CC BY
71
IT Strategy Driven Performance Measurement Based on BSC and COBIT
Kevin Christianto, Julia Loisa, Johanes Fernandes Andry
Abstract—The Company's performance appraisal is conducted to measure the manager level in managing existing business processes using BSC and combined with COBIT 4.1 which is the benchmark for IT/IS performance. Domain measurements are performed using the PO1, DS7, DS11, DS13, and ME1 domains. For the use of BSC the author uses internal perspective of the company. In the PO1 domain get the maturity level of 1.83, the DS gets the value 1.5, while ME get the value 1.5. The level to be implemented is Level 3 for the organization. It can be summarized that IT/IS management in this organization had effectiveness but not yet fully maximized in the process of achieving its process of business, this paper was conducted to be material for consideration & evaluation of companies to improve their IT governance.
Keywords—Effectiveness; COBIT; Balance Score Card; IT Governance.
I. INTRODUCTION
Information System (IS) can present accurate information and may be recognized by the organization as a tool for the development of a competitive company and is regarded as one of the most valuable strategic resources [1]. The effectiveness of an Information Communication Technology (ICT), nowadays it is a very urgent role for ICT/IS managers to get excellent results, amount, and period, every day is getting bigger and more presentations obtained from increasing effectiveness in the company is very good and IT to support the organizational processes of a company, it is very important for development and renewal and for strengthening the foundation or framework of the organization and elaborating the scope of an organization [2]. Effectiveness in the maintenance of information technology can only be known if one can identify a strategy in particular IT governance [3]. Because the maintenance of IT governance can be a reference to be able to achieve the business process IT strategy that is expected of a company. From strategy design to governance is an information-based identification process that supports the organization to achieve the results obtained from the business processes of the company, organizational strategy in improving managers must analyze the results of performance in the organization, because IT performance can affect the company's strategic objectives [4]. The company now understands the importance of IT as the foundation of the company and as a
Kevin Christianto, Julia Loisa and Johanes Fernandes Andry is a Lecturer in Department of Information Systems, Faculty of Technology and Design, University of Bunda Mulia, North Jakarta, 114430, Indonesia (email: kevin.hikoza@gmail.com1, jloisa@bundamulia.ac.id2, j andry@bundamulia.ac.id3).
treasure in improving their function and can value-added services to their organization; the technology will capture all business processes that provide an effective and efficient business strategy [5]. Companies in the implementation of measurement of business performance, specifically, the balance of the monitor and the initial performance achieved, both are involved in introducing and implementing strategic business process management in a company with an evaluation of the alignment of the existing business processes, and thirdly to facilitate communication within the firm and also with parties outside the company both internally and external communication, and mutual cooperation with different criteria [6].
Pharmaceutical companies in Indonesia have implemented information technology in the overall processes that occur in their business, their business process movement is very dependent on technology, without technology, the company can't do anything. In the discussion of this paper we will know the business processes, structures and relational mechanisms in the company which supports a performance of IT performance in the company. An organization is a pharmaceutical company to produce pharmaceuticals and distribute it to large Pharmaceutical, medicine reseller and drug store; the company was founded in early of 1970.
Control Objectives for Information and Related Technologies (COBIT) is critical because it is a common basic of framework which allows companies to achieve the governance and organization that they have done performance management objectives [7]. COBIT is a set of guidelines that apply to IT standard and synergy in harmony with their goal of business, IT and business to gain a stability of advantage to each other, IT resources are used responsibly, IT risks are managed appropriately [8]. The use of BSC revolutionized the concept of open thinking about performance metrics and corporate strategy [9]. Given the measurement of IT governance with COBIT, the BSC provides a benchmark to the process of business process strategy at the company, the organization has a better view of what needs to be achieved and how the company's performance optimizes the supporting aspects of BSC [10]. BSC has 4 perspectives in its use; in the present BSC assessment will use one perspective that is the perspective of internal business processes. What business processes we should do, in the long-range and short-range to achieve financial objective and customer satisfaction. The success of an efficient and complex measurement of the company can provide innovation and achievement of indicators from several areas of information [11].
It is not enough just to select multiple areas, using random indicators and look forward to getting the
information needed to manage innovation. Problems that occur in the company appear on the monitoring system. Where the system does not record data traffic so that data sent uncontrolled and unconfirmed in the system. In this case the company has known the problem but there is no further action and the company wants to audit the information system to ensure the problem. So if seen from the above problems then the effectiveness in the company is not yet expected, then it is necessary to do an audit using COB IT and BSC to measure and obtain useful documentation for the development of the enterprise. This BSC has benchmarks to assess the overall process on the company while COBIT as a benchmark on the IT governance of the company, the BSC and COBIT must work together to achieve a perfect strategy [12]; [13]. From four Balanced Scorecard perspectives, this study takes two perspectives only in terms of learn and develop, and from or located within the business process on enterprise IT systems, while the domain COBIT used is PO1, DS7, DS11, DS13, and ME1. The purpose of this study is to determine the Performance of IT Governance System in this pharmaceutical company, whether the company is already applying well or not in the governance of the system. The security, data integrity, effectiveness and efficiency, IT tools and IT business processes in the company.
II. RELATED LITERATURE AND STUDIES
A. COBIT
COBIT is a means of measuring the standard of control Information technology is generally useful to balance between risks and investment in the scope of information technology [14]. A Controlling Objective for Information and Technology on (COBIT) provides effective practice and efficiency to the entire framework and activity components in a flexible structure [15]. The COBIT 4.1 framework attributes the contribution to the fulfillment of business strategy needs, identifies the main IT resources and management control objectives, the COBIT 4.1 framework agreement consists of four (4) territory that all support each other to manage IT i.e. the Planning and Organization domains, the Procurement Domains and Implementations, Domains Delivery and Support and Domains Supervision and Evaluation [16].
B. Maturity Index
capability side and process of business from the firms, evaluation phase is divided into 6 levels, shown in Table 1. Maturity Index [17].
C. Balanced Score Card
BSC is an achievement company strategy measurement tools from semi-basic structured report, supported by design method and support tool, which can be used by managers to track performance of a business process performed [18]. There are 4 BSC models designed to handle dependence on financial measurement systems, customers, internal business processes and growth all purely in assessing the performance of a company so as to gain success in achieving a business objective [19]. By the BSC, objective of a company are not just stated in but are expressed in the measure by which the company creates value for existing and current clients, and how it should increase its domestic company capabilities including investments in community of employee, methods, and procedures needed to achieve better achievement at future [20].
D. Performance Measurement
Company performance is a measure of the success rate of a management in managing a company's resources, especially on investment management as an effort to create value for shareholders [21]. The notion of performance as conveyed by is the result of work that is influenced by the structure and behavior of industries in which the usual results are identified by the amount of market dominance or the amount of profit a company in an industry [22].
E. IT Governance
IT governance is a structured concept between the relationships, processes and strategies used for the IT strategy development stage, controlling IT strategies and resources, bringing the appropriate roadmap strategy to reach the targets and purpose of the company [23]. IT governance functions for strategic alignment, value delivery, resource management, risk management, performance measurement functions to ensure the relevance of business plans and IT, in determining, maintaining and validating IT values, and ensuring IT processes with organizational processes run together and as a foundation of the company [24].
Table 1 Maturity Index [171
Scale Description Index
0.00 - 0.50 Non-existent 0
0.51 - 1.50 Initial/Ad Hoc 1
1.51 - 2.50 Repeatable but Intuitive 2
2.51 - 3.50 Defined 3
3.51 - 4.50 Managed and Measurable 4
4.51 - 5.00 Optimised 5
Maturity index are a systems for assessment progress level in IT/IS management in the organizations. Index assessment at the firms or organizations, the IT management gives the expected level index is 2.51 - 3.50 (Description level is Defined). It does can be seen from company
III. Methods
The research method is an activity that aims to find the facts in the writing of this thesis the author uses two kinds of research methods of research analysis and data collection methods. First Initial Identification Stage the researcher determines the formulation of the problem that will want to do research, then this research developed through the concept of the mind of the study library, so this study analyzed from journals that already exist and will be used as a reference for research on this pharmaceutical company. Stages of collection, processing and analysis data after that researchers set up domains that will be ready to be assessed and analyzed to support the effectiveness of the company's performance, can be seen in Figure 1 Research Methods
COBIT. The research was conducted by observation and interview.
Specifying 3 Problem —► Reviewing the Literature
Analysis BSC «— Determíneme BSC'S Perspective
IT goals —* Repport
Identification of business processes
Const: «is
identifying how IT/IS can be give the best contribution in the achievement of organizational business objectives to form a good and right organization with good and right technology, of course infrastructure gain value on the domain PO1 of 1.83 which means the strategy of this IT aspects of IT strategic planning have been recognized by IT management. IT strategic planning is discussed only a few times in IT management meetings. Technology alignment takes place reactively and not by an organization wide strategy. Strategic risks are used informally on one project to another.
Table 2 Process Domain PO
Figure 1. Research Methods COBIT [25].
Observation is done to see the operational processes running in the company and ensure that the results of the interviews that will be done properly and in accordance with the company's processes of business.
Sub-Domain PO Control Objective Maturity Level
Sub PO1.1 IT/IS Value Management 2
Sub PO1.2 Business-IT Alignment 1
Sub PO1.3 Assessment of Capability or Potential and Performance 2
Sub PO1.4 IT Strategic Plans 2
Sub PO1.5 IT Tactical Planning 2
Sub PO1.6 IT Portfolio Management 2
Average 1,83
Figure 2. Research Methods BSC
Schedule level and this research are based on BSC which has 4 perspectives that is in terms of finance, customer or client, internal or domestic business process, knowledge or learning and growth. The interview process was conducted by interviewing IT Manager and IT Staff within the company. From the interview results, we process and we value from the day of researching that we can get the maturity level of the research we get and we also get performance measurement results IT System, in the company obtained benchmarks the performance of the System at the company, and can be concluded whether the company has a performance measurement is very good or not, can be seen in Figure 2 Research Methods BSC.
IV. Result and Analysis
These sections briefly about analysis sub domain from COBIT are PO, DS, ME, IT Goals and Process IT Goals.
A. Planning and Organization domains (PO)
In this domain can be seen Table 2 Process Domain PO, that the right strategy and precise tactics regarding
B. Decision and Supports (DS)
In this domain it can be seen in Table 3. Process Domain DS, concluded that the results obtained from DS7, DS11, and DS13 have an average of 1.50 which means the company has applied the relationship with the desired service delivery.
Which consists of operations on the security system and aspects of business continuity up to the procurement of training but management is not too focused on the problems in training users, manage data and Manage operations. The result of this DS will be a management evaluation in organizing the company's IT governance.
Table 3 Process Domain DS
Domain DS Control Objective Maturity Level
DS7 To educate and training users 1.00
DS11 Manage Data 1.67
DS13 Manage Operation 1.80
Average 1,50
C. Monitor and Evaluate domain (ME)
Table 4 Process Domain ME
Sub Domain ME Control Objective Maturity Level
Sub ME1.1 To Monitor Approach 1
Sub ME1.2 To Definition and Collection of Monitor Data 1
Sub ME1.3 To Monitor method 2
Sub ME1.4 Performance Assessment 2
Sub ME1.5 Board of Director and Executive Reporting 2
Sub ME1.6 To Remedial Actions 1
Average 1,5
In this domain can be seen Table 4 Process Domain ME, how IT can control and evaluate the system running in the company. The process of overseeing the management of IT in the organization of all controls applied to each IT process should be regularly monitored and assessed periodically. This domain focuses on the problem of controls applied
within the organization, internal and external checks. In the ME domains that are only ME1 grabbed the monitor process that gets the value of 1.50 which means the implementation of monitoring has been implemented but not yet fully and still has not had the purpose of this monitoring on IT management in the company.
D. Information Technology (IT) Goals
Table 5 IT Goals COBIT Criteria
No Company Goals Process Effectiveness Efficiency Confidentiality Integrity Availability Compliance Reliability
1 Respond company requirement in synergy with management strategy PO1 ME 1 P P S S S S S
2 Respond to governance requirement in line with board management direction PO1 ME 1 P P S S S S S
3 To make sure the pleasure of end-users with the service offering & service level DS7 DS13 P P - S S - -
4 Optimizing the use of information DS11 - - - P - - P
5 Ensure transparency & understand of IT cost, benefit strategy, policy & service index ME1 P P S S S S S
6 Ensure proper use & performance of the applications & technology solution DS7 P S - - - - -
7 Optimize the IT infrastructure and resource DS7 P S - - - - -
8 Ensure that critical & confidential information is withheld from those who should not have access to it DS11 - - - P - - P
9 To make sure that IT services and infrastructure can properly and also be able to withstand & recover from a failure that occurs due to an intentional attack error DS13 P P S S
10 Make sure that IT service are available as required DS13 P P S S - - -
11 To make sure IT fulfillment with law and statute DS11 - - - P - - P
12 To make sure that IT shows the results of quality services that are cost-effective, get continuous improvement and readiness ME1 P P S S S S S
In this discussion, the authors also use Balanced Scorecard. The Balanced Scorecard standard is used by authors because the BSC is used to assess key performance indicators (KPI). KPI are used to help companies and organizations effectively manage and guide the progress made by them. KPI has a very important role in managing the progress of a company. Therefore, the company is finally compulsory to have a clear vision and mission and practical steps to be aware of these objectives. And not only that, companies with KPI can assess the achievement of meaningful performance, will be what has been done before. Is it right or not. Because KPIs are one effective measurement tool for organizations in a company, the Primary Performance Indicator should also reflect a goal that certainly all companies will achieve. In this study, the authors use internal process perspective balanced scorecard which later on this perspective can measure the level of business processes in the company.
Base on Table 4 IT Goals COBIT Criteria, serves to map the business objectives, which have been prepared in accordance with the BSC, in accordance with the objectives and criteria of IT information. In the business objectives table prepared BSC only 1 perspective that is used internal
process. The business objectives applied are 5, i.e. to improve and take care of business process functionality, reduce process charge, provision of fulfillment with external regulations, Constitution, and contracts, to provided that adaptation with domestic regulations, and to managed business transformation. Each of these business objectives is interconnected with the domains we use in this research. Business goal no 1 (upgrade and keep business), get from IT goal no 1 (Respond company requirement in synergy with management strategy). From Table 5, P indicates to primary and S indicates to secondary, serves to map the business objectives, which have been prepared in accordance with the BSC, in accordance with the objectives and criteria of IT information.
The business objectives in Table 5, prepared BSC only 1 perspective that is used internal process. The business objectives applied are 5, ie to regenerate and to maintain process of business functionality, lower process cost, and provision of compliance with external regulations, regulations and contracts, providing compliance with internal policies and managing business change. Each of these business objectives is interconnected with the domains we use in this research. Business objective no 1 (increase
and maintain business), get from IT targets no 1 and 2 (Respond company requirement in synergy with management strategy) and (Respond to governance requirement in line with board management direction). Then business objective no 2 (Lower process costs), obtained from IT objectives no 3, 13, and 15 where the no 3 (To make sure the pleasure of end-users with the service offering & service level), no 13 (to ensure appropriate use and maximum performance of applications intended for technological solutions), no 15 (to optimize existing infrastructure, company resources and IT capabilities) then COBIT criteria don't get the attention of the company.
Further business objectives Provide compliance with external laws, regulations and contracts are derived from IT goals no 4 and 27. This no 4 concerns (Optimizing the use of information) and this no 27 concerning (Ensure IT compliance with laws, regulations and contracts). Next business objective Provide compliance with internal policies, this goal has business criteria at 3, 21, and 23. No 3 (to ensure that IT services and infrastructure are able to withstand and recover from failures due to errors, whether intentional or accidental disasters), no 23 (Make sure that IT services are available as required). Furthermore, in the objective of the 5th business on IT goals (Manage business change) in this business objective has IT target criteria at no 1, 2, 12, and 28. No. 1 (increase and maintain business), no 2 (Respond to governance requirements in line with board direction), no 12 (to ensure that IT can demonstrate efficient service quality for costs, continuous improvement for the company, and the organization's readiness for change in the next period). COBIT criteria have not received attention.
Business objective no 2 (Respond to governance requirement in line with board management direction), IT objectives are addressed at no 6 (to ensure financial transparency and understanding of IT costs, the benefits of existing strategies, policies and existing service levels), with attention to the effectiveness and efficiency of the company. Business objective no. 3 (Compliance with external law,
regulation and contract), IT objective used is no 2 (responding to governance requirements in line with the direction of the board) with the attention gained is the efficiency of the company. Business objective no 4 (compliance with internal policy), IT target used is no 2 (responding to governance requirements in line with the direction of the board) with attention to corporate secrecy. Business objective no 5 (managing business change), IT target used is no 1 (Responding to business requirements aligned with business strategy) and 6 (Ensuring transparency and understanding of IT costs, benefits strategies, policies and service levels) with attention to confidentiality company data and ability to meet company needs, business goals no 6 (Increase and maintain operational and staff productivity). All business purposes based on the BSC determined that it can be concluded, that the criteria derived from the 5 business objectives are in the criteria of effectiveness, efficiency, confidentiality, and Compliance of 7 criteria only 5 that meet the criteria.
E. Process Information Technology (IT) Goals
In the process of IT process, based on Table 6 Results obtained from the IT Goals Process, this goal obtained 12 IT goals, where in the 12 IT goals there are domains PO1, ME1, DS7, DS11, and ME1. At number 1 there are PO1 and ME1 domains seen from 7 aspects of process 2 showing Primary and 5 again showing Secondary. Next at number 2 there are PO and ME1 domains, just like the first equals 2 Primary and 5 secondary. Next on no 3 there are DS7 and DS13 domains, get 2 Primary (Effectiveness and Efficiency) and 2 Secondary (Integrity and Availability). Next on no 4 there is a DS11 domain that gets 2 Primary (Integrity and Reliability). Next in no 5 there is a ME1 domain that gets 2 Primary (Effectiveness and Efficiency) and 5 Secondary (Confidentiality, Integrity, Availability, Compliance, and Reliability).
Table 6 Results Obtained From The IT Goals Process
COBIT Criteria
BSC View Company Objective IT objective To effective To efficiency To confidential To integrity To availability To compliance To reliability
1 To Improve & maintain company process functionality. 1 2 P P - - - - -
Domestic View 2 Less processing costs than before 3 13 15 - P - - - - -
3 Providing compliance with external laws, regulations & agreements 4 27 - - P - - - P
4 To provide fulfill with internal policies 3 31 23 - - P - - - P
5 Manage business change 1 2 12 28 P P - - - - -
Next no 6 there is DS7 domain that get 1 Primary (Effectiveness) and 1 Secondary (Efficiency) Next no 7 there is a domain DS7 that get 1 Primary and 1 Secondary Next no 8 there is a domain 11 that get 2 Primary (Integrity and Reliability) .None no 9 there is a domain DS13 that get 2 Primary (Effectiveness and Efficiency) and Secondary Second (Integrity and Availability) Next no 10 there is a DS13 domain about ensuring IT compliance with laws, regulations and contracts Getting 2 primary (Integrity and
Reliability). Next no 12 on to ensure that IT shows and shows efficient service quality for company costs, continuous improvement, and readiness for change in the next period. Which gets 2 primaries and 5 secondary on applicable IT goals criteria? IT goals are based on the assessment of one of BSC internal process perspectives. COBIT combines with BSC so that the achievement of a business process can be more accurate and effectiveness in its application.
V. Conclusion
The conclusion that can be obtained from this research is, that the organization that implements IT governance is still not maximal at the level of maturity that is struggled or sought by the company, with the average value measured is the level of maturity index that is still at level 1, while the level most wanted to be expected by the company is 3. As the PO1 domain has an average of 1.83. The DS domain has an average of 1.5 and the ME domain has an average of 1.5. So the company still needs extra hard to reform, to reach level 3. For PO domains, especially PO1 that focus on IT strategy, which enterprise IT management must run well between business processes and IT, companies still have to fix, appraise, and develop the direction of business objective run by ICT/IS governance. In this case, the IT/IS team also added a feature to be able to always improve security in data exchange traffic among divisions in the firm or organization. ICT governance in companies is still not harmonious in the formation of performance in companies based on applicable ICT goals.
References
[1] K. Jairak, and P. Praneetpolgrang, Applying IT Governance Balanced Scorecard and Importance-Performance Analysis for Providing IT Governance Strategy in University, Information Management and Computer Security, vol.21, no.4, pp. 228-249, 2014.
[2] S. C. B. Barbosa, I. A. Rodello, and S. I. D. Depadua, Performance Measurement Of information Technology Governance in Brazilian Financial Institutions, Journal of Information Systems and Technology Management, vol. 11, no.2, pp. 397-414, 2014.
[3] M. Kachouri, and A. Jarboui, Exploring the Relation Between Corporate Reporting and Corporate Governance Effectiveness, Journal of Financial Reporting and Accounting, vol. 15, no. 3, pp. 347-366, 2017.
[4] S. Mukherjee, Collaborative Governance Strategies for a Strategic Offshore IT Outsourcing Engagement, Journal of Global Operations and Strategic Sourcing, vol. 10, 255-278, 2017.
[5] J. F. Andry, Performance Measurement of IT Based on COBIT Assessment: A Case Study Performance Measurement of IT Based on COBIT Assessment: A Case Study, Journal System Information, vol. 12, no.2, pp. 56-62, 2017.
[6] D. Zeglat, W. AlRawabdeh., F. AlMadi, and F. Sharafat, Performance Measurements Systems: Stages of Development Leading to Success. Interdisciplinary, Journal of Contemporary Research in Business, vol. 4, no. 7, pp. 440-448, 2012.
[7] M. Rubino, and F. Vitolla, Internal Control Over Financial Reporting: Opportunities using the COBIT Framework, Managerial Auditing Journal, vol. 29, pp.736-771, 2014.
[8] ISACA: COBIT 4.1, Framework Control Objectives Management Guidelines Maturity Models, IT Governance Institute, ISBN 1933284-72-2, 2007.
[9] G. Mehralian, J. A. Nazari, and P. Ghasemzadeh, The effects of knowledge creation process on organizational performance using the BSC approach: the mediating role of intellectual capital, Journal of Knowledge Management, 2018.
[10] C. Heavy, and E. Murphy, Integrating the Balanced Scorecard with Six Sigma, The TQM Journal, vol. 24, pp. 108-122, 2012.
[11] O. Zizlavsky, The Balanced Scorecard: Innovative Performance Measurement and Management Control System, Journal of Technology Management and Innovation, vol. 9, no.3, pp. 210-222, 2013.
[12] R. A. Khther, and M. Othman, COBIT Framework as a Guideline of Effective It Governance In Higher Education: A Review, International Journal of Information Technology Convergence and Services (IJITCS), vol. 3, no. 1, pp. 21-29, 2013.
[13] I. Rahmayuni, and I. Yusda, IT Governance Balanced Scorecard for Measuring Performance of Information Technology Governance, Journal Momentum, vol. 16, pp. 88-94, 2014.
[14] G. Waluyan, and A. D. Manuputty, Performance Evaluation of IT Governance Against Application of Information System Starclick Framework COBIT 5 (Case Study: PT Telekomunikasi Indonesia,
Tbk Semarang), Journal Technology and Information, vol. 2, no.3, pp. 157-166, 2016.
[15] G. Wang, J. Wan, and L. Zhao, Strategy map for Chinese science parks with KPIs of BSC, Journal of Science and Technology Policy Management, vol. 5, pp. 82-105, 2014.
[16] A. Y. Zafarina, M. Arief, and R. Mulyana, Analysis And Design of IT Governance Using Cobit 4.1 Domain Plan And Organise (PO) And Acquire And Implement (AI): Case Study PT. XYZ, Journal of Information Systems, vol. 12, no.2, pp. 63-73, 2016.
[17] A. Walker, T. McBride, G. Basson, and R. Oakley, ISO/IEC 15504 measurement applied to COBIT process maturity, Benchmarking: An International Journal, vol. 19, no.2, pp. 159-176, 2012.
[18] S. Park, H. Lee, and S. W. Chae, Rethinking balanced scorecard (BSC) measures: formative versus reflective measurement models, International Journal of Productivity and Performance Management, vol. 66, no.1, 2017.
[19] J. K. Khomba, Conceptualization of the Balanced Scorecard (BSC) model: A critical review on its validity in Africa, International Journal of Commerce and Management, vol. 25, pp. 424-441, 2015.
[20] J. Schaub, B. Hirsch, and M. Sohn, Functional Fixation and the Balanced Scorecard: Adaption of BSC user's judgment processes, Journal of Accounting and Organizational Change, vol. 10, pp. 540566, 2014.
[21] Y. Findawati, and I. R. I. Astutik, I. R. I, Web Application Measurement Of Micro Financial Institutional Performance Using Fuzzy-Ahp, Wpm And Balanced Scorecard Method, Journal of Informations Systems, vol. 12, 2016.
[22] A. Jaaskelainen, H. Laihonen, and A. Lonnqvist, Distinctive features of service performance measurement, International Journal of Operations and Production Management, vol. 34,.pp. 1466-1486, 2014.
[23] E. Karanja, and J. Zaveri, Ramifications of the Sarbanes Oxley (SOX) Act on IT governance, International Journal of Accounting and Information Management, vol. 22, pp. 134-145, 2014.
[24] H. F. Cervone, Implementing IT Governance: a primer for informatians, Digital Library Perspectives, vol. 33, pp. 282-287.,
2017.
[25] J. F. Andry, Hartono, A. Chakir, Assessment IT Governance of Human Resources Information System Using COBIT 5, International Journal of Open Information Technologies, vol. 8, no.4, pp. 59-63,
2018.
Kevin Christianto is practitioner in IS/IT and Lecturer in Department of Information Systems, Faculty of Technology and Design, University of Bunda Mulia, North Jakarta, 114430, Indonesia. He received his Master of Computer Science from Bina Nusantara University. His research interests are in the area of Audit, Information System and Project Mangement. He has publish article in International Journal of Information Technology and Business with title Evaluating Maturity Level Using Framework ITIL: A Case Study of Service Desk's and Journal of Information Systems Engineering and Business Intelligence with title Using Webqual 4.0 and Importance Performance Analysis to Evaluate E-Commerce Website, etc.
Julia Loisa is Lecturer in Department of Information Systems, Faculty of Technology and Design, University of Bunda Mulia, North Jakarta, 114430, Indonesia. She received his Master of Computer Science from Bina Nusantara University. Her research interests are in the area of Information System, E-business, Knowledge Management and IT Governance. She has publish article IOP Conf. Series: Journal of Physics: Conf. Series indexed by Scopus with title Information systems of logistic management a case study, etc.
Johanes Fernandes Andry is a Senior lecturer in Department of Information System, Faculty of Technology and Design, Bunda Mulia University, Jakarta, Indonesia. He received his Master of Computer Science from Budi Luhur University in 2006. His research interests are in the area of Audit, Information System and Software Testing. He has publish article in 9th International Seminar on Industrial Engineering & Management, Science, and Computer Science Education 2016, 2nd International Conference on Innovative Research Across Disciplines (ICIRAD 2017), and Journal of Theoretical and Applied Information Technology indexed by Scopus with title Improving Quality of SMEs Information System Solution with ISO 9126 and International Journal of Innovative Science and Research Technology with title Conceptual Framework for Successful IT-Governance and BSC for Service Industry and more journal such as journal Teknologi dan Sistem Informasi (TEKNOSI), Jurnal Sistem Informasi Universitas Indonesia, etc.
