Information technology is currently growing very rapidly. Almost all agencies take advantage of the role of information technology. In the X agencies engaged in the social field of information technology as a goal that must be achieved. In order to create good government, an agency must be supported by good IT governance in order that information technology and business objectives are aligned and have added value for the agency. This study aims to measure the governance of IT services. This research is done because the agency X is now using IT services. The existence of good policies and procedures on the insight X can create a good service as well. This study uses the ITIL v3 framework that focuses on Service Operation domain. The ITIL framework is an IT services management guide. Measurement of maturity level using COBIT. The level of maturity in this governance audit is at level 3. Recommendations are given to achieve the expected targets within the ITIL framework.

COBIT Maturity Level
Gap Rate

Figures - uploaded by I Made Dwi Ardiada

Author content

All figure content in this area was uploaded by I Made Dwi Ardiada

Content may be subject to copyright.

ResearchGate Logo

Discover the world's research

  • 20+ million members
  • 135+ million publications
  • 700k+ research projects

Join for free

International Journal of Engineering and Emerging Technology, Vol. 2, No. 2, JulyDecember 2017

(p-issn: 2579-5988, e-issn: 2579-597X) 91

Audit of Governance Information Technology

Services Using ITIL v3 Focuses on Service Operation

Domain in Institution X

Ni Putu Sri Merta Suryani1*, I Made Dwi Ardiada2, and I Gusti Ngurah Janardana3

1,2Department of Electrical and Computer Engineering, Post Graduate Program, Udayana University

3Department of Electrical and Computer Engineering, Udayana University

*Email: mertasuryani@gmail.com

Abstract-Information technology is currently growing

very rapidly. Almost all agencies take advantage of the

role of information technology. In the X agencies engaged

in the social field of information technology as a goal that

must be achieved. In order to create good government, an

agency must be supported by good IT governance in order

that information technology and business objectives are

aligned and have added value for the agency. This study

aims to measure the governance of IT services. This

research is done because the agency X is now using IT

services. The existence of good policies and procedures on

the insight X can create a good service as well. This study

uses the ITIL v3 framework that focuses on Service

Operation domain. The ITIL framework is an IT services

management guide. Measurement of maturity level using

COBIT. The level of maturity in this governance audit is

at level 3. Recommendations are given to achieve the

expected targets within the ITIL framework.

Keyword- Audit, ITIL V3, COBIT, IT Services

I. INTRODUCTION

Information technology is now experiencing rapid growth.

This is evidenced by the number of agencies and companies

that utilize the role of information technology. Almost all

government agencies that invest in information technology to

achieve the goals to be achieved. Utilization of information

technology in government agencies must also be considered so

as to achieve the desired goal with the maximum. Attention

can be how the management of risk and effectiveness and

efficiency of resources.

Information technology governance is part of corporate

governance where stakeholders have responsibility for

aligning the organization's business objectives with IT

objectives, IT controls so as to achieve company objectives

and controlling and mechanisms for maintaining IT assets (De

Haes & Van Grembergen, 2004). The Ministry of

Communications and Information Technology has established

IT governance in MoCI Regulation No. 41 of 2007 on General

Guidelines of National Information Technology Governance

to realize good and responsible governance. Therefore,

starting from central and regional agencies should have

governance as a benchmark of IT management and services.

Agency X makes information technology a goal to be

achieved. In agency X, information technology is developing

very rapidly under the planning field. Field planning as a field

that invests and manages IT services in agency X. In agency

X, the management of IT services has not been implemented

and well documented. Institution X also does not have IT

governance so it is not known whether IT investment has

added value or not. Information technology management is

not maximal because there is no fixed standard. Currently, the

use of information technology services in agency X is not

maximized. This is because the existing fields in agency X

require a governance for IT services to be structured and

systematic. Good IT governance will be a reference in

providing good and quality IT services. The use of IT services

can serve as service providers that are aligned with the

organization's goals. The existence of IT governance in an

agency is certainly expected to ensure that IT services can

help achieve agency goals.

The governance designed in this study is based on IT

Service Management (ITSM). ITSM is a process to align IT

service delivery with business needs. In this study using the

framework of ITIL or Information Technology Infrastructure

Technology Library. ITIL is a framework with a set of best

practice IT governance services. The ITIL framework is used

because agency X is a social institution that provides services.

The ITIL framework aims to improve the effectiveness and

efficiency of IT services, improve the quality of IT services.

Selection of the ITIL framework is based on previous

research related to IT service management. IT governance

research in agency X using the ITIL framework focuses on

Service Provider domains. Domain Service Operation is a

domain that contains guides to serve the operations of IT

service management.

The formulation of the problem of this research is how the

management capabilities of IT services in agency X and how

the governance of IT service management in agency X using

the framework guidelines ITIL v3 which focuses on the

domain Service Operation.

International Journal of Engineering and Emerging Technology, Vol. 2, No. 2, JulyDecember 2017

(p-issn: 2579-5988, e-issn: 2579-597X) 92

II. LITERATURE REVIEW

1) IT Audit

Information Technology Audit (IT) is one form of

operational audit that aims to improve IT governance. The

audit is performed by an internal audit by applying the audit

technical knowledge, to evaluating the information system

units, managing the information resources, developing the

application system and then implementing the system and

evaluating it. Implementation of a good information

technology audit as follows:

a. Determine the scope and purpose of the audit;

b. Evidence collection;

c. Implementation of fit test;

d. Determination of maturity level.

IT audit needs to be done in order to improve the

effectiveness and efficiency within the company. Each

company conducts IT audits with reasons to avoid losses due to

data loss, data leakage risk, computer misuse, loss due to

miscalculation of the calculation and high value of hardware

and software investment.

2) ITIL V3

Information Technology Infrastructure Library (ITIL) is a

standard issued by the United Kingdom as a framework that is

referred to by best practice process and operational

management procedures. ITIL is grouped into 2 parts namely

Service Support Management and Service Delivery. The

objective of this ITIL framework is to increase operational

efficiency of IT and customer service quality as it focuses only

on customer service and does not at all include the process of

aligning corporate strategy with the developed IT strategy.

ITIL version 3 consists of five sections that emphasize the

lifecycle management of services provided by information

technology including Service Strategy, Service Design, Service

Transition, Service Operation and Continual Service

Improvement.

Figure 1. Service Lifecycle ITIL V3

Service Strategy provides guidance to the implementation

of ITSM to view ITSM not only as an organization's ability to

deliver, manage and operate IT services but also as an

organizational strategic asset. Service Strategy consists of

Service Portfolio Management, Financial Management and

Demand Management processes.

Service Design aims to provide IT services with benefits to

businesses, IT services must be designed in accordance with

customer business objectives. Service Design consists of

Service Catalog Management, Service Level Management,

Supplier Management, Capacity Management, Availability

Management, IT Service Continuity Management and

Information Security Management.

Service Transition provides guidance to organizations in

order to develop IT service design results into operational

environments. Service Transition consists of Transition

Planning and Support, Change Management, Service Asset and

Configuration Management, Release and Deployment

Management, Service Validation, Evaluation and Knowledge

Management.

Service Operation covers all day-to-day operations of

managing IT services. Service Operation consists of Event

Management, Incident Management, Problem Management,

Request Fulfillment and Access Management.

Continual Service Improvement (CSI) provides an

important guide in developing and maintaining the quality of

IT services from design, transition and operational processes.

CSI combines various methods and principles of quality

management one of which is Plan-Do-Check-Act (PDCA) or

so-called Deming Quality Cycle.

3) Maturity Model

An analysis of the condition of maturity is measured using

the COBIT framework. Measurement of maturity is done using

COBIT because the ITIL framework does not have a guide to

measure the level of maturity. In Table 1 there is a definition of

COBIT maturity level.

Table 1. COBIT Maturity Level

Level 0

Incomplete process

Organizations at this stage do not

implement IT processes that should

or have not achieved the objectives

of the IT process.

Level 1

Performed process

The organization at this stage has

successfully carried out IT processes

and IT process objectives have been

achieved.

Organizations at this stage in

carrying out the IT process and

achieving its objectives are

implemented in a well managed

manner. So there is more assessment

because the implementation and

achievement is done with good

management. Management here

means its implementation through the

process of planning, evaluation and

International Journal of Engineering and Emerging Technology, Vol. 2, No. 2, JulyDecember 2017

(p-issn: 2579-5988, e-issn: 2579-597X) 93

adjustment for the better.

Level 3

Established process

The organization at this stage has IT

processes that are standardized

within the overall organization. This

means that there is a standard IT

process that applies throughout the

organization.

Level 4

Predictable process

Organizations at this stage have been

running IT processes within definite

boundaries, such as time limits.

These limits result from

measurements that have been made

during the implementation of the IT

process before.

Level 5

Optimizing process

At this stage the organization has

made innovations and made

continuous improvements to improve

its capabilities.

III. RESEARCH METHODOLOGY

The research methodology discusses the stages of audit

implementation. There are several stages done in the IT service

audit. The stages are done so that the audit process goes

according to plan. In Figure 2 there are stages of audit

implementation.

The first stage is the planning stage. At the planning stage

done the formulation of problems, objectives and limitations of

the problem. In addition, a literature study was also conducted.

The second stage is the domain selection stage. At this

stage organizational goals are aligned with business goals, IT

objectives and IT processes. After that mapping between

COBIT and ITIL.

The third stage is data collection. In this research data

collection is done with 2 (two) ways that is interview and

survey by using questioner.

In the fourth stage is processing and analysis. At this stage

the calculation of the level of maturity, expected targets and

gap analysis (gap).

In the fifth stage is a recommendation. Recommendations

are given aims in order to achieve the desired target.

Planning (Problem

Formulation, Objectives,

Limitations and Literature

Studies).

Domain Selection (Business

Purpose Identification, IT

Destination Identification, IT

Process Identification, COBIT

Mapping and ITIL.

Data Collection (Interview and

Questionnaire)

Processing and Analysis (Current

Capability Level, Targeted

Capability Level, Gap Analysis)

Recommendation

Figure 2. Stages of Audit Implementation

IV. ANALYSIS AND RESULT

1) Respondents

Respondents who fill the questionnaire in this study as

many as 32 people. Respondents selected were respondents

who had links with IT services in agency X. In Table 2 there

were number of respondents.

Table 2. Number of Respondents

2) Audit Design

To create a good IT plan required a COBIT mapping of

the ITIL framework in the Service Operation domain. Here is

an audit plan on the domain Service Operation.

Table 3. Domains and Sub Domains

International Journal of Engineering and Emerging Technology, Vol. 2, No. 2, JulyDecember 2017

(p-issn: 2579-5988, e-issn: 2579-597X) 94

In Table 3 it is explained that the Service domain has seven

sub domains that will be used as reference in the

implementation of the audit. Seven sub domains ie Event

Management Process, Incident Management, Request

Management, Access Management, Problem Management,

Application Management and IT Management.

3) Calculation of Current Maturity Level

The results of the questionnaire filling can be seen in Table

4 which contains the current maturity level.

Table 4. Current Maturity Level

In Table 4 it is explained that each sub domain in the

Service Service domain is at maturity level 3 (Established

Process). At this level, agency X already has a standardized IT

service within the scope of the whole agency, which means

that there is already an appropriate IT service on agency X.

4) Gap Analysis

Having known the current level of maturity, determining

the target level of maturity so as to cause a gap as shown in

Table 5.

Table 5. Gap Rate

In Table 5 it is seen that there is a gap in each sub domain

Service Operation. The existence of the gap so that the

necessary recommendations for improvement to achieve the

expected target. In Figure 3 there is an illustration of current

and expected maturity levels.

Figure 3. Illustration Current Maturity Level and Target

In Figure 4 we can see the graph of the current level of

maturity and expected maturity level.

Figure 4. Graph of Current and Targeted Maturity Rate

5) Recommendations

The recommendations are given to achieve the expected

target as follows:

1. There is support and active role both from central and

regional related to IT service.

2. The existence of IT staff who have the skills to handle

certain problems related to IT services.

3. The existence of clear guidelines and procedures in the

implementation of IT services.

4. The existence of archives or records related to how IT

services in agency X.

V. CONCLUSION

The value obtained from the IT governance

management audit on the X Institution focusing on the Service

domain is 3.19 located at level 3 (Established Process). The

International Journal of Engineering and Emerging Technology, Vol. 2, No. 2, JulyDecember 2017

(p-issn: 2579-5988, e-issn: 2579-597X) 95

organization at this stage has IT processes that are standardized

within the overall organization. This means that there is a

standard IT process that applies throughout the organization.

REFERENCES

[1] ISACA, IS Standards, Guidelines and Procedure for Auditing and

Contol Professionals., United State of America:ISACA, 2009.

[2] ISACA, COBIT 5 : A Business Framework For The Governance

and Management of Enterprise IT USA: ISACA: 20112.

[3] TSO, ITIL Service Operation., Norwich: TSO (The Stationery

Office), 2011.

[4] IT Governance Institute Team, "COBIT Mapping; Mapping ITIL

V3 with COBIT 4.1 ", United States of America : IT

Governance Institute, 2008.

[5] Office of Government Commerce (OGC), " ITIL version 3

Service Operation", The Stationery Office - TSO, London,

2007.

[6] HM Jogiyanto and Wily Abdilah, "Sistem Tata Kelola Teknologi

Informasi", Yogyakarta : Andi. 2011.

[7] Sarno Riyanarto, "Audit Sistem dan Teknologi Informasi",

Surabaya : ITS Press. 2009.

[8] Ari Putra Wijaya, Putu Widiadnyana, Ida Bagus Alit

Swamardika, "Audit of Information Technology using ITIL V.3

Domain Service Operation on Communications and Information

Technology Agency" , International Journal of Engineering and

Emerging Technology, vol 1 no 1, 2016.

[9] Komang Budiarta, Adi Panca Saputra Iskandar, Made Sudarma,

"Audit Information System Development using COBIT 5

Framework (case Study: STMIK STIKOM Bali) ", International

Journal of Engineering and Emerging Technology, vol 1 no 1,

2016.

[10] Peraturan Daerah, accessed on 15 November 2017.

[11] De Haes, S., & Van Grembergen, W. (2004). IT Governance and

its Mechanisms.

[12] Luki Aisha Kusuma Wardani, Murahartawaty, Luthfi Ramadani,

"Perancangan Tata Kelola Layanan Teknologi Informasi

Menggunakan ITIL versi 3 Domain Service Transition Dan

Service Operation Di Pemerintah Kota Bandung" , Journal of

Information Systems Engineering and Business Intelligence,

Vol. 2 No 2, 2016.

[13] Diana Trivena Yulianti, Dian Anggraini, " Analisis Pengelolaan

TI PT. X Dengan Menggunakan ITIL v3, Service Operation",

Jurnal Sistem Informasi Vol 5 No 2, 2010.

[14] Idria Maita, Sapri Akmal, "Analisis Tata Kelola Teknologi

Informasi dengan Best Practice ITIL v3 Service Operation" ,

Jurnal Rekayasa dan Manajemen Sistem Informasi, Vol 2 No 1,

2016.

[15] Abdelaali Himi, Samir Bahsani, Alami Semma, " The IT Service

Management according to the ITIL framework applied to the

enterprise value chain", International Journal of Computer

Science Issues, Vol 8 Issue 3 No 2, 2011.

[16] Ahmad Faiz Zavier, Haryanto Tanuwijaya, Budi Hermawan,

"Audit Pengelolaan Layanan Teknologi Informasi Berdasarkan

ITIL pada IT Marketing & Trading (M&T) PT. Pertamina

(Persero) Marketing Operation Region V Surabaya", Jurnal

Sistem Informasi Vol 3 No 2, 2014.

[17] Idena, J, dan Eikebrokk, T.T., 2013, Implementing IT Service

Management: A systematic literature review, International

Journal of Information Management 33, 512523.

[18] Didin Herlinudinkhaji, April Firman Daru, "Audit Layanan

Teknologi Informasi Berbasis Information Technology

Infrastructure Library (ITIL), Jurnal Informatika UPGRIS Vol 1

No 2, 2015.

[19] Silitonga, Tumpal Paradonga dan Achmad Halil Nor Ali. 2010.

Sistem Manajemen Insiden pada Program Manajemen Service

desk dan Dukungan TI berdasarkan Framework ITIL v3. Institut

Teknologi Sepuluh Nopember : Surabaya.

[20] AR Anggun Cahyaningtyas, Yani Rahardja, Agustinus Fritz W,

"Audit Sistem Informasi dengan ITIL Version 2 Sub Domain

Service Desk, Incident Management dan Problem Management

di Bidang Keuangan Dishubkombudpar Kota Salatiga, Jurnal

Teknologi Informasi-Aiti Vol 9 No 2, 2012.

ResearchGate has not been able to resolve any citations for this publication.

  • Luki Aisha Kusuma Wardani
  • Murahartawaty Murahartawaty
  • Luthfi Ramadani

Abstrak—Teknologi Informasi saat ini sudah menjadi kebutuhan inti suatu organisasi dan bukan hanya sebagai alat pendukung. Pemerintah Kota Bandung, sebagai instansi pemerintahan, menjadikan Teknologi Informasi merupakan salah satu visi yang perlu dicapai. Dalam rangka mencapai good government berdasarkan Peraturan Menkominfo No. 41 Tahun 2007, dibutuhkan suatu tata kelola TI agar dapat memastikan investasi TI menambah value dan selaras dengan tujuan instansi. Pemerintah Kota Bandung saat ini belum memiliki prosedur dan kebijakan yang mengatur tentang pengelolaan layanan TI. Oleh karena itu penelitian ini dilakukan dengan tujuan untuk membuat sebuah prosedur dan kebijakan agar layanan yang diberikan oleh Dinas Komunikasi dan Informatika Kota Bandung selalu maksimal. Penelitian dilakukan menggunakan ITIL v3 pada domain Service Operation dan Service Transition. ITIL merupakan best practice Manajemen Layanan TI yang dapat meningkatkan efisiensi operasional IT instansi. Assessment yang dilakukan sebagai pengukuran Capability Level adalah dengan menggunakan ISO 15504. Capaian capability level untuk Service Transition adalah 24.5% dan untuk Service Operation 23%. Karena kurangnya data primer, data sekunder digunakan untuk mencari proses prioritas yang akan dipilih, dengan memetakan tujuan instansi dengan ketiadaan proses ITIL. Hasil dari perancangan tata kelola ini adalah sebuah kebijakan TI dan 5 prosedur terkait proses-proses di ITIL yang menjadi prioritas.Kata Kunci— Tata Kelola TI, Manajemen Layanan TI, ITIL v3, Service Transition, Service Operation, Sektor PublikAbstract— Nowadays, Information Technology plays an important role in an organization, and not only as a support equipment. Bandung City Government, as a government agency, make IT into one of the visions that need to be achieved. To achieve good governance based on Minister Regulation Number 41 in 2007, IT Governance is needed to ensure that the investment of IT can add value and align with institution's objective. Bandung City Government currently doesn't have policies and procedure that regulate about IT Service Management. Therefore, this study was conducted with the aim to create a guidance for Office of Communications and Information Technology of Bandung (Diskominfo) to optimize the service provided. This study also aims to make Service Management governance so that the management of IT service have certain quality and meet the needs of business customers, and improve the quality as the agreement with the customers. This study was conducted using ITIL v3 with Service Operation and Service Transition domain. ITIL is IT Service Management best practice to improve the efficiency of IT operational. ISO 15504 was conducted to asses Capability Level of ITIL Process. Capability Level of Service Transition is 24.5% and Capability Level of Service Operation is 23%. Because of the inadequacy of the primary data, the assessment was also carried out by mapping the objective of institution with the risks related to the lack of ITIL processes. The results of the design are the governance policies and procedures related to the ITIL processes needed by the institution.Keywords— IT Governance, ITSM, ITIL v3, Service Transition, Service Operation, Public Sector

  • Abdelaali Himi
  • Samir Bahsani
  • Elalami Semma Elalami Semma

The purpose of this paper is to propose an approach for implementing best practices repository of ITIL IT service management on the enterprise value chain in general. This is to make a projection of the phases and ITIL processes and their structure on the links in the value chain.

This article provides a systematic review of existing research related to the implementation of IT Service Management (ITSM) and the Information Technology Infrastructure Library (ITIL). The review's main goals are to support research; to facilitate other researchers' search for relevant studies; and to propose areas for future studies within this area. In addition, we provide IT managers with useful information on ITSM and ITIL, based on research-based knowledge of their implementation. The review results suggest that motives, critical success factors, implementation status, and benefits are the most frequently studied areas, and that each of these areas would benefit from further exposure.

Guidelines and Procedure for Auditing and Contol Professionals

  • Isaca
  • Standards

ISACA, IS Standards, Guidelines and Procedure for Auditing and Contol Professionals., United State of America:ISACA, 2009.

A Business Framework For The Governance and Management of Enterprise IT USA: ISACA

  • Isaca

ISACA, COBIT 5 : A Business Framework For The Governance and Management of Enterprise IT USA: ISACA: 20112.

Sistem Tata Kelola Teknologi Informasi

  • H M Jogiyanto
  • Wily Abdilah

HM Jogiyanto and Wily Abdilah, "Sistem Tata Kelola Teknologi Informasi", Yogyakarta : Andi. 2011.

Audit Sistem dan Teknologi Informasi

  • Sarno Riyanarto

Sarno Riyanarto, "Audit Sistem dan Teknologi Informasi", Surabaya : ITS Press. 2009.

Audit of Information Technology using ITIL V

  • Ari Putra Wijaya
  • Putu Widiadnyana

Ari Putra Wijaya, Putu Widiadnyana, Ida Bagus Alit Swamardika, "Audit of Information Technology using ITIL V.3

  • Stmik
  • Bali

Framework (case Study: STMIK STIKOM Bali) ", International Journal of Engineering and Emerging Technology, vol 1 no 1, 2016.

Analisis Pengelolaan TI PT. X Dengan Menggunakan ITIL v3, Service Operation

  • Diana Trivena Yulianti
  • Dian Anggraini

Diana Trivena Yulianti, Dian Anggraini, " Analisis Pengelolaan TI PT. X Dengan Menggunakan ITIL v3, Service Operation", Jurnal Sistem Informasi Vol 5 No 2, 2010.