Information System Analysis at SMAN 1 Ajibarang Using COBIT 4.1

— The Role of Information Systems (IS) in Information Technology Governance (ITG) has an important role in high school (SMA) educational institutions. ITG becomes very important for educational institutions in discussing the assessment of the correlation between Information Technology (IT) investment and business in each school. State Senior High School (SMAN) 1 Ajibarang has problems with academic service software for student operations and teacher administration needs. IT investment and best services in accessing the needs of teachers and students are important references about school business. The purpose of this study was to analyze IS risk management at SMAN 1 Ajibarang school using the Control Objective for Information and Related Technology (COBIT) 4.1 Framework. This study uses quantitative research methods by distributing questionnaires to respondents to obtain data on validity and reliability tests for good results. The results of the analysis show that the value of the maturity level shows at level 3, which means the value is in the defined process position. The process of achieving its goals in a much more organized manner using organizational assets is well defined. The recommendation of this research is the need for repairing network installations at SMAN 1 Ajibarang and updating administrative software for teachers and students.


I. INTRODUCTION
Information Technology (IT) is computer hardware and software that has the design, development, implementation of computerbased information system management [1]. As a result, Information Technology (IT) is very crucial for government agencies and educational institutions during the COVID-19 pandemic [2] [3]. Information technology has the benefits of personal computer applications to protect, store, update, process and receive information safely for computer users.
Information Technology is one of the electronic tools that are so important for many organizations that apply Information Technology to organizational activities [4]. This information technology applies to information management at this time because it can affect the increasing complexity of information system management [5]. Information Technology (IT) also requires a faster response time for all mobility activities and human work that allows companies to develop and compete with other companies [6].
This IT has an important function for the success of daily operations and the competitive value of the agency [7]. The positive benefits of IT are company growth solutions, operational solutions, and agency business so that they can compete with agencies [8]. However, IT also has negative impacts, including theft of confidential data, data hacking, and virus attacks on computer software [9]. For example, one of the educational institutions that utilize IT and information systems optimally is the SMAN 1 Ajibarang school. The school service unit of SMAN 1 Ajibarang uses Information Systems (SI) and IT to improve and provide good service to teachers and school students at SMAN 1 Ajibarang. School Education Agencies of SMAN 1 Ajibarang in the Banyumas area, Central Java in collaboration with Government Education Agencies who are trying to maximize the functions of IS and IT at SMAN 1 Ajibarang schools [10]. IT Utilization maximally in the school unit of SMAN 1 Ajibarang, it is necessary to pay attention to risk management simultaneously when the information system is also working. The linkage of risks in IT services at SMAN 1 Ajibarang schools will find solutions to reduce the level of risk of using IT at SMAN 1 Ajibarang schools [11]. SMAN 1 Ajibarang requires IT and IS Risk Management Analysis to record, analyze and reduce the risks that have occurred. a good information system based on risk analysis, the school institution of SMAN 1 Ajibarang will have IT governance that supports the business strategy of the SMAN 1 Ajibarang school.
Control of Information and Related Technology Objectives (COBIT) 4.1 is a medium to measure the IT governance framework on the use of COBIT 4.1 to analyze risk management of information systems in school institutions SMAN 1 Ajibarang especially the Plan and Organize (PO) domain [12] [13]. IT services show information system management, departmental control, and information system functions that are even more crucial for business process owners, which will ensure the confidentiality, integrity, and availability of sensitive and critical data and information [14]. COBIT 4.1's mission is to conduct research, development, publishing, promotion of papers, updating the order or provisions of IT Control Objectives, Meanwhile, COBIT 4.1's vision is to make CO-BIT a model for IT control and management [15]. The following are 4 Domains of COBIT 4.1. variables: 1. Plan and Organize (PO) 2. Acquire and Implementation (AI) 3. Deliver and Support (DS) 4. Monitoring and Evaluation (ME).

Plan and Organize
In this domain, it has an IT strategy and identification that can best contribute to achieving a good organization's business goals with the right technology infrastructure. The domain has 10 indicators as shown in Table 1:

Acquire and Implementation (AI)
This domain describes the realization of IT strategy, building IT, identifying IT solutions, and integrating IT into business processes. This domain has 7 indicators, as in Table 2: Table 2. Indicator of Acquire and Implementation Indicator Explain AI1 Identify automated solutions AI2 Acquire and maintain software applications AI3 Acquire and maintain technology infrastructure AI4 Develop and maintain IT procedures AI5 Meet IT Data Source AI6 Manage changes AI7 Installing and accrediting the system and its changes

Delivery and Support (DS)
In this domain, it functions to provide security process services, aspects of business continuity, and the provision of training. The domain has 13 indicators, as in Table 3:

Monitor dan Evaluation (ME)
This domain serves to periodically assess IT processes based on the quality and suitability of control requirements. The domain has 4 indicators, as in Table 4: 1 has a maturity level that is used to control IT processes by using an assessment method to assess IT processes on a scale of 0 to 5. COBIT 4.1 maturity levels are in Table 5:

Compliance Value
In the technique of measuring the level of maturity by using several questions, each question will have a group of appropriateness groupings by using the assessment standard as below in Table 6: Based on the explanation of the research background above, two research questions will serve as additional guidelines for conducting the research. RQ1: What is the maturity level of risk management in terms of Plan and Organize Domain in Information Systems at SMAN 1 Ajibarang school? RQ2: What recommendations will be given based on the maturity level of risk management in Information Systems at SMAN 1 Ajibarang school? The process of research method steps from research procedures, data analysis, determination, data sampling, discussion, and concluding. The analysis that can be done is descriptive analysis and inference of maturity level, limitations, and research recommendations that are supported by other studies.

II. METHOD
The following describes the research process:

Observation
In this study, initial observations were made to the object: the SMAN 1 Ajibarang school by conducting interviews with the school's IT staff before distributing the revised questionnaire.

Preliminary Research
This research conducts initial research by obtaining approval for the object of research through notification of a research approval letter, after that makes a questionnaire that will be used as additional data for the study, then revises the questionnaire so that it becomes a superior questionnaire and conducts interviews with new respondents. The study also conducted instrument trials to determine the validity and reliability of several questions.
By conducting a validity test, it is possible to find out whether the measuring instrument needs to be measured. This study uses the Statistical Product and Service Solutions (SPSS) method by correlating each question with a total score of each variable. Each correlation number obtained statistically must

Data Analysis
In analyzing COBIT 4.1 data, especially the PO9 domain to determine the level of risk management maturity [16]. This study calculates the normalization of value data from the PO9 maturity level and obtains the value of each group with each total value of compliance. Therefore, research needs to get the value of the contribution of each group by multiplying the value of compliance at the individual level.
The calculation of the contribution value is the maturity level index following the formula below:

Discussion
The discussion phase of the data analysis of this research will compare it with information system data regarding risk management that occurs at SMAN 1 Ajibarang school.

Recommendations and Suggestions
In the research that has been done, it can be concluded that the results of the discussion from the respondents provide positive recommendations for Information System Service Institutions at SMAN 1 Ajibarang school. So that it can also provide suggestions for those who are researching to be interested in continuing the research that has been done so that furthermore they can provide additional explanations of research results in the object of the school at SMAN 1 Ajibarang.

III. RESULTS AND DISCUSSION
The first step in data analysis is to identify the profile of the respondents at the SMAN 1 Ajibarang school which has the education level of teachers who teach, students, and staff computer skills.

Validity Test
The data obtained from the validity formula for the results of the instrument validity test, as shown in Table 8 below:

Reliability Test
The results of the reliability test observations from the research data entered into the reliability formula and the results from the reliability tests obtained all values from the results of the Level 0 to Level 5 variables all of which resulted in Cronbach's alpha values > 0.6. So that all the instruments from the calculation of the reliability test in this study are reliable or consistent.

Maturity Test
The results of the risk management maturity level test at SMAN 1 Ajibarang that use the PO9 Domain (Assessing Risk) in the COBIT 4.1 Framework are in Table 9, Table  10, Table 11, Table 12, Table 13, Table 14 as below:  It is important to start paying attention to IT risk assessment when using information systems 0 2 3 7 9,64 2 Accessing school-side IT services can determine risk assessment 0 3 6 3 7,95 3 Feeling that risk assessment is rarely carried out by IT services in schools 1 5 3 3 6,63 4 Manager IT services rarely carry out a risk assessment

B. DISCUSSION
Based on the respondents from the questionnaires that have been carried out, it shows that the data from the research that has been carried out are accurate and accountable results in the information system on risk management [17]. COBIT Framework 4.1 Domain P09 has communication correlation and IS development control to analyze risk management in information systems in the school environment of SMAN 1 Ajibarang [18]. At the stage of the validity test and reliability test, it shows that the calculations obtained from the questionnaire questions are valid and consistent results, being a measuring tool for IT governance, information systems from risk management are very accurate [19].

IV. CONCLUSION
The results of the study indicate that the maturity level is at level 3, which means the value is in the defined process position. The process of achieving its goals in a much more organized manner using organizational assets is well defined. The recommendation of this research is the need for repairing network installations at SMAN 1 Ajibarang and updating administrative software for teachers and students so that there is an improvement in IT investment to increase business at SMAN 1 Ajibarang. Research suggestions related to the same research is the need to add a domain in COBIT 4.1 in addition to the PO 9 domain as a basis for analysis in addition to the basis for risk management.