Intelligent Information Management
Vol.6 No.1(2014), Article ID:42031,8 pages DOI:10.4236/iim.2014.61003

The Application for Measuring the Maturity Level of Information Technology Governance on Indonesian Government Agencies Using COBIT 4.1 Framework

Johan J. C. Tambotoh, Rudi Latuperissa

Department of Information System, Satya Wacana Christian University, Salatiga, Indonesia


Copyright © 2014 Johan J. C. Tambotoh, Rudi Latuperissa. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. In accordance of the Creative Commons Attribution License all Copyrights © 2014 are reserved for SCIRP and the owner of the intellectual property Johan J. C. Tambotoh, Rudi Latuperissa. All Copyright © 2014 are guarded by law and by SCIRP as a guardian.


Investment of information technology (IT) in the government sector in Indonesia continues to increase every year. However, this increase has not been followed by good governance due to the lack of attention to good IT management. Measurement of IT governance is therefore required as a basis for the continuous improvement of the IT services to government agencies. This study is aimed at producing an application to measure the maturity level of IT governance in government institutions, thus facilitating the process of improvement of IT services. The application developed is based on COBIT 4.1 framework and the design used is Unified Modeling Language. Through stages of information system development, this research results in an application for measuring the maturity level of IT governance that can be used by government agencies in assessing existing IT governance.

Keywords: Information Technology Governance; IT Governance Maturity Level; COBIT 4.1

1. Introduction

Investment in information technology (IT) in the government sector (e-Government) in Indonesia has increased significantly each year. In 2009 fiscal year, the realization of central government spending on IT was IDR 10 trillion or approximately 1.66% of the total Central Government Expenditures in 2009 and it was an increase of 1.27% in the IT Expenditures in 2008 [1]. However, the increase in government IT investment has not been followed by the optimized uses of IT for development and improvement of the country’s economy. Based on E-Government Readiness Index (EGDI), published by the United Nations Public Administration Programme (UNPAP) in 2010, Indonesia is at position 109. The E-Government Readiness Index (EGDI) is a composite measure of the capacity and willingness of countries to use Egovernment for ICT-led development. The value of Indonesian E-Government development index is 0.4026, or lower than the value of the previous year which was 0.4107. This value is still below the average South-Eastern 0.4290 and 0.4514 below the world average [2].

The EGDI looks at the most important dimensions of E-government: (i) scope and quality of online services, (ii) telecommunication connectivity, and (iii) human capacity. EDGI indicators are measured by the formula: (0.34 × online service index) + (0.33 × telecommunication index) + (0.33 × human capital index). Scope indicators and quality of online services and human capital index are directly related to the implementation of IT governance in the government sector [1]. IT governance itself is an attempt to ensure the management of IT to support and align with organizational strategy undertaken by the board of directors (head of government), executive management and IT management. IT governance is an integral part of corporate governance in ensuring the attainment of the objectives that have been established at the starting period [3].

Continuous and institutionalized efforts are needed in each related government agency in the application of IT Governance. For that reason, government agencies need to evaluate the previous IT governance implemented by measuring the maturity level of the IT governance. The government of Indonesia has actually issued the General Guide of IT Governance since 2007, but there is no technical manual on how to run IT governance in operational levels. IT governance should be seen as a cycle that goes on and is able to guarantee the implementation information technology. The goal is to provide assurance that the benefits of IT investments have been made [4]. Governance guide does not explain how and what should be done by government agencies to ensure the implementation of IT governance.

There is a technical framework and guide for the implementation of IT governance that is currently used by the business sector to ensure the achievement of the benefits of IT investments [5]. IT governance framework can be modified to the needs of government agencies in order to optimize the use of IT for the achievement of development objectives and to the welfare of society. The mentioned framework is Control Objectives for Information and Related Technology (COBIT) 4.1, developed by the IT Governance Institute (ITGI) [6]. This framework can be modified and developed into an application to conduct a self assessment of IT governance as well as guidance on IT governance.

Therefore, this study has developed an application to measure the maturity level of IT governance in government agencies using COBIT 4.1 framework. This application helps government agencies in conducting self-assessment and determining to what extent the implementation of IT governance has been done. The measurement results illustrate the current state so as to facilitate improvement of IT governance. All sub-processes that exist within the framework of COBIT 4.1 are used and measured based on control objectives that exist in each subprocess. This application facilitates the development of recommendations and improvements on each weak subprocess. This application is designed using Unified Modeling Language (UML) and is built with PHP & MySQL.

2. Literature Review

2.1. IT Governance

IT Governance focuses specifically on information technology systems, their performance and risk management. The primary goals of IT Governance are to assure that the investments in IT generate business value, and to mitigate the risks that are associated with IT. This can be done by implementing an organizational structure with well-defined roles for the responsibility of information, business processes, applications and infrastructure.

According to Weill and Ross [4], IT governance is related to the management right in decision-making and a framework that can be accounted for encouraging expected behavior in the use of IT. There are 5 (five) key decisions related to IT governance as shown in Figure 1.

2.2. COBIT 4.1

COBIT 4.1 is a framework for IT governance consisting of a process collection of IT best practices, which can be implemented at all organizational levels to improve the governance and management of IT. This framework is a comprehensive tool for creating IT governance. COBIT 4.1 provides a best practice reference that covers the entire business process of an organization and exposes it in a logical structure that can be managed and controlled effectively. COBIT 4.1 has 4 main domains that are interrelated, as in Figure 2, and has 34 sub-processes that become the control objectives. The combination of 4 domains is the reason for the selection of the COBIT 4.1

Figure 1. Key IT governance decisions.

Figure 2. Inter-relation of COBIT 4.1 domain [7].

framework for measuring the maturity level of IT governance in this study.

2.3. IT Governance Maturity Level

The maturity level of IT governance based on COBIT 4.1 is a scoring method, from 0 to 5 as in Figure 3, which allows organizations to provide assessment for themselves by explaining to the manager or head about the IT process, by showing the weakness of the existing management and setting the appropriate targets. This measurement tool offers the easiness to understand how to determine the current position (as-is) and the position of the future (to-be) and allow the organization to make comparisons to itself based on the best practices and standard guidelines [8].

3. Research Method

This research is an engineering study, where the end result is an application that is used to measure the maturity level of IT governance. For that purpose, the research method used is based on the phases of Software Development Life Cycle (SDLC) and prototyping approach. The final result is still a prototype continues to be developed in line with the needs of government agencies. The research starts with the analyzing of the needs of the system, and then proceeds with the design and manufacturing system design using UML and the last is the creation of applications using PHP and MySQL tools.

The first phase of testing by the developer uses whitebox Testing approach and on the user side uses Blackbox Testing. The stage of design uses diagrams provided in UML, which is the Use Case Diagram, Activity Diagram, Class Diagram, Sequence Diagram, Collaboration Diagram, Component Diagram and Deployment Diagram.

4. Results and Analysis

The followings are the results of the research in the form of design and application design using UML and webbased applications which is an application for measuring the maturity level of IT governance in government institutions. The application design shown includes Use Case, Activity and Class Diagrams.

4.1. Use Case Diagram

Use Case diagram, as in Figure 4, describes the relationship of the functionality contained in the application. Actors within the system are Admin and Auditor. The functions that can be performed by the Admin: Manage Questioner function (this function has sub-functions of Insert, Update, Delete, and View Questioner), Manage Score and Analysis function (this function has sub-functions of Input Score and Analysis, Analysis Create, Generate Maturity Level and Generate Diagram), Manage Report function (this function has sub-functions of Generate Diagram and View Report). While the actor has the functions of View Questioner Auditor, Input Score and Analysis, and View Report.

4.2. Activity Diagram

The Activity Diagram, as in Figure 5, describes the business process in the system, covering the following processes:

• Auditor does Login to the system using Username and Password;

• System does User Verification, if true, then the main menu is displayed;

• Auditor chooses the menu Audit Form Reference;

• Auditor chooses Areas/Domain;

• Auditor inputs Tools;

• Auditor inputs Field Finding;

• Auditor inputs Score;

• System processes scoring;

• When completed, system will do Generate Maturity Level;

• When completed, system will do Generate Diagram;

• System will display Report;

• If the Report needs to be printed, Auditor will do Print Report; and

• When all the processes have been completed, Auditor will do Logout from the system.

4.3. Class Diagram

This application is an object-oriented information system. Relationships between objects in the system are described using class diagram, as in Figure 6. Class Diagram Systems Audit Reference Form consists of nine objects which are represented in classes. Each class has attributes and behavior. The classes include:

• Class Questionare_boundary;

• Class Questionare_controller;

• Class Input_Score_Questionare_controller;

• Class Generate_Maturity_Questionare_controller;

• Class Generate_Diagram_Questionare_controller;

Figure 3. Maturity level of IT governance.

Figure 4. Use case diagram.

Figure 5. Activity diagram.

Figure 6. Class diagram.

• Class Questionare_entity;

• Class Report_boundary;

• Class Report_controller, and

• Class Report_entity.

4.4. Application Layout

The following is the layout of the application for measuring the IT governance maturity level IT on government agencies that builds upon the existing design. After doing login as a user, then the application will appear as in Figure 7. As printed Questionnaire, the application provides some information like day and date form filling. Day and date filling purpose is to know when it was last conducted an evaluative study on a particular sub-process and what the results are. The determination of the day and date is very useful to know the latest status of the evaluative study conducted.

Furthermore, Auditor fills the data for name (Auditor) and location (auditee), as shown in Figure 8. It is intended to record the data of the Auditor who conducts assessments and the location/venue of the assessment.

Before filling out the form, the auditor needs to read the objective of each sub-process to understand what the focus on each sub-process. Furthermore Auditor will do the assessment based on Control Objective, as shown in Figure 9. There are several methods used in conducting the audit, which are Interview and Document Check. Furthermore the auditor fills out the Tools or equipment used in conducting the audit and the Field Findings. After the Score is given based on COBIT 4.1 framework.

To ease the examination and assessment towards each control objective or the data required by COBIT, there are guides and explanations related to the Control Objectives, Value Drivers, Risk Drivers, Control Practices and

Figure 7. Preliminary look of the application.

Figure 8. Auditor name and auditee location.

Figure 9. Form of COBIT 4.1.

Test the Control Design as shown in Figure 10. Every time an assessment of the control objectives is made, it will require analysis and in-depth understanding of the important things that need to be assessed.

4.5. Measurement Results

The last stage of this research is to perform tests on a few government agencies in Salatiga. It is based on the RACI chart (Responsible, Accountable, Consulted, Informed) framework based on COBIT 4.1 as shown in Table1 The result obtained in this trial is for the government agency to be able to quickly identify the level of maturity of the IT governance and at the same time the weaknesses. Therefore, this would facilitate the preparation of the recommended improvement. Correspondingly, it would help the government agencies in implementing good IT.

The result of the assessment will look like in Figure 11, where the average value of the IT maturity framework based on COBIT 4.1 will be displayed. In addition to scoring, the next section is a resume or summary of the audit findings for each of the existing control objective.

The Scoring is based on the framework used is COBIT 4.1 as in Figure 12.

Figure 10. Explanation of each control objective.

Figure 11. Measurement result of maturity level of IT governance.

Figure 12. Scoring based on COBIT 4.1.

5. Conclusion

This research has resulted in an application for measuring IT governance on government agencies by utilizing the COBIT 4.1 framework. This application allows the measurement and self-assessment of the IT governance of relevant government agencies. The sooner a government agency could determine the level of maturity and weaknesses, the sooner the improvement for good IT governance could be applied. Good IT governance will have an impact on the services delivered to the community and in

Table 1 . RACI chart of application test.

the government agency itself. Thus the efforts to improve the quality of IT-based services can be directly implicated in the progress of the government agency and the public in general.


[2] P. T. I. dan Komunikasi, “Indikator Teknologi Informasi dan Komunikasi Tahun 2009,” Deputi Bidang Teknologi Informasi, Energi dan Material, BPPT, Jakarta, 2009.

[3] B. Hermana, A. Tarigan, H. Medyawati and W. Silfianti, “E-Government Implementation in Indonesia: Financial Transparency on the Web,” 3rd International Conference on e-Education, e-Business, e-Management and e-Learning IPEDR, Vol. 27, 18 December 2012, pp. 194-199.

[4] K. Surendro, “Implementasi Tata Kelola Teknologi Informasi,” Informatika, Bandung, 2009.

[5] P. Weill and J. W. Ross, “IT Governance: How Top Performers Manage IT Decision Rights for Superior Results,” Harvard Business School Press, Boston.

[6] J. J. C. Tambotoh, “Peningkatan Tingkat Kematangan Manajemen Investasi Teknologi Informasi Menggunakan Ranti’s Generic IS/IT Business Value,” Jurnal Komputer dan Informatika, Vol. 9, No. 1, 2011, pp. 46-53.

[7] IT Governance Institute, “COBIT 4.1 Framework,” 3rd Edition, ITGI, 2008.

[8] I. D. Hartanto and A. Tjahyanto, “Analisis Kesenjangan Tata Kelola Teknologi Informasi untuk Proses Pengelolaan Data Menggunakan COBIT (Studi Kasus Badan Pemeriksa Keuangan Republik Indonesia),” Magister Manajemen Teknologi, ITS Surabaya, 2009.

[9] A. Setiawan, “Evaluasi Penerapan Teknologi Informasi di Perguruan Tinggi Swasta Yogyakarta Dengan Menggunakan Model COBIT Framework,” Prosiding SNATI, Hal. A.15-A.20, Yogyakarta, 2008.