Leveraging COBIT 2019 Framework to Implement IT Governance in Business Process Outsourcing Company

The company specializes in delivering information and technology services to businesses operating in the same industry. Recognizing the pivotal role of information technology in achieving its vision, mission, and goals, the company emphasizes the proper implementation of IT governance to drive overall company success. To evaluate the management of IT resources, the study employs the COBIT-2019 framework for measurement. The data collection approach encompasses interviews, questionnaires, observation, and document analysis. The findings indicate that most IT governance processes currently operate at level 2 capability. However, the company aspires to reach level 3 for these processes. Consequently, recommendations are proposed to enhance these processes based on the best practices outlined in COBIT-2019. Key suggestions include implementing performance measurements and facilitating access to knowledge repositories to foster skill and competency development.


INTRODUCTION
Information Technology (IT) has become increasingly prevalent in various companies, contributing to improved company performance and the achievement of business goals. A forward-thinking company recognizes the practical value IT can offer in both primary and support activities [1]. When aligned with a company's vision and mission, IT can be instrumental. Conversely, mismanaged or underutilized IT can lead to problems that jeopardize the company's security, such as data disruptions, leaks, and errors in decision-making due to miscalculations [2]. With the integration of information systems, it is expected that data consistency among systems will enhance the performance of information systems and services for the community, providing accurate data for decisionmaking and management policies [3].

Melissa Indah Fianty, Maximillian Brian| 569
Outsourcing (BPO) provider, we enable companies to focus on their core competencies. Established in 2012, our company specializes in human resource services for IT and non-IT sectors, offering BPO and Maintenance Services. Our primary focus lies in delivering information and technology services to companies requiring expertise in this field. However, we have faced several challenges hindering the realization of our vision and mission. These include inadequate human resources training, the absence of an integrated attendance system, resulting in manual data exchange, frequent system crashes impeding employee performance, and delays in data exchange between divisions. Knowledge transfer during employee turnover also poses difficulties, as the training process becomes more time-consuming. Retaining and transferring knowledge becomes crucial while new employees struggle to adapt to their roles. These problems have posed obstacles to our company's IS/IT development and have hindered our employees' work. Consequently, we have implemented preventive and remedial measures, including staff training and system improvements. Seeking an assessment of our corporate governance's ability to manage IT resources, we aim to prevent similar issues in the future and ensure efficient and effective utilization of our information technology. To achieve this, we employ the COBIT-2019 framework, an international standard for IT governance. We hope to see broader adoption of this framework in the management field, as it serves as a tool and standard for determining the capability level of IT resource management within our company [4].

METHODS
The method used for implementing Information Technology Governance or IT Governance uses the COBIT-2019 framework in companies, employing a qualitative approach method. This involves collecting data related to the conditions and needs of IT in companies to analyze the capability level of IT governance [5].

Research Methods
This study evaluates information technology governance in companies using the COBIT-2019 framework by following a methodology that describes the interrelationships between stages, ensuring the research progresses in a directed and systematic manner. The following is the framework for this research.

Data Collection
At this stage, relevant data is collected by reviewing relevant literature or conducting field observations by using questionnaires and interviews to obtain relevant data.

Mapping Enterprise Goals to IT Related
Mapping the Business Goals of the company to explore more deeply the relationship between business goals and the existence of information technology used by the company.

Mapping Alignment Goals
Identify what IT Goals the company is trying to achieve by aligning with the business goals of the company.

COBIT 19 Process Determination
Identify what IT Goals the company is trying to achieve by aligning them with the company's business goals.

Measurement Capability Level
Identify what COBIT domains and IT processes align with the company's IT goals and the scope of IT governance identified from the company's problems and business goals [7].

Counting Gap Analysis
Measuring the level of IT governance capability from the process, which has been mapped and identified with existing problems. Analysis of the results of the interviews is translated into a capability level of each process to know the value of IT governance from the company. The method used to measure the level of capability using the PAM (Process Assessment Model) is carried out by collecting questionnaires and interviews from companies [8]

Recommendations
Compare the results of the COBIT-2019 process capability measurement with the level of IT governance capability expected by respondents. After obtaining the current level of capability (as-is), it will then be compared with the expected capability level (to-be) to produce a gap analysis to obtain what processes need to be carried out to increase capability and recommendationmaking [9].

COBIT 19 System Method
COBIT was developed based on two principles, namely principles that describe the core requirements of a governance system for information and technology companies and principles of a governance framework that can be used to build a governance system for companies [10]. COBIT is a framework for enterprise information and technology governance and management intended for the entire enterprise [11]. Enterprise I&T means all the technology and information processing that a company does to achieve its goals, regardless of where this happens in the company [12]. In other words, enterprise I&T is not limited to the IT department of a company but certainly includes it [13]. The COBIT framework makes a clear distinction between governance and management.

Data Analysis Technique
There are 2 data analysis techniques used: 1. Capability Level Analysis, the analysis of the capability level or level of capability in this study was based on the interviewees' answers regarding the evaluation given to informants during interviews for all selected COBIT-2019 functions. This assessment will consider the scale used to determine whether the COBIT-2019 process stops or continues to the next level [15].
The following is the scale used: a) N: Not Achieved (0 to 15%) We found little or no evidence-gaining scale related to the computed process attributes. b) P: Partially Achieved (> 15% to 50%) There is some evidence of the scale of the estimated process attribute gain. Some attribute gains may be unpredictable. c) L: Largely Achieved (> 50% to 85%) There was evidence of a systematic approach to scale and significant achievement of the calculated process attributes. Some of the weaknesses related to this attribute are that it is contained in the calculated process. d) F: Fully Achieved (> 85% to 100%) Found complete evidence of a systematic approach scale and full achievement of the calculated process attributes. 2. Gap Analysis, In this, a gap analysis was carried out by comparing the ability level scores expected by the company based on the ability calculations that have been carried out. Based on the results of this gap analysis, it is recommended that the company can make improvements to reach the desired level or level. Also, the company hopes that the system owned by the company can always maintain the security of its information and reduce risks that can be borne by the company that will arise in the future [16].

Governance Assessment
There has never been an assessment of IT resource management governance used in the company. Given the continuous growth and advancement of information systems, which always involve innovation, the company recognizes the importance of conducting an assessment of the existing IT resource management governance. This assessment aims to ensure that the IT governance aligns with the company's vision and mission.

Mapping Enterprise Goals to IT Related
Through the results of interviews and the identification of documents related to the CEO of the company, the goals and objectives of the company are obtained. From these objectives, a mapping table is created to align the company with the COBIT-2019 Enterprise Goals. In Table 1, the results of alignment goals mapping are based on company goals, namely AG12 and AG13. From COBIT-2019 and Enterprise Goals-Alignment Goals, only those marked with the P (Primary key) symbol were selected, while the S (Secondary key) symbol was not dominant, so they were not chosen. The company's corporate goal is to provide IT service solutions with high-quality talent. To achieve the company's goals, alignment goals are needed, namely, to get and train every employee so that each employee himself has high quality. Moreover, outsourcing companies need qualified employees so more clients will trust them. EG01 Portfolio of competitive products and services AG13 Knowledge, expertise and initiatives for business innovation The company has a corporate goal to become a leading technology-based outsourcing service provider and to achieve this goal. It is connected to the AG13 alignment, namely, to have insight, expertise, and initiatives for business innovation so that the company has a competitive Table 2 explains the enterprise goals used, namely EG01, and the alignment goals used, namely AG13, regarding knowledge, skills, and initiatives for business innovation. The selection of enterprise and alignment goals is based on the company's goals as a service provider company aiming to improve the quality of their services using the established goals.

COBIT 19 Process Determination
In Table 3, the selection of the IT process is carried out due to the problems experienced by companies regarding Human Resources, including a lack of training in human resources and an attendance system that often encounters issues when recording employee attendance. These problems can be addressed using the COBIT-2019 framework, specifically the APO07 domain concerning Managed Human Resources. The capability level will be measured using the APO07 domain to enhance the system's effectiveness and resolve these issues.

Measurement Capability Level
After distributing the questionnaire to determine the level of capability owned by the company, the following results were obtained, explained in the following table. Table 4 describes the condition of the capability level the company currently has, namely in the APO07 domain, namely managed human resources.  Table 5 shows the capability level gap identified by the company. The target is set at level 3, while the current position of the company is at level 2 with an average score of 77.2%. The assessment criteria require an average score of > 80% for each level to progress to the next level. Therefore, it can be concluded that the company currently possesses a capability level of 2 and an average score of 77.2% for level 3. As a result, it is unable to advance to the next level and remains at level 2.  Figure 2 illustrates the graph depicting the achievement of the IT governance capability level, as obtained with the targets set by the company. The APO07 process has a capability level of 2 with an average score of 77.2%. Based on the presented results, it can be concluded that the APO07 process has not yet reached the desired capability level target. Thus, it is evident that there exists a gap between the current capability level and the targeted level of capability.

Recommendations
The results of the distribution of audit documents were carried out and given to the company in the form of a questionnaire. The audit documents were divided into various subtypes, each with a questionnaire for each capability level. From the questionnaire results, some of the problems that occur in the company can be analyzed as follows. 1. Training is not carried out regularly so that the quality of employee skills is not balanced between one another. 2. Too dependent on some IT staff who have more significant experience and skills. 3. Documentation of system creation is often not carried out and is ignored by IT Developers. 4. Knowledge management is not implemented within the company, so new employees sometimes need help adapting.
From the findings and the impact, it has on the company, then some recommendations for improvement can be given to help the company to fix the problems they have. In Table 6, the recommendations given are as follows: Based on the results of the capability level achieved, in order to help the company, reach level 3 in the APO07 domain. In Table 7, the recommendations given are as follows: Periodically review training materials and programs 3 Provide access to knowledge repositories to support skills and competency development 4 Develop and deliver training programs based on company requirements and processes 5 Compile the results of a 360-degree performance evaluation 6 Implement a recognition process that rewards commitment, competency development and achievement of performance objectives 7 Implement and communicate a disciplinary process 8 Identify gaps and provide input into enterprise and IT sourcing plans and recruitment processes. 9 Defines all work performed by external parties in a formal contract

CONCLUSION
the mapping of IT Governance in companies, aligned with IT-related goals derived from stakeholder interviews and the vision of "providing IT service solutions with high-quality talent and becoming a leading technology-based outsourcing service provider," has identified appropriate COBIT-2019 IT-related goals. These goals encompass areas such as staff skills, motivation, productivity, and a portfolio of competitive products and services, which are essential for the company's success. The assessment of the APO07 domain, which addresses Managed Human Resources, revealed that it currently operates at level 2 (Partially Achieved), indicating a significant level of accomplishment. To advance from level 2, it is necessary to meet the process capability indicators, which will require improvement efforts, strategic planning, and meticulous management. The aim is to elevate the APO07 domain to the next level of capability.
To enhance the APO07 domain, it is recommended that companies periodically review training materials and programs, develop tailored training initiatives aligned with company requirements and processes, identify, and address any skill gaps, contribute to sourcing plans and corporate/IT recruitment processes, and establish Standard Operating Procedures (SOPs) in accordance with COBIT-2019 guidelines. Furthermore, improving the process levels from level 2 to level 3 can be achieved by documenting all system activities and organizational structures following the RACI Chart. These measures will facilitate the timely identification and resolution of potential issues in the long run. By implementing these recommendations and striving for excellence in IT Governance, the company can ensure the alignment of its IT practices with its vision and goals, thereby enhancing its overall performance and competitive edge in the industry.