Performance Measurement of Information Technology Governance in The Library of Diponegoro University Using COBIT Assessment Framework

. This study aims to measure the management of IT utilization in the Diponegoro University Library using the COBIT framework. From the results of these measurements it is expected to identify the conditions of IT governance at present, the gap with ideal conditions, and improvements to increase the use of IT in line with organizational goals. In this study, IT governance will be assessed in the Evaluate-Direct-Monitor (EDM) aspects of five domains, namely EDM01: Ensure Governance Framework Settings and Maintenance, EDM02: Ensure Benefits Delivery, EDM03: Ensure Risk Optimization, EDM04: Ensure Resource Optimization, and EDM05 Ensure Stakeholders Transparency. The research design used in this study is sequential exploratory, which is collecting and analyzing qualitative data then collecting and analyzing quantitative data. The research location is in the Diponegoro University Library. Data collection techniques in this study were conducted through a survey using interviews with the leaders and managers of the Diponegoro University Library, and observations of conditions at the Diponegoro University Library. Based on score calculation and mapping based on the COBIT framework, the Diponegoro University Library Manager has implemented IT governance. Deficiencies identified are in the EDM01 domain Ensure Governance Setting and Maintenance and EDM03 Ensure Risk Optimization which have not reached the maximum level. capability level is still below expectations. Whereas in other domains, EDM02 Ensure Benefits Delivery, EDM04 Ensure Resource Optimization, and EDM05 Stakeholder Transparency are at the highest level.


Introduction
Information technology (IT) is a vital part of library organizations.Through IT, information and library collections can be stored in digital formats that are easy to maintain.IT also makes it easy for users to access library services, without being limited by operating hours.Some services can also be accessed simultaneously, which can expand information dissemination.
Diponegoro University Library is an organization that acts as a Technical Implementation Unit (UPT) for library services.Diponegoro University Library organizes services in the form of circulation collection as well as reference and information retrieval services.In addition, the Diponegoro University Library also organizes information dissemination services, through the publication of books, bulletins, and magazines.
In order to provide these services to be IT-based, the leaders and managers of the Diponegoro University Library have a framework called IT governance.IT governance is a framework that ensures IT infrastructure (in the form of hardware, software, and processes) can support the achievement of strategies and organizational goals.The framework is vital, to optimize the benefits of IT while minimizing the risk of failure in IT implementation.
The IT framework requires performance measurement matrices as part of the evaluation.For internal organizations, IT governance evaluation is useful to ensure that IT has provided optimal results, as well as design development and improvement processes.Thus, IT governance is always current with technological advancements and organizational goals.
One standard for measuring IT governance performance in organizations is to use the Control Objectives for Information and Related Technology (COBIT) framework.The basic concept of the COBIT framework is to carry out an assessment of aspects of IT in the organization using the perspective of the benefits of IT for organizational goals.
This study aims to measure the management of IT utilization in the Diponegoro University Library using the COBIT framework.From the results of these measurements it is expected to identify the conditions of IT governance at present, the gap with ideal conditions, and improvements to increase the use of IT in line with organizational goals.
COBIT defines the performance of IT governance in an organization through two aspects, namely governance and management.The governance aspect is an illustration of how the organization's leaders implement IT according to the goals and resources of the organization, as well as risk management.The evaluation domain on governance aspects is Evaluate-Direct-Monitor (EDM), with five levels, namely: • EDM01: Ensure Governance Framework Settings and Maintenance.
• EDM05: Ensure Stakeholders Transparency.Evaluation on each domain is carried out with guidance called process capability criteria.Process capability consists of six levels (figure 1), which are Incomplete, Performed, Managed, Established, Predictable, and Optimizing and each level is marked with a process attribute.Each level can be explained as follows.
• Level 0: Incomplete Process, i.e. the process is not running, or the process is running but fails to reach the goal, or the goal is not achieved systematically.• Level 1: Performed Process, which is a process that is successfully carried out until it reaches its destination.There are 1 process attributes for this level, namely: -PA 1.1 Process Performance to measure the achievement of objectives, based on the output produced.• Level 2: Managed Process, which is the work process mentioned at level 1, is carried out through systematic steps, namely planning, monitoring, evaluating.At this level there are 2 process attributes namely.
-PA 2.1 Performance management to measure the level of process implementation arrangements.-PA 2.2 Work Product Management: to measure work products produced.• Level 3: Established Process, which is a process run at level 2, also equipped with a clear definition.In this attribute there are 2 process attributes namely.
-PA 3.1 Process Definition to measure the definition provided for each process.
-PA 3.2 Process Deployment to measure the standards provided for each process definition.• Level 4: Predictive Process, i.e. the process carried out at level 3 has been completed with the purpose of the process.In this attribute there are 2 process attributes, namely: -PA 4.1 Process Measurement to measure the completeness of processes associated with achieving organizational goals.-PA 4.2 Process Control to measure the completeness of processes in the form of boundaries and prediction of results.• Level 5: Optimizing Process, i.e. the process at level 4 has been supplemented with further improvement efforts, to meet organizational goals.Attributes at this level are: -PA 5.1 Process Innovation to measure the completeness of the process in the form of process improvement / innovation.-PA 5.2 Process Optimization to measure the completeness of processes in the form of process improvement definitions.
The scale used to assess process attributes is as follows: • N: Not Achieved (0 to 15%), which is marked by little or no evidence of attainment of the attributes of the process being assessed.• P: Partially Achieved (> 15% to 50%), which is indicated by the existence of some evidence of the approach and some achievement of the assessed process attributes.• L: Largely Achieved (> 50% to 85%) which is marked by evidence of a systematic approach and significant achievement of the attributes of the process being assessed.• F: Fully Achieved (> 85% to 100%) which is marked by the existence of complete evidence and a systematic approach and full achievement of the attributes of the process being assessed.COBIT has defined assessment criteria for each level based on the process attribute achievements, as in table 1.
The definition of the evaluation criteria is as follows: • Capability level 1 can be achieved if the PA 1.1 attribute has the criteria fully achieved or largely achieved.

Material and Methods
This research uses qualitative methods through case studies, observations, and interviews.The research location is in the Diponegoro University Library.
Data collection techniques in this study were conducted through a survey using interviews with the leaders and managers of the Diponegoro University Library, and observations of conditions at the Diponegoro University Library.

Data Processing and Analysis Techniques
The analytical method in this study is a quantitative analysis method of the condition of IT governance in the Diponegoro University Library at present based on the COBIT framework.The stages used for analysis include: a. Domain Determination At this stage the domain is determined to be evaluated based on the IT service needs of the organization by adopting the domain standards contained in the COBIT framework.
In this study the domains to be examined are four domains contained in the COBIT framework, namely Evaluate, Direct and Monitor (EDM).b.Determination of Performance Indicators At this stage performance indicators are made for each control process that has been determined in the previous stage.Performance indicators define how business processes, IT functions or IT processes can be carried out properly that are possible to achieve a goal.The determination of performance indicators is based on the control objectives of each control process within the COBIT framework.c.IT Governance Scoring At this stage IT scoring was done at Diponegoro University Library, using the capability level framework in figure 1, and determining the level in table 1.

Results and Discussion
This section will discuss performance evaluation at the Diponegoro University Library using COBIT framework to measure capability levels.Data obtained based on interviews and observations, the domain to be used focuses on Evaluate, Direct and Monitor (EDM).

EDM01 Ensure Governance Setting and Maintenance
The purpose of this domain is to assess the suitability of IT implementation with the goals of the Diponegoro University Library organization, as well as assess the monitoring process carried out by the leaders and managers of the Diponegoro University Library.Based on the results of interviews with leaders and managers, IT governance at the Diponegoro University Library has been running, marked by policies and decision-making that are oriented towards optimal IT application.However, these achievements have not been equipped with workflows that began with standardized design, and have not been equipped with performance measurements.The average capability level of this domain is 1 Performed Process.
The results of the assessment and mapping process attributes of this domain can be seen in Table 2, and, details on this domain can be seen in Table 3.

EDM02 Ensure Benefits Delivery
The purpose of this domain is to optimize business processes, IT-based services and assets, in order to provide optimal IT services but still in accordance with the planned budget.This domain also aims to produce accurate and reliable information and support businesses effectively and efficiently.
Based on the results of the interview, the leadership and manager of the Diponegoro University Library have a mechanism to mitigate the needs, have insight into the adoption of new technologies that can support better operations, and there is a monitoring mechanism that runs well.The leadership and manager of the Diponegoro University Library also has an agenda of periodic performance meetings and has a review of the mechanism and corrective action plan if errors are found.
The average capability level of this domain is 3 Established Process.The average EDM02 Capability Level of Ensure Benefits Delivery and process attribute mapping from this domain can be seen in Table 4.

EDM03 Ensure Risk Optimization
The purpose of this domain is to ensure that organizational managers have an understanding of the risks involved in IT implementation, as well as having a mechanism to determine the threshold and tolerance limits of IT implementation failure.
Based on the results of the interview, the leadership and manager of the Diponegoro University Library have a mechanism to map risks during IT implementation, and any risks that have arisen have been communicated by staff regarding the leadership.So that failure can be minimized through risk assessment and corrective action planning.However, the leaders and managers of the Diponegoro University library do not yet have a standard definition of risk profile and do not recognize risk management metrics.The average capability level of this domain is 2 Managed Processes.
Mapping the process attributes of this domain can be seen in Table 6, while details on this domain can be seen in Table 7.

EDM04 Ensure Resource Optimization
The purpose of this domain is to ensure that the resources owned by the organization, whether human, technological, or policy, are available to support organizational goals effectively and optimally.Based on the results of the interviews, the leaders and managers of the Diponegoro University Library already have scheduled technology maintenance.In addition, periodic planning is also available for the development of technology and budget allocation.The Library Manager at Diponegoro University also has a division of responsibilities and division of technology resources.The weaknesses identified are the lack of a metric for measuring success at the time of monitoring.The average capability level of this domain is 3 Established Process.
Mapping the process attributes of this domain can be seen in Table 8.While the detailed assessment of this domain can be seen in Table 9.

EDM05 Ensure Stakeholder Transparency
The purpose of this domain is to ensure that IT performance reporting is delivered transparently to stakeholders.Based on the results of the interview, the leaders and managers of the Diponegoro University Library already have periodic reports about IT assets, along with the performance of the IT system that runs at the Diponegoro University Library.The identified shortcoming is the lack of a standard metric to present the report.The average capability level of this domain is 3 Established Process.
Mapping the process attributes of this domain can be seen in Table 10.While the detailed assessment of this domain can be seen in Table 11.

Table 1 .
Process Attributes Ratings and Capability Levels

•
Capability level 2 can be achieved if the attributes PA 2.1 and PA 2.2 have the criteria of fully achieved or largely achieved, and PA 1.1 has the criteria of fully achieved.•Capability level 3 can be achieved if the attributes PA 3.1 and PA 3.2 have the criteria fully achieved or largely achieved, and PA 1.1, PA 2.1 and PA 2.2 have the criteria fully achieved.• And so on for capability levels 4 to 5.

Table 2 .
Mapping Processes for Attributes EDM01 Ensure Governance Setting and Maintenance

Table 3 .
Average Capability Level for EDM01 Ensure Governance Setting and Maintenance

Table 4 .
Mapping Processes for Attributes EDM02 Ensure Benefits Delivery

Table 5 .
Average Capability Level for EDM02 Ensure Benefits Delivery

Table 6 .
Mapping Processes for Attributes EDM03 Ensure Risk Optimization

Table 7 .
Average Capability Level for EDM03 Ensure Risk Optimization

Table 8 .
Mapping Processes for Attributes EDM04 Ensure Resource Optimization

Table 9 .
Average Capability Level for EDM04 Ensure Resource Optimization

Table 10 .
Mapping Processes for Attributes EDM05 Ensure Stakeholder Transparency

Table 11 .
Average Capability Level for EDM05 Ensure Stakeholder Transparency Based on score calculation and mapping based on the COBIT framework, the Diponegoro University Library Manager has implemented IT governance.Deficiencies identified are in the EDM01 domain Ensure Governance Setting and Maintenance and EDM03 Ensure Risk Optimization which have not reached the maximum level.capability level is still below expectations.Whereas in other domains, EDM02 Ensure Benefits Delivery, EDM04 Ensure Resource Optimization, and EDM05 Stakeholder Transparency are at the highest level.So, it can be concluded that the Diponegoro University Library has implemented IT governance with several shortcomings.