See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/346515506

Audit of Governance Information Technology Services Using ITIL v3 Focuses

on Service Operation Domain in Institution X

Article in International Journal of Engineering and Emerging Technology · March 2018

CITATIONS READS

0 603

3 authors, including:

I Made Dwi Ardiada

Universitas Dhyana Pura Bali
14 PUBLICATIONS 6 CITATIONS

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Sistem Informasi HAKI View project

All content following this page was uploaded by I Made Dwi Ardiada on 01 December 2020.

The user has requested enhancement of the downloaded file.

International Journal of Engineering and Emerging Technology, Vol. 2, No. 2, July—December 2017

Audit of Governance Information Technology

Services Using ITIL v3 Focuses on Service Operation
Domain in Institution X
Ni Putu Sri Merta Suryani1*, I Made Dwi Ardiada2, and I Gusti Ngurah Janardana3
1,2
Department of Electrical and Computer Engineering, Post Graduate Program, Udayana University
3
Department of Electrical and Computer Engineering, Udayana University
*Email: mertasuryani@gmail.com

Abstract-Information technology is currently growing starting from central and regional agencies should have
very rapidly. Almost all agencies take advantage of the governance as a benchmark of IT management and services.
role of information technology. In the X agencies engaged Agency X makes information technology a goal to be
in the social field of information technology as a goal that achieved. In agency X, information technology is developing
must be achieved. In order to create good government, an very rapidly under the planning field. Field planning as a field
agency must be supported by good IT governance in order that invests and manages IT services in agency X. In agency
that information technology and business objectives are X, the management of IT services has not been implemented
aligned and have added value for the agency. This study and well documented. Institution X also does not have IT
aims to measure the governance of IT services. This governance so it is not known whether IT investment has
research is done because the agency X is now using IT added value or not. Information technology management is
services. The existence of good policies and procedures on not maximal because there is no fixed standard. Currently, the
the insight X can create a good service as well. This study use of information technology services in agency X is not
uses the ITIL v3 framework that focuses on Service maximized. This is because the existing fields in agency X
Operation domain. The ITIL framework is an IT services require a governance for IT services to be structured and
management guide. Measurement of maturity level using systematic. Good IT governance will be a reference in
COBIT. The level of maturity in this governance audit is providing good and quality IT services. The use of IT services
at level 3. Recommendations are given to achieve the can serve as service providers that are aligned with the
expected targets within the ITIL framework. organization's goals. The existence of IT governance in an
agency is certainly expected to ensure that IT services can
Keyword- Audit, ITIL V3, COBIT, IT Services help achieve agency goals.
The governance designed in this study is based on IT
Service Management (ITSM). ITSM is a process to align IT
I. INTRODUCTION
service delivery with business needs. In this study using the
Information technology is now experiencing rapid growth. framework of ITIL or Information Technology Infrastructure
This is evidenced by the number of agencies and companies Technology Library. ITIL is a framework with a set of best
that utilize the role of information technology. Almost all practice IT governance services. The ITIL framework is used
government agencies that invest in information technology to because agency X is a social institution that provides services.
achieve the goals to be achieved. Utilization of information The ITIL framework aims to improve the effectiveness and
technology in government agencies must also be considered so efficiency of IT services, improve the quality of IT services.
as to achieve the desired goal with the maximum. Attention Selection of the ITIL framework is based on previous
can be how the management of risk and effectiveness and research related to IT service management. IT governance
efficiency of resources. research in agency X using the ITIL framework focuses on
Information technology governance is part of corporate Service Provider domains. Domain Service Operation is a
governance where stakeholders have responsibility for domain that contains guides to serve the operations of IT
aligning the organization's business objectives with IT service management.
objectives, IT controls so as to achieve company objectives The formulation of the problem of this research is how the
and controlling and mechanisms for maintaining IT assets (De management capabilities of IT services in agency X and how
Haes & Van Grembergen, 2004). The Ministry of the governance of IT service management in agency X using
Communications and Information Technology has established the framework guidelines ITIL v3 which focuses on the
IT governance in MoCI Regulation No. 41 of 2007 on General domain Service Operation.
Guidelines of National Information Technology Governance
to realize good and responsible governance. Therefore,

(p-issn: 2579-5988, e-issn: 2579-597X)

91
International Journal of Engineering and Emerging Technology, Vol. 2, No. 2, July—December 2017

II. LITERATURE REVIEW organizational strategic asset. Service Strategy consists of

1) IT Audit Service Portfolio Management, Financial Management and
Information Technology Audit (IT) is one form of Demand Management processes.
operational audit that aims to improve IT governance. The Service Design aims to provide IT services with benefits to
audit is performed by an internal audit by applying the audit businesses, IT services must be designed in accordance with
technical knowledge, to evaluating the information system customer business objectives. Service Design consists of
units, managing the information resources, developing the Service Catalog Management, Service Level Management,
application system and then implementing the system and Supplier Management, Capacity Management, Availability
evaluating it. Implementation of a good information Management, IT Service Continuity Management and
technology audit as follows: Information Security Management.
a. Determine the scope and purpose of the audit; Service Transition provides guidance to organizations in
b. Evidence collection; order to develop IT service design results into operational
c. Implementation of fit test; environments. Service Transition consists of Transition
d. Determination of maturity level. Planning and Support, Change Management, Service Asset and
Configuration Management, Release and Deployment
IT audit needs to be done in order to improve the
Management, Service Validation, Evaluation and Knowledge
effectiveness and efficiency within the company. Each
Management.
company conducts IT audits with reasons to avoid losses due to
data loss, data leakage risk, computer misuse, loss due to Service Operation covers all day-to-day operations of
miscalculation of the calculation and high value of hardware managing IT services. Service Operation consists of Event
and software investment. Management, Incident Management, Problem Management,
Request Fulfillment and Access Management.
Continual Service Improvement (CSI) provides an
2) ITIL V3
important guide in developing and maintaining the quality of
Information Technology Infrastructure Library (ITIL) is a
IT services from design, transition and operational processes.
standard issued by the United Kingdom as a framework that is
CSI combines various methods and principles of quality
referred to by best practice process and operational
management one of which is Plan-Do-Check-Act (PDCA) or
management procedures. ITIL is grouped into 2 parts namely
so-called Deming Quality Cycle.
Service Support Management and Service Delivery. The
objective of this ITIL framework is to increase operational
efficiency of IT and customer service quality as it focuses only 3) Maturity Model
on customer service and does not at all include the process of An analysis of the condition of maturity is measured using
aligning corporate strategy with the developed IT strategy. the COBIT framework. Measurement of maturity is done using
ITIL version 3 consists of five sections that emphasize the COBIT because the ITIL framework does not have a guide to
lifecycle management of services provided by information measure the level of maturity. In Table 1 there is a definition of
technology including Service Strategy, Service Design, Service COBIT maturity level.
Transition, Service Operation and Continual Service
Improvement.
Table 1. COBIT Maturity Level
Level Definition
Organizations at this stage do not
Level 0 implement IT processes that should
Incomplete process or have not achieved the objectives
of the IT process.
The organization at this stage has
Level 1 successfully carried out IT processes
Performed process and IT process objectives have been
achieved.
Organizations at this stage in
carrying out the IT process and
achieving its objectives are
implemented in a well managed
Level 2 manner. So there is more assessment
Figure 1. Service Lifecycle ITIL V3 Managed process because the implementation and
achievement is done with good
Service Strategy provides guidance to the implementation management. Management here
of ITSM to view ITSM not only as an organization's ability to means its implementation through the
deliver, manage and operate IT services but also as an process of planning, evaluation and

(p-issn: 2579-5988, e-issn: 2579-597X)

92
International Journal of Engineering and Emerging Technology, Vol. 2, No. 2, July—December 2017

adjustment for the better.

The organization at this stage has IT Planning (Problem
Domain Selection (Business
processes that are standardized Purpose Identification, IT
Formulation, Objectives,
Destination Identification, IT
Level 3 within the overall organization. This Limitations and Literature
Process Identification, COBIT
Established process means that there is a standard IT Studies).
Mapping and ITIL.
process that applies throughout the
organization.
Organizations at this stage have been
running IT processes within definite
Data Collection (Interview and
boundaries, such as time limits. Questionnaire)
Level 4
These limits result from
Predictable process
measurements that have been made
during the implementation of the IT
process before.
At this stage the organization has
Level 5 made innovations and made Processing and Analysis (Current
Capability Level, Targeted
Optimizing process continuous improvements to improve Capability Level, Gap Analysis)
its capabilities.

III. RESEARCH METHODOLOGY

The research methodology discusses the stages of audit Recommendation
implementation. There are several stages done in the IT service
audit. The stages are done so that the audit process goes Figure 2. Stages of Audit Implementation
according to plan. In Figure 2 there are stages of audit IV. ANALYSIS AND RESULT
implementation.
The first stage is the planning stage. At the planning stage 1) Respondents
done the formulation of problems, objectives and limitations of Respondents who fill the questionnaire in this study as
the problem. In addition, a literature study was also conducted. many as 32 people. Respondents selected were respondents
The second stage is the domain selection stage. At this who had links with IT services in agency X. In Table 2 there
stage organizational goals are aligned with business goals, IT were number of respondents.
objectives and IT processes. After that mapping between Table 2. Number of Respondents
COBIT and ITIL. No Title Total
The third stage is data collection. In this research data 1 Head of Agency 1
collection is done with 2 (two) ways that is interview and
survey by using questioner. 2 Secretary of the Agency 1
In the fourth stage is processing and analysis. At this stage 3 Head of Division 5
the calculation of the level of maturity, expected targets and
gap analysis (gap). 4 Section Chief 15
In the fifth stage is a recommendation. Recommendations
5 Staff 10
are given aims in order to achieve the desired target.
Total 32

2) Audit Design
To create a good IT plan required a COBIT mapping of
the ITIL framework in the Service Operation domain. Here is
an audit plan on the domain Service Operation.
Table 3. Domains and Sub Domains
Domain/Sub Code
Service Operation 1
Event Management Process 1.1
Incident Management 1.2
Request Management 1.3

(p-issn: 2579-5988, e-issn: 2579-597X)

93
International Journal of Engineering and Emerging Technology, Vol. 2, No. 2, July—December 2017

Access Management 1.4 1.6 Application 3.15 5 1.85

Problem Management 1.5 Management
Application Management 1.6 1.7 IT Management 3.22 5 1.78
IT Management 1.7 Rata-Rata 3.19

In Table 3 it is explained that the Service domain has seven In Table 5 it is seen that there is a gap in each sub domain
sub domains that will be used as reference in the Service Operation. The existence of the gap so that the
implementation of the audit. Seven sub domains ie Event necessary recommendations for improvement to achieve the
Management Process, Incident Management, Request expected target. In Figure 3 there is an illustration of current
Management, Access Management, Problem Management, and expected maturity levels.
Application Management and IT Management.

3) Calculation of Current Maturity Level

The results of the questionnaire filling can be seen in Table
4 which contains the current maturity level.
Table 4. Current Maturity Level
No Domain/Sub Value
1.1 Event Management Process 3.10
1.2 Incident Management 2.99
1.3 Request Management 3.25
Figure 3. Illustration Current Maturity Level and Target
1.4 Access Management 3.36
1.5 Problem Management 3.28 In Figure 4 we can see the graph of the current level of
maturity and expected maturity level.
1.6 Application Management 3.15
1.7 IT Management 3.22
Average 3.19

In Table 4 it is explained that each sub domain in the

Service Service domain is at maturity level 3 (Established
Process). At this level, agency X already has a standardized IT
service within the scope of the whole agency, which means
that there is already an appropriate IT service on agency X.
Figure 4. Graph of Current and Targeted Maturity Rate
4) Gap Analysis
Having known the current level of maturity, determining 5) Recommendations
the target level of maturity so as to cause a gap as shown in The recommendations are given to achieve the expected
Table 5. target as follows:
Table 5. Gap Rate 1. There is support and active role both from central and
No Domain/Sub Maturity Level regional related to IT service.
2. The existence of IT staff who have the skills to handle
Current Target Gap certain problems related to IT services.
1.1 Event Management 3.10 5 1.90 3. The existence of clear guidelines and procedures in the
implementation of IT services.
Process 4. The existence of archives or records related to how IT
1.2 Incident Management 2.99 5 2.01 services in agency X.

1.3 Request Management 3.25 5 1.75

V. CONCLUSION
1.4 Access Management 3.36 5 1.64
The value obtained from the IT governance
1.5 Problem Management 3.28 5 1.72 management audit on the X Institution focusing on the Service
domain is 3.19 located at level 3 (Established Process). The

(p-issn: 2579-5988, e-issn: 2579-597X)

94
International Journal of Engineering and Emerging Technology, Vol. 2, No. 2, July—December 2017

organization at this stage has IT processes that are standardized Infrastructure Library (ITIL), Jurnal Informatika UPGRIS Vol 1
within the overall organization. This means that there is a No 2, 2015.
standard IT process that applies throughout the organization. [19] Silitonga, Tumpal Paradonga dan Achmad Halil Nor Ali. 2010.
Sistem Manajemen Insiden pada Program Manajemen Service
desk dan Dukungan TI berdasarkan Framework ITIL v3. Institut
REFERENCES Teknologi Sepuluh Nopember : Surabaya.
[1] ISACA, IS Standards, Guidelines and Procedure for Auditing and [20] AR Anggun Cahyaningtyas, Yani Rahardja, Agustinus Fritz W,
Contol Professionals., United State of America:ISACA, 2009. “Audit Sistem Informasi dengan ITIL Version 2 Sub Domain
[2] ISACA, COBIT 5 : A Business Framework For The Governance Service Desk, Incident Management dan Problem Management
and Management of Enterprise IT USA: ISACA: 20112. di Bidang Keuangan Dishubkombudpar Kota Salatiga, Jurnal
[3] TSO, ITIL Service Operation., Norwich: TSO (The Stationery Teknologi Informasi-Aiti Vol 9 No 2, 2012.
Office), 2011.
[4] IT Governance Institute Team, “COBIT Mapping; Mapping ITIL
V3 with COBIT 4.1 ”, United States of America : IT
Governance Institute, 2008.
[5] Office of Government Commerce (OGC), “ ITIL version 3
Service Operation”, The Stationery Office - TSO, London,
2007.
[6] HM Jogiyanto and Wily Abdilah, “Sistem Tata Kelola Teknologi
Informasi”, Yogyakarta : Andi. 2011.
[7] Sarno Riyanarto, “Audit Sistem dan Teknologi Informasi”,
Surabaya : ITS Press. 2009.
[8] Ari Putra Wijaya, Putu Widiadnyana, Ida Bagus Alit
Swamardika, “Audit of Information Technology using ITIL V.3
Domain Service Operation on Communications and Information
Technology Agency”, International Journal of Engineering and
Emerging Technology, vol 1 no 1, 2016.
[9] Komang Budiarta, Adi Panca Saputra Iskandar, Made Sudarma,
“Audit Information System Development using COBIT 5
Framework (case Study: STMIK STIKOM Bali) ”, International
Journal of Engineering and Emerging Technology, vol 1 no 1,
2016.
[10] Peraturan Daerah, accessed on 15 November 2017.
[11] De Haes, S., & Van Grembergen, W. (2004). IT Governance and
its Mechanisms.
[12] Luki Aisha Kusuma Wardani, Murahartawaty, Luthfi Ramadani,
“Perancangan Tata Kelola Layanan Teknologi Informasi
Menggunakan ITIL versi 3 Domain Service Transition Dan
Service Operation Di Pemerintah Kota Bandung”, Journal of
Information Systems Engineering and Business Intelligence,
Vol. 2 No 2, 2016.
[13] Diana Trivena Yulianti, Dian Anggraini, “ Analisis Pengelolaan
TI PT. X Dengan Menggunakan ITIL v3, Service Operation”,
Jurnal Sistem Informasi Vol 5 No 2, 2010.
[14] Idria Maita, Sapri Akmal, “Analisis Tata Kelola Teknologi
Informasi dengan Best Practice ITIL v3 Service Operation”,
Jurnal Rekayasa dan Manajemen Sistem Informasi, Vol 2 No 1,
2016.
[15] Abdelaali Himi, Samir Bahsani, Alami Semma, “ The IT Service
Management according to the ITIL framework applied to the
enterprise value chain”, International Journal of Computer
Science Issues, Vol 8 Issue 3 No 2, 2011.
[16] Ahmad Faiz Zavier, Haryanto Tanuwijaya, Budi Hermawan,
“Audit Pengelolaan Layanan Teknologi Informasi Berdasarkan
ITIL pada IT Marketing & Trading (M&T) PT. Pertamina
(Persero) Marketing Operation Region V Surabaya”, Jurnal
Sistem Informasi Vol 3 No 2, 2014.
[17] Idena, J, dan Eikebrokk, T.T., 2013, Implementing IT Service
Management: A systematic literature review, International
Journal of Information Management 33, 512–523.
[18] Didin Herlinudinkhaji, April Firman Daru, “Audit Layanan
Teknologi Informasi Berbasis Information Technology

(p-issn: 2579-5988, e-issn: 2579-597X)

95

View publication stats