E-Learning System Audit in Engineering Faculty of Nurul Jadid University Using COBIT 4 . 1 Framework

Engineering Faculty of Nurul Jadid university has an adequate IT support in teaching-learning process, it is e-learning system. However, this system is poorly exploited by users due to a lack of awareness in the importance of information. This study aims at measuring how far the e-learning system performance works as students and lecturers’ service by doing audit e-learning system. The audit refers to COBIT 4.1 standard specially for domain Deliver and Support (DS). Research method is conducted by determining domain, control process, indicator, and mapping the maturity level. The result shows that after auditing the e-learning system, it recommends an improvement on security system in DS 5 process with index 3.11 and DS 7 process with index 3.14 i.e. providing a training for users.


Introduction
Education field get the positive effect from informatics development, it is the existence electronic learning (e-learning) [1].E-learning overcomes the limited time and place in conventional teaching-learning process to be a free learning process, so the process of teaching and learning can be done in everywhere and anytime [2].
Engineering faculty of Nurul Jadid University has applied e-learning since 2016.E-learning is web-based learning application which is provided for lecturers and students in this institution.By e-learning, the lecturer can deliver the assignment to the students and they can access it directly.Besides, lecturer can also assess the assignment through it.E-learning is designed to help the lecturer to deliver the assignment and assess it easily without any paper.And the students can access any assignment in its page easily, so the lecturer can monitor whether the students submit the task or not, and they can get the feedback directly.However, this application is underutilized in this institution.It is only a complimentary and not used as its benefit should be.
Gaining a good e-learning service needs a good governance, including IT support governance, service for users and sustainable service.IT currently has been a main necessity for almost all companies since it is convinced as means to increase the efficiency of business process, and also in education field.One way that is able to be applied to realize the management of information technology is by auditing the information system.Information system audit is process of examination on information technology infrastructure to know whether the running system can p-ISSN: 2540-9433; e-ISSN: 2540-9824 guarantee the safety of asset, data integrity, and effectiveness of operation in reaching the goal [3].
The basic principle of COBIT framework is providing needed information to achieve the business goal.A company needs to manage information technology resources by using a set of structured information technology so it provides the required information [4].
One of methods in managing information technology that is used widely is IT governance which is existed in COBIT (Control Objectives for Information and Related Technology).COBIT can be considered as information technology framework that is published by ISACA (Information System Audit and Control Association).COBIT serves to bring together all business needs control and engineering issues.Besides, COBIT is also designed to be a tool that can solve IT governance problems in understanding and managing the risks and benefits related to company's information resources.

COBIT 4
COBIT is a methodology that gives the basic framework in creating a suitable information technology for organization needs.The aim of COBIT is providing the basic model that enables clear procedure development in controlling information within an organization for reaching the business goal [4].By referring to COBIT framework, an organization is expected to apply IT governance in reaching the business goal.IT governance optimally integrates it starting from planning, organizing, implementing, supporting, and monitoring the performance process [4].
COBIT Framework is consisted of 34 high-level control objective (see Fig. 1), where each IT process is categorized in four main domain, they are [5] In the previous framework, domain is identified by using management structure that will be used in organization daily activities.Furthermore, four boarder domains are identified into four main domains, they are:

1) Planning and Organization (PO)
This domain includes strategies and tactics, and attention on identification of how IT can contribute maximally to the achievement of business goals.Besides, the realization of strategic vision needs to be planned, communicated, managed for many perspectives.Finally, a good organization and technological infrastructure have to be placed properly.

2) Acquisition and Implementation (AI)
In realizing IT strategy, IT solution needs to be identified, developed or acquired, implemented, and integrated into business process.Besides, changes and maintenance of existing system should be included within this domain to ensure that the life cycle will continue for this system.

3) Delivery and Support (DS)
This domain provides the main focus on delivery aspect of IT.It covers areas like operating application within IT system and its product, and also, the support process that enables IT system operation effectively and efficiently.This support process is included into security and training issues.

4) Monitoring and Evaluation (ME)
All IT process need to be assessed regularly over time to maintain the quality and compliance of control requirements.This domain refers to the need of supervising management on control process within organization and independent assessment from internal or external auditor or from another alternative source.
The measurement of maturity level is set in COBIT for management level and enables all managers know how the management and IT process in the organization is so it can be recognized the level of its management.The maturity model of COBIT is a tool that is used to measure how well IT management process relate to internal IT controls which is related to the organization's business goals.The level of information technology capability on the maturity scale is divided into six levels, they are [5]:

1) Level 0 (non-existent)
A company does not know the process of information technology at all.

2) Level 1 (initial level)
In this level, generally an organization does not provide a stable environment to develop a new product.System development is highly depended to one individual skills and is not recognized as a company's needs yet.

3) Level 2 (repeatable level)
In this level, the policy to regulate a project development and its procedures in implementing the policy is established.

4) Level 3 (Defined level)
In this level, a standard process in developing a new product is documented.This process is based on integrated product development process.

5) Level 4 (managed level)
In this level, an organization makes a matrix for a product, process, and result measurement.A project owns a control on product and process to decrease performance variety process so accepted limitation is available.

6) Level 5 (optimized level)
In this level, all organization is focused on sustainable increasing process.Information technology has been integrated to automate the work process within a company, increasing quality, effectiveness, and company's adapting ability.
Stages of research method used in e-learning information system audit at Engineering Faculty of Nurul Jadid University using COBIT 4 framework as shown in Fig. 2. The target respondents of e-learning audit process are chief information officer (CIO), chief academic officer, lecturers, and students.Thus, the target respondents are 35 people.d. Obtaining data Data result from this research is divided into three parts, current maturity level analysis, expected maturity level analysis, and gap analysis.

e. Analyzing Current maturity level
Questionnaire result is analyzed to assess the current maturity level for domain DS by assessing each activity within the system.There are six choice of answers in questionnaire with range 0-5.The attribute of maturity level is gained from calculation of total answer questionnaire multiplied with quality and divided with number of respondents as in equation formula below (1) : Attribute maturity index = (1)

Observing research environment
Arranging questionnaire

Analyzing gap value (gap)
Determining research respondent

Obtaining data
Analyzing current maturity level (as--is) Analyzing the expected maturity level ( to--be) f. Analyzing expected maturity level Assessment of expected maturity level becomes reference in service process and support in e-learning implementation on Engineering faculty of Nurul Jadid University can be determined by observing some factors below: a. Vision and mission of Nurul Jadid University.b.Questionnaire result.c.Interviewing the manager and users.g.Analyzing Gap Value Gap value analysis is conducted to identify an activity or improvement that is need to be done by Engineering Faculty side in order the maturity level is able to reach the expected level.The gap level is conducted from equation (3)  -the expected maturity level is reduced by current maturity level-:

Gap level = (x-y)
x = the expected maturity level y = current maturity level

Result and Discussion
3.1 IT Governance on E-learning of Engineering Faculty IT management in Engineering Faculty relies on IT sources which provide information system service to support the activity in Nurul Jadid University environment specially Engineering Faculty, including e-learning system activity.This system is able to help the teaching-learning process since it provides an interaction for lectures and students.However, this system needs to be audited in order the process works effectively.In this study, researcher chose some respondents who become object research in elearning audit process i.e.Chief Information Officer, Chief Academic Officer (BAAK), lectures, and students.They are all 37 people.The detailed information is shown in Table 2. Table 3 explains the calculation of seven processes on domain deliver and Support, where four processes have reached the fourth level, it is managed and meansurable.While other processes have reached the third level, it is defined process.

Gap Analysis of maturity level
In this level, the target or the expected level of audit process of E-Learning in engineering Faculty of Nurul Jadid can be determined by viewing internal business environment, it is vision, mission, target of the University.And the gap value of maturity level is shown on Table 5.

Conclusion
Based on the research that has been conducted, it can be concluded that it needs a training and socialization for users to use e-learning maximally.Besides, audit system process on e-Learning in Engineering Faculty is conducted using standard COBIT 4.0 framework on domain deliver and support (DS) consisting of seven processes i.e.DS 3, DS 5, DS 7, DS 9, DS 10, DS 11 and DS 13.Moreover, Seven processes that have been conducted need to be recommended to have an improvement.It is security system improvement on process of DS5 with index 3.11 and process of DS 7 with index 3.14 on providing a training for users.

Table 3 . Recapitulation of Questionnaire Result
Table 4 explains maturity level on domain deliver and support, where the fourth level (managed and measurable) explains that an activity relates to e-learning in Engineering faculty of Nurul Jadid University can be implemented formally and integrated each other.