Information of Technology Service Governance Capability Level Audit on Khairun Ternate University (Case Study, System Information of Kubermas)

The Information system KUBERMAS (SIMAS) in an organization or information management plays an important role as an asset for the company, because it is very necessary for good and structured management of the information system. The purpose of this study was to see the results of the level of information technology capability at the LPPM Khairun Ternate University using the COBIT 5 framework in order to help universities in IT strategy and IT services. The results of the SIMAS audit at the capability level using the COBIT 5 framework were found at an average level of 2 managed processes. The result ability level or SIMAS ability level at LPPM Khairun University in the whole process of the MEA01 and BAI01 domain is at level 2 which is managed with a value process of 2.21 at this level the process has been implemented and managed appropriately and maintained. Management that has been set is controlled and executed.


Introduction
The role of information technology is to add value in a company or education service sector. [1] The Institute for Research and Community Service (LPPM) is one of the education services sectors at Khairun University which acts as science and technologyBthrough research programmes. One of information system owned by LPPM as a information management especially in the Lecture section. The KUBERMAS information system (SIMAS) in an organization or information management plays an important role as an asset for the company, Therefore, it is necessary to have a good and structured management of the information system.
The Institute for Research and Community Service (LPPM) is one of the educational service sectors at Khairun University which acts as a driving force for all components in the system to develop science and technology through research programs so that it can grow and develop sustainably, so LPPM must be able to actualize its active role as an education and training center to improve the quality of human resources. COBIT 5 is ISACA's latest generation guide that addresses IT management governance. COBIT is built on the experience of using COBIT for more than 15 years by many companies and users in business * Corresponding author : satriapauwah@gmail.com environments, IT communities, insurance and security risks [4], audits in general to determine the reliability and integrity of financial information; compliance with policies, plans, procedures, laws and regulations, and safeguarding assets. Thus, the audit objective requires the accountant to provide an opinion regarding the feasibility of financial reporting in accordance with auditing standards The management of the KUBERMAS information system (SIMAS) at Khairun University has been carried out, but it has not been managed properly, especially through structured approaches and methods, so it is difficult to measure how big the role of the KUBERMAS information system is. a very important support in a university.
Technology audit has several control standards as a tool to ensure that electronic data processed is correct and standards are used. for this study using the COBIT 5 framework [2]. The COBIT5 framework is a comprehensive standard that helps companies achieve their goals and generate value through effective information technology governance and management [3].
In COBIT 5 there are five domains used in conducting audits. One of the domains used in this research is the MEA01 and BAI01 domains which are the process of assessing the company's needs and the current system still meets or not. While the BAI01 domain is a process of identifying IT solutions that need to be developed, implemented and integrated into business processes.

Reseach Flow
The research flow is the beginning of the planning stage of the information technology audit that will be made. This design scheme is made based on the flow of work steps. The following is the flow of the research steps made which can be seen in Figure 1.

Data collections
There are several methods and techniques that can be used in the data collection process, such as Literature Studies, Observations, Interviews, and Questionnaires. If possible, all of these methods can be used, so that the data collected can be truly valid [5].

Identifications Mapping RACI
To obtain a sample from the existing RACI model (Responsibility, Accountability, Consult, and Informed) to determine the level of capability, the respondents from the study amounted to 10 people, including: Head of LPPM as CEO (Chief Executive Officer), Head of Administration and Processing data & information as CIO (Chief Information Officer), general administration as CFO (Chief Finance Officer), correspondence administration as Head of IT Operations, financial manager and financial administrator as HITA (Head IT Administration), and General Head of Sub-section as audit

Analys Method
At this stage of analysis, the researcher calculated the questionnaires that had been answered by the respondents, namely in accordance with the RACI table diagram for the MEA01 and BAI01 domains. Analysis (Guttman Scale and Capability Level) Includes a recapitulation of the answers of each respondent, a recapitulation of the results of the questionnaire calculations using the Guttman scale in each process, to the data interpretation stage that shows the current position of the university's capability level (Current Capability) and the current capability level. (expected level) to the maximum capability level (maximum level). The calculation of the questionnaire to be carried out in this study is as follows: 1. Making a questionnaire using the Guttman scale as a reference. 2. Each questionnaire criteria, namely 'yes' and 'no' will be converted to 1 and 0. 3. The results of the conversion will then be normalized by dividing the total value by the number of questions at each level, then after normalization, the average calculation is carried out by dividing the total value of answers by the number of respondents. 4. From the calculation results, the final results can be categorized according to the following rules listed in Table 1.

Validations (Guttman and Capability level)
This validation contains the results of respondents' answers that refer to the domain used. The domains used as references are MEA 01 and BAI 01, then those who have answered the questionnaire will be processed into an excel calculation table in which there is an excel calculation for each domain, which has a statement for each level symbolized by numbers 0-5 and each level has a number of statements which shows the number of statements symbolized by (P).

Recomndations
The purpose of this recommendation is to be able to obtain the current level of ability that exists at Khairun University and the level of ability expected by Khairun University in the future, namely the information system and these recommendations are expected to be able to provide maximum results in the management of SIMAS information technology at the University.

Result
The initial stage is to prepare an initial plan where the purpose and scope of this research is to audit SIMAS. Khairun University Ternate which is owned by the E3S Web of Conferences 328, 0 (2021) ICST 2021 Institute for Research and Student Service (LPPM) at the university. Then at the next stage, namely by making observations, then starting with interviewing the interviewees, they were asked the same basic questions, namely about SIMAS. After that, the researchers distributed questionnaires to find out the current level of capability, and also took documentation, and asked for some data that would later be used for review. References.
There is a next stage, namely the stage of finding problems and validation and developing solutions based on the results of these measurements will be identified based on COBIT 5 using the MEA01 and BAI01 domains which can provide suggestions and recommendations to LPPM. And at the last stage, namely the preparation of results and making reports where the researcher will summarize in the form of a report which consists of collecting data from interviews and questionnaire results, identifying RACI mapping, analysis using (Guttman Scale and Capability level), gap analysis (GAP) and recommendations on each process as well as conclusions and suggestions

Table 2. Questionnaire display in excel
The results of the analysis in table 2 above contain the results of the answers of respondents who have answered the questionnaire which are then processed into an excel calculation table. where in it there is an excel calculation for each domain, which has a statement for each level symbolized by the numbers 0-5 and each level has a number of statements that show the number of statements symbolized by P1-P6.

Capability level calculation results
At this stage the author will present the results of the Capability Level calculation for each MEA 01 (Monitoring, Evaluating, Assessing Performance and Adjustment) and BAI01 (Managing programs and projects) Domains sub-processes. Below is a table recapitulation of MEA01 and BAI01 domain capabilities. It can be seen in Tables 3 and 4 below. Associated with levels 0-5, where an explanation of level 0 indicates the failure of the business process or not achieving the desired goals. At this level too, there is little or almost no evidence to suggest that the objectives have been achieved, then at level 1, it covers matters related to management (planning, monitoring, proper evaluation process). The management that has been established is well controlled and maintained. Then at level 2, the existing business processes have been managed properly, so that the business processes being run are now more established. Then at level 3, the business processes that have been established are then operated with certain limitations to achieve the final results in accordance with the company's predictions. Then at level 4, the business processes that have been established are then operated with certain limits to achieve the final results in accordance with the company's predictions. Then at level 5, Predictions that have been executed, are continuously improved to meet the current business objectives and project objectives. The following table recapitulates the calculation results of the MEA01 and BAI01 domain capability values. Can be seen in Table 4.   Table 4 above explains that the value of the capability level (current capability) for each domain is obtained from the results of the recapitulation of each questionnaire which then from the results of the recapitulation are all summed using the formula in chapter 2 while for the results of the target level to be achieved (expected level) the researcher follows journal [2] where the determination of the target level is determined by the level being targeted from the average level obtained. Thus, for the MEA and BAI domains, the average level is now 2.21. This value is in the range of 1.51 -2.50 which is at level 2 where the rating of the criteria is based on the journal [6]  Based on table 5 the conditions under which there are IT responsibilities and persons in charge. However, the process still depends on the knowledge of certain individuals or parties, the management's authority is limited, so errors may occur, it can be concluded based on the journal [7] that the MEA01 and BAI01 domains being addressed from the capability level are level 3 with a value of 3.00, then level 3 is called the target level, as well as to get the expected value in the MEA01 and BAI01 domains to determine the target level, namely the level that is being addressed from the average level obtained. And for the maximum level (max level), which is the highest level that will be achieved from the capability level, which is level 5. After calculating the capability level of the 2 processes contained in the MEA01 and BAI01 domains, each has a process that has the current capability level which is at the 2-managed process level, which means the process has been executed or has been carried out. The capability level has been managed well, so that the processes being run are now getting better, while the average result of the total capability level is at the 2-Managed process level, namely the process has been run or done.

Domain analisys MEA01
In the recapitulation of the capability results in the process of monitoring, evaluating, assessing performance and adjusting the domain (MEA01) such as an explanation related to the process capability level achieved, the MEA01 domain is in process 2, namely managed process. and 2.8 where the process has been implemented and managed (planned, monitored and adapted) appropriately to the work product, controlled and maintained. It can be concluded based on the analysis above, that LPPM has implemented and implemented it based on the MEA01 domain, which has been implemented and managed (planned, monitored and adjusted) appropriately for its work products, controlled and maintained properly.

Domain Analisys BAI01
In the recapitulation of the capability results in the process of managing programs and domain projects (BAI01) as well as the explanation regarding the process capability level achieved, the BAI01 domain is in process 2, namely managed process, it can be seen an explanation of the process capability level attributes where the process has been implemented and managed. appropriately to the product of his work, is developed. related to the results of the work produced from the development process that is managed on the product, namely: 6. The existence of internal control in the evaluation of SIMAS information services regularly. 7. The existence of identification and evaluation of alternative actions in achieving the results expected by internal control. 8. 3. There is an optimization of the comparison of SIMAS's internal control with other universities. 9. 4. There is a system improvement planning process 10. 5. There is a planning process in managing the scope, resources, risks, costs, quality of time and communication. 11. It can be concluded based on the analysis above, that SIMAS development by LPPM has been carried out and implemented based on the BAI01 domain, which has been implemented and has managed programs and projects appropriately for its work products.

Gap Analisys
This gap analysis is carried out to find the difference in the capability level value, obtained with the target level (expected level) to be achieved in determining the target level, while for the results of the target level to be achieved (expected level) researchers follow the journal [2] where the determination of the target level is determined. with the level being targeted from the average level obtained. Thus, for the MEA and BAI domains that are used now, the average value level of 2.21 can be seen in Table 4.36, the value is in the range of 1.51-2.50 which means that it is at level 2 automatically the domain that is being addressed from level 1. capability is level 3 then this level 3 is called the target level (expected level). If the capability level and target level are known, then to get the level of the gap gap with the formula: X-Y where X is the value of the target level and Y is the value of the capability level that can be obtained. Then the level of the gap gap is 3.00 -2.21 = 0.79. The following will explain the gap analysis of each domain.

Analisis Gap MEA01
The result of the gap analysis in MEA01, which is 0.56, is obtained from the formula: X-Y where X is the value of the target level and Y is the value of the capability level that can be obtained. Then the level of the gap gap is 3.00 -2.44 = 0.56. While the level to be achieved (expected level) is at level 3. Where in determining the target level is determined by the value of the level being addressed from the level of the average value obtained. Thus, for the MEA01 domain that is used now, the average value level (current capability) is 2.44, the value is in the range 1.51-2.50 which means that it is at level 2 automatically MEA01 is being addressed from the capability level is level 3 with a value of 3.00 then level 3 is called the target level (expected level). Where the MEA01 process related to the activities of monitoring and evaluating the performance of SIMAS and monitoring has been going quite well. For the results of the analysis of the gap value of the MEA01 gap. The following are the results of the MEA01 GAP analysis in Table 6 below Table 6. GAP MEA0 . analysis results Where to go to level 3, what the university must do is to have an innovative SIMAS evaluation plan continuously so that existing IT can run well and be developed according to the results of the analysis of activities that have existed before and also maximize activities that are already running quite well.

Gap BAI01 Analysis
The result of the gap analysis on BAI01 is 1.03 obtained from the formula: X-Y where X is the value of the target level and Y is the value of the capability level that can be obtained. Then the level of the gap gap is 3.00 -1.97 = 1.03. While the level to be achieved (expected level) is at level 3. Where in determining the target level is determined by the value of the level being addressed from the level of the average value obtained. Thus, for the current BAI01 domain, the average value level (current capability) is 1.97, the value is in the range 1.51 -2.50, which means that it is at level 2 automatically. BAI01 is being targeted from the capability level is level 3. with a value of 3.00 then level 3 is called the target level (expected level). Where the BAI01 process is a process related to program development, namely how the program can be updated according to needs and from the results of the evaluation and implementation in order to get better results. For the results of the analysis of the gap value of the BAI01 gap. The following results of BAI01 analysis can be seen in Table 7 below. With the results of the gap obtained to get to level 3, what must be done is to make updates to the system by looking at the shortcomings of the performance and effectiveness of users on the system that has been running previously and also maximizing the system that is running quite well.

GAP analysis
The following are the results of the audit, namely the analysis of the gap in each domain, so that the capability level results are obtained for the entire process. It can be seen in Table 8 below.  Table 8 obtained the capability level of MEA01 and BAI01 COBIT 5 domain processes and it can be seen that the average capability level obtained is at Level 2, namely Managed Process. For more details can be seen in Figure 2 below.

MEA01 recommendation
The current capability value in the process of monitoring, evaluating and assessing performance and adjustment is 2.44. In meeting the achievement of goals for upgrading to level 3, it takes the role of the MEA01 domain in providing some understanding of awareness of the related LPPM to achieve the target level, so the following are some recommendations given to improve the quality of SIMAS at Khairun University based on the capability attribute model at level 3. 1. The need for understanding and awareness in carrying out regular maintenance of SIMAS equipment and infrastructure. 2. A monitoring system for SIMAS is required on a regular basis. 3. It is necessary to hold a monthly performance evaluation meeting from SIMAS which aims to determine the progress of SIMAS. Later at the meeting, it can be analyzed starting from additional needs and also deficienciesn.

Recomnetdation BAI01
The current ability score in managing programs and projects is 1.97. In meeting the achievement of goals for upgrading to level 3, the role of the BAI01 domain is needed in providing some description of the related LPPM to achieve the target level, so the following are some recommendations given to improve the quality of SIMAS at Khairun University based on the capability attribute model at level 3.
1. There is a need for an evaluation schedule with stakeholders as well as developers or SIMAS Developers on user needs. 2. The need to implement periodic system maintenance in order to get maximum results.

General Recommendations of the Overall Process
Previously, several recommendations were written based on each process in the MEA (Monitor, Evaluate and Assess) and BAI (build, acquire, implement) domains. The following are some additional recommendations in general based on the conditions of SIMAS Khairun University. The overall Capability Level obtained is Level 2 managed process, the target level to be achieved is 3 established process, so the recommendations compiled are as follows: 1. Tighten control and performance of SIMAS users, so that in the future SIMAS can function optimally and can be used for a long time. 2. Implementing the Maps feature in the selection of destinations or student placements at SIMAS in order to make it easier for students to find out the location of placement. 3. Blocking previously registered student accounts who have passed the KUBERMAS course, in order to keep away from things that can later be detrimental. 4. Improve and be consistent in controlling and evaluating more deeply against system deficiencies and then taking quick action in perform maintenance to minimize the problems obtained.

Conclusion
Based on the results of the capability level audit using the COBIT 5 framework conducted at SIMAS LPPM Khairun University: 1. Information technology managed by the university is used to support business activities carried out by the university, especially LPPM. Based on the use of the guttman scale method, capability level and maturity results, it was found that information technology managed by LPPM has weaknesses, shortcomings and is not optimal for COBIT 5 management practice. From the weaknesses and shortcomings and not optimal information technology managed by LPPM, the authors determine 2 management practices from the MEA and BAI domains to eliminate deficiencies and and evaluate the performance of information technology on a regular basis to ensure that information technology continues to run even though there are incidents that occur in LPPM's business processes. The recommendations given also provide direction for understanding and awareness in carrying out periodic maintenance of SIMAS and infrastructure. This recommendation also regulates the management of information technology at LPPM in reminding the need for monthly SIMAS performance evaluation meetings that aim to determine SIMAS progress.
Recommendations for managing programs and projects provide input for maintaining and developing the latest features, as well as blocking previously registered student accounts who have passed the KUBERMAS course in order to keep things away from things that can be detrimental. 3. To reduce the gap between the current capability level and the capability level to be achieved, the university must fulfill the managed process so that the current capability level is even better and the capability level that is at level 2 can be increased to level 3. In line with that, university in implementation is getting closer to the goal