Information Technology Governance Design in DevOps-Based E-Marketplace Companies Using COBIT 2019 Framework

— The E-Marketplace system is a digital place where sellers and buyers meet virtually, and transactions can be processed safely. E-Marketplace companies are oriented toward consumer-centric products and services and operate and have 24/7 non-stop transaction activities. E-Marketplace system development has become the digital transformation in Information Technology (IT) governance that meets the requirements of a system-based automated control with the application of DevOps principles. This study uses a mixed method approach through questionnaires, interviews, expert judgment, and relevant literature reviews related to the e-Marketplace system and IT governance concepts using the COBIT 2019 framework, which has 11 design factors with 40 IT processes to obtain the most appropriate governance model for e-Marketplace companies. The results were obtained in the form of 6 (six) methods in the IT governance model using the DevOps approach, namely the APO03 – Managed Enterprise Architecture, APO04 – Managed Innovation, BAI04 – Managed Availability and Capacity, BAI06 – Managed IT Changes, BAI11 – Managed Projects, and DSS03 – Managed Problems with a score ≥ 75 and the capability level target is at level 4.


I. INTRODUCTION
The development of the e-Marketplace system in Indonesia is undergoing a swift transformation. E-Marketplace system users will be loyal if the system can provide the best value for benefits to its users, so they will continue to use the e-Marketplace system to buy the products they need, and they will eventually recommend it to others [1]. The e-Marketplace company is always operational and has non-stop transaction activity within 24 hours for seven days without stopping. Therefore, e-Marketplaces systems are generally built and operated with complex special automation techniques to provide fast and stable feedback. E-Marketplace companies need to be assessed to see how the control and governance side of a company is compared to the response of its users, how e-Marketplace system can be one of the digital transformations in Information Technology (IT) governance, and how e-Marketplace companies can qualify as a control system-based automation with the application of Development and Operations (DevOps) principles. By knowing the application of the principles in the DevOps process, it can be seen how the control has the potential to be tested based on a system-based testing approach [2].
The frameworks used as information technology governance guidelines include ITIL (Information Technology Infrastructure Library), which provides customer-oriented information technology services; ISO (International Standard Organization), which covers the quality of an organization or company and its performance measurement, while COBIT focuses on to information technology management [3]. COBIT 2019 differs from COBIT 5 and previous versions, whereas in COBIT 2019, there are 40 core models. The flexibility of COBIT 2019 lies in the scope of specific topics that are focused on certain areas in a coherent manner, such as security, risk, DevOps, and compliance with particular regulations [4].
This study uses a mixed method in which the process of collecting and processing data is carried out using a questionnaire based on the purposive random sampling method. Respondents are e-Marketplace system users in Indonesia based on aspects of system quality, information quality, and service quality to users, then continued with data collection in the form of interviews with technical support officers, product development specialists, back-end developers, and associate Vice President of Product from several top e-Marketplace companies in Indonesia such as Tokopedia, Shopee, and Rupa-Rupa and expert judgments based on the concept of IT governance in the COBIT 2019 as well as data collection from various literature studies.
Through this research, an IT governance design will be produced that can be implemented in the e-Marketplace companies to assist the company in carrying out its goals, vision, mission, and business processes in developing and operating the e-Marketplace system as its main product.
Meanwhile, other benefits obtained through this research include that the company will get correlation between the abilities/solutions and the competencies measured through self-evaluation [8].
E-Commerce is a means for sellers and buyers to process trade transactions for various products electronically carried out by companies [9]. E-Commerce is a technology application used to automate business transaction processes [10]. There are other forms of e-commerce, namely e-Marketplace system is a digital platform that provides facilities for handling the process of buying and selling transactions, payments, and shipping from various online stores by sellers and buyers, with the concept that users, namely the general public, can act as sellers and buyers. An e-Commerce business in Indonesia can have the following characteristics as online shopping website for direct retail sales to consumers, participation in online marketplaces that focus on business-to-consumer (B2C) or consumer-to-consumer (C2C) processing, business-to-business (B2B) sales, collect and use demographic data through website contacts and social media, and business-to-business (B2B) electronic data exchange [11].
A new project life cycle has emerged along with an agile paradigm for project management, providing a flexible and customizable environment for projects where completion is complex and unclear, delivering a step-by-step product with feedback [12]. DevOps (development and operations) is developing the right approach to address the integration problem of development and operations capabilities to complement a swift process [13]. The strategic goal of DevOps is to examine the methods used to improve the quality of services and features in a way that meets user needs [14].
DevOps aims to deliver fast service to system users by bringing development and operations teams together and requires a delivery cycle consisting of planning, development, testing, deployment, deployment, and monitoring with active collaboration between the different members, as shown in  the software development process. The DevOps adoption culture encourages close collaboration within the e-Marketplace companies by carrying out the necessary organizational shifts to support a culture of shared responsibility to eliminate the boundaries between the roles of the development and operations teams. Automation is needed to assess the quality of development builds and feedback from e-Marketplace system users through rapid and stable changes [16].
Information Technology (IT) governance is a framework used to manage all information resources (human, cost, and infrastructure) in achieving the organization's business objectives effectively and efficiently. IT governance is essential for companies to decide how to use information technology resources, measure their performance, achieve business goals, and derive benefits [17]. The two main focuses on IT governance are how IT can generate sufficient benefits or value for the business and how the risks arising from IT implementation can be controlled and managed [18]. IT governance is an integrated, interconnected, and mutually directing process and structure that aims to regulate an organization or company to achieve its goals by aligning the benefits or values of implementing IT, risks IT, and IT processes [19]. IT governance includes organization, regulation, culture, and practices that result in a system of control and transparency of IT implementation. IT governance also explains who has the right to make a decision and how that decision is made in the application of IT [20].

COBIT (Control Objectives for Information and Related Technology) is one of the frameworks
for IT governance and management. This framework helps organizations or companies provide governance direction according to the desired business processes by adjusting the benefits of an organization or company [21]. ISACA has released the latest version of COBIT, which replaces the previous COBIT 5 version, namely COBIT 2019; the publication of this framework is a guideline for every organization or company to move quickly, dynamically, innovate, and be closer to its customers. Both COBIT 2019 and COBIT 5 consist of 5 main domains, namely: Evaluate, Direct and Monitor (EDM), Align, Plan and Organize (APO), Build, Acquire and Implement (BAI), Deliver, Service, and Support (DSS), and Monitor, Evaluate and Assess (MEA) [22].
Based on relevant previous studies and several theories used in this research, there are gaps, such as the design of information technology governance in a company without paying attention to the technology explicitly used, so it is still too general. The second namely how to build DevOps-based e-commerce without paying attention to information technology governance. Therefore, the contribution or novelty of this research is designing information technology governance that can be applied to companies engaged in microservices using DevOps, especially e-Marketplace companies.

II. RESEARCH METHOD
The initial stage of this research is collecting data using a questionnaire based on the purposive random sampling method. The purposive random sampling method is a sampling technique with specific considerations [23]. Data collection is carried out on the response of e-Marketplace system users in Indonesia based on aspects of system quality, information quality, and service quality to users, then continued with data collection in the form of interviews with technical support officers, product development specialists, back-end developers and associate Vice President of Product from several top e-Marketplaces companies in Indonesia such as Tokopedia, Shopee, and Rupa-Rupa, as well as data collection from various literature studies from several relevant journal articles. After all the required data has been obtained, the researcher conducts a data analysis process and aligns business goals, IT goals, and IT processes using COBIT 2019.
Then, a method of identifying findings is carried out through an expert judgment assessment of the e-Marketplace companies based on IT governance concepts using COBIT 2019. Based on the results, the relevant ideal recommendations are made to improve e-Marketplace system performance. The following process will obtain design factors that influence IT governance on the e-Marketplace companies so that a governance design will be accepted that is suitable to be applied to the e-Marketplace companies in Indonesia. Based on Figure 2, the IT governance design flow in the e-Marketplace companies can be divided into 3 (three) main stages, namely:

Alignment of Business Goals, IT Goals, and Enterprise IT Processes
This stage is based on the standard design factors provided by COBIT 2019 to understand the e-Marketplace company's strategy, company business goals, IT goals, IT processes, risk profiles, and current IT-related issues. Knowing the condition of the company's strategy is done by examining the plan's background and business environment to understand the design, the resulting objectives, and the current status of IT risks in e-Marketplace companies.

Identify IT Governance Design Factors
This stage is used to determine the scope of the IT governance system by considering design factors 1 to design factor 11, utilizing the help of the COBIT 2019 design toolkit. Design factors 1 to 11 consist of e-Marketplace enterprise strategy, enterprise goals, risk profile, IT-related issues, threat landscape, compliance requirements, IT role, IT sourcing model for IT, IT implementation methods, technology adoption strategy, and enterprise size. Next is to determine each relevant design factor. After that, the possible values of the design factors that apply to the e-Marketplace companies are determined. Finally, the assessment results of each design factor found the level of governance and management objectives.

IT Governance Design Results
It is the stage where all inputs from the previous steps are collected to complete the design of the IT governance system. The action taken is to combine all the information during the last stage to summarize the creation of the IT governance system. The final governance system needs to represent the relevant assessment of all inputs. This method can draw conclusions by planning an IT governance system for the e-Marketplace companies based on the IT governance system design stage.
COBIT 2019 has a core model, which is divided into 2 (two) parts, namely Governance and Management. COBIT 2019 explains the essential factors that need to be considered by companies in designing an IT governance system and positioning it for the successful use of information and technology. These critical factors are considered design factors that companies should consider in adjusting their IT governance system to realize the value of using IT. Design factors can influence the design of a company's governance system and position it for success in using information and technology. The domain reveals the main objectives and areas of activity within the processes [24]. COBIT 2019 defines several design factors, as shown in Figure 3.   Table 1 shows the company's strategy differences for each e-Marketplace company.

Services
Develop online stores such as SMEs or retail.
Provide service or platform availability.
The system, service, and information quality are essential turning points in the e-Marketplace system development process [28]. The quality can be assessed by how the user responds to the navigation of the system, whether the level of system response is good, how the story of user trust in the design, especially in the transaction process, and the level of system security. Based on the data collection results through questionnaires, it was found that more than 90% of users feel confident and satisfied with the quality of the e-Marketplace system, and 78% of users think that currently, e-Marketplace companies can adjust and provide the functional features that users need.
The quality of service is obtained by more than 95% satisfaction in transacting on the e-Marketplace system due to guaranteed security in payment transactions and qualified search features. Meanwhile, through the quality of information, user trust is obtained by 75% because it is still not fully guaranteed consumer protection rights in the e-Marketplace system; for example, there are still many merchants who are not credible in marketing their merchandise.
The implementation of DevOps in the e-Marketplace system is one of the implementations of IT processes in IT governance in the e-Marketplace companies. Therefore, to realize the goals and obtain value for using IT, it is necessary to design a comprehensive e-Marketplace company's IT governance through the following processes:

Design Factor 1: Enterprise Strategy
Each company has a different strategy in design factor 1, namely Enterprise Strategy. The  Table 2.  Table 2 shows the priority business strategies based on the results of the e-Marketplace companies classification used in this study, namely the e-Marketplace companies with B2C and C2C types; the company strategy that becomes the priority is innovation/differentiation and client service stability compared to growth and cost leadership. This is because e-Marketplace companies must continue to innovate and provide services to the client to survive and have a competitive advantage with constantly growing competitors.

Design Factor 2: Alignment of Enterprise Goals to Alignment Goals
The next stage is design factor 2, namely the alignment of Enterprise Goals with Alignment

Design Factor 4: Information and Technology Related Issues (I&T-Related Issues)
Design factor 4, namely I&T-Related Issues, is a related method for assessing organizational e-Marketplace companies hold and manage data. Critical personal data belonging to users and the level of user trust in the company is always a top priority; therefore, this issue must be prioritized so that it does not happen. Second, the assessment reports on IT performance or service quality issues are also important because e-Marketplace companies are engaged in digital technology, so the quality of IT services is also a priority. The better the cooperation of the IT team within the company, it will directly proportional to the resulting achievements. Third, issues related to implementation failures or innovations caused by the current IT architecture. The current e-Marketplace system development process uses the concept of DevOps adoption and collaboration to avoid innovation failures; However, this can be overcome; this issue is a significant issue that must always be considered because it can have very detrimental impact on the company.
Fourth a significant issue regarding the quality and integration of data from various sources.
Due to the development of digital technology, partner companies related to e-Marketplace companies, for example, such as e-Wallet and e-Payment vendors who have different authorization, authentication, and security levels from each other, delivery service companies' e-Tracking systems must always be up to date; it must be ensured that the technology can be perfectly integrated without compromising the security and operation of the e-Marketplace companies. Fifth, related to issues of supervision, quality control, and company operations, the e-Marketplace system is a digital global trading system with many transactions that take place almost every second, supported by the operating system which always operates non-stop for 24 hours every day, this issue is a significant reason to prioritize through full-time and real-time system control. Sixth, in the case of non-compliance with privacy regulations, the e-Marketplace system platform can run because of the support from users' trust in the company, one of which is regarding the handling related to the management of user privacy data in transactions through the e-Marketplace system, based on this, it is necessary to guarantee the protection of consumer rights.
If the company is negligent about this issue, it will cause a tremendous loss impact; for example, the leakage of user data from one of the e-Marketplace systems by irresponsible parties will undoubtedly harm the company and users of the e-Marketplace system. The seventh is the issue of the inability to exploit new technologies or innovate using I&T. Adapting e-Marketplace system to meet user needs; e-Marketplace companies must consistently innovate and become a new trend following technological developments during competition in the global digital technology market. Therefore, the seven issues related to I&T have become an essential priority

Design Factor 5: IT Threat Landscape
Design factor 5 is the IT Threat Landscape which means a threat view that can help the e-Marketplace companies identify threats that can threaten the e-Marketplace system while operating. Figure 4a shows the threats that can occur in the e-Marketplace system. The value of 75% is a threat categorized as usual because when the e-Marketplace system operates, these threats can be handled with the network security system (cyber security) they have. Threats that may occur are system operational failure.

Design Factor 6: Compliance Requirements
Design factor 6 is Compliance Requirements, which are compliance requirements that form the basis of the e-Marketplace companies. In Figure 4b, the resulting Low value is 25% because e-Marketplace companies have made efforts to improve company management by sound corporate governance principles. The standard value is 50% because e-Marketplace companies comply with the rules and conditions that the digital industry has determined. The high value of 25% is because e-Marketplace companies run their business based on the laws and regulations that the government has set regarding electronic information and transactions.

Design Factor 7: Role of IT
The results of the identification of design factor 7 are the Role of IT which is the role of IT for the e-Marketplace companies. Figure 4c  impacts the e-Marketplace companies, making it easier for companies to carry out business processes and provide services.

Design Factor 8: Sourcing Model for IT
The results of the identification of design factors eight on the e-Marketplace companies can be seen in Figure 4d. Design factor 8, namely the Sourcing Model for IT, is a procurement adopted by the e-Marketplace companies and consists of several parts, namely: 1) Outsourcing has a value of 25% because IT implementation in the e-Marketplace companies also uses and integrates features of third-party support services to improve e-Marketplace system performance, such as payment services on e-Payment by entrusting service providers to banks, monitoring services delivery by the delivery service through e-Tracking and internet services using third party services.
2) Cloud with a value of 50% because the e-Marketplace system uses cloud technology as an online-based storage place. 3) Insourced with a value of 25%, because the e-Marketplace companies have a department that focuses on the IT function.

Design Factor 9: IT Implementation Method
Design factor 9, namely IT Implementation Methods, is a method adopted by the company in implementing IT. The identification of design factors nine on the e-Marketplace companies can be seen in Figure 4e, which shows how DevOps has become the most dominant approach to IT implementation on e-Marketplace systems because it integrates development processes and operations capabilities to deliver fast and reliable services. The Agile approach is still the choice of IT implementation compared to the traditional method because it is more suitable to be applied to continuous e-Marketplace system development.

Design Factor 10: Technology Adoption Strategy
Design factor 10, namely Technology Adoption Strategy, is used by companies in adopting new technology. The results of the identification of design factors ten on the e-Marketplace companies can be seen in Figure 4f shows that the e-Marketplace system can be categorized as a first mover and follower because, at this time, it has developed a lot and has relatively the same essential functions.

Design Factor 11: Enterprise Size
Design factor 11 is Enterprise Size to determine the size of the company. Based on the data obtained, the number of employees owned by e-Marketplace companies is more than 1,000 employees on average; it can be concluded that e-Marketplace companies have a sourcing model of the Large Enterprise type because they have more than 250 employees.

Governance and Management Objectives Importance (All Design Factors)
APO03 -Managed Enterprise Architecture has a score of 85 which means that the target capability level is at level 4, relating to providing enterprise architecture services within the enterprise that include guidance to and monitoring of implementation projects, formalizing ways of working through architecture contracts, and measuring and communicating architecture's value and compliance monitoring. APO04 -Managed Innovation has a score of 100 which means that the target capability level is at level 4, relating to managing technology frameworks that have the potential to create innovative technologies and ideas and improve operational effectiveness and efficiency by utilizing IT innovatively. BAI 04 -Managed Availability and Capacity has a score of 95 which means the target capability level is at level 4, relating to balancing current and future needs for availability, performance, and capacity with cost-effective service provision.
BAI06 -Manage IT Changes has a score of 95 which means the target capability level is at level 4, relating to managing all controlled changes related to business processes, applications, and infrastructure, including routine changes and emergency maintenance. BAI11 -Managed Projects has a score of 85 which means the target capability level is at level 4, relating to the management of all projects initiated within the e-Marketplace companies under the company's strategy and in a coordinated manner based on standard project management approaches such as: creating, planning, controlling and implementing the project, and concludes with a postimplementation review. DSS03 -Managed Problems has a score of 75 which means the target capability level is at level 4, relating to increasing availability, improving service levels, reducing costs, improving customer convenience and satisfaction by reducing the number of operational problems, and identifying root causes as part of problem resolution.
Based on the 6 (six) processes produced by the design of information technology governance at e-Marketplace companies using the COBIT 2019 framework, the recommendations for government that must be prioritized by e-Marketplace companies include: architectural development for the system they own, Innovation according to the needs of system users, system availability 24/7, readiness in rapid IT change, have management good IT project, and ability in handling problems that occur in the system. Problems processes. The 6 (six) IT processes all have a score of 75, with the target capability level being at level 4. Hence, it is a design factor that is a priority for implementing IT governance on e-Marketplace companies in Indonesia. The importance of information technology processes generated in this research is only done on methods with target level 4. The development of an e-Marketplace system with a DevOps approach can be an option to increase a company's ability to create systems and services at high speed compared to using a traditional method. In addition, DevOps is also responsible for designing, developing, and providing solutions for companies because they prioritize automation.