Evaluation of Information Technology Governance in Banking Companies Using BSC and COBIT 4.1

The era of industrial revolution 4.0, the progress of companies to achieve their vision and mission goals, is largely determined by the role of information technology, especially banking companies such as BPR PMM, the problem is that BPR PPM has not fully realized the importance of managing a business change, in order to maintain the company's existence. To determine the maturity level of the application of information technology in a company, it is necessary to conduct a thorough evaluation. In this study, there are seventeen processes in Cobit 4.1 that are solved on an internal balanced scorecard perspective. Cobit is a framework that is very well used in measuring the effectiveness of the application of information technology, while the balanced scorecard (BSC) is a framework that is very suitable to be applied to measure or assess the performance of a company. The combination of the two frameworks can provide a clear picture of internal perspectives that can be used by company leaders in improving information technology governance. This study resulted in a conclusion that the company maturity level in terms of business change management based on Cobit 4.1 and the internal balanced scorecard perspective has an average value of 2.90 at level 3 with defined categories.


I. INTRODUCTION
The progress of an organization or business is inseparable from good governance, several things that need to be properly managed in a company, such as human resources, infrastructure and information technology support. The use of information technology can be of maximum benefit if its application supports the achievement of the objectives of a company [1], [2]. To achieve the goals or objectives of the company, it is necessary to implement good governance [3]. In all types of organizations or companies Information technology governance becomes a measure in controlling infrastructure and human resources [4], [5], [6], [7]. Information technology governance has an important role in addressing the increase in the need for IT resources [8]. Structure, process and relational are three types of mechanisms that can be considered [9], [10], these three things can have a very good impact in aligning business objectives and IT goals. So that in combining these three mechanisms can support decisions on IT asset investment [11], [12], [13]. BPR PMM Bank is a banking company domiciled in the city of Singapore, one of the objectives of the BPR PMM bank is to continue to develop and adjust to recent developments. However, since its establishment in 2007, management has not yet taken into account the degree of maturity in the application of information technology, so that management has not even known to what extent the role and support of IT in achieving these corporate goals. In this research, the focus is on correcting problems in the internal balanced scorecard perspective, with the business objectives of COBIT being to manage business change. DS6, ME1, ME4 [14]. The maturity level of information technology governance at BPR PMM can be obtained from the translation of the maturity level values provided by the Cobit 4.1 framework. In contrast to other audits, information technology audits aim to improve the governance of the application of information technology in a company [15]. In this research, it measures the improvement in the management of business changes in a banking company, there are several things that are different from previous researches or recommendations that can be used to make improvements to efforts to make improvements.
Several studies have been conducted that relate to information technology Governance and COBIT frameworks and balanced scorecards, but the focus and domains in research are different, among them in 2001, Grembergen conducted a determination using the IT Balanced Scorecard, IT in this study stated that investment is closely related to improving human resources. 16] Another tries to measure the suitability of business goals. The research and objectives of information technology were carried out by Richard Bricknall, the study concluded that the company Astra Zeneca (AZ) uses a different method, namely business performance management (BPeM) in conjunction with the Balanced Scorecard [17]. Another research that has been carried out is in 2016, Sandy Kosasi and his colleagues conducted a study in Pontianak, which concluded that the implementation of IT governance will run well if it can be supported by management, and in this research, it provides suggestions for measuring all the domains provided by Cobit so that it can be fully saved.

II. RESEARCH METHODS
Cobit and balanced scorecard are very suitable to be combined in measuring information technology governance.

Indeks Maturity Model
To obtain the value of the maturity level of the application of information technology at BPR PMM, it is done by using the equation as in equation 1. The maturity model index can be seen in table 1 [18].

Research Methods
This type of research is action research, which involves researchers directly going down to the field to observe the processes that occur in BPR PMM, several things are done, namely discussing with the IT department and observation.
[20] [21]. a. Data collection technique 1. Literature study Data collection was carried out by searching for materials related to determination, while the library data sources were journals, proceedings, and books.

Questionnaires
The questionnaire was created to obtain detailed information from management and the questionnaire was adjusted to the COBIT RACI Chart.

Interview
Interviews were conducted with IT managers and company operational managers.

Observation
Observations were made at the Papua Mandiri Makmur Credit Bank, which is located in the city of Jayapura.

b. Research Flow
There are several important stages in this research, to make it clearer can be seen in Figure 1.

Figure 1. Research Flow
Based on Figure 1, there are five main steps in carrying out this research, including the following : 1. Study of literature, is a step taken by researchers to obtain primary and secondary data, at this stage the researcher searches for information related to research results that come from journals, proceedings and from books that are related to information technology governance issues. in a company. 2. Data collection is the stage taken by researchers to obtain primary data from the company directly, at this stage interviews are conducted with operational managers and IT managers, direct observation observing devices or infrastructure available at the company, then giving a questionnaire that has been adjusted to Raci. chart on the cobit 4.1 framework. 3. Data processing, is the step or stage taken by the researcher to process the data that has been collected, at that stage the researcher will obtain information related to the current maturity level value, the expected IT governance maturity level value and the gap or gap value in each. -Each process being worked on. 4. Recommendation, is a step to provide recommendations or suggestions for improvements to findings obtained in the field, at this stage the researcher conducts a focus group discussion to exchange opinions and submit recommendations that need to be done in order to reach the maturity level of IT governance with those expect. 5. Conclusion, drawing conclusions from research by considering the results of data processing and the results of the FGD, is expected to truly provide an overview of existing IT investments in companies today.

c. Cobit Domain Classification Based on Business Objectives Balanced Scorecard Framework
Based on the internal balanced scorecard perspective, there are seventeen Cobit processes from four completed domains, including the plan and organize domains, there are PO1, PO2, PO4, PO5, PO7, PO10 for the Aquire domain and implement there are processes AI1, AI2, AI3, AI4, AI6, AI7 for the DS3 and DS6 Delivery and Support domains, while the Monitoring and Evaluate domain contained ME1 and ME4 processes.

III. DISCUSION
This section will provide information about the results of data processing that have been obtained in this study, as well as provide recommendations that can serve as a guide in improving information technology governance at BPR PMM.

Analysis of Data Processing
The choice of perspective on the balanced scorecard is based on the needs and objectives of the BPR PMM company, this distinguishes it from other studies because it does not show the correlation between the BSC perspective and the COBIT domain. The domains chosen in this study can be seen in table II. Correlation between Cobit and BSC domains.  The choice of an internal perspective is because it conforms to the needs of BPR PMM who want to make changes from business processes that are in accordance with the company's vision and mission, in this study there are four IT Goals that can support the achievement of business goals.

Measurement of the Maturity Level Value of the COBIT Process (as-is)
From the results of the questionnaire using the COBIT framework and referring to the RACI Chart, the value of the maturity level of each process is obtained as in Table 3.

Expected Maturity Level (to-be)
The maturity level of IT governance in this study is the level of maturity expected in BPR PMM companies, this can be determined after analyzing the data that has been collected through questionnaires, interviews and observations, then the to-be level is agreed in a focus group discussion (FGD). done with operational managers, IT managers and IT staff. In the FGD it was agreed that the expected maturity level is at level 4 under the manage and measurable category. At level 4, it requires management to monitor and evaluate the reasonableness of various existing procedures, and can take action if the implementation is not carried out in an effective way, the tools and automation in company operations are carried out on certain limits or conditions, from the method of determining the level to be distinguishes it from previous research which did not explain in detail how the process of determining the expected level of IT Governance maturity. Figure 2 shows a graph of the distance between the current maturity level (as-is) and the expected maturity level (to-be).

Gap Between (as-is) and (to-be)
To obtain the gap or Gap value of each maturity level, it is done by subtracting the expected maturity level value from the current maturity level [gap = value to be -as is value]. The gap value can be used as a reference in providing recommendations to BPR PMM to make improvements to the trial process, to improve information technology governance. The Gap value can be seen in ME1 domain with a gap value of 1.68 is the cobit process that has the highest Gap value so it must be a priority to be equalized with other processes before proceeding to the expected maturity level, the process that has the smallest value is in the DS1 process with a value of 0.89.

Suggestions and Recommendations for Improvement
Recommendations are suggestions given to the management of the BPR PMM company, this is intended so that the recommendations can be used as a guide in making improvements to all existing processes from an internal perspective, these recommendations are in the form of suggestions for actions that must be fulfilled if you want to reach the expected maturity level that has been agreed In the FGD, the thing to note is that a way to the process of refining the process, this is a common occurrence in a company that can be done in stages until it reaches the level of maturity it should be. In this study the maturity level of information technology governance at BPR PMM is at level 3 with a defined category, at this level the procedure has been standardized, and communicated in training activities, and it is mandated in each work section that the process is mandatory, but in this process several irregularities that occur cannot be fully detected. The recommendations given have been communicated with the IT manager and operational manager and agree that it is mandatory to do if you want to reach the maturity level at level 4.

a. Recommendations on Domain Plan and Organize
All levels of management who can be chaired by the IT manager can monitor IT investment strategic planning properly, and make a commitment to decisions based on ICT strategic planning, IT infrastructure investment can be made in the form of short-term, medium-term and long-term planning. In addition, it is necessary to create an internal steering committee from the company, the procurement of human resources of the steering board can be the responsibility of HRD, significant improvements in the entire ICT investment planning process must be carried out properly by considering various risks, so as not to cause big losses if the implementation fails. Management of human resources must be carried out properly to support ICT infrastructure investment.

b. Rekomendations for domain Aquire and implement
Activities carried out at the company must be formalized and carried out at a certain period on a regular basis, then the IT manager can procure IT infrastructure as a system automation solution such as queue number information system, bank website but still adjusted to the company's planned strategic plan. The process of maintaining existing infrastructure must be carried out regularly and have good planning, training for IT human resources is included in the routine agenda to increase capacity. Furthermore, the newly created automation system must be evaluated before being implemented as a service solution to achieve company goals. In addition, testing of all forms of new automation applications must be carried out so that their application does not cause losses.

c. Rekomendations for domain Delivery and Support
While the form of service that has been agreed upon at the management level must be formalized, reporting must be made in full, this can be arranged in the form of standard operating procedures, so that it does not depend on individual initiative alone, in services, automation tools should be provided to measure the level of customer satisfaction, this is can have a positive impact on the sustainability of the company. Obliged to carry out continuous analysis of various possible risks in ICT investment. It is necessary to measure the system that has been created to find out whether the new system can be in line with the company's vision and mission. Provision of special costs for IT investment must be done and understood by all levels of management.

d. Rekomendations for domainMonitor and evaluated
Reporting carried out by the IT department must be formalized and can be done continuously at least once a month, measurement of the performance of devices and software must be carried out regularly and have a fixed time. The company, represented by the IT manager and operational manager, is obliged to communicate the overall procedure at all levels. The director must know the risks and importance of IT investment in achieving the company's vision and mission.

IV. CONCLUSIONS
Berdasarkan hasil analisis data beberapa kesimpulan yang dapat diambil pada penelitian ini adalah sebagai berikut : 1. IT Governance in BPR PMM Companies is at level 3 with defined categories. 2. The highest maturity level value is in the CobitDS1 process with a value of 3.11, while the lowest maturity level value is in the Cobit ME1 process. 3. The expected maturity level in the information technology governance of a BPR PMM company is at level 4 in the manage and measurable category.