MATURITY LEVEL AT UNIVERSITY ACADEMIC INFORMATION SYSTEM LINKING IT GOALS AND BUSINESS GOAL BASED ON COBIT 4.1

The development of Information Technology (IT) has been mainly discussed nowadays, from the top to the lowest level of society. The application of IT help companies to solve problems and even more, the application of IT has been able to provide business strategic decisions support. Many enterprises decided to allocate large budget on IT implementation where this is in line with increasingly sophisticated expectations from IT. With the assumption that the larger budget on enterprises spent on IT application, the greater the benefits they will receive. Unfortunately, IT implementation does not always give an advantage to the company. There are times when the IT implementation does not give any benefit. This situation is called IT Productivity Paradox. The question is then how IT Productivity Paradox can be prevented. The analysis we will get the significance of the IT processes which is linked to its IT Goal. By knowing the significance of the IT processes, it can be seen which one is the significant process and which one is not to the IT Goal. If the IT process are not significant to the IT Goal, the process does not need to be improved because it has no effect to the IT Goal. This research was conducted to obtain the Maturity Level from each IT process and IT process’s significance to IT Goal. The result of this research is that IT Processes are significant to IT Goal. It can be concluded that IT Productivity Paradox was not occurred.


INTRODUCTION
The reason why the alignment of business and IT is discussed is because there is a need to know the role of IT to the business success of the organization. IT is a tool that is included in the business process which is able to help companies to success, the application of IT in a company/organization should provide benefits, instead merely as an expense only and does not give an advantage to companies/organizations. (Brynjolfsson, 1993) IT from the perspective of function is that the adoption of IT give benefits to company (Chan and Reich, 2007). Application of IT on business processes will add accuracy and efficiency of working time. (Henderson, 1992) The importance of alignment between Business and IT originally proposed by Mc. Lean & Soden (1977) and followed by Henderson & Sifonis (1988). In the year of 1981, IBM provide a motivation of the perspective that the emphasis of the alignment process is to focus on the Strategic Plan for Business and IT long-term plan of the organization. Empirically in (Chan 1997;Irani 2002;Kearns & Lederer 2003), found the findings that support the hypothesis, that people who succeed to align their business strategy with IT strategy will be superior to those who do not apply.
In this case it can be concluded that in order to achieve Good Corporate Governance, the role of IT Governance is very important. Control Objective for Information and Related Technology (COBIT) can be used as a tools to streamline the implementation of IT Governance, i.e., as a management guideline by applying the entire domain contained in COBIT 4.1. Information System Audit and Control Association (ISACA) introduced a framework for managing IT Governance in a company which is known as COBIT (Control Objectives for Information and Related Technologies) (Indrajit, 2006).
The main contents are subdivided according to IT processes. There are 34 IT processes which give a perfect picture of how to control, manage and measure each process. (ITGI, 2007) COBIT Maturity Model can be used as a measurement tool to measure the maturity of a company's position in terms of IT application. The Maturity Model have levels, namely Maturity Level. There are 6 Levels of Maturity: 0 (Non-existent), 1 (Initial/Ad Hoc), 2 (Repeatable but Intuitive), 3 (Defined Process), 4 (Managed and Measurable), 5 (Optimized).
Auditors should develop a questions for each Level of Maturity. Furthermore an Auditors could collect evidence by interviewing employees and observing documents. It can be seen at RACI (Responsible, Accountable, Consulted, Informed) chart (ITGI, 2007).
The most complete guide of best practices for IT management is COBIT 4.1 standard. COBIT is used because it has a fairly good compromise in the management scope and detail processes. (Mukaromah, 2010).
COBIT 4.1 has 17 Business Goals and 28 IT Goals. Business Goal is the goal desired by the company, whereas IT Goal is the purpose of the implementation of IT applied in the company. (ITGI, 2007). With the framework mapped by COBIT 4.1, a companies can focus on Business Goals and IT Objectives to be managed, which is lead to further efficiency of IT management processes.
As it has been described previously, Cobit has 28 IT Goals. This research will be focus on the IT Goals 19 (ITG19) "ensuring that important and confidential information is hidden from the parties who are not interested". The result of this research is that all of the IT Process from ITG19 is significant. So, IT Productivity Paradox does not occur in this case study.

METHODOLOGY
This section describes the steps used to solve the research problem. There are two steps that must be done, they are, determine maturity level and calculate the significance with SEM using GSCA.
There are five steps that must be done to determine maturity level: defining the scope, data collection, due diligence, determine the level of security, and determining the results of the audit of information systems. (Revinggar, et al. 2012) Defining the Scope According to Sarno (2009), by defining the scope and purpose of the audit and also by taking into account the direction of the management, an Auditor will have a most high-risk IT process. Studies conducted earlier stated that the Higher Education Academic data has a high degree of risk in terms of data criticality and confidentiality (Tanuwijaya and Sarno, 2010). Academic regulations which are applied will affect the academic data. IT which is applied in the university is expected to ensure that important and confidential information can only be accessed by the right people. The need for the process must meet "Tri Darma Perguruan Tinggi" (Three Mission of Higher Learning Institution) of the university, must comply with government regulations, the quality of education that was promised to the people must be achieved, and it takes a certainty that provides the fulfillment of the compliance to the government laws and regulations.
The study begins by determining Business Goals perspective. The Internal Perspective that will be discussed in this research is Business Goal 12: "Provide compliance with external laws, regulations and contracts".
After determining the Business Goal, the next step is to determine IT Goal. The most appropriate with the case study of Academic regulation is IT Goal 19, as can be seen in Figure -1.

Data collection
Data collection is done by performing interview with employees to obtain business goals and IT goals data of Research Object. A list of employees who will be interviewed are in accordance with the criteria in RACI The question posed is based on Maturity Model Statement contained in COBIT 4.1. Data from the interviews will be used to calculate the level of maturity of IT implementation.

Maturity Level Determination
Data from the interviews will be used to calculate the level of maturity of IT implementation. From the measurement results of the COBIT paper work, the contribution of each level of maturity will be measured to obtain the value of IT process maturity. There are five levels of maturity (0 to 5) which values are needed to be obtained. Each level of maturity value from level 0 to level 5 gives an organization an idea about the overall of IT process maturity.
"Normalize" value (see table 1) give the organization an idea about the compliance influence of the overall IT process maturity. "Normalize" value is derived from the compliance value from each level divided by total compliance. While the "Contribution" value is obtained by multiplying the value of compliance to the "Normalize" value, and the total of the "Contribution" is the level of maturity value.

Determining the Information Systems Audit Results
The results of the evaluation of the implementation of information systems audit will contain findings, based on the due diligence that carried out, as well as recommendations to improve the existing processes. The format of the report will vary in each organization, so there is no standard format. The final report of the audit should present an overview of today's condition from other similar organization, by which allows the management to take the necessary steps to evolve.

Calculating The Significance Value
Structural Equation Modeling (SEM) is a structural equation model which is a combination of the procedures developed in econometrics (Wijayanto, 2008). SEM was originally known as path analysis developed by Sewal Wright in 1984. Structural Equation Modeling (SEM) was used to examine and justify a model and to explain the relationship between variables that exist in the model. By using SEM, researchers can do things like check the validity and reliability, test the relationship between variables in the model and get the models used for prediction. If the SEM input is in the form of the covariance matrix, SEM will produce a structure that can be used to proof the model. Whereas if the input is in the form of correlation matrix, SEM can be useful for checking the size of the independent variables. By doing so, SEM can be used to determine the dominant variable.
The topic of research in-depth analysis and start doing a hypothesis. Enter the input data in the form of variants or covariance matrix or correlation matrix. 5. Assessing the model identification.

Figure -1 The processes Impact on IT Goal 19
The estimation of the structural equation models. The Estimation of structural equations can use maximum likelihood estimation. 6. Assessing Goodness of Fit criteria.
There are three kinds of goodness of fit: absolute fit measure, incremental fit measure and parsimonious fit measure. Absolute fit measure is used to measure the overall model fit, while incremental fit of the proposed measure is to compare the model with another model. Parsimonious fit measure is to perform adjustment to fit measurements to be compared between models with a number of different coefficient. 7. Interpretation of the model.
The model modification improvements to improve theoretical explanation. GSCA is a new method of SEM-based components that can be used to perform score calculation and can also be applied to small sample (Tenenhaus, 2008). GSCA can also be used on the relationships between variables which are complex, involving higher order and Multi group comparison. In addition, GSCA can also be applied to the structural model which has a strong theoretical basis.
Before performing the test GSCA, research data must first pass the linearity test. This is because of the assumption that the required relationship in the equation is linear GSCA (Subriadi, 2013).

RESULTS
This part explain the Results of the interviews conducted. The obtained results is maturity level of each process. Here are the results of Maturity Level assessment: a). PO6 Maturity Level As it can be seen at x The needs and requirements of an effective information control environment are implicitly understood by management, but practices are largely informal. x The need for control policies, plans and procedures is communicated by management, but development is left to the discretion of individual managers and business areas. x Quality is recognized as a desirable philosophy to be followed, but practices are left to the discretion of individual managers.
x Training is carried out on an individual, as-required basis. As can be seen at x Data are not recognized as corporate resources and assets. x There is no assigned data ownership or individual accountability for data management.

b). DS5 Maturity Level
x Data quality and security are poor or non-existent. d). DS12 Maturity Level As it can be seen in Table -4, DS12 Maturity Level is 0.740. In representation of Maturity Model, it is Non-Existent. It means that: x There is no awareness of the need to protect the facilities or the investment in computing resources. x Environmental factors, including fire protection, dust, power, and excessive heat and humidity, are neither monitored nor controlled.

DISCUSSIONS
IT process Maturity Level of IT Goal 19 (Ensure that critical and confidential information is withheld from those who should not have access to it) is illustrated in Table -5. The two lowest Maturity Level assessment value is on IT process DS11-Manage Data (0.89) and DS12 -Manage the Physical Environment (0.74), it means that those IT processes have to be improved. The improvement of IT process can be done by fulfilling the detail item on each control objectives (each IT process has control objective). IT control objectives provide a complete set of high-level requirements to be considered by management for effective control of each IT process. They are statements of managerial actions to increase value or reduce risk. They consist of policies, procedures, practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and undesired events will be prevented or detected and corrected.

BISSTECH 2015
influence of other variables which is not included in the research model.

CONCLUSION
Cobit Mapping of IT Processes (PO6, DS5, DS11, and DS12) and ITG19 were significant in this case study. These relevance mapping, linking with maturity level, show that IT Process of DS11 and IT Process 12 have to be increased by following Control Objectives on Cobit 4.1 framework.

FUTURE RESEARCH
There are a lots of variables on COBIT framework that can be developed as a model to follow the development of case study. This research model is also can be tested on different case study in order to know if there is any difference result.