Analysis of Capability Level in Dealing with IT
Business Transformation Competition using Cobit
Framework 5 (Case Study at Airasia Indonesia)
Aditya Niken Pratiwi
Computer Science Department, Computer Science Department,
BINUS Graduate Program – Master of
Computer Science Bina Nusantara University
Bina Nusantara University
Jakarta, Indonesia 11480
aditya.pratiwi@binus.ac.id
Abstract— Indonesia AirAsia is one of airline company does
business transformation by aligning IT with organization’s
business objectives to provide optimal service to the customers
(passengers).In the IT management reports that there is problem
at AirAsia Travel Service Center(ATSC) IT service system which
caused decline in the quality service level provided, thus
requiring assessment in order to determine the capability of the
IT service management and solution to the problems that
occurred. Therefore, this research aims to analyze the
information technology governance using COBIT framework 5.
The result of capability level assessment obtained that the
capability level of IT governance in the company is level 2
managed process which is most IT governance activities are
considered to have done, well monitored, but have not been able
to reach the target of capability level that is on level 5 optimized
process. In order to improve those performances, the COBIT 5
framework has provided guidance of recommendations for each
IT governance activities in the company step by step so that
enabling the company to deal with competitiveness IT business
competition.
Keywords—COBIT, capability level, IT governance
I. INTRODUCTION
In line with technological advancement, the ability to use
the information will continue to increase, the quality of
infrastructure will also increase, and generate requirement for
new services. In order to stay competitive in maintaining the
company's business that is driven by technology, the company
should be able to manage the technology applied.
Indonesia AirAsia is one of Indonesian airlines that
headquartered in Kuala Lumpur, Malaysia. The tagline is
"Now Everyone Can Fly". The vision is to be the largest low-
cost airline in Asia and serving the 3 billion people who are
currently underserved with poor connectivity and high fares.
And its mission: ‘maintain the highest quality product,
embracing technology to reduce cost and enhance service
levels [1].
Based on the vision and mission AirAsia is doing
information technology business transformation in running the
business processes, in particular applying information
technology-based systems to assist. In addition to support the
978-1-7281-7071-8/20/$31.00 ©2020 IEEE
2020 International Conference on Information Management and Technology (ICIMTech)
609
Authorized licensed use limited to: Auckland University of Technology. Downloaded on November 02,2020 at 01:07:13 UTC from IEEE Xplore. Restrictions apply.
Suharjito Arief Agus Sukmandhani
Computer Science Department,
BINUS Online Learning, BINUS Online Learning,
Bina Nusantara University
Jakarta, Indonesia 11480 Jakarta, Indonesia 11480
suharjito@binus.edu arief.sukmadhani@binus.edu
vision and mission in Indonesia AirAsia, it has AirAsia Travel
Service Center (ATSC). ATSC is the AirAsia sales office in
collaboration with professional partners and travel agents.
ATSC existence as a partner is considered necessary to develop
distribution channels Indonesia AirAsia. ATSC in Indonesia
already in nine locations, such as Bandung, Semarang, Padang,
Banda Aceh, Lamongan, Malang, Surabaya, and Medan Lubuk
Pakam. ATSC facilitate the customers in the surrounding areas
that may not visit the site AirAsia.com independently.
In infrastructure, ATSC Indonesia AirAsia is constructed to
have a direct connection with existing information systems at
headquarter, so the connection is much faster and obtain
accurate data on travel tickets. However, lately ATSC in
several regions have complained about the performance of the
information system. Some of these complaints such as:
frequent errors when accessing it from a system that was built
where the system is directly related to the center and in the
connection requires more and more difficult and longer time to
access it. These problems have resulted in a decrease in
service levels, which has also resulted in lower levels of
customer satisfaction with the services provided.
The purpose of this research is to analyze the capability
level of IT governance on Indonesia AirAsia using COBIT 5
framework, recommend effective and efficient IT management
and solution in Indonesian AirAsia.
COBIT 5 selected for an IT governance framework general
in which there is guidance that allows the company's goals can
be achieved by evaluating the requirements of stakeholders,
setting direction, and monitor performance, rules and
processes [2]. COBIT 5 provides not only the evaluation of IT
governance at the company, but also provide feedback that can
be used for improvements in the future.
II. LITERATURE REVIEW
A. IT Governance
IT governance is needed because IT is the main driver of the
business transformation process [3]. IT provides an important
influence on the organization in achieving the mission, vision
and goals of the organization. As an important asset with a
13-14 August 2020
high investment and risk value, IT requires good governance
in order to achieve organizational goals.
B. COBIT 5
COBIT 5 is the latest generation of ISACA guidelines which
discusses IT governance and management [2]. This guide
guides company leaders and IT management to be able to
maximize the management of their companies, predict their
risks and safety, and guarantee public recognition. The
company and its executives try to handle information well to
Fig. 1. Research Framework
support business decisions. COBIT has a maturity model to
control IT processes using scoring methods so that an
organization can assess its IT processes from non-existent to IV. RESULT
optimized scales (from 0 to 5) [4]. Figure 1 explains the level
A. Identification
of maturity level [5].
Through observation, documentation and interviews with 30
employees in the company there are several things that can
TABLE I. MATURITY LEVEL COBIT [5]
be concluded for IT services in supporting businesses, such
as:
No Process Level Capability • Does not have a standard reference in IT governance.
The process is not implemented or fails to
achieve its process purpose. At this level, there • Problems with the slow service provided when
1 0 (Incomplete)
is little or no evidence of any systematic accessing the ticket ordering system located at ATSC.
achievement • SLA achieving in handling any problems faced in IT
The implemented process achieves its process
2 1 (Performed)
purpose.
Services
The performed process is now implemented in
a managed fashion (planned, monitored and
3 2 (Managed) adjusted) and its work products are TABLE II. RELEVANCE PROBLEMS WITH COBIT PROCESS 5.
appropriately established, controlled and
maintained Relevance
The managed process is now implemented No. Proses COBIT 5 of Problems
4 3 (Established) using a defined process that is capable of Problems
achieving its process outcomes APO09 Manage service Decreased
1 Have
The established process now operates within agreements. service level
5 4 (Predictable) BAI02 Manage requirements Decreased
defined limits to achieve its process outcomes 2 Have
The predictable process is continuously definition. service level
6 5 (Optimizing) improved to meet relevant current and Decreased
projected business goals. BAI04 Manage availability and service level
3 Have
capacity. and long
handling time
DSS02 Manage service requests The handling
C. Impact/Effort Matrix 4 Have
and incidents. is long
This Impact Effort Matrix is a tool that helps to decide on a process The handling
5 DSS03 Manage problems. Have
solution that must be sought first. With this matrix, it can determine is long
which processes must be carried out first, that is, prioritize those
processes that have a major impact on the company and which are B. Analysis
easy to repair (High Impact, Low Effort), ie in the "Quick Wins" Measurements taken in this study use the COBIT 5
quadrant with the aim of benefiting from process improvement can be framework. the first thing to do is mapping the business goals,
immediately felt.[6].
vision and mission of the company to the IT related goal
III. RESEARCH METHODOLOGY metrics that exist in the COBIT 5 framework in the customer
domain [7]. The results shown in table III.
Researchers used descriptive qualitative research methods
in an effort to measure the level of IT governance capability TABLE III. CURRENT RESULT
using qualitative data obtained from the results of discussions,
questionnaires, observation, interviews and literature review
based on the process in COBIT 5. Current
No Domain Process
Capability
In this study using several stages as shown in Figure 1. 1 APO 09 Manage Service Agreement 2 Managed
2 BAI 02 Manage Requirement Definition 2 Managed
Manage Availability and 3
3 BAI 04
Capacity Established
Manage Service Request and
4 DSS 02 2 Managed
Incidents
5 DSS 03 Manage Problems 2 Managed

978-1-7281-7071-8/20/$31.00 ©2020 IEEE 13-14 August 2020

2020 International Conference on Information Management and Technology (ICIMTech)
610
Authorized licensed use limited to: Auckland University of Technology. Downloaded on November 02,2020 at 01:07:13 UTC from IEEE Xplore. Restrictions apply.
 The targets desired by the IT division based on the Feasibility study
√
There is management
discussion originating from the interviews are illustrated in report activity in reviewing
BAI 02.02
alternative solutions and
the table IV. Perform a
explaining selected
feasibility
High-level actions in the form of
TABLE IV. APO09 PROCESS – ACTIVITY MANAGE SERVICE AGREEMENT study and
acquisition/devel √ higher-level
alternative
opment plan development planning,
solutions
but less regularly and
APO 09 Manage Service Agreements consistently done.
Avail
Process Output Observation Result Requirement risk There are management
ability √
register activities and prioritizing
Identified The activity of reviewing BAI 02.03
risk needs functionally
gaps in IT and redesigning IT service Manage
- and technically well
services to needs has not been well Requiremen Risk mitigation
APO 09.01 √ managed and carried out
managed and there is no ts risk actions
Identify IT the business regularly and
output.
Service Definitions consistently.
of standard - Sponsor There are activities that
services approvals of √ review the quality of
BAI 02.04 requirements and service needs and
There is an activity to make
APO 09.02 Obtain proposed solutions and get
a catalog of IT services that
Catalogue IT Service Approval of solutions approval or final
√ are managed, but not
Enabled catalogues requiremen decisions from business
regularly and consistently.
Service ts and sponsors that are well
Approved quality
solutions √ managed and need to be
There are activities to reviews
APO 09.03 improved even more to
SLA/Operatio analyze changes in IT maintain consistency
Define and
nal level services, but not been done
prepare √
agreements regularly and consistently.
service
(OLAs)
agreement TABLE VI. BAI04 PROCESS - MANAGE AVAILABILITY AND CAPACITY
Key There are activities
BAI 04 Manage Availability and Capacity
objectives evaluating the performance
Avail
to be of service agreement reports Process Output Observation Result
ability
and decision making on
monitored BAI 04.01 Availability,
planning and improvement
for benefit actions on issues that are not
Assess performance
√
delivery current and capacity The company has not
done regularly and
APO 09.04 managemen availability, baselines improved the activity
consistently
Monitor and performance process in evaluating
Reports
t √
and performance in the face of
service levels Approved capacity
Evaluation
√ change
process for against SLA
and create
measuring baseline
benefit Availability, Management of activities
delivery performance
√
ensures that the process
managemen and capacity owner truly understands and
BAI 04.02
t scenarios approves the results of the
Assess
There are effective service Availability, identification and analysis
Business
agreement review activities performance of business impacts that
APO 09.05 Impact
and service changes, but and capacity √ there has been no attempt to
Review business impact improve
Updated they are not done regularly.
service √ assessments
SLAs
Agreement BAI 04.03 Prioritized Lack of management
and Contract √
Plan for improvements process in identifying
new or availability and capacity for
Performance
changed changing business needs
and capacity √
service and opportunities for
plans
requirement improvement.
TABLE V. BAI02 PROCESS - MANAGE REQUIREMENT DEFINITION The company has not yet
BAI 02 Manage Requirements Definition BAI 04.04 increased its control
Availability,
Avail Monitor and engineering activities in the
Process Output Observation Result performance
ability review process of collecting data
and reports, √
Requirement There is management availability and providing review
BAI 02.01 approved
definition √ activity in defining and reports that are used to
Define and quality reviews
repository business needs related to capacity communicate with company
Maintain management
Confirmed the current business
business BAI 04.05 Performance Management of
acceptance capability gap with the
functional √ Investigate and capacity √ investigations and solutions
criteria from desired and changes, but
and and address gaps to problems of service
stakeholders it is not done regularly
technical availability, Corrective availability, performance
Record of and consistently √
requiremen performance actions and capacity and
requirement √
ts and capacity Emergency √ identification of gaps have
change requests

978-1-7281-7071-8/20/$31.00 ©2020 IEEE 13-14 August 2020

2020 International Conference on Information Management and Technology (ICIMTech)
611
Authorized licensed use limited to: Auckland University of Technology. Downloaded on November 02,2020 at 01:07:13 UTC from IEEE Xplore. Restrictions apply.
issues escalation not been made to improve TABLE VIII. DSS03 PROCESS MANAGE PROBLEMS
procedure
DSS 03 Manage Problems
Avail
Process Output Observation Result
ability
TABLE VII. DSS02 PROCESS MANAGE SERVICE REQUESTS AND Problem There are activities to
INCIDENTS classification √ determine and implement
DSS 02 Manage Service Requests and Incidents scheme the criteria and procedures
Avail Problem status for the problems that occur
Process Output Observation Result DSS 03.01 √
ability reports have been managed well.
Identify and
Incident and However, the activity of
classify the
service correlating the incident
There are activities problems
DSS 02.01 request report with the source of
√ determining the classification Problem
Define classification √ the problem and its
model of incidents and service register
incident and schemes and recording must not have
requests, as well as the rules been running orderly and
service models
and procedures for escalating consistently.
request Rules for
incidents. However, Root causes of There are activities to
classification incident √ √
management must still be problems investigate and diagnose
schemes escalation
improved so that it can run problems and assess and
Criteria for
more organized as expected analyze the causes of
problem √
registration DSS 03.02 problems that have been
Incident and Investigate managed well. However,
There are activities that
service √ and Problem the activity of comparing
identify and clarify service
DSS 02.02 diagnose the resolution √ incident data with a
request log requests that are well managed.
Record, problems reports database of known and
Classified However, there are
classify and suspected incidents as well
and deficiencies in prioritizing
priorities as reporting impacts if not
prioritized service requests and incidents
request and √ resolved has not proceeded
incidents based on SLAs. With the aim
incidents. regularly and consistently
and service that this process can run more
requests regularly and consistently. Known-error There are activities to
√
records record errors and evaluate
Approved There are activities to verify,
DSS 02.03 solutions of errors that are
service √ obtain approval and fulfill DSS 03.03
Verify, known to have a low level
requests service requests in accordance Raise known Proposed
approve and so it needs to be considered
with the specified procedures errors solutions to √
fulfill Fulfilled and improved more so that
that have been well managed, known errors
service service √ this activity can be planned
but have not been carried out
requests. requests and managed better.
regularly and consistently.
Closed problem There are activities to solve
DSS 02.04 Incident In this process there is still a √
√ records problems and inform
Investigate, symptoms lack in identifying and DSS 03.04
related people so that they
diagnose and describing symptoms and Resolve and
Communication are aware that future
allocate noting new problems must be close
Problem log √ of knowledge √ incident prevention plans
incidents. further improved and managed problems
learned are not yet regular and
even more.
consistent.
In the process of documenting,
There are ongoing activities
DSS 02.05 applying and testing solutions
of identifying and initiating
Resolve and Incident to problems that occur are still
√ solicitation, discussions
recover from resolutions at a low level, so this needs to
with management about the
incidents be considered, planned and
problem and preparing
managed even more.
reports to monitor the
Closed
resolution of problems to
service DSS 03.05
√ Problem business needs and SLAs
requests and Perform
DSS 02.06 resolution are well managed.
incidents Activities in the process of proactive √
Close monitoring However, activities in
User assessing satisfaction with the problem
service reports enabling companies to
confirmation solution to the problem are not management
request and monitor the cost of
of going well.
incidents √ problems and the results of
satisfactory efforts to change and
fulfilment or increase the use of
resolution resources have not been
Incident The activity of analyzing and running regularly and
status and √ reporting incidents on time has consistently.
trends report been well managed. However,
DSS 02.07 extensive incident tracking
Track status activities in order to improve C. Measurement.
Request
and produce
fulfilment
solutions have not gone well. From the results of these calculations, there is an ability value
reports. √ This is done with the hope that expected by Indonesia AirAsia which was obtained through
status and
this process can be increased
trends report
into more regular and the results of the interview. There is a difference between the
consistent activities. current level of capability (as is) and expected (to be). It is
appearing that the greatest gap value is 3, which are process

978-1-7281-7071-8/20/$31.00 ©2020 IEEE 13-14 August 2020

2020 International Conference on Information Management and Technology (ICIMTech)
612
Authorized licensed use limited to: Auckland University of Technology. Downloaded on November 02,2020 at 01:07:13 UTC from IEEE Xplore. Restrictions apply.
APO09 Manage Service Agreement and process the DSS02 In this study, a subjective weighting of the impact of the
Manage Service Request and Incidents. Based on this result, process carried out was obtained from interviews with people
showed that the both processes are far from the expected, and who understood about the process for the company, namely
it requires more efforts by performing the recommendation of the Head of ICT at the Indonesian AirAsia company. The
COBIT 5 framework as guidelines on those processes. results of the interview were like:
• APO 09 Manage Service Agreement have a service
TABLE IX. TABLE OF CAPABILITY LEVEL GAPS agreement document and have a commitment with the
Gap agreed Service Level Agreement (SLA). This process has
Current Expect
No
Dom
Process Capabili Capabili
Value a 75% risk level on the company's business and 25%
ain (Expect- stakeholders.
ty ty
Current)
5 • BAI 02 Manage Requirement Definition, The process
APO Manage Service 2 of defining needs to be adjusted to existing resources,
1 Optimizi 3
09 Agreement Managed
ng especially in the management of information technology
Manage 3 which has been running well so that the influence of the
BAI 2
2 Requirement Establish 1
02
Definition
Managed
ed
many stakeholders affected by the process is 60% and
Manage 3 5 has a risk level to the company's business by 40%.
BAI
3
04
Availability and Establish Optimizi 2 • BAI 04 Manage Availability and Capacity, the process
Capacity ed ng of managing service availability and capacity has a risk
Manage Service 5
4
DSS
Request and
2
Optimizi 3
level for the company's business of 80% and influence on
02 Managed stakeholders affected by the process by 20%.
Incidents ng
DSS Manage 2
4 • DSS 02 Manage Service Request and Incidents, the
5 Predictab 2 process of fulfilling customer requests for services and
03 Problems Managed
le
incidents is adjusted to the agreed SLA. This process has
a risk level for the company's business of 80% and
Gaps value are used to determine which processes should be stakeholders affected by the process by 20%.
prioritized to do repairs. In this study, to prioritize process
• DSS 03 Manage Problems, the process of handling
improvement using Effort Impact Matrix. Effort Impact
disruptions that occur requires the process of prioritizing
Matrix is a tool that helps to decide which process the solution
disruptions that have a greater impact that impedes
should be pursued in advance [6].
efforts to achieve the company's business goals.
Table III ACTIVITY PERCENTAGE TABLE AND GAP VALUE Therefore, this process has a risk level of the company's
business of 65% and stakeholders affected by the process
Percentage of Percentage of 35%.
activity Gap value
Number From the results of the interview, the amount of weighting for
(number of (number of
Process of Gap the influence of the many stakeholders affected by the process
activities / gaps /
Name process value
activities
numbers of numbers of is as follows:
max. activity x max. gap x = Σ weight of each process / Σ Number of process
100%) 100%)
= 25% + 60% + 20% + 20 % + 35% / 5 = 32% ≈ 30 %
APO 09 From the results of the interview obtained the amount of
Manage (20/25) x100% (3/3) x100%
Service
20
= 80 %
3
=100%
weighting for the level of risk to the company's business as
Agreement follows:
= Σ weight of each process / Σ Number of process
BAI 02 = 75% + 40% + 80% + 80 % + 65% / 5 = 68% ≈ 70 %
Manage (17/25) x100% (1/3) x100%
Requirement
17
= 68%
1
= 33% Based on the results of the weighting obtained the amount of
Definition impact and effort as shown in Table

BAI 04 Table IV IMPACT AND EFFORT CALCULATION

Manage (25/25) x100% (2/3) x100%
25 2
Availability = 100% = 66% Rela
and Capacity Imp Tota
ted Gap
Process act Impact l Weights
resp valu
Name of Weight activ Effort
DSS 02 onde e
Risk ity
Manage nts
(24/25) x100% (3/3) x100%
Service 24 3 APO 09
= 96 % = 100% (0.3x100) (0.3x100)
Request and Manage
Incidents + +
Service 100 100
80% (0.7x80) 80% (0.7x80)
Agreeme % %
DSS 03 nt =30+56 =30+56
(23/25) x100% (2/3) x100%
Manage 23 2 =86 =86
= 92% = 100%
Problems BAI 02 87% 90% (0.3x87) 33% 68% (0.3x33)

978-1-7281-7071-8/20/$31.00 ©2020 IEEE 13-14 August 2020

2020 International Conference on Information Management and Technology (ICIMTech)
613
Authorized licensed use limited to: Auckland University of Technology. Downloaded on November 02,2020 at 01:07:13 UTC from IEEE Xplore. Restrictions apply.
 Manage + +
Requirem (0.7x90) (0.7x68)
ent =26+63 =9+47
Definitio
n =89 =56

BAI 04 (0.3x87) (0.3x66) Fig. 3. Research Framework

Manage + +
87% 100 100
Availabil (0.7x100) 66% (0.7x100)
% % V. CONCLUSION
ity and =26+70 =19+70
Capacity =96 =89
IT governance assessment on ATSC Indonesia AirAsia
DSS 02 (0.3x100) (0.3x100) Indonesia using COBIT 5 framework produces an average
Manage + + level of capability acquisition of the whole process that is
Service 100 100 (0.7x100) 100
96%
(0.7x96) considered to be at level 2 Managed Process, which means
Request % % =30+70 % =30+67 that most of the governance activities in the domain that are
and
=100 =97 assessed have been carried out, monitored with well. Whereas
Incidents
(0.3x87) (0.3x66) the majority of the desired level targets at level 5 are
DSS 03 + + Optimized Process. In order to reach level 5, it is expected to
100 start designing innovations in accordance with the mission of
Manage 87% (0.7x100) 66% 92% (0.7x92)
%
Problems =26+70 =19+64 the Indonesian AirAsia company, such as vending machine
=96 =83 ticket innovations and chatbots so that it can make it easier for
customers to order tickets and improve service quality using
After obtaining the weighted impact and effort weighting of information technology and to overcome the problem of
each process, then placed into the matrix as shown in Figure application errors is advised to use the 3rd application party
that is connected to the API owned by AirAsia.com and has
the concept of B2B (Business to Business).
REFERENCES
[1] Airasia, “Asia Group Berhad Annual Report 2017,” pp. 1–69, 2017.
[2] ISACA, A Business Framework for the Governance and Management
of Enterprise IT. 2012.
[3] H. M. Jogiyanto, Sistem Tatakelola Teknologi Informasi. Andi, 2017.
[4] H. Surbakti, “Managing Control Object for IT (COBIT) Sebagai
Standar Framework Pada Proses Pengelolaan IT-Governance Dan
Audit Sistem Informasi,” J. Teknol. Inf., vol. VII, no. August, pp. 1–14,
2012.
[5] ISACA, COBIT Self-assessment Guide: Using COBIT 5. 2013.
[6] B. Andersen and T. N. Fagerhaug, The ASQ Pocket Guide to Root
Fig. 2. Impact Effort Matrix Results Graph Cause Analysis. 2014.
[7] ISACA, Enabling Processes. 2012.
[8] S. COBIT, “A Business Framework for the Governance and
Management of Enterprise IT,” Roll. Meadows, 2012.
D. Recommendation [9] S. De Haes, W. Van Grembergen, J. Anant, and T. Huygh, Enterprise
Due to the results of the of impact and effort assessment to Governance of Information Technology, Achieving Alignment and
the process that is closely related to the issues that faced, the Value in Digital Organizations, Third Edition. 2020.
[10] A. Uhl and L. A. Gollenia, A handbook of business transformation
DSS02 manage service requests and incidents have very high management methodology. Routledge, 2016.
impact and effort value, in order to improve the entire [11] D. Y. Lulu, “Analisa Teori IT Governance menggunakan COBIT 5,”
processes of IT governance according to the framework of the Teknik Elektro dan Komputer, vol. I, no. I. pp. 99–106, 2013.
guidelines COBIT 5 simultaneously so technically suggested [12] D. Zhang and C. Zhou, “Adoption of COBIT 5 and ITIL in Small and
Medium Size Enterprises in China,” 2014.
the company use 3rd party applications that connect to the API [13] G. Bithas, K. Kutsikos, D. P. Sakas, and N. Konstantopoulos,
which is owned by AirAsia.com. Website AirAsia.com tends “Business Transformation through Service Science: The Road Ahead,”
to be stable because it uses the concept of B2C (Business to Procedia - Soc. Behav. Sci., vol. 175, no. March, pp. 439–446, 2015.
Customer). AirAsia.com also has an API that makes 3rd party [14] J. Teknik Elektro, F. Teknik, A. Djunaedi, and D. Adhipta,
“Perancangan Tata Kelola TI Dengan Menggunakan Framework Cobit
application can be linked with AirAsia.com easily. Suggested 5 (Studi Kasus: Pemerintah Kab. Jeneponto),” J. Teknol. Inf. dan
3rd party applications that have the concept of B2B (Business Komput., vol. 1, no. 1, 2016.
to Business). It expected with this concept, each ATSC will [15] S. A. U. Khasanah and RR Yupie Kusumawati, “Api, K., Persero, I.,
have a special account as a travel agent who has a price and a Semarang, D., Arif, S., Khasanah, U., & Kusumawati, R. R. Y. (n.d.).
Menggunakan Kerangka Kerja Cobit 5 Pada Kereta Api INDONESIA
special promo from AirAsia. 3rd party concept will be very (PERSERO) DAOP 4 Semarang.”
good if it bundled with the management service. The purpose [16] Lisia, “Evaluasi Tata Kelola Sistem Informasi Pada Pt Garuda
of this concept itself is to facilitate the division of ICT to Indonesia Branch Office Pangkalpinang Dengan Menggunakan
improve the IT governance first. Framework Cobit Versi 4.0,” pp. 1–8.

978-1-7281-7071-8/20/$31.00 ©2020 IEEE 13-14 August 2020

2020 International Conference on Information Management and Technology (ICIMTech)
614
Authorized licensed use limited to: Auckland University of Technology. Downloaded on November 02,2020 at 01:07:13 UTC from IEEE Xplore. Restrictions apply.