Utilization of the COBIT 2019 framework to identify the level of governance in internet services

— Information and communication technology services at the University of Muhammadiyah Bengkulu are IT services that support IT needs in all sectors. Of all the IT services that have been implemented at this institution, there is one very crucial service, namely the internet connection service. In managing this internet connection, a standardized feasibility calculation has not been carried out, which results in it not being by the institutional business needs. IT governance manages information technology-related investment decisions within an organization to meet current and future business needs. To achieve standardized governance, this research uses the COBIT 2019 framework, which is the latest version of the development results from COBIT 5. The purpose of this study is to identify the extent to which the value of existing processes for internet connection services is currently and the value of the process achievement that refers to the standard. COBIT 2019 by calculating the maturity level value, which represents the level of performance on internet connection services. From the results of the 2019 COBIT Design, LTIK University of Muhammadiyah Bengkulu, it is known that those who score above 80 or must reach capability level 4 are APO13, BAI10, DSS02, DSS03, and DSS04. For a value of 100, there is APO12.


I. INTRODUCTION
This Information technology at this time has become a necessity for every company. With the development of information technology, more and more companies need an internet connection that suits the company's business needs. Information and communication technology services at the University of Muhammadiyah Bengkulu are IT services that support IT needs in all sectors. Of all the IT services that have been implemented at this institution, there is one very crucial service, namely the internet connection service, where this internet connection service is needed by all existing information technology access. In managing this internet connection, a standardized feasibility calculation has not been carried out, which results in it not being in accordance with the institutional business needs.
Another problem is that more and more users are connected to the internet, the more complex the network will be and will cause new problems such as network topology that is not in accordance with standards. Therefore, it is necessary to evaluate by measuring the performance of internet connection services at the Information and Communication Technology Institute (LTIK) at the University of Muhammadiyah Bengkulu.
Information technology governance is a process that is able to manage investment decisions related to Information Technology within the company in order to achieve the goals of the company's current or future needs [1]. To achieve standardized governance in this research, the Control Objectives for Information and related technology (COBIT) 2019 framework is used, which is the latest version of the development of COBIT 5 [2] [3]. With various previous studies, it is known that COBIT is a framework that has a wide range of problems coupled with the latest version of COBIT 2019, providing flexibility in its use [4].
COBIT is an IT framework issued by ISACA that can help companies to carry out optimal IT Jurnal Infotel, Vol. 14  assessments that achieve a balance between expected benefits and optimize the value of the level of risk and use of resources [5] [6] [7]. COBIT is a collection of Best Practices documents for IT Governance to assist auditors, users, and management [8] [9]. COBIT serves to bridge the gap between business risks, control needs, and problems that occur in IT technical [10]. The purpose of this study is to identify the extent to which the value of the existing process achievements in the current internet connection service and the value of the process achievement that refers to the COBIT 2019 standard by calculating the maturity level value, which represents the level of performance on internet connection services.
A previous study using COBIT 2019 addressed the governance design of PT Telekomunikasi Indonesia Regional VI Kalimantan by creating a design containing a total of 14 processes important to the company [11]. The next survey aims to examine the performance of SIPERUMKIM information technology using COBIT 2019. The findings of this survey came in the form of a corporate IT governance design and identified key process recommendations for the Salatiga Municipal Housing and Resettlement District Office. Recommendations for five key processes include APO12, DSS02, and DSS03 [12].

II. RESEARCH METHOD
The research method guide that will be used is a descriptive-analytic method which aims to describe the phenomenon of a situation that is currently running, then analyze it using a quantitative approach. This study uses the COBIT 2019 standard procedure as an analytical tool by using a table of respondent lists, maturity values formulas, and scoring techniques to obtain the maturity level.

A. Research Flow
The flow of this research uses the governance design framework written in the COBIT 2019 guidebook [13].
The description of the flow of this research is as shown in Fig. 1. From Fig. 1, the initial stage carried out in this research is research planning, such as problem identification, then observations are made at LTIK of the University of Muhammadiyah Bengkulu. The study is designed to gather data that will be necessary for its completion. Next is a case study regarding the methods and steps that will be used for the level identification process. The method that will be applied is the design factor in the COBIT 2019 framework, and this method is done by analyzing each of the COBIT 2019 design factors [14]. The next stage is to determine the selected domain in the COBIT 2019 framework according to the scope of needs. This stage is the most important stage of all COBIT 2019processes [15] [16].
To determine the activity starting with the selected domain, questions will be made in a questionnaire that is given to correspondents. The activities in the COBIT 2019 framework are used as a source of inspiration for activities in the selected domain. The activities of each domain may differ depending on the COBIT 2019 framework. After determining the next selected domain, which is to determine who the respondents are the subjects in this study. In asking questions about the domain activity that has been determined to be carried out on the list of respondents used, the core of this process is to get the results of the activity. The last stage of the planning stage of this research is to determine the target level of capability that will be used as a reference in carrying out the level identification process. Capability level results are generated from the results of domain mapping to determine the level of achievement that must be obtained.

B. Data Collection
Data collection was used to obtain the data needed in the preparation of this study, while the data collection methods used were.
Jurnal Infotel, Vol. 14, No. 3, August 2022 https://doi.org/10.20895/infotel.v14i3.791 Utilization of the COBIT 2019 framework to identify the level of governance in internet services Conducting literature studies related to research whose sources come from books, journals, articles, and the internet. The discussions were taken about theories and governance works using the COBIT 2019 framework. Interviews were conducted with the leaders of the information and communication technology institutions of University of Muhammadiyah Bengkulu directly regarding the current state of internet access management. This observation was carried out by researchers by reviewing documents related to internet access.
Providing questionnaires aimed at collecting data by providing a set of questions related to the condition of internet access to be measured.

C. Data Analysis
At this stage is to analyze the data that has been obtained and manage the final results, which will eventually be given to LTIK of the University of Muhammadiyah Bengkulu, that the process of identifying the level of internet service management has been carried out. The data and result analysis phase includes the calculation of the capability level and gap analysis. In calculating the capability level, it is used to measure the condition of internet services against internet conditions. Meanwhile, the gap analysis is the difference between the results obtained and the results desired by LTIK at the University of Muhammadiyah Bengkulu.

III. RESULT
The result of the execution is in the form of a governance design form generated at COBIT 2019 using the Design Toolkit to fill in the design factors. The first design factor is to identify the business strategy implemented by LTIK University of Muhammadiyah Bengkulu from the four strategies provided in the COBIT 2019 design toolkit. Fig. 2 shows the results of the first design mapping, namely the unit strategy, which obtained the selected strategy in accordance with the strategic priorities of LTIK University of Muhammadiyah Bengkulu. The fourth unit strategy is service, in accordance with the University of Muhammadiyah Bengkulu's LTIK mission to implement and improve the quality of internet services and their use. Based on this mission, LTIK of the University of Muhammadiyah Bengkulu must provide internet media services that can be accessed by users of employees, lecturers, and students of the University of Muhammadiyah Bengkulu in a uniform and stable manner. Make fast and stable internet service well distributed.
The second design factor is unit goals, which support the business strategy identified in the previous phase. The results of the second design factor study are shown in Fig. 3. It shows the results of the second design factor, namely the purpose of the unit. Three selected  The purpose of LTIK University of Muhammadiyah Bengkulu EG05 regarding Customer-oriented service culture is internet service-oriented. The LTIK of the University of Muhammadiyah Bengkulu is building a media service for the internet in collaboration with a bandwidth provider company for internet access. Where the participation of employees, lecturers, and students in assessing the process as users of internet services. In realizing a good assessment and better fluency, one of the things that need to be done is to involve employees, lecturers, and students in assessing the smoothness of the internet so that every decision taken by LTIK can facilitate work processes related to internet media.  continuity and availability. The construction of an internet media service by LTIK University of Muhammadiyah Bengkulu in supporting and facilitating internet access in the campus environment where the internet access service runs as its function to facilitate employees, lecturers, and students in accessing internet services.
The EG10 value is staff skills, motivation, and productivity, whereas for the skill development section, especially in the internet service section and staff motivation and productivity, training is carried out periodically as an increase in knowledge of the latest technological changes that will always develop.
The third design factor is the risk profile, which identifies the risk profile of LTIK University of Muhammadiyah Bengkulu. The results of the identification of the third design factor are shown in Fig. 4. Fig. 4 shows the results for the third design factor, the risk profile, with three selected risks having very high risks. The first risk is problems with using or using the software. The use of the software is very risky as there is still a lack of IT resources on the University of Muhammadiyah Bengkulu campus. The second risk is software bugs because the equipment used does not meet campus-level usage standards. The next category is logical attack, as it will have a significant impact on the LTIK of University of Muhammadiyah Bengkulu. For example, the network system will be hacked.
The fourth design factor is IT-related issues, i.e., identifying the issues that LTIK of University of Muhammadiyah Bengkulu will face in terms of information technology. The results of identifying the four design factors are shown in Fig. 5. Fig. 5 shows the results of the fourth design factor, namely problems related to IT, and there are three assessments, namely a value of 1 for no problems, 2 for problems, and 3 for serious problems. From the results of this design factor mapping, there are three very serious problems related to IT at LTIK University of Muhammadiyah Bengkulu. One of the challenges with IT projects is that they can frequently fall short of the goals set for them by business stakeholders, often arriving later or costing more than anticipated. The current internet service is using an external third party because of bandwidth limitations and the features and configuration of the current platform. In addition, it is expensive to pay internet bills.
The next problem is the excessively high cost of IT where for this problem it is because, in order for internet services to run well and last a long time, it is necessary to buy tools to support internet services which are relatively expensive because to get equipment that meets international standards requires high funds.
The next problem is the gap between business and technical knowledge, which leads to business users and information and/or technology specialists speaking different languages. Where in this case, there is often  a communication error between business users and IT specialists due to a lack of knowledge of the IT world in the scope of business users. And the way of delivery from IT specialists is too technical.
The fifth design factor is the threat landscape, namely identifying IT threats in LTIK university of Muhammadiyah Bengkulu. The results of the identification of the fifth design factor can be seen in Fig. 6. Fig. 6 shows the results of the fifth design factor, namely in the threat landscape. LTIK University of Muhammadiyah Bengkulu has a high threat to IT, which is 75%, due to frequent miscommunication between business holders and IT specialists. Attacks such as hacking on the campus internet network are also largely due to the absence of human resources, especially in the field of cyber security, which is still considered very minimal. The sixth design factor stage is the stage to identify the needs and demands for compliance that must be met by LTIK University of Muhammadiyah Bengkulu.
In the assessment related to the sixth design factor, it  was obtained by interviewing one of the network service staff to obtain information on problems related to the classification of the subject of needs and demands for company compliance in operating as shown in Fig. 7.
The seventh design factor is the role of IT, and this domain is carried out to adjust the role of IT in LTIK University of Muhammadiyah Bengkulu with the role of IT in the COBIT 2019 domain process. The results of the identification of the sixth design factor are in Fig. 8.   The ninth design factor is the IT Implementation Methodology, which was implemented in order to align the method implementation model of LTIK University of Muhammadiyah Bengkulu with the method implementation in the COBIT 2019 domain process. The results of determining the ninth design factor are shown in Fig. 10.  The tenth design factor is the technology adoption strategy, which is adopting technology in the unit strategy to be identified. The results of the tenth design factor identification are shown in Fig. 11. Utilization of the COBIT 2019 framework to identify the level of governance in internet services Fig. 11. Importance of technology adoption strategy. Fig. 11 shows the results for the ninth design factor for the COBIT 2019 domain process. The first mover percentage is 50%, as LTIK University of Muhammadiyah Bengkulu Technology is not the first to implement the system. LTIK prefer to wait for other organizations or companies to adopt new technology before implementing it themselves. LTIK is also a slow adopter or an employee who does not try new things quickly because not all LTIK employees are able to adapt instantly to technological changes. From all the design factors resulting in COBIT 2019, all the generated domains are combined into a governance design, as shown in Fig. 12.

IV. DISCUSSION
This research conducted through COBIT attempts to examine and analyze IT and business risks for a good organization. The information is also analyzed in terms of business and future research scope. From the COBIT 2019 design at LTIK University of Muhammadiyah Bengkulu, the resulting governance design is a process with a recommended level of competence. The COBIT 2019 explains that an expected competency level of 80 or more requires a competency level of 4. If a competency score is 50 or more, a level 3 competency is required. If the score is greater than or equal to 25, level 2 competence is required, and if the full score is below 25, the process must reach level 1 competence [4].
From the results of the COBIT 2019 design, LTIK University of Muhammadiyah Bengkulu, it is known that those who score above 80 or must reach capability level 4 are APO13, BAI10, DSS02, DSS03, and DSS04. The value 100 is APO12.

V. CONCLUSION
According to the calculations that have been done, it can be concluded that the level of introduction to governance can be carried out in stages, starting with the research planning stage, namely: Identifying problems to target the level of ability. Continue to the next step Data collection comes from a document review questionnaire. The last is the data analysis stage from the calculation of the ability level. With the results of the 2019 COBIT Design University of Muhammadiyah Bengkulu, it is known that those who get a score above 80 or must reach capability level 4 are APO13, BAI10, DSS02 , DSS03, and DSS04. The value 100 is APO12. With the results that have been obtained from the calculation of each subdomain, it produces six sub-domains that are at level four, two sub domains are at level 3, four sub domains are at level 2, and eleven sub domains are at level 1.