Information Technology Governance Disclosure in Annual Report of Indonesia Financial Institutions

The research aims to analyze the level of information technology (IT) governance disclosure in the annual report of financial companies and influencing factors in the exposure of IT governance. It distinguishes financial companies into two groups, namely banking and non-banking financial sectors. The data collection method used is the content analysis of the 2017 annual report from the companies. The results of 76 financial companies show that the level of IT governance disclosure by financial companies in Indonesia is higher than in previous studies in southern Africa and Belgium. Data analysis also shows that the determinants of IT governance disclosure are different in the two groups of companies. The determinant of IT governance disclosure for the banking industry is profitability, while the nonbanking financial sector is the company size.

Abstract-The research aims to analyze the level of information technology (IT) governance disclosure in the annual report of financial companies and influencing factors in the exposure of IT governance. It distinguishes financial companies into two groups, namely banking and non-banking financial sectors. The data collection method used is the content analysis of the 2017 annual report from the companies. The results of 76 financial companies show that the level of IT governance disclosure by financial companies in Indonesia is higher than in previous studies in southern Africa and Belgium. Data analysis also shows that the determinants of IT governance disclosure are different in the two groups of companies. The determinant of IT governance disclosure for the banking industry is profitability, while the nonbanking financial sector is the company size.
Index Terms-Information Technology Governance, Information Disclosure, Annual Report, Financial Institutions

I. INTRODUCTION
I N addition to providing great opportunities, the development of information technology (IT) also leaves risks. The companies must manage these risks appropriately. The use and management of IT by companies are increasingly important since almost all aspects of the company's operations depend on this sophisticated equipment, like companies engaged in the financial industry. IT devices are the backbone of the business's activity. Therefore, IT governance becomes a mechanism. It needs to be applied adequately to create IT usage behavior that can support the achievement of company goals [1]. Effective IT management is needed to translate all information transparently to stakeholders. Transparency is also a part of good corporate governance. Transparency provides certainty Received: Aug. 18, 2020; received in revised form: Sep. 28, 2020; accepted: Sep. 29, 2020; available online: Oct. 19, 2020. *Corresponding Author to stakeholders regarding the management of company resources innovatively and safely [2].
Furthermore, the implementation of IT governance in a company can provide direction, supervision, and evaluation of IT tools for business processes. The use of IT will provide optimal results. There are measurable controls so that the companies can make improvements if there are obstacles or problems found [1]. However, based on the results of previous studies, the disclosure about IT governance by companies is still limited [2]. So, it is not known certainly by external parties how companies manage their IT resources.
The research results related to IT governance previously show that IT governance frameworks play a role in stimulating accountability and transparency. It increases the reporting of relevant IT information to stakeholders, especially in regulating the strategic function of IT [3]. The use of IT by companies requires adequate supervision in good IT governance, so IT can play an optimal role in creating value for the company [4]. Good IT governance will create better organizational performance. There is a positive relationship between the adoption of IT governance and organizational performance [3,5,6]. Therefore, IT governance is critical to be implemented. Companies need to inform their stakeholders about how the company has maximized IT use to achieve their business goals.
Information about the company's strategy in using IT and how it manages these resources properly is one of the stakeholders' signals. In the current condition of business competition, information about managing company resources is relevant in making investment decisions. Besides the vital role of IT for business processes, IT also indicates the risks associated with the company's management. Therefore, stakeholders must know how the company has anticipated and managed risks related to IT use. Additionally, investors Cite this article as: Weli, "Information Technology Governance Disclosure in Annual Report of Indonesia Financial Institutions", CommIT (Communication & Information Technology) Journal 14(2), 73-80, 2020. may be interested in investing in companies that are known to have proper oversight of their use of IT [2]. Proper IT management shows that companies can cope with the risk of failure due to qualified IT investment. So, disclosure of information related to IT governance, specifically how the company manages IT risk, is necessary to meet the stakeholders' needs.
Recalling the importance of using IT applications in the financial industry and the need to anticipate the failure of using IT is a particular concern of Indonesia's government. Related to IT management, the government has issued several regulations regarding IT governance for the financial industry. Within the IT governance framework, implementing effective risk management in the use of IT becomes urgent. Directors of a financial business entity are responsible for maintaining, supervising, and controlling the quality of information on products and services delivered to their customers [2,3]. They must pay attention to the principles of openness, accuracy, objectivity, trustworthiness, availability, easiness to understand, integrity, and completeness. However, this regulation does not yet apply to non-banking financial companies. The application of this information in this company's financial statements varies because it is only voluntary. Due to the absence of regulations requiring companies to provide detailed information about IT governance, adequate implementation guidelines are not available. Although Bank Indonesia, as the central bank, has issued regulations regarding the implementation of good corporate governance for commercial banks, there is no specific explanation related to IT governance. Thus, in the process, IT governance will follow the principles of transparency, accountability, responsibility, independence, and fairness that are directly related to its implementation. Based on these conditions and the increasingly widespread use of IT by financial companies, it is interesting to study its awareness of managing IT devices for their businesses.
The research uses Signal Theory pioneered by Michael Spence in explaining the relationships be-tween variables. The theory explains management behavior in providing relevant information for optimal use by stakeholders. Disclosure of information to the public by management is an effort to align the desires of stakeholders. Adequate exposure can reduce the problem of information asymmetry between management and stakeholders. Thus, the theory assumes that companies with excellent quality will present relevant and better information to increase their capital [7]. Following that thought, the disclosure of information related to IT Governance is now relevant because IT is the primary tool used by businesses in managing their business processes.
To the best of the researcher's knowledge, there are few studies related to IT governance disclosure other than studies in South Africa [8,9] and Belgium [2]. Previous researchers analyze IT governance disclosure in 40 companies listed on the Johannesburg Stock Exchange (JSE or South Africa Stock Exchange). The study emphasizes risks related to IT management and the level of compliance of companies in South Africa to the disclosure of information on IT Governance in their financial statements. The results show that most companies have not had the level of compliance with the IT Governance requirements required in the King III report yet. Most companies do not understand the needs issued in the King III report. So, only a small proportion of companies is fully compliant [8,9].
Moreover, there is also a previous study of the company's compliance in disclosing IT governance information in Belgium. The results conclude that none of the companies have a high IT governance disclosure level in four categories. The four groups are the alignment of IT strategy (average of 8%), developments in IT aspects (average of 24%), IT risk management (average of 35%), and measurement of IT performance (average of 32%). Besides, financial institutions listed on the Belgium Stock Exchange have IT information disclosure of 35%, while those unlisted companies are 26%. Other results state that the level of IT usage in companies spreading across various industries also influences IT governance disclosure.
In contrast, companies that are not financial institutions have full disclosure of IT governance of 14%. A more in-depth analysis concludes that the company has implemented IT governance but does not report it. Therefore, it is recommended that companies implement IT governance formally. It can also help the board of directors to take preventive actions related to the risk of using IT, detect deficiencies, and take mitigation actions. Some aspects will correctly show that they control IT at the strategic level [2].
The research analyzes IT governance disclosure conditions for financial industry companies in Indonesia Cite this article as: Weli, "Information Technology Governance Disclosure in Annual Report of Indonesia Financial Institutions", CommIT (Communication & Information Technology) Journal 14(2), 73-80, 2020.
following the previous research [2,8,9]. To analyze whether company size and profitability affect the disclosure level, the researcher uses the concept of previous research on corporate governance disclosure [10][11][12][13][14]. Previous research indicates the influence of company size and profitability on the voluntary disclosure of company information.
Regarding companies' costs to prepare and disclose information, the previous study finds that disclosure of the information is a financial burden for small companies. It does not apply to large companies with financial capability [15]. Besides, large companies rely heavily on financial markets to increase their funding. Hence, they are naturally required to disclose more information. Consequently, it can be understood if there is a positive relationship between company size and company disclosure level [11][12][13][14]16].
Previous studies have shown that company size represents different resource capabilities between large and small companies. Managers of large companies are more likely to realize the possibility of higher disclosure benefits. In contrast, smaller companies are more likely to feel that full disclosure can jeopardize their competitive position [10,12]. Thus the first hypothesis is formulated as follows.
H1: Company size influences IT governance disclosure.
Following the perspective of company management, managers tend to express better company conditions. This expression is motivated by the level of profitability achieved. However, the results of previous studies show that when companies experience a decrease in profitability, they tend to express higher corporate governance conditions [14]. Disclosing information will signal that management has managed the company's resources optimally. Good corporate governance can ensure and increase investors' confidence in the company's sustainability.
It is also explained that companies do not voluntarily make extensive disclosures when they do not perform well. However, companies that have excellent performance will voluntarily disclose more detailed information. Moreover, company management with more profit is motivated to reveal more information to support its continued position and increase compensation [15]. Similarly, a high company's profitability can increase the voluntary disclosure of company information [10]. There is also an issue of the effect of profitability on the area of exposure. The results support the statement that there is a significant influence between the two variables, especially disclosing corporate governance information [11]. Thus, the second hypothesis is H2: profitability influences the disclosure on IT governance.
Although the research uses measurement concepts from previous research [2,8,9], it will be expanded by looking at determinants of the extent of the IT governance disclosure. The factors used are the company's essential characteristics, such as company size and profitability. Total assets represent company size, and profitability is assessed by Return on Equity (ROE). ROE is used concerning the company's ability to manage its equity. The research highlights the extent to which companies have revealed IT governance information. In addition to using the specific types of financial industries, the company size and profitability are also thought to be factors in determining the disclosure of information by the company [10,15]. Thus, the purpose of the research can be formulated as follows. First, the research analyzes the level of IT Governance disclosure by financial companies listed on the Indonesia Stock Exchange. Second, the research examines whether company size affects the level of IT governance disclosure. Third, the research also studies whether profitability affects the level of IT governance disclosure.

II. RESEARCH METHOD
The subject of the research is the company's 2017 annual report. Data collection technique is a content analysis of annual reports published on the Indonesia Stock Exchange at the end of the 2017 financial statement period. The content analysis intends to trace all information in the annual report containing an explanation of IT governance items. The data processing methods used are descriptive statistics and logistic regression. Considering the subject of the research is the annual report of financial companies, in analyzing data, the researcher distinguishes public companies between the banking and non-banking financial sectors. This distinction exists because several characteristics of the two types of companies are different, such as the purpose and period of product usage by consumers. Although the measurement for the level of disclosure uses scoring, dependent variables utilize a dummy to distinguish two groups. The data analysis is conducted by using logistic regression. Logistic regression testing is done differently for the two groups. Decision making in the logistic regression test compares the significance value of the output of the SPSS program output. If the result of the significance value is lower than the specified significance value, it means that Cite this article as: Weli, "Information Technology Governance Disclosure in Annual Report of Indonesia Financial Institutions", CommIT (Communication & Information Technology) Journal 14(2), 73-80, 2020. The insurance of the risk committee that the risks associated with IT can be understood, prevented, and overcome if it cannot avoid the risk Adequate guarantees by the risk committee that aspects of control have been implemented and are useful in dealing with risks related to IT issues Consideration of the audit committee regarding IT as part of the company in the future because this aspect relates to the published financial statements Consideration of audit committee regarding the use of technology to increase the reach and efficiency of audits the independent variable has a significant effect on the dependent variable. Next, the researcher compares the significance results between the two groups and conclude the hypotheses.

A. Research Variable
IT governance disclosure describes the amount of information disclosed related to IT governance practices. The measurement of this variable uses a combination of research instruments by [2,8]. It consists of seven inforfmation criteria related to IT governance disclosure based on King III regulations in South Africa. Those are adjusted to the requirements proposed by the Information Systems Audit and Control Association (ISACA). The results of the two instruments combination from the previous study consist of 7 criteria with 25 items of statements, as presented in Table I. The measurements are made by assigning 1 on the company's score of IT governance disclosure in the annual report. Conversely, a score of 0 is assigned by assuming that the information is not available. The overall assessment of the IT governance score is the sum of the proportional scores for all seven criteria.

III. RESULTS AND DISCUSSION
The description of the variables used in the research is summarized in Table II. The descriptive analysis results give an idea of the company's average ability to generate returns from the shareholder's investment. The result is relatively low, which is only 5.06%. Then, the average company size assessed from the total assets is 299.39 trillion Rupiah. Meanwhile, the average score of IT governance disclosure is 14 items out of 25 points considered. This score gives the idea that the average company has revealed more than 50% of the criteria assessed.
The next analysis is a general description of the information disclosure level on IT governance held by financial companies. As summarized in Table III, it shows that more than 50% of financial companies have disclosed high IT governance information, with a score of more than 0.75. However, the companies with the Cite this article as: Weli, "Information Technology Governance Disclosure in Annual Report of Indonesia Financial Institutions", CommIT (Communication & Information Technology) Journal 14(2), 73-80, 2020.  highest level disclosure are only 15.79% with a score above 0.80. Also, the companies that do not disclose IT governance information at all have the same proportion of 15.79%. Surprisingly, the results show no financial companies that do full disclosure of IT governance in their annual reports. Furthermore, the disclosure of each criterion is described. Based on the data presented in Table IV, the most disclosed information is in the first criterion (responsibilities of the Board of Directors) and the fifth criterion (IT risk management). Meanwhile, the information that is rarely disclosed by companies is the fourth criterion (monitoring and evaluation of activities related to the value of significant IT investments). For individual items, information that is widely disclosed by companies is IT governance as part of the plan to be implemented by the Board of Directors and integration between IT strategy, company strategy, and business processes. In contrast, information that is not disclosed by the company at all is about effective information management and personal information protection with an adequate level of security.
After getting a general description of the application of IT governance disclosure, the next is the analysis related to hypothesis testing. Because the dependent variable of this research is categorical, hypothesis testing uses a logistic regression test. Logistic regression is a tool that tests whether the independent variables (company size and profitability) affect IT government disclosure based on banking and non-banking financial groups. The following are the stages in testing using the logistic regression test [17].
First, the researcher assesses the overall model. As seen in Table V, the comparison of the value of -2 initial log-likelihood (block number= 0) with -2 final log-likelihood (block number= 1) shows a decrease in value. It means that the addition of independent variables into the model can improve the model fit and deliver a better regression model. In other words, the model hypothesized fits with the data. Using the information in Table V, the Nagelkerke R Square value is 0.402 for the banking group and 0.177 for the non-banking financial group. It shows the independent variable can explain IT governance disclosure about 40.2% for the banking group and 17.7% for the nonbanking financial group.
Second, the researcher assesses the model feasibility. The following is a procedure to determine the feasibility of a logistic regression model. Assessment of the feasibility of the regression model considers the goodness of fit model measured by chi-square using the Hosmer-Lemeshow test. As summarized in Table V, the results of the Hosmer-Lemeshow test have significance values of 0.337 and 0.177. The significant value obtained is above 0.05. It means it cannot reject the null hypothesis. This score explains that the model can predict the value of its observations, or the model can be accepted because it matches the observational data. So, the process can carry out further analysis. Other information is the value of the classification matrix by looking at the value in percentage correct. The model shows that the predictive power of IT governance information disclosure is 96.88% for the banking group and 65.9% for the non-banking financial group.
Third, the researcher tests the hypotheses. Based on the SPSS output of the logistic regression test, the significance value obtained for the company size is 0.86 for the banking group and 0.02 for the nonbanking financial group. For profitability, it is 0.06 in the banking group and 0.39 in the non-banking financial group. This significance value indicates that the company size influences IT governance disclosure only for non-banking financial groups. On the contrary, profitability affects IT governance disclosure only for banking groups. This result concludes that there are differences in IT governance disclosure determinants Cite this article as: Weli, "Information Technology Governance Disclosure in Annual Report of Indonesia Financial Institutions", CommIT (Communication & Information Technology) Journal 14(2), 73-80, 2020. Information about the framework of IT governance in the corporate structure 80.26 IT governance as part of the plan to be implemented by the Board of Directors 81.58 2. Alignment of IT strategies with performance and goals in the company 60.00 Integration between IT strategy, company strategy, and business processes 81.58 The definition of the proportion of IT values 9.21 Maintenance and validation regarding the application of IT aspects 75.00 Consideration of the negative impacts that can occur related to the application of IT aspects to the business environment in the company 60.53 The process to identify and take advantage of opportunities to improve the company's performance and sustainability by utilizing IT aspects 73.68 3. Management of IT governance framework 52.19 Delegation of the implementation of structures, processes, and mechanisms for IT governance to management 75.  for both banking and non-banking financial groups with different variable conditions. The variable that has a significant effect on IT governance disclosure in the banking sector is profitability represented by ROE. Meanwhile, for the non-banking financial sector, it is company size represented by total assets. Thus, it can be said that the data of the research provide support for H1 for the non-banking financial group and H2 for the banking group.
Descriptive analysis results show that although disclosures related to IT governance are still voluntary, in practice, most financial companies have disclosed this information even at average scores. The analysis also indicates that not a single company has made full disclosure. The company has not provided information about the amount of spending on IT investment, the benefits of using IT, and effective information management related to the protection of personal information. The company views information related to spending on IT to be very sensitive to disclose to the public. More-Cite this article as: Weli, "Information Technology Governance Disclosure in Annual Report of Indonesia Financial Institutions", CommIT (Communication & Information Technology) Journal 14(2), 73-80, 2020. over, the security of personal data has not received companies' attention in their IT governance concepts.
The results show better value in terms of disclosure compared to previous research by [2,8,9]. The value of IT governance disclosure by financial companies in Indonesia is better than scores in South Africa and Belgium. As presented in Table IV, the average total score for IT governance disclosure of the sample companies is 57. This score is greater than the results of studies by [2] in Belgium showing an average total score of 24.75 and [8,9] in South Africa having only scores of 40 and 38 respectively. This result signals that companies in Indonesia currently have a reasonably good understanding of IT governance compared to the studies in South Africa and Belgium.
The data analysis results provide partial support for the different types of companies for the two research hypotheses. The effect of company size on the disclosure level in the non-banking financial sector represented by total assets affects information disclosure. The larger the company size is, the broader disclosed information to the public will be. By following previous researchers [7,[11][12][13][14][15], the research provides empirical support that the company size is the company's financial capability in determining IT governance. Large companies have the power to monitor from more substantial stakeholders, so companies are very interested in informing the implementation of their broad IT governance [12]. In addition to the availability of financial resources, funding demands allow large companies to disclose more information. Large companies are interested in attracting investors' attention by making broader disclosures [16]. However, smaller companies will generally consider it unnecessary to disclose information related to the use of IT in connection with business competition issues [14]. Moreover, from the use of IT, large companies have more ability to innovate using IT than small companies [18].
The effect of profitability on the level of IT governance disclosure for the banking sector supports the results of previous studies [10,11,[14][15][16]. The companies with better performance will try to provide as much information as possible for their stakeholders, especially the good governance of company resources. In line with the Signal theory, companies with better conditions tend to disclose more relevant and extensive information. Companies with high profitability try to give a good signal related to IT governance concerning the efficiency and effectiveness of managing IT-based business processes.

IV. CONCLUSION
The research aims to analyze the extent to which financial companies are distinguished between banking and non-banking financial sectors to disclose their IT governance. The data analysis results show that most companies have carried out voluntary IT governance disclosure with moderate value. The hypothesis test results provide different support for the bank and nonbanking financial industries for the influence of company size and profitability on IT governance disclosure. The determinant of IT governance disclosure for the banking industry is profitability. Meanwhile, for the non-banking financial sector, it is the company size. The different results between the banking and nonbanking financial sectors indicate that the use of IT in the two types of companies has a different focus. In the banking industry, the use of IT is reasonable because the operating environment relies heavily on it. However, the non-banking financial sectors do not have a primary focus on IT systems in managing their business processes.
The research provides a theoretical contribution related to the study of information disclosure, especially in IT governance. Company size and profitability are the determinants of information disclosure extent. Besides, this study examines these differences by differentiating the financial industry between banking and non-banking financial sectors. In conclusion, these two types of businesses in the financial sector have different IT management characteristics.
The research has limitation in data collection which is carried out by content analysis in annual reports. Companies can implement IT governance in practice, but they do not disclose it in their annual reports for one or another reason. Future research can conduct direct surveys or interviews with relevant stakeholders so that it will get a complete picture of how IT governance practices are carried out by companies with an in-depth interview method. It will also gain a broader understanding of the factors that determine the IT governance disclosure, in addition to the company size and profitability.