(IJCST-V11I3P20) :helmi Mulyadi, Fajar Masya

Download as pdf or txt
Download as pdf or txt
You are on page 1of 8

International Journal of Computer Science Trends and Technology (IJCST) – Volume 11 Issue 3, May-Jun 2023

RESEARCH ARTICLE OPEN ACCESS

Evaluation Of Information Technology Risk Management in Crm


Services Using The 2019 Cobit Framework (Case Study:
Jakarta Smart City)
Helmi Mulyadi [1], Fajar Masya [2]
Mercu Buana University
Fajar Masya
ABSTRACT
Jakarta Smart City (JSC) is a management unit under the Communications Office of the DKI Jakarta Provincial Government of
Communication, Information, and Statistics. Tasked with optimizing the use of technology in order to maximize public services
in Jakarta. One of the services managed by Jakarta Smart City is Rapid Community Response (CRM). CRM is an application
that is integrated into the JSC system to improve the efficiency and effectiveness of public complaints services for SKPD,
UKPD, and BUMD so that they can coordinate and complete citizen reports more easily. This research was conducted because
JSC has never conducted an information technology (IT) risk management evaluation to determine the level of risk management
capability that has been achieved. This research is expected to improve the agency's ability to manage each risk. The
governance analysis was carried out using the COBIT 2019 framework to measure the level of risk management capability. The
research method used is qualitative.
Keywords: Jakarta Smart City, Cobit 2019, Risk.

under and is responsible for the Head of the DKI Jakarta


I. INTRODUCTION Province Communication, Informatics, and Statistics
Jakarta Smart City (JSC) is one of the BLUDs (regional Office. JSC has the task of organizing ecosystem
public service agencies) under the DKI Jakarta Provincial development for the implementation of provinces and
Government's Office of Communication, Information, smart cities in the DKI Jakarta Provincial Government
and Statistics. Founded at the end of 2015, Jakarta Smart area. [2]
City, or JSC, was initiated to optimize the use of
technology to maximize public services in Jakarta. COBIT is an IT management framework developed by
Technology is developed, procedures are transformed ISACA to help organizations develop, organize, and
into digital, access is wide open, Pemprov DKI Jakarta implement strategies around IT governance. COBIT
blends in with the people, and everything is done so that 2019 is an evolution of the previous version. In 2018,
Jakarta can be better and more friendly and make citizens ISACA announced and updated the COBIT version to
happy. COBIT 2019. This updated version of COBIT is
In its implementation, JSC has never conducted an designed to keep evolving. COBIT 2019 was introduced
information technology (IT) risk management evaluation to build a governance strategy that is more flexible,
to determine the level of risk management capability that collaborative, and able to cope with new, changing
has been achieved. With this, it is expected to increase technologies. [3]
the agency's ability to manage every risk.
This stub dy uses the COBIT 2019 framework, or any COBIT 2019 also improves various fields from the
framework that can be used as a recommendation for previous COBIT version, namely flexibility and
corporate IT governance, namely COBIT 2019. COBIT openness, while adding new focus areas such as currency
2019, or Control Objective for Information and Related and relevance, supporting reference and alignment of
Technology, is an international standard framework that 13 concepts from previous sources: perspective
can produce an assessment of IT governance and assess application is descriptive and prescriptive;
the level of capability owned by the IT organization. implementation of governance is
COBIT 2019 has a reference process model consisting of
five domains. EDM (evaluate, direct, and monitor), APO adjusted to its components; performance management of IT,
(align, plan, and organize), BAI (build, acquire, and the structure of the management model is more conceptual.
implement), DSS (deliver, service, and support), and [5]
MEA (monitor, evaluate, and assess) consist of a
collection of 40 IT governance and management COBIT 2019 has five (five) process capability models to
processes. [1] measure the process capability level of information
technology governance, which consist of the EDM, APO,
Jakarta Smart City is a management unit that is located

ISSN: 2347-8578 www.ijcstjournal.org Page 140


International Journal of Computer Science Trends and Technology (IJCST) – Volume 11 Issue 3, May-Jun 2023
BAI, DSS, and MEA domains and consist of a collection of and Analysis Manager.
40 IT governance and management processes.
Data collection technique
In the 2019 COBIT framework, the assessment process no Research data collection was carried out using
longer uses the COBIT 5 PAM-based process capability qualitative methods. In terms of data collection, Gill
assessment model but applies a capability model with et al. (2008) suggest that there are several types of
capability levels that supports a CMMI-based process data collection methods in qualitative research,
capability scheme. Processes within each of the governance namely observation, visual analysis, literature study,
and management objectives can operate at various and interviews (individual or group). [7] The author
proficiency levels, ranging from 0 to 5. Capability level is a collects data by means of observation, literature
measure of how well a process is implemented and study, and interviews. Observation is the process of
performed. The following figure describes the model, the obtaining first-hand data by observing people and
levels of increasing ability, and the general characteristics the location of the research. Literature study is a
of each level (ISACA, 2019). technique that is carried out by studying data related
to research problems. Interviewing is a technique in
The COBIT core model provides capability levels for all field studies that is carried out by asking questions
process activities, enabling a clear definition of the and having them answered by the resource person.
processes and activities required to achieve different
capability levels. So that the assessment of process and Research Flowchart
capability activities will be adjusted based on the levels A flow chart is used as a reference in the research
contained in the COBIT 2019 framework: governance and stage. divided into several stages (phase) refers to
management objectives, in accordance with each process the phase of the cycle implementation. COBIT 2019
objective. That way, if the capability-level activities carried Implementation Guide The following stages
out reach the full capability level, it can continue to execute describe the steps from the beginning to the end of
the activity assessment to the next level to find out what the research process, so that it takes place
level of capability the company is at. The following is a systematically:
rating of process activities to determine capability. [4]

II. RESEARCH METHODS


The methodology used in this study uses qualitative and
quantitative methodologies:

Qualitative methodology is a research procedure that


produces data that is abstract in nature because it is in the
form of words and subjective because it is based on the
opinion or conclusions of the qualitative data in this study
are observational data and interview data.
Quantitative methodology is a research procedure that
produces data in the form of numbers, namely numbers
whose value can change according to the influencing This
data is usually processed by mathematical or statistical
calculations. Quantitative data serves to test the truth of
research based on existing concepts. Quantitative data in
this study is in the form of questionnaire results, which are
distributed among the respondents.
(a) Data source
The research data comes from observations,
literature studies and interviews at the Jakarta Smart
City Management Unit (JSC), located at the DKI
Fig. 1 Research Flowchart
Jakarta City Hall Building, Jl. Merdeka Square Cell.
No. 8–9. A literature study is carried out by
analyzing policies issued by the governor regarding
What are the drivers?
services and case study locations to be examined.
Research begins with demystifying problems and
The interview was conducted by the author with Mr.
recognizing problems through observation, literature study,
Rahan Yama Gusta, Head of System Development
and interviews. After demystifying the problem, the
Executive Unit and Team Products Development

ISSN: 2347-8578 www.ijcstjournal.org Page 141


International Journal of Computer Science Trends and Technology (IJCST) – Volume 11 Issue 3, May-Jun 2023
formulation of the problem and the research were 3 Chief Head of nformation 1
determined. The formulation of this problem considers the Technology Technology nfrastructure
Officer mplementation Unit
limitations of the research as well as the research
objectives.
The table shows the stakeholders which are the standards
Where are we now? from COBIT 2019 which are aligned with the JSC
This stage is carried out to determine conditions for risk organizational structure.
management in Jakarta Smart City. Starting with
understanding the condition of the risk management Findings, Gaps, and Recommendations
process that exists at JSC for managing risk and then After knowing the results of the current capability level and
conducting an assessment of the risk management the maximum value in the EDM03 (Ensuring Risk
implemented by JSC. After carrying out the assessment, Optimization) and APO12 (Risk Management) domains for
you will find out the current condition of JSC risk the expected increase targets, it is necessary to carry out
management and determine the targets to be aimed at. further analysis of the business processes of CRM services
in Jakarta Smart City. Various findings from the capability-
Where do we want to be? level data processing and the gaps dented through this
The stage of determining the targets to be addressed in this analysis will be used as a basis for denting potential
research The target to be addressed is based on findings improvements to the ongoing process. Furthermore,
from the process of mapping and processing capability recommendations are designed with the aim of providing
data, analyzing emerging gaps, and identifying potential solutions that can be implemented by Jakarta Smart City to
improvements that can be made to the ongoing process. increase the effectiveness and efficiency of the available
Then, after that, design recommendations will be given to CRM services. It is hoped that the recommendations
JSC, which we hope can later be implemented. provided will help Jakarta Smart City achieve these goals.
[7]

III. RESULTS AND DISCUSSION 1. Process Name: EDM03.01 (Evaluate risk


Based on the roles and responsibilities in the organizational management)
structure, functional parts related to the business process Findings:
management system that represent the respondents can be Risk evaluation in Jakarta Smart City has reached a
mapped. Based on the results of the RACI chart mapping, level of capability at level 3, with an average value of
it was determined that respondents had a direct role in 2.97. Even so, there are still activities that are not
carrying out an activity, with the following explanation: optimal because they are currently in the process of
achieving goals related to determining the level of
Table 1 Role RACI EDM.03 risk tolerance for risk choices in Jakarta Smart City.
As a result, there are still acceptable temporary
No Role (Raci) Position at JSC Amount deviations in the selection of risks that occur.
1 Chief System Development 1 gaps:
information mplementation Unit a. There is no specific risk tolerance level for risk
Officer
(Through IT Development choices in CRM services in Jakarta Smart City.
Division)
b. Risks to corporate values related to the use of
2 Chief Data Center & Network 1 information technology and CRM services in
information Manager Jakarta Smart City have not been
Security
Officer
comprehensively identified, so they can have a
negative impact on service operations and the
government's
Table 2 Role RACI APO.12 c. The absence of regular evaluation of the impact of
current risks and the future use of information
No Role (Raci) Position at JSC Amount technology in the company may result in risks
1 Chief System Development 1 being taken that are not in line with the risk
nformation mplementation Unit (Through appetite of the company's values and lead to
Officer T Development Division)
ineffective risk management.
2 Chief Data Center & Network 1 Recommendation:
nformation Manager a. Determine the level of risk tolerance for specific
Security risk choices in Jakarta Smart City by involving the
Officer risk management and information technology
teams.

ISSN: 2347-8578 www.ijcstjournal.org Page 142


International Journal of Computer Science Trends and Technology (IJCST) – Volume 11 Issue 3, May-Jun 2023
b. Identify and manage risks to company values b. There is no planning, monitoring, or adjustment of
related to the use of information technology in a relevant data recording about the company's
comprehensive manner through CRM services in internal and external operating environments.
Jakarta Smart City. c. There is no process for developing or adopting a
c. Conduct regular evaluations of the impact of consistent risk taxonomy of risk scenarios and the
current risks and future use of technology in the impact of each category.
company, involving the risk management team d. There is no operational process with certain
and information technology, to ensure that the limitations to conduct historical surveys and
company's risk appetite is appropriate and that information technology risk data analysis.
risks to corporate values related to the use of e. There's no operating process with certain
information technology have been identified and limitations for similar classes of events, especially
managed well. in the rules for data collection, and the factors
highlighted have not contributed according to the
2. Process Name: EDM03.02 (Provide Risk general factors of various events.
Management Direction)
So far, no gaps or deficiencies have been identified. Recommendation:
These findings state that Jakarta Smart City has a. Identify the type of data needed to carry out a risk
reached a level of capability in providing risk analysis, such as data regarding system
management direction with a score of 3.00. In vulnerabilities, activity logs, or user data. Then,
addition, several activities related to developing the carry out consistent data collection and
risk strategy integration process, developing a risk classification methods, such as using the same
communication plan, developing a rapid response template or data format. After that, the data can
mechanism to changes in risk, reporting risk to be analyzed using predefined methods, such as
management level, analyzing various reports provided quantitative or qualitative methods, and
by certain parties, and focusing on key objectives and monitored and adjusted periodically by Jakarta
metrics for governance have been well implemented Smart City.
and developed. b. Determine the type of relevant data, such as data
3. Process Name: EDM03.03 (Monitor risk regarding operational policies and procedures,
management) market conditions, or JSC financial data.
So far, no gaps or deficiencies have been identified in Furthermore, the data needs to be recorded
the findings presented. These findings state that systematically, for example, using a centralized
Jakarta Smart City has reached a level of capability in database system. Monitoring and adjustments
monitoring risk management with a score of 3.00. In are carried out by periodically evaluating the
addition, several related activities include reporting recorded data and making the necessary
any risks to the board or executive committee, changes.
monitoring the risk profile that is below the c. Identify relevant risk categories, for example,
company's tolerance threshold, monitoring the main operational risk, financial risk, or reputation risk
objectives and risk governance metrics, and carrying at JSC. Then, it is necessary to define criteria
out risk reviews from stakeholders on the company's and risk scenarios according to each risk
progress. and well developed. category. This taxonomy process needs to be
4. Process Name: APO12.01 (Collecting data) carried out consistently and with periodic
Findings: evaluations to adapt to the development of the
Data collection in Jakarta Smart City has reached a existing situation and conditions.
level of capability at level 3, with an average value of d. Provides limitations on historical data regarding
2.82. Even so, there are still activities that are not information technology risk events that have
optimal, such as methods of collecting, classifying, occurred at JSC, such as malware attacks or data
and analyzing company data, then recording JSC leaks. Then, the data is analyzed and processed
internal and external operating environment data, using certain methods, such as statistical
developing processes for adopting or determining a analysis, to understand the characteristics of the
risk taxonomy, operating historical surveys, and data information technology risks that have occurred.
analysis. risks, and the operation of classes of events This operational process needs to be carried out
highlighted according to the general contributing regularly to update the data and risk analysis.
factors has not been implemented properly. e. Provide limitations regarding the types of events
gaps: or events that exist in the JSC, then establish the
a. There is no planning, monitoring, and adjustment same data collection rules, deny and give weight
of data collection, classification, and analysis to the relevant factors, and carry out operational
methods related to information technology risks.

ISSN: 2347-8578 www.ijcstjournal.org Page 143


International Journal of Computer Science Trends and Technology (IJCST) – Volume 11 Issue 3, May-Jun 2023
processes on a regular basis to ensure the b. There is no adequate planning and
highlighted data and factors remain relevant. monitoring for inventorying business
processes and documenting information
5. Process Name: APO12.02 (Analyze Risk) Technology service management processes
Findings: and information technology infrastructure
Risk evaluation in Jakarta Smart City has reached a resources.
level of capability at level 3, with an average value of c. There's no integration between the T risk
2.97. Even so, there are still activities that are not management system and the overall
optimal because there is still no implementation of enterprise risk management system.
process development to compare the risks of Recommendation:
information technology losses that are happening with 1. Create and implement policies and procedures to
acceptable risk appetite and risk tolerance. deny inventory business processes and document
unacceptable risks or increased risks. information technology service management
gaps: processes and information technology
1. There's no process development implementation infrastructure resources, including defining
to compare information technology loss exposure support personnel, applications, infrastructure,
with risk appetite and risk tolerance that's facilities, important manual records, vendors,
acceptable to Jakarta Smart City. suppliers, and outsourcing. Planning, monitoring,
2. Lack of deniability of unacceptable or escalating and regular adjustments are also necessary to keep
risks inventories up to date.
Recommendation: 2. Develop a T risk management system that is
1. Developing a process to compare loss exposure integrated with the Jakarta Smart City risk
related to information technology with acceptable management system as a whole and carry out
risk appetite and risk tolerance so that JSC can planning, monitoring, and adjustments on a
find out whether the risk has been optimal or still regular basis to aggregate risk scenarios based on
needs to be followed up by JSC categories, business lines, and functional areas.
2. Increasing the identification of risks that are 3. Implement a T risk management system that is
unacceptable or increasing so that they can be integrated with JSC's risk management system as
anticipated with appropriate actions by JSC This a whole by involving all relevant departments in
can be done by conducting periodic risk the risk management process and conducting
evaluations and taking into account changes in the training to increase awareness of information
environment and information technology that technology risk management throughout the JSC
occur. organizational structure.

6. Process Name: APO12.03 Maintain risk profile 7. Process Name: APO12.04 Articulating Risk
Findings: Findings:
Maintaining a risk profile in Jakarta Smart City has Articulating risk in Jakarta Smart City has reached a
reached a level of capability at level 3, with an level of capability at level 3, with an average value of
average value of 2.95. Even so, there are still 2.96. Even so, there are still activities that are not
activities that are not optimal because currently there optimal because there is currently no operational
are no planning, monitoring, and adjustments to process to review the results of objective third-party
inventory business processes and document assessments by reviewing external audits and quality
information technology service management assurance, which will be included in the risk profile,
processes and information technology infrastructure as well as reviewing identified gaps and loss exposure
resources, as well as the process of identifying related to information technology. to determine the
support personnel, applications, infrastructure, need for additional risk analysis..
facilities, important manual records, vendors, gaps:
suppliers, and outsourcing. Besides, planning, a. There is no scheduled process to evaluate the
monitoring, and adjustments to aggregate current risk results of independent third-party
scenarios based on categories, business lines, and assessments repeatedly. This can result in a
functional areas are also not available. lack of understanding of the risks associated
gaps: with the T services and infrastructure used in
a. There's no complete and up-to-date Jakarta Smart City.
inventory of related resources, capabilities, b. A thorough analysis of T-related loss
and control activities related to risk exposure and gaps has not yet been
management.. conducted to determine the need for
additional risk analysis. As a result, there

ISSN: 2347-8578 www.ijcstjournal.org Page 144


International Journal of Computer Science Trends and Technology (IJCST) – Volume 11 Issue 3, May-Jun 2023
may be a lack of preparedness when facing account costs, benefits, effects on risk profiles,
future risks and ignorance of the risks that and the latest regulations.
must be handled. b. Increasing awareness of the importance of process
Recommendation: development for establishing a portfolio of risk
a. Create a regularly scheduled evaluation process to management actions through training and
evaluate the results of independent third-party outreach to all company employees.
assessments so that they can be applied c. Involve the company's executive management to
consistently and provide a better understanding of process the development. establish a portfolio of
the risks associated with the T services and risk management actions in order to reach a
infrastructure used in Jakarta Smart City. common agreement on the company's objectives
b. Undertake a thorough analysis of T-related gaps and strategies for managing T-related risks.
and loss exposures to determine the need for
additional risk analysis so as to gain a better 9. Process Name: APO12.06 Respond to risk
understanding of the risks that may arise in the Findings:
future and be prepared to deal with them. So far, no gaps or deficiencies have been n the
c. Establish operational processes to review external findings presented. These findings state that Jakarta
audits and quality assurance that will be included Smart City has reached a level of capability in
in the risk profile so as to provide a more responding to risks with a value of 3.00. In addition,
complete view of the risks associated with the several activities such as developing plans from
services and infrastructure used in Jakarta Smart documentation with specific steps, developing
City. responses to minimize impacts, developing incident
categorizations with risk tolerance limits, developing
8. Process Name: APO12.05 Define a portfolio of risk checks for adverse events and good opportunities in
management actions the future, and developing other additional risk
Findings: responses and improvements have been carried out
Determining a portfolio of risk management measures and implemented properly.
in Jakarta Smart City has reached a level of capability
at level 3, with an average value of 2.92. Even so,
there are still activities that are not optimal because IV. CONCLUSION
there is still no process to determine a series of project After analyzing the level of risk management capability of
proposals that are balanced and designed to reduce the CRM services in Jakarta Smart City with the APO12 and
risks of projects according to the company's strategic EDM03 domains, it can be concluded that:
opportunities. Currently, there is no balance between 1. In the EDM03 (Ensure Risk Optimization) domain, the
costs, benefits, effects on risk profiles, and the latest current capability gets an average capability value of
regulations considered in the development of project 2.99, which means it is at level 3 with the established
proposals. rating criteria. This has an impact on the EDM03
Gaps: (Ensure Risk Optimization) domain, which needs to
a. There's no development of a structured and reach the expected level at Level 4 with the rating
measurable process for establishing a series of criteria Predictable Process up to the maximum level
project proposals designed to reduce risks that can be achieved, namely at Level 5 with the rating
according to the company's strategic criteria Optimization Process. With the current
opportunities, especially in terms of costs, capability value obtained in the EDM03 (Ensure Risk
benefits, effect on risk profile, and the latest Optimization) domain from the Jakarta Smart City
regulations. CRM service, it can be inferred that there are still
b. Lack of awareness of the importance of process many processes that are limited to the implementation
development for establishing a portfolio of risk and development of each activity that has been carried
management actions out. The Jakarta Smart City CRM service expects to
c. Lack of involvement of company executive reach the expected level at Level 4 with the
management in the development of processes for Predictable Process rating criteria, which means that
establishing a portfolio of risk management the process can operate within certain limits so that
measures each activity can be measured properly according to
Recommendation: the results that have been targeted. Between the range
a. Developing a structured and measurable process of capability level 3 and the range of capability level 4,
in establish a series of project proposals there's a gap value of 1.01. This means that the Jakarta
designed to reduce risks according to the Smart City CRM service must meet the process
company's strategic opportunities and taking into capability requirements at level 3, which have not been
met. Activities that need to be carried out are

ISSN: 2347-8578 www.ijcstjournal.org Page 145


International Journal of Computer Science Trends and Technology (IJCST) – Volume 11 Issue 3, May-Jun 2023
improvements in information technology governance services include conducting risk analysis according to
for Jakarta Smart City CRM services, namely the type of data and relevant risk categories. New
determining more specific risk tolerances, more boundaries also need to be provided after historical
comprehensive risk dentification, and regular risk data, such as risk events, types of events, or events that
evaluation of the impact of current and future risks. occurred at JSC. Besides that, it is necessary to make a
which means the process Activities that need to be comparison between exposure to losses from risk
carried out are improvements in information appetite and predetermined risk tolerance so that the
technology governance for Jakarta Smart City CRM process of dentify unacceptable or increasing risks can
services, namely determining more specific risk be dentify to reduce risk, policies and procedures are
tolerances, more comprehensive risk dentification, and needed to inventory business processes and develop
regular risk evaluation of the impact of current and and implement a risk management system. Routinely
future risks. Between the range of capability level 3 scheduled evaluations, analysis of losses from new risk
and the range of capability level 4, there is a gap value additions, and external audit reviews according to risk
of 1.01. This means that the Jakarta Smart City CRM profiles also need to be carried out. In addition, it is
service must meet the process capability requirements necessary to design projects to reduce risk according to
at level 3, which have not been met. Activities that strategy and awareness in the risk management action
need to be carried out are improvements in information portfolio. Executives should also be involved in the
technology governance for Jakarta Smart City CRM risk management portfolio. Policies and procedures are
services, namely developing more specific risk needed to ensure business processes, and develop and
tolerances, more comprehensive impact risk implement a risk management system. Regularly
dentification, and regular risk evaluation of the impact scheduled evaluations, analysis of losses from new risk
of current and future risks. Between the range of additions, and external audit reviews according to risk
capability level 3 and the range of capability level 4, profiles also need to be carried out. In addition, it is
there's a gap value of 1.01. This means that the Jakarta necessary to design projects to reduce risk according to
Smart City CRM service must meet the process strategy and awareness in the risk management action
capability requirements at level 3 which have not been portfolio. Executives should also be involved in the
met. Activities that need to be carried out are risk management portfolio. Policies and procedures are
improvements in information technology governance needed to inventory business processes and develop
for Jakarta Smart City CRM services, namely and implement a risk management system. Regularly
determining more specific risk tolerances, more scheduled evaluations, analysis of losses from new risk
comprehensive risk dentification, and regulatory risk additions, and external audit reviews according to risk
evaluation of the impact of current and future risks. profiles also need to be carried out. In addition, it is
2. In the APO12 (Manage Risk) domain, current necessary to design projects to reduce risk according to
capability, it gets an average capability score of 2.94, strategy and awareness in the risk management action
at level 3 the established the rating. This impact on the portfolio. Executives should also be involved in the
APO12 (Manage Risk) domain, it is necessary to risk management portfolio. It is necessary to design
reach the expected level at Level 4 with the rating projects to reduce risk according to strategy and
criteria Predictable Process up to the maximum level awareness in the risk management action portfolio.
that can be achieved, namely at Level 5 with the rating Executives should also be involved in the risk
criteria optimize process. With the current capability management portfolio. Its necessary to design projects
value obtained in the APO12 (Manage Risk) domain to reduce risk according to strategy and awareness in
from the Jakarta Smart City CRM service, it can be the risk management action portfolio. Executives
inferred that there are still many processes that are should also be involved in the risk management
limited to the implementation and development of portfolio.
each activity that has been carried out. The Jakarta
Smart City CRM service hopes to reach the expected ACKNOWLEDGMENT
level at Level 4 with the rating criteria "predictable We praise and pray to the presence of Allah SWT for
process, which means the process can operate with His mercy and blessing so that the writer can finish
certain limitations so that each activity can be this final report. The author realizes that without the
measured properly according to the results that have help and guidance of the teaching lecturers and
been targeted. Between the range of capability level 3 supervisors of Mercu Buana University, he will not be
and the range of capability level 4, there's a gap value able to complete this final report. Finally, the authors
of 1.06. This means that the Jakarta Smart City CRM hope that this report can be useful, and that in the
service must meet the process capability requirements preparation of this report, of course, there are still
at level 3, which have not been met. Activities that many shortcomings, errors, and oversights due to the
need to be carried out to improve the governance of limitations of the author's ability. For that, the author
information technology CRM Jakarta Smart City apologizes profusely in advance.

ISSN: 2347-8578 www.ijcstjournal.org Page 146


International Journal of Computer Science Trends and Technology (IJCST) – Volume 11 Issue 3, May-Jun 2023

REFERENCES
[1] Van Grembergen, W., De Haes, S., Guldentops,
E. (2004), Structures, Processes and Relational
Mechanisms for IT Governance, in Strategic for
Information Technology Governance, Van
Grembergen, W., Editor Idea Group Inc.
[2] Regulation of the Governor of the Special Capital
Region of Jakarta Province number 144 of 2019
concerning the Organization and Work Procedure
of the Communication, Informatics and Statistics
Services.
[3] ISACA. (2019). COBIT 2019 Implementation
Guide - Implementing and Optimizing an
Information and Technology Governance Solution.
ISACA.
[4] ISACA. (2016). COBIT 2019 Framework :
Introduction & Methodology.
[5] ISACA. (2019). COBIT 2019 Framework -
Governance and Management Objective.
Schaumburg: ISACA
[6] Decree of the Regional Secretary of the Special
Capital Region of Jakarta Province Number 22 of
2020 concerning Guidelines for Follow-Up
Handling of Public Complaints Through the
Citizen Relations Management Application.
[7] D. Darmawan and A. Wijaya, "Analysis and
Design of Information Technology Governance
Using the 2019 COBIT Framework at PT. XYZ",
Journal of Computer and Information Systems
Ampera, vol. 3, no. 1, pp. 1- 17, 2022

ISSN: 2347-8578 www.ijcstjournal.org Page 147

You might also like