Analysis of Information Technology Governance Using COBIT 2019 Framework (Case study: PT. Bangkit Anugerah Bersama)

PT Bangkit Anugerah Bersama is a pharmaceutical company that focuses on distributing medical devices to various pharmacies in major cities in Indonesia, in carrying out its business processes PT Bangkit Anugerah Bersama has implemented information technology and continues to grow to create innovations. innovation in utilizing technology, in this case, it is necessary to design IT governance at PT Bangkit Anugerah Bersama, so this research was made which aims to design IT governance using COBIT 2019 so that business processes and IT implementation can run in harmony. The method used in this research is descriptive by conducting interviews with IT staff at PT Bangkit Anugerah Bersama. The research problem of this research is how is the implementation of information technology governance using COBIT 2019 Framework at PT Bangkit Anugerah Bersama? The analysis of the design of information technology governance in this study uses a design toolkit that includes 10 design factors from COBIT 2019. Based on the research conducted, it produces a design of information technology governance with a total of 4 domains that are important for the company, this is taken from sub-sections that have value ≥ 50 of them are BAI06, BAI03, BAI11 and BAI02.


INTRODUCTION
The rapid development of Information Technology (IT), requires companies to develop their business processes using existing IT. This has resulted in information technology playing an important role in supporting any growth in the company's business processes, but in balancing IT and the company's business processes, it is necessary to have good governance as a means to measure IT performance in the company. The IT governance process is useful for ensuring that organizational goals can be achieved by evaluating stakeholders, then directing and delegating and monitoring [1]. IT governance is important because it is not only a supporter but can be a determinant of organizational success [2]. If an organization has implemented IT governance well, then the organization can get benefit realization, risk optimization, and resource optimization [3].
In realizing the implementation of IT governance in the organization, the framework that will be used is COBIT 2019. COBIT 2019 is used as a guide in this research because COBIT 2019 is the latest version of the COBIT management guidelines issued by ISACA at the end of 2018. In IT Governance, COBIT 2019 is used as a tool that can assist organizations in controlling and maximizing the role of information and technology. Based on this research, it is hoped that it can help organizations optimize risk management, increase awareness of an advantage, and optimize their resources [4].
By seeing the importance of IT governance in an organization, it would be better if it was applied to PT Bangkit Anugerah Bersama. PT Bangkit Anugerah Bersama is a company engaged in the pharmaceutical sector, this company focuses on distributing medical devices to various pharmacies located in various big cities in Indonesia. PT Bangkit Anugerah Bersama was founded in 2009 and is committed to providing the best and most trusted service. PT Bangkit Anugerah Bersama has implemented information technology to assist business processes running within the organization. The application of information technology at PT Bangkit Anugerah Bersama continues to increase. With the significant application of information technology to run its business processes, PT Bangkit Anugerah Bersama has not yet implemented IT governance. This is evidenced by the absence of an IT governance design at PT Bangkit Anugerah Bersama.
There are also several basic supporting theories related to Information technology governance, and COBIT 2019. Information technology governance is a constellation of concepts related to a number of dimensions, such as policies, facilities, technology, processes, resources, culture, and others. etc. Each of these domains can be a trigger for the implementation of an effective governance system depending on the organizational context. In information technology governance, it is very important to distinguish the definitions related to governance and management. These two things have some significant differences [5].
COBIT is a framework released by the IT Governance Institute (ITGI) which is run internationally on information, information technology, and risks related to organizations, and can be used in determining the IT used and maximizing control over IT, in COBIT 2019, there are system design guidelines IT governance that is included with the stages and steps in the design process. By following these stages and steps, the governance system will later be adapted to the organization or company that will be formed. COBIT can be used to support the concept of IT governance which is defined as a structure of relationships and processes in directing and controlling an organization or company to achieve its goals by adding value together in balancing risks and processes that occur [6] There are several references in the preparation of this research, the first is a study entitled "Data Technology Governance Design using COBIT 2019 at PT Steven Chrisdianta Putra, Agustinus Fritz Wijaya | 1137 Telekomunikasi Indonesia Regional VI Kalimantan" in the study it was explained that Architectural Managed Industry with a core value model was 55 which reached the target level of capability. 3 which is related to building a universal architecture consisting of business processes, data, information, applications, and technology architecture structures and creating models and key applications that describe the underlying architecture and objectives that align with the industry and IT strategy. APO12 (Managed Risk) with a core model value of 80 achieving the next level 4 goal APO13 (Managed Security) with a core model value of 60 achieving a capability level 3 objective BAI02 (Definition of Managed Requirements) with a core model value of 50 achieving a capability level 3 objective BAI03 (Managed Solving and Identifying Builds) with a core value model of 70 which achieves the capability target level 3 then there is BAI06 (Managed IT Substitution) with a core value model of 80 which achieves the capability target level 4 [7].
The next reference is entitled "Analysis and Design of Information Technology Governance Using the 2019 COBIT Framework at PT. XYZ year 2021" research conducted in food and beverage companies. This company in supporting its business processes already uses information technology but requires a design to align information technology with business goals. COBIT 2019 becomes the framework used in analyzing and designing information technology governance. The results obtained are 5 important processes or domains, namely, DSS02 (Managing incidents and service requests), DSS03 (Managing Problems), DSS05 (Managing Security Services), BAI09 (Managing Assets), and MEA03 (Managing Compliance with External Requirements) [4]. Information technology is a very important tool today, especially the use of information technology in government can increase efficiency and effectiveness as well as accountability of government administration. In planning the management of information technology, an information technology governance is needed. This is very much needed so that organizational goals can be achieved with the right and efficient process [8].
The existence of Information Technology (IT) has a lot of influence in various fields including Information Systems (IS). Most companies and organizations currently use IS and consider the implementation of IT/IS as an important part of business processes and operational support for companies and organizations. However, implementing IT/IS requires a large investment and high risk. overall monitoring, supervision, and evaluation so that every business goal of the organization can be achieved with the use of IT [12].
The last reference is "Data Technology Governance Design using COBIT 2019 at PT. X" PT. X needs to carry out an IT governance design using the COBIT 2019 framework which is an improvement from the previous COBIT. This study aims to design IT governance using COBIT 2019. From the IT governance design carried out, it is hoped that PT Bangkit Anugerah Bersama can find out whether the IT governance carried out has supported and aligned with the goals and vision of the organization, PT Bangkit Anugerah Bersama. can find out business process priorities from the largest scale, to produce governance designs that can produce appropriate recommendations so that they can help PT Bangkit Anugerah Bersama in optimizing existing IT management.

Figure 1. Research Phase
This research will be divided into three stages, the first stage begins with determining the topic of the problem and collecting literature as a theoretical basis for research from various sources, then proceeds with needs analysis such as selecting the right governance domain and using a framework that is appropriate to the problem topic.
In the second stage, the required data was collected using the interview method to Mr. Nanda Nafiri Natanael as IT staff at PT Bangkit Anugerah Bersama. After the interview with the resource person was completed, the results were synchronized with the observations made by the researcher. Then the next process is data validation, to ensure all design factors are appropriate. This is to the vision and mission carried out by PT Bangkit Anugerah Bersama to always provide the best service, where the company always prioritizes customer comfort, and PT Bangkit Anugerah Bersama also always strives to develop, correct errors through customer complaints, and become better in the future, considering that PT Bangkit Anugerah Bersama is a company that focuses on distributors, it focuses more on client service/stability and growth/acquisition strategies.

Enterprise Goals
The design factor of the enterprise goals, it aims to identify the company's goals which are divided into 13 sub-sections. Based on the results of the interview, it was found that the main purpose of PT Bangkit Anugerah Bersama can be seen in the image below. In the enterprise goals factor design, it is found that subsections EG05, EG06, and EG07 are worth 5, this is because PT Bangkit Anugerah Bersama prioritizes a service culture that is oriented to customer satisfaction, this is in accordance with the results of the first factor design whose strategy focuses on client service and growth. PT Bangkit Anugerah Bersama is very concerned about service to customers and is always open to criticism and suggestions and makes it a step to Steven Chrisdianta Putra, Agustinus Fritz Wijaya | 1141 always develop. This is in accordance with the objectives of developing egovernment in Indonesia based on Presidential Decree No. 3 of 2003 is to encourage the implementation of electronic-based government (using) in order to improve the quality of public services effectively and efficiently [11].

Risk Profile
The design factor of the risk profile, it aims to identify the existing risk profile in the company, this factor design is divided into 19 sub-sections. The result of this factor design is expected so that the company can estimate how big the impact will be from the existing risks. Based on the results of interviews with PT Bangkit Anugerah Bersama, the results are as shown belows.

Figure 4. Design Factor Risk Profile
In the design of the risk profile factor there are three sub-sections that have the highest score, the logical attack sub-section gets a score of 10, the supplier incident sub-section gets a score of 9. and the last one the data and information management sub-section gets a score of 8. In the logic attack sub-section gets a score highest because PT Bangkit Anugerah Bersama has experienced data loss because there is no data backup on the software used, and what most often happens if the computer suddenly turns off due to a third party either from a virus, power failure, or damaged hardware, then data that has been previously inputted and has not been saved will immediately be lost, resulting in the company having to re-enter the data to be used. The supplier incident sub-section gets the second highest score because PT Bangkit Anugerah Bersama as a distributor company must deal with suppliers and customers, for supplier problems that often occur are delays in the supply of goods so that goods cannot be directly distributed to customers and result in losses due to late payments. The data and information management subdivision got the third highest score due to the lack of management in processing data at PT Bangkit Anugerah Bersama, the software used on average does not auto save and there is no backup, so companies need to re-enter data if there is a problem with the computer running. they are caused by a third party. The design factor of the related issue, it aims to identify IT-related problems at PT Bangkit Anugerah Bersama, the same as the previous factor design but more focused on IT, this factor design will be divided into 20 sub-sections. Based on the results of interviews with PT Bangkit Anugerah Bersama, the results is shown in Figure 5. The results of the interview related to design problems found that there were two design factors that had the highest value each getting a value of three, this happened because PT Anugerah Bersama had experienced data loss caused by a third party, for example when there was a sudden power outage, the computer will turn off and all data that has been inputted but not saved will also be lost, because in the software system used there is no auto save and backup feature if the computer used suddenly turns off, and when the computer turns off then all IT processes are carried out. it can no longer operate, considering that the company does not yet have a replacement generator to supply power outages. This is certainly very detrimental to the company, causing the company to take longer to input the missing data one by one. In this process, IT operations have not been carried out optimally because they do not yet have SOPs for computer and system maintenance [9]. This stage is the stage to determine the initial area of governance and management. At this stage, the information that has been collected from the first to fourth design factors is put together, and after that it is processed so that it gets the components that are important to get governance and management systems that are in accordance with the company. Summary of Initial Governance Plan and Management Objectives obtained results as shown above. There are the top 5 Governance and Management Goals with the highest scores. Governance and management objectives include DSS02 (Managed Service Requests and Incidents), APO12 (Managed Risk), APO13 (Managed Security), DSS04 (Managed Continuity), DSS05 (Managed Security Services).

IT Threat Landscape
The design factor of the threat landscape, it aims to identify the typical threats that will be faced or experienced by PT Bangkit Anugerah Bersama, this factor design will be divided into 2, namely high and normal. Based on the results of interviews with PT Bangkit Anugerah Bersama, the results are as shown below.

Figure 7. Design Factor IT Threat Landscape
From the interview, it was found that the results of PT Bangkit Anugerah Bersama, there is a normal threat of getting a value of 60% and a high threat of 40% this is because PT Bangkit Anugerah Bersama tends to operate within a normal threat level, the threats faced are still internal and most can still be controlled by the company, but does not rule out the possibility of a high-scale threat.

Compliance Requirement
The design factor of the compliance requirement, it aims to identify the company's compliance with applicable laws or requirements, both internal and external to the It can be seen that Support has a value of 4 because the role of IT is very supportive in business processes and services at PT Bangkit Anugerah Bersama, such as administration using Google Drive as a supporter of business processes. Then Factory has a value of 2 because when an IT failure occurs, it does not directly have a big impact on the continuity of business processes. Turnaround has a value of 1 because the role of IT at PT Bangkit Anugerah Bersama helps in developing innovation and increasing its business value. While strategic has a value of 2 because the use of IT can facilitate PT Bangkit Anugerah Bersama in carrying out business processes.

IT Sourcing Model
The design factor of the IT sourcing model, it aims to identify how the company's IT resources procurement model at PT Bangkit Anugerah Bersama, this design factor will be divided into 3, namely outsourcing, cloud, and in-sourced. Based on the results of interviews with PT Bangkit Anugerah Bersama, the results are as shown below.

Figure 10. Design Factor IT Sourcing Model
The results of the interview related to design problems found that there were two The results show that outsourcing has the highest percentage, which is 50% because PT Bangkit Anugerah Bersama uses third-party service providers, such as in developing and making software. On the other hand, the second highest percentage is a cloud with a percentage of 30% because PT Bangkit Anugerah Bersama uses more cloud-based tools to support its business processes, such as Google Drive, Google Sheets, Google Docs, and Google Mail. As for the insourced sub-section, the percentage is 20% because PT Bangkit Anugerah Bersama has IT staff who act as IT support, such as supervising and operating the existing software.

IT Implementation Method
The design factor of the IT implementation method, it aims to identify how the implementation method is applied to PT Bangkit Anugerah Bersama in developing IT, this design factor will be divided into 3, namely agile, DevOps, and traditional. Based on the results of interviews with PT Bangkit Anugerah Bersama, the results are shown below.

Figure 11. Design Factor IT Implementation Method
It was found that the agile method got a value of 100% this is because PT Bangkit Anugerah Bersama in carrying out its IT implementation uses the agile method. PT Bangkit Anugerah Bersama chose to use the agile method because developing it requires a short time and can adapt quickly if there is a change in any form.

Technology Adoption Strategy
The design factor of the technology adoption strategy, it aims to identify how to adopt technology that is applied to support business processes at PT Bangkit Anugerah Bersama, this design factor will be divided into 3 namely first mover, follower, and slow adapter. Based on the results of interviews with PT Bangkit Anugerah Bersama, the results are as shown below.

Figure 12. Design Factor Technology Adoption Strategy
It was found that PT Bangkit Anugerah Bersama adopted 60% follower, 30% slow adapter and 10% first mover. This is because PT Bangkit Anugerah Bersama is only trying to keep up with developments, not trying to create a new idea, tends to only utilize existing technology, considering that PT Bangkit Anugerah Bersama is a distributor company, according to IT companies it is not a major role in running a business process, only as a support. PT Bangkit Anugerah Bersama is also not in a hurry to adopt new technology, and chooses to keep using old technology while it still functions well.

CONCLUSION
Based on the analysis that has been done above on PT Bangkit Anugerah Bersama, it can be concluded that there are 4 domains that are important for the company, this is taken from the sub-sections that have a value of 50 including BAI06, BAI03, BAI11, and BAI02. PT Bangkit Anugerah Bersama can pay attention to the four domains as follow. 1) BAI06 Managed IT changes, this domain focuses on changes in information technology used, and applications used in running business processes, this domain aims to reduce the negative impact of uncontrolled changes in information technology. 2) BAI03 Managed solutions identification and build, this domain focuses on identifying and creating managed solutions and determining the maintenance of the technology used, including maintenance of business processes, to be able to create the right solution to save time and costs and be able to support company goals. 3) BAI11 Managed Project, this domain focuses on managed IT projects, the projects that are run need to be managed to run according to the strategies that have been previously designed by the company, this is useful for minimizing unexpected risks that will disrupt the running of the project, ranging from costs that are not within budget to the project objectives were not achieved. case, it is expected to form optimal solution that can meet the company's needs in minimizing risk and maximizing the function of the solution.
Suggestions that can be given for further research are to continue research in terms of measuring the capability level value along with the distance from each value difference based on the information technology governance design that has been made as above.