Risk Priority Analysis for Change Management on E-Government using RIPC 4 and AHP

A project cannot be separated with the name of the risk, not the exception to the abstract information technology projects, and can only be perceived benefits in the long term. So, it becomes a very important thing to manage risk properly so helpful to the success of the project. In this paper, we contribute to the model in analyzing the priorities of risk to the project E-Government to adopt the model of risk assessment using RIPC 4 and Analytic Hierarchy Process (AHP) in assessing the risk, so it can know which risks a priority to perform the procedure changes in the implementation of e-government based on the strategy used in the process of change management.


INTRODUCTION
E-Government will generally involve several digital technologies and information systems, including databases, networks, collaboration services, multimedia, search, and security and privacy technologies. Many affairs and fields must be handled by the government, thus triggering quite complex problems. So, before an affair becomes a problem, it is necessary to conduct a risk assessment to prevent it. The community's demands to get good and fast service from the government as a people's service continuously encourage the government to improve services to improve performance. The government makes changes by adding to the things that do not exist and are needed and reducing and even eliminating what can decrease performance. With the change, it is expected that government performance can increase more optimally, but the challenge of change is not easy, so it takes commitment from various interested parties to achieve mutually beneficial goals. Change can be achieved well if done ongoing, as in the JD Edward ERP software implementation case study at PT. Semen Gresik Group takes 1.5 years with various stages that are long and not easy. However, finally, JD Edward ERP software was successfully implemented at PT. Semen Gresik Group so that the results and benefits can be felt until now. Another case study is the implementation of e-Procurement and other e-Government projects by the Surabaya City government; as Tri Rismaharini said, this e-Government project reduces the potential for corruption and can also save the state budget up to hundreds of billions of rupiah [3]. It can be concluded that changes in government services need to be done as a solution to problems to improve government confidence and performance.
The problem in e-government projects is not in the sector behind technology or the process, but rather the problem of actors or people in the application of egovernment projects [ 4]. Fundamental problems in the implementation of egovernment arise when available work is opposite, and processes collide with local traditional culture and hierarchical command and control of the structure of government agencies. Because the process of change meets cultural values and violates a hereditary mindset, the process of change in the e-government domain must proceed in continuity and strategic manner rather than a thorough redesign. So, one of the important factors in change management is the continuity or sustainability of the transition process and organizational change in influencing stakeholders to adapt to the new business processes of the e-government project.
Risk assessment can be defined as a systematic process for analyzing, identifying, controlling, and communicating risks, probabilities of events, and effects into systems and organizations. Risk assessment should culminate with coping specifications to reduce risk to become an integral part of the system cycle design and implementation process and allow documentation for education and decisionmaking for allocating resources for proper risk mitigation to the most at-risk areas for the change management process to provide optimal benefits further. [1] mentions that, in general, the elements included in the risk assessment are as follows: 1. Identify the constituents of the system and the background in which the system operates. 2. Identify threats that can be harmful and have a critical influence on operations and assets. Such threats can be intruders, criminal acts, disgruntled employees, terrorists, natural disasters, and others. 3. Estimates of possible threats occur based on historical information, research, and assessments from competent individuals. 4. Identification and grouping of the value, sensitivity, and importance of an operation and assets that could be affected if the threat arises to determine which operations and assets are most important. 5. Estimates of which operations and assets are most sensitive from potential loss or damage if such risks occur, costs for recovery. 6. Specifications and justifications of cost-effective controls to eliminate or mitigate risks and facilitate business continuity. This process may include a new policy constitution of the organization and procedures and technical or physical controls. 7. Documentation of the results of the development of action plans and risk assessment policies.
RIPC 4 is a model developed for risk assessment in E-Government to secure projects to achieve goals successfully.
In addition, RIPC4 also used the Analytical Hierarchy Process (AHP) method, i.e., another popular tool widely used to solve problems with several criteria as described by Zahedi. [6]. this technique is also used by Wu [7] to establish the relative weight of each risk factor. The AHP technique is already very often used extensively by researchers involving the principles of decomposition, pair comparison, and priority vectors. Although the purpose of AHP is to capture expert knowledge, conventional AHP fails to reflect the human style of thinking.
The purpose of combining these two methods is to produce a new method that collaborates to determine risk assessment priorities based on the risk management strategies used, namely: transfer, avoid, mitigate, and accept. With the collaboration of these two models, it is expected to determine which priorities are risks that must be resolved immediately based on the level categories contained in the field of e-government. The change management process is carried out so that e-government increasingly provides optimal benefits.

METHOD
In this study, researchers did 2 major steps: 1) conducted a literature study around the topic taken, then 2) Doing modeling.

Literature Studies
Decision-making is a complex process of concepts, and it consists of structural logic and objective consideration of all the factors involved in decision-making. Different factors are usually clear, qualitative, intangible, undecked, and subjective, making it difficult to quantify them.

E-Government
E-Government is a way for governments to use new technologies to provide people with easier access to government information and services, improve the quality of services, and provide greater opportunities to participate in democratic institutions' processes. In addition to providing new ways to work with citizens, companies, or other administrations, e-government also pays attention to the surrounding environment by creating an integrated environment for the development, deployment, and maintenance of services. However, in such egovernment changes, the political and economic environment, regulations, and laws change over time, and e-government services need to evolve steadily. [8][9] The era of information openness becomes mandatory, not least in government, which is the largest field of public affairs service in a country. The development of information and communication technology is one of the most important momenta to make changes in service to the community so that people can receive services more quickly, transparently, and satisfactorily.

Change Management
Change management is making things different and going in a better direction. Karen Coffman and Katie Lutes explain that change management is a structured approach to help organizations and people transition slowly but surely from the present to the desired state [10]. Another definition according to Holger Nau Heimer, another definition of change management is a process, tool, and technique for organizing the process of change on the side of people to achieve the necessary results and realize change effectively through change agents, teams, and broader systems [10]. According to Curtis W. Cook in his book Management and Organizational Behavior, several factors cause change, including [11] 1. Technological developments, such as technology that can replace/accelerate work. 2. Economic conditions, fluctuations in interest rates, international labor levels, and government regulations. 3. Global competition, the increasingly advanced economies of Asian countries, the unification of the European Union. 4. Social and Demographic changes, increased attention to environmental issues, increased levels of education, and living standards gaps. 5. Internal challenges, problemsproblems of corporate behavior, such as employee inflows, strikes, work ethics, and organizational politics.

Analytic Hierarchy Process
In 1980, the Analytic Hierarchy Process, or AHP, was designed by Thomas L.  [17] According to Satay, the basic structure of AHP starts from a specific decision objective and places it at the top of the AHP hierarchical structure. The goal is then decomposed into a secondary area that contributes to achieving the goal, called the criteria. Confidence is a complex decision-making problem that is broken down into smaller and simpler decision-making problems and contributes to achieving the original goal. These criteria are sometimes decomposed again into further sub-criteria. 5. Countermeasure cost: Since costs are not always based on the financial context and may involve other factors such as design complexity and organizational procedures or social procedures, they have a qualitative assessment between zero and ten on a numerical scale for all countermeasures of each risk. 6. Coverage threshold: This section represents an acceptable scope of nosebleeds that designers estimate that they should aim for there. The values used in this section have between zero to the fullest on the numerical scale. Coverage threshold depends on Impact, probability, and cost. The higher the Impact and the more likely it is to occur or approach the Impact produced by risk, the resulting Threshold will be closer to the Impact. The higher the cost will lower the Threshold, which can be seen as a low limit fail-safe coverage and a measure of margin coverage that we have. : has a scale from zero to ten and is the scope of risk by countermeasures. Coverage works like a Threshold, but it signifies the true effects of countermeasures. It should not be lower than the Threshold and at least the same as Impact unless designers take calculated risks because of cost.
RIPC 4 matrix, the first two dimensions (impact-probability) serve as the main pillar in risk assessment, while the next two dimensions serve as pillars for risk management, and the last three dimensions provide a self-check feedback mechanism to help evaluators with good information from countermeasure and balance between cost and coverage.

Modeling
In conducting the study, we referred to the RIPC4 model, which serves as a [1]checklist assessment tool to identify risks where each level on RIPC4 acts as an alternative to the analysis phase with AHP. While the criteria used are basic strategies in dealing with risk: avoid, transfer, mitigate, accept as in the chart arrangement that the author created based on the document example of the application of AHP with the title of Transportation Model Selection in DKI Jakarta with Policy Analysis "Analytical Hierarchy Process" can be seen in figure  1.  The steps taken in conducting priority analysis with the proposed method are as follows: 1. Do risk assessment by using the RIPC4 model by [1] filling in the matrix as the basis for assessing alternative interest levels. (2)

RESULTS AND DISCUSSION
Based on the steps on the proposed method, we created the simulation by applying the step using dummy data on three alternatives of the E-Government Risk Level on the RIPC4 matrix model in analyzing risk priorities based on the approach criteria used. The three risk alternatives evaluated in the simulation are end-user, Contractor, and financial. The risk evaluation results in the simulation will be determined priority in risk under the strategic approach carried out.

Risk assessment on each alternative. RIPC 4 Matrix
In the RIPC 4 matrix, there are seven normative dimensions as described in section 2.2. of this paper. There are some initials in the following table: 1. I = the impact dimension.

P = is the probability dimension.
3. CSF is a critical success factor. 4. Ct = is the Coverage Threshold dimension. 5. Co = is the coverage dimension.

Level End-User
The following is a table of some of the risks that arise at the end-user level in the e-government project case study, which is then assessed with certain criteria. The assessment results in this table will be explained in section 4 of the case study.

Level Contractor
The following is a table of some of the risks that arise at the contractor level in the e-government project case study, which is then assessed with certain criteria. The assessment results in this table will be explained in section 4 of the case study.

Level Financial
The following is a table of some of the risks that arise at the financial level, one of the parts that play an important role and a major influence on the success of a project, whether IT or non-IT. The assessment results in this table will be explained in section 4 of the case study.

Calculation Results
In the matrix used, it can be known that the results of calculations for alternatives to RIPC4 are as follows: The criteria used in the case study is Avoid with criteria: risk by having a large impact and difficult to reduce is better avoided, coverage margin is closer to 1, then coverage follows risk impact that can help reduce Impact. In this case, the risk that needs to be avoided is the risk that has a high impact but low coverage.
So that from the results of previous calculations can be concluded: 1. The higher the value of Ri , the risk should be avoided.
2. Low Ci value allows reducing the Impact of risk so that the closer to one, the value of Ci will reduce the priority to avoid risk.
Interest-level relationships are divided into nine scales: 1-Equal Importance, 3-Moderate importance, 5-Strong importance, 7-Very strong importance, 9-Extreme importance (2,4,6,8 value among them). So that the relationship between the criteria is as follows: 1. End-User and Contractor: end-user has a lower Ri value than the Contractor by 0.878 points and a Ci value higher by 0.302, so it is assumed the Contractor is more important to avoid than the end-user with a scale of 4.

End-User and Finance
End-User has a higher Ri value than financial as much as 0.10878 points and a lower Ci value of 0. 067613, so it is assumed end-user is more important to avoid financially with a scale of 2.

Contractor and Finance
The Contractor category has a higher Ri value than the financial category of 0.9875 points and a lower Ci value of 0. 370388, so it is assumed the Contractor category is more important to avoid than the financial category with a scale of 7.

AHP Analysis
In the AHP analysis, we included the criteria's parameters and the importance level of the criteria to alternatives such as those contained in Gambar 5 below. After the calculation is obtained, the consistency ratio is 0.2% so that inconsistency can be accepted. While the results and matrix of calculations can be seen in figure 3.

Rank-based sorting
From the results released by the AHP calculator available online, we also get a priority table as in figure 4, so that in the simulation obtained priority rating in avoiding risk for this case study is 1. contractor level, 2. end-user level, 3. financial level. Figure 4 shows the results of the AHP rating wherein case studies recognized contractor levels have a higher priority with a priority of 71.5%, followed by enduser level with 18.7% and financial level at 9.8%. In figure 2, a consistent ratio value of 0.2% indicates no significant inconsistency in the results. So based on the simulation of data processing from the AHP model and RIPC4 model can be concluded if the priority of risk that must take precedence is at the contractor level, then the end-user level, and finally, the financial level.