University-Level of eLearning in ASEAN Risk Management Analysis Website E-klim at Civil Service Savings and Insurance Using COBIT 4.1 SISFORMA: Journal of Information Systems (e-Journal) Vol. 9 | No. 1 |Th. 2022 26 ISSN 2442-7888 (online) DOI 10.24167/sisforma.v8i2.4101 Risk Management Analysis Website E-klim at Civil Service Savings and Insurance Using COBIT 4.1 Muhammad Andhika Prasetyo1, Resad Setyadi2 Telkom Institute of Technology Purwokerto JL. IN Panjaitan No. 128 Purwokerto, Central Java 19103055@ittelkom-pwt.ac.id, 2resad@ittelkom-pwt.ac.id Abstract— Use of Information Technology Governance (ITG). In increasing the speed and accuracy of IT services in the company, as well as increasing the occurrence of risk. With the company's level of dependence on IT services to carry out company operations, a maturity level is needed for the possibilities that occur, aiming to prevent and reduce risks to company assets. This research is based on risk management analysis on the E- klim website which is a system asset at PT TASPEN, so it uses the Control Objective for Information and Relate Technology (COBIT) framework version 4.1. This study applies a quantitative method by distributing questionnaires to obtain good validity and reliability test results. The results of this study indicate the maturity level at level 3, which means define process. The implementation process in the company has been organized and organized in its operational system. However, it is necessary to improve participant administration data and update the system for employees. Keywords— COBIT 4.1, Risk Management Analysis, E-klim. I. INTRODUCTION The development of information technology (IT) is currently a very important part in institutions[1], governments, institutions and companies. The role of IT is needed to support operational activities and business processes within the company. IT components are used so that they are integrated into each other's systems and can run according to the needs of employees. PT TASPEN is a company under the auspices of a State-Owned Enterprise (BUMN) which is engaged in the management of pension funds and old-age savings and other types of insurance services. As one of the large companies in Indonesia, PT TASPEN provides improvements in services for participants in a professional and accountable manner based on integrity and ethics in carrying out their work duties.[2]. One of them is through the IT Department, which is responsible for controlling and managing IT business process activities, including IT risk management to prevent the impact of risks that cause damage and loss to the procurement of IT assets.[3] In carrying out its commitment, the company continues to innovate by providing digital-based submission services, namely the E-klim website. E-klim is an access to submit a company claim payment for the services available at the company[4]. However, with the maximum utilization of IT through the E-klim website, risk management is needed that must be considered when the system operates. The threat of risk in the company's operational activities, the company has input to be a solution in reducing the level of risk that occurs in the company[5]. Therefore, the company needs the role of implementing IT governance to identify risk mitigation and support their operational activities[6]. Based on the explanation of the research background, there are two research questions as guidelines for conducting research. Q1: What is the maturity level of management risk in implementing Domain Plain and Organize in E-klim? Q2: Recommendations given in risk management maturity level in E-klim? Risk Management Analysis Website E-klim at Civil Service Savings and Insurance Using COBIT 4.1 SISFORMA: Journal of Information Systems (e-Journal) Vol. 9 | No. 1 |Th. 2022 27 ISSN 2442-7888 (online) DOI 10.24167/sisforma.v8i2.4101 II. METHOD In this study, there is an overview of the research procedure: Figure 1. Research Procedure A. STUDY LITERATURE It is necessary to understand the maturity level of risk management for COBIT 4.1 in the PO9 domain as a reference[7]. B. OBSERVATION Conduct observations by distributing questionnaires and interviewing several staff before being distributed. C. PRELIMINARY RESEARCH Obtaining approval regarding the object of research, improving the questionnaire, making the questionnaire the main research and conducting interviews with respondents. Then test the validity and reliability of the instrument on the questionnaire. The validity test is used to determine the measuring instrument for the correlation method in each variable[8]. The correlation number of the r value with the level obtained is 90% significant[9]. The results of the data are substantial (valid) for hypothesis testing. If r count < then the table shows significant information data (invalid) and is not included in the research hypothesis[10]. rcount= n(Σ XY)−(Σ X)(Σ Y) (𝑛 Σ X2)−(Σ X)2(𝑛Σ y2−(Σ Y)2) R calculate : correlation coefficient between variable X and variable Y N : number of respondents X : item total score Y : total score of questions x2 : total squared score of items y2score total square of items Reliability tests determine accuracy, stability and consistency within individual- specific conditions. The reliability test is carried out with a valid statement[11]. This test uses the Cronbach alpha technique because of the larger alpha coefficient[12], thus giving the correct result. =(𝑛𝑛−1)(1−Σ𝑠𝑖2Σ𝑠𝑡2) r instrument: reliability of instrument n: number of questions si2: variance of items st2: total variance D. DATA ANALYSIS Data analysis using COBIT 4.1 with PO9 domain in determining risk management maturity[13]. It is necessary to carry out normalization steps for each compliance with the total value of compliance at each level of compliance[14]: NV=CVTCV (4) NV: Normalize data Value CV: Compliance Value TCV: Total Compliance Value CONV=CVLV (5) CONV: Contribution Value CV: Compliance Value LV: Level ML=ΣCONV (6) ML: Maturity Level CONV: Contribution Value E. DISCUSSION It is necessary to compare the results of data analysis in the discussion of previous research on risk management in the governance of the E-climate system. III. RESULTS AND DISCUSSION In conducting data analysis, it is necessary to identify the respondent's profile. It is explained that the table below has a classification of the environment by having the type of work, skills in using computers. Standard Indicator Type % Job Position Management 70 IT staff 30 Level of Master 50 Risk Management Analysis Website E-klim at Civil Service Savings and Insurance Using COBIT 4.1 SISFORMA: Journal of Information Systems (e-Journal) Vol. 9 | No. 1 |Th. 2022 28 ISSN 2442-7888 (online) DOI 10.24167/sisforma.v8i2.4101 Standard Indicator Type % education Bachelor 50 Computer skills Good 25 Enough 65 Less 10 A. VALIDITY TEST Based on the validity test of the research data conducted. So, the data from the valid test results yielded a result of 849, so the data is feasible to be tested B. RELIABILITY TEST Based on the reliability test of the research data conducted. So, it produces a Cronbach Alpha of 929, so it is worth testing. C. MATURITY TEST The results of testing the maturity level of risk management using the COBIT 4.1 domain P09[15].for risk assessment: Table 1. Compliance Level 0 Level Maturity Level 0 0 0.33 0.66 1 Total Not statement 1 Risk assessment does not occur to the company 5 4 2 1 3.52 2 The company does not consider risk management 2 3 5 2 6.29 3 Risk management is not a solution to security 5 2 4 1 4.3 Total 14.11 Table 2. Compliance Level 1 Table 3. Compliance Level 2 Level Maturity Level 2 0 0.33 0.66 1 Total Not statement 1 Risk assessment management has been carried out at the division level 1 2 4 5 8.3 2 Risk assessment is only carried out when a large risk occurs 1 1 5 5 8.63 Total 16.93 Level Maturity Level 1 0 0.33 0.66 1 Total Not statement 1 Risk assessment management is important when used in systems, 2 2 6 2 6.62 2 Management can determine the risk assessment that occurs 1 1 4 6 8.97 3 Risk assessment is rare in IT services 2 4 4 1 4.96 4 Risk management is rarely carried out 5 5 1 1 3.31 5 Management rarely discusses risk assessment 6 3 2 1 3.31 Total 27.17 Risk Management Analysis Website E-klim at Civil Service Savings and Insurance Using COBIT 4.1 SISFORMA: Journal of Information Systems (e-Journal) Vol. 9 | No. 1 |Th. 2022 29 ISSN 2442-7888 (online) DOI 10.24167/sisforma.v8i2.4101 Table 4. Compliance Level 3 Table 5. Compliance Level 4 Level Maturity Level 4 0 0.33 0.66 1 Total Not statement 1 There is a procedure for the occurrence of risks 2 1 4 6 8.97 2 Has made a risk management responsibility report 1 1 3 7 9.31 3 The company already has a level of risk management 1 1 5 5 8.63 4 Have monitored the occurrence of risk assessment 1 3 4 4 7.63 Level Maturity Level 4 0 0.33 0.66 1 Total Not statement 5 Company accepts IT management risk impact advice 1 4 2 5 7.64 6 The company provides risk monitoring management 2 1 5 4 7.63 7 Companies can identify risk management 3 3 4 1 4.63 8 The company applies management at the risk level 3 2 5 2 6.96 9 The company manages risk assessment based on RD procedures 2 2 6 2 6.62 Total 68.02 Table 6. Compliance Level 5 Level Maturity Level 5 0 0.33 0.66 1 Total Not statement 1 The company makes updates to reduce the level of risk 2 2 2 6 7.98 2 The management provides reporting in the occurrence of risks 2 2 4 4 13.2 3 company has risky assignment based on policy 1 2 2 7 6.98 4 The concept of risk management has been implemented in the operational process 2 1 4 5 7.97 Level Maturity Level 3 0 0.33 0.66 1 Total Not statement 1 There is a risk management management policy. 1 3 4 4 7.63 2 The company provides training for risk management 1 1 3 7 9.31 3 There is a pen acceptance of risk assessment to the head of section 2 3 5 2 6.29 4 Identified risk assessment reduces risk 3 3 3 6 8.97 5 Risk management has been identified 1 2 4 5 8.3 Total 40.5 Risk Management Analysis Website E-klim at Civil Service Savings and Insurance Using COBIT 4.1 SISFORMA: Journal of Information Systems (e-Journal) Vol. 9 | No. 1 |Th. 2022 30 ISSN 2442-7888 (online) DOI 10.24167/sisforma.v8i2.4101 Level Maturity Level 5 0 0.33 0.66 1 Total Not statement 5 The company assesses risk as a risk mitigation strategy 4 1 1 6 6.99 Total 43.12 D. DISCUSSION In the analysis that has been used this research is using quantitative methods based on literature studies. Based on the reliability test, it shows that the questionnaire has good question quality so that it becomes a measuring tool. The risk assessment process provided is a description of the risk mitigation applied to the company's operations. Services have become a significant role for business processes for companies. The risk assessment method is an aspect of sustainability in the COBIT 4.1 framework[16], by producing IT and risk analysis to make the company have good governance. This article analyzes information based on the work process in further research. IV. CONCLUSION The results of this study indicate the maturity level at level 3, which means define process. The implementation process in the company has been organized and organized in its operational system. The recommendation in this study is the need for improvement of participant administration data and system updates for employees so that there is an increase in IT management in business processes and system operations. Suggestions for research in this study are the need for a COBIT domain version level so that further research becomes a reference for risk management research and the addition of domains other than those described, namely the PO9 domain. REFERENCES [1] Eva Zuraidah, "Information technology governance audit using the COBIT 4.1 framework (in the case study of PT Grace)," J. PROSISCO, vol. 07, no. 01, pp. 84–95, 2020, [Online]. Available: https://e- jurnal.lppmunsera.org/index.php/PRO SISKO/article/view/2289. [2] C. Manado, “3 1,2,3,” vol. 16, no. 2, pp. 119–126, 2021. [3] Q. Using et al., “Information System Risk Management Analysis,” vol. 4, no. 1, pp. 73–76, 2018. [4] Juknis_Eclaim, “1 | Pages," no. April, p. 77000, 2019. [5] RDA Putra, A. Ambarwati, and E. Setiawan, "Evaluation of Information Technology Risk Management Based on the COBIT 5 Framework at PT.BTM," JSI J. Sist. inf., vol. 11, no. 2, pp. 1754–1762, 2019, doi:10.36706/jsi.v11i2.9103. [6] B. Endrasasana, “Risk Management- Based IT Governance Audit,” pp. 1–8, 2015. [7] W. Wella, "Information System Audit Using Cobit 5.0 Domain DSS at PT Erajaya Swasembada, Tbk," Ultim. InfoSys J. Science System. inf., vol. 7, no. 1, pp. 38–44, 2016, doi:10.31937/si.v7i1.511. [8] F. Yusup, "Test the Validity and Reliability of Quantitative Research Instruments," J. Tarb. J. Ilm. Education, vol. 7, no. 1, pp. 17–23, 2018, doi:10.18592/tarbiyah.v7i1.2100. [9] S. Anwar, "The Maturity of Information Technology and Performance of Information Systems on the Benefits of Information Systems for Kelurahans in Kodia Semarang," Deen. technol. inf., vol. XIV, no. 2, pp. 146–151, 2009, [Online]. Available: http://www.unisbank.ac.id/ojs/index.ph p/fti1/article/viewFile/102/97. [10] DR Zulkarnaen, R. Wahyudi, and A. Wijarnako, "Information System Audit Risk Management Analysis Website E-klim at Civil Service Savings and Insurance Using COBIT 4.1 SISFORMA: Journal of Information Systems (e-Journal) Vol. 9 | No. 1 |Th. 2022 31 ISSN 2442-7888 (online) DOI 10.24167/sisforma.v8i2.4101 at Banyumas General Hospital Using Cobit 4.1 Framework," J. Pro Business, vol. 10, no. 2, pp. 27–37, 2017. [11] AP Widodo, F. Agushybana, and SP Jati, "Measurement of EWSKIA Information System Acceptance Based on User Perception Using the Technology Acceptance Model," J. Sis. inf. Business, vol. 8, no. 2, p. 52, 2018, doi:10.21456/vol8iss2pp52-59. [12] H. Hassan, JB Mangare, and PAK Pratasis, "Factors Causing Delays in Construction Projects and Alternative Solutions (Case Study: Manado Town Square III)," J. Civil Static, vol. 4, no. 11, pp. 657–644, 2016. [13] JF Andry and H. Hartono, "Performance Measurement of IT Based on COBIT Assessment: A Case Study," J. Sis. inf. Indonesia, vol. 2, no. 2017, pp. 1–13, 2017, [Online]. Available: http://publications.aisindo.org/index.ph p/JSII/article/view/66. [14] W. Bagye, "Analysis of the Maturity Level of Academic Information Systems Using the COBIT 4.1 Framework (Case Study: STMIK Lombok)," J. Speed – Research Center. eng. and Education, vol. 8, no. 1, pp. 1–7, 2016. [15] R. Setyadi and S. Anggoro, “Risk Management Analysis Using COBIT 4.1 at Vehicle Testing Management Information System,” J. Tech. information. and Sis. inf., vol. 7, no. 1, pp. 231–239, 2021, doi:10.28932/jutisi.v7i1.3419. [16] MP Wibawa and AD Manuputty, “Analysis of Information Technology Risk Management Policy Service PT. Sinar Mas Insurance Using the COBIT 5 Framework,”JATISI (Journal of Tech. Inform. and Information System), vol. 7, no. 3, pp. 466–479, 2020, doi:10.35957/jatisi.v7i3.409.