Combining SDLC Method and ITIL Framework by Involving Auditors

The framework that provides best practice in IT service management is called IT Infrastructure Library (ITIL). The IT service management leads to the management of a service, this service is generated through the system development process. Each system has a different scale, characteristics, requirements, types, and properties but has the same stage in its development, that is by implementing the System Development Life Cycle (SDLC) Software developers on IT projects must implement SDLC by selecting a particular model process. But many IT development teams do not pay attention to software management frameworks or standards so that they will experience difficulties in planning, reporting work results, monitoring, controlling, etc., especially when all personnel in the team don’t have sufficient experience. It would be better if every software house company and IT Consultant applies the general framework and standardization so that the software development process will be more directed and produced high quality services. In conducting the SDLC process, an accountant is needed, in this case the auditor who has a role as an information provider in describing business processes in a company activity, the auditor also plays a role as controller that ensuring the system is in accordance with accounting regulations, and accountants also act as checker of the system so that the auditors must involved in the initial design of a system. The application of ITIL in the SDLC process will have an impact on the ease of the auditor in carrying out the duties.


INTRODUCTION
The rapid development of technology has a great influence to all areas of life. The existing companies, agencies and organizations must apply information technology to support their competitive advantage. This triggered the emergence of software developments in various fields. Even some organization already have an IT team and develop the software they need by themselves. But there are several organizations that are not ready to develop their own systems and will involve third parties in the projects form.
The software developers both from the institutions themselves and those from consultants must apply SDLC by choosing a particular process model. But many IT development teams do not pay attention to the framework or standards of software management so that they will experience difficulties both in terms of planning, reporting the results of work, monitoring, controlling, etc., especially when all personnel in the team do not have sufficient experience. It is better if every software house company and IT Consultant apply a common framework and standardization so that the software development process will be more directed.
At this time, there are a lot of developing frameworks and standards in the IT field, including the software management, which can help companies as a guide in carrying out activities related to IT. One of them is the framework that provides best practices in IT service management, namely the IT Infrastructure Library (ITIL). ITIL provides guidance in managing IT services in generating IT service management.
In the construction of a system, it will need another field of science, one of which is accounting. An accountant will perform his role as a user, designer, and auditor. Accountants will implement accounting principles, auditing principles, techniques of information systems, and system development methods. The development of a system that involves accountants is a collaborative effort between accountants and IT developers. Accountants are responsible for their conceptual systems while the IT developers are responsible for their physical systems.
By combining and harmonizing the ITIL framework in the SDLC process and also involving accountants, it can be mutually reinforcing with each other so that it can produce ideal guidelines and IT services management for managing IT projects

MATERIALS AND METHODS
This research was conducted using inductive reasoning by presenting descriptive methods. Descriptive method according to Nazir (1988: 63) is a method in examining a group of people, objects, conditions, systems of thought, or events in the present. The data collection techniques are using observation and survey. Literature studies and observations were conducted to examine the SDLC methodology, ITIL Framework, and the role of auditors used by IT companies

RESULTS AND DISCUSSION IT Infrastructure Library (ITIL) V 3 Component
Information Technology Infrastructure Library (ITIL) is a framework that describes best practice in the application of information technology service management. IT Service Management is a process to manage an IT service in the form of a product or service effectively and efficiently in order to improve the quality of IT services. The IT Infrastructure Library (ITIL) provides a series of process and function models that can be used as a guide in efforts to align IT processes and business processes, especially those related to IT service management (Rachmi et al. 2014). ITIL provides a best practice framework to identify, plan, deliver, improve and support IT services. ITIL can align IT services to suit business requires (Jacobs and Harris, 2014). ITIL is a 'Good Practice' Framework for IT Service Management. ITIL more functional as an ADOPT & ADAPT guide, meaning companies are allowed to adopt all guidelines from ITIL but may be adapted according to the conditions of their respective companies. In addition, ITIL is the most widely used framework for IT Service Management in the world (Palvolgyi, 2007).

ITIL benefits
Before discussing the benefits of implementing ITIL, there are several reasons why ITIL is required, including: 1. Initially, the IT division was only seen as support team for business, but now the IT division has become part of the business so we must increase business dependence on IT services 2. With ITIL, we can reduce the risk of failure of IT services 3. Increase customer expectations for IT by providing quality services While some benefits to the application of ITIL include (Wibowo, 2006): 1. Increasing the satisfaction of users and customers with IT services 2. Increased availability of services, which directly impacts on business profits 3. Financial savings from reduced rework, loss of time and better management of management resources 4. Better decision making 5. Minimize the risk

ITIL Comparison with Other Frameworks and Standards
The IT world has many frameworks, methods and standards for managing all of their needs. Organizations or companies can choose which framework or standard will be implemented according to the requirements and circumstances of their respective institutions (OGC, 2007). Every framework and standard must have a relationship between one another. Likewise with ITIL that has harmony with the framework and other standards.
The following describes ITIL's position against other standards: If seen from figure 1, ITIL has a higher level of detail than other standards (indicated by the ITIL position on the HOW axis which looks bigger). This means that ITIL provides a complete guide based on best practice for managing a service. For other frameworks and standards whose position is above ITIL means just explaining in general, not explaining how and what to do. While the scope of ITIL is smaller than COSO and COBIT, because ITIL is more focused only on the IT sector.
In the cycle of ITIL V3, there are five main processes or stages which are as a series of coordinated activities, the application of resources and the ability to produce value for customers. This stage in ITIL is usually better known as "IT Service Lifecycle". The five stages of the ITIL process are Service Strategy, Service Design, Service Transition, Service Operation, and Continual Service Improvement. ITIL V3 Service Lifecycle can be seen in Figure 2 (Al-Maghraby, 2008): Every stage in the IT Service Lifecycle has its own key processes and activities. Below is described about the key process and activities of each stage of The detailed explanation for each stage is as follows: 1. Strategy Service At this stage, it contains a plan to determine what services will be managed in a certain period of time which will later be included in the portfolio service. Activities carried out in this stage are: a. Analyze business requirements to determine what services will be managed

. Service Operation
This stage is a process to care of, maintain, and repair the services so that it will appropriate with the SLA (Service Level Agreement).

Continual Service Improvement
This stage is the process of monitoring and evaluating services whether the service is still feasible to support the business, whether the service requires the addition of modules and features, and what is required to improve service quality.

System Development Life Cycle (SDLC) Process
Basically System Development Life Cycle (SDLC) consists of five phases, that is planning, analysis, design, implementation and maintenance, but with the development of information system, SDLC also develops. Some experts describe SDLC in different terms, but actually, the content of each phase is same. According to Jogiyanto (2005), SDLC phases will be explained below: 1. Planning Each phases always begin with planning. The fuction of each planning is to support the success of achieving goals and provide measures or guides for controlling the process. According to Jogiyanto (2005), what is performed in the planning stage included: -Plan the system projects that consist of short-term planning and long-term planning. -Determine the system projects that will be developed. -Defines the system projects.

Analysis System
What is performed in the analysis system phase included: -Identifying and evaluating problems, opportunities, constraints that occur, and expected needs so that improvements can be proposed. Here is also carried out identification of key personnel who can directly or indirectly cause problems.
the IT Service Lifecycle:

Figure 3 Key Process and Activities from the IT Service Lifecycle
-Understanding the work of the existing system by conducting research. -Analyzing the system based on the results of research that has been done, which includes analysis of system weaknesses and information needs for users / management. -Make a report of analysis result.

Design
This phase consists of: a. General Design -Information system components are designed with the aim to be communicated to the user not to programmers. -Model design, identification of inputs, outputs, databases, and general use of technology -Defining functional requirements -Preparation for design implementation -Describe how a system is formed -Depiction, planning and making sketches or arrangements of several separate elements into a single unit that is intact and functioning. -Configure software and hardware components.

b. Detailed Design
The purpose of this design phase is to meet the needs of the users, as well as provide a clear picture and complete design to computer programmers and other technical experts involved.
-Detailed output design, which determines how and what the system output looks like -Detailed input design -The dialog design at the terminal layer includes the main display and menus in the information system -Detailed database design by defining the contents or structure of each file that has been identified in general design, and must be able to be used to produce output. -Detailed technological design -Model design and detailed control that can be in the form of a computer program design such as modular program design. -Make detailed system design reports c. Selection System -Choose the use of technology from technology providers -Request a proposal from the seller -Filter sellers -Evaluating the seller who passed the filter -Make a contract System selection is the stage for choosing hardware and software for information systems. This phase generally provides the main point for investment decisions. Therefore in this system selection the value of system quality and the costs / benefits of the report with the project system are carefully assessed and described in the system evaluation and selection report. If none of the conceptual design alternatives that produced in the system design phase generally prove justifiable, then all alternatives will be discarded. Usually, several alternatives must be proven justified, and one of them with the highest score is chosen for the final job. If one alternative design has been chosen, a recommendation will be made for this system and a timetable for designing the details.

Implementation
System implementation is the stage of putting the system in order to be ready to operate, while the stages are as follows: a. Implementation of the implementation plan The implementation plan is the initial activity of the system implementation phase, the implementation plan is intended to regulate the costs and time needed during the implementation phase. In this implementation plan all costs incurred for implementation activities need to be budgeted in the form of a budget. b. Execution of implementation activities Consists of: -Selecting and training of personnel Personnel is a factor needed in information systems, if you want a successful information system. Personnels that are involved must be given sufficient knowledge about their system, position and duties.
-Installation of hardware and software.
-Programming and testing programs.
Programming is the activity of writing program code to be executed by a computer, the program code written must be based on the documentation provided by the system analyst. After the program is finished then performs the testing to avoid writing errors, process errors and logical errors.

-Testing System
System testing is performed after testing the program, with the aim to ensure that all elements or system components have functioned as expected.

Maintenance
The importance of system maintenance is because there is always the possibility that the system leaves errors which are not detected during testing system.

The Role of Accountants in the SDLC Process
The involvement of accountants in this case as auditors can be reviewed from each stage in SDLC, that is: 1. Planning stage According to Hall (2001), in planning stage, accountants or internal auditors are often asked to provide their expertise to evaluate the feasibility of a project, review the issue of economic feasibility, feasibility of internal control system planning and feasibility of operations.

Stage of analysis system
According to Boockholdt (1996), the role of the auditor at this stage is to supply audit reports on the system to be tested by the study team. An accountant with a formal and informal education background shows that he has the expertise to carry out analysis system. Accountants will conduct a system survey to understand the important elements of the system currently in use and determine the end-user information requirements, internal control standards, audit trail requirements, and mandated procedures are clearly important tasks to determine the new system requirements. So that it is expected that the system will be compatible with the advanced audit that will be used.

Stage of design system
In this stage, accountants play an important role in utilizing their technical expertise. This role is carried out in terms of: Conceptual design system where accountants are responsible for conceptual systems (logical information flows) and professionals system are responsible for the physical system (technical work for building systems). To play this role, accountants must consider that each system must be adequately controlled, audit trails which must be preserved, accounting conversions and legal requirements must be understood. According to Boockholdt (1996), in this stage, the accountant must reviews: a. Reports, identify information needed in reports for control and auditability b. Processing steps, where the auditor must suggest the control procedures c. Equipment Selection, ensuring that those selected are in accordance with the company policy. d. Data file, specify that data will be accurately maintained during replacement to the new system.

Stage of implementation system
In this stage, the internal auditor must be involved by the following ways: a. Specify documentation standards. Internal auditors participate in determining the system documentation specifications so that the examination can be easy, then accountants must actively encourage system users to obey the standard documentation that has been applied. b. Verify control eligibility.
This task is not solely independent but is a series of proposed internal control structures created by internal auditors in the previous phase. In this implementation stage, they will review whether the SPI that has been determined has sufficient limitations or not. c. Review the conversion of the old system to the new system. To ensure that data is accurate during the replacement process. Review of the accuracy of test data and test results.

Stage of Operation system
In this stage, the auditor evaluates and assesses the accuracy of controls in system operations, related to system maintenance. The internal auditor also must actively monitor whether the stage of operating system is in accordance with the operating standards that have been set previously.

CONCLUSIONS AND SUGGESTION
Every software development is indirectly using SDLC, if the developer understands about the ITIL framework and implements it as a supporter in the SDLC, the resulting system will be higher quality and in accordance with the User's requirements. So that, it will minimize the effort in maintenance and IT service management stages. The ITIL Framework that is currently available can be used as a complete guide to running SDLC. This is because the stages in ITIL are explained in more detail and supported by the resulting document formats so that it can facilitate developers in running SDLC and minimizing the risks that will occur later. In the implementation of SDLC and software development, accountants, in this case are internal auditors, have an important role so that they must be involved from the initial stages of SDLC. Involving the auditor from the initial stages will eventually facilitate the auditors in auditing a system that has been built and implemented. In developing a system, the auditor also will determine whether the proposed system will have risks in controlling or not.