Audit Procedures to Manage Information Systems Based on the DSS02 Domain in the COBIT5 Framework at Double - Six Luxury Hotel Seminyak C

— Double-Six Luxury Hotel is currently implementing Information Technology (IT) to support the company's operations. However, there are obstacles in implementing IT, such as users who fail to log in or log out and there are disruptions to the network server caused by the disconnection of the fiber optic cable. Based on this, it is necessary to audit information system governance. This study using the COBIT 5 Framework with a conceptual method. This research focuses on the DSS (Delivery, Support, and Service) domain in the DSS02 process. The purpose of the study was to determine the current level of capability (as-is) and expected conditions (to-be), gaps, and provide recommendations regarding information system governance at Double-Six Luxury Hotels. The results of this study indicate that the current condition of the DSS02 process capability level is at level 2 (Managed Process) with a percentage of 67.5% in the Very Achieved (L) category where the process has been managed well but only most of it is not entirely and the expected conditions are at level 3 (Build Process). Based on these results, it is known that in the DSS02 process there is a gap of 1 between as-is and to-be, so the management in the DSS02 process is sure to carry out process definition and process development at level 3 (building process) to achieve the specified level target.


I. INTRODUCTION
urrently, Information Technology (IT) is an important part for companies or institutions that are very important. Companies or agencies place technology as something that can support the company's strategic plan to achieve the company's vision, mission, and goals. Companies that are trying to implement information systems that can meet the company's needs and natural goals. This is one of the supporting factors in implementing the strategic plan at Double-Six Luxury Hotel Seminyak which can be developed optimally. The theoretical use of IT in a company is believed to provide convenience and efficiency in implementing the applied information system [1]. This relates to the management of service requests and incidents which are critical in increasing productivity and reducing disruption through informed decisions on usage and incidents that occur. Based on interviews conducted at the IT Department, the management does not yet know the level of information system capabilities in the company. In a business engaged in accommodation services, service requests and incidents are one of the important aspects of an information system. Inappropriate management of service requests and incidents causes user discomfort. This can cause losses for the company [2].
Lately, problems often occur, namely users fail to log in or log out caused by inappropriate email client / SMTP settings in the hotel program's visual information system. In addition, there was a disturbance on the internet network server caused by a break in the fiber optic cable. [3] This makes it difficult for users to use the information system. Based on the information above, it is necessary to carry out research activities related to information system governance audits using the COBIT 5 DSS (Delivery, Service and Support) framework domain in the DSS02 process, namely managing service requests and incidents that aim to determine the level of capability in Double-Six Luxury Hotels [4] II. RESEARCH STUDIES The evaluation carried out on information technology governance using the COBIT framework has been widely x researched and the results of its recommendations can help to improve information technology governance for the better. A study [5] in his research discusses the implementation of the COBIT 5 framework, provides measures to improve the performance and governance planning recommendations in the future will come. The research conducted in this study was only in the domain Delivery, Service and Support Process 2 (DSS02) in the area of governance. The weakness of this study lies in the evaluation that is carried out only in the management area alone, not from the management area. 1  Research in the same field has been carried out by [6] in his research explaining that the COBIT framework is one of the frameworks used to assess, measure, and control the performance of institutions in information technology management. COBIT can also be received and aligned by the users because the framework is built on the goals, rules, and policies of the institution. [7] The results of the study conducted were to measure the performance of the Academic Information System (AIS) in the form of analysis, mapping of capability levels, and recommendations for higher education institutions, namely Muhammadiyah University of East Kalimantan. The results of this study indicate the level of capability within each IT process contained in the domain DSS on average at the level of 0.82 or 82% and we're at level 3 (established process ).
According to [8] an information system audit is a form of supervision and control of the information technology infrastructure as a whole. One method of governance evaluation that can be done is to use the COBIT 5 framework by taking the DSS domain (managing service requests and incidents), the COBIT 5 process assessment model refers to the concept of the ISO / IEC 15504 capability level model. [9] information at iGracias Telkom University is carried out by measuring the capability level of information technology governance in iGracias Telkom University services which is at level 3 which means that information technology management is carried out in an Established manner and increasing the capability level from level 3 to level 5 as expected, the recommendation as following.
A study on the mapping of COBIT 5 according to [10] From the Strategic Plan of the Semarang City BPPT Section is mapped against the COBIT 5 Company Goals (Enterprise Goal). After obtaining the Company Goals, the Company Goals are mapped against (IT Related Goal) COBIT 5. Objectives related to IT mapping results will also be mapped against thirty-seven (37) processes contained in COBIT 5 for Management of Service Requests and Incidents. [11] There are two categories, namely primary and secondary to choose from. In this ongoing research, the authors focus on the primary categories only. The process of mapping results will be used as a reference for making the questionnaire. The questionnaire was given to selected respondents, namely employees of the IT Department of the Semarang City BPPT who have a role and are directly responsible for the management of the information system. [12] Based on the literature review that has been described, the authors can conclude several things, namely, the COBIT framework is the most appropriate model for conducting information systems audits and is widely used to evaluate information technology governance. This study using the COBIT 5 framework to evaluate information system security and why to choose COBIT 5 in this study because it can divide the IT governance and management processes of an organization into two main process areas, and provide more detailed instructions needed by users as a reference. which is easy to understand [8].
III. RESEARCH METHODS This information system audit research stage, it is carried out using a conceptual method. The research to be conducted has several audit processes consisting of company identification, data collection, data analysis, and conclusion drawing [13]. The research stage is important so that the research process runs according to the established procedures. Organizational identification is the initial stage in the conceptual method. [14] This stage is carried out by direct observation of the company to find out an overview of the company , the departments of the company and to find out the information system in the company. After making direct observations, the next stage is the data collection stage by means of literature studies for the relevance of the research object. [15] The interview is a data collection method that is carried out by asking questions directly to related parties to dig deeper into the information system of the company. The questionnaire is a data collection method by asking some correspondence based on the DSS02 domain and the COBIT 5 framework to obtain valid data in the capability assessment process.
Furthermore, the data will be analyzed to obtain the level of capability in the company. [16] Gap analysis is a process to find out the gap from the capability level to the target level that the company wants to achieve. After knowing the gap in the capability level and the company level target, the next stage is a recommendation for the company. These recommendations are made with the aim that the company can achieve the capability level desired by the company. [17] A. Questionnaire Calculation Techniques In this study, the technique used to calculate the questionnaire is a Likert scale which functions to measure the opinions and attitudes of each respondent. On this measurement scale expressed in several answer choices such as agree, disagree, strongly agree, and others or can be in the form of a range of values (0 -3), (1 -5), and so on, with a description of Applied Information Systems and Management (AISM) Volume 4, (2) 2021, hal 57-62 P-ISSN: 2621-2536; E-ISSN: 2621-2544; DOI: https://doi.org/10.15408/aism.v4i2.19922 59 http://journal.uinjkt.ac.id/index.php/aism the value that has the highest value and value. which one has the lowest value [18].
The questionnaire calculation technique according to the Likert scale is the first to calculate the total score with the formula below: by: T = number of respondents who voted Pn = preferred Likert score (usually using 0-5) The second is the questionnaire calculation technique according to a Likert scale, namely the calculation score interpretation. To get an interpretation value, the steps that must be taken are knowing the highest score (Y ) and knowing the lowest score (X) used in the assessment of the questionnaire with the formula below: by: I = interpretation index Y = highest score on the Likert scale

IV. RESULTS AND DISCUSSION
In this chapter, there are four important points to be elaborated based on the results of research that has been done , the attribute mapping to the level of capability, mapping RACI Chart on Domain DSS02, process capability level measurement results, and the results of the gap with an explanation.

A. Mapping of Attributes to Level of Capability
Process attributes can be mapped into the capability level as shown in Table 1. A company can be said to have achieved a certain capability level if the attribute at that level is " Fully Achieved (F)" or " Largely Achieved (L), and the attribute value for level 2 -5 is " Fully Achieved (F)". For example, to reach level 2, the organization must achieve an F or L value for PA2.1 and PA2.2. If the attribute value at each level is " Partially Achieved (P)" or " Not Achieved (N), then a company cannot achieve and cannot go up to that level. Based on this, the capability level assessment process cannot be continued to the next level [19].

B. Mapping of the RACI Chart on the DSS02 Domain
RACI Chart is a matrix that describes the role of the various parties in the completion of work in a project or process business. By doing identification RACI diagram Chart can be known to anyone who may be respondent research [20]. Based on the research results show that total of respondents on the measurement of the level of capability in the Double-Six Luxury Hotel Seminyak is a total of 20 people with different offices and departments that have a role corresponding with RACI diagram Chart Domain DSS02. This can be seen in Table  2 below:

C. Results of Measurement Levels of Process Capability
Based on the research that has been done, it can be seen that, in the current process (as is) in the Domain DSS02 in Double-Six Luxury Hotel has a value of the level of capability of 67, 5 (managed process) means that the company has been able to manage service requests and incident, which will be recorded in the company's work plan document. This document contains content about how to manage service requests and incidents. Based on existing documents at the company, it can be stated that there is a match between the DSS02 process capability levels obtained from the results of the questionnaire, which is at level 2 (managed process) which can be seen in Table 3 below: Based on Figure 2 can be seen that, h acyl measurement capabilities of service requests and incidents based information system framework COBIT 5 on DSS02 process at the level of 1 to obtain a value of 78.86%, the 67.5% level 2, level 3 of 43.18%. Based on the acquisition of these calculations show that, of the three processes that have been measured no one can reach the level or the level of capability that are targeted by these companies, which is at level 3. These two processes are only able to reach level 2, as shown in Table 2 above. Based on the results of the measurement of the capability level above, it can be concluded that, Double -Six Luxury Hotel Seminyak obtained a capability level at level 2 in the DSS02 process, namely the management of service requests and incidents, while the target expected by the company is at level 3 as shown in Figure 3. above. Therefore, there is a gap at level 1 to level 2 at 11.36% and the level 2 to level 3 there is a

V. CONCLUSION
Based on the research and analysis carried out on the management of service requests and information systems incident Double-Six Luxury Hotel, the following conclusions can be drawn: a. There are obstacles in managing the hotel's visual information program, that is users fail to log in or log out caused by inappropriate email client / SMTP settings and interference with internet network servers caused by fiber optic cable breaks. b. Evaluation is carried out using the DSS domain COBIT 5 framework in the DSS02 process, namely manage service and incidents. c. The evaluation was carried out by distributing questionnaires to 20 respondents. d. The capability level of the audit results of service request and incident management is at level 2, namely managed process with a score of 78, 86 % at level 1, and 67.5% at level 2. These results indicate that most of these processes have been implemented and managed appropriately by the company. e. The results of the assessment of the capability level of service request management and information system incidents at Double-Six Luxury Hotel could not reach the targeted level, namely at level 3. This is due to several things as follows: 1) The absence of the infrastructure required for the work environment to process service requests and incident handling that is defined, managed, and maintained, which is 36.66%.
2) Identification of the resources and information needed to process service requests and incident handlers, only up to 35% 3) Compliant data collected and analyzed as a basis for understanding process behavior and demonstrating suitability and effectiveness, as well as evaluating the continuous improvement of the process that can be made, only up to 20%.
To overcome the obstacles that occurred in the hotel, the IT Department had to reset the email client / SMTP on the hotel's visual information system and replace the broken fiber optic cable. Furthermore, To increase the level of service demand capability and incidents to reach the targeted level, the management of Double-Six Luxury Hotel Seminyak must carry out process definition and process development at level 3, namely establishing an established process. This can be achieved if the management of Double-Six Luxury Hotel Seminyak has carried out the processes that exist at level 3, such as the absence of the infrastructure needed for the work environment to process service requests and incident handling that is defined, managed, and maintained, Building the necessary infrastructure a work environment for conducting process requests and incident services that are defined, available, allocated, managed and maintained, appropriate data processing is collected and analyzed as a basis for understanding process behavior and demonstrating suitability and effectiveness, as well as evaluating the continuous improvement of processes that can be made. THE CONTINUOUS IMPROVEMENT OF PROCESSES THAT CAN BE MADE.