Internal Control Improvement for Creating Good Governance
Автор: I Wayan Prasada Bharaditya, I Made Sukarsa, Putu Wira Buana
Журнал: International Journal of Information Engineering and Electronic Business(IJIEEB) @ijieeb
Статья в выпуске: 3 vol.9, 2017 года.
Бесплатный доступ
Cooperative, which support the national economy of Indonesia, still has many problems. In 2015 the report by the Ministry of Cooperatives and SMEs shows many cooperatives are inactive because of having incompetence. Some issues such as the value of savings that do not fit between the cooperative and its customers, embezzlement of customer funds by parties who are not responsible, refunds troubled loans so that the cooperative suffered losses. These problems will be used as a critical point to do mapping with COBIT 5 framework. Based on the result of this mapping, it will be prepared internal control based on the framework of possible internal controls such as COBIT(Control Objective for Information & Related Technology), COSO(Committee of Sponsoring Organizations), ITIL(IT Infrastructure Library) and national regulations that are prevailing in Indonesia. Control is expected to discuss the internal problems that occurred in each business process that used in the cooperative.
Cooperative, Internal Control, Critical Points, COBIT, COSO, ITIL
Короткий адрес: https://sciup.org/15013506
IDR: 15013506
Текст научной статьи Internal Control Improvement for Creating Good Governance
Published Online May 2017 in MECS
-
I. Introduction
Based on the recapitulation of cooperative data result on December 2015 by the Ministry of Cooperatives and SMEs, the number of active cooperatives in Indonesia amounted to 212.135 cooperatives and inactive cooperatives amounted to 150.223 [1]. Cooperative as the national economy support certainly needs special attention to realize the good economy.
It needs special attention because there are still many cooperatives that are categorized unsanitary.
Cooperative which unsanitary due to the weak governance of the cooperative. The weak governance causes several problems, among others, the difference nominal savings between the cooperative and its customers, the value of collateral for loans that are not in accordance with the loan fund, refund loans that is not ontime or late, embezzlement of customer funds in the form of investments that promises more profit-making but not can be satisfied cooperatives to the detriment the customers.
Those problems are source of critical point that needs to be given special attention in order to be prevented. This critical point occurs in the absence of internal control that can controls the business processes of the cooperative. Cooperative business processes related to the Standard Operating Procedure (SOP) that is used. SOP is in need of repair in order to prevent problem that happens [13].
The improvement carried out by assessing the parts that become the critical point so that it can be made an internal control in business processes. Internal control is used as a limit to a business process, so that the cooperative will have to make cooperative governance relatively well later. To continue the development of internal control, this study used several frameworks to guide the preparation of internal controls such as COBIT, COSO, ITIL and national regulations that are prevailing in Indonesia [2] [3].
-
II. Theoretical Framework
In this section, we discuss about cooperation and internal control framework used in the study
-
A. Cooperative
Cooperative derived from the word Co and Operation which means working together to make the goals. Cooperative is groups of people or legal entity that work together to gives freedom of incoming and outgoing as a member to improve the welfare of its members and the public [6].
Definition of the elements of Cooperative: (1) Consist of people or legal entity cooperative. Cooperative is a collection of people or legal entity cooperative. The legal entity is an entity that legally has rights and obligations as an entity / organization that can sue and be sued. (2) Joint ventures, The growth of cooperative is a business based on the similarity of the activities and economic interests of members.(3) The principle of family means that based on the principle of family and economic democracy and common interests of its members in a cooperative effort, and help among the members of the organization. (4) Activity is based on the principle of cooperation. Cooperative serves to defend the interest members and the cooperative needs to build itself into a strong and independent as the pillar of the national economy.
-
B. COBIT 5
COBIT 5 framework is comprehensive, which can help the company get its goals to check the governance and management of IT Companies. COBIT 5 general natures and useful for many kind of company size, both the commercial sector, the non-profit sector or the government or the public sector. Consider the interests of the internal and external stakeholders associated with IT, COBIT 5 enables IT to be managed and organized in a way that more thorough for the entire scope of the company, covering the entire scope of the business and the scope of the functional areas of IT. [2][12].
COBIT 5 have five major principles of governance and management of IT enterprise comprising (1) Meeting Stakeholder Need (2) Includes Enterprise End-to-end (3) Implementing the Integrated Framework One (4) Enable Holistic approach (5) Separating Governance From management [2][12].
-
C. COSO
COSO as an organization providing thought leadership and guidance on internal control, risk management and prevention of fraud can be used as a guideline [3].
COSO has five components that used to build a control. Control environment, including how management gives the authority and responsibility as well as organizing and developing its people. Risk assessment is an analysis of the risks associated with the achievement of goals and forms the basis for determining how risks should be managed. Control activities are policies and rules that help to make sure the management directives are appropriate. Information and communication that occur in all staff must receive a clear command from the top management that control responsibility must be taken seriously. The last, monitoring, that regular monitoring of the management and staff in carrying out their duties. COSO will be equipped with a standard framework for others, namely ITIL [4].
-
D. ITIL
IT Infrastructure Library (ITIL) is a standard framework that refers to the best practice processes and operational management rules. ITIL focuses on defining function, operational and organizational attribute for operational management can fully maximize into the two main IT activities management in corporate namely Service Support Management and Service Delivery Management [4] [5] .
-
E. Cooperative Regulations
In connection with the cooperative there is regulation which is governing the good cooperative assessment Ruling Minister of Cooperatives and Small and Medium Enterprises of the Republic of Indonesia Number 06/Per/Der.6/IV/2016. Regulation of the Minister of Cooperatives and Small and Medium Enterprises of the Republic of Indonesia Number 06/Per/Der.6/IV/2016 about Guidelines for the Good of Savings and Loans Cooperative and Unit Saving and Loans Cooperative Assessment also serve as guidelines for the internal controls preparation in order not to violate applicable regulation [6].
One of them can be seen from the target associated with the assessment of the cooperative include secured assets business activities of savings and loans cooperative in accordance with the law and regulation, increasing transparency and accountability in the management of savings and loans cooperative activity, and increasing the benefit of economic members in the activity of savings and loans business by the cooperative. It is desirable in the preparation of the internal control goal that will be achieved later. The scope of the sanitary assessment of cooperative conducted on several aspects: financing, productive asset quality, management, efficiency, liquidity, independence and growth as well as the identity of cooperative [6].
-
III. Related Works
Wen-Hsien Tsai et.al [14] shows IT Management of COBIT 5 significant effect on IT governance objectives, internal control, business value and information quality. The Business value be affected by IT governance objectives, internal control and information quality. Yuni Rahayu Susanti et.al [11] Stakeholder Support has been investigated as criteria affecting the implementation of IT management followed by criteria IT Human Resources and Time. Haryo Laksono et.al [15] has stated COBIT 5 has a framework that focuses on information security in detail and practical for information security. Walid Al-Ahmad et.al [16] has found a code of practice for low-level activity on COBIT 5 is successfully manage information security within a company. Suryo Suminar et.al [17] has had Proces Assessment Model (PAM) to measure capability levels of a domain related in COBIT 5.
-
IV. Methods
-
5. The goal of IT will shows the domain associated with the critical point [8] [13].
This research was conducted through several steps for the improvement of internal control so that be able to create a good cooperative [7]. The following flowchart depicts the step that is being taken in this study.

Fig.1. Research Methodology
The result of this survey indicated the problems that occurred in the cooperative. This issue will be formulated into a critical point that is used as a basis for mapping using the COBIT 5 framework. Mapping began from the critical point that associated with the Balanced Scorecard perspectives which became business goal. The result then showed two perspectives that are relevant; the risk management business primarily securing assets and financial transparency. The business goal then mapped to IT goals by using the guidelines contained in the COBIT
The next stage, assessing the level of significance to know the importance of the critical point impacts on the sustainability of the cooperative. Assessment the level of signifincance was performed by using a questionnaire with entities resource in associated such as the manager, accountant, credit department, supervisor, the collector, the administration, the cashier and the customers [8].
The critical point selected in accordance with the level of significance then mapped to the business process/ SOP in the cooperative. The result of the mapping will shows the weak points in the SOP that will be created for internal controls [7].
Internal control which imade will be guided by standards such as COSO and ITIL with due regard to the cooperative rules and regulations. COSO as an organization providing thought leadership and guidance on internal control, risk management and prevention of fraud can be used as a guideline. IT Infrastructure Library (ITIL) is a standard framework that refers to the best practice processes and operational management rules. Equipped with government regulations as national guidance [3][4].
-
V. Result and Analysis
The survey was conducted in 10 cooperatives spread in Denpasar, by conducting interviews, saw the log system and through questionnaires. The result is several issues that made the critical point in the cooperative which will be shown by the following table.
Table 1 shows the critical point cooperatives caused by internal and external factors. Internal factor that is affecting consisting of poor management, employees who lack discipline and competent, while external factor such as competition with other business entities, lack of public awareness about the importance of participating cooperative members and others. The critical point of the difference total amount of deposits among in contained in the cooperative system with a savings book. This problem occurred because there is rogue or collector (person in charge of taking the money savings from clients) that are not depositing money into savings cooperative honestly. This problem is caused by lack of competence the entities related in the business process.
Table 1. Critical Point in the Cooperative
No |
Critical Point |
Related SOP |
Source Cooperative |
1 |
The difference between the value of savings of the cooperative and customer |
Savings |
Cooperative A, B, C, D, E, F, G, H, I, J |
2 |
The value of collateral that is not in accordance with the loan amount |
Loan |
Cooperative A, C, D, H, I, J |
3 |
Repayment of loans by customers frequently being problem |
Loan Installment |
Cooperative A, B, C, D, E, F, G, H, I, J |
4 |
Doubling customer’s savings book |
Deposit Withdrawls |
Cooperative B, C, E, F, G, I |
5 |
Repairing system understood only by one person |
Cooperative Management |
Cooperative C, D, E, J, H |
6 |
Recommendation to problematic customer |
Loan |
Cooperative A, B, C, D, H, I, J |
7 |
Embezzlement of customer funds by employee of the cooperative |
Client |
Cooperative B, C, D, E, F, G, H |
The nominal value of the loans is often greater than the value of the collateral provided by a customer. This problem occurred because there is a person who cooperated in conducting such fraud. Manager also can make the mistake of approving any kind of loans without seeing the guarantee provided.
The refund loans is often experiencing delays due to problematic customer. The reason is because there is a lack of control in lending to customer who has often problematic.
Withdrawal of savings using a savings book that has duplicated. Doubling the savings book is undertaken by irresponsible both from within and outside the cooperative. It needs for notice to the customer in every balance change happens.
In case of the problems with the cooperative system that is used, only one person who understands the improvement system. This critical point can disrupt the service in the cooperative because of the system that suffers damage can not be repaired immediately.
The lack of the notification in the problematic customer if the customer who has problem comes back to borrow money and with no notice about the problematic customer. This critical point occurs due to lack of decision-making system is based on accurate data.
Embezzlement of customer funds used by unscrupulous cooperative which is not the common significance. Manager might be invested in other businesses with greater profit so that cooperative member who wishes to borrow does not get the necessary funds because it was first invested. This action makes the cooperative become unsanitary because many cooperative member become unconvinced to the cooperative.
The above problems then will look for the level of significance by conducting survey. Survey that conducted will use the results of mapping the critical point by using the COBIT 5 framework. First, critical points are mapped to the perspective of the Balanced Scorecard which is being the goal of business. The result shows that two perceptive relevant; risk business management primarily in safekeeping of the asset and financial transparency. Business goal then mapped to IT goals by using the guidelines contained in the COBIT 5. The objective of IT will shows the domain associated with the critical point. Mapping process will be shown by the following table [2] [12].
Table 2. Mapping Critical Points to Enterprise Goals and IT Related Goals
Critical Points |
No |
Enterprise Goals |
IT Related Goals |
The difference between the value of savings of the cooperative and customer |
3 |
Managed business risk (safeguarding of assets) |
04, 10, 16 |
The value of collateral that is not in accordance with the loan amount |
5 |
Financial transparency |
6 |
Repayment of loans by customers frequently being problem |
3 |
Managed business risk (safeguarding of assets) |
04, 10, 16 |
Doubling customer’s savings book |
3 |
Managed business risk (safeguarding of assets) |
04, 10, 16 |
Repairing system understood only by one person |
5 |
Financial transparency |
6 |
Recommendation to problematic customer |
3 |
Managed business risk (safeguarding of assets) |
04, 10, 16 |
Embezzlement of customer funds by employee of the cooperative |
5 |
Financial transparency |
6 |
Mapping then performed with the results of table 2 by performing the mapping of IT goals to each Domain Process [11].
Tabel 3. Mapping COBIT 5 IT-related Goals to Processes
No |
IT Goals |
E D M |
A P O |
B A I |
D S S |
M E A |
4 |
Managed IT-related business risk |
3 |
10 12 13 |
1 6 |
1,2 3,4 5,6 |
1 2 3 |
6 |
Transparency of IT costs, benefits and risk |
2 3 5 |
6 12 13 |
9 |
- |
- |
10 |
Security of information, processing infrastructure and application |
3 |
12 13 |
6 |
5 |
- |
16 |
Competent and motivated business and IT personnel |
4 |
1 7 |
- |
- |
- |
The relationship between critical points with the associated domain can be indicated by mapping the IT goals. For more details will be shown by Table 4 below [2].
Table 4. Relationships Between Critical Points and COBIT 5 Domain Process
Critical Point |
Related Process |
The difference between the value of savings of the cooperative and customer |
EDM04, APO12, DSS01, APO06, DSS03, DSS05, DSS06, MEA01, MEA02, MEA03 |
The value of collateral that is not in accordance with the loan amount |
EDM02, EDM03, EDM05, APO12, APO13, BAI09, DSS01, APO07, DSS03, DSS05, DSS06 |
Repayment of loans by customers frequently being problem |
EDM04, APO12 , APO13, BAI01, DSS01, DSS03, DSS04, DSS06, MEA01, MEA02, MEA03 |
Doubling customer’s savings book |
EDM04, APO13, MEA01, MEA02, MEA03 |
Repairing system understood only by one person |
EDM02, APO01, BAI01, APO06, APO07, APO13, BAI09, DSS03, DSS04, DSS05 |
Recommendation to problematic customer |
EDM04, APO12, BAI06, DSS02, DSS04 DSS06, MEA01, MEA02, MEA03 |
Embezzlement of customer funds by employee of the cooperative |
EDM02, EDM03, APO06, APO07, BAI09, APO10, APO12, APO13, DSS03, DSS05, MEA01, MEA02, MEA03 |
The result are mapping to each domain in table 4 will be used as the basis in making the questionnaire [10]. Hereafter devised a questionnaire which describes each domain to get the level of importance, that showed by Table 5 below.
Tabel 5. The Result of The Level of Importance
RANK |
COBIT 5 PROCESS |
TOTAL |
1 |
APO 7 |
271 |
2 |
MEA 1 |
269 |
3 |
EDM 5 |
268 |
4 |
DSS 2 |
265 |
5 |
DSS 3 |
263 |
6 |
EDM 3 |
259 |
7 |
EDM 4 |
259 |
8 |
DSS 4 |
257 |
9 |
EDM 2 |
254 |
10 |
APO 6 |
252 |
11 |
APO 1 |
251 |
12 |
BAI 6 |
250 |
13 |
APO 12 |
246 |
14 |
DSS 6 |
235 |
15 |
MEA 3 |
173 |
16 |
DSS 5 |
164 |
17 |
BAI 1 |
162 |
18 |
DSS 1 |
159 |
19 |
MEA 2 |
159 |
20 |
BAI 9 |
95 |
21 |
APO 10 |
88 |
22 |
APO 13 |
68 |
Table 5 shows the results of the level of importance of the data using the 10 cooperatives with about 57 interviewees. The results of the level of importance in table 5 can be used as the domain focus that will be used next. From table 5, we will select the top 5 domains with the highest level of importance, consisting of [11]:
-
(1) APO07 Manage Human Resources
Optimizing human resource ability to carry out the company goal. This is done with the proper communication along with the division of tasks as well as the order competence to be served optimally [2] [12].
-
(2) MEA01 Monitor, Evaluate and Assess Performance and Conformance
Providing transparency of the performance and suitability in achieving the goal. Performance that has conducted in accordance with the collective agreement and there are regular reports and timely about achieving goals [2] [12].
-
(3) EDM05 Ensure Stakeholder Transparency
The communication with stakeholder is done effectively, to make sure if there is a change in the company's reports that are transparent and in line with the company’s goal [2] [12].
-
(4) DSS02 Manage Service Requests and Incidents
The increasing productivity and minimizing interference by providing prompt and effective resolution of an incident [2] [12].
-
(5) DSS03 Manage Problems
Identifying, classifying the problem, finding the cause and giving the proper resolution to prevent recurring incidents and giving the recommendations for improvement [2] [12].
The level of importance used as a measure of value for improving the internal control of the cooperative. Internal control will be added in the SOP cooperative. Improvement with the addition of internal controls in the SOP can be shown as follows [9].
-
A. Deposit of Standard Operating Procedure
The process of saving deposit has entities that are member cooperative, collector, cashier and accounting staff. The first process started with the setting up of cooperative members with deposited file those are savings book, deposit receipt, and the money that will be deposited. The collector then receives the file to be processed. The collector will take him to the cooperative to be processed by the cashier to verify the savings deposit slip. The verification is done by matching the data members as well as customer balances before making a transaction. The cashier will proceed to the accountancy to be recorded in the general ledger cooperative, if the verification result is valid. Meanwhile, if the result of the verification at the cashier does not match then the file will be returned to the collector to look for the cause of the discrepancy. In the accountancy before record-keeping were done, verify the data is still being done to comply with contained in the savings book and cooperative, and if it is found that the data does not match, then all the files will be returned to the cashier and then to the collector to find the cause of the discrepancy. Conversely, if the data is in conformity with the cooperative data, so that will be done with record-keeping transaction. The cashier will gives notification to the customer that the process has been successfully deposited savings and returns the savings book to the clients. Awarding notification will be easier for customer to get information related to the transactions, so the customer do not have to come to the cooperative.
The control that added in deposit of SOP to overcome the difference in value between cooperative and customer deposits can be overcome by adding the internal control. Addition of control that has to be guided on standards such as COSO, ITIL and government regulations. Manual in COSO indicated by the addition of data verification at the cashier and accountant who had been in accordance with the value of Risk Assessment, the difference of balance value’s risk assessment between the savings book and cooperative data that performed in every transaction. The assessment aims to find the source of the problem as detailed as possible when differences balance value arose
The using of ITIL is shown with the addition of a notification to the customer if the transaction has been successfully performed. The addition of this notification in accordance with the ITIL concept of Service Delivery Management, which provides a service that gives information that is required to the client to increase the confidence in the cooperative and also improve the IT service to provide notification of each transaction that is successfully done [4].

Fig.2. Repairing of Deposit Flowchart

Fig.3. Repairing of Deposit Flowchart Part 2
-
B. Withdrawal of Saving of SOP
The process of withdrawal of savings has five entities consisting of members of the cooperative, cashier, accountant, administrative of savings, and manager. First, the member of the cooperative have to prepare a document that will be used to form a withdrawal of savings book, a withdrawal receipt, and self-identity. The document then will be verified by the cashier and will get a unique code that is used to confirm the withdrawal of savings by the customer, if the code given is wrong then the process cannot be continued. Conversely, if the given code is correct then the document will be submitted to the administration department to check the balance of savings that available, if the balance is sufficient to withdrawal amount that requested, the documents will be submitted to a manager for approval or consent of withdrawal. By the time that the document was approved by the manager then it will be returned to the cashier and give notification to the customer that the withdrawal of the savings has been approved and payment made to the customer. It also conducted the daily recording of cash left and handed over to the accountant to do the daily recapitulation that will be shown to the end of each month.

Fig.4. Repairing of Withdrawal of Savings Flowchart
The addition of control that has to be guided on standards such as COSO, ITIL and government regulations. COSO guidance in use indicated by the addition of the customer’s data verification by sending the unique code to perform further processing in accordance with the value of control activities, such as adding data verification and withdrawals of saving’s approval activities by the manager.
The using of ITIL is shown with the addition of a notification to the customer if the transaction has successfully performed. The addition of this notification in accordance with the ITIL concept of Service Delivery Management, which provides a service that gives information required to the customer to increase the confidence in the cooperative and also improve the IT service to provide notification of each transaction that is successfully done [5].

Fig.5. Repairing of Withdrawal of Savings Flowchart Part2
The withdrawal of savings have a critical point in the form of multiplication problems of saings book carried out by person who is not responsible, so that the withdrawal of savings made by using a savings book that has been duplicated and this makes customers harmed. At the database level can be implemented with the addition of Store Procedure which serves to transmit a unique code to customers for withdrawing. For giving notification of successful withdrawal also uses the Store Procedure that will sends notification for each reduction in the balance value happens [4].
-
C. Loan Application of SOP
Loan application has five entities consisting of members of the cooperative, cashier, credit department, managers, and supervisors. First, the members of the cooperative / customers fill out the loan application form and give it to the cashier to verify the document. Then, there will be an evaluation by the credit department consisting of seeing the history of lending, loan amount assessment, assessment paychecks / loan guarantees. The results of the analysis will be awarded to the manager team or supervisor with considerations based on the value of the loan. Value of loans that are not too large, then the approval levels sufficient to the manager. Conversely, if the loan amount is relatively large then it will be the level of manager and supervisor approval. Loan applications that are approved by the manager and supervisor will be immediately processed to provide the terms and conditions applicable to the customer. Terms and conditions for the loan value of the customer were required to have insurance in case the customer dies. The customer who does not agree to the terms and conditions can applies for a loan back for analysis, and vice versa. If the customer agrees then the cashier will prepare the loan documents with the money that will be provided to customer.

Fig.6. Repairing of Loan Application Flowchart
Loan applications have problem about the differences of the nominal value of collateral and loan to the detriment of the cooperative then need an internal control to prevent it. The addition of control that has to be guided on standards such as COSO, ITIL and government regulations. COSO guidance that used is shown by the analysis, conducted by a team of credit that will generate the information used to make decisions on a management or supervisory level. The internal controls in accordance with COSO components namely Information and Communication as information media used in decision-making, but there is also a Control Activities component, such as adding data verification and approval activities of savings by the manager [3].
The using of ITIL is shown with the addition of a notification to the customer if the withdrawal of savings has been successfully performed. The addition of this notification in accordance with the concept of the ITIL Service Support Management, which provides information and accurate data can supports in decision-making by the manager or supervisor [4].

Fig.7. Repairing of Loan Application Flowchart Part 2
-
VI. Conclusions
Based on this research, improvements of the expected SOP has been done to solve the problems contained in the cooperative, this SOP improvement needs to be applied directly to the cooperative business processes. Applications of others are at the database level by adding an internal control to limit fraud in the conduct of business in the cooperative process.
Список литературы Internal Control Improvement for Creating Good Governance
- Rekapitulasi Data Koperasi Berdasarkan Provinsi 31 Desember 2015 http://www.depkop.go.id
- ISACA. 2012. COBIT 5 A Business Framework for the Governance and Management of Enterprise IT. 3701 Algonquin Road, Suite 1010 Rolling Meadows, IL 60008 USA
- Protiviti. 2013. The Updated COSO The Internal Control Framework.
- Moeller, Robert R., 2013. Executive's Guide to IT Governance. 1nd ed. John Wiley & Sons, Inc., Hoboken, New Jersey. Published simultaneously in Canada.
- Moeller, Robert R., 2011. COSO Enterprise Risk Management. 2nd ed. John Wiley & Sons, Inc., Hoboken, New Jersey. Published simultaneously in Canada.
- Regulation of the Minister of Cooperatives and Small and Medium Enterprises of the Republic of Indonesia Number 06/Per/Der.6/IV/2016 about Guidelines for the Sanitary of Saving and Loan Cooperative and Unit Saving and Loans Cooperative Assessment
- I Made Sukarsa, Maria Yulita Putu Dita, I Ketut Adi Purnawan, "Assesment of Cobit Maturity Level With Existing Conditions From Auditor", International Journal of Computer Science and Information Security., Vol.10/No.6, (2012) pp. 41-49.
- Gusti Ayu Theresia Krisanthi, I Made Sukarsa, I Putu Agung Bayupati, "Governance Audit of Application Procurement Using COBIT Framework", Journal of Theoretical and Applied Information Technology., Vol. 59 No.2 (2014) pp. 342-351.
- I Gusti Ayu Dian Sasmita Ratih, I Putu Agung Bayupati, I Made Sukarsa, "Measuring the Performance of IT Management in Financial Enterprise by Using COBIT", International Journal of Information Engineering and Electronic Business., Vol. 6 No.1 (2014) pp. 15-24.
- Riza Afriza Islami, I Made Sukarsa, I Ketut Adi Purnawan, "Information Technology Governance Archetype in an Indonesian University", Indonesian Journal of Electrical Engineering and Computer Science., Vol. 12 No.7 (2014) pp. 5636-5644.
- Rahayu Yuni Susanti, Yudho Giri Sucahyo, "Information Technology Governance Evaluation and Processes Improvement Prioritization based on COBIT 5 Framework at Secretariat General of The Indonesian House of Representatives" Institute of Electrical and Electronics Engineers., (2016) pp.1-6.
- ISACA (Information Systems Audit and Control .Governance Institute. USA. 2012.
- Iis Hamsir Ayub Wahab, Assaf Arief , "An Integrative Framework of COBIT and TOGAF for Designing IT Governance in Local Government", Institute of Electrical and Electronics Engineers., (2015) pp.36-40.
- Wen-Hsien Tsai, Chu-Lun Hsieh, Chung-Wei Wang, Chuan-Tu Chen, Wei-Hsiang Li1, "The Impact of IT Management Process of COBIT 5 on Internal Control, Information Quality, and Business Value", Institute of Electrical and Electronics Engineers., (2015) pp. 631 – 634.
- Haryo Laksono, Yose Supriyadi, "Design and Implementation Information Security Governance Using Analytic Network Process and COBIT 5 For Information Security A Case Study of Unit XYZ", Institute of Electrical and Electronics Engineers., (2015) pp. 1-6.
- Walid Al-Ahmad, Basil Mohammed, "A code of practice for effective information security risk management using COBIT 5", Institute of Electrical and Electronics Engineers., (2015) pp. 145-151.
- Suryo Suminar, Fitroh dan Suci Ratnawati, "Evaluation of Information Technology Governance using COBIT 5 Framework FocusAPO13 and DSS05 in PPIKSN-BATAN", Institute of Electrical and Electronics Engineers., (2014) pp. 13-16.