Information Technology Governance of UMKM in Kasasiur Banjar

This is an open access article, licensed under: CC–BY-SA Abstract: One form of information technology management for UMKM in order to expand business networks, marketing and carrying out business processes is the use of the Cobit 5 framework. The benefits and maturity level of IT management are benchmarks for the direction of development and utilization strategies for UMKM. The purpose of this study was to assess the position of Kasasiur Banjar SMEs regarding implementation and targets to be achieved in the future. The result of the assessment is the maturity level of the current IT management position (existing). Furthermore, maturity targets will be determined for each selected IT process to be used as guidelines for the Kasasiur Banjar UMKM group in IT utilization. Maturity level assessment uses the domains EDM3, EDM4, APO7, DSS3, DSS6, and MEA1 with the calculation model referring to ISO/IEC 15504. Assessment results Maturity level related to IT development strategy is at level 1 (1.21), which is Performed. This means that Kasasiur Banjar SMEs have a concern for good IT management and processes have been implemented and achieved goals. The direction of governance development in UMKM Kasasiur Banjar is targeted to reach level 5, namely Optimizing.


Introduction
Micro, Small and Medium Enterprises (UMKM, Usaha Mikro, Kecil dan Menengah) as the largest economic actors at the national, regional and local levels have a strategic position and role in reducing poverty, reducing unemployment through job creation, and increasing state income through growth in the value of non-oil and gas exports. [1]. Even though they have a significant share in increasing national production, SMEs are considered to still have weaknesses in the aspect of using technology, especially information technology to expand UMKM business networks and marketing. It is necessary to assess the maturity level to find out where the position of UMKM is related to the implementation of information technology and the targets to be achieved in the future. The results of the assessment can show the maturity level of existing IT processes [2]. Furthermore, maturity targets will be determined for each selected IT process, the maturity target for each process is the ideal condition to be achieved in the definition of the desired maturity level (to-be) and becomes a guideline for the Kasasiur Banjar UMKM group in developing IT processes [3].
In the process of using the system, of course, there are obstacles and problems in achieving company goals. Of the various problems that exist, a framework that has been applied in various companies. The concept was introduced by the Information System Audit and Control Associate (ISACA) which was named COBIT (Control Objectives for Information and Related Technology) [4]. COBIT is a framework or framework that has domains, processes, objectives, maturity models, and a logical structure to provide information technology governance solutions. There are several causes of these problems which are then linked using the COBIT 5 theory, among others, in the service sector, the admin has problems with inputting fabric stock models to the computer, this happens because of the many types of fabrics on the computer with different types [5] [6] [7] [8] [9]. These issues are included in the APO7 domain (managing human resources) and the EDM3 domain (ensuring risk optimization). The second problem is that sometimes there is a difference between the stock of fabric and the stock in the system. This issue belongs to the EDM4 domain (ensure resource optimization).In addition, several other problems also emerged, such as communication errors between sales, sales admins and warehouse parties regarding the delivery of goods which are included in the DSS3 (problem management) and DSS6 (manage and control business processes) domains [10]. And the last problem is that the fabric that consumers want is sometimes empty, so consumers have to wait for the fabric order process first which is included in the MEA1 domain (monitoring, evaluating, and assessing performance and suitability) [11].
Based on the background and problems above, it is necessary to evaluate the governance of information technology in UMKM Kasasiur Banjar. The evaluation of governance has the aim of knowing the maturity value of governance and providing recommendations for these problems. Researchers use the COBIT 5 framework to evaluate governance in the company with several domains that are in accordance with the problems that occur.
2. Literature Review 2.1. OBIT 5 COBIT version 5 is the COBIT Framework from ISACA which provides an end-to-end business description of corporate information technology governance to describe the main role of information and technology in creating corporate value. COBIT 5 has 37 control practices and 209 control activities related to governance and management processes. . COBIT version 5 helps companies create optimal value by balancing profit and risk using resources [12].
The maturity level required by management to recognize the need for a maturity level monitoring process needs to be carried out in accordance with the information technology governance audit requirements [13] [14]. With the expected maturity level at level 5. To improve IT governance, recommendations for improvement as well as evaluation, assessment and direction related to all activities in the company [15].
ISO/IEC 15504 is a framework for process assessment. ISO/IEC 15504 has 4 level categories, including: 1. N (Not achieved / not achieved) means that this category has little evidence of achieving process attributes with a range of 0-15%. 2. P (Partially achieved / partially achieved) means having some evidence regarding the approach and achievement of the process attributes with a range of 15-50%. 3. L (Largely achieved / achieved in outline) means that there is a significant achievement and has evidence of a systematic approach with a range of 50-85%. 4. F (Fully achieved / fully achieved) means having evidence of a systematic and complete approach with full achievement of the attributes clarified in that category. The range of this category ranges from 85-100%.

Capability Level Models
ISO/IEC 15504 shows in Figure 1.  [13] can be seen in the following Table 1.

Maturity Level
Explanation Level 0 (Incomplete) At this level, the process failed to achieve its objectives or not be implemented. Level 1 (Performed) At this level, the process has been implemented and achieved the goal. Level 2 (Managed) Processes at this level must be managed in the form of planning, implementation and monitoring and the results of these processes must be properly controlled.

Level 3 (Established)
At this level it has been well standardized and then implemented using a defined process to achieve the desired result Level 4 (Predictable) At this level, you already have a consistent limit to achieve the expectations of the process in question. Level 5 (Optimizing) Processes at this level have been significantly improved sustainable to meet current and future business goals.

Research Methods
This information technology governance research uses qualitative methods. The collection of data obtained by the maturity level questionnaire method refers to the COBIT 5 guideline. The number of respondents is 1 person from the owner of UMKM Kasasiur Banjar. The outputexpectedare the identification of the position of IT processes in the Kasasiur Banjar UMKM group, analysis of the level of gap between the current IT condition (as is) and the IT condition that is the target (tobe), as well as recommendations to achieve the expected IT conditions. The type of approach used is a case study. Case studies are a method for understanding individuals in an integrative and comprehensive way to gain an understanding of individuals and the problems they face. The purpose of this case study is to obtain a solution to the problem and obtain a good self-development.
In this study about the analysis and evaluation of the maturity level of information technology governance using COBIT 5 in UMKM Kasasiur Banjar which focuses on several domains, including the EDM3 domain about ensuring risk optimization, EDM4 about ensuring resource optimization, APO7 domain about managing human resources, DSS 3 on managing problems, DSS6 on managing and controlling business processes and MEA1 domain on monitoring, evaluating, and assessing performance and conformity.

Figure 2. Research Flow
The assessment model that will be used to determine the value of the current maturity level of information system governance on UMKM Kasasiur Banjar based on the model ISO/IEC 15504. The flow of research that will be carried out during this research is as follows: 1. The initial or preliminary stage is the stage where the team conducts initial observations and examines the problems that occur, then evaluates the domain selection in the COBIT 5 framework related to the problems that occur in Kasasiur Banjar SMEs. 2. The second stage is the data collection stage. This stage is after lowering the COBIT 5 domain into a questionnaire item. Furthermore, conducting a survey using a questionnaire that has been made is shown to stakeholders as respondents so that questions or questionnaire statements can be answered correctly. 3. The third stage is data analysis techniques carried out in 3 ways before formulating recommendations for improvement, the current maturity analysis is obtained from the results of data collection carried out. The expected maturity analysis is obtained by interviewing the organizational leaders. Furthermore, the gap analysis is obtained by comparing the level between the expected maturity level with the current maturity level. The results of this comparison must be minimized by the organization within a certain period of time by implementing the recommendations for improvement given. Managing human resources 4 Delivery, Service, and Support 3 (DSS 3) Managing problems 5 Delivery, Service, and Support 6 (DSS 6) Manage and control business processes 6 Monitor, Evaluate, and Assess 1 (MEA 1) Monitor, evaluate, and assess performance and conformity Table 3 shows the activity of the COBIT 5 (Domain Process).

Maturity Level Analysis
At this stage the authors evaluate the assessment of each activity based on the results of the questionnaire. Then the writer looks for the average value of each domain to get the current maturity level (as-is). The assessment of the maturity level of each process refers to the ISO/IEC 15504 model with Eq. 1.
(1) In table 5, with Domain EDM 4 obtained 1+1+1+1+1+1+1+1+2 with a total = 10. From the number of each domain, it will be divided by the number of questions of 9. 10/9 = 1.11 so that the maturity level in the EDM 4 domain is at level 1 or Performed. Calculation of the average value of each domain to get the maturity level is obtained by adding alternative answers for each statement in each domain. For example in table 4, with Domain EDM 3 obtained 1 + 0 + 0 with a total = 1. From the sum of each of these domains, it will be divided by the number of questions as much as 3. 1/3 = 0.33 so that the maturity level in the EDM 3 domain is obtained at level 0 or Incomplete.

Questionnaire Results
The results from the average of all process domains are then rounded to determine the level of maturity level that is in accordance with the ISO/IEC 15504 assessment as shown in the following Table 6.

Gap Level Analysis
Based on the results of the questionnaire calculations conducted at the UMKM Kasasiur Banjar, the results obtained were not as expected. Furthermore, a gap level analysis is carried out to compare the current maturity level with the expected maturity level. The result of the comparison will get the distance (gap). The following are the results of the analysis of the level of inequality in UMKM Kasasiur Banjar: The comparison of the current maturity level and the expected maturity level can be seen in the following Figure 3.

Findings and Recommendations for Improvement
From the results of the evaluation and analysis related to the six domain processes in COBIT 5, none of them has reached the level expected by Kasasiur Banjar SMEs. This is evidenced by the level of gaps that must be addressed by providing recommendations for improvement in accordance with the expected maturity level (to-be) by the company. The following are recommendations put forward to achieve the expected maturity level: 1. EDM 3 is about ensuring risk optimization and APO 7 is about managing human resources. In the EDM 3 and APO 7 domains, it is related to the problem of input errors made by the admin. The current level of maturity in the EDM 3 domain is level 0 (Incomplete) and APO 7 is level 1 (Performed). To avoid this error from repeating itself, there is a need for recommendations for improvement, namely directing and intense training by IT technicians to all admins, especially when there is an update in the Kasasiur Banjar UMKM system. So the risk of error can be minimized. In addition, the company conducts periodic assessments related to the performance of company employees. 2. EDM 4 on resource optimization In EDM 4 domain regarding stock difference textile materials, the current maturity level is at level 1 (Performed). The difference in the stock of textile materials is indeed a serious problem in this company because it is related to optimizing the company's resources. Therefore, to correct errors as expected by the company, we propose a recommendation in the form of making a stock issuance card for fabrics or textile materials. to anticipate the problem of the difference in the stock of textile materials to detect every item that comes out of the warehouse. 3. DSS 3 is about managing problems and DSS 6 is about managing and controlling business processes.
In DSS 3 and DSS 6 related to shipping problems that occurred in UMKM Kasasiur Banjar. From the results of the questionnaire evaluation both process domains were at level 1 (Performed). To overcome these problems, the authors provide recommendations, among others: a) Every time you place an order for goods, the sales person provides an order note that must be approved by both parties. b) Documents for shipping goods must be recorded daily. If an error occurs in the delivery of the warehouse, there is no need to open the stack of delivery notes. c) Create a system that is connected to the sales admin. Where the sales to input orders through the system. 4. MEA 1 on monitoring, evaluation, and assessment of performance and conformity In the MEA 1 process domain related to problems in the stock of fabrics or textile materials which are often empty for shipping goods, they are at level 2 (Managed). To overcome this problem, we propose the following recommendations: a) Empty stock checks are carried out every 3 days to prevent shortages of fabric or textile materials during shipping. b) Orders for fabrics or textile materials are carried out every 2-3 days to prevent long shipping delays. c) For goods with the type of fabric or textile materials that are difficult or empty, employees try to buy cloth outside the office to maintain good service.

Conclusion
After evaluating information technology governance using COBIT  To increase the maturity level from level 1 (Performed) to level 5 (Optimizing), the recommendations are as follows: 1. Guidance and training for all workers, especially when there is a renewal in the Kasasiur Banjar UMKM system. So that the risk of error can be minimized. 2. The company conducts periodic assessments related to employee performance 3. Making cards for issuing stock of fabrics or textile materials. responsible for the use of the stock card. To anticipate stock discrepancy problems. 4. Every time you place an order for goods, the sales person provides an order note that must be approved by both parties. 5. Documents for shipping goods must be recorded daily. If an error occurs in the delivery of the warehouse, there is no need to open the stack of delivery notes. 6. Create a system that is connected to the sales admin. Where the sales to input orders through the system. 7. Empty stock checks are carried out every 3 days to prevent shortages of fabric or textile materials during sales. 8. Ordering fabrics or textile materials is carried out every 2-3 days to prevent long delays in shipping to consumers. 9. For goods with difficult or empty types of fabrics or materials, employees try to buy fabrics or textile materials outside the office to maintain good service.
Based on the results of this study, suggestions that can be taken into account to improve corporate governance are as follows: 1. Conduct evaluations, assessments and directions related to all activities in the company both in the field of service and in the field of delivery of goods. 2. Conducting assessments and evaluations related to the use of the system in Kasasiur Banjar SMEs. 3. Improve governance related to EDM 3, EDM 4, APO 7, DSS 3, DSS 6, and MEA 1 domains in accordance with the recommendations. 4. For further research, it is expected to evaluate using a different domain in UMKM Kasasiur Banja.