University-Level of eLearning in ASEAN Analysis Risk Management Application e-Raport Using COBIT 4.1 SISFORMA: Journal of Information Systems (e-Journal) Vol. 9| No. 1 |Th. 2022 32 ISSN 2442-7888 (online) DOI 10.24167/sisforma.v8i2.4038 Analysis Risk Management Application e-Raport Using COBIT 4.1 Deswindasari Hasibuan1, Resad Setyadi2 Institut Teknologi Telkom Purwokerto DI Panjaitan No 128 Purwokerto, Central Java 119103020@ittelkom-pwt.ac.id, 2resad@ittelkom-pwt.ac.id Abstract— The role of information technology in increasing the use of e-Raport is to make it easier for schools to input student data. The e-Raport application is very important because it is a system to make it easier for teachers, staff, students, parents, and the Ministry of Education and Culture to find out the results of student learning analysis at SMK N 1 Balige as a means of communication between schools, students and parents of students. The problem with e-Report at SMK N 1 Balige is that there is an error when using the application to input data. The purpose of this study was to analyze risk management in the e-Raport application at SMK N 1 Balige. This research method uses quantitative methods. In measuring IT risk management, the author uses the Control Objective for Information and Related Technology (COBIT) 4.1 domain Plan and Organize (PO) framework, especially PO9 (Assessment and Manage IT risk). The result of this research is the value of the maturity level of the risk management application of e-Raport at SMK N 1 Balige is 2.6088. The maturity level of the e-Report of SMK N 1 Balige is Defined. Recommendations from this study are the need for a special person to control the e-Raport application at SMK N 1 Balige and training in the use of the e-Raport application. Keywords— Cobit 4.1 , e-Raport, PO9, Risk Assesment I. INTRODUCTION Progress in the use of a technology that is increasing from time to time as well as the ability to access speed of information is a demand in running the wheels of government, both in the business world and in education. The use of information technology in an institution certainly brings benefits to the institution. Information technology is now the key for an organization or company in developing and improving the efficiency of the ongoing process[1]. The very significant role of IS/IT must be balanced with regulation and management appropriate so that the loss or threat what might happen can be avoided even can be prevented. As for the frequent threats occurs, among others, cases of loss of data, data leakage, available information inaccurate caused by processing wrong data so that data integrity is not defensible, abuse use of computers, as well as procurement Information Technology/System investment Valuable information but not offset by the return of the value in accordance[2] . In the world of education, an information system in student assessment whose utilization is not far from the use of information technology because until now there are still many schools that use manual systems, to print student grade reports still use report cards.[3]. The use of E-Raport can be interpreted in accordance with the application. E-Raport is a web-based software for compiling reports on the achievement of student competencies by the education unit level developed by the school curriculum sub-directorate. The E- Raport application is an application for processing knowledge values, skill values, conducting attitude values by educators so that final grades and descriptions are formed automatically according to student acquisitions in assessing each basic competency, after which the homeroom Analysis Risk Management Application e-Raport Using COBIT 4.1 SISFORMA: Journal of Information Systems (e-Journal) Vol. 9 | No. 1 |Th. 2022 33 ISSN 2442-7888 (online) DOI 10.24167/sisforma.v8i2.4038 teacher will input extracurricular values, student attendance, achievements, attitude description, for that E-Raport is one of the efforts to control the quality of the assessment. Regarding the analysis of risk management or management of threats that arise in the use of the E-Report application, the output will provide solutions to limit risk errors, in terms of solving risks that still arise and risks that rarely occur in schools. The result is expected, the school requires an E- Report risk management analysis using COBIT 4.1 to minimize the risks that have occurred. II. METHOD This study uses a quantitative research type, which will provide a complete, systematic, factual and accurate picture of the state of the management information system. This research can also include how to evaluate the school management information system implemented at SMK N 1 Balige. This research follows the COBIT 4.1 a framework that is part of the IT standard management model that is enhanced by the Information Technology Governance Institute or also known as (ITGI) from the Information System Audit and Control Association (ISACA). COBIT 4.1 has 34 high-level supervision and then has 4 domains including the following, Deliver and Support (DS), Monitor and Evaluate (ME). A. Plan and Organize (PO) A process domain COBIT 4.1 defines the results of a strategic plan and identifies an IT to achieve business goals, has indicators such as table 1: Tabel 2.1. LEVEL CONTROL OBJECTIVE PO[4] Indicator Describe PO1 Determine a strategic information technology plan. PO2 Define the information architecture PO3 Specify technology direction PO4 Define IT organization and relationships PO5 Manage investment in information technology PO6 Communicate management objectives and direction PO7 Manage human resources. PO8 Manage Quality PO9 Assess Risk PO10 Manage the project. B. Acquire and Implement (AI) A process domain COBIT 4.1 defines to achieve an IT strategy, identify IT solutions or can implement them into a business, has indicators such as table 2: Tabel 2.2. LEVEL CONTROL OBJECTIVE AI Indicator Describe AI1 Identifies automatic solutions AI2 Acquire and maintain application software AI3 Acquire and maintain technology infrastructure AI4 Develop and maintain IT procedures AI5 Meets IT Data Sources AI6 Managing change AI7 Installing and accrediting systems and their changes C. Delivery and Support (DS) This domain includes the process of fulfilling IT services, system security, service continuity, training and education for users, and fulfilling ongoing data processes, having indicators such as table 3: Tabel 2.3. LEVEL CONTROL OBJECTIVE DS Indicator Describe DS1 defines and manages service levels DS2 manages third party services DS3 manages performance and capacity DS4 ensures continuous service DS5 ensures system safety DS6 identifies and allocates costs DS7 educates and trains users DS8 manages service and incidents DS9 manages configuration DS10 manages problems DS11 manages data DS12 manages Facilities DS13 manages operations Analysis Risk Management Application e-Raport Using COBIT 4.1 SISFORMA: Journal of Information Systems (e-Journal) Vol. 9 | No. 1 |Th. 2022 34 ISSN 2442-7888 (online) DOI 10.24167/sisforma.v8i2.4038 D. Monitor and Evaluation This domain focuses on the problem of controls whose application can occur within the organization, internal and external audits and independent assurance of the inspection process carried out. have indicators such as table 4: Tabel 2.4. LEVEL CONTROL OBJECTIVE ME Indicator Describe ME1 supervises and evaluates IT performance ME2 supervises and evaluates internal controls ME3 ensures fulfillment of external needs ME4 provides IT governance The level and model of maturity in COBIT 4.1 are as follows: Table 2.5. TINGKAT KEMATANGAN COBIT 4.1 Nilai Level Describe 0- 0,50 0Non existent the condition of the company has not realized the need for information technology and has not acknowledged that there are even problems in the company's services. 0,51- 1,50 1 Initial/Ad hoc The condition if the company has recognized that information technology is needed and there is even evidence. 1,51- 2,50 2 Repeatable and intuitive A condition where there is responsibility and the person in charge of information technology but the process still depends on the knowledge of certain parties. 2,51- 3,50 3 Defined Conditions where company policies or procedures regarding Information Technology have been defined by company management and even IT testing and training 3,51- 4,50 4 Manage and Measureable Conditions where Information Technology has been measured and monitored by management. 4,51- 5,00 5 Optimized Conditions where the application of information technology is a shared responsibility of business management and IT. III. RESULTS AND DISCUSSION Research activities carried out in data analysis are respondent categorization which aims to determine the reliability and validity of the analyzed questionnaire results[5]. A. RESULT 1. Validity Test The results of the discussion at the validity test stage of the questionnaire data are poured into the validity formula and the results of the validity test obtained from level 0 to level 5 show a value of 0.822 so that r count is greater than r table then the data is valid[6]. picture 3.1 Validity Test Level 5 2. Reability Test The reliability test results obtained from level 0 to level 5 show the value of Cronbach's alpha, as shown in the table[6] : Tabel 3.1. RELIABILITY STATISTICS Cronbach’s Alpha N of Items 0.882 3 0.927 4 0.586 2 0.747 4 0.828 3 0.917 4 3. Maturity Test The results of the risk management maturity test at SMK N 1 Balige using COBIT 4.1 are shown in the table below[7] : Tabel 3.2. MATURITY LEVEL 0 No. Statement 0 0.33 0.66 1 1 Risk assessment in the use of the e-Raport Application. 3 6 2 7 10.3 2 Risk assessment 2 6 2 8 11.3 Analysis Risk Management Application e-Raport Using COBIT 4.1 SISFORMA: Journal of Information Systems (e-Journal) Vol. 9 | No. 1 |Th. 2022 35 ISSN 2442-7888 (online) DOI 10.24167/sisforma.v8i2.4038 No. Statement 0 0.33 0.66 1 solutions in the use of the e-Raport Application. 3 Security issues in using the e- Raport Application. 1 3 3 11 13.97 Total 35.57 Compliance 11.85 Tabel 3.3. MATURITY LEVEL 1 No. Statement 0 0.33 0.66 1 1 Meeting regarding the risk assessment of the use of the e-Raport Application. 3 3 5 7 11.29 2 Risk considerations in using the e- Raport application. 0 4 7 7 12.94 3 Risk assessment of the use of the e-Raport Application. 1 6 5 6 11.28 4 Admin manager performs specific risk assessment. 0 4 3 11 4.3 Total 39.81 Compliance 9.95 Tabel 3.4. MATURITY LEVEL 2 No. Statement 0 0.33 0.66 1 1 Efforts to reduce risk in the use of the e-Raport Application. 1 2 4 11 14.3 2 Risk assessment of serious problems in using the e- Raport Application. 1 4 5 8 12.62 Total 26.92 Compliance 13.46 Tabel 3.5. MATURITY LEVEL 3 No. Statement 0 0.33 0.66 1 1 Training on risk management in the use of the e-Raport Application. 3 2 5 8 11.96 2 Understanding of risk management. 1 2 8 7 12.94 3 Risk assessment of errors in the use of e- Report. 1 3 7 7 12.61 4 Attention to risks in the e- Raport Application. 1 4 9 4 11.26 Total 48.77 Compliance 12.19 Tabel 3.6. MATURITY LEVEL 4 No. Statement 0 0.33 0.66 1 1 Risk management policy. 0 5 5 8 12.95 2 Operational risk budget in the use of the e-Raport Application. 4 2 6 6 10.62 3 Risk responsibility in using the e-Raport Application. 0 2 5 11 14.96 Total 38.53 Compliance 12.84 Tabel 3.7. MATURITY LEVEL 5 No. Statement 0 0.33 0.66 1 1 Management related to risk monitoring. 0 4 5 9 13.62 2 Management development in the use of e-Raport Applications. 0 2 9 7 13.6 3 Risk acceptance. 0 4 7 7 12.96 4 Risk assessment is important in 0 2 7 9 14.28 Analysis Risk Management Application e-Raport Using COBIT 4.1 SISFORMA: Journal of Information Systems (e-Journal) Vol. 9 | No. 1 |Th. 2022 36 ISSN 2442-7888 (online) DOI 10.24167/sisforma.v8i2.4038 No. Statement 0 0.33 0.66 1 school development. Total 54.46 Compliance 13.61 Tabel 3.8. MATURITY LEVEL OF ASSESS RISK B. DISCUSSION The literature review in this study uses quantitative study analysis that helps the analysis process through a statistical data management approach. The application of quantitative studies needs to consider policies in risk management to ensure the quality of these policies is maintained. Based on the questionnaires that have been distributed thoroughly, the reliability test results show that the questionnaire analysis has a consistent quality by utilizing qualitative methods into questionnaires as an accurate measuring tool[8] . This study discusses the results of the maturity level or Maturity Level at SMK N 1 Balige, where data were obtained through observations, interviews and questionnaires. In the questionnaire given to the admin of the school operator and the user teacher, a feasibility standard based on COBIT 4.1 was used[9] . This research is focused on looking at the management process, internal control management and whether the regulations that have been made are running or not. All processes that support the process require monitoring and evaluation in order to maintain the quality of an agency. The main principle of developing information systems is service, by implementing services using applications that have a major impact on company application development. The description of the occurrence of errors in the use of applications is very high related to IT risks. The application of methods in risk management can determine the position of aspects that are continuously in line with the IT system through the COBIT 4.1 framework. The COBIT method provides a significant overview of the organization using this model. The research process carried out by researchers uses the COBIT method to examine and analyze IT, as well as company risks towards good governance[10] . IV. CONCLUSION From the research results, it can be concluded as follows: Based on the analysis process of risk management management at SMK N 1 Balige has a maturity level at level 3 which means the value is in the position define process. The process of achieving its goals in a much more organized manner using organizational assets and is well defined. Suggestions from research related to the same research are that it is necessary to define the recommended actions to be carried out on each process attribute that is directed at the stages of achieving the expected maturity process. For this reason, management must monitor and measure the appropriateness of the procedure and take action if the process cannot be carried out effectively. REFERENCES [1] S. Handoyo, B. S. WA, and E. T. Luthfi, “Evaluasi Implementasi Sistem Informasi Paket Aplikasi Sekolah Menggunakan Framework Cobit,” J. Inf. …, vol. 4, 2018. [2] F. Fenny and J. F. Andry, “Audit Sistem Informasi Menggunakan Framework Cobit 4.1 Pada Pt. Aneka Solusi Teknologi,” Pros. Semnastek, vol. Vol. 3, No, no. 0, pp. 1–2, 2017, [Online]. Available: https://jurnal.umj.ac.id/index.php/semn astek/article/view/2001. P09 Maturity Level Calculation (Level 0-5) Level Compliance Normalize Contribution 0 11.85 0.1603 0 1 9.95 0.1346 0.1346 2 13.46 0.1821 0.3642 3 12.19 0.1649 0.4947 4 12.84 0.1737 0.6948 5 13.61 0.1841 0.9205 73,9 ML 2.6088 Analysis Risk Management Application e-Raport Using COBIT 4.1 SISFORMA: Journal of Information Systems (e-Journal) Vol. 9 | No. 1 |Th. 2022 37 ISSN 2442-7888 (online) DOI 10.24167/sisforma.v8i2.4038 [3] D. Rustiana, M. Faisal, and L. Iamayanti, “Prototype Analisa Sistem Informasi Penilaian E-Raport Menggunakan Swot,” ICIT J., vol. 5, no. 1, pp. 21–29, 2019, doi: 10.33050/icit.v5i1.99. [4] M. P. Setia Wardani, “Audit Tata Kelola Teknologi Informasi Bagian,” Audit Tata Kelola Teknol. Inf. Menggunakan Framew. COBIT dengan Model Matur. Lev., vol. IV, no. 02, pp. 1–10, 2010. [5] A. Arumana, A. F. Rochim, and I. P. Windasari, “Analisis Tata Kelola Teknologi Informasi Menggunakan Kerangka Kerja COBIT 4.1 pada Fakultas Teknik Undip,” J. Teknol. dan Sist. Komput., vol. 2, no. 2, pp. 162– 169, 2014, doi: 10.14710/jtsiskom.2.2.2014.162-169. [6] R. Setyadi and H. N. Prabowo, “Risk Management Analysis of Bus Transportation Application Using Cobit 4.1,” JURTEKSI (Jurnal Teknol. dan Sist. Informasi), vol. 7, no. 2, pp. 203–212, 2021, doi: 10.33330/jurteksi.v7i2.1046. [7] T. Kristiana and M. Informatika, “Analisis Tata Kelola Teknologi Informasi Menggunakan,” vol. XIII, no. 2, pp. 157–164, 2016. [8] B. Supradono, “Tingkat Kematangan Tata Kelola Teknologi Informasi (IT Governance) pada Layanan dan Dukungan Teknologi Informasi (Kasus: Perguruan Tinggi Swasta di Kota Semarang),” Semin. Nas. Teknol. Inf. Komun. Terap. 2011 (Semantik 2011), vol. 2011, no. Semantik, pp. 0– 6, 2011, [Online]. Available: https://publikasi.dinus.ac.id/index.php/ semantik/article/view/101. [9] E. J. Simbolon, H. P. Chernovita, and M. N. N. Sitokdana, “Analisis Tata Kelola Aplikasi Presensi Karyawan (COBIT 4.1 Domain Monitoring and Evaluate),” JATISI (Jurnal Tek. Inform. dan Sist. Informasi), vol. 8, no. 2, pp. 896–907, 2021, doi: 10.35957/jatisi.v8i2.902. [10] J. F. Andry, Y. M. Geasela, A. Wailan, B. A. Matjik, A. Kurniawan, and J. Junior, “Penggunaan COBIT 4.1 Dengan Domain ME Pada Sistem Informasi Absensi (Studi Kasus: Universitas XYZ),” Inform. Mulawarman J. Ilm. Ilmu Komput., vol. 13, no. 2, p. 97, 2019, doi: 10.30872/jim.v13i2.1152.