SlideShare a Scribd company logo

The measurement of maturity level of information technology service based on COBIT 5 framework

T
TELKOMNIKA JOURNAL

This study evaluates the maturity level of information technology (IT) services at Universitas Negeri Gorontalo using the COBIT 5 framework, focusing on the delivery, service, and support domain. The findings indicate that the average maturity level is at level 3 (established), highlighting a need for enhancements in IT performance and service. The research recommends improvements to comply with organizational goals and optimize IT governance.

Engineering
1 of 7
Download to read offline
1
2
3
4
5
6
7
TELKOMNIKA Telecommunication, Computing, Electronics and Control Vol. 18, No. 1, February 2020, pp. 133~139 ISSN: 1693-6930, accredited First Grade by Kemenristekdikti, Decree No: 21/E/KPT/2018 DOI: 10.12928/TELKOMNIKA.v18i1.10582  133 Journal homepage: http://journal.uad.ac.id/index.php/TELKOMNIKA The measurement of maturity level of information technology service based on COBIT 5 framework Lanto Ningrayati Amali, Muhammad Rifai Katili, Sitti Suhada, Lillyan Hadjaratie Informatics Engineering Department, Universitas Negeri Gorontalo, Indonesia Article Info ABSTRACT Article history: Received Jul 16, 2018 Revised May 30, 2019 Accepted Jun 17, 2019 Institutions are currently progressing on IT development and maximization in order to advance for good IT governance. Lack of comprehensive requirements analysis of IT utilization may lead to hindrances within IT development from achieving effective outcomes. This quantitative study employs control objective for information & related technology (COBIT 5) business framework to assess and identify the maturity level of IT service, primarily within the domain of delivery, service, and support (DSS). Data were obtained through questionnaire, observation, and documentation. The result reveals that the average maturity level of IT service is in level 3 (established); by which the study recommends for enhancements and upgrades in IT performance and service within the scope of compliance and IT service application and support. Keywords: COBIT 5 DSS IT service Maturity level This is an open access article under the CC BY-SA license. Corresponding Author: Muhammad Rifai Katili, Informatics Engineering Department, Universitas Negeri Gorontalo, 6 Jenderal Soedirman St., Gorontalo 96128, Indonesia. Email: mrifaikatili@ung.ac.id 1. INTRODUCTION Trends in Information Technology (IT) maximization within organizational business investment has arisen recently due to increasing demands of quality service and cost minimization from the community, the market, and within the organization itself [1-3]. The introduction of IT application within an organization is known to boost the organizational business value within its main and subsidiary activities. On top of that, IT is employed as a strategic means to enhance an organization’s competitive advantage during times of uncertainty [4, 5]. This contributes to surging dependency of the IT-friendly work environment, by which an effective IT management compatible with business goals is essential to ensure the organization’s success. Engaging in the education sector, Universitas Negeri Gorontalo (UNG) has implemented IT within its operational processes, i.e., its academic information system, personnel information system, library information system, performance information systems for lecturers, financial information system, and administrative information system. The information systems are employed as a means of providing advanced quality service to the users (students, personnels, and lecturers) contributing as a part within the organizational business strategy to prepare for increasingly high competitive atmosphere. Quality service is crucial in accordance with high demands of user satisfaction and to improve the organization’s image in its users. This complies with Kotler and Fox arguing that providing quality service to the clients contributes positively to increase satisfaction and loyalty and that both are important factors that differentiate the organization’s product from its competitors [6].
 ISSN: 1693-6930 TELKOMNIKA Telecommun Comput El Control, Vol. 18, No. 1, February 2020: 133 - 139 134 Limited resources (e.g., application, information, technology, facilities, and human resources) are essential elements to consider when implementing IT within an organization, in which it costs an organization considerably high expense to implement IT [7]. An organization’s capability to conduct IT management is the primary determinant of quality of IT service, as it does not solely rely on technology. IT service also involves users and complex processes within. Moreover, an assessment of maturity level of IT service implementation is critical to identify and measure the extent of quality of IT service in providing effective management and support to the business process. The assessment involves best practice framework, i.e., COBIT 5 within the domain of delivery, service, and support (DSS). The assessment of maturity level is intended for an organization to identify the maturity level of IT to be used as a benchmark to enhance the quality of IT service and to ensure the availability of IT service in addressing to current and further business needs. Moreover, the assessment is essential in order for the organization to be capable of analyzing strength and weakness and to formulate strategies in addressing the gap, maintaining decent organizational governance, and minimizing potential risks [8, 9]. By that, the organization is expected to be capable in interpreting business target and goals, by which the organization can prioritize certain business operational activities, mainly in determining effective IT service to support the optimal outcomes of IT governance. a. IT governance Implementation of IT has been one of the decisive factors in maintaining and broadening organizational strategies and goals. This creates a critical dependency of IT within every segment of work environment; thus requiring more focused study, mainly on IT governance [10]. The statement is echoed by a global survey result from McKinsey on 2014 reporting that 35 percents of IT executives have agreed that improving governance process and supervision is critical to improving IT performance. It is essential for an organization in public and private sector to perform IT governance effectively, by which the organization is required to conduct several adjustments on policy and regulations within macroeconomics and in ICT sector [11]. Consequently, one of the critical determinants to consider in IT governance is to provide steady and capable IT so that the organization can maintain, support, and to broaden organizational strategies and goals. IT governance is defined by ITGI as the responsibility of executives and the board of directors; it consists of the leadership, organizational structures, and processes ensuring that the enterprise’s IT sustains and extends the organization’s strategies and objective [12]. IT governance is the combination of best practices of planning & organization, procurement & implementation, delivery & support, and supervision & evaluation of IT in which it ensures that the organizational information and technology are capable of supporting the organizational business goals [13]. Moreover, classify IT governance into two aspects, i.e., functional aspect, involving structure and processes considered as an organizational design element; and social aspect, which involves human behavior and organizational culture [14]. Based on the framework, this study defines that IT governance is the whole aspects needed to ensure that IT system maintains and broaden organizational strategies and goals, by which IT governance is considered as an integral part of organizational governance. Surging demands of information within decision-making process have increased the need for a comprehensive IT governance structure [15], for an effective IT governance structure can contribute to the improvement of organizational business value. This is important as an effective prerequisite to the organizational governance. Therefore the roles and responsibilities of the parties involved must be clearly defined [16]. Most of the maturity models used for IT governance are related to the existing business frameworks. These frameworks only emphasize processes and structures [17]. Of all business frameworks for maturity model, COBIT is the only framework that put its focus on IT governance [14]. b. Maturity level The Merriam-Webster encyclopedia defines maturity as “the quality or state of being mature.” In the meantime, the maturity level is defined as the description of maturity of IT processes within an organization considered as benchmark and self-assessment tool by IT management in assessing the extent of maturity of implementation of IT [18, 19]. Maturity process is among the key elements in COBIT business framework. It is the assessment tool to determine the extent of IT management process. COBIT framework features a maturity model to conduct control on IT processes involving scoring process, by which the organization is able to scale its IT processes, ranging from 0 (nonexistent) to 5 (optimized) [12]. By assessing the level of maturity process, the organization has been made possible to determine which processes are under control and which processes that represent potential management challenges [20]. Assessment of maturity level is a part of propriety test on the existing activity and IT processes in accordance with its level. In COBIT version 4.1, the concept of maturity level applied is capability maturity model (CMM). It is replaced in COBIT version 5 by the model of process capability based on standards of ISO/IEC 15504
TELKOMNIKA Telecommun Comput El Control  The measurement of maturity level of information technology service... (Lanto Ningrayati Amali) 135 (SPICE) - information technology process assessment [21]. COBIT assessment is designed to feature repeatable, reliable, and valid methodology for the organization to assess the capability of its IT process [21]. Model of process capability in COBIT 5 is based on ISO/IEC 15504 (SPICE) by employing Process Assessment Model (PAM) method. The model assesses the performance of evaluate, direct, and monitor-based (EDM) governance processes and plan, build, run, and monitor-based (PBRM) management process, and is capable of identifying sectors that need performance upgrade. Capability process model is employed to ensure that the assessment result is objective, impartial, consistent, repeatable, and able to represent assessed processes [22, 23]. The maturity level in COBIT 5 is expressed on a scale ranging from 0 (incomplete) to 5 (optimizing), as presented in Table 1 [21]. Table 1. Levels to assess the maturity in Cobit 5 Capability Level Achieve Level 0: Incomplete The process is not implemented or fails to achieve its process purpose Level 1: Performed (Informed) The implemented process achieves its process purpose; Level 2: Managed (Planned and monitored). The process is managed and results are specified, controlled and maintained; Level 3: Established (Well defined) A standard process is defined and used throughout the organization; Level 4: Predictable (Quantitatively managed) The process is executed consistently within defined limits Level 5: Optimizing (Continuous improvement) The process is continuously improved to meet relevant current and projected business goals. 2. RESEARCH METHOD 2.1. Planning Research plan is the plan and procedure for carrying out researches, involving general assumption, research strategy, a method of data collection, and detailed analysis [24]. Referring to the research plan, the research strategy applied is a quantitative method, involving literature study, observation, and questionnaire as a technique of collecting data. Moreover, the research employed phases of the research plan (Figure 1), i.e. preliminary study through literature and case study. A literature study was conducted to grasp a comprehensive insight of IT governance, management, organization, and COBIT 5 framework. The case study took place in UNG by identifying business environment within the organization. From the research plan this study extracted the requirements, target, and strategic objects in accordance with processes within DSS domain the result is further treated as a reference in formulating questions within questionnaire form, by also referring to best practice standard of DSS domain of COBIT 5 framework within ISACA. Figure 1. Research procedure 2.2. Population and sample Samples were obtained by non-probability sampling by saturated sampling technique due to research elements were selected randomly and proven capable to comply with pre-existing factors. On top of that, the technique generates result capable of being generalized with minimum errors [25]. The samples were selected from the population of 57 people consisting of leaders and staffs which qualify the requirements to participate in this research. Saturated sampling technique allows the whole population to be treated as a sample. Saturated sampling is defined as a technique for selecting sample if the whole population is treated as a sample [24]. Therefore, the research also involves the 57 people as its samples. 2.3. Instrument formulation and procedures The formulation of research instruments for DSS domain is based on PAM model in COBIT 5 framework [21]. This domain is related to the actual delivery and required service support which involves service, security and maintenance management, service support for the users, and data management and operational facilities. The assessment scale of every question involved scoring as shown in Table 1. Literature review and case study Requirements, targets, and strategic objects Questionnaire design Maturity level assessment Gap analysisRecommendation
 ISSN: 1693-6930 TELKOMNIKA Telecommun Comput El Control, Vol. 18, No. 1, February 2020: 133 - 139 136 2.4. Assessment This step involved elaboration of the research findings, such as for as the current situation of IT service management within the organization in every process of DSS domain. During this phase, an analysis was also conducted to identify any gaps in order to compare and adjust the maturity level with the targeted level. The analysis was employed on every process within DSS domain of IT, from which the research formulates recommendations for further management upgrades of IT service. These recommendations are further treated as guidelines in formulating upgrades on service processes and support of IT within the institution capable of fulfilling and exceeding current and further organizational business needs. 3. RESULTS AND ANALYSIS The data analysis step requires normally distributed data in order to ensure the data validity and free from any biases. 3.1. Results Based on p-plot graph normality test, it shows that the data are normally distributed and meet the requirements for further analyses. When the data follow or approach the diagonal line, the data is considered normal to be distributed by examining p-plot diagram, skewness value, and that kurtosis level is in between -2 or +2. The normality test result shows that the data are evenly distributed by skewness value of -0.835 and kurtosis level of 0.085, which is in the range of +2. Moreover, the analysis employs data validity and reliability test. Validity test is defined as a test conducted on research instrument formulated, to measure the extent to which an instrument is able to accurately assess certain concepts which are needed to be assessed [25, 26]. The instrument is considered valid if it can be used to measure what is needed to be measured. The research employed product moment Pearson validity test to assess the validity of its instrument. The validity test results in rcount > rtable with a significant rate of 5% in between 0.809 and 0.924; therefore, the instrument is considered valid. Further, instrument reliability is related to the uniformity of results when the research object is repeatedly measured. Reliability is an extent to which errors in the instrument are minimized as possible in order to produce consistent outcomes [27, 28]. To perform reliability test of research instrument, the research employs Cronbach’s Alpha coefficient analysis. The result illustrates that the value of Cronbach’s Alpha coefficient ranges from 0.6 to 0.7 within the acceptable minimum rate of reliability [29]. Referring to the result of data analysis which shows that Cronbach’s Alpha value is in 0.93, hence, the research instrument is considered to be reliable. Table 2 illustrates the result of data processing which shows the maturity level assessment of IT service within DSS domain of DSS01, DSS02, DS03, DSS04, DSS05, and DSS06 process. Figure 2 indicates the graph of current, expected and maximum maturity level within DSS01, DSS02, DSS03, DSS04, DSS05, and DSS06 domain process. Table 2. The average score of maturity level within DSS process domain Domain process Activity Maturity level Expected level Maximum level DSS01 DSS02 DSS03 DSS04 DSS05 DSS06 Manage Operations Manage Service Requests and Incidents Manage Problems Manage Continuity Manage Security Services Manage Business Process Controls 3.43 3.31 3.26 3.34 3.34 3.44 4 4 4 4 4 4 5 5 5 5 5 5 Figure 2. Graph of a DSS process capability level
TELKOMNIKA Telecommun Comput El Control  The measurement of maturity level of information technology service... (Lanto Ningrayati Amali) 137 3.2. Analysis a. Maturity level assessment of IT service From the data analysis and the result of maturity level assessment of IT service within process domain DSS01 to DSS06, it is indicated that: - Process domain DSS01 (manage operations) possesses maturity level of 3.43. The process is in level 3 established (well-defined), which denotes that the IT service process has been well-implemented by referring to the defined standard process and made possible to achieve positive outcomes. The maturity level implies that there is a surging need of IT-friendly work environment in managing organizational processes. This is illustrated by the availability of IT devices to support the performance academic and other systems within the organization, e.g., the availability of blade server to support the systems’ performance. Within this level, the need for computer operational management is addressed accurately within the organization. In addition, the organization has allocated IT resources and conducted trainings for the IT-related personnels. Further, the organization has accurately addressed the need of IT asset maintenance, by which the organization released limited access policy to allow IT facilities only accessible by certain IT-related personnels. - Within process domain DSS02 (manage service requests and incidents), the maturity level scores 3.31, which suggests that the process is in level 3 Established (well-defined). The maturity level points out that the process of the IT service has been implemented by referring to the defined standard process; this allows the process to achieve positive outcomes. It is observable from the effective support by the management board to respond to the need of management system and from the availability of financial support for the supporting staffs when conducting trainings. Moreover, the organization has resolved the need for helpdesk function and service and issue management within the unit. The organization also has prepared users’ guideline for IT service and documentation for every issue indications. - Within process domain DSS03 (manage problems), the maturity level scores 3.26, which demonstrates that the process is in level 3 Established (well-defined). The maturity level denotes that the process of the IT service has been implemented by referring to the defined standard process and this made possible for the process to achieve positive outcomes. It is noticeable from raising awareness of the importance to manage issues, and from the efforts strived to identify the roots of the issues in IT service. On top of that, the escalation process of handling issues in IT service is standardized. The problem-solving steps have involved issue documentation and identification employed by response team engaging centralized tools. - Process domain DSS04 (manage continuity) possesses maturity level of 3.34. The process is in level 3 Established (well-defined), in which it points out that the IT service process has been well-implemented by referring to the defined standard process and made possible to achieve positive outcomes. This signifies that the responsibilities for the planning of service continuity and test are clearly defined and designated to the respective staffs within the organization. Moreover, the result denotes accountable management of service continuity. IT continuity plans are well-documented referring to critical elements of the system and organizational business impact. Moreover, the management board performs consistent communication with the staffs on the importance of planning to maintain the continuity of IT service. In the meantime, the organization has implemented high availability of components and backup system. - Within process domain DSS05 (manage security services), the maturity level scales 3.34 in level 3 Established (well-defined). The result illustrates that the IT service process has been well-implemented by referring to the defined standard process; by which it allows the process to achieve positive outcomes. It is apparent that the organization possesses comprehensive and awareness of the significance of ensuring the IT security, in which responsibilities and accountability are determined, managed and understood to ensure IT security. Further, the organization has established procedures for IT security in accordance with IT security policy, in which the security report involves coherent business focus. The management board also engages steps to minimize and address risks sustainably. - Process domain DSS06 (manage business process control) shows maturity level of 3,44 in level 3 Established (well-defined), which symbolizes that the IT service process has been well-implemented by referring to the defined standard process and made possible to achieve positive outcomes. It is depicted in enhancements by the organization to address issues in information control and development of comprehensive management of environmental quality. On top of that, environmental control of the organization is engaged proactively, one of which includes a commitment to facilities and awareness of IT security. The organization also possess a responsible and accountable structure which have the privilege of access to IT services in accordance with the capabilities and skills required to develop technology infrastructure plan.
 ISSN: 1693-6930 TELKOMNIKA Telecommun Comput El Control, Vol. 18, No. 1, February 2020: 133 - 139 138 b. Gap analysis of maturity level of IT The average results of the assessment of IT service maturity level within the process domains DSS01 to DSS06 depict current average maturity level on level 3 (Established). It is the condition in which processes of IT service have been implemented by standard procedure and achieved a positive outcome, have communicated and implemented by all academicians. Therefore, the organization should enhance its performance of IT service, involving policy, implementation, and conformity to progress to level 4 maturity (predictable), as shown in Figure 3 as follows. Moreover, the organization requires to perform adjustments to achieve desired maturity level. The biggest gap occurs in DSS03 (manage problem) domain, in which the maturity level is 3.26. Conversely, the smallest gap is shown in the DSS06 domain, which scales 3.44 in the maturity level. The existing gap within DSS03 domain signifies the lacks of comprehension within every level of the organization towards management process on issues of IT service. This is echoed by rather unstable quality of service to users and hindrances due to the personnels’ limited knowledge within each organizational unit. Henceforth, the overall result of maturity level assessment of IT service demonstrates that the current maturity level is quite distant from the desired level, i.e., level 4 (predictable). Figure 3. Radar diagram of DSS process capability level c. Recommendations This study recommends that: - The organization requires to formulate and ratify policy of Standard Operating Procedure (SOP) of IT service management, due to the deficiency of comprehensive SOP within each organizational unit. The SOP is critical to formulating as a guideline of process and implementation of IT governance within the organization. By that, it allows the organization to implement comprehensive and detailed documentation of every process, job desk, and role of individuals or groups within the organization. - It is crucial for the organization to engage in the clear and well-structured standardization of governance and management to minimize potential gaps in data and information flows needed when formulating policy. - Enhancement in IT service system is essential within every work unit of the organization in accordance with the characteristics of IT service of each unit. - The organization is required to implement integration with pre-existing applications to validate data, from which it provides ease for the users to experience service of the accurate and effective information accessing. - Upgrade and optimization in ICT service system are vital for the organization to conduct to achieve good governance. 4. CONCLUSION The overall score of the current maturity level of IT service is in scale 3 (established) out of level 5 scale (optimizing). The overall result reveals that IT service processes are implemented and documented referring to the defined standard process, in which it allows the organization to achieve positive outcomes. Despite that, the organization is obliged to enhance the DSS process, due to the current maturity level is quite distant from the desired level, i.e., level 4 (predictable). The most significant gap exists in DSS03 (manage problem) domain, in which the maturity level is 3.26. In contrast, the smallest gap is shown in the DSS06 domain which scales 3.44. This signifies the importance of the personnels’ knowledge upgrade in handling IT service issues by engaging in training, apprenticeship, and certification. On top of that, it needs full commitment from all academicians to ensure the information availability and ease of access within
TELKOMNIKA Telecommun Comput El Control  The measurement of maturity level of information technology service... (Lanto Ningrayati Amali) 139 each work unit. By that, it is essential for the organization to implement well-prepared planning and to execute the planning consistently in order to comply with organizational strategy and goals. REFERENCES [1] C.S. Amaravadi, “Digital Repositories for e-Government,” Electronic Government, vol. 2, no. 2, pp. 205-218, 2005. [2] E. Novianti and A.N. Fajar, “Information Technology Investment Analysis of Hospitality Using Information Economics Approach,” TELKOMNIKA Telecommunication Computing Electronics and Control, vol. 17, no. 2, pp. 609-614, 2019. [3] A. A. Farhanghi, A. Abbaspour, and R.A. Ghassemi, “The Effect of Information Technology on Organizational Structure and Firm Performance: An Analysis of Consultant Engineers Firms (CEF) in Iran,” Procedia - Social and Behavioral Sciences, vol. 81, pp. 644–649, 2013. [4] A. Aslizadeh, “Impact of Using Information Technology on Creating a Sustainable Competitive Advantage for Companies (Case Study: Golestan Food Companies),” Indian Journal of Fundamental and Applied Life Sciences, vol. 4, pp. 1595-1603, 2014. [5] M. Sibanda and D. Ramrathan, “Influence of Information Technology on Organization Strategy,” Foundations of Management, vol. 9, no. s1, pp. 191-202, 2017. [6] P. Kotler, Strategic Marketing for Educational Institutions, 2nd ed. New Jersey: Prentice-Hall Inc, 2000. [7] L.N. Amali, M. Mahmuddin, and M. Ahmad, “Information Technology Governance Framework in the Public Sector Organizations,” TELKOMNIKA Telecommunication Computing Electronics and Control, vol. 12, no. 2, pp. 429-436, 2014. [8] M. Ciorciari and P. Blattner, “Enterprise Risk Management Maturity-Level Assessment Tool,” The Society of Actuaries, pp. 1-25, 2008. [9] M. S. de Araujo, E. C. Oliveira, S. B. S. Monteiro, and T. M. F. Q. Mendonça, “Risk Management Maturity Evaluation Artifact to Enhance Enterprise IT Quality,” in Proceedings of the 19th International Conference on Enterprise Information Systems (ICEIS), vol. 3, 2017, pp. 425-432. [10] S. de Haes and W. van Grembergen, “Enterprise Governance of IT, Alignment and Value, in Enterprise Governance of Information Technology,” Springer, pp. 1-10, 2015. [11] E. N. Nfuka, L. Rusu, P. Johannesson, and B. Mutagahywa, “The State of IT Governance in Organizations from the Public Sector in a Developing Country,” Proceedings of the 42nd Hawaii International Conference on System Sciences, pp. 1-12, 2009. [12] ITGI, “Executive Overview COBIT 4.1. Rolling Meadows USA: IT Governance Institute,” 2007. [13] H.G. Alberti, “IT Governance and Human Resources Management: A Framework for SMEs,” International Journal of Human Capital and Information Technology Professionals (IJHCITP), vol. 4, no. 3, pp. 1-18, 2013. [14] D. Smits and J. V. Hillegersberg, “IT Governance Maturity: Developing a Maturity Model using the Delphi Method,” Hawaii International Conference on System Sciences, pp. 4534-4543, 2015. [15] R. Kann, F. Van Der Oord, J. Ugbah, A. Arora, N. Kumar. 2014 Audit Plan Hot Spots, CEB Audit Leadership Council, 2013. [16] W. Van Grembergen and S. De Haes, “IT Governance Structures, Processes, and Relational Mechanisms: Achieving IT/Business Alignment in a Major Belgian Financial Group,” Proceedings of the 38th Hawaii International Conference on System Sciences, vol. 38, pp. 1-10, 2005. [17] G. P. Rogers, “The Role of Maturity Models in IT Governance: A Comparison of the Major Models and Their Potential Benefits to the Enterprise, Information Technology Governance and Service Management: Frameworks and Adaptations,” IGI Global, pp. 254-265, 2009. [18] D. Proença and J. Borbinha, “Maturity Models for Information Systems - A State of the Art,” Procedia Computer Science, vol. 100, pp. 1042-1049, 2016. [19] O. Matrane, A. Talea, C. Okar, and M. Talea, “Towards a New Maturity Model for Information System,” International Journal of Computer Science Issues (IJCSI), vol. 12, no. 3, pp. 268-278, 2015. [20] P. Weill and J.W. Ross, “IT Governance How Top Performers Manage IT Decision Rights for Superior Results,” Harvard Business School Press, 2004. [21] ISACA, “COBIT 5: A Business Framework for the Governance and Management of Enterprise IT,” Rolling Meadows USA: IT Governance Institute, 2012. [22] ISO/IEC 15504-2, “Software Engineering-Process Assesment, Part 2: Performing an Assessment,” 2003. [23] ISO/IEC 15504-5, “2012 - Part 5: An Exemplar Software Life Cycle Process Assessment Model,” 2012. [24] J. W. Creswell, “Research Design: Qualitative, Quantitative, and Mixed Methods Approaches,” 4th ed. Thousand Oaks, CA: Sage, 2014. [25] U. Sekaran and R. Bougie, “Research Methode for Business: A Skill Building Approach,” 6th ed. West Sussex, England: John Wiley & Sons, 2013. [26] A.P. Field, “Discovering Statistics Using SPSS,” 3rd ed. Thousand Oaks, CA: Sage Publications Inc., 2009. [27] M. Saunders, P. Lewis, and A. Thornhill, “Research Methods for Business Students,” 5th ed. Essex, England: Prentice Hall, 2009. [28] W. G. Zikmund, “Business Research Method,” Seventh Edition. Ohio: Thompson South-Western, 2003. [29] J. F. Hair, W.C. Black, B.J. Babin, and R.E. Anderson, “Multivariate Data Analysis,” Seventh Edition. London: Pearson Prentice Hall, 2010.

More Related Content

PDF
It governance practices and enterprise effectiveness in zimbabwe a case of a ...
Alexander Decker
 
PDF
Research Paper on "Project Management and IT Governance"
guest1c7740
 
PDF
Organisational transformation of securities brokerage firms
Arun Verma
 
PDF
Proposal of a Framework of Lean Governance and Management of Enterprise IT
Mehran Misaghi
 
PDF
Presenting VALIT Frameworks and Comparing between Them and Other Enterprise A...
Eswar Publications
 
PDF
Lecture 8 (information systems and strategy planning)
Taibah University, College of Computer Science & Engineering
 
PPTX
ICAB - ITA Chapter 1 class 3 - IT Strategy
Mohammad Abdul Matin Emon
 
PDF
Introduction to mis
Raphael Wanjiku
 
It governance practices and enterprise effectiveness in zimbabwe a case of a ...
Alexander Decker
 
Research Paper on "Project Management and IT Governance"
guest1c7740
 
Organisational transformation of securities brokerage firms
Arun Verma
 
Proposal of a Framework of Lean Governance and Management of Enterprise IT
Mehran Misaghi
 
Presenting VALIT Frameworks and Comparing between Them and Other Enterprise A...
Eswar Publications
 
Lecture 8 (information systems and strategy planning)
Taibah University, College of Computer Science & Engineering
 
ICAB - ITA Chapter 1 class 3 - IT Strategy
Mohammad Abdul Matin Emon
 
Introduction to mis
Raphael Wanjiku
 

What's hot (17)

PDF
Business process and is lecture 2
Raphael Wanjiku
 
PDF
8517ijsea02
ijseajournal
 
PPT
It governance in_higher_education_by_james_yung
norsaidatul_akmar
 
PDF
The ability of accounting information systems to support profitability and gr...
Alexander Decker
 
PDF
Report on IT Auditing and Governance_Ta_Hoang_Thang
Thang Ta Hoang
 
PDF
Accounting Information System (AIS) Alignment And Non-Financial Performance I...
CSCJournals
 
PPTX
Corporate governance of INFORMATION TECHNOLOGY (IT)
Osman Hasan
 
PDF
Management information system by eyadema simplisse
Eyadema_Simplisse
 
PDF
Post implementation performance evaluation of enterprise resource planning in...
Alexander Decker
 
PPTX
Management ( Six Business Objectives)
Abdullateif Abdullkareim, ITIL4
 
PPTX
IT Governance - OpenThinking Day
Iyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP
 
PPTX
Chapter 2
Jennifer Polack
 
PDF
ERP System Implementation Benefits and Economic
Baker Khader Abdallah, PMP
 
DOC
Information systems strategy formulation
Assignment Studio
 
PPTX
Management Information System
amana fathima
 
PDF
Investigation and Study of Vital Factors in Selection, Implementation and Sat...
IJECEIAES
 
PPTX
Cobit 41 framework
Yulias Sihombing, Ak, MAk, CIA
 
Business process and is lecture 2
Raphael Wanjiku
 
8517ijsea02
ijseajournal
 
It governance in_higher_education_by_james_yung
norsaidatul_akmar
 
The ability of accounting information systems to support profitability and gr...
Alexander Decker
 
Report on IT Auditing and Governance_Ta_Hoang_Thang
Thang Ta Hoang
 
Accounting Information System (AIS) Alignment And Non-Financial Performance I...
CSCJournals
 
Corporate governance of INFORMATION TECHNOLOGY (IT)
Osman Hasan
 
Management information system by eyadema simplisse
Eyadema_Simplisse
 
Post implementation performance evaluation of enterprise resource planning in...
Alexander Decker
 
Management ( Six Business Objectives)
Abdullateif Abdullkareim, ITIL4
 
IT Governance - OpenThinking Day
Iyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP
 
Chapter 2
Jennifer Polack
 
ERP System Implementation Benefits and Economic
Baker Khader Abdallah, PMP
 
Information systems strategy formulation
Assignment Studio
 
Management Information System
amana fathima
 
Investigation and Study of Vital Factors in Selection, Implementation and Sat...
IJECEIAES
 
Cobit 41 framework
Yulias Sihombing, Ak, MAk, CIA
 
Ad

Similar to The measurement of maturity level of information technology service based on COBIT 5 framework (20)

PDF
empirical study on the status of moroccan information systems and proposition...
INFOGAIN PUBLICATION
 
PDF
cobit-2019 introduction overview for student
ssusercf2d3e
 
PPT
COBIT 4.0
bluekiu
 
PPTX
IT Governance in Banks, May, 2014
ArmeniaFED
 
PDF
Understanding co bit 4.1
n|u - The Open Security Community
 
PPTX
Frameworks For Predictability
tlknecht
 
PDF
What Is It Governance 24812
Amr Mustafa
 
PDF
What is-it-governance-24812
Jorge Luis Callalle Torres
 
PDF
Improvement of IT Governance Case Study Government Institution Region X
ijtsrd
 
PDF
It human resources considerations in kenya
Alexander Decker
 
PDF
Perceived significance of information security governance to predict the info...
Irfaan Bahadoor
 
PPT
Establishing a framework for it governance by dave cunningham 2007
David Cunningham
 
PDF
What is Cobit
Ben Kalland
 
PPT
Msp It Goverance And Service Delivery Process
kadhar_masthan
 
PDF
Information assurance /Information security
jorgenajarro3
 
PPTX
Enterprise Architecture.pptx
KamalKamalli1
 
PPTX
Marcos cobi t -e-itil-v040811
faau09
 
PDF
StudyCase-EDM-Cobit5
MochammadIhzaRizkyKa
 
PPTX
IT Governance Vs IT Management Presentation V0.1
Richard Willis
 
PDF
IT Governance - Governing IT: Do or Die?
Eryk Budi Pratama
 
empirical study on the status of moroccan information systems and proposition...
INFOGAIN PUBLICATION
 
cobit-2019 introduction overview for student
ssusercf2d3e
 
COBIT 4.0
bluekiu
 
IT Governance in Banks, May, 2014
ArmeniaFED
 
Understanding co bit 4.1
n|u - The Open Security Community
 
Frameworks For Predictability
tlknecht
 
What Is It Governance 24812
Amr Mustafa
 
What is-it-governance-24812
Jorge Luis Callalle Torres
 
Improvement of IT Governance Case Study Government Institution Region X
ijtsrd
 
It human resources considerations in kenya
Alexander Decker
 
Perceived significance of information security governance to predict the info...
Irfaan Bahadoor
 
Establishing a framework for it governance by dave cunningham 2007
David Cunningham
 
What is Cobit
Ben Kalland
 
Msp It Goverance And Service Delivery Process
kadhar_masthan
 
Information assurance /Information security
jorgenajarro3
 
Enterprise Architecture.pptx
KamalKamalli1
 
Marcos cobi t -e-itil-v040811
faau09
 
StudyCase-EDM-Cobit5
MochammadIhzaRizkyKa
 
IT Governance Vs IT Management Presentation V0.1
Richard Willis
 
IT Governance - Governing IT: Do or Die?
Eryk Budi Pratama
 
Ad

More from TELKOMNIKA JOURNAL (20)

PDF
Earthquake magnitude prediction based on radon cloud data near Grindulu fault...
TELKOMNIKA JOURNAL
 
PDF
Implementation of ICMP flood detection and mitigation system based on softwar...
TELKOMNIKA JOURNAL
 
PDF
Indonesian continuous speech recognition optimization with convolution bidir...
TELKOMNIKA JOURNAL
 
PDF
Recognition and understanding of construction safety signs by final year engi...
TELKOMNIKA JOURNAL
 
PDF
The use of dolomite to overcome grounding resistance in acidic swamp land
TELKOMNIKA JOURNAL
 
PDF
Clustering of swamp land types against soil resistivity and grounding resistance
TELKOMNIKA JOURNAL
 
PDF
Hybrid methodology for parameter algebraic identification in spatial/time dom...
TELKOMNIKA JOURNAL
 
PDF
Integration of image processing with 6-degrees-of-freedom robotic arm for adv...
TELKOMNIKA JOURNAL
 
PDF
Deep learning approaches for accurate wood species recognition
TELKOMNIKA JOURNAL
 
PDF
Neuromarketing case study: recognition of sweet and sour taste in beverage pr...
TELKOMNIKA JOURNAL
 
PDF
Reversible data hiding with selective bits difference expansion and modulus f...
TELKOMNIKA JOURNAL
 
PDF
Website-based: smart goat farm monitoring cages
TELKOMNIKA JOURNAL
 
PDF
Novel internet of things-spectroscopy methods for targeted water pollutants i...
TELKOMNIKA JOURNAL
 
PDF
XGBoost optimization using hybrid Bayesian optimization and nested cross vali...
TELKOMNIKA JOURNAL
 
PDF
Convolutional neural network-based real-time drowsy driver detection for acci...
TELKOMNIKA JOURNAL
 
PDF
Addressing overfitting in comparative study for deep learningbased classifica...
TELKOMNIKA JOURNAL
 
PDF
Integrating artificial intelligence into accounting systems: a qualitative st...
TELKOMNIKA JOURNAL
 
PDF
Leveraging technology to improve tuberculosis patient adherence: a comprehens...
TELKOMNIKA JOURNAL
 
PDF
Adulterated beef detection with redundant gas sensor using optimized convolut...
TELKOMNIKA JOURNAL
 
PDF
A 6G THz MIMO antenna with high gain and wide bandwidth for high-speed wirele...
TELKOMNIKA JOURNAL
 
Earthquake magnitude prediction based on radon cloud data near Grindulu fault...
TELKOMNIKA JOURNAL
 
Implementation of ICMP flood detection and mitigation system based on softwar...
TELKOMNIKA JOURNAL
 
Indonesian continuous speech recognition optimization with convolution bidir...
TELKOMNIKA JOURNAL
 
Recognition and understanding of construction safety signs by final year engi...
TELKOMNIKA JOURNAL
 
The use of dolomite to overcome grounding resistance in acidic swamp land
TELKOMNIKA JOURNAL
 
Clustering of swamp land types against soil resistivity and grounding resistance
TELKOMNIKA JOURNAL
 
Hybrid methodology for parameter algebraic identification in spatial/time dom...
TELKOMNIKA JOURNAL
 
Integration of image processing with 6-degrees-of-freedom robotic arm for adv...
TELKOMNIKA JOURNAL
 
Deep learning approaches for accurate wood species recognition
TELKOMNIKA JOURNAL
 
Neuromarketing case study: recognition of sweet and sour taste in beverage pr...
TELKOMNIKA JOURNAL
 
Reversible data hiding with selective bits difference expansion and modulus f...
TELKOMNIKA JOURNAL
 
Website-based: smart goat farm monitoring cages
TELKOMNIKA JOURNAL
 
Novel internet of things-spectroscopy methods for targeted water pollutants i...
TELKOMNIKA JOURNAL
 
XGBoost optimization using hybrid Bayesian optimization and nested cross vali...
TELKOMNIKA JOURNAL
 
Convolutional neural network-based real-time drowsy driver detection for acci...
TELKOMNIKA JOURNAL
 
Addressing overfitting in comparative study for deep learningbased classifica...
TELKOMNIKA JOURNAL
 
Integrating artificial intelligence into accounting systems: a qualitative st...
TELKOMNIKA JOURNAL
 
Leveraging technology to improve tuberculosis patient adherence: a comprehens...
TELKOMNIKA JOURNAL
 
Adulterated beef detection with redundant gas sensor using optimized convolut...
TELKOMNIKA JOURNAL
 
A 6G THz MIMO antenna with high gain and wide bandwidth for high-speed wirele...
TELKOMNIKA JOURNAL
 

Recently uploaded (20)

PPTX
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
PDF
composite construction of structures.pdf
AinieButt1
 
PPTX
UNIT-1 - COAL BASED THERMAL POWER PLANTS
Chandra Kumar S
 
PDF
The CXO Playbook 2025 – Future-Ready Strategies for C-Suite Leaders Cerebrai...
Cerebraix Technologies
 
PPTX
Geodesy 1.pptx...............................................
abhi1361yadav
 
PDF
Automation-in-Manufacturing-Chapter-Introduction.pdf
pcmth867
 
PPTX
FINAL REVIEW FOR COPD DIANOSIS FOR PULMONARY DISEASE.pptx
rubeshbme
 
PDF
R24 SURVEYING LAB MANUAL for civil enggi
MNANDITHACIVILSTAFF
 
PPTX
Sustainable Sites - Green Building Construction
mhdumerali
 
PPTX
Recipes for Real Time Voice AI WebRTC, SLMs and Open Source Software.pptx
Alberto González Trastoy
 
PPT
Project quality management in manufacturing
BarMusaTetik
 
PDF
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
PPTX
MCN 401 KTU-2019-PPE KITS-MODULE 2.pptx
VinayB68
 
PPTX
M Tech Sem 1 Civil Engineering Environmental Sciences.pptx
ShriNRPrasad
 
PDF
BMEC211 - INTRODUCTION TO MECHATRONICS-1.pdf
ryankakungu
 
PPTX
web development for engineering and engineering
keshriji700
 
PPTX
additive manufacturing of ss316l using mig welding
premcdr7799
 
PPTX
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
PDF
July 2025 - Top 10 Read Articles in International Journal of Software Enginee...
sebastianku31
 
PDF
PPT on Performance Review to get promotions
prashant593122
 
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
composite construction of structures.pdf
AinieButt1
 
UNIT-1 - COAL BASED THERMAL POWER PLANTS
Chandra Kumar S
 
The CXO Playbook 2025 – Future-Ready Strategies for C-Suite Leaders Cerebrai...
Cerebraix Technologies
 
Geodesy 1.pptx...............................................
abhi1361yadav
 
Automation-in-Manufacturing-Chapter-Introduction.pdf
pcmth867
 
FINAL REVIEW FOR COPD DIANOSIS FOR PULMONARY DISEASE.pptx
rubeshbme
 
R24 SURVEYING LAB MANUAL for civil enggi
MNANDITHACIVILSTAFF
 
Sustainable Sites - Green Building Construction
mhdumerali
 
Recipes for Real Time Voice AI WebRTC, SLMs and Open Source Software.pptx
Alberto González Trastoy
 
Project quality management in manufacturing
BarMusaTetik
 
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
MCN 401 KTU-2019-PPE KITS-MODULE 2.pptx
VinayB68
 
M Tech Sem 1 Civil Engineering Environmental Sciences.pptx
ShriNRPrasad
 
BMEC211 - INTRODUCTION TO MECHATRONICS-1.pdf
ryankakungu
 
web development for engineering and engineering
keshriji700
 
additive manufacturing of ss316l using mig welding
premcdr7799
 
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
July 2025 - Top 10 Read Articles in International Journal of Software Enginee...
sebastianku31
 
PPT on Performance Review to get promotions
prashant593122
 

The measurement of maturity level of information technology service based on COBIT 5 framework

  • 1. TELKOMNIKA Telecommunication, Computing, Electronics and Control Vol. 18, No. 1, February 2020, pp. 133~139 ISSN: 1693-6930, accredited First Grade by Kemenristekdikti, Decree No: 21/E/KPT/2018 DOI: 10.12928/TELKOMNIKA.v18i1.10582  133 Journal homepage: http://journal.uad.ac.id/index.php/TELKOMNIKA The measurement of maturity level of information technology service based on COBIT 5 framework Lanto Ningrayati Amali, Muhammad Rifai Katili, Sitti Suhada, Lillyan Hadjaratie Informatics Engineering Department, Universitas Negeri Gorontalo, Indonesia Article Info ABSTRACT Article history: Received Jul 16, 2018 Revised May 30, 2019 Accepted Jun 17, 2019 Institutions are currently progressing on IT development and maximization in order to advance for good IT governance. Lack of comprehensive requirements analysis of IT utilization may lead to hindrances within IT development from achieving effective outcomes. This quantitative study employs control objective for information & related technology (COBIT 5) business framework to assess and identify the maturity level of IT service, primarily within the domain of delivery, service, and support (DSS). Data were obtained through questionnaire, observation, and documentation. The result reveals that the average maturity level of IT service is in level 3 (established); by which the study recommends for enhancements and upgrades in IT performance and service within the scope of compliance and IT service application and support. Keywords: COBIT 5 DSS IT service Maturity level This is an open access article under the CC BY-SA license. Corresponding Author: Muhammad Rifai Katili, Informatics Engineering Department, Universitas Negeri Gorontalo, 6 Jenderal Soedirman St., Gorontalo 96128, Indonesia. Email: mrifaikatili@ung.ac.id 1. INTRODUCTION Trends in Information Technology (IT) maximization within organizational business investment has arisen recently due to increasing demands of quality service and cost minimization from the community, the market, and within the organization itself [1-3]. The introduction of IT application within an organization is known to boost the organizational business value within its main and subsidiary activities. On top of that, IT is employed as a strategic means to enhance an organization’s competitive advantage during times of uncertainty [4, 5]. This contributes to surging dependency of the IT-friendly work environment, by which an effective IT management compatible with business goals is essential to ensure the organization’s success. Engaging in the education sector, Universitas Negeri Gorontalo (UNG) has implemented IT within its operational processes, i.e., its academic information system, personnel information system, library information system, performance information systems for lecturers, financial information system, and administrative information system. The information systems are employed as a means of providing advanced quality service to the users (students, personnels, and lecturers) contributing as a part within the organizational business strategy to prepare for increasingly high competitive atmosphere. Quality service is crucial in accordance with high demands of user satisfaction and to improve the organization’s image in its users. This complies with Kotler and Fox arguing that providing quality service to the clients contributes positively to increase satisfaction and loyalty and that both are important factors that differentiate the organization’s product from its competitors [6].
  • 2.  ISSN: 1693-6930 TELKOMNIKA Telecommun Comput El Control, Vol. 18, No. 1, February 2020: 133 - 139 134 Limited resources (e.g., application, information, technology, facilities, and human resources) are essential elements to consider when implementing IT within an organization, in which it costs an organization considerably high expense to implement IT [7]. An organization’s capability to conduct IT management is the primary determinant of quality of IT service, as it does not solely rely on technology. IT service also involves users and complex processes within. Moreover, an assessment of maturity level of IT service implementation is critical to identify and measure the extent of quality of IT service in providing effective management and support to the business process. The assessment involves best practice framework, i.e., COBIT 5 within the domain of delivery, service, and support (DSS). The assessment of maturity level is intended for an organization to identify the maturity level of IT to be used as a benchmark to enhance the quality of IT service and to ensure the availability of IT service in addressing to current and further business needs. Moreover, the assessment is essential in order for the organization to be capable of analyzing strength and weakness and to formulate strategies in addressing the gap, maintaining decent organizational governance, and minimizing potential risks [8, 9]. By that, the organization is expected to be capable in interpreting business target and goals, by which the organization can prioritize certain business operational activities, mainly in determining effective IT service to support the optimal outcomes of IT governance. a. IT governance Implementation of IT has been one of the decisive factors in maintaining and broadening organizational strategies and goals. This creates a critical dependency of IT within every segment of work environment; thus requiring more focused study, mainly on IT governance [10]. The statement is echoed by a global survey result from McKinsey on 2014 reporting that 35 percents of IT executives have agreed that improving governance process and supervision is critical to improving IT performance. It is essential for an organization in public and private sector to perform IT governance effectively, by which the organization is required to conduct several adjustments on policy and regulations within macroeconomics and in ICT sector [11]. Consequently, one of the critical determinants to consider in IT governance is to provide steady and capable IT so that the organization can maintain, support, and to broaden organizational strategies and goals. IT governance is defined by ITGI as the responsibility of executives and the board of directors; it consists of the leadership, organizational structures, and processes ensuring that the enterprise’s IT sustains and extends the organization’s strategies and objective [12]. IT governance is the combination of best practices of planning & organization, procurement & implementation, delivery & support, and supervision & evaluation of IT in which it ensures that the organizational information and technology are capable of supporting the organizational business goals [13]. Moreover, classify IT governance into two aspects, i.e., functional aspect, involving structure and processes considered as an organizational design element; and social aspect, which involves human behavior and organizational culture [14]. Based on the framework, this study defines that IT governance is the whole aspects needed to ensure that IT system maintains and broaden organizational strategies and goals, by which IT governance is considered as an integral part of organizational governance. Surging demands of information within decision-making process have increased the need for a comprehensive IT governance structure [15], for an effective IT governance structure can contribute to the improvement of organizational business value. This is important as an effective prerequisite to the organizational governance. Therefore the roles and responsibilities of the parties involved must be clearly defined [16]. Most of the maturity models used for IT governance are related to the existing business frameworks. These frameworks only emphasize processes and structures [17]. Of all business frameworks for maturity model, COBIT is the only framework that put its focus on IT governance [14]. b. Maturity level The Merriam-Webster encyclopedia defines maturity as “the quality or state of being mature.” In the meantime, the maturity level is defined as the description of maturity of IT processes within an organization considered as benchmark and self-assessment tool by IT management in assessing the extent of maturity of implementation of IT [18, 19]. Maturity process is among the key elements in COBIT business framework. It is the assessment tool to determine the extent of IT management process. COBIT framework features a maturity model to conduct control on IT processes involving scoring process, by which the organization is able to scale its IT processes, ranging from 0 (nonexistent) to 5 (optimized) [12]. By assessing the level of maturity process, the organization has been made possible to determine which processes are under control and which processes that represent potential management challenges [20]. Assessment of maturity level is a part of propriety test on the existing activity and IT processes in accordance with its level. In COBIT version 4.1, the concept of maturity level applied is capability maturity model (CMM). It is replaced in COBIT version 5 by the model of process capability based on standards of ISO/IEC 15504
  • 3. TELKOMNIKA Telecommun Comput El Control  The measurement of maturity level of information technology service... (Lanto Ningrayati Amali) 135 (SPICE) - information technology process assessment [21]. COBIT assessment is designed to feature repeatable, reliable, and valid methodology for the organization to assess the capability of its IT process [21]. Model of process capability in COBIT 5 is based on ISO/IEC 15504 (SPICE) by employing Process Assessment Model (PAM) method. The model assesses the performance of evaluate, direct, and monitor-based (EDM) governance processes and plan, build, run, and monitor-based (PBRM) management process, and is capable of identifying sectors that need performance upgrade. Capability process model is employed to ensure that the assessment result is objective, impartial, consistent, repeatable, and able to represent assessed processes [22, 23]. The maturity level in COBIT 5 is expressed on a scale ranging from 0 (incomplete) to 5 (optimizing), as presented in Table 1 [21]. Table 1. Levels to assess the maturity in Cobit 5 Capability Level Achieve Level 0: Incomplete The process is not implemented or fails to achieve its process purpose Level 1: Performed (Informed) The implemented process achieves its process purpose; Level 2: Managed (Planned and monitored). The process is managed and results are specified, controlled and maintained; Level 3: Established (Well defined) A standard process is defined and used throughout the organization; Level 4: Predictable (Quantitatively managed) The process is executed consistently within defined limits Level 5: Optimizing (Continuous improvement) The process is continuously improved to meet relevant current and projected business goals. 2. RESEARCH METHOD 2.1. Planning Research plan is the plan and procedure for carrying out researches, involving general assumption, research strategy, a method of data collection, and detailed analysis [24]. Referring to the research plan, the research strategy applied is a quantitative method, involving literature study, observation, and questionnaire as a technique of collecting data. Moreover, the research employed phases of the research plan (Figure 1), i.e. preliminary study through literature and case study. A literature study was conducted to grasp a comprehensive insight of IT governance, management, organization, and COBIT 5 framework. The case study took place in UNG by identifying business environment within the organization. From the research plan this study extracted the requirements, target, and strategic objects in accordance with processes within DSS domain the result is further treated as a reference in formulating questions within questionnaire form, by also referring to best practice standard of DSS domain of COBIT 5 framework within ISACA. Figure 1. Research procedure 2.2. Population and sample Samples were obtained by non-probability sampling by saturated sampling technique due to research elements were selected randomly and proven capable to comply with pre-existing factors. On top of that, the technique generates result capable of being generalized with minimum errors [25]. The samples were selected from the population of 57 people consisting of leaders and staffs which qualify the requirements to participate in this research. Saturated sampling technique allows the whole population to be treated as a sample. Saturated sampling is defined as a technique for selecting sample if the whole population is treated as a sample [24]. Therefore, the research also involves the 57 people as its samples. 2.3. Instrument formulation and procedures The formulation of research instruments for DSS domain is based on PAM model in COBIT 5 framework [21]. This domain is related to the actual delivery and required service support which involves service, security and maintenance management, service support for the users, and data management and operational facilities. The assessment scale of every question involved scoring as shown in Table 1. Literature review and case study Requirements, targets, and strategic objects Questionnaire design Maturity level assessment Gap analysisRecommendation
  • 4.  ISSN: 1693-6930 TELKOMNIKA Telecommun Comput El Control, Vol. 18, No. 1, February 2020: 133 - 139 136 2.4. Assessment This step involved elaboration of the research findings, such as for as the current situation of IT service management within the organization in every process of DSS domain. During this phase, an analysis was also conducted to identify any gaps in order to compare and adjust the maturity level with the targeted level. The analysis was employed on every process within DSS domain of IT, from which the research formulates recommendations for further management upgrades of IT service. These recommendations are further treated as guidelines in formulating upgrades on service processes and support of IT within the institution capable of fulfilling and exceeding current and further organizational business needs. 3. RESULTS AND ANALYSIS The data analysis step requires normally distributed data in order to ensure the data validity and free from any biases. 3.1. Results Based on p-plot graph normality test, it shows that the data are normally distributed and meet the requirements for further analyses. When the data follow or approach the diagonal line, the data is considered normal to be distributed by examining p-plot diagram, skewness value, and that kurtosis level is in between -2 or +2. The normality test result shows that the data are evenly distributed by skewness value of -0.835 and kurtosis level of 0.085, which is in the range of +2. Moreover, the analysis employs data validity and reliability test. Validity test is defined as a test conducted on research instrument formulated, to measure the extent to which an instrument is able to accurately assess certain concepts which are needed to be assessed [25, 26]. The instrument is considered valid if it can be used to measure what is needed to be measured. The research employed product moment Pearson validity test to assess the validity of its instrument. The validity test results in rcount > rtable with a significant rate of 5% in between 0.809 and 0.924; therefore, the instrument is considered valid. Further, instrument reliability is related to the uniformity of results when the research object is repeatedly measured. Reliability is an extent to which errors in the instrument are minimized as possible in order to produce consistent outcomes [27, 28]. To perform reliability test of research instrument, the research employs Cronbach’s Alpha coefficient analysis. The result illustrates that the value of Cronbach’s Alpha coefficient ranges from 0.6 to 0.7 within the acceptable minimum rate of reliability [29]. Referring to the result of data analysis which shows that Cronbach’s Alpha value is in 0.93, hence, the research instrument is considered to be reliable. Table 2 illustrates the result of data processing which shows the maturity level assessment of IT service within DSS domain of DSS01, DSS02, DS03, DSS04, DSS05, and DSS06 process. Figure 2 indicates the graph of current, expected and maximum maturity level within DSS01, DSS02, DSS03, DSS04, DSS05, and DSS06 domain process. Table 2. The average score of maturity level within DSS process domain Domain process Activity Maturity level Expected level Maximum level DSS01 DSS02 DSS03 DSS04 DSS05 DSS06 Manage Operations Manage Service Requests and Incidents Manage Problems Manage Continuity Manage Security Services Manage Business Process Controls 3.43 3.31 3.26 3.34 3.34 3.44 4 4 4 4 4 4 5 5 5 5 5 5 Figure 2. Graph of a DSS process capability level
  • 5. TELKOMNIKA Telecommun Comput El Control  The measurement of maturity level of information technology service... (Lanto Ningrayati Amali) 137 3.2. Analysis a. Maturity level assessment of IT service From the data analysis and the result of maturity level assessment of IT service within process domain DSS01 to DSS06, it is indicated that: - Process domain DSS01 (manage operations) possesses maturity level of 3.43. The process is in level 3 established (well-defined), which denotes that the IT service process has been well-implemented by referring to the defined standard process and made possible to achieve positive outcomes. The maturity level implies that there is a surging need of IT-friendly work environment in managing organizational processes. This is illustrated by the availability of IT devices to support the performance academic and other systems within the organization, e.g., the availability of blade server to support the systems’ performance. Within this level, the need for computer operational management is addressed accurately within the organization. In addition, the organization has allocated IT resources and conducted trainings for the IT-related personnels. Further, the organization has accurately addressed the need of IT asset maintenance, by which the organization released limited access policy to allow IT facilities only accessible by certain IT-related personnels. - Within process domain DSS02 (manage service requests and incidents), the maturity level scores 3.31, which suggests that the process is in level 3 Established (well-defined). The maturity level points out that the process of the IT service has been implemented by referring to the defined standard process; this allows the process to achieve positive outcomes. It is observable from the effective support by the management board to respond to the need of management system and from the availability of financial support for the supporting staffs when conducting trainings. Moreover, the organization has resolved the need for helpdesk function and service and issue management within the unit. The organization also has prepared users’ guideline for IT service and documentation for every issue indications. - Within process domain DSS03 (manage problems), the maturity level scores 3.26, which demonstrates that the process is in level 3 Established (well-defined). The maturity level denotes that the process of the IT service has been implemented by referring to the defined standard process and this made possible for the process to achieve positive outcomes. It is noticeable from raising awareness of the importance to manage issues, and from the efforts strived to identify the roots of the issues in IT service. On top of that, the escalation process of handling issues in IT service is standardized. The problem-solving steps have involved issue documentation and identification employed by response team engaging centralized tools. - Process domain DSS04 (manage continuity) possesses maturity level of 3.34. The process is in level 3 Established (well-defined), in which it points out that the IT service process has been well-implemented by referring to the defined standard process and made possible to achieve positive outcomes. This signifies that the responsibilities for the planning of service continuity and test are clearly defined and designated to the respective staffs within the organization. Moreover, the result denotes accountable management of service continuity. IT continuity plans are well-documented referring to critical elements of the system and organizational business impact. Moreover, the management board performs consistent communication with the staffs on the importance of planning to maintain the continuity of IT service. In the meantime, the organization has implemented high availability of components and backup system. - Within process domain DSS05 (manage security services), the maturity level scales 3.34 in level 3 Established (well-defined). The result illustrates that the IT service process has been well-implemented by referring to the defined standard process; by which it allows the process to achieve positive outcomes. It is apparent that the organization possesses comprehensive and awareness of the significance of ensuring the IT security, in which responsibilities and accountability are determined, managed and understood to ensure IT security. Further, the organization has established procedures for IT security in accordance with IT security policy, in which the security report involves coherent business focus. The management board also engages steps to minimize and address risks sustainably. - Process domain DSS06 (manage business process control) shows maturity level of 3,44 in level 3 Established (well-defined), which symbolizes that the IT service process has been well-implemented by referring to the defined standard process and made possible to achieve positive outcomes. It is depicted in enhancements by the organization to address issues in information control and development of comprehensive management of environmental quality. On top of that, environmental control of the organization is engaged proactively, one of which includes a commitment to facilities and awareness of IT security. The organization also possess a responsible and accountable structure which have the privilege of access to IT services in accordance with the capabilities and skills required to develop technology infrastructure plan.
  • 6.  ISSN: 1693-6930 TELKOMNIKA Telecommun Comput El Control, Vol. 18, No. 1, February 2020: 133 - 139 138 b. Gap analysis of maturity level of IT The average results of the assessment of IT service maturity level within the process domains DSS01 to DSS06 depict current average maturity level on level 3 (Established). It is the condition in which processes of IT service have been implemented by standard procedure and achieved a positive outcome, have communicated and implemented by all academicians. Therefore, the organization should enhance its performance of IT service, involving policy, implementation, and conformity to progress to level 4 maturity (predictable), as shown in Figure 3 as follows. Moreover, the organization requires to perform adjustments to achieve desired maturity level. The biggest gap occurs in DSS03 (manage problem) domain, in which the maturity level is 3.26. Conversely, the smallest gap is shown in the DSS06 domain, which scales 3.44 in the maturity level. The existing gap within DSS03 domain signifies the lacks of comprehension within every level of the organization towards management process on issues of IT service. This is echoed by rather unstable quality of service to users and hindrances due to the personnels’ limited knowledge within each organizational unit. Henceforth, the overall result of maturity level assessment of IT service demonstrates that the current maturity level is quite distant from the desired level, i.e., level 4 (predictable). Figure 3. Radar diagram of DSS process capability level c. Recommendations This study recommends that: - The organization requires to formulate and ratify policy of Standard Operating Procedure (SOP) of IT service management, due to the deficiency of comprehensive SOP within each organizational unit. The SOP is critical to formulating as a guideline of process and implementation of IT governance within the organization. By that, it allows the organization to implement comprehensive and detailed documentation of every process, job desk, and role of individuals or groups within the organization. - It is crucial for the organization to engage in the clear and well-structured standardization of governance and management to minimize potential gaps in data and information flows needed when formulating policy. - Enhancement in IT service system is essential within every work unit of the organization in accordance with the characteristics of IT service of each unit. - The organization is required to implement integration with pre-existing applications to validate data, from which it provides ease for the users to experience service of the accurate and effective information accessing. - Upgrade and optimization in ICT service system are vital for the organization to conduct to achieve good governance. 4. CONCLUSION The overall score of the current maturity level of IT service is in scale 3 (established) out of level 5 scale (optimizing). The overall result reveals that IT service processes are implemented and documented referring to the defined standard process, in which it allows the organization to achieve positive outcomes. Despite that, the organization is obliged to enhance the DSS process, due to the current maturity level is quite distant from the desired level, i.e., level 4 (predictable). The most significant gap exists in DSS03 (manage problem) domain, in which the maturity level is 3.26. In contrast, the smallest gap is shown in the DSS06 domain which scales 3.44. This signifies the importance of the personnels’ knowledge upgrade in handling IT service issues by engaging in training, apprenticeship, and certification. On top of that, it needs full commitment from all academicians to ensure the information availability and ease of access within
  • 7. TELKOMNIKA Telecommun Comput El Control  The measurement of maturity level of information technology service... (Lanto Ningrayati Amali) 139 each work unit. By that, it is essential for the organization to implement well-prepared planning and to execute the planning consistently in order to comply with organizational strategy and goals. REFERENCES [1] C.S. Amaravadi, “Digital Repositories for e-Government,” Electronic Government, vol. 2, no. 2, pp. 205-218, 2005. [2] E. Novianti and A.N. Fajar, “Information Technology Investment Analysis of Hospitality Using Information Economics Approach,” TELKOMNIKA Telecommunication Computing Electronics and Control, vol. 17, no. 2, pp. 609-614, 2019. [3] A. A. Farhanghi, A. Abbaspour, and R.A. Ghassemi, “The Effect of Information Technology on Organizational Structure and Firm Performance: An Analysis of Consultant Engineers Firms (CEF) in Iran,” Procedia - Social and Behavioral Sciences, vol. 81, pp. 644–649, 2013. [4] A. Aslizadeh, “Impact of Using Information Technology on Creating a Sustainable Competitive Advantage for Companies (Case Study: Golestan Food Companies),” Indian Journal of Fundamental and Applied Life Sciences, vol. 4, pp. 1595-1603, 2014. [5] M. Sibanda and D. Ramrathan, “Influence of Information Technology on Organization Strategy,” Foundations of Management, vol. 9, no. s1, pp. 191-202, 2017. [6] P. Kotler, Strategic Marketing for Educational Institutions, 2nd ed. New Jersey: Prentice-Hall Inc, 2000. [7] L.N. Amali, M. Mahmuddin, and M. Ahmad, “Information Technology Governance Framework in the Public Sector Organizations,” TELKOMNIKA Telecommunication Computing Electronics and Control, vol. 12, no. 2, pp. 429-436, 2014. [8] M. Ciorciari and P. Blattner, “Enterprise Risk Management Maturity-Level Assessment Tool,” The Society of Actuaries, pp. 1-25, 2008. [9] M. S. de Araujo, E. C. Oliveira, S. B. S. Monteiro, and T. M. F. Q. Mendonça, “Risk Management Maturity Evaluation Artifact to Enhance Enterprise IT Quality,” in Proceedings of the 19th International Conference on Enterprise Information Systems (ICEIS), vol. 3, 2017, pp. 425-432. [10] S. de Haes and W. van Grembergen, “Enterprise Governance of IT, Alignment and Value, in Enterprise Governance of Information Technology,” Springer, pp. 1-10, 2015. [11] E. N. Nfuka, L. Rusu, P. Johannesson, and B. Mutagahywa, “The State of IT Governance in Organizations from the Public Sector in a Developing Country,” Proceedings of the 42nd Hawaii International Conference on System Sciences, pp. 1-12, 2009. [12] ITGI, “Executive Overview COBIT 4.1. Rolling Meadows USA: IT Governance Institute,” 2007. [13] H.G. Alberti, “IT Governance and Human Resources Management: A Framework for SMEs,” International Journal of Human Capital and Information Technology Professionals (IJHCITP), vol. 4, no. 3, pp. 1-18, 2013. [14] D. Smits and J. V. Hillegersberg, “IT Governance Maturity: Developing a Maturity Model using the Delphi Method,” Hawaii International Conference on System Sciences, pp. 4534-4543, 2015. [15] R. Kann, F. Van Der Oord, J. Ugbah, A. Arora, N. Kumar. 2014 Audit Plan Hot Spots, CEB Audit Leadership Council, 2013. [16] W. Van Grembergen and S. De Haes, “IT Governance Structures, Processes, and Relational Mechanisms: Achieving IT/Business Alignment in a Major Belgian Financial Group,” Proceedings of the 38th Hawaii International Conference on System Sciences, vol. 38, pp. 1-10, 2005. [17] G. P. Rogers, “The Role of Maturity Models in IT Governance: A Comparison of the Major Models and Their Potential Benefits to the Enterprise, Information Technology Governance and Service Management: Frameworks and Adaptations,” IGI Global, pp. 254-265, 2009. [18] D. Proença and J. Borbinha, “Maturity Models for Information Systems - A State of the Art,” Procedia Computer Science, vol. 100, pp. 1042-1049, 2016. [19] O. Matrane, A. Talea, C. Okar, and M. Talea, “Towards a New Maturity Model for Information System,” International Journal of Computer Science Issues (IJCSI), vol. 12, no. 3, pp. 268-278, 2015. [20] P. Weill and J.W. Ross, “IT Governance How Top Performers Manage IT Decision Rights for Superior Results,” Harvard Business School Press, 2004. [21] ISACA, “COBIT 5: A Business Framework for the Governance and Management of Enterprise IT,” Rolling Meadows USA: IT Governance Institute, 2012. [22] ISO/IEC 15504-2, “Software Engineering-Process Assesment, Part 2: Performing an Assessment,” 2003. [23] ISO/IEC 15504-5, “2012 - Part 5: An Exemplar Software Life Cycle Process Assessment Model,” 2012. [24] J. W. Creswell, “Research Design: Qualitative, Quantitative, and Mixed Methods Approaches,” 4th ed. Thousand Oaks, CA: Sage, 2014. [25] U. Sekaran and R. Bougie, “Research Methode for Business: A Skill Building Approach,” 6th ed. West Sussex, England: John Wiley & Sons, 2013. [26] A.P. Field, “Discovering Statistics Using SPSS,” 3rd ed. Thousand Oaks, CA: Sage Publications Inc., 2009. [27] M. Saunders, P. Lewis, and A. Thornhill, “Research Methods for Business Students,” 5th ed. Essex, England: Prentice Hall, 2009. [28] W. G. Zikmund, “Business Research Method,” Seventh Edition. Ohio: Thompson South-Western, 2003. [29] J. F. Hair, W.C. Black, B.J. Babin, and R.E. Anderson, “Multivariate Data Analysis,” Seventh Edition. London: Pearson Prentice Hall, 2010.