Audit of Information Technology Governance on School Operational Cost Flow in SMKN West Jakarta Using COBIT 2019

IT governance is a process that aims to carry out the process of aligning business objectives in an agency in accordance with the business strategy applied to that agency. One sector that is trying to improve IT in improving its governance is the education sector including all SMKNs in West Jakarta. The problem with data management within the West Jakarta Vocational High School is that there is no analysis and research on good and relevant information technology governance in every budget the boss funds issue. This study aims to determine the level of capability and gaps in information technology governance that is currently being implemented, namely the boss fund management information system (Rkas, Arkas, Ready Bop Bos and Headquarters). This study uses analysis based on the 2019 COBIT standard with a focus on the APO12 (Managed Risk) and APO13 (Managed Security) domains to produce a value of capability level that can be used as a reference for analyzing risk management and security management in boss fund management at all West Jakarta Vocational High Schools. The data used in this study came from interviews, questionnaires and direct observation to the research site. The audit results show. APO12 level 2 capability level with a value of 89.29% (Fully Achieved). The capability level of APO12 is level 3 with a value of 77.36% (Largely Achieved) where the capability level of Level 3 APO12 does not reach Fully Achieved so that the capability level of APO12 is at level 3 The capability level of APO13 level 2 with a value of 61.43% (largely Achieved) which does not reach Fully Achieved so The capability level of APO13 is at level 2. The results of this study provide recommendations for aligning the vision, mission, and objectives of boss fund management, so as to improve the function of the boss fund management information system in all West Jakarta SMKN.


Introduction
Information technology becomes an important thing in an organization to help in the process of increasing the effectiveness and efficiency of running an organization.With the application of IT that is e-ISSN: 2723-6692  p-ISSN: 2723-6595 increasingly intensive, the application of IT has a high risk in the running of a system, the application of IT needs to be carried out a comprehensive supervision process to support to achieve a good, effective and efficient IT governance mechanism (Widilianie &;Manuputty, 2019).
IT governance is a process that aims to carry out the process of aligning business goals in an agency in accordance with the business strategy applied to the agency (Saproni Majid, 2018).One sector that seeks to improve IT in improving its governance is the education sector including all SMKNs in West Jakarta.The problem that exists in data management within SMKN West Jakarta is that there is no analysis and research on good and relevant information technology governance in each budget that the boss fund comes out.
This study aims to determine the level of capability and gap in Information Technology Governance that is currently being carried out, namely the application of the boss fund management information system, namely Rkas, Arkas, Siap Bop Bos and Headquarters.This research uses the COBIT 2019 Domain APO.12 and APO.13 frameworks.The COBIT 2019 framework is a more flexible framework.With the design factor in the Design toolkit (ISACA COBIT 2019) to determine the objectives of the process to be evaluated as the superior process for the benefit of the company.In evaluating the objective of the process, COBIT 2019 will be assessed using the capability level to measure the level of objective capability of the company/agency process (Insani, Samsudin, &;Ikhwan, 2022).The APO.12 Domian Process aims to integrate I&T-related enterprise risk management with overall enterprise risk management and balance the costs and benefits of managing I&T-related enterprise risks (Anugrah, Utami, & Muhammad, 2022).Domian APO.13 aims This process has the aim of maintaining the impact and occurrence of information security incidents within the level of risk appetite that the company has.IT security is needed for companies to minimize and prevent adverse incidents for companies such as data loss and data theft of harmful information.
The results of this study provide recommendations on these problems so that over time the implementation of the boss fund management information system, namely Erkas, Arkas, Siap Bop Bos and Headquarters has a more positive impact on schools and the West Jakarta Education Office The results of this research are expected to be used as a reference in the study of the field of education management in improving the quality of financial statements in all SMKN West Jakarta

Materials and Methods
According to Grembeergen, Haes, and Guldentops (2004) in (Kusbono, Hendrik, Ariyadi, and Lestariningsih 2019) that Information Technology Governance is an organizational action carried out by the board of directors, executive management, and also IT management to control the formulation and implementation of IT strategies that ensure cohesiveness between business and IT (Volkers, 2019) .Audit or inspection in a broad sense means the evaluation of an organization, system, process or product.Audits are carried out by competent, objective and impartial parties called auditors.The purpose of holding an audit is to verify that the subject of the audit has been completed or runs in accordance with approved and accepted standards, regulations and practices (Winarto, 2022) The Bos Fund is a fund used to fund non-personnel expenditures for primary and secondary education units as implementers of compulsory education programs.Along with the needs that must be used in COBIT 2019 within SMKN West Jakarta, therefore the government recommends that school Operational Assistance Fund managers are expected to have a decree to be responsible for managing school aid funds.

Feasibility Assessment
The feasibility assessment of applying for BOS funds is carried out by the Education Office, in this case the Pusdatikomdik Sector.

4.
Budgeting Determination of the BOS fund budget to be given by the PP field of the Education office 5.
Disbursement of Funds Disbursement of BOS funds to each State Education unit in West Jakarta is made with a payment application, namely SIAP BOP BOS.

6.
Reporting on the Use of Funds Reporting on the use of BOS funds is carried out by the Education Unit Level through the ARKAS application, which is an application used to report the use of BOS SMKN funds in West Jakarta.

7.
Fund Management Audit Audits of the management of BOS funds are carried out by Internal Schools and External Education units in this case 8.

Evaluation and Recommendations
Evaluation of audit results and improvement recommendations

Follow-up Improvements
Implementation of follow-up of recommendations 10.

Monitoring the Use of Funds
Monitoring the use of BOS funds by SMK Information technology governance audit standards are an audit guideline in the process of formulating, determining, applying evaluation analysis of information technology management in the company.In this study, the audit guidelines used are COBIT (Control Objective for Information and Related Technology) issued and prepared by the IT Governance Institute which is part of ISACA (Information System Audit and Control Association) in 1996.ISACA is a global association that helps individuals and companies achieve the positive potential of technology.And COBIT is a top of auditing framework that is the best practice internationally in auditing (IT Governance Ltd, 2015) The method used in this study is COBIT 2019, because COBIT 2019 is one of the guidelines and frameworks most relevant to this research because it focuses on problem analysis, namely capability level and gap.In addition, the processes and governance contained in COBIT 2019 are very relevant.This is in line with the organization's need to produce an assessment of existing business processes to be improved so that they have the potential to produce findings as weaknesses so that they can be overcome with IT governance processes.(Ridwan Dwi Irawan, 2022) The domains used are APO12(Managed Risk) and APO.13(Managed Security).Goal Cascade is a mechanism in defining corporate goals adopted in the COBIT 2019 framework into IT-related goals.Design factors are factors that can influence the design of corporate governance systems and position them for success in the use of I&T (Isaca, 2012).a. Problem identification: SMKN West Jakarta has implemented a boss fund management information system, namely Rkas, Arkas, Siap Bop Bos and Headquarters for quite a long time, but there has been no thorough evaluation to maintain its optimal level.So identify the problem in this study as follows: -There are no governance standards in the management of the BOS Fund at SMKN West Jakarta -The process has used the boss's fund management information system, namely Rkas, Arkas, Siap Bop Bos and Headquarters in transactions and disbursements when received by the school, but poorly in the management of their respective schools.-The occurrence of a change of operator of the Boss Fund and a change of school treasurer that can trigger unwanted things -Organizational Governance: The governance audit will look at the organizational structure of SMK, including the roles and responsibilities of managers, decision-making mechanisms, and internal control systems.Problems can arise if there is no clear separation of duties, lack of accountability, or lack of communication and coordination among the different parts -The governance audit will also examine how SMK manages their finances, including budget usage, fund accountability, and transparency in financial management.Lack of effective financial controls or deficiencies in financial documentation and reporting can be a problem in audits.b.Literature study: literature study using documents from books, journals and reliable reference sources related to information technology and COBIT 2019 c. Analysis of company documents, interview process and analysis of interview results : -Through the process of observation and discussion related to the management of boss funds in the information system of Rkas, Arkas, Siap Bop Bos and Headquarters, interviews with employees and section heads who are directly involved with the ICT process within the West Jakarta Education Office and in all SMKN West Jakarta -Observations are made to ensure the validity of the data received from the interview results.At this stage, an interview will be conducted to find out the documentation/report on the management of boss funds for 2019-2021.d.Respondent Determination : - After the questionnaire is distributed, the first data analysis method is Guttman Scale, then continued with capability analysis (as-is) and capability analysis (to-be), and finally continued with gap analysis.Gap analysis is obtained from the difference between capability (AS-IS) and capability (TO-BE).h.Giving recommendations: Provide recommendations to IT management where they will distribute the results of recommendations to stakeholders.The last stage towards the completion of the research after the recommendations are obtained is to provide conclusions and suggestions for research that has been carried out.

Result and Discussion
A. Design Factor

Figure 5. Design Factor Results
Domains that have a value of ≥75, namely APO12 worth 100 and APO13 worth 85, become objectives that have higher values and objectives that require ability level 4 than other objectives, so APO12 and APO13 are process objectives that will proceed to the core stage.Level 3 capability test was carried out Objective APO12 did not reach Fully Achived so that APO12 capability was at level 3 and did not proceed to the next level.d.Obtained the objective capability level value of APO13 at level 2 with an achievement value of 61.43% (largely Achieved) e. Conducted an objective Level 2 capability test, APO13 did not reach Fully Achived so that APO13 capability was at level 2 and was not continued to the next level.

C. Analysis of As-Is and To-Be
Table 3. Findings (As-Is) and Capability Level (To-be) APO12

Objektif
As-Is Tobe APO12 1. Record data risks such as machine input errors by staff, unstable networks, computers that sometimes experience damage and slow application servers 2. Risk management documentation and SOPs are in place, but technology analysis has not worked well.3. Governance assessments related to technology risks by third parties have never been carried out well. 4. Documentation related to risk profiles already exists only related to organizations but not related to information technology.
The activity carried out has achieved its objectives, is well defined, and its performance can be measured quantitatively Table 4. Findings (As-Is) and Capability Level (To-be) APO13

Objektif APO13 Objective Maturity Level Findings Tobe APO13
1.There is no documentation that discusses the design, implementation and maintenance related to information security management 2.There is no documentation that discusses information security risk management plans that can reach all aspects of information technology.3.There are no school activities to monitor and assess the management of information security The activity carried out has achieved its objectives, is well defined, and its performance can be quantitatively measured.
e-ISSN: 2723-6692  p-ISSN: 2723-6595 4.There is already a unit in charge of planning, managing, monitoring and regulating matters related to information security management.documents containing the design, implementation, and maintenance of procedures and policies in managing information security, running secure IT and in line with the management of boss fund management.2. Carry out an internal security audit program as an effort to monitor and assess the improvement of the effectiveness of information security procedures and policies are appropriate or not

Conclusion
It is known that all objectives evaluated are Align, Plan and Organize (APO) domains.In the APO12 -Managed Risk Process, the governance of boss fund management in the boss fund management information system (Erkas, Arkas, Siap Bop Bos and Headquarters), in all SMKN West Jakarta get a level of ability to be at level 3 and in the APO13 process -Managed Security, boss fund management governance in the boss fund management information system (Erkas, Arkas, Siap Bop Bos and Headquarters), In all SMKN West Jakarta gets a level of ability that is at level 2. The level of capability obtained by APO12 is the level of objective ability of the process which states that activities have been running but have not been carried out properly so that improvements are needed based on GAP to achieve the expected level of ability, namely level 4 where the expectation states that activities are carried out as well as possible, consistent and structured.The level of capability at level 2 objective APO13, where information security in IT, namely the application of the boss fund management information system in each SMKN West Jakarta, there is no special plan / documentation and there is no status of running these activities, but information security in the company is needed.With the recommendations obtained in GAP, it is hoped that APO13, namely information security, can be improved to maintain important data or information in the boss's fund management information system.

Figure 1 .
Figure 1.Goal Cascade Cobit 2019 (source ISACA, 2018)Design factors have 11 stages, where design factors stages 1 -4 determine the initial scope of the governance system and stages 5 -11 improve the scope of the governance system.With design factors, IT governance can have focus areas for the company based on its criteria so that the company has an objective focus of processes that align with its business objectives.(2019,n.d.)

Table 1 .
Business Process of Bos Fund Management SMKN West Jakarta

Table 2 .
Results of Capability Level and GAP Analysis Explained that researchers obtained the results of the capability level of information technology governance in the application of the Rkas, Arkas, Siap Bop Bos and Headquarters fund management information systems, namely:a.Obtained the objective capability level value of APO12 at level 2 with an achievement value of 89.29% (Fully Achieved) b.Obtained the objective capability level value of APO12 at level 3 with an achievement value of 77.36%(Largely Achieved) c.

Table 5 .
Audit Results and Recommendations