignment goal Identify IT
analysis is useful to evaluate the level of maturity of the use processes
of information technology and to correct errors or
irregularities in IT implementation. As for the IT governance
and control, it will help organizations optimize IT Questionnaire
Important
investments, ensure the provision of services, and provide analysis
Questionnaire
measurements to check for non-conformances [3]. The
Department of Food Security, Agriculture and Fisheries is
managing the improvement and the development of the
economy of rural and urban communities, such as Balangan Dissemination of the Capability
District. IT governance audits need to be carried out to Capability Questionnaire questionnaire analysis
improve the performance of an agency, the management and
distribution of information, and public services.
Audit in the field of governance is useful to assess the Recommendation Gap. value
organization and figure out the maturity level of its IT Making determination
governance. The outcome of the audit can be used to increase
the IT capability. IT capability describes an organization's
ability to create business value and to acquire, deploy,
combine, and reconfigure IT resources to support and End
improve business strategies and business processes.
Research on IT governance audits at the Balangan District Figure 1. Research methods
Food Security, Agriculture and Fisheries Department using
the COBIT 2019 framework has never been conducted. This Fig. 2 demonstrates the flow of the advising process with
study aims to analyze the IT governance audit to determine the COBIT 2019 framework. The management objectives
the capability level. COBIT 2019 produces an important offer steps to improve satisfactory practice that can be used
output and prioritized governance/management aiming to to increase the functionality level value of the Food Security,
optimize the IT management of the organization [4]. Agriculture and Fisheries Department of Balangan District.
The flowchart of the implementation of the recommendations
can be seen in Fig. 3.
2 METHOD Fig. 3 shows the flow of the recommendation process and
Using the COBIT 2019 framework, giving the aims for a clean and planned implementation technique.
recommendations based on COBIT 2019 and the The implementation segment and monitoring become the
implementation stages that can be carried out based on primary stage of the method of imposing the tips executed via
recommendations given through several processes can be the research.
seen in Fig. 1.
Fig. 1 is a flow from the research implementation stage to 2.1 IT Governance design
determine the capability level which includes the observation
This research applied the governance device design workflow
and interview stages, literature review, identification of
according to the COBIT 2019 technique guidebook [5]. It was
critical points through interviews, identification of business
done in 3 stages consisting of the assessment of IT
goals, identification of alignment goals, domain selection
governance, imparting tips, and the implementation stage. All

This article is distributed under the terms of the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
See for details: https://creativecommons.org/licenses/by-nc-nd/4.0/
153
 IJID (International Journal on Informatics for Development), e-ISSN: 2549-7448
Vol. 11, No. 1, 2022, Pp. 152-161

of these processes were conducted entirely based on the tips In Fig. 4, there are numerous strategies in designing an IT
in the COBIT 2019, given through the previous level [6]. It is governance device. In the first procedure, the authors did
shown in Fig. 4. interviews with stakeholders and made some observation at
the government office to apprehend the preliminary steps in
designing IT governance by way of identifying the existing
strategies in the office. This stage explored expert’s idea and
the employer's strategy, agency goals, profile, and issues
related to records and era, which was primarily based on the
layout criteria furnished through COBIT 2019. Secondly,
interviews were carried out with applicable stakeholders to
decide the preliminary scope of the governance system by
using layout thing 1 – design factor 4. Then, the 0.33 system
was used to identify upgrades to the initial scope of the
governance machine with the aid of considering aspects of
design issue 5 to layout element 11. At the final stage, the
Department of Food Security, Agriculture and Fisheries
identified some possibilities to improve the existing
governance system by bringing together all inputs from the
previous stage regarding the expected governance design.
The new design should accommodate all the inputs. Lastly,
conclusions were drawn from the layout phase which should
propose a layout of governance gadget for the employer [7].

Figure 2. Recommendation making flowchart

2.2 COBIT 2019
In different phrases, organizational I&T is not only
limited to the IT department of an agency but is also advanced
with the aid of ISACA (information systems Audit and
manipulate affiliation), that is a global professional club
affiliation for people inquisitive about or working with IT
auditing, IT threat, and IT governance.
COBIT 2019 is a framework that could help formulate IT
strategies, IT procedures and their activities, and upgrade IT
governance and control talents to make them extra foremost
[8]. It addresses governance issues by way of grouping
applicable governance components into governance and
control objectives that may be controlled to the specified level
of functionality [9]. It is the latest version of COBIT and is an
improvement from COBIT 5. As is well known, COBIT 2019
is a framework with a wider range of issues and provides
flexibility when used. In addition, in this updated version of
COBIT there are updates to the structure and content, as well
as the addition of new features such as design factors that
allow for improvements to the company's IT governance
system [10]
• COBIT Framework 2019: creation and method'
introduces the overall shape of the 2019 COBIT
Framework, explains its principles and terminology (e.g.,
additives, design elements, focus regions, cascade of
Figure 3. The implementation of the recommendations targets, and so on.), and gives up to date COBIT
standards.
• COBIT 2019 Framework: Governance and management
goals consists of an in-depth description of the COBIT
Understand the Determine the Refine the Conclude the 2019 middle version and each of its forty governance and
Enterprise initial scope of Scope of the Governance
context and the Governance Governance System Design
management goals. For each governance or control goal,
strategy System System a description and goal are supplied as well as a cascade
of precise goals and examples of metrics for this reason.
Then, the additives required to achieve governance or
Figure 4. Governance system design workflow at COBIT 2019 management targets are discussed in turn. It additionally
explicitly refers to different standards and frameworks
for in addition steerage. Updated alignment to

This article is distributed under the terms of the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
See for details: https://creativecommons.org/licenses/by-nc-nd/4.0/
154
 IJID (International Journal on Informatics for Development), e-ISSN: 2549-7448
Vol. 11, No. 1, 2022, Pp. 152-161

international standards, frameworks and quality practices suggestions for the issuance of SIUP in the field of fish
continuing the relevance of COBIT and guarantees that cultivation, and fish farming management;
COBIT continues its installed role because the • Monitoring, assessment and reporting inside the subject
overarching EGIT framework. of meal security in agriculture and fisheries;
• COBIT layout manual 2019: Designing data governance • Enhancing the great of human assets within the fields of
and era answers’ gives prescriptive how-to insights for meals protection, agriculture and fisheries;
COBIT users concerning EGIT device design. With its • Administration of food, agriculture and fishery
new idea of 'design factors', COBIT 2019 affords first- protection services; and
hand perception into the ones elements that can have an
• Implementation of different capabilities given through
effect on an EGIT device. This guide similarly covers
the mayor in accordance with his duties and features.
workflows for designing and tailored EGIT systems to
the company's unique context.
• COBIT Implementation manual 2019: Implementation 2.4 Governance and Management
and Optimization of records and technology Governance Governance and control in COBIT are grouped into five
solutions 'offers a roadmap for non-stop development of domains. Governance is grouped within the evaluation, lead,
the EGIT gadget. This implementation guide is logically and display (EDM) area. It includes: regulate the bodies,
intently associated with the design manual [11]. compare strategic alternatives, direct senior control on
selected strategic options and display approach fulfillment.
2.3 Agriculture and Fisheries Food Security Agency Management is grouped under 4 domains: Align, Plan, and
Arrange (APO). It addresses the overall business enterprise,
The food security service for agriculture and fisheries has strategy, and support sports for I&T. Builds, Accumulates
the project of assisting the mayor in carrying out authorities’ and Puts in force (BAI) addresses the definition, acquisition
affairs which are the regional authority and helping and implementation of I&T solutions and their integration in
obligations in the fields of meals protection, agriculture and enterprise procedures. Next, Shipping, Service, and Assist
fisheries. In carrying out the responsibilities of the Agriculture (DSS) handles the operational delivery and support of I&T
and Fisheries food security carrier, it contains out the services, including safety. Next, Monitoring, Evaluating and
subsequent functions: Assessing (MEA) addresses tracking of I&T overall
• Formulation and implementation of areas within the field performance and conformance with inner overall
of food availability, food lack of confidence, food performance objectives, internal manipulate objectives, and
distribution, meals reserves, diversification of outside requirements.
consumption and meals protection To meet the targets of governance and control, every
• Implementation of nearby rules within the field of meals employer wishes to establish, adjust, and keep a governance
availability, food insecurity, food distribution, meals system that is constructed from a number of components.
reserves, diversification of intake and food security; Components are elements that make contributions to the best
• Components of agricultural extension programs; operation of the company governance gadget of I&T, engage
• Improvement of meals protection, agriculture and fishery with every difference, ensuing in a holistic governance
infrastructure; system for I&T. Components can be of diverse sorts. The
• Pleasant control, distribution and control of the delivery most familiar is the method. However, the governance system
of plant seeds, farm animals’ seeds/seeds and animal additives also consist of organizational structure, rules and
fodder forage; procedures, records gadgets, lifestyle and behavior, skills and
capabilities and offerings, infrastructure and programs. Fig. 5
• Supervision of the use of agricultural and fishery centers
displays adaptations of the organizational structure of IT
• Development of production in the fields of agriculture Governance.
and fishery;
• Control and manage of plant and animal illnesses;
• Natural catastrophe manipulate and management;
• Development, processing and marketing of agricultural
and fishery merchandise;
• Implementation of agricultural extension;
• Granting of agricultural business licenses/technical
guidelines;
• Components of guidelines for the empowerment of small
fish farming businesses, hints for the issuance of SIUP
within the subject of fish cultivation, and control of fish
cultivation;
• Enforcing rules for empowering small fish farming
businesses, recommending the issuance of SIUP within
the area of fish farming, and control of fish farming;
• Implementation of assessment and reporting of fish
farming small enterprise empowerment guidelines, Figure 5. The organizational structure of IT governance

This article is distributed under the terms of the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
See for details: https://creativecommons.org/licenses/by-nc-nd/4.0/
155
 IJID (International Journal on Informatics for Development), e-ISSN: 2549-7448
Vol. 11, No. 1, 2022, Pp. 152-161

Meanwhile, process describes a fixed practices and activities EG04 Finance Financial information quality
which can be organized every day to achieve a selected goal Customer-oriented service
EG05 Customer
culture
and convey fixed outputs that guide the achievement of Continuity and availability of
average IT-related goals. EG06 Customer
business services
Management information
EG07 Customer
Factors that can influence the design of a corporate quality
governance system and position it for success in the use of Optimization of internal
EG08 Intern
business process functionality
I&T can be seen in Fig.6 [12]. Optimization of business
EG09 Intern
process costs
Staff skills, motivation and
EG010 Intern
productivity
EG011 Intern Internal policy compliance
Managed digital transformation
EG012 Growth
program
Product and business
EG013 Growth
innovation

3. Company risk profile and current issues related to I&T.

Company defines problems and opportunities which
describes its current capabilities, its shortcomings and
everything related to information technology [14]. The
risk profile identifies the types of I&T-related risks,
indicating which risk areas outweigh appetite risk. Table
3 shows this information.

Table 3. Company Risks and Problems

Ref. Risk Category
1 IT investment decision making, portfolio definition and
maintenance.
2 Program and project life cycle management
3 IT costs and oversight
4 IT expertise, skills and performers
5 Enterprise/IT Architecture
Figure 6. Design factors include the combination 6 IT operational infrastructure incidents
7 Invalid action
8 Software adoption/use issues
1. Corporate strategy: Firms can have different strategies, 9 Hardware incident
which can be expressed as one or more of the archetypes 10 Software failure
shown in Table 1. 11 Logical attacks (hacks, malware etc.)
12 Third party/supplier incidents
Table 1. Corporate Strategy 13 Disobedient
14 Geopolitical issues
Archetype Strategy Explanation 15 Industrial action
Growth/ Acquisition The company has a focus on growth 16 Nature's Action
(revenue) 17 Technology-based innovation
Innovation/ Differentiation The company offers different and 18 Environment
innovative products or services to clients 19 Data and information management
Cost Leadership The company minimizes short-term costs
Client Service’s Stability The company provides stable and client-
oriented services 4. I&T-related issues —A related method of assessing I&T
risk for companies is to consider which I&T-related
2. The company's goals support the company's strategy. issues are currently being encountered, or, which I&T-
The company's strategy is realized by achieving a set of related risks have materialized. The most common
company goals. As shown in Table 2, these objectives problems are included in Table 4.
are defined within the COBIT 2019 framework,
structured along the balanced scorecard (BSC)
Table 4. I&T-related Issues
dimensions, and include the indicated elements [13]. Ref. Description
A Frustration between unique IT entities throughout the company
Table 2. Enterprise Goals due to perceived low contribution to business price
Dimension Balanced B Frustration between enterprise departments (i.e., IT clients) and
Reference Company Goal IT departments because of failed initiatives or perceived low
Scorecard
Competitive Product and contribution to business value
EG01 Finance C Significant IT-related incidents, such as data loss, security
Service Portfolio
EG02 Finance Managed Business Risk breaches, project failures, and application errors, are IT-related
External regulatory and legal D IT outsourcing service delivery issues
EG03 Finance E Failure to meet IT-related regulatory or contractual
compliance
requirements

This article is distributed under the terms of the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
See for details: https://creativecommons.org/licenses/by-nc-nd/4.0/
156
 IJID (International Journal on Informatics for Development), e-ISSN: 2549-7448
Vol. 11, No. 1, 2022, Pp. 152-161

F Regular audit findings or other assessment reports of poor IT However, IT is not seen as a driver of business process
performance or reported IT quality or service issues and service innovation.
G Hidden and rogue IT spending, that is, IT spending by user IT is seen as a driver for innovation in business
departments outside the control of normal IT investment processes and services. At this time, however, there is
Turn
decision mechanisms and approved budgets no critical reliance on IT for the running and continuity
H Duplication or overlap between various initiatives, or other of current business processes and services.
forms of wasted resources IT is critical to running and innovating an
Strategic
I Insufficient IT resources, staff with inadequate skills or staff organization's business processes and services.
burnout/dissatisfaction
J IT-enabled changes or projects often fail to meet business
requirements and are late or over budget 8. The sourcing model for IT —The sourcing model
K Reluctance of board individuals, executives or senior adopted by the company is classified as in Table 8.
management to engage with IT, or loss of commercial
enterprise sponsors committed to IT
L Complex IT operating models and/or unclear decision Table 8. The Sourcing Model for IT
mechanisms for IT-related decisions Source Model Description
M Too high IT costs The company requests third party services to provide
N Impeded or failed implementation of new initiatives or Outsourcing
IT services.
innovations caused by current IT architectures and systems The company maximizes the use of the cloud to
O The space between agency and technical knowledge, which Cloud
provide IT services to its users.
reasons organization clients and data and/or era specialists to A mixed model is applied, combining the other three
talk one-of-a-kind languages Hybrid
models to varying degrees.
P Regular issues with data quality and data integration across
multiple sources
Q High-stage stop-user computing, growing (among other 9. IT implementation methods —The methods adopted by
problems) a lack of oversight and exceptional control over the
the company can be classified as follows (Table 9).
programs being evolved and operated
R Enterprise departments enforce their own records answers
with very little involvement of the corporation's IT department Table 9. IT Implementation Methods
S Ignorance and/or non-compliance with privacy regulations IT Implementation
T Inability to exploit new technology or innovate using I&T Description
Method
The company uses Agile development work
Agile
methods for its software development
5. Threat landscape —The threat landscape in which the Companies use DevOps work methods for
company operates can be classified as shown in Table 5. DevOps
software creation, deployment, and operation
The company takes a more classic approach to
Table 5. Threat Landscape software development (waterfall) and
Traditional
separates software development from
Threat Landscape Description operations.
The company is operating below the threat Companies use a mix of traditional and
Normal
level that is considered normal Hybrid modern IT implementations, often referred to
Due to geopolitical situations, industry sectors as “bimodal IT.”
tall or certain profiles, companies operate in
environments with threats
10. Technology adoption strategy —Technology adoption
strategy can be classified as listed in Table 10.
6. Compliance requirements —Companies classifies
according to the categories listed in Table 6.
Table 10. Technology Adoption Strategy
Technology
Table 6. Compliance Requirements Adoption Description
Regulatory Strategy
Description
Environment Companies generally adopt new technologies as early
Companies are subject to a minimum set of First mover
Low compliance as possible and try to get a first mover advantage.
lower-than-average regular compliance Companies usually wait for new technologies to
requirements Follower
requirements. become mainstream and proven before adopting them.
Companies are subject to a series of regular Slow Companies are very late with the adoption of new
Normal compliance
compliance requirements that are common adopter technology.
requirements
across a wide range of industries.
Companies are subject to higher-than-average
High compliance
compliance requirements, most often related 11. Size —Two categories, as shown in Table 11, were
requirements identified for the design of the corporate governance
to industry sector or geopolitical conditions.
system.
7. The role of IT —It is classified as shown in Table 7.
Table 11. Size Categories
Company size Description
Table 7. The Role of IT Companies with more than 250 full-
Large company (Default)
IT Role Description time employees (FTE)
IT is not essential for the running and continuity of Small and medium enterprises Companies with 50 to 250 FTE
Support
business processes and services, or for their innovation.
When IT fails, there is a direct impact on the running
Factory
and continuity of business processes and services.

This article is distributed under the terms of the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
See for details: https://creativecommons.org/licenses/by-nc-nd/4.0/
157
 IJID (International Journal on Informatics for Development), e-ISSN: 2549-7448
Vol. 11, No. 1, 2022, Pp. 152-161

3 RESULT AND DISCUSSION food, fisheries and agriculture to

the community
Results include identification of critical points, Lack of updates by officers in
identification of business goals, identification of alignment operating computer equipment
Managed digital
goals, identification of IT processes, determination of interest so that errors in data information
3. EG12 transformation
levels, determination of capability levels, and GAP analysis. often occur which cause public
program
complaints about the results of
These results are used to formulate recommendations to the process.
improve IT governance in the Food Security, Fisheries and The online community service Management
Agriculture Department of Balangan Regency. 4. system is not yet optimal EG07 information
quality
A system that can process online
Managed digital
services at the Food Security,
3.1 Identify Critical Points 5.
Fisheries and Agriculture
EG12 transformation
program
The first stage in this research is the identification of Service
critical points. Critical points were obtained from interviews The public does not understand
Staff skills,
the online service provided so
and brainstorming with the Department of Resilience. In 6.
that the service process becomes
EG10 motivation and
addition, critical points were also obtained based on the productivity
less work
perspectives of people who often use the services of the Limited quality of employees Staff skills,
Department of Food Security, Agriculture and Fisheries of 7. who can operate computers and EG10 motivation and
Balangan Regency. Based on the results of brainstorming and information technology productivity
Updating information on the Product and
interviews, eight critical points were identified. The details 8. Website as a digital information EG13 business
can be seen in Table 12. These include four critical points medium is quite slow. innovation
based on the community's perspective and four critical points
based on the perspective of the service.
Based on the eight critical points obtained and the 13
business objectives contained in the 2019 COBIT guideline,
Table 12. Identification of Critical Points matching results were obtained, namely the selection of six
Perspective Critical Point business objectives with codes EG06, EG07, EG10, EG12,
The service to the community in terms of providing EG13 which correspond to critical points at Balangan
online information about food security, fisheries, and District’s Food Security, Fisheries and Agriculture
agriculture to the public is still inadequate.
Lack of product socialization, in this case, the
Department.
applications that enable people to find out the
Public
changing price and stock of basic ingredients.
Lack of updated online information for the 3.3 Identify Alignment Goals
community results in data error which leads to public
complaints The results of the matching between business objectives
The information on food, agriculture and fisheries in and alignment objectives based on the 2019 COBIT
the online system is not yet maximized guidelines can be seen in Table 14.
A system that can provide information for the
community to process food, fisheries, and
agricultural services
During the process, many people still do not Table 14. Identify Alignment Goals
understand how online services have been provided, Code Code
Business Purpose Alignment Goal
and thus the service becomes less effective. EG AG
Limited quality employees who can operate Constitution and Information security,
Service EG06 Availability of AG07 infrastructure and
computers and information technology related to the
service system of the food security service, fisheries business services application processing
and agriculture. Quality of technology-
Management
Lack of up-to-date information on the website as a EG07 AG04 related financial
information quality
medium of digital information. information
Staff management
IT management
skills, motivation and AG10
information quality
3.2 Business Goals productivity
Managed digital Competent and
The business objective identification stage was conducted EG10 transformation AG12 motivated IT experts for
by matching the critical points that had been obtained from program existing businesses
Knowledge, expertise Realized benefits of IT-
the business objectives listed in the 2019 COBIT guideline. EG12 and initiative for AG03 enabled investment and
The results of the matching can be seen in Table 13. business innovation service portfolio
Enabling and supporting
Table 13. Business Goals Continuity and the organization's
No Critical Point Business Purpose availability of AG08 business processes, by
Code Description business services integrating applications
The service to the community is Staff skills, and technology
1. not yet optimal in terms of food, EG10 motivation and On time in program
agriculture and fisheries productivity delivery, at a reasonable
Management
Lack of outreach to the public Continuity and AG09 cost and meeting quality
information quality
2. regarding the flow of online EG06 availability of requirements and
services and information on business services standards

This article is distributed under the terms of the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
See for details: https://creativecommons.org/licenses/by-nc-nd/4.0/
158
 IJID (International Journal on Informatics for Development), e-ISSN: 2549-7448
Vol. 11, No. 1, 2022, Pp. 152-161

Staff skills, Knowledge, expertise Table 16. Determining the Level of Interest
EG13 motivation and AG13 and initiative for No. Domain IT Process Critical point
productivity business innovation The service related to informing
Managing human the availability of food
1 APO07
resources ingredients to the community is
The matching results are obtained, namely the selection of still inefficient.
eight alignment objectives with codes AG03, AG04, AG07, Poor quality of online
AG08, AG09, AG10, AG12, AG13 which will then be used 2 APO11 Managing quality information system for the
community.
in determining the IT process. Manage Incomplete online updated data
identification and on food accessibility,
3 BAI03
development
3.4 Identify IT Process solutions
Lack of public knowledge on
At this stage, re-matching was conducted between the Managing
4 APO08 how to apply the information
relationships
identified critical points and the IT process based on the provided.
alignment objectives which refer to the COBIT 2019 Limited quantity and quality of
guidelines. The matching results between the critical points Managing human resources capable of
5. BAI08
knowledge operating the information
and the IT process domain based on the 2019 COBIT technology
guidelines are shown in Table 15.

The domain that had been selected as the highest level of

Table 15. Identify IT Process importance was then analyzed in terms of its capability level
No Domain IT Process Critical Point and GAP value so that later recommendations for
1 APO07 Managing human The service related to informing improvement can be given based on that domain.
resources the availability of food ingredients
to the community is still
inefficient.
2 BAI10 Manage Lack of outreach to the public and
provision of information via online 3.6 Determination of Capability Level
configuration
platforms.
Capability level was used to determine the level of
3 EDM04 Ensure resource Lack of officers with upgraded
optimization skills to operate the computer maturity at the Department of Food Security, Fisheries and
equipment, so the data errors Agriculture of Balangan Regency. The capability level
occur. questionnaire refers to the PAM using COBIT 5 Toolkit that
4 APO11 Managing quality The online community service can be used in COBIT 2019 (ISACA, 2019). The process of
system is still inefficient.
5 BAI03 Managing and A system that can provide determining the capability level was done through
identifying services online to the questionnaire based on 5 domains that were selected in the
solutions, as well community regarding staple previous importance level process and distributed to
as building food, agriculture, and respondents who had been selected based on RACI mapping,
fisheries.
6 APO08 Managing In terms of accessibility, many that is, one whose role is carry out tasks.
relationships people are still not familiar After measuring the maturity level of IT Governance, the
with the application. next step was to calculate the gap, which is the difference
7 BAI08 Managing Limited quality of employees between the current maturity level and the maturity level.
knowledge who can operate computers
and have sufficient knowledge expected, as shown in equation (1) [15].
about the latest information Gap = A-B
technology. Where,
8 APO04 Managing Information updates on the A = level of expected maturity, (1)
innovation website as a source of digital
information are quite slow and B = level of maturity
inadequate.
The GAP/gap value obtained through the capability level
measurement at the Department of Food Security, Fisheries
3.5 Determining the Level of Interest
and Agriculture of Balangan Regency was used to determine
To understand the level of interest, a questionnaire was the steps for transforming current conditions into expected
distributed to eight respondents from the Department of Food conditions in the future. GAP values are shown in Table 17.
Security, Agriculture and Fisheries of Balangan Regency.
The survey consists of statements related to critical points and Table 17. Determination of Capability Level
based on the IT process domain that has been identified in the No Proses TI Current Expected GAP (CC-
previous stage. The questionnaire was prepared using a Likert Capability Capability (EC) EC)
scale consisting of items ranging from very unimportant, not (CC)
important, moderately important, important, to very 1 APO07 2 4 2
2 APO11 1 4 3
important. Based on the results, five domains with the highest 3 BAI03 1 5 4
level of importance were found. The details are in Table 16. 4 APO08 1 4 3
5 BAI08 1 5 4

This article is distributed under the terms of the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
See for details: https://creativecommons.org/licenses/by-nc-nd/4.0/
159
 IJID (International Journal on Informatics for Development), e-ISSN: 2549-7448
Vol. 11, No. 1, 2022, Pp. 152-161

Table 17 shows the current capability value, the level of • Monitoring

capability based on the expectations of superiors from the • Dissemination of capability level questionnaires
organization (expected capability), and the difference in the
level of maturity (GAP). The results show that the level of The time schedule and activities during the
capability value rewarding the IT processes was 1, which implementation process were divided into four weeks
means that the IT processes in the organization started to including the first week, namely updating bio on Facebook
achieve their goals, by implementing a series of activities but and Instagram as well as assisting in making videos. The
there were still some shortcomings, which could be second week was for making pamphlets, post templates and
characterized as the beginning of the process of achieving assisting in uploading videos on YouTube and posting
goals in a more organized way. pamphlets on social media of the Department of Food
Security, Agriculture and Fisheries at Balangan Regency. The
third week was for monitoring the implementation. The
3.7 Recommendation fourth week was to disseminate and re-analyze the results of
Following the steps described in Fig.2., some the questionnaire to determine the increase of the capability
recommendations with reference to the 2019 COBIT level in the APO08 domain. The results of the capability level
Framework were given based on the capability value of the questionnaire in the APO08 domain can be seen in Table 19.
Department of Food Security, Agriculture and Fisheries at
Balangan Regency. This time the target was to increase the
Table 19. Maturity Level
capability level. The recommendations can be seen in Table Maturity Level

Respondent
Table 18. Recommendation Lv. Lv. Lv. Lv. Lv. Lv. Lv. Lv. Lv.
Domain Framework Recommendation
1.1 2.1 2.2 3.1 3.2 4.1 4.2 5.1 5.2
Evaluating employee skills, conducting
employee background checks, and
APO07 COBIT 2019 R1 92 86 84 60 62 60 70 50 65
conducting supervision when recruiting
employees.
R2 90 87 82 65 64 62 68 50 55
Evaluating Service SOP, with learn
examples of service system Rata-rata 91 86 83 62 63 61 68 50 60
implementation good and learn from
APO11 COBIT 2019
mistakes or lack of service systems, so it
can serve as learning and reference for
service system upgrade. The scoring on the questionnaire was carried out by two
Designing the online service system that respondents who were selected based on the RACI mapping.
can be used later easily by the Several aspects of the problem, such as the lack of
community based on the SOP and build information conveyed to the public has begun to be resolved
BAI03 COBIT 2019
systematic online applications with the
help of application developers who are
by implementing recommended practices in order to be
experienced in the development process. upgraded to level 2. For instances, by posting information on
Utilizing other social media facilities updated stocks or prices of food, staples, etc. to the YouTube
such as Instagram, Facebook, and channel, and other social media platforms such as Instagram
APO08 COBIT 2019 YouTube in providing information on as well as by monitoring social media usage as a medium to
needs and updating information on food,
agriculture and fisheries.
deliver information to the public. The results of the analysis
Assessing each employee's ability show that the APO08 process is at level 2, and it can be
regarding information technology and concluded that the implementation of the recommended
assigning duties and obligations of solutions can increase the capability level from 1 to 2 in
BAI08 COBIT 2019 employees according to their abilities so accordance with the implementation target.
that each employee makes an
appropriate contribution in carrying out
tasks related to information technology.
4 CONCLUSION
3.8 Implementation The Department of Food Security, Agriculture and
Fisheries of Balangan Regency has carried out an Information
The implementation of the recommendations for Technology Governance Audit using the 2019 COBIT
improvement was focused on the APO08 domain process framework. Recommendations were given based on the
aiming to find out how it could impact the capability value. COBIT 2019 reference with the aim of improving
The initial stage in the implementation requires a time information technology governance at the department. The
schedule that aims to make the implementation run smoothly implementation of improvement for a period of 1 month was
and orderly. carried out to increase the capability level in the APO08
• Update Bio on Facebook and Instagram domain. It has done in accordance with the time schedule, and
• Assistance in manufacturing the there was an increase in the capability level in the APO08
• Pamphlet making domain, from previously level 1 to the current level 2.
• Post template creation
• Assistance in uploading videos on YouTube and posting
via social media

This article is distributed under the terms of the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
See for details: https://creativecommons.org/licenses/by-nc-nd/4.0/
160
 IJID (International Journal on Informatics for Development), e-ISSN: 2549-7448
Vol. 11, No. 1, 2022, Pp. 152-161

AUTHOR’S CONTRIBUTION Sipil Kabupaten Tabanan ),” J. Ilm. Teknol. dan Komput., vol. 2,
no. 2, 2021.
Rini Audia is the first author conducting literature review [7] G. I. Belo, Y. T. Wiranti, and L. H. Atrinawati, “Perancangan Tata
of the previous research, data collection, analysis, Kelola Teknologi Informasi Menggunakan Cobit 2019 Pada PT
recommendations and implementation, while Bambang Telekomunikasi Indonesia Regional VI Kalimantan,” JUSIKOM
PRIMA (Jurnal Sist. Inf. Ilmu Komput. Prima), vol. 4, no. 1, pp.
Sugiantaro as the second author advises and manages the 23–30, 2020.
concept of the research. [8] A. Safitri, I. Syafii, and K. Adi, “Identifikasi Level Pengelolaan
Tata Kelola SIPERUMKIM Kota Salatiga berdasarkan COBIT
COMPETING INTEREST 2019,” J. RESTI (Rekayasa Sist. dan Teknol. Informasi), vol. 5, no.
Complying with the publication ethics of this journal, Rini 3, pp. 429–438, 2021, doi: 10.29207/resti.v5i3.3060.
Audia and Bambang Sugiantaro as the authors of this article [9] M. Adhisyanda Aditya, R. Dicky Mulyana, and A. Mulyawan,
“Perbandingan COBIT 2019 dan ITIL V4 Sebagai Panduan Tata
declare that this article is free from conflict of interest Kelola dan Management IT,” J. Comput. Bisnis, vol. 13, no. 2, pp.
(COI) or competing interest (CI). 100–105, 2019, [Online]. Available: http://www.jurnal.stmik-
mi.ac.id/index.php/jcb/article/view/206.
[10] A. S. Sukamto, H. Novriando, and A. Reynaldi, “Tata Kelola
ACKNOWLEDGMENT Teknologi Informasi Menggunakan Framework COBIT 2019
Thanks to the lecturers and classmates for their guidance (Studi Kasus: UPT TIK Universitas Tanjungpura Pontianak),” J.
Edukasi dan Penelit. Inform., vol. 7, no. 2, p. 210, 2021, doi:
and direction and also thanks to Department of Informatics, 10.26418/jp.v7i2.47859.
Faculty of Science and Technology, UIN Sunan Kalijaga
[11] S. Kasus et al., “Evaluasi E-Government Menggunakan
Yogyakarta for the support and facilitation of this research Framework COBIT 5,” vol. 5.
[12] A. Wijaya, “An Information Technology Governance Audit
Planning Calibration Laboratory Using COBIT 2019,” J.
REFERENCES Fasilkom, vol. 10, no. 3, pp. 241–247, 2020, doi:
10.37859/jf.v10i3.2272.
[1] C. Study and D. Pemasyarakatan, “Evaluation of E-Government [13] H. M. J. Saputra, A. I. N. F. Abdullah, D. B. Tandirau, E.
Using COBIT 5 Framework,” vol. 8, no. 2, pp. 74–83, 2020. Ramadhani, and L. H. Atrinawati, “Penyesuaian Sistem Tata
[2] ISACA, COBIT 2019 Framework Introduction and Methodology. Kelola Pada Institut Teknologi Kalimantan Dengan Menggunakan
2019. Cobit 2019,” JSI: Jurnal Sistem Informasi, vol. 12, no. 2, pp. 2060–
[3] F. Retrialisca, “Pengukuran Kesuksesan Sistem Informasi 2074, 2020, doi: 10.36706/jsi.v12i2.11582.
Berdasarkan D&M Model dan COBIT 5 (Studi Kasus: Universitas [14] M. A. Saputra and M. R. Redo, “Penerapan Framework Cobit 2019
Airlangga),” vol. 5, pp. 1–199, 2017. Untuk Perancangan Tata Kelola Teknologi Informasi Pada
[4] H. Bernika1, I. Kadek, and D. Nuryana2, “Perancangan Tata Perguruan Tinggi,” J. Sci. Soc. Res., vol. 4, no. 3, p. 352, 2021, doi:
Kelola Teknologi Informasi Menggunakan Kerangka Kerja 10.54314/jssr.v4i3.715.
COBIT 2019 (Studi Kasus: LPP RRI Madiun),” Jeisbi, vol. 02, no. [15] K. Wabang, Y. Rahma, A. P. Widodo, and F. Nugroho, “Tata
03, pp. 63–70, 2021. Kelola Teknologi Informasi Menggunakan Cobit 2019 Pada Psi
[5] A. Hanif, M. Giatman, and A. Hadi, “Komunikasi Dan Informatika Universitas Muria Kudus,” JURTEKSI (Jurnal Teknologi dan
Menggunakan Framework Cobit 5,” vol. 9, no. 1, pp. 94–101, Sistem Informasi) vol. VII, no. 3, pp. 275–282, 2021.
2020.
[6] I. G. Made, S. Dharma, I. G. Made, A. Sasmita, and I. M. Suwija,
“Evaluasi Dan Implementasi Tata Kelola Ti Menggunakan Cobit
2019 ( Studi Kasus Pada Dinas Kependudukan Dan Pencatatan

This article is distributed under the terms of the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
See for details: https://creativecommons.org/licenses/by-nc-nd/4.0/
161