The Smart Governance Framework and Enterprise System’s Capability for Improving Bio-Business Licensing Services

Abstract

One way to improve Indonesia’s ranking in terms of ease of conducting business is by taking a closer look at the business licensing process. This study aims to carry out an assessment using a smart governance framework and recommendation capabilities from the Enterprise System (ES). As a result, the recommendations for improvement with the expected priority are generated. The stages of this research are observing the process of making bio-business permits, followed by interviews related to several Enterprise Architecture (EA) capabilities, and providing recommendations based on the results of the maturity level of IT governance. These recommendations are then mapped into an impact—effort matrix for program prioritization. The recommendations for bio-business licenses can also be used to improve the process for other business licenses. Implementation of the EA framework has been proven to align technology, organization, and processes so that it can support continuous improvement processes.

1. Introduction

In terms of the ease of conducting business, Indonesia has been ranked 73rd since 2019. In terms of its score on another metric regarding the competitiveness of nations, Indonesia ranked 51 of 63 countries for digital competitiveness in 2022 [1]. Some subfactors that need to be improved are training and education, IT integration, and technological framework. In the subfactor regulatory framework, starting a business is crucial (rank 59), even though it is not found in the top weaknesses. Meanwhile, Singapore is ranked third in terms of starting a business and fourth for digital competitiveness.

The Indonesian government has always been committed to improving the investment climate in Indonesia, one instance of which was by carrying out the mandate of Act Number 11 of 2020 on Job Creation. The article in the Job Creation Law that is used as a reference in improving the investment climate is Article 6 of the Job Creation Act, improving the investment ecosystem and business activities. Additionally, Article 7, paragraph 1 and 7 of the Job Creation Act, Risk-Based Licensing, is based on the risk level and business scale rating.

To achieve the target of the Job Creation Act, BKPM (please refer to

Table A9. Abbreviation—terms mapping.

Abbreviation	Terms
AHU online	“Aplikasi dari Direktorat Jenderal Administrasi Hukum Umum, Kementerian Hukum dan HAM RI/Kemkumham” or Application from Directorate General of General Legal Administration, Ministry of Law and Human Rights of the Republic of Indonesia
AMDAL/UKL/UPL	“Analisis Dampak Lingkungan/ Upaya Pengelolaan Lingkungan Hidup/Upaya Pemantauan Lingkungan Hidup“ or environmental permit
ATR/BPN online	“Application dari Direktorat Jenderal Tata Ruang Kementerian Agraria Dan Tata Ruang/Badan Pertanahan Nasional” or Application from Directorate General of Spatial Planning, Ministry of Agrarian Affairs and Spatial Planning/National Land Agency
BKPM	“Badan Koordinasi Penanaman Modal” or Capital Investment Coordinating Board
BPJS	“Badan Penyelenggara Jaminan Sosial” or social security number
DUKCAPIL online	“Aplikasi pelayanan kependudukan dan pencatatan sipil” or application for population services and online civil registration
IMIGRASI online	“Aplikasi dari Direktorat Jenderal Imigrasi Indonesia” or application from Directorate General of Immigration
KBLI	“Klasifikasi Baku Lapangan Usaha Indonesia” or the Indonesian Business Field Standard Classification
KKP online	“Aplikasi dari Kementerian Kelautan dan Perikanan Republik Indonesia” or application from Ministry of Marine Affairs and Fisheries
KLHK	“Kementerian Lingkungan Hidup dan Kehutanan Republik Indonesia” or Ministry of Environment and Forestry of The Republic of Indonesia
K3L	“Keselamatan, Keamanan, Kesehatan dan pelestarian lingkungan” or safety, security, health, and environmental preservation
K/L	“Kementrian/Lembaga” or ministry/agency functions
MR	“Menengah-Rendah” or medium–low risk
MT	“Menengah-Tinggi” or high–medium risk
NIB	“Nomor Induk Berusaha” or the Business Identification Number
NIK	“Nomor Induk Kependudukan” or Identity Number
NPWP	“Nomor Pokok Wajib Pajak” or Tax Identity Number
PBG	“Persetujuan Bangunan Gedung” or building approvals
R	“Rendah” or low risk
SNI	“Standar Nasional Indonesia” or Indonesian National Standard
SS	“Sertifikat Standar” or Standard Certificate
T	“Tinggi” or high risk
UMK	“Usaka Mikro dan kecil” or micro and small enterprises

for abbreviations and terms) has implemented a risk-based OSS (Online Single Submission) or OSS-RBA (risk-based approach) since 4 August 2021. This OSS-RBA has replaced the previous version, namely, OSS v1.1, which has been used since 1 January 2020. Initially, OSS was used in 2018 and had important subsystems, namely, a licensing service subsystem (facilities), a supervision subsystem, and an information service subsystem.

Several studies have discussed improving licensing services. It is necessary to apply the concept of one integrated service in the implementation of e-government, such as licensing services [2]. Additionally, the implementation of smart governance can improve service transparency and bureaucratic efficiency and obtain input from users for continuous improvement [3]. This implementation is in the form of an IT governance that includes enterprise architecture (EA) processes and several COBIT and ITIL processes. Once again, the aim of the existence of this smart governance framework is to support the formation of smart cities and one-stop-shop services [4]. In developing this service, the development of an Enterprise System (ES) for business licensing can be referred to. The purpose of this ES is to support the goals of e-government, namely, a transparent and effective bureaucracy, as well as to produce an integrated system [5].

It is important to implement ICT (Information and Communication Technology) governance in government so that service integration, service adoption, and performance improvement of business licensing services can be carried out sustainably. EA plays a role in shaping e-government programs that are not redundant. The development of the EA model has been widely used, for example, for IT infrastructure in government institutions [6] and the development of EA for e-agriculture [7]. Using EA is expected to support service integration [8]; connect technology, organizations, and processes [9]; and support the e-government’s masterplan towards a smart city [10].

Moreover, regarding ICT application, the application of IT based on a Decision Support System (DSS) could be used to compute fixed costs, variable costs, revenue, and taxation used to model the enterprise budget [11]. The application of the internet is becoming the accelerator of sectoral performance, especially in agriculture [12]. Specifically, the use of machine learning methods for predicting software defects can be applied to predict defects in each software module [13].

Therefore, an assessment is needed using a smart governance framework and recommendations for capabilities from ES so that recommendations for improvement with the expected priority can be produced. This recommendation is long-term in nature and its execution will be taken into consideration by the BKPM team.

The first purpose of this research is to analyze the implementation of business licensing services using smart governance. The second objective is to analyze the business licensing service system based on the ES capabilities needed to achieve transparency, as well as integrated service targets. Additionally, the third objective is to provide recommendations for improving licensing services that support the creation of effective smart cities and e-government.

2. Materials and Methods

To analyze the performance of the licensing service, the authors used the design thinking approach, especially in the observation process. Design thinking is a creative process used to solve certain problems with innovative solutions. In general, the design thinking process starts with gathering information, defining the main problem, gathering ideas, and modeling solutions [14].

In this study, the authors focus on gathering information and making observations. Observation is used for qualitative research to gain insight into user needs with input in the form of problem definitions, challenges, or questions and produce documents in the form of videos, interview results, documents, and notes [15]. The process of collecting information in this study was carried out by interviewing relevant stakeholders. As for the observation process, the authors carried this out directly by entering requests for business licenses into the OSS application. Detailed research stages can be seen in Figure 1.

In Figure 1, the stage begins with observing the use of the OSS system; specifically, by processing access requests and low-risk business permits. This category of low-risk business permits is the most requested permit process; the expected result is determining whether this permit process is easy and fast. The next stage is choosing the KBLI, which limits the scope of the research, and the result is determining the state of the data for the KBLI application. The next stage of information gathering is an interview with stakeholders. This activity is expected to help obtain an overview of what currently exists and will be developed to improve the OSS system based on several ES capabilities. From collecting information through observation, data collection and interviews are input for the next stage, namely, problem analysis. The analysis is carried out in two stages: the analysis of the maturity level of several IT processes and EA analysis. The results of this analysis process are expected to provide ideas for improving the process so that it has an impact on the licensing process in this scope. The third stage of design thinking is carried out in this study, namely, gathering information, analyzing problems, and generating ideas for service improvement. Next, a detailed explanation of each stage is provided.

Of the steps that are carried out, below are some of the main factors that determine the ease of starting a business. The implementation process reached the target service level by fulfilling business licensing requirements, and the process is supported by technology according to the latest needs so that processes that run internally can achieve the desired goals.

2.1. The Practice of Making Low-Risk Bio-Business Licenses

Based on statistics of NIB issuance for almost 10 months, there were more than 1.2 million NIBs issued with a percentage of UMK of 97.85% and non-UMK of 2.15%. Therefore, the authors practiced making business permits for UMK as this is the most dominant category requested by business license applicants. The stages of business licensing through OSS BKPM consist of two stages, which are access rights and the registration of permits [16]. To obtain access rights and license registration, applicants can access the OSS application through a mobile or web application (see Figure 2).

After gaining access to the OSS application, users, in this case, individuals or institutions, can submit requests for business licenses by entering personal data and data on business activities to be carried out. This business activity data will determine the scale of the business and the necessary requirements. Once complete, the final stage requires commitment from the user to be able to fulfill these requirements. If it has been submitted, a business license will be issued automatically, especially for requests for low-risk business licenses.

2.2. Determination of KBLI as a Research Sample

Risk-based business licensing has implemented KBLI, which refers to PP 5/2021. Until August 2022, there were 1702 business activities consisting of 1349 KBLIs. The population can be separated into three parts, namely, the population, target population, and study population [17]. The 1349 KBLIs comprise the total KBLI population, while the KBLI population targets are in the bio-business area, namely, the Agriculture, Forestry, and Fisheries (A) category; Processing Industry (B); and Provision of Accommodation and Provision of Food and Drink (I), namely, 3 out of 21 categories (or more than 10%). Meanwhile, the study population is related to agriculture (farm), where the KBLI is from the department of agriculture number 56. The following 6 KBLI (more than 10%) were selected considering on-farm and off-farm areas.

• Risk-based business licensing for on-farm bio-business, namely, plantations and agriculture. Palm oil as a commodity has an important role in the Indonesian economy, and it is important to see how smallholder plantation permits play a significant role [18]. As for agriculture, chili is considered a commodity whose price is determined by supply and demand [19]. Therefore, it is necessary to see how the level of business licensing in this sector is increasing to determine the expected increase in the national supply.
  • 01262—Palm Oil Plantation.
  • 01283—Chili Farming.
• Risk-based business licensing for off-farm bio-business, namely, Food SMEs (Small–Medium Enterprises). Food MSMEs (Micro, Small, and Medium Enterprises) were chosen mainly because of the widespread provision of drinks and food, in the form of restaurants or shops, as well as in the home industry of food production.
  • 56109—Restaurants and other mobile food service providers.
  • 56304—Taverns.
  • 10794—Crackers, chips, dents, and similar industries.
  • 10799—Other food product industries.

The data taken are business licensing data for one year of risk-based OSS implementation from 4 August 2021 to 3 August 2022.

2.3. BKPM Stakeholder Interview

We conducted interviews with the stakeholder of the business licensing organizer. Interviews that were conducted in an unstructured or semi-structured manner proved to be fun, approachable, and user-friendly in understanding the needs of the users [20]. To determine the technical architecture design and development opportunities, there were three main questions, namely, the current technology architecture governance, technology architecture target opportunities, and system prototype design (see

Table 1. Main question list.

Section	Question
Technology Architecture Assessment 1	Does the architectural vision provide a first-cut, high-level view of the baseline and target architectures, spanning the business, information, data, application, and technology domains? Are there implementation and migration plans aligned with the program and project portfolio? Are there activities for the preparation and supervision of the basis for performance appraisal? Does the company have a list of all parties involved in the process and their responsibilities? (RACI Chart). Does the company provide audits for reviews conducted? Is there a process standard definition activity? (Standard implemented company-wide). Are there analysis activities and data collection for the effectiveness and suitability of process performance? Does the company have a document containing the measurements that have been collected and analyzed? Does the company have a process improvement plan that contains an explanation of the analysis of opportunities for technology improvement?
Develop Technology Architecture Target 2	10. What are the aims and objectives of the business licensing service? 11. What are the functions involved in the business licensing service? 12. How is the location related to the service function? 13. How is the time allocated for the business licensing service? 14. What data is needed for the service function? 15. How are the policies, procedures, and standards applied to the service? 16. What applications/platforms are used in the business licensing service? 17. What are the types of database management system requirements? 18. How are the access rights granted from each application? 19. What are the specifications for network devices used in the service? 20. What are the specifications for triggers to respond to events on the system for a certain specific technology or platform?
System Prototype Design	21. What is the process for checking the completeness of documents? 22. What documents are the minimum prerequisites for granting a permit? 23. Are all documents digitally documented? 24. How is the document mapped to the function of the document owner? 25. What is the weight of each document against the completeness as a whole? 26. Who determines the completeness of each document? 27. What is the average time needed to check documents? 28. What is the average time required for document fulfillment by users?

¹ Complete questions refer to the questionnaire of PAM COBIT APO05: Manage Enterprise Architecture. ² Question is intended to complete the EA design using the Zachman Framework 2 × 6 layers.

). Interviews were conducted based on a request letter for collecting primary research data from the head of the center/Director of BKPM Data and Information. The interview participants were several employees in the Data and Information section and managers of the OSS-RBA electronic service system infrastructure and network.

2.4. Analysis of IT Governance Maturity Level

IT governance analysis for services uses a smart governance framework taken from several COBIT 2019 and ITIL v4 processes [4]. The smart governance framework consists of 4 EA processes, 11 COBIT processes, and 15 ITIL processes with 3 KPI suggestions.

The EA process will be discussed in the next section, while the COBIT and ITIL processes can be seen in

Table 2. Zachman Framework 2 × 6 layer.

No	Process	No	Process
1	Ensured Stakeholder Engagement	14	Ensured Governance Framework Setting and Maintenance
2	Ensured Risk Optimization	15	Managed IT Management Framework
3	Managed Innovation	16	Information Security
4	Ensured Resource Optimization	17	Ensured Benefits Delivery
5	Managed Human Resources	18	Managed Performance and Conformance Monitoring
6	Service Level Management	19	Managed System of Internal Control
7	Supplier Management	20	Managed Compliance With External Requirements
8	Capacity Management	21	Monitoring and Event Management
9	Availability Management	22	Service Request Management
10	Change Management	23	Incident Management
11	Service Validation and Testing	24	Problem Management
12	Release Management	25	IT Asset Management
13	Knowledge Management	26	Service Continuity Management

Italics: selected processes.

. For effectiveness and for the focus of the analysis, 50% of these processes were selected, which generally form the basis of IT governance (selected processes have italicized words in Table 2). Maturity level analysis using COBIT [21] ITIL can help simplify IT management [22]. The maturity level of IT governance is as follows:

• Incomplete (0) or the process is not finished.
• Initial (1), i.e., the process has been carried out, but the target of the process has not been achieved.
• Performed (2) or the process has been performed by planning and measuring process performance but has not been set according to standards.
• Defined (3) or has guidelines in accordance with the standards (minimum requirements) of the process.
• Managed (4) or regular quantitative measurements have been carried out to improve service performance.
• Optimized (5) or process optimization has been carried out with continuous improvement.

2.5. EA Analysis

We can analyze EA conditions based on ES capabilities. The ES capabilities that are the focus of analysis are Customer Channel, Customer Management, Service Integration, Business Intelligence and Analytics, Cloud Management, and Cyber Security Solutions [5]. Then, using the results of the interviews and analysis of EA conditions, the authors designed an EA using the Zachman Framework 2 × 6 layer (see

Table 3. Zachman Framework 2 × 6 layer.

Zachman EA Framework	Data What	Function How	Network Where	People Who	Time When	Motivation Why
SCOPE (CONTEXTUAL) Planner	Things important to the business	Process performance	Business locations	Important organizations	Events significant to the business	Business goals and strategies
ENTERRPRISE MODEL (CONCEPTUAL) Owner	Semantic model	Business process model	Business logistics system	Workflow model	Master schedule	Business plan
SYSTEM MODEL (LOGICAL) Designer	Logical data model	Logical data model	Distributed system architecture	Human interface architecture	Process structure	Business rule model
TECHNOLOGY MODEL (PHYSICAL) Builder	Physical data model	System design	Technology architecture	Presentation architecture	Control structure	Rule design

).

2.6. Bio-Business Licensing Service Improvement Recommendations

Based on the above EA analysis, some recommendations for improving business services along with implementation time and program priorities are provided. Those improving or increasing the maturity of IT governance and solutions/technology will use an impact—effort matrix approach (see Figure 3). The impact and effort matrix consists of 4 quadrants, namely quick wins, major projects, low-hanging fruit, and not worth doing [23]. An impact—effort matrix is a tool that can assist in the decision-making process—for example, when determining crisis management decisions [24].

Complying with and improving internal processes is part of the less effort—low impact category, whereas the fulfillment of documentation that can improve internal processes and customer satisfaction is included in the less effort—high impact category. If the recommendation requires a solution in the form of system/technology development that has an impact on internal processes and or customer satisfaction, then it will be categorized as high effort—high impact (see

Table A7. Impact—effort value mapping.

Quadrant	Impact—Effort	Improve Internal Process	Improve Customer Satisfaction	Require System Development	Beneficial Impact
Low-hanging fruit	Low–Low	Yes	No	No	Yes
Quick wins	High–Low	Yes	Yes	No	Yes
Major projects	High–High	Yes	Yes	Yes	Yes
Not worth doing	Low–High	Yes/No	Yes/No	Yes/No	No

). Recommendations with low effort will be implemented in the first year, while those with high effort will be implemented in the second year. Jobs with high impact will be the top priority.

3. Results

3.1. Review of Business Licensing Implementation

3.1.1. The Results of the Practice of Making Business Licenses

In the first step, the applicant requires access rights. The applicant must choose the business scale as an individual, business entity (BU), representative, or foreign BU. Then, the applicant must enter their telephone number and email data. A verification code is then sent through WhatsApp or email. By using the verification code provided, the user can continue to the next process, namely, creating a password. There are some additional data needed if the business actors are non-individuals, namely, business entities or cooperatives.

After gaining access to the OSS application, users can continue their main activity, namely, the registration of business licenses. For a new application, the applicant must complete the business actor’s data, namely, personal data (NIK, name, gender, date of birth, and telephone number) and membership data such as NPWP, email, and BPJS. Next, the applicant completes the business field data by selecting the type of activity; the business field refers to KBLI based on PP 5/2021 and the scope of activity. Detailed business data are also needed, such as land and the location of the business, including the amount of business capital.

Based on detailed business data, the OSS system will automatically determine the business scale (see

Table 4. Enterprise scales.

Business Scale	Business Criteria	Venture Capital
UMK	Micro	≤IDR 1 Billion
	Small	IDR 1 < x ≤ 5 Billion
Non-UMK	Medium	IDR 5 < x ≤ 10 Billion
	Large	>IDR 10 Billion

) and risk level (see Figure 4a). The level of business sector risk has been determined by the government to be R, MR, MT, and T. The applicant can then complete business field details such as a description, number of workers, and production capacity. Additional information that can be included is if the business being carried out has been completed with documents/certificates, such as SNI certificates, SS, halal certificates, and environmental approvals (certain KBLI).

At the end of the process, there is an independent statement that the applicant is able to fulfill the requirements for maintaining K3L, environmental management, SNI, and halal products. After the applicant states that the data filled in are correct, the NIB will be publishable in real-time, especially for permits with low- or medium-low categories. The applicant can download or print the NIB shown in Figure 5.

3.1.2. Licensing Implementation Data for Selected KBLI Bio-Business Services

Looking at NIB issuance data for almost 10 months since the OSS-RBA (data taken on 30 May 2022), there have been more than 1.2 million NIBs issued with a percentage of UMK of 97.85% and non-UMK of 2.15%. One year of risk-based OSS implementation from 4 August 2021 to 3 August 2022 is visible in Appendix A (data taken on 4 August 2022). It appears that business permits with a low level of risk were released in real-time. Several NIBs also have multiple locations and are proven by the project number.

There are more requirements for NIBs with MT and T risks compared to low-risk NIBs. This has been regulated in the business licensing guide for KBLI [25]. Therefore, the fulfillment of NIB is not published in real-time and takes longer. The authors assume that high-risk businesses are one-fifth of small businesses for large businesses and one-sixth of medium-sized businesses (based on annual population data from OSS-RBA), and permits have not been released yet. From the data taken on 8 November 2022, there were 74 NIBs issued from KBLI 01262 (MT risk) and 51 (T risks), and 1 NIB issued from KBLI 10794 (MT risk).

The lengthy licensing process for MT and T risks might be because some permit processes are still in the Ministries/Agencies (Ministries/Agencies), such as for PBG and other permits. Obtaining a PBG starts with obtaining a KKPR and AMDAL/UKL/UPL from the KLHK. Of course, this permit is required to consider that the risk is not low. Meanwhile, for NIBs with low risk, it is also necessary to monitor the fulfillment of the commitments given, especially given the large number of permits issued for the low category. Oversight function fulfillment of commitments is currently not regulated, regardless of whether in BKPM or K/L. However, routinely, there several monitoring activities have been carried out. The development of the monitoring function prototype is highly recommended.

3.2. System Analysis and Governance of Bio-Business Licensing

The analysis of business licensing systems and governance will be explained in three subsections. There are interviews related to EA capabilities, the IT governance maturity level, and EA design of licensing service systems using the EA Framework.

3.2.1. Results of Interviews with Stakeholders

In general, the conclusions from the interview notes with several stakeholders based on the capabilities of the EA are as follows:

• Customer Channel: There are OSS web and mobile apps for submitting business licenses. OSS-RBA was released on 4 August 2021. It replaced the previous version, OSS v1.1, which was used on 1 January 2020. OSS has existed since its release in 2018. OSS-RBA has three subsystems. There is the service subsystem licensing (facilities), the supervision subsystem, and the information service subsystem. New developers felt that it requires changes in the code structures. It is easier to achieve further development by looking at the technology roadmap.
• Customer Management: Customer questions and complaints are acceptable via email, social media (Facebook, Instagram, Twitter, and the YouTube channel), virtual face-to-face, and WhatsApp for business. There is a PIC for each channel and a coordinator who monitors progress. Some tools can monitor applications/devices, and provide an alarm for the person in charge. A service level (target uptime and downtime service) is required to ensure customer satisfaction.
• Service Integration: This implements Redhat Openshift API Management for integration between systems. Integration has been achieved with several systems from other ministries/institutions, especially for the validation process, such as OSS-RBA integration with the following systems:
  • DUKCAPIL online for NIK validation.
  • DJP online for NPWP validation.
  • AHU online for articles of inforporation validation.
  • IMIGRASI online for passport validation.
  • ATR/BPN online for KKPR on land.
  • KKP online for KKPR at sea.
  • Application from KLHK for environmental approval, such as IPPKWH, SPPL, UKL/UPL, or AMDAL.
• Business Intelligence and Analysis: The data warehouse (DWH) uses IBM Cognos, and data visualization uses Tableau. The future development idea is to increase the capability from DWH to the data lake, but this requires additional internal and external resources. Along with the increase in the amount of data managed both in the form of structured and unstructured data, in the future, it will be necessary to increase the DB (database) from SQL-based ones such as Postgres to non-SQL such as MongoDB. It is important to assess whether there is a need for data analytics so that it can continue to enhance the business climate and create new jobs. Of course, this capability requires an increase in/addition of internal resource capabilities.
• Cloud Management: There are production, staging, and development environments in the data center. It already has a DRC (Disaster Recovery Center) but has never performed a rehearsal test and results. It is important to see whether the current configuration accommodates HA (high availability) capabilities. It also needs to consider cloud solutions with better profit considerations (operational and cost aspects).
• Cyber Security Solution: System security has been equipped with network access control using a firewall (Check Point), including IDS and IPS functions. Penetration testing from BSSN is regularly conducted every year. With the enactment in the PDP (Personal Data Protection) Law, it needs to implement information security to carry out regular security testing or implement information security into system development activities by implementing DevSecOps.

3.2.2. Results of IT Governance Maturity Level

The results of interviews conducted with the BKPM team and from the consultant’s assessment showed that the average maturity level of the ITIL and COBIT processes was at level 1. The authors suggest increasing the process maturity to level 3 for the selected items in the smart governance framework. It is expected that the process can be defined and enforced within BKPM. This process has become the minimum standard for managing IT governance. Thus, it is hoped that implementing this process can increase the ease of the business licensing process. Increasing the maturity level to level 3 will also be the basis for measuring the achievement of the process’s implementation and continuous improvement. The following describes some of the process recommendations:

• Monitoring and event management. Some monitoring tools are applicable to monitor OSS (operational support services). There are two tools/applications, tools for monitoring IT infrastructure (using products from solar wind) and tools for monitoring OSS applications (using products from Dynatrace). Both will automatically send alarm notifications (in the form of an email) to the PIC of each device if an anomaly occurs. There is a condition that needs to be activated: the device needs to send an alarm notification to categorize it as an incident and the PIC of the device needs to be late in realizing it. Therefore, a layer of functions is needed. This layer can provide information and ensure the alarm given has a true impact on services or is critical. This is called the operational center for OSS (see Figure 5a). With this operational center, alarms from monitoring tools will be sorted and categorized into the warning or incident category. Based on the knowledge base, the PIC will be contacted if there is an incident. Alarm and incident logs will form the basis of future system improvements.
• Service request management and incident management. From the initial explanation in the customer management section, each application escalates to the second support or person in charge of the device. Customer requests and complaints are recorded manually by the coordinator/admin. For the monitoring process to be carried out in real-time and to record the length of time for completion, it is necessary to make an SLA for each request or complaint from a customer. SLA achievement is monitorable periodically, and resolutions are made if necessary. Therefore, the authors recommend having a single ticketing system called a service desk. This function serves customer complaints regarding applications (see Figure 5b). The service desk in its journey will be effective if supported with a knowledge base in solving similar customer requests or complaints. There is also knowledge transfer between team members [26]. As an example, there is a classification of requests (low, high, medium, and critical) for the service level of each ticket in a knowledge base. Additionally, managing the same and repeated tickets is performed so that a permanent solution can be found. Recommendations for increasing the level of maturity of other processes can be seen in

  Table A8. Recommendations for increasing the level of process maturity.

  No	Processes	Recommendations
  1	Ensured Stakeholder Engagement	Make a list of internal and external BKPM stakeholders with content not limited to: name of stakeholder, category (internal/external), frequency of communication (monthly, quarterly, semester, or yearly), participation in regular/annual satisfaction surveys (yes/no) Evaluate the implementation and make recommendations for improvement
  2	Ensured Risk Optimization	Make a risk profile list (risk register) that includes but is not limited to: risk, impact, frequency, mitigation plan, and risk owner Conduct a risk assessment to obtain a risk control matrix referring to incident reports (confidentiality, availability, and integrity)
  3	Service Level Management	Define the definition, scope, provider, and owner of the service Set target service level, but not limited to service time, service availability (percentage), incident/request response time, and incident/request turnaround time Monitor the achievement of SLA Obtain input from customers and follow up on service improvement recommendations
  4	Change Control	Define change categories based on impact and urgency (standard change, normal change, and emergency change) Establish control authority for each change Monitor change schedule and implementation status Evaluate the implementation of change within a certain period
  5	Service Validation and Testing	Develop test strategy: Functionality test: unit test, system test, integration test, regression test Non-functionality test: performance test/load test, security test, compliance test, operational test (backup, event, reporting), and UAT Make a testing plan: test schedule, test environment preparation, and management of defects
  6	Release Management	Make release plans (infrastructure changes, software changes, or solutions) Carry out the deployment and release process (DevOps) Prepare a backout plan
  7	Information Security	Define information security management Network access security requirements (Firewall, IDS/IPS, DMZ, port scanner, vulnerability scanner) Platform security requirements (antivirus, patching) Application security requirements (web app firewall, secure web gateway) Data security requirements (encryption, user access, identity management, and system update) The need for a security response mechanism (security monitoring, intrusion detection, and recovery) Data classification and handling, including data retention policies There are penetration testing and vulnerability assessment procedures Manage changes to information security settings—for example, firewall configuration
  8	Managed Performance and Conformance Monitoring	Collect and validate organizational targets Monitor achievement with targets Create reports and corrective actions
  9	Manage System of Internal Control	Monitor internal controls Make reports on the effectiveness of controls and other control needs
  10	Manage Compliance with External Requirement	Identify the need for compliance with external regulations Obtain assurance of compliance with external regulations

  .

3.2.3. Results of Service System Design Analysis Using the EA Framework

EA uses the Zachman Framework consisting of several layers. Zachman’s framework can be applied as a basis for technology investment [27]. For the first layer related to scope, the results of the research are as follows:

• Layer 1

1.

Data:

List of important entities that play a role in business licensing: Business Actor, Dukcapil, BKPM, Immigration, DJP, Kemkumham, KKP, ATR-BPN, and KLHK.

2.

Function:

The main processes in business licensing: submission of business licenses, validation (NIK, Passport, NPWP, articles of incorporation, KKPR at Sea, KKPR on Land, and Forest Area), choosing a business scale, choosing a KBLI, and printing NIB.

3.

Network:

List of business licensing service locations: the main service location is at the central BKPM office, with service locations in 34 provinces and local districts.

4.

People:

List of organizational units that play an important role:

▪

Minister of Investment/Head of BKPM;

▪

Deputy Minister/Deputy Head of BKPM;

▪

Deputy for Investment Information Technology;

▪

Directorate of Business Licensing System Development;

▪

Directorate of Management of Electronic Service Systems, Infrastructure, and Networks;

▪

Directorate of Data and Information Management.

5.

Time:

Operational time Monday–Friday 08 AM to 4 PM Jakarta Time (except for virtual until 3 PM Jakarta Time).

6.

Motivation:

The vision of the business licensing service is:

▪

Improving the investment ecosystem and business activities including (Article 6 of the Job Creation Law):

• Application of risk-based business licensing;
• Simplification of the basic requirements for business licensing;
• Simplification of the business licensing sector;
• Simplification of investment requirements.

▪

Risk-based business licensing is carried out based on determining the level of risk and rating of the business scale of business activities (Article 7 paragraph (1) and paragraph (7) of the Job Creation Law).

• Layer 2

• Data:
  This consists of a relational diagram of business entities as shown in Figure 6a. This diagram illustrates that the business licensing process consists of two activities: registration and the issuance of business licenses. During the registration process, a validation process is required from several organizational units outside BKPM.
• Function:
  This section describes the business process model of business licensing services (see Figure A1). This business process is more detailed than a relational diagram, in which there are stages in registering a business license. It starts from the selection of whether the business actor is an individual or a business entity. The validation process is checked by several applications outside the OSS-RBA. Once validated, the next step is to select the KBLI and list of businesses. This selection will determine additional requirements based on predetermined risks.
• Network:
  This section explains the connectivity between business locations (see Figure 6b). The place for business licensing services consists of the central BKPM office, DPTMSP scattered in each province, and ministries/institutions that validate business actors and issue business licensing requirements.
• People:
  The regulation of the Minister of Investment/Head of the Investment Coordinating Board Number 6 of 2021, concerning the organization and working procedures of the Ministry of Investment/The Investment Coordinating Board is visible in Figure A2. The management of OSS RBA is the Deputy for Investment Information Technology.
• Time:
  The implementation schedule of the business licensing service improvement program is discussable in the next section, namely, Section 3.3.
• Motivation:
  This section explains in more detail the mission to achieve BKPM’s vision. BKPM’s strategic plan consists of BKPM KPIs:

  ▪

  Encouraging high-value investments by partnering with national entrepreneurs, especially MSMEs in project areas;

  ▪

  Deployment of quality investments;

  ▪

  Focused investment promotion by sector and country;

  ▪

  Encouraging an increase in domestic investment/PMDN, especially in MSMEs.

Improving the ease of conducting business is critical for BKPM’s investment strategy roadmap. Therefore, initiatives or recommendations for improving the licensing service governance system are defined. This recommendation is explained in more detail in Section 3.3.

3.3. Recommendations for Service Improvement

This section will display a list of recommendations from the results of the RBA-OSS system analysis and business licensing service governance (see

Table 5. Recommendations for increasing the level of process maturity.

Code	Recommendations
R1	OSS-RBA applications review related to future technology roadmaps, including code structures
R2	Monitoring/tracking MT and T risk licensing applications
R3	OSS SLA creation
R4	BIA capability upgrade from DWH to data lake
R5	Rehearsal test for DRC and addition of HA capabilities—e.g., to Cloud
R6	Information security policy making, monitoring, and implementation
R7	Development of OSS service operational center
R8	Development of a single ticketing system for customer requests or complaints
R9	Define a stakeholder list
R10	Application of risk management processes in the organization
R11	Regularly review the SDLC process, including change, testing, and release processes
R12	Implementation of internal controls and compliance
R13	Measurement of KPI/OKR achievement

). These will be mapped into an impact—effort matrix so that a time plan for implementation can be obtained (see Figure 7a). These recommendations can be grouped into proposed implementation plans (see Figure 7b). This proposed plan can change according to other internal targets in BKPM. It is assumed that all recommendations will have a beneficial impact.

4. Discussion

Applying for a bio-business business license through the OSS-RBA is simple and is achievable by using the web or mobile application. The data show that more than 97% of business permits have been produced for the MSME category. The NIB will be released in real-time for the low-risk category, which occurs after the business actor fills in the statement and commitment.

However, the NIB with MT and T risk categories in certain selected KBLIs has not been published yet. Supervision of applications for business licenses with a low-risk category is also needed, especially with regard to how to ensure that business actors fulfill their promised commitments. Thus, monitoring is needed to track the duration of the MT and T category NIB processes.

By conducting an analysis using the smart governance framework and EA capabilities using the Zachman Framework, some recommendations were proposed to improve business services. In the context of efforts to improve the ease of achieving the business rating, one of the important recommendations is to increase the maturity level of IT governance at BKPM. This is achieved by defining standard processes in the organization. Increasing the capability of the OSS system is also needed, such as reviewing applications with the latest technology planning data lake solutions, HA/DRC, and managing information security. This OSS system also needs a service operations center, a single ticketing system, and an agile SDLC process.

This research is a follow-up to a study related to smart governance for bio-business permits, followed by the development of a smart governance framework and ES capabilities. Other studies, especially studies in the area of smart governance, state that there is very little research in the area of smart governance in Asian countries, including its implementation [28]. Additionally, there have been few attempts to develop a research model for smart governance [29].

Therefore, this research is very important as it not only defines a smart governance framework but also implements it into an integrated business license service, involving collaboration between ministries and institutions. Apart from implementation, for further research, this smart governance framework can also be used in other one-stop integrations, either within one government institution or between institutions. Other research is needed to create collaboration tools for smart governance [30]. More specifically, for business licensing, there are tools for monitoring compliance with existing business license requirements in each K/L.

5. Conclusions

Based on the above discussion, there are two parameters for the successful implementation of business licenses. The target is to fulfill business licenses in accordance with the SLA listed in each KBLI by increasing the maturity of each process that supports smart governance. The current condition is that there is still a long wait for the fulfillment of permits at the initial maturity level of the governance process. With the maturity level rising from the initial level to the defined level, it is hoped that the SLA at least can be monitored regularly and improvements can be made to achieve it, thereby increasing user satisfaction. The use of the EA framework has been proven to align technology, organization, and processes in order to support continuous improvement processes.

We conclude that the implementation of OSS RBA services also needs to be regularly controlled for risks by looking at regulatory compliance, SLA/KPI achievement, and improvement. The results of the recommendations for bio-business licenses can also be used to improve the process for other business licenses. This is achieved by reviewing the stakeholder list for the service. These recommendations can be adjusted following other BKPM program priorities.