SIPADU MATURITY LEVEL EVALUATION USING COBIT 4.1: CASE STUDY OF GEOSPATIAL INFORMATION AGENCY

: Public financial management transparency and accountability is one of the implementations of good governance. The Geospatial Information Agency (BIG) has developed the Integrated Budget Implementation Information System (SIPADU) application to monitor the government's financial management to achieve accountable and transparent financial management. SIPADU has been built and used, but its implementation has not yet achieved an optimal function. This study found that it is related to the SIPADU management evaluation, maturity level, and SIPADU governance improvement. This study aimed to analyze SIPADU maturity level using the COBIT 4.1 approach. The sampling method used was purposive sampling, and the respondents were users and administrators of SIPADU. Interviews were conducted, in addition to the questionnaire results measurement. The data were calculated to determine the maturity level. The results showed that the SIPADU maturity level was still level 3 below the expected level, namely level 4. The agency's management is recommended to develop SIPADU.


INTRODUCTION
Government's finances management accountability is one of the implementations of good governance, each ministry / institution is required to carry out transparent and accountable government's financial management so that the target of bureaucratic reform, namely the realization of a clean and corruption-free government can be achieved. In line with the ideals of bureaucratic reform, the Geospatial Information Agency (BIG), one of the Non-Ministry Government Institutions (LPNK), has set several organizational goals, one of which is: The realization of a clean, accountable and highperformance government administration.
Accountability for government's financial management is set forth in accurate and timely financial reports. The financial statements were audited by the Supreme Audit Agency and from 2013 to 2016 BIG's opinion on financial statements had not yet reached the predicate Fair without exception. BIG as a government institution established through Law number 4 of 2011 is responsible for the availability and access of geospatial information. The General and Finance Bureau, one of the work units that has the task of managing the public finances, is building an Integrated Budget Implementation Information System (SIPADU) application. SIPADU is an information system that provides budget execution data as leadership material in monitoring budget execution, it is hoped that SIPADU data can also be used as input for preparing the next period's budget planning. The information system was built from mid-2018 and began to be used in early 2019.
In optimizing the IT added value and minimalize IT risk for organization an IT governance is required. Gondodiyoto (2007) stated that IT governance is an important part from successful good corporate/ government governance. Therefore an IT governance model is required that can be used to measure the performance and achievement of the organization business goals. The model must also be a reference for the conformity of an organization's IT management with IT management standards that is common and acknowledged globally. To optimize IT governance, and also to know its alignment with the strategy and the organization goals, it is necessary to carry out an analysis of the implementation of the IT systems (Jourdana et al. 2017).
IT governance ensures the measurement of the effectiveness and efficiency of improving the organization's business processes through IT-related structures towards the company's strategic goals. In order for IT services to run as expected, it needs to be supported by IT governance. One of the standards to support IT governance is COBIT (Control Objectives for Information and Related Technology) created by the Information Systems Audit and Control Association (ISACA), and the IT Governance Institute (ITGI) in 1992. COBIT is based on the analysis and harmonization of existing information technology standards and best practices, as well as in accordance with COBIT principles which are controlled by business needs, which cover all information technology activities, and prioritize achieving effective governance, management and control that are accepted generally (Anderson et al. 2018).
IT governance in the use of SIPADU at BIG needs to be measured, to determine the maturity level of SIPADU. SIPADU is an application that provides web-based budget execution information. SIPADU processes data sourced from several applications. SIPADU consists of three main modules, each of which provides information on plans and progress of budget implementation. The module consists of 1) Budget realization module 2) Activity realization module 3) Goods/services procurement realization module and contracts. The budget realization module provides information on the plan and progress of budget realization for each working unit, the realization of the budget is presented in the form of graphs and curves.
SIPADU was formally started to be used from 2019, as an application that provides data and budget execution information, SIPADU was expected to support management in monitoring finances management in BIG. IT governance is the key to success, so that system information can give added value to the organization. SIPADU that has been operated needs to be evaluated the governance, whether SIPADU has give added value for BIG in finances management. In this study, it is known that it is related to the evaluation of SIPADU management, the level of maturity and improvement of SIPADU governance. The hope is to become a recommendation for system management, especially the use of information technology. The identification process must be based on multiple points of view. In the process of using it, it focuses on developing a framework related to security, risk management, documents, reports, internal and external regulations and others. Measurements are carried out on the facts of the maturity of controlling processes that occur within the organization using a questionnaire in accordance with the COBIT 4.1 framework.
The data collection method was carried out by guided interviews based on the questions in the questionnaire, in addition to that an observations were conducted to strengthen the research results. The data collected in this study are primary data and secondary data. The collection technique is carried out in several steps, namely: 1) Literature study related to IT planning and governance and regulations. 2) Data collection (observation and interviews). Collecting data by holding direct questions and answers to people who are considered to be able to provide an explanation of IT governance at SIPADU, how the processes that occur in SIPADU in each of the PO, AI, DS and ME domains from the information or the results of the interview can be used as findings or references in each Control Objective in each domain, and a direction for making suggestions or conclusions from this research. 3) The questionnaire is used as a tool to be distributed to a number of respondents who understand, with the aim of obtaining the information needed in problem solving efforts that contain a list of questions. Respondents consist of management, staff, and users of SIPADU. The form of the questionnaire was made according to the COBIT 4.1 domain standard.
COBIT 4.1 analysis is an analysis used to identify and classify all business activities managed in the system. In COBIT 4.1, all activities are divided into four domains, including: a) Plan and Organize / PO (10 processes), which consists strategies and tactics related to identifying the use of IT that can contribute to achieving business goals. b) Acquire and Implement / AI (7 processes), is a process domain that realizes IT strategies, as well as IT solutions needed to be applied to organizational business processes. In this domain, change management is also carried out to the existing system to ensure a continuous process. c) Deliver and Support / DS (13 processes), which is a process domain related to the services provided, ranging from traditional operations to security and sustainability aspects to training. d) Monitor and Evaluate / ME (4 processes), is a domain that provides management with views regarding the quality and compliance of the ongoing process with implied controls (Auronen, 2003). system development, effectiveness and internal control of the system (Mangalaraj et al. 2014). This research hopes that it can become a new perspective related to the evaluation of information systems, especially in government.
The descriptive approach is used as the basis for providing an explanation of each findings and facts related to the existing conditions of SIPADU management. Research conducted using the COBIT approach to assess, analyze, evaluate and recommend better SIPADU management. Through these two approaches, it is hoped that it can become a new perspective regarding the evaluation of information systems, especially in government. SIPADU, which is implemented by the Geospatial Information Agency, basically needs to be adjusted in order to be able to achieve the expected functions and goals. This is related to the planning and implementation processes that are in line with the support of a well-functioning information technology governance system. The basic concept in COBIT is based on the identification, analysis and harmonization of information technology standards according to the needs and covers all technology activities. The formulation of the problems in the research are: 1) Analyzing the maturity level of the IT Process from the COBIT 4.1 domain in SIPADU governance. 2) Provide recommendations for the best strategy in the management of SIPADU.

METHODS
This research takes a case study related to the use of the SIPADU application at the Geospatial Information Agency. The research was conducted from April to July 2020. Sekaran (2011) states research is a process of finding solutions to existing problems through the stages of study and analysis of influencing factors or variables, as well as a study and analysis process, the research must follow research principles so that the results can be scientifically justified.
The materials used in this research are primary data and secondary data. Primary data obtained came from questionnaires and interviews about the application of information technology in the SIPADU application which was obtained from several respondents who were State Civil Servants of the Geospatial Information Agency with a total of 30 respondent. Secondary data used as a complement to the research are planning

Domain Maturity Level
SIPADU or the Integrated Budget Management System that is owned and used by the Geospatial Information Agency needs to identify the level of achievement of the system. Utomo and Mariana (2011) explain that information is needed related to achievement in order to determine the maturity level of implementing the mechanism. COBIT describes what to do and ITIL explains in detail how to do it and provides guidance on what to do (Saputro etal 2018). Haryani and Sudirja (2018) the achievement of an information technology from an organization is very important to know as the basis for knowing the effectiveness of the system being run. The analysis was carried out by getting a score (index) of achievement, level of maturity, and expected value. Evaluation with COBIT is able to provide the right recommendations in order to improve the performance of the efforts made (Ajismanto, 2017).
The description is carried out in accordance with the domain and IT process, as follows:

RESULT
Strategic plan (renstra) for 2015 -2019 BIG set out six strategic goals to achieve the organization's vision and mission. One of these strategic targets is "The realization of a clean, accountable and highperformance government administration." To achieve these strategic goals, the Main Secretariat has set several strategic goals related to financial management at BIG, namely: 1) Increased transparency and accountability of financial management at BIG. 2) Optimization of financial services by utilizing technology and information. 3) Increased management satisfaction with financial services.
3) The implementation of financial management in accordance with applicable regulations and standards. 4) The implementation of Bureaucratic Reform by increasing the quality of human resources managing finance. The formulation of Main Secretary goals were mapped with COBIT 4.1 business goal through four perspective, which are financial perspective, customer perspective, internal perspective, and learning and growth perspective. COBIT is very good at solving problems pracatively and is able to provide effective and efficient results (Nugroho 2017). Observation result information is presented in Table 1 and 2. Increased management satisfaction with financial services. Optimization of financial services by utilizing technology and information Optimization of financial services by utilizing technology and information Business Process The implementation of financial management in accordance with applicable regulations and standards Learning The implementation of Bureaucratic Reform by increasing the quality of human resources managing finance Establish service continuity and availability SS2,SS3 7 Create agility in responding to changing business requirements SS2,SS3 9 Obtain reliable and useful information for strategic decision making SS2,SS3 Business Process 10 Improve and maintain business process functionality SS2 12 Provide compliance with external laws, regulations and contracts. SS4 13 Provide compliance with internal policies SS4 15 Improve and Maintain operational and staff productivity SS5 17 Acquire and maintain skilled and motivated people SS5 related to and related to the management of a system. Acquisition and implementation includes changes and maintenance required by the current system to ensure the system life cycle is maintained (Putra et al. 2015).
Figure 2 shows that the average maturity level of the domain acquisition and implementation is at level 3 "Defined". This condition indicates that SIPADU through the domain acquisition and implementation assessment has a documented, communicated process, but no reporting occurs. Tjhin (2014) explains that in the domain acquisition and implementation, the maturity level needs to be considered and integrated in system development.
AI4 "enabling operation and deployment", AI5 "acquiring IT resources, AI6" Managing changes "and AI7" installing and recognizing solutions and changes "are at level 3" defined ". These findings indicate that IT solutions and their integration into organizational business processes to realize IT strategies have been documented but the reporting process is not carried out regularly. SIPADU needs to be improved according to this domain gradually so that in the future integrated IT solutions can be monitored to become best practices. AI1 "auto solve", AI3 "acquire and maintain technology infrastructure" is at level 4 "managed". These findings indicate that of the many IT Processes in SIPADU only obtain and maintain technology infrastructure and install and acknowledge solutions and changes, it is known that the process is monitored and measurable but has not been able to become best practices. COBIT mapping using this application is expected to assist management in controlling the existing technology infrastructure and human resources and management can evaluate the current maturity level of the organization (as-is) and future expectations (to-be) (Aprilinda and Puspa, 2018).

Planning and organization
Planning and organizing is a domain that includes both strategies and tactics aimed at preparing the achievement of business goals. This is intended so that everything that has been compiled becomes clearer and easier to implement. Planning and organization can be said to be the realization of a vision that is communicated to the organization to put IT in its place. In the planning and organizational domain SIPADU is represented by 9 IT processes. Figure 1 shows that the average maturity level of domain planning and organization is at level 4 "Managed". This condition indicates that the assessment of domain planning and organization has a supervised and measurable process. PO1 "defines IT strategic planning", PO3 "defines the direction of technology", PO6 "defines management direction and intent", and PO10 "manages projects" are at level 4 managed. These findings indicate that the process has been monitored and measured but has not yet become a best practice in management. On the other hand, there is no hope from SIPADU users which illustrates that SIPADU can be a best practice. For management, it is necessary to improve the performance of SIPADU in domain planning and organization so that it can increase the level of maturity.
PO2 "information architecture", PO4 "IT processes organizational relationship", PO7 "managing IT human resources" PO8 "managing quality" is at level 3 "defined". These findings indicate that the domain is at a maturity level, the process has been documented and communicated, monitoring and reporting are not carried out regularly. This condition is clear that management needs to continue to improve the planning and organization of SIPADU governance. SIPADU governance design recommendations are prepared based on the mapping of priority processes, including policy recommendations, standard procedures, document templates, data forms, recommendation organizational structures and technology proposals.

Acquisition and Implementation
Acquisition and implementation is a domain related to the implementation of IT solutions and their integration in an organization's business processes to realize IT strategies. The concept of acquisition and implementation is to try to simplify all activities

Delivery and Support
Delivery and support is a domain that includes the process of fulfilling information technology services, system security, service continuity, training and education for users and compliance with ongoing data processes. Winalia (2017) explains that the delivery and support domain in COBIT 4.1 is an important part of the need to know the level of maturity achievement. Delivery and support is an important part of standard operational tools in the governance system.
Figure 3 explains that the average maturity level of the delivery and support domain is at the "defined" level 3. This condition indicates that SIPADU through the assessment of the delivery and support domain has a documented, communicated, supervised process but no reporting occurs. Utami (2017); Aziza (2017) explains that the delivery and support domain in COBIT 4.1 is related to technical activities that support the process of managing information technology services. DS3 "managing capacity and performance" and DS11 "Managing data" These two sections show that both IT Processes are reaching a supervised and measurable process level. This condition shows that the management process has been well managed, but has not been able to become a best practice for other systems. DS10 "Managing problems" and DS13 "managing operations" are at level 3 "defined". Seven IT Processes in the delivery and support domain show that the distribution system has been well documented and monitored but there is no periodic reporting.

Monitoring and Evaluate
Monitoring and evaluate is a domain that focuses on problems related to control applied in organizations. This domain has several explanations in the form of an IT Process related to internal and external examinations in the governance system as well as independent assurance of the audit process being carried out. Dauwango and Olii (2019) explain that in the monitoring and evaluate domain it is important to know as a basis for improving and overseeing a technology information management system used by organizations. The use of COBIT is able to obtain key information to carry out the information system development that has been done. This is very useful for organizations that will develop systems to be better and as expected (Putra et al. 2017). This condition indicates that SIPADU through the monitoring and evaluate domain assessment has a documented, communicated, supervised process but no reporting occurs. Fenny and Andry (2017) explain that in a governance system it must always be monitored in relation to existing performance and periodically evaluated in order to achieve the best performance. In this information, management needs to continue to improve the monitoring aspects of SIPADU. management needs to improve the data upload process by creating a web service that connects SIPADU with data source applications so that the data presented is more real time. b) Verify so that the data presented is accurate and the user cannot find misstatements of data. c) Improve the analysis of SIPADU data so that it can become more valuable information in decision making, for that it is better if there is a data analysis process. d) Improve the competence of human resources for SIPADU managers by including in the training needed to improve the quality of SIPADU management. e) Improve the function of SIPADU services by making an android version of SIPADU and so that budget execution monitoring can be carried out at any time. f) Regularly monitoring and evaluating SIPADU processes to maintain and improve quality. g) Management commitment in developing SIPADU by providing budget and human resources as needed.
SIPADU is an application that still has to be developed where management can use the POAC (planning, organizing, actuating and controlling) approach. Planning is carried out by identifying all factors that currently play a positive and negative role in SIPADU and looking for the critical point of each of these factors. Management organizes to find out the basis for managing all available resources in order to optimize the performance of SIPADU. Implementing the best plan by mobilizing all resources, in this process all information is gathered to determine the progress of SIPADU. Management controls with parameters in COBIT so that it can carry out accountable evaluations.

Conclusion
The results showed that the maturity level of SIPADU had not yet reached the expected level so that the management of the SIPADU IT process needed to be improved, this was due to inadequate use. SIPADU's performance is not in accordance with user expectations, the data presented is not real time. This condition is supported by data on procurement of goods and services that are not updated automatically. Another finding shows that almost 70% of the budget in the Geospatial Information Agency is carried out through the process of procuring goods and services, this condition indicates that SIPADU is very much needed in monitoring the implementation of financial management in accordance ME3 "ensures regulatory compliance" is at level 4 "managed". IT process shows that it has reached a supervised and measurable process level. Management is sufficient to increase its achievements in order to achieve a better management process so that in the future it can reach the best maturity and become best practice. ME1 "supervises and assesses IT performance", ME2 "supervises and assesses the control framework" and ME4 "defines IT management" is at level 3 "defined". When the IT Process in the monitoring and evaluate domain shows that the distributed system has been well documented and supervised, but there is no periodic reporting. This is not good for the system being run because it can have an impact on the underdevelopment of the system used by BIG. The use of COBIT to measure IT standards, which is widely used to measure the maturity level of information technology governance processes and information systems (Herlambang etal 2018).
Basically, the basic concept of SIPADU used by BIG is a granting authority from the central government to the agent, in this case BIG. The use of BIG is intended to solve the problem, namely the imbalance of information in each line, so that it can and is able to carry out transparency in achieving bureaucratic reform. SI-PADU can run effectively when the leader is able to adjust the leadership style that is applied to different situations. This means that the leader is required to be flexible in behaving towards his subordinates. The effectiveness of SIPADU can be improved in other ways, such as maintaining relationships between superiors and subordinates (vertical relationship) (Suradi and Wiyanta 2017).

Managerial Implications
Managerial implications that can be applied to optimize the function of SIPADU are needed as improvements in the management of SIPADU. Based on the analysis of the maturity level of SIPADU with COBIT 4.1, researchers also interviewed SIPADU managers and users to dig up information about strengths and weaknesses as well as opportunities and threats. Based on this process the researchers formulated the managerial implications needed for SIPADU to optimize SIPADU's performance: 1) The process of using the SIPADU application, a) Improving the process of uploading data sourced from other applications, in doing so the data is taken manually and then uploaded to the SIPADU application, this method has a weakness, therefore with the mandate of bureaucratic reform. Managers need this data to monitor the process and find out if the process is going well or there are problems in the process. The data presented by SIPADU is limited to informing users about financial management data, this data needs to be processed or analyzed so that it has added value and user needs are met. Other findings prove that the COBIT described in various supporting journals can still be trusted to be used in evaluating and knowing the maturity level of the use of information systems. In addition, the information system can run well if all aspects are ready and able to be managed properly.

Recommendations
Improve the process of uploading data sourced from other applications, in practice the data is taken manually and then uploaded to the SIPADU application, this method has weaknesses, therefore management needs to improve the data upload process by creating a web service that connects SIPADU with the data source application so that the data which is presented more real time. Improve the function of SIPADU services by making an android version of SIPADU and so that monitoring of budget execution can be carried out at any time. Improve the analysis of SIPADU data so that it can become more valuable information in decision making. Therefore, there should be a data analysis process.