University-Level of eLearning in ASEAN It Governance In News Company Using Cobit 5 Frameworks SISFORMA: Journal of Information Systems (e-Journal)Vol.6 | No.1 |Th. 2019 page 7 ISSN 2442-7888 (online) DOI 10.24167/Sisforma I G N C U C 5 F Agustinus Adi Prawoto Universitas Bunda Mulia Jakarta Adi.prawoto01@gmail.com Abstract— The object of this research is PT KMN which is one of the largest media companies in Indonesia that focuses on reporting or providing the latest information on a national scale. The problem that occurs in this company is the difficulty of grouping complaints to the helpdesk and supporting divisions through the application and the success rate in returning data that does not reach 50% which makes all data that is backed up and carried out regularly becomes useless. The author conducted an audit on the Microsoft System Center 2012 R2 application to find out whether it was in accordance with business process procedures, data accuracy, and problem management. The author analyzes and chooses to use the COBIT 5 Framework in this study. The research methods carried out are interviews and direct observation in the part of the company concerned. The chosen domain is Deliver, Service and Support (DSS) which focuses on the IT process DSS01 had an average value of 2.6 and DSS02 had an average value of 2.43. Keywords— Audit, COBIT 5, DSS, PT KMN I. INTRODUCTION Current technological developments have brought changes in business travel and human interaction. Most organizations have been fully integrated by information technology [1]. This makes many large companies compete - the race to develop an effective system to achieve the goals of companies or organizations in utilizing the role of information technology. In addition, it will be vital in work activities and also information technology has a major impact on the organization's business management [2]. Ineffective IT governance can cause business losses, unexpected costs, low quality of IT use and failure to deliver value to the company [3]. Technology is also applied to companies engaged in the media, the development of the sectors (and industries) of the media cannot be separated from technological progress, development by market dynamics (such as the creation of arrangements and demand in media and infrastructure content), and political policies (such as power) [4]. Mass media containing information that is more trusted and consumed by the public can be used as an effective means to lead the public [5]. The application of the right technology should be an added value, here what is more emphasized is the issue of depth (quality) of data not the amount (quantity) of data [6]. The use of technology and information seems to present "the world in hand [7]. PT KMN is a company engaged in newspaper publishing. Media companies are aware of the importance of technology to support the company's business processes [8]. In running the company, the company is supported by a special division to handle internal parts of the company that support the needs of each company division, namely the helpdesk and support (HDS) division. The HDS Division has a very important role that is to facilitate all use of IT devices in the scope of the company and government agencies that report every problem faced [9]. The complaints process will be carried out directly by the division by writing complaints to applications that have been provided and then submitted and received directly by the HDS division to be followed up based on existing complaints. The system used by this company is an application released by Microsoft, It Governance In News Company Using Cobit 5 Frameworks SISFORMA: Journal of Information Systems (e-Journal)Vol.6 | No.1 |Th. 2019 page 8 ISSN 2442-7888 (online) DOI 10.24167/Sisforma namely Microsoft System Center 2012 R2 which is the only product that can be integrated in most of the central system series and active directory [10]. This application creates and maintains dynamic database management services that enable interaction in all divisions, both inside and outside the IT department. Microsoft's central system application has not been audited and has never measured the level of success in supporting company activities every day. The author sees a problem that occurs in grouping complaints from each division. Each complaint is generally grouped according to the level of urgency of the problem. But what happens is that all complaints are included at the level of the incident. Because complaints at other levels must go through a very complicated process and need to configure events before they are reported. This makes the performance of the HDS division work ineffective and reduce the speed of solving problems that are actually very urgent in the company. The key to the success of an organization depends on how far the company can manage and control IT facilities as they should, to ensure that the expected benefits are realized [11]. The author will focus the research on the DSS process by focusing on the DSS01 and DSS02 processes which will review the company's ability to solve problems and complaints that occur. DSS01 was chosen because this domain focuses on how the company manages the company's operational activities every day both from the performance of Microsoft System Center software applications and employee work operations. And DSS02 was chosen because this domain focuses on how this company makes service back to normal, recording and meeting user requests; and record, investigate, diagnose, improve and resolve incidents. It is expected that with this audit the company will get an idea of how the application is running and recommend and provide input so that the company can run better. II. LITERATUR REVIEW The author analyzes using the COBIT 5. COBIT framework is a set of guidelines that apply and are applied to support and assist IT management [12]. The COBIT framework is concept-oriented and standards-oriented, focused on existing business objectives and is a managerial and technical tool for IT units called ISACA in 1992 [13]. In 2012, a new COBIT framework was released, namely the COBIT 5 Framework which is the successor reference model of the COBIT process model 4.1. COBIT 5 is a comprehensive framework that is used to help companies achieve their goals by optimizing IT management [14]. COBIT 5 has 5 domains that are used as guidelines for these domains are evaluating, directing and monitoring (EDM), aligning, planning and organizing (APO), building, acquiring and implementing (BAI), delivering, service and support (DSS) and monitoring, evaluating and assessing (MEA) [15]. Figure 1 explains how to determine the level of ability of a domain and the level of existing processes based on interviews and observations made by the author. See fig. 1 Process Capability Levels. Figure 1. Process Capability Levels [16] The scale used to measure the process is [17]: - Not Achieved (N): There are any attributes from the process that are valued at 0% - 15%. - Reached partially (P): There is some evidence that the achievement of process attributes is assessed at 15% - 50%. - Most Achieved (L): There is evidence of systematic use and significant It Governance In News Company Using Cobit 5 Frameworks SISFORMA: Journal of Information Systems (e-Journal)Vol.6 | No.1 |Th. 2019 page 9 ISSN 2442-7888 (online) DOI 10.24167/Sisforma achievement of the assessed process attributes but still requires improvement in some deficiencies related to this attribute. Can be found in the assessment process 50% - 85%. - Achieved Fully (P): There is complete evidence that a full and systematic achievement has been made of the attribute process which is assessed 85% - 100%. In table 1, we will explain the criteria for the company to reach the process level. See table 1 Capability Model of COBIT 5 Process. Table 1 Capability Model of COBIT 5 Process [18] Process Level Capability 0 (Incomplete) Not implementing the process and not achieving the goal at all. At this level there is no evidence that the process has been implemented. 1 (Performed) At this level the process has reached its goal. The process level attribute is Process Performance. 2 (Managed) The processes that have been carried out are implemented, produce products, organize and carry out maintenance. Process attributes are in performance management and work product management. 3 (Established) Manage processes to reach specified limits and contribute to achieving results. the process attribute is in Process Definition and Deployment Process. 4 (Predictable) The process operates according to what has been determined to achieve the expected results, in other words the process plays a major role in achieving results. The process attributes at this level are Process Management and Process Control. 5 (Optimizing) The process can be predicted and continuously improved so that it can adapt to the current business objectives with relevant projections. the process attribute at this level is Process Innovation and Process Optimization. III.RESEARCH METHODOLOGY In this chapter the author will explain the research methodology that has been done in this study; the method will be explained in fig. 2 research methodology: Figure 2. Research Methodology [19] 3.1 Identifications of Problems The first step that is done by the author is to do literature studies. the next step the writer determines the domain that is in COBIT 5 based on research. Determine the scope of the study and the limitations of the problem in conducting research. 3.2 Research Design When entering at the second stage, the writer performs a description of the research method that will be used to measure the level of ability of the system in accordance with the boundaries of the problem and the scope of the study that has been predetermined. Prepare a list of questions that will be asked to informants when conducting interviews. Conduct implementation checks that have been used that are relevant to the limits that need to be observed. 3.3 Data Analysis Conduct an application system analysis that is the focus of research and make adjustments to existing documents. After all the analysis and required documents are available, interviews are conducted based on the specified domain. 3.4 Evaluation It Governance In News Company Using Cobit 5 Frameworks SISFORMA: Journal of Information Systems (e-Journal)Vol.6 | No.1 |Th. 2019 page 10 ISSN 2442-7888 (online) DOI 10.24167/Sisforma Provide recommendations that can be a reference in increasing the level of assessment that has been done by the author and make a report on the results of research to the company. IV. RESULTS AND DISCUSSION This section will explain and discuss the analysis carried out based on the COBIT methodology and framework 5. The author will discuss the results of 2 domains namely DSS01 and DSS02. To produce an assessment of the current company and provide recommendations to reach the expected level. A. DSS01 manage operations 1. DSS01.01 perform operational procedures In sub-process, this will discuss operational management to maintain and carry out operational procedures based on scheduling, data security, and backups that are carried out in accordance with established procedures and conditions. This print media company backups data every week, but the drawback is the difficulty of restoring backed up data to retrieve it in the event of data loss. For the percentage restore itself the success rate that can be achieved does not reach 50%. This sub-process has a process attribute achievement that stops at 3.1 process deployment, so the level capability in this sub-process is level 2 managed process. The recommendation for this sub-chapter is to improve the backup facility so that it can increase the level of success in restoring data. 2. DSS01.02 manage outsourced IT services In this sub-process defines the management of relationships between companies and service providers about systems that are running as supporting business processes of the company. Discuss the relationship between service providers and the company's internal IT management processes which include performance, planning, change, configuration, internal service and performance monitoring. The application system used by this company is a product released by Microsoft. if there is a change or update on the application then you must install the RPT again and need an old .net, whereas the usual .net cannot be used in the latest application updates. So that causes applications in this company difficult to update regularly. Based on the results of data analysis, this subdomain process attribute 2.2 that works product management and is capability level in level 2 that is managed process. The recommendation for this sub-section is to use additional applications or connectors to make it easier if an error occurs so you have to use other computer facilities and if to do regular updates. 3. DSS01.03 monitor infrastructure In this sub-process, discuss on identifying the level of information to be recorded based on a consideration of risk and performance, managing infrastructure lists, and establishing procedures for monitoring event logs and conduct regular reviews. The company has been reporting for monitoring event logs with reporting letters that are made on time and well documented, but no one is responsible for monitoring infrastructure. This sub-process has a process attribute that stops at 3.2 process deployment, so the level capability in this sub-process is level 2 managed process. The recommendations for this sub-section are adding employees or appointing employees to be specifically responsible for monitoring infrastructure. 4. DSS01.04 manage the environment This sub-process discusses how to manage the environment around the company, which includes the laying out of IT equipment, policies when it wants to access or enter the IT environment, identify possible problems such as human error or natural disasters and how companies manage devices in monitoring and controlling the IT environment. Relating to the management of the work environment has been done well, there is identification of fire disasters, and training for employees in the event of a fire disaster. As well as to enter IT facilities not everyone can It Governance In News Company Using Cobit 5 Frameworks SISFORMA: Journal of Information Systems (e-Journal)Vol.6 | No.1 |Th. 2019 page 11 ISSN 2442-7888 (online) DOI 10.24167/Sisforma enter without access. But there is no structured facility layout procedure. this sub- process has a process attribute achievement that stops at 3.2 process deployment, then the level capability in this sub-process is level 3 managed process. The recommendations for this sub-section are to make written regulations when in the IT room and make standards to regulate IT facilities. 5. DSS01.05 manage facilities Management of company facilities and assets including managing electricity equipment and internal communication adapts to legal procedures, technical and business requirements, vendor specifications and safety considerations. The company has a generator just in case the power outages are working properly, the design of the workspace is in accordance with the standards of health and cabling in accordance with predetermined standards. This sub-process has the achievement of process attributes that stop at the measurement process 4.1 but the achievement of process attributes does not reach process control process 4.2, then the level of capability in this sub-process is the level 3 process specified. The recommendations for this sub-section are to pay attention to facility maintenance and develop more structured analysis results reports such as directly through the application. To get a clear picture and understanding, it can be done by mapping the process attributes (PA). Mapping is done to find out the achievement of information systems based on the results of interviews and observations in the company. Mapping the process of this attribute is needed to get the ability level of each sub-process in the domain. Each attribute process must achieve fully or mostly be achieved to be able to go up to the next level. For each PA that is only in the first level (e.g. 2.1, 3.1, 4.1 and 5.1), then the level capability obtained is 1 level under PA. So, the process with PA 2.1 only has a level of ability 1. For 4 assessment levels in each PA have been explained in table 2 mapping process attributes form DSS01. Table 2 Mapping Process Attributes Form DSS01 IT Proce sses P A 1. 1 P A 2. 1 P A 2. 2 P A 3. 1 P A 3. 2 P A 4. 1 P A 4. 2 P A 5. 1 P A 5. 2 DSS0 1. 01 F F F F N N N N N DSS0 1. 02 F F F N N N N N N DSS0 1. 03 F F F F F N N N N DSS0 1. 04 F F F F F N N N N DSS0 1. 05 F F F F F F N N N Based on the results of the interviews conducted in Table 2, it can be seen in the DSS0.01 IT Process and DSS01.01 in the Process Attribute (PA) 3.1. The ability level for these two processes is at level 2. For TI DSS01.03, DSS01.4 and DSS01.5 Processes achieve PA 3.2 with the value of capability level 3. The DSS01 results (Manage Operations) show the overall level of ability in the DSS01 sub-process and the results of the average IT process will be shown in table 3 process capability domain DSS01 manage operation. Table 3 Process Capability Domain DSS01 Manage Operation Domai n Description Proces s Attrib utes Capabi lity Level Expe cted Level DSS01 . 01 perform operational procedures 3.1 2 3 DSS01 . 02 manage outsourced IT services 2.2 2 3 DSS01 . 03 monitor infrastructure 3.2 3 3 DSS01 . 04 manage the environment 3.2 3 4 DSS01 . 05 manage facilities 4.1 3 4 Averag e 2.6 B. DSS02 1. DSS02.01 Define incident and service It Governance In News Company Using Cobit 5 Frameworks SISFORMA: Journal of Information Systems (e-Journal)Vol.6 | No.1 |Th. 2019 page 12 ISSN 2442-7888 (online) DOI 10.24167/Sisforma request classification schemes Determine demand and service clarification schemes and models. Determine the event model to find out known errors in order to enable effective and efficient resolution. The company already has procedures that must be carried out for if an error occurs, namely by directly handling the IT staff concerned and there is already documentation about errors that occur in the form of e-mail. But if an error occurs that causes the application to be unusable at all the company has prepared a backup device for a temporary replacement. this sub-process has a process attribute achievement that stops at 3.2 process deployment, then the level capability in this sub-process is level 3 managed process. The recommendations for this sub-section are to improve the quality of resources to reduce the occurrence of configuration errors. 2. DSS02.02 Record, classify and priorities requests and incidents Identify, record and clarify service requests, complaints and incidents, and set priorities in accordance with the critical and business service agreements. Log all service and incident requests, record all relevant information so that it can be handled effectively and full historical records can be maintained, The company has implemented a recording procedure if an error occurs so that if a similar problem occurs, then the settlement can be easier. But in terms of grouping problems based on the level of urgency still have to be done manually, because the Microsoft system center is applied, all complaints are included as incidents, because to make a complaint in the problem grouping, Change and service requests must first configure, this becomes complicated for the user. Based on the results of data analysis, this subdomain process attribute 2.2 that is work product management and is capability level in level 2 that is managed process. The recommendation for this sub-section is to simplify the problem, change and service requests so that the application can be used optimally and effectively. 3. DSS02.03 Verify, approve and fulfil service requests Fulfill requests by performing the selected request procedure, using, if possible, self-help automatic menus and predetermined request models for frequently requested items. Companies can ask developers for help if an error occurs in the application and are carried out based on the provisions of the SLA. In the application there is no report error and contact us menu so that if an error occurs in the application that requires help from the developer, then contacted manually by the company. This sub-process has a process attribute achievement that stops at 3.1 process deployment, so the level capability in this sub-process is level 2 managed process. The recommendation for this sub-chapter is to add a report error and contact us feature so that it can directly confirm the detailed errors that occur so that for a mild error developer can directly provide solutions correctly through the application. 4. DSS02.04 Investigate, diagnose and allocate incidents Identify problems that occur, record symptoms of the problem, determine the root cause of the problem and find a solution. Set events to specialist functions if deeper expertise is needed, and involve appropriate management if needed. The company will make efforts to resolve errors that occur in the application but if it is difficult to overcome, the company will ask for help from the developer to handle errors. Every error that occurs will be recorded in the IT logbook, making it easier to handle if the same error occurs. this sub-process has the achievement of process attributes that stop at 4.1 process measurement and do not achieve the process 4.2 process control, then the level of capability in this sub-process is the level 3 established process. The recommendation for this sub-chapter is that companies can maintain and improve quality in handling errors, so that the process can be measured quantitatively resulting in a stable process and can be predicted according to predetermined limits. It Governance In News Company Using Cobit 5 Frameworks SISFORMA: Journal of Information Systems (e-Journal)Vol.6 | No.1 |Th. 2019 page 13 ISSN 2442-7888 (online) DOI 10.24167/Sisforma 5. DSS02.05 Resolve and recover from incidents Document, implement and test appropriate solutions or solutions identified and take remedial actions to restore IT related services. Archive incident resolution and assess whether the resolution can be used as a source of knowledge in the future. The company carries out error handling that occurs quickly, namely the range of 1-2 hours for production facilities, recording in every error that occurs and having a server to backup company data. But it has one drawback, namely in restoring backup data, the percentage of success does not reach 50% so that it once caused data to be lost. Based on the results of data analysis, this subdomain process attribute 2.2 that works product management and is capability level in level 2 that is managed process. The recommendation for this sub-section is to upgrade the restore facility so that when a disaster strikes, data can be restored with a higher success rate. 6. DSS02.06 Close service requests and incidents Perform verification with the users involved (in this study are internal employees) that the request has been fulfilled based on the level of satisfaction. The company verifies with the developer if the problem in the application has been resolved in the form of a ticket from the company and from the developer also confirms closing the ticket if the problem has been resolved. this sub-process has the achievement of process attributes that stop at 4.1 process measurement, then the level of capability in this sub-process is the level 3 established process. The recommendation for this sub-chapter is that companies can maintain and improve until the process can be measured quantitatively resulting in a stable process so that the results or products can be measured and predicted. 7. DSS02.07 Track status and produce reports Structurally searches, analyzes and reports on events to fulfill trends so as to provide continuous improvement information. The company provides guidance to employees to manage minor errors in the application. Every error that occurs is recorded in the logbook and made a report but the SLA provisions are not considered by the company. The company keeps records of errors that have occurred but bookkeeping is not done periodically. Based on the results of data analysis, this subdomain process attribute 2.2 that works product management and is capability level in level 2 that is managed process. The recommendation for this sub-section is for companies to pay more attention to the provisions of the SLA and schedule it regularly so that the books on errors that have occurred can be recorded properly. In Table 4, the Process Attribute Mapping Form DSS02, describes the process of mapping the DSS02 attribute from the IT process and determining the capability value. Table 4 Mapping Process Attributes Form DSS02 IT Proce sses P A 1. 1 P A 2. 1 P A 2. 2 P A 3. 1 P A 3. 2 P A 4. 1 P A 4. 2 P A 5. 1 P A 5. 2 DSS0 2. 01 F F F F F N N N N DSS0 2. 02 F F F N N N N N N DSS0 2. 03 F F F F N N N N N DSS0 2. 04 F F F F F F N N N DSS0 2. 05 F F F N N N N N N DSS0 2. 06 F F F F F F N N N DSS0 2. 07 F F F N N N N N N Based on the results of the interviews conducted in Table 4, it can be seen in the DSS02.2, DSS02.5 and DSS01.01 in the Process Attribute (PA) 2.2. The ability level for these three processes is at level 2. For DSS02.3Processes achieve PA 3.1 The ability level for these process is at level 2. DSS02.4 and DSS02.6 Processes achieve PA 3.2with the value of capability level 3. The DSS02 (Manage Service Request and It Governance In News Company Using Cobit 5 Frameworks SISFORMA: Journal of Information Systems (e-Journal)Vol.6 | No.1 |Th. 2019 page 14 ISSN 2442-7888 (online) DOI 10.24167/Sisforma incidents) results show the overall level of capability in the DSS02 sub-process and the average results for the DSS02 IT Process itself shown in table 5process capability domain DSS02 manage service request and incidents. Table 5 Process Capability Domain DSS02 Manage Service Request and incidents Do mai n Description Proces s Attrib utes Capa bility Level Expec ted Level DS S02 . 01 Define incident and service request classification schemes 3.2 3 3 DS S02 . 02 Record, classify and priorities requests and incidents 2.2 2 3 DS S02 . 03 Verify, approve and fulfill service requests 3.1 2 3 DS S02 . 04 Investigate, diagnose and allocate incidents 4.1 3 4 DS S02 . 05 Resolve and recover from incidents 2.2 2 3 DS S02 . 06 Close service requests and incidents 4.1 3 4 DS S02 . 07 Track status and produce reports 2.2 2 3 All the calculations in each table, it can be seen that the levels in the sub-processes in the domain DSS01 and DSS02 are on average at level 2. For more details, can be seen in Figure. 2 which describes the results of recapitulation of the calculation of domains DSS01 and DSS02. The fig. 3 Recapitulation Result from subdomain DSS01 and DSS02 Capability Model of COBIT 5 Process that will be presented below illustrates the current level and the expected level of domain calculations that have been made. Figure 3. Recapitulation Result from subdomain DSS01 and DSS02 From the figure 3, it can be concluded that the company has implemented the COBIT system very well. although there are still many things that need to be improved better in the future. We can see that the blue line is the current level and the orange line itself is the condition expected by the company. In the average domain DSS01 is already very good because on the DSS01.3 domains which focuses on monitoring infrastructure and related events it has succeeded in achieving the expected results. On the average domain DSS02 is still in the level of capability level 2 managed processes. V. CONCLUSION From the discussion above, it can be concluded that the company has carried out maintenance, optimization and management problems quite well. They can quickly take action if a problem occurs and quickly process the problem with a solution. With procedures that have been well structured for their own operations in this company. From DSS01 sub- domains, there is still a need to make improvements in relation to performing operational procedures and managing outsourced IT services. Especially regarding data backup management and application optimization. So in this sub-domain, the level of ability reaches 2.6. DSS02 sub-domain there is still a need to make improvements in connection with service request classification. Especially regarding the grouping of complaints according to the criteria of incident, problem, change and service request. So in this sub- domain, the level of ability reaches 2.43. 0 1 2 3 4 DSS01.1 DSS01.2 DSS01.3 DSS01.4 DSS01.5 DSS02.1 DSS02.2 DSS02.3 DSS02.4 DSS02.5 DSS02.6 DSS02.7 Curent Level Expected Level It Governance In News Company Using Cobit 5 Frameworks SISFORMA: Journal of Information Systems (e-Journal)Vol.6 | No.1 |Th. 2019 page 15 ISSN 2442-7888 (online) DOI 10.24167/Sisforma The limitations of this study are still lacking in service delivery and overall support. The DSS domain within the COBIT 5 framework has 6 IT processes. In this study, the authors only used 2 IT processors namely DSS01 and DSS02. This process is used to reduce the frequency of the process. However, these 2 IT processes are the most appropriate for the audit focus. Suggestions for further research that needs to be carried out more comprehensively by connecting with IT frameworks such as Balance Scorecard (BSC) or ITIL to maximize valuation not only in terms of system implementation but also business value of organizational / company alignment. REFERENCES [1] J. F. Andry, “Audit of IT Governance Based on COBIT 5 Assessments: A Case Study,” TEKNOSI, II (2), 27-34, 2016. [2] N. Azizah, “Audit SistemInformasi Menggunakan Framework Cobit 4.1 pada E-learning UNITSU Jepara,” Jurnal SIMETRIS, Vol. 8 No. 1, 2017. [3] S. Fajarwati, Sarmini, Y. Septiana, “Evaluasi Tata Kelola Teknologi Informasi Menggunakan Kerangka Kerja COBIT 5 (Evaluation of Information Technology Governance Using COBIT 5 Framework),” JUITA, Vol. VI, No. 2, 2015. [4] Y. Nugrogo, M. F. Siregar, S. Laksmi, “Memetakan Kebijakan Media di Indonesia,” Jakarta: Centre for Innovation Policy and Governance, 2012. [5] L. E. P. Hartanti, “Kebijakan Media Televisi Di Era Media Baru,” Jakarta: Unika Atma Jaya, Vol. 4, No. 1, 2015. [6] R. Krisyantono, “Teknik Praktis Riset Komunikasi,” Jakarta: KencanaPrenada Media Group, 2006. [7] D. M. Hamna, “EksistensiJurnalisme di Era Media Sosial,” Jurnalisa, Vol. 03 No. 1, 2017. [8] L. A. Prabawa, M. Rizan, “Perkembangan Teknologi Informasi dan Komunikasi, Inovasi, Kepemimpinan dan Kinerja Perusahaan: Studi Transformasi PT. Pos Indonesia,” Jurnal Pendidikan Ekonomi dan Bisnis, Vol. 3 No. 1, 2015. [9] A. Mustofa, “SistemInformasi IT- Helpdesk pada Universitas AMIKOM Yogyakarta Berbasis Web,” JurnalInformatika dan Komputer (JIKO), Vol. 2 No. 2, 2017. [10] T. Ellermann, K. Wilson, K. Nielsen, J. C. M. Tulloch, Series Editor, “Microsoft System Centre Optimizing Service Manager,” Washington: Microsoft Press, 2013. [11] J. F. Andry, “Process capability model based on COBIT 5 assessments (case study),” JATISI, 3(1), 23-33, 2016. [12] M. Rubino and F. Vitolla, “Internal control over financial reporting: opportunities using the COBIT framework,” Managerial Auditing Journal, Vol.29 Iss 8 pp 29(8), 736-771, 2014. [13] ISACA, “ISACA - 2013 Annual Report,” Rolling Meadows: ISACA, 2013. [14] R. E. Putri, “PenilaianKapabilitas Proses Tata Kelola TI Berdasarkan Proses DSS01 Pada Framework COBIT 5,” JurnalCoreIT, Vol. 2, No.1, 41-54, 2016. [15] ISACA, “COBIT Five: A Business Framework for the Governance and Manajement of Enterprise IT Using COBIT 5,” ISACA USA, 2012. [16] ISACA’s COBIT, “Self-assessment Guide: Using COBIT 5,” USA, 2013. [17] ISACA, “COBIT® Supplementary Guide for the COBIT 5 Process Assessment Model (PAM),” ISACA USA, 2012b. [18] G. Braga, “How COBIT 5 Improves the Work Process Capability of Auditors, Assurance Professionals and Assessors,” ISACA Journal, Vol. 1, 2016. [19] R. Wijaya and J. F. Andry, “Performance measurement of JP soft application using COBIT 5 framework,” UNIPDU, 2018.