Analysis of IT Performance on Management HR of Equity Firm Using COBIT 5

An Indonesian equity company is involved in project management for the construction of mechanical systems and the development of electrical and chemical waste treatment systems. With a strong emphasis on continuous improvement and customer satisfaction, the company is dedicated to enhancing its services. However, additional human resources are needed, particularly in the IT field, to align with the business objectives that have not yet been achieved. Despite establishing a minimum requirement of ten years of work experience, the study employs the COBIT 5 framework to evaluate the competency levels in IT governance. The analysis reveals four crucial domains: APO01 (Managing the IT Management Framework), APO07 (Human Resource Management), APO12 (Assessing and Managing Risks), and EDM04 (Ensuring Resource Optimization). It is evident that both EDM04 and APO01 are currently at level 1 and have not reached the desired level. Furthermore, APO07 and APO12 are at level 2 and still need to progress towards their ideal targets. Although Human Resource Management has performed satisfactorily, there is room for improvement in the upcoming year to further enhance its performance.


INTRODUCTION
Technology continues to advance rapidly, playing a vital role in today's dynamic business landscape. As technology becomes increasingly sophisticated, the importance of addressing information technology within business development becomes paramount, as it directly impacts stakeholder value creation. The profound impact of digitalization has revolutionized companies, driving innovation and efficiency in business models and serving as a catalyst for company survival and growth [1]. Consequently, companies that have embraced digital transformation rely heavily on information technology to enhance and maintain their performance. systems, as well as chemical waste treatment [2]. Renowned for its expertise in project management and implementation, the company has successfully undertaken numerous projects, particularly in the realm of power plant mechanical services. Emphasizing accountability and prioritizing client satisfaction, the company consistently strives for continuous improvement to meet customer needs [3]. However, to fully leverage its extensive project experience and support business growth, the company recognizes the imperative of integrating information technology into its operations. Furthermore, despite setting a minimum requirement of ten years of work experience, there is still a need for additional human resources, particularly in achieving alignment between the business and IT departments.
Based on initial interviews conducted within the company, several issues emerged as contributing factors to the failure of several projects involving the HRIS application. These problems encompassed a lack of focus on enterprise risk management and the need for robust HRIS applications. Primarily, these issues stemmed from the company's inability to effectively manage servers within Google Cloud, resulting in inadequate resources to accommodate the increased number of HRIS users and strain on its IT infrastructure.
The absence of standard operating procedures (SOPs) and specialized SOPs for the risk management division further exacerbated the problem. Additionally, the lack of SOPs for server management and maintenance compromised company data security, as all employees were granted access to company data for processing HRIS applications [4]. These challenges underscore the company's requirement for an audit of its existing information technology governance [5]. It is crucial, especially for companies relying on Human Resource Information Systems as daily operational tools, to undergo an evaluation of their IT governance practices [6].
The aim of this study is to conduct a comprehensive evaluation of the company's information technology governance, focusing on its Human Resource Information Systems (HRIS). By analyzing the existing IT governance framework, including risk management, server management, and data security protocols, the study aims to identify areas for improvement and propose actionable recommendations to enhance the company's IT capabilities. Ultimately, this research seeks to support the company in aligning its business and IT departments, optimizing the utilization of information technology, and strengthening overall performance and data security within the HRIS environment.
652 | Analysis of IT Performance on Management HR of Equity Firm Using COBIT 5

Research Stage
The research consisted of multiple stages, as depicted in Figure 1. Figure 1 illustrates the methodology employed to assess the governance capacity of the organization in question. The research framework encompassed the following steps [7]: The initial step of the research involves conducting a preinterview with the company. Based on a brief description provided by the company, relevant questions are asked to gather information. This process helps uncover the company's background and specific issues. 2) COBIT 5 Analysis Process: The findings from the pre-interview, including the identified problems and corporate history, are utilized in the COBIT 5 analysis process. These details are integrated into the analysis process by establishing enterprise goals, aligning them with IT-related goals, mapping IT-related plans to COBIT 5 processes, and creating RACI charts and audit records using the selected COBIT 5 approach. The deliverables at this stage include the chosen COBIT 5 processes, RACI charts, and audit documentation [8]. 3) Data Collection: The audit process involves collecting relevant data. This involves gathering reliable information and evidence through interviews and literature reviews, as well as examining business documents. Discussions are held with the company's CEO, industry and business executives, and IT professionals. Once the data is collected, the COBIT 5 criteria are applied for further review [9]. 4) COBIT 5 Process Capability Level Measurement: After determining the capacity level for each process within the organization, a gap analysis is conducted to identify areas for improvement and establish organizationspecific benchmarks. If a significant capability gap is detected, indicating a substantial shortfall in expected performance, the research proceeds to document audit papers and consolidate them into a comprehensive report. Based on the competency assessments, findings, and gap analyses of this stage, recommendations for changes are proposed [10]. 5) Audit Result Report: In the final phase of the study, the assessment of the organization's information technology governance is evaluated. If any competency gaps are identified through the audit assessment, the results from previous stages are utilized to address and close those gaps, thereby improving the overall competency level. This phase concludes with recommendations on how the company can enhance each method and progress to higher levels of competency.

Data Analysis Technique
To conduct a governance study following the capability model in the COBIT 5 framework, and incorporating organized technical analysis, the study encompasses the following phases [11], [12]:

1) Maturity Levels
In the event that the techniques employed in a process fall short of achieving its objectives, the process can still be classified into one of six capacity levels [13]: a) Level 0: Signifying an incomplete process. b) Level 1: Denoting a process performed at a basic level. c) Level 2: Reflecting a managed process. d) Level 3: Indicating an established procedure. e) Level 4: Representing a predictable process. f) Level 5: Signifying an optimization procedure.

2) Rating Scale
A four-point rating scale is employed to assess the capability of a process [14], [15]: a) N -Not Achieved: This category indicates that the defined attributes of the process assessment are rarely demonstrated. The output for this category ranges from 0% to 15%. b) P -Partially Achieved: This category indicates that the identified traits during the assessment process have been demonstrated in various instances. The output for this category falls between 15% and 50%. c) L -Largely Achieved: This category signifies evidence of a methodical approach and significant success in achieving the specified criteria during the evaluation process. The output for this category ranges from 50% to 85%. d) F -Fully Achieved: This category indicates that the examined process provides proof of a thorough and organized approach in achieving the stated criteria. The output for this category falls between 85% and 100%. These phases and assessment measures enable a comprehensive governance study utilizing the capability model within the COBIT 5 framework, while employing structured technical analysis.

3) Gap Analysis
Gap analysis is a crucial process in determining the steps needed to bridge the gap between the current situation and the desired position or goal. By comparing the organization's present performance with the future performance goals set, gap analysis provides valuable insights. It is envisioned that gap analysis will evolve as a prominent technique for evaluating businesses, focusing specifically on the performance gap between the company's current state and its intended state [16]. This analytical approach plays a vital role in strategic planning, enabling organizations to identify areas of improvement and develop effective strategies to close the performance gap and achieve their envisioned objectives.

Pre-Interview
During the Zoom pre-interview, a series of targeted questions were posed to the company sources, based on which the valuable insights regarding the organization's issues and history were obtained. The interactive nature of this preliminary step fostered a productive exchange of ideas and information, allowing for a comprehensive understanding of the challenges faced by the company. By delving into the specifics of the company's circumstances, such as its operations, goals, and past experiences, the pre-interview laid a solid foundation for the subsequent stages of the study. The knowledge gained from this informationgathering process served as a guiding compass, informing the direction and focus of the study as it progressed towards its objectives.

COBIT 5 Analysis Process
The process selection in COBIT 5 focuses on evaluating the efficacy of each governance process within the organization, particularly in areas that necessitate further enhancement. This assessment is carried out with reference to sources [5], [9], [11]. Table 1. Enterprise Goals to IT-Related Goals

Enterprise Goals Goals
Internal 11 Internal -Optimisation of business process functionality 1, 7, 8, 9, 12 13 Internal -Managed business change programmes 1, 3, 13 14 Internal -Operational and staff productivity 8, 16 15 Internal -Compliance with internal policies 2, 10, 15 Learning and Growth 16 Skilled and motivated people 16 Table 1 breaks down enterprise goals into IT-related goals, which are identified through interviews with Mr. Yuswil, the director of the company. These interviews serve as a valuable source for identifying enterprise goals. Once the enterprise goals have been determined, the next step involves mapping them to IT-related goals, utilizing the insights gained from the selected enterprise goals. Table 2 serves as a valuable resource for tapping into the IT-related goals of the COBIT 5 process, establishing a solid foundation for its subsequent utilization. The operation involves a structured approach comprising five stages, encompassing the following IT-related goals: 1) Internal -Ensuring IT compliance with internal regulations.
2) Learning and Growth -Cultivating a skilled and motivated workforce consisting of both business and IT personnel. 3) Internal -Facilitating access to reliable and actionable information to support effective decision-making. 4) Internal -Optimizing IT assets, resources, and capabilities to enhance overall efficiency and effectiveness.  5   5) Internal -Delivering programs that meet requirements, adhere to quality standards, and are completed within designated timeframes and budgets. Each of these stages outlines specific objectives within their respective domains, providing a comprehensive framework for aligning IT-related goals with the COBIT 5 process. Building upon the insights gathered from discussions with the company's Director, the mapping of IT-Related Goals has led to the development of Table 3, which showcases the Mapping COBIT 5 Process. From this mapping exercise, four domains have emerged as the focal points for assessment, namely EDM04, APO01, APO07, and APO12, as clearly depicted in Table 3. Based on a careful analysis of the mapping exercise and in-depth discussions with the company's Director, the selection of these specific domains can be justified by the following rationale: 1) Domain EDM04 (Ensuring Resource Optimization) was chosen because the EDM04 process has the goal of ensuring sufficient IT-related capabilities (human resources, technology and processes) to support business objectives with optimal cost effectively outlays as well as opportunities to increase benefits and realisation of future preparation changes.
2) The organisation chose Domain APO01 (Managing IT Management Framework) and wished to assess and enhance IT management internally.
To keep in line with corporate principles and policies and ensure to stay in line with corporate regulations and policies and make sure that the appropriate processes and authorities are in place and line with them. 3) Domain APO07 (Human Resource Management) was chosen because the company wants to measure and improve quality requirements in human resources, plan, place, coordinate, foster, motivate and control the human resources working in the company. 4) The organisation plans to keep records on and establish quality standards for all business procedures, techniques, and outputs. This includes tracking and documenting the use of best practices and ongoing efforts to standardise efficiency and improvement. The domain APO12 (Assess and Manage Risk) was chosen.

Data Collection
The selected processes will undergo a thorough examination using a set of carefully formulated questions derived from COBIT 5, as indicated by the summarized results presented in Table 6. Three informants have been chosen based on the relevant COBIT 5 processes, namely: EDM04 -Ensure Resource Optimization Together with the Company's Business, APO01 -Manage Human Resources Together with the Company's CEO, APO07 -Manage Human Resources, APO12 -Manage Risk, and DSS03 -Manage Problems Together with the Company's IT. These processes were the focus of the interviews conducted, enabling a comprehensive assessment of the organization's practices within these specific domains. By engaging with informants associated with these processes, the assessment aims to gather valuable insights and perspectives to inform the evaluation and improvement of governance practices related to resource optimization, human resource management, risk management, and problem management.

Calculation of Capability Level
In this stage, the capacity level is determined by calculating the average score across subprocesses at each level. This allows for an accurate assessment of performance  Table 4 provides an overview of the testing conducted at different levels. Level 1 testing focused on EDM04.01, specifically examining the execution of operational procedures, resulting in an overall score of 80. Level 2 testing targeted DSS01.02, assessing the management of outsourced IT services, yielding an overall score of 80. Lastly, Level 3 testing examined DSS01.03, which involved monitoring IT infrastructure, and achieved an overall score of 85. Based on the overall measurement score of 81.66 for EDM04, it can be concluded that the capacity level for this domain is Fully Achieved.   Now, turning our attention to Overall, these results signify that APO12 has successfully achieved the Fully Achieved level, with an average score of 81.83. These measurements offer a clear and comprehensible representation of the performance levels observed in APO07 and APO12 domains. They not only highlight their achievements but also identify potential areas for further improvement. Upon analyzing the obtained results, it can be inferred that EDM04 and APO01 have successfully attained Level 1 in terms of capability. However, despite reaching Level 2, APO07 and APO12 do not fulfill the necessary criteria to advance to the subsequent levels. As a result, their achievement remains fixed at Level 2. To gain a comprehensive understanding of the capability level accomplishments, as shown in Table 8. This in terms of capability attainment. The identified gaps, as illustrated in Figure 2, are elaborated upon as follows: 1) In the case of EDM04, the company aspires to achieve Level 3, while for APO01, the target level is Level 2. However, based on the initial calculations conducted, the progression halts at Level 1. Consequently, the established targets set by the company have not been met. 2) Similarly, the results obtained from the calculations for APO07 and APO12 fall short of the targets defined by the Halal company. In the case of EDM03 and APO12, the desired level set by the Halal company is Level 3. However, the initial calculations indicate a termination at Level 2. Given that none of the selected domain processes have achieved the desired targets, a comprehensive report will be prepared to document the findings. This report will be followed by appropriate actions and measures to enable the company to eventually reach the required target levels.

Audit Reporting
The audit results report comprehensively covers various aspects, encompassing the identification of findings along with their corresponding impacts. Additionally, it incorporates recommendations and suggestions aimed at addressing the identified areas of concern. Upon concluding the audit process, the final stage entails reporting the results and conducting a thorough follow-up on the previously provided directions. This critical step involves carefully considering both the recommendations for improvement and the suggested enhancements for each selected and assessed process. By diligently addressing these valuable insights, the company can proactively strive towards enhancing its overall governance and operational effectiveness. Further insights into this pivotal stage of the audit process shed light on the significance of implementing the recommended measures and utilizing the suggested improvements. By leveraging these insights, organizations can pave the way for continuous growth and advancement in their governance practices, ensuring long-term success and resilience.
The audit results report serves as a comprehensive and insightful document that encapsulates essential findings, their consequential impacts, and recommendations for improvement. It provides valuable guidance by shedding light on areas that require attention and proposes measures to enhance performance and mitigate risks. The significance of conducting a thorough analysis of the audit results and carefully considering the provided recommendations and suggestions cannot be overstated. By actively addressing these insights, organizations can proactively embark on a path towards bolstering their governance practices, optimizing operational processes, and ultimately attaining long-term success.
Moreover, the subsequent follow-up actions following the audit results play a crucial role. This critical stage calls for the implementation of recommended measures and the utilization of suggested improvements to drive positive change. By promptly and appropriately acting upon these insights, organizations can effectively bridge identified gaps, address areas of concern, and continuously enhance their overall performance. The discussion places strong emphasis on harnessing the audit process as a catalyst for organizational growth and development. By embracing the valuable insights gleaned from the audit results report, organizations can foster a culture of continuous improvement, ensuring adaptability, resilience, and alignment with best practices.
Conclusively, the audit process, accompanied by the reporting of results and subsequent follow-up actions, assumes a pivotal role in driving advancements in governance and operational effectiveness. By conscientiously considering the findings, recommendations, and suggestions outlined in the report, organizations can proactively elevate their overall performance, make well-informed decisions, and achieve sustainable success.

CONCLUSION
The research on measuring the company's capacity level using the COBIT 5 framework yields the following conclusions. The EDM04 and APO01 processes have achieved only level 1 (one) with a "Largely achieved" status of 81 and 66 and 82 and 75, respectively, indicating a gap of 2 for EDM04 and a gap of 1 for APO01. Consequently, these processes cannot progress to the next level since they must reach a minimum threshold of 85. Similarly, the APO07 and APO12 processes have reached level 2 (two) with a "Largely achieved" status of 82 and 71 and 81 and 83, respectively, each with a gap of 1. Therefore, these two processes are unable to advance to the next level, level 3, as they must attain a minimum threshold of 85. Based on the recommendation summary, the following suggestions are proposed. For EDM04, it is recommended to provide education and training for all resources within the company, with a focus on staff training. As for APO01, updating the company's IT system and introducing a new system are advised. In the case of APO07, it is recommended to conduct socialization efforts and provide specialized training for developing the company's IT capabilities. Furthermore, adding staff members who possess a strong understanding of IT is also recommended. Lastly, for APO12, it is suggested to prepare a comprehensive document containing principles, policies, and objectives related to risk management. Regular evaluation of these risks, along with the establishment of standards and procedures to optimize IT risk management, is essential. Additionally, forming a dedicated team to oversee IT risk management is highly recommended.

ACKNOWLEDGMENT
We would like to extend our sincere gratitude to Multimedia Nusantara University for their invaluable assistance, support, and resources throughout the completion of this research. Their unwavering backing and dedication to their service played a crucial role in the successful execution of the study. Additionally, we would like to express our heartfelt appreciation to all those involved who provided us with extensive support and assistance in crafting this study.