CC BY
276
IT Governance at Financial Technology Company using COBIT 4.1 Framework and Balanced Scorecard Perspective
Hendry Pratama, Johanes Fernandes Andry
Abstract— PT. Walepay Finansial Teknologi (Walepay) is a Financial Technology Company. In this company, the author wants to know how good Walepay implemented IT Governance. With COBIT 4.1 and Balanced Scorecard, the author will measure the maturity level. The author will measure in AI Domain. There are 7 processes in AI domain, such as Identify Automated Solutions, Acquire and Maintain Application Software, Acquire and Maintain Technology Infrastructure, Enable Operation and Use, Procure IT Resource, Manage Changes, and Install and Accredit Solutions and Changes. For Balanced Scorecard, the author uses Financial Perspective and Customer Perspective. The highest score of Maturity level is 3.2 at AI5 Domain, the lowest score is 2.2 at AI3 Domain, and the average score of all AI Domain is 2.68 in the Defined Level. Recommendations for AI Domain from the author are Walepay need to improve about the acquire and implementation in the company especially about how to maintain technology infrastructure for the future, and also give attention to identifying the automated solution in more advance. For balanced scorecard, Walepay is good in financial perspective, but not good enough in a customer perspective.
Keywords— AI Domain, Balanced Scorecard, COBIT 4.1, Maturity Level.
I. Introduction
Information technology governance audit is intended to map the maturity level of the Information Technology process [1] at PT. Walepay Finansial Teknologi (Walepay) Along with the development of information technology and its utilization which continues to increase from time to time, speed and accuracy information will be a demand for running the economy for the entrepreneurs, communities, or the government [2].
The Success of enterprise governance now has a dependence on how far the IT Governance does. The alignment between IT application with business strategy and organization goals can be achieved through good IT management [3].
Hendry Pratama is student in Department of Information Systems, Faculty of Technology and Design, University of Bunda Mulia (email: redlines1892@gmail.com). Johanes Fernandes Andry is Senior Lecturer in Department of Information Systems, Faculty of Technology and Design, University of Bunda Mulia, North Jakarta, 114430, Indonesia (e-mail: jandry@bundamulia.ac.id).
Walepay is a company that was founded in August 2018 which is engaged in financial technology. Walepay Finansial Teknologi, PT also apply information technology to support them achieve the desired result. That's my reason to know how mature the preparation of governance that has been done by Walepay using a COBIT 4.1 Framework that focuses on Acquire and Implementation (AI) domain.
In this research, the author also used the balanced scorecard. There are 4 balanced scorecard perspectives: (1) Customer Perspective, (2) Financial Perspective, (3) Learning and Growth Perspective, (4) Internal Business Process Perspective. The author will discuss about Customer Perspective and Financial Perspective in this case.
II. Related Literature and Studies
A. IT Governance
IT Governance is a branch of corporate governance which focused on information technology systems and performance management and risks. [4]. IT Governance has a broad definition covering information systems, technology and communication, business and law, and other issues involving all components of the company, like stakeholders, IT users, even information system/information technology inspectors [5]. The success of IT Governance is very determined by the alignment of IT applications and organization goals [6].
IT Governance integrates and institutionalizes good practices from planning and organizing, acquiring and implementing, delivering and supporting, and supervising IT performance to ensure that organizational IT that is implemented supports the organization objectives [7].
B. COBIT 4.1 Framework
COBIT (Control Objectives for Information and Related Technologies) is developed by the IT Governance Institute as a part of the Audit System Information and Control Association (ISACA) [8].
COBIT support clear policies development and best practical steps that can be taken for controlling the information technology in all company [9]. COBIT Framework provides the structure that provides IT processes, IT resources, and information [10] for Walepay.
There are 4 main domains: (1) Planning and Organization, (2) Acquire and Implementation, (3) Delivery and Support, (4) Monitoring and Evaluation [11]. See Fig.1. COBIT
Framework.
Planning and Organization include strategies and tactics, and attention to identifying how IT can maximally contribute to achieving business goals [11].
Acquire and Implementation is to realize an IT strategy, identify IT solutions, developed or acquired, and implemented, and integrated into business processes [11].
Delivery and Support covers areas such as the operation of applications in the IT system and the results, and also support the process that enables the operation of the IT system effectively and efficiently [11].
Monitoring and Evaluation is for management supervision of control process in the organization and independent assessment by internal auditor or external auditor or obtained from another alternative resource [11].
Level., which allows organizations to provide assessment for themselves by explaining to the manager or head about the IT process, by showing the weakness of the existing management and setting the appropriate targets [13].
D.Balance Scorecard Balance Scorecard offers considerable potential to local companies in terms of contributing well to performance improvement and performance measurement improvement [14]. According to Kaplan and Norton, a company that successfully assess its performance not only use a financial measures but also assess their organizational based on 4 perspectives: Customer, Financial, Internal business process, and Learning and growth [15] See Fig. 3. Balanced Scorecard Perspective.
CobiT 4.1 Framework
me1 ne niter s avaiuat« it performance ME2 Monitors evaluate Internal contra I mes EnBurs regulatory compliance ME4 Provide IT govern ance
Information Griten
• Effectiveness
• Efficiency
• Ccrrlidenticity
• Integrity
• AucdabAty
• CcrT1Pk IT RESOURCES
P01 Deri re 3 strategic IT plan PQ2 Define tne information architecture POS Oetermlnethetechnologlcal direction POA Define the ^processes, organisation and
relation ah if a P05 Managetlie IT Investment POS Communicate management almsi direction P07 Manage IT human resources POS Managequallty POS Assess and manage risks P010 M an age project s
DSI Define servies levels
DS2 Man age third-party services
DSS Manage performance and capacity
DM Ensure continuous service
D 55 Ensure systems security
DS6 identify and attribute costs
DS7 Educate and train users
ess Manage BervicedesK and incidents
DS9 Manage the configuration
DSU Manage problems
DSU Ma nage data
DSI2 Ma nage the physical environment DS13 Manage operations
¿11 № entity automated solutions AB Acquire anfl maintain application software AIS Acquire a maintain techno leg y infrastructure a 14 Enable operation and use AI5 Procure IT resources
Vision internal
Customer And Strategy Business Piocess
Fig. 1. COBIT Framework [9] C. Maturity Level
COBIT sees that applying the governance mechanism effectively is not easy, but it must go through the various stage of maturity. The maturity model is to control the IT process, so the management can knowing the position of the organization now, and the position where the organization wants to be [12].
Fig. 3. Balanced Scorecard Perspective [16]
The customer perspective covers the customer objectives such as customer satisfaction, market share goals as well as product and service attributes.
The financial perspective covers the financial objectives of an organization and allows managers to track financial success and shareholder value.
The internal business process perspective covers internal operational goals and outlines the key processes necessary to deliver the customer objectives.
The learning and growth perspective covers the intangible drivers of future success such as human capital, organizational culture, leadership, systems, and databases.
Nun-eiisttnt Initial ReptMlablt [kh[LLd Managed Oplimistd
0 ! 1 3 * S
LEGEND FOR SYMBOLS USED Enterprise current status lnduelry average Enterprise target
Fig. 2. Maturity Level [13]
LEGEND FOR RANKINGS USED 0—Management processes aie nor applied at all I Pruiesüts ilrt id Kol: iinl disorganised 2—Proçencs fallow a regular pattern ,1—Processes arc documented and communicated 4 Processes aie monitored and measured 5—Good pnrcliccï are FolUiwcJ jnd autoiniiLi'd
The maturity level of IT governance based on COBIT 4.1 is a scoring method, from 0 to 5 as in Fig. 2. Maturity
III. Methodology
The first thing before makes research is to knowing and understanding about the problems appear inside the company. There are several steps when doing a research: (1) make a question for interview, (2) analyze the question before you asked, (3) revised the question if it feel not fit, (4) return the interview documents, (5) analyzing the result of interview document, (6) make a conclusion from the result. See Fig. 4. Research Method.
The author will conduct interview with the company. The main speakers are the IT Manager and Staff. There are 5 interview process: (1) literature study, (2) survey to the company, (3) document retrieval, (4) analyze the survey result, (5) make a conclusion. To see the process, see Fig. 5. The Interview Process.
Tab. 1 AI Domain
Fig. 4. Research Method [16]
All the questions are guided by the COBIT 4.1 Framework at Acquire and Implementation domain, after that the author will survey visit to Walepay to know the real condition at the company, after the author thought document was complete, then the next process is to analyze the result document and make a report about the conclusion and make the balanced scorecard
Start —► Literature Study —► Company Survey
1
Conclusion Sumy Analysis Document Retrieval
i
Finish
Process Control Objective Maturity Level
AI1 Identify Automated Solutions 2.4
AI2 Acquire and Maintain Application Software 2.6
AI3 Acquire and Maintain Technology Infrastructure 2.2
AI4 Enable Operation and Use 3
AI5 Procure IT Resources 3.2
AI6 Manage Changes 2.6
AI7 Install and Accredit Solutions and Changes 2.8
Maturity level average 2.68
Fig. 5. The Interview Process [16]
IV. DISCUSSION AND RESULTS
After the author make a company visit to collect the data, the author can measure the maturity level of Walepay based on COBIT 4.1 Framework. The author interview with 5 staff and 1 IT Manager which is related with the information. The author will discuss about Acquire and Implementation domain, covers: AI1 (Identity Automated Solutions), AI2 (Acquire and Maintain Application Software), AI3 (Acquire and Maintain Technology Infrastructure), AI4 (Enable Operation and Use), AI5 (Procure IT Resource), AI6 (Manage Changes), and the last AI7 (Install and Accredit Solutions and Changes).
A. AI Domain
This domain emphasizes how IT solutions are identified, acquired, implemented, and integrated into business processes. AI1 explain about to identify the solution before Walepay wants to make an application or IT solution. AI2 explain how Walepay can acquire the software and how to maintain the software.
AI3 explain how to Acquire and maintain from Walepay Technology Infrastructure. AI4 explain how Walepay to enable the operation and how to use it. AI5 explain about to procure the IT resource like computer procurement, etc. AI6 explain how Walepay manages changes from the old one to the new one. AI7 explain how Walepay to make an installation and accreditation solutions and change in the company.
From the Tab.1. AI Domain, the author will give the explanation about the result of the maturity level as follows:
1 ) AI1 Domain
From the interview with speakers, the author gives 2.4 on a defined level for the result, because the average of them said that Walepay already identifies the solutions but must be further enhanced and specific in conducting a risk analysis.
2 ) AI2 Domain
From the interview with speakers, the author gives 2.6 for the result, because the author thinks that Walepay is good to acquire and run the maintenance, but still not detailed enough in how Walepay run the standard operating procedure in maintenance. Recommendation from the author is Walepay must more detail about how to run standard operating procedure because to minimize the error when doing maintenance process.
3 ) AI3 Domain
From the interview with the speakers, the author gives 2.2 for the result, because Walepay is not good enough in implementing the IT infrastructure, and it still under average standard expectation. Recommendation from the author is Walepay must improve the vital IT infrastructure to support the business process.
4 ) AI4 Domain
From the interview with the speakers, the author gives 3 for the result, because Walepay has met the standard for operating and know how to use it. However, getting 3 for the result it doesn't enough, Walepay must always make an improvement for the future in the operation side to make the business process more efficient.
5 ) AI5 Domain
From the interview with the speakers, the author gives 3.2 for the result, because Walepay is good at procuring IT resource, and Walepay feels that IT resource are very important for running the business.
AI Domain
Current Level > Expected Level Optimum
All
Fig. 6. AI Domain Maturity Level.
6 ) AI6 Domain
From the interview, the author gives 2.6 for the result, because the author thinks Walepay is slightly good enough for integration from the old one to the new one, but Walepay must improve about the impact assessment for the better score.
7 ) AI7 Domain
From the interview, the author gives 2.8 for the result, because the author thinks Walepay is good enough to arrange training, make a testing plan, but still need improvement to implement the changes.
Here, the author will serve the chart about the 7 AI Domain from Walepay. See Fig. 6. AI Domain Maturity Level.
A. The General Recommendations for AI Domain
Recommendations from the author are Walepay need to improve about acquire and implementation in the company especially about how to maintain technology infrastructure for the future, also give attention to identifying the automated solution in more advanced, so Walepay can analyze the correct one.
B. COBIT and Balanced Scorecard Alignment
The Balanced Scorecard is converted from Walepay mission and strategy into performance scorecard, so it can be understood and measured. In the balanced scorecard, the author will be using 2 perspectives, that is Financial Perspective and Customer Perspective.
From the Financial Perspective, there are 3 steps business cycle, that are Growth, Sustain, and Harvest. Growth step is how Walepay processing the investment to run the business, how Walepay develops its business to make a greater profit. Now Walepay still in Growth step and still needs more investment to develop its business. Sustain Step is how Walepay sustains with the existing budget, how Walepay uses the investment as efficiently as possible to survive the next few years. The Harvest step is how Walepay manages the profit. Now Walepay hasn't reached this step at this moment, because Walepay is the new financial technology startup.
From the Customer Perspective, there are 5 steps, that are Market share, customer acquisition, customer retention, customer satisfaction, customer profitability. The market
share is to measure the proportion of Walepay in financial technology segments. Now Walepay needs to develop its business to gain more market share. Walepay is still a small part of players in this segment. The customer acquisition is measure how many new customer/user interest to using Walepay app. To interest new customer/user, Walepay must make a promo or discount to the customer, so that new user will interest in using Walepay app. For now, Walepay has a good customer growth rate. The customer retention is to measure how many customer/user maintains by Walepay, how many user loyal to using Walepay app. Walepay must know the way to make user loyal. With promo or continuous discount. For now, Walepay has not many loyal customers/users, if there any discount, then the customers/users will start using Walepay app. The customer satisfaction is to measure how far the customer/user satisfied using Walepay app. So Walepay always sees the feedback to improve their service. Whether in google play rating or feedback email. Every feedback will be heard and analyze for the next implementation. The customer profitability is to measure how much profit Walepay will get from selling service to customer/user. Walepay always makes a profit from selling every service in the application but in a small margin.
V. Conclusion The conclusion from the research is AI5 (Procure IT Resource) is the highest maturity level with score of 3.2 where the expected level only needs 3. The lowest maturity level is AI3 (Acquire and Maintain Technology Infrastructure) with score of 2.2, while the average of AI domain maturity level with score of 2.68 which is including in the Defined stage. Another rest of AI domain is AI1 with score of 2.4 (Repeatable but Intuitive), AI2 with score of 2.6 (Defined), AI4 with score of 3 (Defined), AI6 with score of 2.6 (Defined), and the last is AI7 with score of 2.8 (Defined).
And for the balanced scorecard, in Financial perspective, Walepay has a good financial service to run the business process for sustain the next few years, and for the customer perspective, Walepay need to maintain the customer acquisition and customer retention with making a promos or discounts which interest many customer/user for using Walepay app.
References
[1] Pardiansyah, A., S. (2015). Audit Tata Kelola Teknologi Informasi Program Studi Sistem Informasi Sekolah Tinggi Manajemen Informatika Dan Komputer (STMIK) Lombok Menggunakan Framework Cobit. Indonesian Journal on Software Engineering. Vol. 1. No. 1.
[2] Sihotang, H., T. (2015). Penerapan Tata Kelola Teknologi Informasi Dengan Menggunakan COBIT Framework 4.1 Studi Kasus Pada PT Perkebunan Nusantara III Medan (PERSERO). Jurnal Mantik Penusa. Vol. 17. No. 1.
[3] Megawati, and Amrullah, F. (2014). Evaluasi Tingkat Kematangan Teknologi Informasi Dengan Menggunakan Model Maturity Level COBIT 4.1 (Studi Kasus PT BRI Cabang Bangkinang). Jurnal Sains, Teknologi dan Industri. Vol. 12. No. 1.
[4] Andry, J., F. (2016). Audit Tata Kelola Di Perusahaan (Studi Kasus XYZ Cargo). Seminar Nasional Teknologi Informasi. Https://Www.Researchgate.Net/Publication/323998144_Audit_Tata_ Kelola_TI_Di_Perusahaan_Studi_Kasus_XYZ_Cargo .
[5] Hartanto, I., D., and Tjahyanto, A. (2010). Analisa Kesenjangan Tata Kelola Teknologi Informasi Untuk Proses Pengelolaan Data Menggunakan COBIT (Studi Kasus Badan Pemeriksa Keuangan Republik Indonesia). Prosiding Seminar Nasional Manajemen Teknologi XI.
[6] Setiawan, H., and Mustofa, K. (2013). Audit Method for Information Technology Governance in Indonesian Government Agencies. IPTEK-KOM. Vol. 15. No. 1.
[7] Supradono, B. (2011). Tingkat Kematangan Tata Kelola Teknologi Informasi (IT Governance) Pada Layanan Dan Dukungan Teknologi Informasi (Kasus: Prguruan Tinggi Swasta Di Kota Semarang). Seminar Teknologi Informasi & Komunikasi Terapan 2011 (SEMANTIK 2011).
[8] Lusiani, C. (2009). Audit IT Governance Kabupaten Sleman. Jurnal Informatika Mulawarman. Vol. 4. No. 2.
[9] Andry, J., F. (2016). Audit Tata Kelola TI Menggunakan Kerangka Kerja COBIT Pada Domain DS dan ME di Perusahaan Kreavi Informatika Solusindo. Seminar Nasional Teknologi Informasi dan Komunikasi 2016 (SENTIKA 2016).
[10] Sihotang, H., T., and Sagala, J., R. (2015). Penerapan Tata Kelola Teknologi Informasi dan Komunikasi Pada Domain Align, Plan, and Organize (APO) dan Monitor, Evaluate and Assess (MEA) Dengan Menggunakan Framework COBIT 5 Studi Kasus: STMIK Pelita Nusantara Medan. Jurnal Mantik Penusa. Vol. 18. No. 2.
[11] Azizah, N. (2017). Audit Sistem Informasi Menggunakan Framework COBIT 4.1 Pada E-Learning UNISNU Jepara. Jurnal SIMETRIS. Vol. 8. No. 1.
[12] Utomo, A., P., and Mariana, N. (2011). Analisis Tata Kelola Teknologi Informasi (IT Governance) Pada Bidang Akademik dengan COBIT Framework Studi Kasus pada Universitas Stikubank Semarang. Jurnal Teknologi Informasi DINAMIK. Vol. 16. No. 2.
[13] Tambotoh, J., J., C., and Latuperissa, R. (2014). The Application for Measuring the Maturity Level of Information Technology Governance on Indonesian Government Agencies Using COBIT 4.1 Framework. Intelligent Information Management. Vol. 6. No. 1.
[14] Andry, J., F. (2016). Performance Measurement of IT Governance: A Case Study. Jurnal Sistem Informasi. Vol. 12. No. 2.
[15] Rehof, P., and Holatova, D. (2013). Application of Balanced Scorecard Method as A Tool For Strategic Management Of Choosen Municipality. International Conference 2013.
[16] Andry, J., F., and Sebastian, B. (2018). Conceptual Framework for Successful IT-Governance and BSC for Service Industry. International Journal of Inovative Science and Research Technology. Vol. 3. No. 5.
J. F. Andry is a Senior lecturer in Department of Information System, Faculty of Technology and Design, Bunda Mulia University, Jakarta, Indonesia. He received his Master of Computer Science from Budi Luhur University in 2006. His research interests are in the area of Audit, Information System and Software Testing.
He has publish article in International Journal of Open Information Technologies, vol. 7, no.5, April 2019, pp. 51-58, with paper title is Evaluation and Recommendation IT Governance in Hospital Base on COBIT Framework and Journal of Theoretical and Applied Information Technology indexed by Scopus with title Improving Quality of SMEs Information System Solution with ISO 9126 and International Journal of Innovative Science and Research Technology with title Conceptual Framework for Successful IT-Governance and BSC for Service Industry and more journal such as Jurnal Sistem Informasi Universitas Indonesia, etc
