How to cite:
Piyan, Sfenrianto (2024) IT Evaluation Based on Cobit 5 Framework at XYZ Embassy, (06) 05,
https://doi.org/10.36418/syntax-idea.v3i6.1227
E-ISSN:
2684-883X
Published by:
Ridwan Institute
IT EVALUATION BASED ON COBIT 5 FRAMEWORK AT XYZ EMBASSY
Piyan, Sfenrianto
Bina Nusantara University, Indonesia
Abstract
An embassy is a government organization located abroad and is tasked with carrying out
diplomacy towards the accredited country where the embassy is domiciled. The XYZ Embassy
is located on the African continent and has an organizational structure consisting of the
Ambassador and several diplomats and local staff. As is the general condition of XYZ country
in all countries, the XYZ Embassy is also experiencing problems especially related to ICT,
such as the XYZ Embassy's IT infrastructure is inadequate, the quality of electronic goods is
not good, limited ICT resources, poor energy resources, information systems that are not yet
integrated and limited ICT procurement and maintenance budgets. The aim of this research is
to evaluate ICT governance at the XYZ Embassy using the COBIT 5 framework so that a
capability level assessment can be carried out and a Gap Analysis can be obtained and
provide recommendations for improving ICT governance at the XYZ Embassy. Some of the
benefits of conducting research include assessing the condition of needs in ICT management
at the XYZ Embassy, helping to measure the capability level of ICT management, and
recommendations in efforts to maximize and optimize the use of ICT using COBIT 5.
Keywords: ICT Governance, COBIT 5, Government, Embassies
INTRODUCTION
XYZ Embassy located on the African continent. Its organizational structure includes
Ambassadors, Political Functions, Economic Functions, Social Security Officers, Indonesian
Citizens-BHI Protection Officers, Consular Function Executors, Acceleration Administrators
and Diplomatic Information Institutions. The XYZ Embassy is a working unit under the
Ministry of Foreign Affairs. Problems regarding IT, especially the IT division faced by the
XYZ Embassy related to ICT governance, include: (1) the IT infrastructure of the XYZ
Embassy is inadequate and the quality of electronic equipment is not good due to the
difficulty of finding good device components at affordable prices (2) facilities and
infrastructure are also poorly managed due to the human resources working at the XYZ
Embassy are not many with educational backgrounds IT, currently the IT department is only
held by 1 (one) Diplomacy Information Agency / PID and 1 (one) local communication staff,
(3) energy resources in the local country are generally very poor. In a day, it is estimated that
power outages occur around 5-10 times so that it affects the age of the electronic device itself
and causes high maintenance costs, (4) the lack of integration of all information and data
JOURNAL SYNTAX IDEA
pISSN: 2723-4339 e-ISSN: 2548-1398
Vol. 6, No. 05, Mei 2024
Piyan, Sfenrianto
2096 Syntax Idea, Vol. 6, No. 05, Mei 2024
systems, the availability of data needed comprehensively for all types of data is owned by all
Function Implementers(PF) at the XYZ Embassy and (5) the budget determined by the
Central Government to the XYZ Embassy, especially the budget for the procurement of data
processing and communication equipment is considered very minimal. The relationship
between organizations and IT governance can be measured by ICT evaluation using the
COBIT 5 framework. Evaluation can also be interpreted as the process of giving value to the
impact of a program, object or a series of processes with a predetermined set and
requirements (Fajarwati, Sarmini, & Septiana, 2018). IT evaluation and audit aims to evaluate
and ensure that the IT processes that have been carried out in the organization are based on
the standard operating procedures implemented that are used to maintain and monitor those
processes (Andry, 2016; Sarno, 2009). COBIT 5 very complete, provides a basis for
effectively integrating frameworks, standards, and other practices that have been used, where
the standards reach all scopes of the company/agency (Damayanti & Manuputty, 2019). IT
governance is the responsibility of executive management or directors, and is part of
enterprise governance. Governance is a collection of interrelated and structured processes to
direct and control the organization in achieving goals (Prawira & Darmizal, 2016; Purwanto,
Sumbaryadi, & Sarmadi, 2018). IT governance focuses on two things, namely how IT efforts
provide added value to the business and risk management when they have been implemented.
COBIT 5 can be the right IT evaluation method to find out whether XYZ Embassy has carried
out good IT management and also COBIT 5 is able to help improve IT governance according
to standards and policies in carrying out business processes that are effective (Siregar &
Rustamaji, 2017). COBIT 5 is an overarching framework that can assist organizations in
achieving their goals for organizational IT governance and management. Another
understanding related to COBIT 5 is one of the frameworks in the form of best practices
guidance products that present activities in a managed and logical IT organizational structure,
compiled by experts in the field of IT governance, and more focused on performance
evaluation control (Wulandari, Dewi, Pohan, Sensuse, & Mishbah, 2019). The use of IT in
government agencies, especially in the field of cases, is not only used by employees who
work in the IT department, but is a must for employees who work in all parts such as
administration, finance, criminal, civil and others related to IT (Belegur, Rudianto, &
Sitokdana, 2018). COBIT 5 helps companies create optimal value from IT by maintaining a
balance between gaining profits and optimizing the level of risk and resource use (Hanif,
Giatman, & Hadi, 2020; Ismail & Winarno, 2017) Research using COBIT 5 was conducted to
audit IT governance in the domains EDM04, DSS01, APO07 and APO01 (Adriani,
Mahardika, & Aryani, 2018). In addition, COBIT 5 is also used for evaluation of IT
governance by measuring the level of maturity of Information Systems / IT designs in four
domains, namely APO, EDM, BAI and DSS (Putra, Hakim, Pramono, & Tolle, 2017).
Judul Artikel
Syntax Idea, Vol. 6, No. 05, Mei 2024 2097
Source: COBIT 5 Governance and Management Key Areas (ISACA 2012)
(Pasquini & Galiè, 2013)
METHODS
The research was used using qualitative and quantitative descriptive approaches. The
object of research is the XYZ Embassy located in an African country. The goal is to find out
the actual situation in accordance with the problem formulation and identify the problems in
the XYZ Embassy. The data analysis method used in this writing is using a qualitative
approach. Data collection to measure the capability model was carried out by making
questionnaires and disseminated to all respondents containing questions used to measure the
achievement of the attribute process at Level 1 based on the Process Capability Assessment
Model (PAM) at COBIT 5 (Murad et al., 2018).
RESULTS AND DISCUSSION
Researchers conduct planning by determining respondents who will be involved in the
evaluation process using sampling techniques, which are methods used to select a portion of
the larger population with the aim of collecting data or information that represents the entire
population. The criteria that will be used in this study are where each Key Management
Practice in the selected COBIT 5 process has a RACI chart that is responsible for the
activities in it.
Table 1 process has a RACI chart
RACI chart
Organizational Structure
APO01 (administer IT management
framework)
Diplomatic Information Agency
APO06 (manage budgets and costs)
Diplomatic Information Agency
APO12 (manage risk)
Head Accelerator
APO13 (manage security)
Diplomatic Information Agency
BAI04 (manage capacity and
inventory)
Accelerator
EDM02 (ensure delivery benefits)
Diplomatic Information Agency
Piyan, Sfenrianto
2098 Syntax Idea, Vol. 6, No. 05, Mei 2024
Data Collection Results in the APO Process
Table 2. Process Data Results for APO01, APO06, APO12, and APO13
Key Management
Practice
Output
APO01 (Define the
management framework
for IT)
The realization of effective policies in managing information
and the use of information technology.
The realization of adequate infrastructure.
Creating awareness of roles and responsibilities in maintaining
good electronic equipment (skilled human resources).
APO06 (Manage budget
and cost)
Transparent and fair financial management, which is related to
IT both in terms of business and IT (effectiveness and
efficiency of organizational cost allocation).
APO12 (Manage risk)
The creation of a risk management strategy for human
resources and energy resources at the XYZ Embassy.
APO13 (Manage
security)
Creation of a system security management strategy related to
data and IT at XYZ Embassy
Data Collection Results in the BAI04 Process
Table 3. BAI04 Process Data Results
Output
The creation of infrastructure that is in accordance with the needs of
the organization, especially in the field of energy resources, as well
as the quality of equipment that supports the operational
performance of the embassy.
Data Collection Results in the EDM02 Process
Table 4. EDM02 Process Data Results
Key Management
Practice
Output
EDM02 (ensure value
optimisation)
Creation of optimal IT-supported services.
The creation of support for the budget towards the procurement
of data processing and communication equipment.
Researchers obtained the results of questionnaire calculations using the Likert scale
and received an evaluation of the capability level assessment. Researchers validate