Copyright © 2022 Abraham Lelengboto, Page 1865
Tailoring Governance System Design Through Capability Level Identification Using COBIT 2019 at a Paper and Mills Company
Abraham Lelengboto1, Gabriell Mandoya2, Joe Yuan Mambu2,*
1Faculty of Economy and Business, Management Programme, Universitas Klabat, Airmadidi, Indonesia
2Faculty of Computer Science, Information System Programme, Universitas Klabat, Airmadidi, Indonesia Email: 1[email protected], 3[email protected],
Correspondence Author Email: [email protected] Submitted 29-11-2022; Accepted 17-12-2022; Published 30-12-2022
Abstract
IT investments and services run the risk of failing without IT governance. How well IT governance is implemented will determine how effective organizational governance is. As a result, it is crucial for businesses to carry out an IT governance audit to determine what issues are most important. One of the nation's top paper manufacturer, PT. Indah Kiat Pulp and Paper, a subsidiary of Asia Pulp and Paper Sinarmas, has never been go through COBIT 2019 audit. In order to support their aforementioned vision, we identify their IT governance priorities using the COBIT 2019 framework which will aid them in focusing their efforts that will help them attaining their objectives and goals. We applied the COBIT 2019’s Design Factor 1 through 10 and concluded several points: they focuses on competitive portfolio and also have risk in internal business process, compliances and innovations. They also regards IT as crucial for daily operation and also the driver for innovation while also utilize agile and devops for their IT implementation. Lastly, the COBIT 2019 Toolkit suggested capability of four: EDM01, APO12, BAI02, BAI03, BAI06, BAI07, DSS011, DSS04, DSS05, MEA03 and MEA04. These 11 core models would be the base for the governance system design.
Keywords: COBIT 2019; IT Governance; Capability Level; IT Audit Abstrak
Tanpa tata kelola TI, investasi dan layanan TI bisa berisiko gaga. Tata kelola organisasi yang sukses bergantung pada seberapa komprehensif tata kelola TI diterapkan. Akibatnya, penting bagi perusahaan untuk melakukan audit tata kelola TI untuk mengidentifikasi apa yang menjadi prioritas mereka. Anak perusahaan Asia Pulp and Paper Sinarmas PT. Indah Kiat Pulp and Paper telah menjadi produsen kertas terkemuka di tanah air bahkan dunia. Untuk mendukung visi mereka yang disebutkan di atas, peneliti melakukan penelitian dan menemukan prioritas mereka dalam tata kelola TI menggunakan kerangka kerja COBIT 2019. Proses ini di harapkan bisa membantu perusahaan dalam prioritas mereka yang pada akhirnya akan membantu mereka mencapai misi dan tujuan perusahaan. Kami menerapkan Design Factor 1 hingga 10 dan menyimpulkan beberapa poin: perusahaan berfokus pada portofolio yang kompetitif dan juga memiliki risiko-risiko seperti dalam proses bisnis internal, kepatuhan, dan inovasi. Mereka juga menganggap TI sebagai hal yang penting untuk operasi sehari-hari dan juga penggerak inovasi sembari memanfaatkan kelincahan dan pengembangan untuk implementasi TI mereka. Terakhir, Toolkit COBIT 2019 menyarankan empat kemampuan: EDM01, APO12, BAI02, BAI03, BAI06, BAI07, DSS011, DSS04, DSS05, MEA03 dan MEA04. Ke-11 model inti ini akan menjadi dasar untuk desain sistem tata kelola.
Kata Kunci: COBIT 2019; Tata Kelola IT; Capability Level; Audit IT
1. INTRODUCTION
The increasingly advanced information technology development brings opportunities for companies to significantly increase productivity. The application supports companies in increasing competitiveness. However, its implementation might not be in line with the company's business objectives and does not bring significant positive impact on improving the company's performance. Consequently, the application of information technology must be planned and properly managed for maximum results. This application carries advantages that are in line with company goals and costs incurred.
In this case, IT governance can assist companies monitor and assess performance to improve IT performance [1]. As information technology management adapts to company information and technology, efficient and effective governance in technology is necessary to create functionality or value and this applies to any kinds of businesses. Managing complex areas such as information technology and business requires countless aspects such as processes, organizational structures, and information flows. These aspects must be systematically combined to accomplish company goals. To achieve company goals, governance has to focus on the application and transformation of information technology in order to fulfill current and future business needs, both internal and external [2]. Therefore, IT is regarded as the backbone of the company and need to responds to an organization's need to secure a return on investments including IT investments.
Without IT governance, IT investments and services are at risk of failure. Successful organizational governance depends on how comprehensively IT governance is applied. As a result, it is essential for companies to conduct an IT governance audit to identify what are their priority [3].
In this study, we applied the 2019 COBIT framework to identify domains that companies should prioritize in accordance with the highest level of performance determined by the framework. The COBIT 2019 introduces the concept of Design Factors which allow you to identify detailed processes or domains based on the actual conditions of IT governance within the company. This differs from COBIT 5 which only audits based on company goals without considering Design Factors that may influence the selection of processes or domains to be audited [4]. On top of that the newer COBIT 2019 also has emphasis on its focus area by differentiating area such as risk, security, Small Medium
Enterprise (SME) and DevOps [5]. The company that we chose for this research was Asia Pulp & Paper (APP) Sinar Mas and one of its mills operation company, PT. Indah Kiat Pulp & Paper TBK – Tanggerang mills.
Located inakarta, APP Sinar Mas is a brand name for pulp and paper manufacturing businesses that produces high- quality goods to satisfy the expanding worldwide need for paper, packaging, and tissue. More than 150 nations on six continents sell APP Sinar Mas's products. The company produce goods and conduct their operations ethically and sustainably for the benefit of society, the environment, and their workforce. The company utilize technology and innovation while collaborating with the local community, and upholding global business and operational standards across our manufacturing and supply chain. These qualities also are shown on their vision and values that is to deliver innovatively, responsibly and sustainably as a leading global pulp and paper company. Also working together to provide a brighter future for our customers, communities, workers and shareholders [6]. APP Sinar Mas has many large industrial facilities, called mills, which transform timber and woods into pulp and then eventually to produce paper. One of the company under APP Sinar Mas was PT Indah Kiat Pulp & Paper TBK or IKPP for short.
IKPP itself one mill that located in Tanggerang which was established in 1976 and over three decades have been producing woodfree paper. They also have been one of the world's largest coloured paper producers which exports their products globally. The Tangerang mills has its own mission: first was to increase global market share, utilize technology for new products and mill efficiency, improve human resource quality and committed in sustainability [7].
For the purpose of finding gap in our studies, before proceeding with our object, we review several similar studies.
First was [8] where the researcher aimed to fine tune the IT Governance requirements on Institute Teknologi Kalimantan (ITK). The study concluded with a recommendation for ITK of two core models that needs to have capability level of 4, and six core model for capability level of 3. We also reviewed [9] where they done similar studies at PT Telekomunikasi Indonesia Regional VI in Kalimantan. The studies found that there was four core model needs to reach level 4, and eight for level 3. While both of these studies were similar with our study, we found there’s a gap that can be discovered and explored since the case with APP Sinar Mas is unique as it is a manufactor which involve large factories which have much more complicated processes and more emphasis in production. And unlike the previous two studies mentioned, which are a state-owned corporation and an education institution, APP Sinar Mas is a fully for-profit corporation. We also reviewed several recent studies in 2022 which are [10] [11] [12] these studies took different organization as objects namely, a small medium enterprise, a village unit cooperative and a national bank. These studies have different outcomes however all of them while published in 2022 as well, used the older version, COBIT 5. Therefore, while less comprehensive, our study may gives a different perspective and outcome with a newer version, COBIT 2019.
While the company has gone through various audit in various areas, it is understood that, COBIT 2019 is one of the IT audit frameworks that has not been applied within the IT Departments. And to support their vision stated above, we believe that finding their priorities in IT governance using the COBIT 2019 framework and that is the objective and purpose of our studies.
2. RESEARCH METHODS
2.1 Literature Review
In this section we would like to discuss about two core concept which are the core foundations of this study: Information Technology Governance and the COBIT 2019 framework.
2.1.1 Information Technology Governance
Governance is defined as processes and rules that arrange a certain condition. These processes and rules help the organization in accomplishing its goals. Therefore, an organization or company will be engaged in governance to deal with internal problems. IT is part of the element in the company that is inseparable. As the time goes by, technology- related knowledge increases. As a result, businesses must prepare various tactics to accomplish their goals through the utilization of technology [13]. IT governance aims to control the application and measure IT performance based on several accomplishments, which include aligning IT with the company's strategy and obtaining the benefits expected by the company.In addition, it also aims to taking opportunities and maximizing the benefits of IT as well as implementing IT resources in line with applicable regulations and risk management. As a result, IT governance applied the framework to accomplish its objectives. The use of a proper framework will benefit the company so that they can follow it easily . In addition, framework can also help the audit process. A proper audit process can benefit the company which implements the framework. Management and corporate auditors possess similar regulations with the process of examining, monitoring, and measuring IT companies by implementing the framework in the organization [14].
2.1.2 COBIT 2019
This research applied the latest version of COBIT, which is COBIT 19. It has been created and updated by ISACA for approximately more than 25 years. COBIT is the best framework developed by the IT Governance Institute (ITGI) for information, IT, and organization-related threats that is widely used. COBIT can help to identify which IT to use and maximize the control. COBIT is defined as a governance and management of IT standards which has developed so that it can be utilized for IT governance which is classified into the EDM, APO, BAI, DSS, and MEA domains [15]. COBIT 2019 consists of information technology governance system design. The design process will provide recommendations
Copyright © 2022 Abraham Lelengboto, Page 1867 to prioritize governance and management objectives or related governance system components, and target capability level or adopt specific variations of governance system components in accordance to different stages. Therefore, the company will receive a customized governance structure by taking this procedure [16].
2.2 Research Methodology
For the purpose of creating a customized system, the COBIT 2019 Framework offers a governance system design methodology. The steps are: 1. Determining initial scope, 2. Improving it, and then 3. Design it [17]. However, in this research as we need to research about ITG, COBIT and compare our study with others, we added “Literature Study” in our methodology. We discussed the steps below.
a. Step 1: Literature Study
Literature review was conducted to support and filter the data of this research. Literature review was conducted by reading research documents, including books, journals, theses, and previous research related to the development of information systems to complete this final project.
Once we get all the information we need in literature study we than conduct an interview via online meeting with the head of IT of the PT. Indah Kiat Pulp & Paper Tanggerang Mills. Through this interview we undergone the three steps below:
b. Step 2: Determining the Initial Scope of the Governance System
This stage discusses the basic scope of the governance system. This stage brings us all the information in the previous step. Results from DF1 through DF4, which are the company strategy, company objectives, risk profiles, and challenges related to information and technology assessment are transformed into a group of prioritized governance components that establish the first governance system followed by the company [17].
c. Step 3: Improving the Scope of the Governance System
In regards to the threat landscape (DF5) to technology adoption strategies (DF10), in this stage, the governance systems design activity tracks each Design Factor (DF). The researcher determined the applicable and non-applicable design elements and the potential value of the design elements that are relevant to the company. Each design aspect assessment ranks governance and management objectives [17].
d. Step 4: Governance system design
As the final stage of the design process, the researcher brought all the information from the previous processes to complete the governance system design. All relevant information must be taken into account in the final governance system. It draws conclusions from the design phase, which resulted in a design for an information and technology enterprise governance systems [17].
3. RESULTS AND DISCUSSION
3.1 Determine the Initial Scope of the Governance System
This step identifies the initial scope of the governance system by taking into account Design Factors 1 to 4, covering corporate strategy, organizational objectives, risk profile, and IT issues.
3.1.1 Design Factor 1
The corporate strategy which covers four strategies provided by COBIT 2019 implemented by APP Sinar Mas is identified by the Design Factor 1. Design Factor 1 is analyzing the company's business plan. The company's strategies are divided into four categories, including growth/acquisition, innovation/differentiation, cost leadership, and client service/stability.
Here is an overview of the importance of the assessment, from lowest to highest. The following figure shows the insights gained from identifying Design Factor 1.
Table 1. Enterprise Strategy of APP Sinar Mas
Value Importance (1-5)
Growth/Acquisition 1
Innovation/Differentiation 1
Cost Leadership 4
Client Service/Stability 5
3.1.2 Design Factor 2
In Design Factor stage 2, APP Sinar Mas identifies related business objectives that must be fulfilled. Design Factor 2 assessment information was obtained by providing questionnaires to respondents who served as Heads of the IT Department. This is done to obtain information about company goals, in which categorized into 13 types of EG (Enterprise Goals), including EG01 which is portfolio of competitive products and services, EG02 which is a managed business risk, and EG03 which is a portfolio of competitive products and services. EG03 relates to compliance with external rules and
regulations, EG04 relates to the quality of financial information, EG05 relates to a customer-oriented service culture, EG06 relates to business-services continuity and availability, EG07 relates to quality of management information, EG08 relates to optimization of internal business process functionality, EG09 relates to optimization of business process costs, EG10 relates to staff skills, motivation, and productivity, EG11 relates to compliance with internal policy , EG12 relates to managed digital transformation programs, and EG13 relates to product and business innovation. A summary of the relevance ratings is presented, which include the least to the most important. An overview of the importance of the assessment is presented in order of decreasing importance.
Findings from Design Factor 1 identification are illustrated in the diagram below.
Figure 1 . Enterprise Goals of APP Sinar Mas 3.1.3 Design Factor 3
Desig Factor 3 assess the risk profile of APP Sinar Mas. IT-related risk profile information at APP Sinar Mas was collected through interviews with respondents. When evaluating the IT risk profile, there are two factors that being considered.
First was the amount of impact that would be if the risk occurs (indicator were from no impact to severe impact) and the likelihood of the risk occurring (low to very likely). The findings from the identification of Design Factor 1 are shown in the diagram below.
Figure 2. Risk Profile
5 5 1
1 1 1 1
5 1
1
5 1
5 EG01—Portfolio of competitive products and …
EG02—Managed business risk EG03—Compliance with external laws and …
EG04—Quality of financial information EG05—Customer-oriented service culture
EG06—Business-service continuity and … EG07—Quality of management information
EG08—Optimization of internal business … EG09—Optimization of business process costs EG10—Staff skills, motivation and productivity EG11—Compliance with internal policies EG12—Managed digital transformation programs EG13—Product and business innovation
Design Factor 2 Enterprise Goals (Input)
0 5 10 15 20 25 30
IT investment decision making, portfolio…
Program & projects life cycle management IT cost & oversight IT expertise, skills & behavior Enterprise/IT architecture IT operational infrastructure incidents
Unauthorized actions Software adoption/usage problems Hardware incidents Software failures Logical attacks (hacking, malware, etc.) Third-party/supplier incidents Noncompliance Geopolitical Issues Industrial action Acts of nature Technology-based innovation
Environmental Data & information management
Design Factor 3 IT Risk Profile
Risk Rating of IT Risk Scenario Categories (Input)
Copyright © 2022 Abraham Lelengboto, Page 1869 3.1.4 Design Factor 4
Design factor 4 stage explained where APP Sinar Mas identified IT related issues. In this scenario, IT risks that have developed in APP Sinar Mas can be assessed using the evaluation Design Factor 4, which is accomplished by conducting interviews with respondents to get information about IT difficulties and connected to IT risks. From the threat landscape (DF5) to technology adoption strategies (DF10), in this stage, the governance systems design activity tracks each Design Factor (DF). The researcher identifiedthe applicable and non-applicable design elements and defined the potential value of the design elements that are relevant to the company. Each evaluation of the design aspect results in a ranking list of governance and business. An overview of the importance of the assessment is presented from the smallest to the most important issue. The findings from identifying of Design Factor 1 are shown in the diagram below.
Figure 3. IT Related Issues 3.2 Improving the Scope of the Governance System
This phase covers an assessment of Design Factor 5 related to the threat landscape, Design Factor 6 related to compliance requirements, Design Factor 7 related to IT roles, Design Factor 8 related to IT resource models, Design Factor 9 related to implementation methods IT, and Design Factor 10 related to the company's technology adoption strategy.
3.2.1 Design Factor 5
Design Factor 5 identifies typical hazards that APP Sinar Mas faces The company operates in a high and low threat environments related to Design Factor 5, which is obtained by conducting interviews with respondents to get information about the typical threats to high-threat levels due to situations to the geopolitical, industrial sector, or profile, and normal threat levels. This Design Factor should evaluate between 0% and 100%, with the sum of the two values equal to 100%.
Figure 4. Thread Landscape
0 1 2 3
1. Frustration between different IT entities across the…
2. Frustration between business departments (i.e., the…
Significant IT-related incidents, such as data loss,…
Service delivery problems by the IT outsourcer(s) Failures to meet IT-related regulatory or contractual…
Regular audit findings or other assessment reports…
Substantial hidden and rogue IT spending, that is, IT…
Duplications or overlaps between various initiatives,…
Insufficient IT resources, staff with inadequate skills…
IT-enabled changes or projects frequently failing to…
Reluctance by board members, executives or senior…
Complex IT operating model and/or unclear decision…
Excessively high cost of IT Obstructed or failed implementation of new…
Gap between business and technical knowledge,…
Regular issues with data quality and integration of…
High level of end-user computing, creating (among…
Business departments implementing their own…
Ignorance of and/or noncompliance with privacy…
Inability to exploit new technologies or innovate…
Design Factor 4 IT-Related Issues Importance of IT-Related Issues (Input)
0%
100%
DESIGN FACTOR 5 IT THREAT LANDSCAPE High Normal
3.2.2 Design Factor 6
Identification of compliance needs and requirements that APP Sinar Mas must fulfill the stage of Design Factor 6. In the assessment of Design Factor 6, problems related to the subject classification of the company's compliance needs and operational requirements falls into three types, firstly, a high level of compliance where the company is subject to higher than average compliance requirements and most often related to the industry sector or geopolitical conditions. Secondly, normal compliance levels, where companies are subject to lower than average compliance levels and compliance requirements. Lastly,normal compliance levels, where companies are subject to lower than average compliance requirements, which are most often linked with industry sectors. This Design Factor must be evaluate between 0% and 100%, with the sum of the three values equal to 100%.
Tabel 5. Compliance Requirements 3.2.3 Design Factor 7
Design Factor 7 is a stage where the role of IT at APP Sinar Mas is defined. TheDesign Factor 7 assessment is carried out by conducting interviews with respondents to obtain information on the types of IT roles for companies. It is divided into four types of support, including, firstly, IT does not have a vital role in running and maintaining business processes.
Secondly, services and company innovation.Thirdly, the factory which is when IT fails has a direct impact on the continuity of business processes. Lastly, a turnaround when IT is considered a catalyst for new business processes and services. The other type is strategic, where business processes and services must run and innovate. A relevance rating summary is displayed, starting with the least important and to the most important. Similarly, a summary of the importance of the assessment is illustrated below.
Figure 6. Role of IT 3.2.4 Design Factor 8
The Design Factor 8 is the stage of identifying the source of the IT model applied by APP Sinar Mas. Design Factor 8 assessment was conducted through interviews with respondents to obtain information regarding the types of IT model sources for companies, which are categorized into three: firstly, outsourcing, meaning that the company is requesting services from a third party to provide IT services. Secondly, cloud, where the company employs the use of cloud to provide IT services to its users. Lastly, insourced where companies provide IT services to their users.This Design Factor should rated between 0% and 100%, with the sum of the three values equal to 100%.
100%
0%
0%
Design Factor 6 Compliance Requirements
High Normal Low
1 1 1
5
0 1 2 3 4 5
Support Factory Turnaround Strategic
Design Factor 7 Role of IT (Input)
Copyright © 2022 Abraham Lelengboto, Page 1871 Figure 7. IT Sourcing Model
3.2.5 Design Factor 9
Design Factor 9 determines the IT implementation methodology to be used by APP Sinar Mas. In the Design Factor 9 assessment, information about the types of IT implementation methods for companies was obtained by conducting interviews with respondents, which are categorized into three types: firstly, agile, as companies that use agile work methods development for software development. Secondly, DevOps, as companies that use DevOps work methods to build, deploy, and operate software. Lastly, traditional, where companies that use traditional work methods to build, deploy, and operate software.This Design Factor should evaluate between 0% and 100%, with the sum of the three values equal wo100%.
Figure 8. IT Implementation Methods 3.2.6 Design Factor 10
Design Factor 10 is the step in the design phase that defines the organization's IT strategy. To identify the type of IT implementation strategy when evaluating Design Factor 10, we interviewed respondents to obtain information on three types of IT implementation strategies including first movers, namely companies which adopt new technologies as quickly as possible and take profits as a driving force. The second type is the follower, where the organization waits for a new technology to be popularized and proven before adopting it. Lastly, slow adopter, where the company delays adopting the new technology. This Design Factor should evaluate between 0% and 100%, with the sum of the three values equal to 100%.
Figure 9. Technology Adoption Strategy 36%
28%
36%
DESIGN FACTOR 8 IT SOURCING MODEL (INPUT) Outsourcing Cloud Insourced
41%
41%
18%
DESIGN FACTOR 9 IT IMPLEMENTATION METHODS
Agile DevOps Traditional
0%
100%
0%
DESIGN FACTOR 10 TECHNOLOGY ADOPTION STRATEGY
First mover Follower Slow adopter
3.3 Governance system design
Through the COBIT Toolkit, we compiled the resulting governance system design. The results of all design aspects that have been analyzed are displayed in Figure 11, where it is discovered that the core models with a value of 75 or more are EDM01 Ensured Governance Framework Setting & Maintenance, EDM03 Ensured Risk Optimization, APO12 Managed Risk, BAI02 Managed Requirements Definition, BAI03 Managed Solutions Identification & Build, BAI06 Managed IT Changes, BAI07 Managed IT Change Acceptance and Transitioning, DSS01 Managed Operations, DSS04 Managed Continuity, DSS05 Managed Security Services, MEA03 Managed Compliance with External Requirements, and MEA04 Managed Assurance. With value more than 75 it is expected that these models are desired to reach level 4 in maturity level and capability level which the process is expected to have a well defined performance measurement.
Figure 10. Results of Governance Design
4. CONCLUSION
The results of the research conducted on Design Factor 1 to Factor 10 Design show several priorities of the company. In design factor 1, out fo the four typical company strategies, Client service/stability is determined as the most important one. For enterprise goal category, it is found that the company focuses on several points such as: keep a competitive portfolio of products and service, concern with its business risk, an improved internal business process, internal policies compliances and lastly innovation on their products and service. Meanwhile for risk profile category through interviews it is concluded that Geopolitical Issues and Industrial Actions which have a major impact and the possibility of a risk
80 70
90 70
65 60 55 50
65 55
65 65 60 55
65 55
95 70
65 70
90 100 55
70 75
85 60
45
65 70
80 65 65
85 95 60
70 65
90 85
-100 -80 -60 -40 -20 0 20 40 60 80 100
EDM01 EDM02 EDM03 EDM04 EDM05 APO01 APO02 APO03 APO04 APO05 APO06 APO07 APO08 APO09 APO10 APO11 APO12 APO13 APO14 BIA01 BAI02 BAI03 BAI04 BAI05 BAI06 BAI07 BAI08 BAI09 BAI10 BAI11 DSS01 DSS02 DSS03 DSS04 DSS05 DSS06 MEA01 MEA02 MEA03 MEA04
Governance and Management Objectives Importance (All Design Factors)
Copyright © 2022 Abraham Lelengboto, Page 1873 occurring in the company. As for IT related problems there are issues within IT and business as well as among IT, significant incidents, audit findings, overlapping initiatives, insufficient IT resources, IT-related projects, board members hesitancies, obstructed IT implementation, noncompliance with privacy and regulation and lastly failure to use innovation.
For the threat landscape faced and compliance requirement required by the company is quite high since it’s include a large scale factory. As for role of IT, the toolkit shows that the company put IT as “strategic” which means IT is crucial in its everyday operation as well as in the driver of IT innovation initiatives. Meanwhile, the sourcing model of IT in the company is quite mixed equally among outsourcing, cloud and insourced. As for IT implementation, the company focused more on DevOps and Agile with 41% respectively while traditional method has only 18%. Lastly, for IT adoption strategies, the company adopts the “follower” strategy where it waits a little bit till a technology become more mainstream before adopting them. As shown on Figure 10, from the design factor input, it is shown that there are 11 core models that is suggested to be priority for the company: EDM01, APO12, BAI02, BAI03, BAI06, BAI07, DSS01, DSS04, DSS05, MEA03 and MEA04. These 11 core models would be the base for the governance system design.
REFERENCES
[1] H. Maulana, “Penyesuaian Sistem Tata Kelola Pada Institut Teknologi Kalimantan Dengan Menggunakan Cobit 2019,” JSI J.
Sist. Inf. (E-Journal, vol. 12, no. 2, [Online]. Available: http://ejournal.unsri.ac.id/index.php/jsi/index
[2] A. Prasetyo, U. Dan, and N. Mariana, “Analisis Tata Kelola Teknologi Informasi ( It Governance ) pada Bidang Akademik dengan Cobit Frame Work Studi Kasus pada Universitas Stikubank Semarang,” J. Teknol. Inf. Din., vol. 16, no. 2, pp. 139–149,.
[3] Tristiyanto and C. Octaria, “IT Governance Audit at Lampung University Using COBIT 5 Framework Focus on EDM Domain,”
J. Phys. Conf. Ser., vol. 1338, no. 1, doi: 10.1088/1742-6596/1338/1/012060.
[4] A. S. Sukamto, H. Novriando, A. Reynaldi, and J. H. H. Nawawi, “JEPIN (Jurnal Edukasi dan Penelitian Informatika.”
[5] D. Steuperaert, “COBIT 2019: A SIGNIFICANT UPDATE,” https://doi.org/10.1080/07366981.2019.1578474, vol. 59, no. 1, pp. 14–18, Jan. 2019, doi: 10.1080/07366981.2019.1578474.
[6] “Asia Pulp & Paper,” “About - Asia Pulp and Paper.” https://asiapulppaper.com/about-us (accessed Nov. 29, 2022).
[7] " “PT. Indah Kiat Pulp & Paper,” “PT Indah Kiat About Us.” https://indahkiat.co.id/indah-kiat-tangerang (accessed Nov. 29, 2022).
[8] H. M. J. Saputra, A. I. N. F. Abdullah, D. B. Tandirau, E. Ramadhani, and L. H. Atrinawati, “Penyesuaian Sistem Tata Kelola Pada Institut Teknologi Kalimantan Dengan Menggunakan Cobit 2019,” JSI J. Sist. Inf., vol. 12, no. 2, 2020.
[9] G. I. Belo, L. H. Atrinawati, and Y. T. Wiranti, “Perancangan Tata Kelola Teknologi Informasi Menggunakan Cobit 2019 Pada PT Telekomunikasi Indonesia Regional VI Kalimantan,” J. Sist. Inf. dan Ilmu Komput. Prima (JUSIKOM PRIMA), vol. 4, no. 1, pp. 23–30, 2020.
[10] E. Zuraidah and B. M. Sulthon, “Audit Sistem Informasi Penjualan Pada UMKM MAM Menggunakan Framework Cobit 5,”
JURIKOM (Jurnal Ris. Komputer), vol. 9, no. 5, pp. 1450–1459, Oct. 2022, doi: 10.30865/jurikom.v9i5.4985.
[11] F. Arifin and R. Setyadi, “Penerapan COBIT pada Analisis Manajemen Risiko pada Sistem Informasi Desa,” JURIKOM (Jurnal Ris. Komputer), vol. 9, no. 3, pp. 733–739, Jun. 2022, doi: 10.30865/jurikom.v9i3.4315.
[12] R. Auliyah, J. N. U. Jaya, and S. Surmiati, “Efektivitas Penerapan Sistem Informasi Debitur (SID) BRI Dalam Kebijaksanaan Pemberian Kredit Menggunakan COBIT 5 Domain DSS (Deliver, Service, Support),” JURIKOM (Jurnal Ris. Komputer), vol.
9, no. 2, pp. 328–337, Apr. 2022, doi: 10.30865/jurikom.v9i2.4035.
[13] P. A. Adawiyah and L. H. Atrinawati, “PERANCANGAN TATA KELOLA TEKNOLOGI INFORMASI MENGGUNAKAN FRAMEWORK COBIT 2019 PADA PT. XYZ,” J. Teknol. dan Sist. Inf. (JTSI, vol. 1, no. 2, pp. 1–9,, [Online]. Available:
http://jim.teknokrat.ac.id/index.php/JTSI
[14] C. Ebert, A. Vizcaino, and A. Manjavacas, “IT Governance,” IEEE Softw., vol. 37, no. 6, pp. 13–20, Nov. 2020, doi:
10.1109/MS.2020.3016099.
[15] ISACA, COBIT®2019 Design Guide: Designing an Information and Technology Governance Solution. ISACA, 2018.
[16] P. N. Anastasia and L. H. Atrinawati, “Perancangan Tata Kelola Teknologi Informasi Menggunakan Framework Cobit 2019 Pada Hotel Xyz,” JSI J. Sist. Inf. (E-Journal, vol. 12, no. 2, [Online]. Available: http://ejournal.unsri.ac.id/index.php/jsi/index [17] ISACA, “Introduction and methodology,” Schaumbg. ISACA, 2018.
