COBIT 5: How Capable PT GTI Governing Innovation, Human Resource, and Knowledge Aspect?

The performance of information technology governance by PT GTI has not been optimal and there has never been a measurement of information technology governance capability. Based on these problems, it is necessary to measure the capability of information technology governance and make an appropriate information technology management recommendation that can be used as a guide—the measurement of the COBIT 5.0 framework. The data collection method consisted of observation, questionnaires, and interviews. The data collection results will produce findings, impacts, and recommendations for PT GTI. Measuring the capability of information technology governance used includes Planning, Preparation, Implementation, and Measurement Reporting. The study focused on 3 IT processes and obtained the following capability level results: APO04 Manage Innovation got a score of 78.4% and stopped at level 3, APO07 Managed Human Resource with a score of 81.07% and stopped at level 1, and BAI08 Manage Knowledge got to score 61% and stop


I. BACKGROUND
In such a competitive and rapidly changing business environment, companies increasingly realize the potential benefits that Information Technology can bring. This makes the company's management expectations high on the outcomes and benefits of Information Technology [1]. The use of information technology has the potential to be a significant determinant of success or success that can provide opportunities to gain competitive advantage and offer tools to increase productivity, company performance and provide more benefits in the future [2]. Information technology governance is also an essential part of ensuring that the company's information and available technology can support business goals [3]. Various ways are used to achieve the company's business goals, measuring the capabilities of IT and information technology to evaluate the evidence to determine whether the related resources provide the information needed by management under the fulfillment of its business objectives [4].
PT GTI is a cloud computing provider for medium to large scale companies founded in 1996 and has successfully delivered business solutions for more than 12 years and more than 100 clients in more than 20 industries and 10 countries by designing, implementing, and managing technology solutions. Who helps their business from back office to front office. At this time, PT GTI is a company that has used information and communication technology in supporting every teaching and learning process. Therefore PT GTI requires good governance and management. PT GTI specializes in providing Automotive Industry Solutions, from distribution, Dealer Management systems (DMS) to Automotive CRM. PT GTI's flagship product is PT GTI DMS for Automotive OEMs and a network of distributors/dealers. Built as an integrated solution, PT GTI leverages the power of the Microsoft Dynamics CRM platform to offer the next generation of DMS product solutions and services to consumers and partners. PT GTI must be aware of information technology and related service trends, identify opportunities, innovations, and plan ways so that the system built by PT GTI can always support client needs. Innovation is critical at PT GTI because PT GTI makes a system continue to innovate to follow client needs, such as adding features needed by users. Human resources are essential; PT GTI must manage human resources to ensure optimal structures are made. Staff placement, decision rights, and human resource skills must be appropriate so that the resulting product can be quality and suited to the client's needs. Relevant knowledge is vital to support activities in the company and decision-making. Staff at PT GTI are expected to have sufficient expertise in their respective fields to ensure the smooth operation of the company's operations. However, problems can occur in the control of information and communication technology services that exist now; supervision of information technology governance performance has not been carried out optimally; staff lacks the initiative to investigate ISSN 2085-4579 problems, code writing is not uniform, and the team does not want to maintain information. Based on these problems, it is necessary to measure the capability of information technology governance, and this study aims to determine the extent of the level of information technology governance and make a recommendation for the correct information technology management so that it can be used as a guide by users and can increase the optimal use of facilities. This study uses the COBIT 5.0 framework.
In measuring IT capability, a standard is needed that can help make valid and reliable measurements occur. Several criteria often used in measuring IT capabilities include ITIL (Information Technology Infrastructure Library), ISO/IEC 17799, and COBIT (Control Objectives for Information and Related Technology). In this study, the standard used is COBIT version 5 concerning the questionnaire distributed to predetermined respondents. The COBIT (Control Objectives for Information and Related Technology) standard was chosen because the COBIT framework provides the most detailed description of strategies and controls in managing information technology processes that support the alignment of business strategy and information technology objectives [4]. In the COBIT standard, there is also a calculation of the Capability Level value, representing the level of alignment of information technology goals and organizational business goals.
This research is expected to know the extent to which the role of information technology can represent PT GTI's business goals. So that based on the findings from the implementation of the measurement of IT capabilities, produce recommendations that can be used as a reference to improve the role and management of information technology so that it can better support the organization's business goals.

A. Capability Measurement of IS
Auditing is an examination of a company's financial statements by a firm of independent public accountants.
The measurement consists of a searching investigation of the accounting records and other evidence supporting those financial statements. The auditors will gather the evidence necessary to determine whether the financial statements provide a fair and reasonably complete picture of the company's financial position and its activities during the period being audited [5].

B. IT Governance
IT governance is the responsibility of the Board of Directors and Executive Management. It is an integral part of enterprise governance. It consists of the leadership and organizational structures and processes that ensure that IT sustains and extends its strategy and objectives [6], [7].
C. COBIT 5.0 Control objectives for information and related technology or known as COBIT, is a framework used to conduct audits. COBIT is a collection of best practice documentation for IT governance that can assist auditors, system users, and management in bridging organizational risks, control needs, and IT technical issues. COBIT is useful for IT users because they gain confidence in the reliability of the application system used [8]. COBIT 5.0 helps companies create optimal value from information technology by maintaining a balance between realizing its benefits and optimizing the level of risk and use of resources. This framework discusses the business and functional areas of information technology in an enterprise and considers the interests related to information technology internally and externally for stakeholders [9]. COBIT 5.0 has principles and enablers that are general and useful for all sizes of companies/organizations, both commercial and non-profit or the public sector. The five principles are Meeting stakeholder needs, Covering enterprise end-to-end, Applying a single integrated framework, Enabling a holistic approach, and Separating governance from management [10]. COBIT 5.0 provides a definition of life cycle processes, along with an architecture that describes the relationships between 5.0 processes. The COBIT process reference model (PRM) consists of 37 processes describing the life cycle for information technology governance, which are divided into 5 domains [8].

1) Evaluate, Direct, and Monitor (EDM):
The management process related to the management of stakeholder objectives, value delivery, risk and resource optimization, including practices and activities aimed at evaluating strategic options, providing information technology guidance and monitoring outcomes.
2) Align, Plan and Organise (APO): Provide guidance on delivery (BAI) and service delivery and support (DSS) solutions. This domain includes strategies and tactics, and focuses on identifying how information technology can best contribute to the achievement of business goals. The realization of the strategic vision must be planned, communicated, and managed from different perspectives. The right organization and technology infrastructure have to be in the right places.
3) Build, Acquire and Implement (BAI): Provide solutions and turn them into services. To realize an information technology strategy, information technology solutions must be identified, developed or obtained, as well as implemented and integrated into business processes. Changes and maintenance of existing systems are also in these domains, to ensure solutions are in line with business objectives.

4)
Deliver, Service and Support (DSS): This domain focuses on actual delivery and support of required services, which include service delivery, management of security and continuity, support services for users, and management of operational data and facilities.

5)
Monitor, Evaluate and Assess (MEA): Monitor all processes to ensure the directions given are adhered to. All information technology processes should be inspected regularly over time to ensure quality requirements and compliance with control requirements. The domain proposes performance management, monitoring of internal control, compliance and regular governance.

D. Capability Level
Capability level is a model to describe how each core process runs in an organization. Capability level provides a measure of process capability in achieving an organization's current or projected business goals in the future [8]- [15]. Assessment at each level is divided into four categories [10], [11]: In this category, there is little evidence of the achievement of the attributes of the process. The scores achieved in this category range from 0-15%.
2). P (Partially achieved) Within this category, there is some evidence of the approach and some of the achievement attributes of the process. The range of scores achieved in this category ranges from 16-50%.

3). L (Largely Achieved)
There is evidence of a systematic approach within this category, and significant achievements over the process, although there may still be weaknesses. The scores achieved in this category range from 51-84%.
ISSN 2085-4579 4). F (Fully achieved) Within this category, evidence of a comprehensive systematic approach and full achievement of the attributes of the process. There are no weaknesses related to the characteristics of the process. The range of scores achieved in this category ranges from 85%-100%. Figure 2. Process Capability Levels [9] The purpose of process capability is to help organizations improve their capabilities consistently. The capability level of the process is determined based on the achievement of process-specific attributes according to the ISO/IEC 15504-2:2003 standard. The rating scale involving six capability levels is described as follows [9]:

1). Level 0 Incomplete process
The process has not been implemented or failed to achieve its objectives. There is little or no evidence of systematic achievement of the process objectives at this level.
2). Level 1 Performed process (one attribute) The process area has become part of something mandatory in carrying out activities. However, its implementation still has shortcomings, both in quality and schedule. In principle, the process has been running and has become something mandatory as a starting point.

3). Level 2 Managed processes (two attributes)
A process is at this level if this process is always planned, carried out, monitored, and run on every development activity. This means the organization carries out this process in each development project and has a planning and control function.

4). Level 3 Established process (two attributes)
Managed processes are now implemented using defined techniques to achieve their process outcomes.

5). Level 4 Predictable process (two attributes)
The established process now operates within defined constraints to achieve its process results.

6). Level 5 Optimizing process (two attributes)
The predictable processes have been continuously improved to achieve the company's current business goals.

E. Research Object
PT GTI is a cloud computing provider for medium to large scale companies founded in 1996 and has successfully delivered business solutions for more than 12 years and more than 100 clients in more than 20 industries and 10 countries by designing, implementing, and managing technology solutions. Who helps their business from back office to front office. PT GTI's address is at Komplek Graha Elok Mas, Jl. Panjang Raya 83 F-G, West Jakarta 11510 -Indonesia. PT GTI is a software development company that provides vertical solutions for the automotive business. PT GTI wants to reshape the company's automotive journey with an Automotive Industry Solution that can transform the consumer experience. PT GTI has been rated among the Top 15 Microsoft Dynamics Global ISV solution providers worldwide. PT GTI specializes in providing Automotive Industry Solutions, from distribution, Dealer Management systems (DMS) to Automotive CRM. PT GTI's flagship product is PT GTI DMS for Automotive OEMs and a network of distributors/dealers. Built as an integrated solution, PT GTI leverages the power of the Microsoft Dynamics CRM platform to offer the next generation of solutions and services of DMS products to consumers and partners. PT GTI's quality training and technology services focus on assisting clients in the automotive sector to open consumers' eyes to streamline resources and transform the client experience.
Based on the criteria and primary focus of PT GTI, The company selected 3 IT processes for evaluation, including: 1). APO04 Manage Innovation. PT GTI provides cloud computing business solutions; PT GTI builds a standard system and then sells it to many companies/organizations for use. This process explains information technology and related service trends, identifies opportunities and innovations, and plans to benefit from these innovations. Innovation is crucial at PT GTI because PT GTI builds a system to continue to innovate to add new features needed by users.
2). APO07 Manage Human Resources. Companies must be able to manage human resources well. By working properly, human resources will be structured and ensure optimal structure, placement, decision rights, and human resource skills so that the products produced can be of high quality and appropriate to user needs.
3). BAI08 Manage Knowledge. This process keeps relevant knowledge current, validated, and reliable to support process activities and facilitate

ISSN 2085-4579
decision-making. Staff at PT GTI are expected to have sufficient knowledge in their respective fields to ensure the smooth running of the project requested by the client to be completed on time and following client expectations.

F. Evaluation Stage
The evaluation stage consists of 3 steps, including [13]:

1). Information System Audit Planning Stage
In this planning stage, the author's activity is to determine the object of research that will measure its governance capability. The thing of research that the author chooses is the research and development division at PT GTI. To know the extent of the management and utilization of information technology in improving PT GTI's services and recommend an effective and efficient information technology management policy proposal about the COBIT 5.0 framework.

2). Stages of Implementation of IT Governance Capability Measurement
The author collects and evaluates the evidence and data obtained at this implementation stage. These data are the results of direct observations in the field and the consequences of interviews and questionnaires prepared following the COBIT 5.0 standard. After the results are found, a conclusion is made in the findings of the measurement of IT governance capabilities. The findings can be positive or negative and make impacts and recommendations for PT GTI.

3). Reporting Stage of IT Governance Capability Measurement
The last stage is to report on the results of the measurement of IT governance capabilities. This IT governance capability measurement report consists of a conclusion of all types of findings that contain the impact on PT GTI, and then recommendations for IT governance are given. The results of this report are then addressed to the appropriate party, namely the GM Of Research and Development.

A. Information System Audit Planning Stage
It has been determined that the evaluation process will be carried out at PT GTI, with the selected IT processes being APO04 Manage Innovation, APO07 Manage Human Resources, and BAI08 Manage Knowledge. The purpose of this governance capability measurement is to find out how far the management and utilization of information technology have been in improving information technology services, evaluate the findings of capability measurements made during the data collection process, and recommend improvements to good information technology management in the future following the COBIT 5.0 standard.

B. Stages of Implementation of IT Governance Capability Measurement
The evaluation was carried out on the research and development division, consisting of 10 people, each manager under the General Manager of Research and Development and 1 staff in each division. The level 1 measurement contains 79 questions based on the COBIT 5.0 standard. The explanation by the auditee will be converted into quantitative following the provisions of the capability level criteria. The following is a table of capability criteria and evaluation results in each selected IT process. Based on the calculation results in Table 1, the value achieved for the APO04 domain shows the number 86.1%, which means that the process can be continued to the next level because the score to go to the next level must reach or more than 85% to move up to the next level. In this process, there are still shortcomings in creating an innovation plan that includes the level of risk, the planned budget to be used in innovation creation efforts, and innovation objectives. Based on the calculation results in Table 2, the value achieved for the APO07 domain shows the number 81.07%, which means the process cannot be continued to the next level and is stopped at level 1 (one) because the score to go to the next level must reach or more than 85 % to advance to the next level. In this process, there is still a lack of regular staff backup plans describing the skills and competencies of the internal and external resources needed and now available to achieve company goals. Based on the results of calculations in Table 3, the value achieved for the BAI08 domain shows the figure of 86.03%; the process can be continued to the next level because the score to go to the next level must reach or more than 85% to move up to the next level. At this stage, there are shortcomings in designing and implementing schemes for managing knowledge that is unstructured and not available through traditional sources (e.g., expert knowledge).
APO04 and BAI08 can rise to the next level because it is more than 85%, and the APO07 process stops at level 1 because it is less than 85%. The following are the evaluation results for capability level 2 of the two methods. Based on the calculations in Table 4, the value achieved for the APO04 domain shows a figure of 86.05%. The process can be continued to the next level because the score to go to the next level must reach 85% to move up to the next level. At this stage, PT GTI still lacks in making documented goals before managing innovation. Based on the calculation results in Table 5, the value achieved for the BAI08 domain shows the figure of 61%, which means that the process cannot be continued to the next level and is stopped at level 2 because the score to advance to the next level must reach 85% to move to the next level. The BAI08 Manage Knowledge process cannot be leveled up. The planning and supervision process on knowledge management has not been carried out. There is no interaction between the parties involved in implementing knowledge management, and there is no documentation and control process for performance.
APO04 can rise to the next level because it is more than 85%, and the BAI08 process stops at level 2 because it is less than 85%. The following are the results of the evaluation for capability level 3. Based on the calculation results in Table 6, the value achieved for the APO04 domain shows the number 78.4%, which means that the process cannot be continued to the next level and is stopped at level 3 because the score to advance to the next level must reach 85% to move to the next level. This process cannot be leveled up because the company's operational standards do not cover all the essential elements in the innovation management process. Still, most of them have been carried out by the company.

C. Reporting Stage of IT Governance Capability Measurement
The last stage is to report on the results of the measurement of information technology governance capabilities. This report contains all the findings of measuring the ability of information system governance at PT GTI. Then it also includes the impact of the measurement findings and recommendations for better management of information technology on the part of PT GTI. In Figure 4.1, it can be seen that PT GTI has not been able to achieve the desired target, namely level 4. The achievement value of PT GTI only reached level 3 for APO04, level 1 for APO07, and level 2 for BAI08. PT GTI is required to improve its information technology governance to achieve the desired target, and the information technology implemented can support the achievement of company goals.

IV. CONCLUSION
Information technology governance at PT GTI, based on the COBIT 5.0 standard carried out on the APO04 (Manage Innovation), APO07 (Manage Human Resource), BAI08 (Manage Knowledge) processes, data collection, and implementation steps to reporting ISSN 2085-4579 the results of governance measurements Information technology management has been successfully carried out; From the results of filling out questionnaires, interviews, and observations related to the specified process, it was found that the company's capability level is APO04 (Manage Innovation) Level 3 Defined Process, which means the company at this stage has standardized IT processes within the company's scope. Overall, APO07 (Manage Human Resource) Level 1 Performed Process, which means the company has successfully implemented the IT process at this stage. The objectives of the IT process have been achieved, BAI08 (Manage Knowledge) Level 2 Managed Process, which means that the organization is at this stage in implementing IT processes and achieving its objectives is carried out in a well-managed manner; Based on the findings and impacts, recommendations are given to improve the management of information technology so that the capability of PT GTI's information technology governance can be increased. The advice given includes making company operational standards to cover all elements in the innovation management process, providing appropriate training to staff areas, completing documents that are not available, making innovation management process goals, making a reward system approach, making documented goals before managing knowledge, create documentation and control processes.