The Smart Governance Framework and Enterprise System’s Capability for Improving Bio-Business Licensing Services

: One way to improve Indonesia’s ranking in terms of ease of conducting business is by taking a closer look at the business licensing process. This study aims to carry out an assessment using a smart governance framework and recommendation capabilities from the Enterprise System (ES). As a result, the recommendations for improvement with the expected priority are generated. The stages of this research are observing the process of making bio-business permits, followed by interviews related to several Enterprise Architecture (EA) capabilities, and providing recommendations based on the results of the maturity level of IT governance. These recommendations are then mapped into an impact—effort matrix for program prioritization. The recommendations for bio-business licenses can also be used to improve the process for other business licenses. Implementation of the EA framework has been proven to align technology, organization, and processes so that it can support continuous improvement processes.


Introduction
In terms of the ease of conducting business, Indonesia has been ranked 73rd since 2019. In terms of its score on another metric regarding the competitiveness of nations, Indonesia ranked 51 of 63 countries for digital competitiveness in 2022 [1]. Some subfactors that need to be improved are training and education, IT integration, and technological framework. In the subfactor regulatory framework, starting a business is crucial (rank 59), even though it is not found in the top weaknesses. Meanwhile, Singapore is ranked third in terms of starting a business and fourth for digital competitiveness.
The Indonesian government has always been committed to improving the investment climate in Indonesia, one instance of which was by carrying out the mandate of Act Number 11 of 2020 on Job Creation. The article in the Job Creation Law that is used as a reference in improving the investment climate is Article 6 of the Job Creation Act, improving the investment ecosystem and business activities. Additionally, Article 7, paragraph 1 and 7 of the Job Creation Act, Risk-Based Licensing, is based on the risk level and business scale rating.
To achieve the target of the Job Creation Act, BKPM (please refer to Table A9 for abbreviations and terms) has implemented a risk-based OSS (Online Single Submission) or OSS-RBA (risk-based approach) since 4 August 2021. This OSS-RBA has replaced the previous version, namely, OSS v1.1, which has been used since 1 January 2020. Initially, OSS was used in 2018 and had important subsystems, namely, a licensing service subsystem (facilities), a supervision subsystem, and an information service subsystem.
Several studies have discussed improving licensing services. It is necessary to apply the concept of one integrated service in the implementation of e-government, such as licensing services [2]. Additionally, the implementation of smart governance can improve

Materials and Methods
To analyze the performance of the licensing service, the authors used the design thinking approach, especially in the observation process. Design thinking is a creative process used to solve certain problems with innovative solutions. In general, the design thinking process starts with gathering information, defining the main problem, gathering ideas, and modeling solutions [14].
In this study, the authors focus on gathering information and making observations. Observation is used for qualitative research to gain insight into user needs with input in the form of problem definitions, challenges, or questions and produce documents in the form of videos, interview results, documents, and notes [15]. The process of collecting information in this study was carried out by interviewing relevant stakeholders. As for the observation process, the authors carried this out directly by entering requests for business licenses into the OSS application. Detailed research stages can be seen in Figure 1.
In Figure 1, the stage begins with observing the use of the OSS system; specifically, by processing access requests and low-risk business permits. This category of low-risk business permits is the most requested permit process; the expected result is determining whether this permit process is easy and fast. The next stage is choosing the KBLI, which limits the scope of the research, and the result is determining the state of the data for the KBLI application. The next stage of information gathering is an interview with stakeholders. This activity is expected to help obtain an overview of what currently exists and will be developed to improve the OSS system based on several ES capabilities. From collecting information through observation, data collection and interviews are input for the next stage, namely, problem analysis. The analysis is carried out in two stages: the analysis of the maturity level of several IT processes and EA analysis. The results of this analysis process are expected to provide ideas for improving the process so that it has an impact on the licensing process in this scope. The third stage of design thinking is carried out in this study, namely, gathering information, analyzing problems, and generating ideas for service improvement. Next, a detailed explanation of each stage is provided. In Figure 1, the stage begins with observing the use of the OSS system; spe by processing access requests and low-risk business permits. This category of business permits is the most requested permit process; the expected result is dete whether this permit process is easy and fast. The next stage is choosing the KBL limits the scope of the research, and the result is determining the state of the dat KBLI application. The next stage of information gathering is an interview with st ers. This activity is expected to help obtain an overview of what currently exists be developed to improve the OSS system based on several ES capabilities. From c information through observation, data collection and interviews are input for stage, namely, problem analysis. The analysis is carried out in two stages: the an the maturity level of several IT processes and EA analysis. The results of this process are expected to provide ideas for improving the process so that it has a on the licensing process in this scope. The third stage of design thinking is carrie this study, namely, gathering information, analyzing problems, and generating service improvement. Next, a detailed explanation of each stage is provided.
Of the steps that are carried out, below are some of the main factors that d Of the steps that are carried out, below are some of the main factors that determine the ease of starting a business. The implementation process reached the target service level by fulfilling business licensing requirements, and the process is supported by technology according to the latest needs so that processes that run internally can achieve the desired goals.

The Practice of Making Low-Risk Bio-Business Licenses
Based on statistics of NIB issuance for almost 10 months, there were more than 1.2 million NIBs issued with a percentage of UMK of 97.85% and non-UMK of 2.15%. Therefore, the authors practiced making business permits for UMK as this is the most dominant category requested by business license applicants. The stages of business licensing through OSS BKPM consist of two stages, which are access rights and the registration of permits [16]. To obtain access rights and license registration, applicants can access the OSS application through a mobile or web application (see Figure 2). Informatics 2023, 10, x permits [16]. To obtain access rights and license registration, applicants can access t application through a mobile or web application (see Figure 2). After gaining access to the OSS application, users, in this case, individuals or tions, can submit requests for business licenses by entering personal data and d business activities to be carried out. This business activity data will determine the the business and the necessary requirements. Once complete, the final stage require mitment from the user to be able to fulfill these requirements. If it has been subm business license will be issued automatically, especially for requests for low-risk b licenses.

Determination of KBLI as a Research Sample
Risk-based business licensing has implemented KBLI, which refers to PP 5/20 til August 2022, there were 1702 business activities consisting of 1349 KBLIs. The p tion can be separated into three parts, namely, the population, target populatio study population [17]. The 1349 KBLIs comprise the total KBLI population, while th population targets are in the bio-business area, namely, the Agriculture, Forest Fisheries (A) category; Processing Industry (B); and Provision of Accommodati Provision of Food and Drink (I), namely, 3 out of 21 categories (or more than 10%). while, the study population is related to agriculture (farm), where the KBLI is fr department of agriculture number 56. The following 6 KBLI (more than 10%) w lected considering on-farm and off-farm areas.
• Risk-based business licensing for on-farm bio-business, namely, plantations an culture. Palm oil as a commodity has an important role in the Indonesian eco and it is important to see how smallholder plantation permits play a significa [18]. As for agriculture, chili is considered a commodity whose price is determ supply and demand [19]. Therefore, it is necessary to see how the level of b licensing in this sector is increasing to determine the expected increase in the n supply.  After gaining access to the OSS application, users, in this case, individuals or institutions, can submit requests for business licenses by entering personal data and data on business activities to be carried out. This business activity data will determine the scale of the business and the necessary requirements. Once complete, the final stage requires commitment from the user to be able to fulfill these requirements. If it has been submitted, a business license will be issued automatically, especially for requests for low-risk business licenses.

Determination of KBLI as a Research Sample
Risk-based business licensing has implemented KBLI, which refers to PP 5/2021. Until August 2022, there were 1702 business activities consisting of 1349 KBLIs. The population can be separated into three parts, namely, the population, target population, and study population [17]. The 1349 KBLIs comprise the total KBLI population, while the KBLI population targets are in the bio-business area, namely, the Agriculture, Forestry, and Fisheries (A) category; Processing Industry (B); and Provision of Accommodation and Provision of Food and Drink (I), namely, 3 out of 21 categories (or more than 10%). Meanwhile, the study population is related to agriculture (farm), where the KBLI is from the department of agriculture number 56. The following 6 KBLI (more than 10%) were selected considering on-farm and off-farm areas.

•
Risk-based business licensing for on-farm bio-business, namely, plantations and agriculture. Palm oil as a commodity has an important role in the Indonesian economy, and it is important to see how smallholder plantation permits play a significant role [18]. As for agriculture, chili is considered a commodity whose price is determined by supply and demand [19]. Therefore, it is necessary to see how the level of business licensing in this sector is increasing to determine the expected increase in the national supply.
• Risk-based business licensing for off-farm bio-business, namely, Food SMEs (Small-Medium Enterprises). Food MSMEs (Micro, Small, and Medium Enterprises) were chosen mainly because of the widespread provision of drinks and food, in the form of restaurants or shops, as well as in the home industry of food production.
1. 56109-Restaurants and other mobile food service providers. 10799-Other food product industries.
The data taken are business licensing data for one year of risk-based OSS implementation from 4 August 2021 to 3 August 2022.

BKPM Stakeholder Interview
We conducted interviews with the stakeholder of the business licensing organizer. Interviews that were conducted in an unstructured or semi-structured manner proved to be fun, approachable, and user-friendly in understanding the needs of the users [20]. To determine the technical architecture design and development opportunities, there were three main questions, namely, the current technology architecture governance, technology architecture target opportunities, and system prototype design (see Table 1). Interviews were conducted based on a request letter for collecting primary research data from the head of the center/Director of BKPM Data and Information. The interview participants were several employees in the Data and Information section and managers of the OSS-RBA electronic service system infrastructure and network. Are there implementation and migration plans aligned with the program and project portfolio? 3.
Are there activities for the preparation and supervision of the basis for performance appraisal? 4.
Does the company have a list of all parties involved in the process and their responsibilities? (RACI Chart).

5.
Does the company provide audits for reviews conducted? 6.
Is there a process standard definition activity? (Standard implemented company-wide). 7.
Are there analysis activities and data collection for the effectiveness and suitability of process performance? 8.
Does the company have a document containing the measurements that have been collected and analyzed? 9.
Does the company have a process improvement plan that contains an explanation of the analysis of opportunities for technology improvement?
What are the aims and objectives of the business licensing service? 11.
What are the functions involved in the business licensing service? 12.
How is the location related to the service function? 13.
How is the time allocated for the business licensing service? 14.
What data is needed for the service function? 15.
How are the policies, procedures, and standards applied to the service? 16.
What applications/platforms are used in the business licensing service? 17.
What are the types of database management system requirements? 18.
How are the access rights granted from each application? 19.
What are the specifications for network devices used in the service? 20. What are the specifications for triggers to respond to events on the system for a certain specific technology or platform?

Analysis of IT Governance Maturity Level
IT governance analysis for services uses a smart governance framework taken from several COBIT 2019 and ITIL v4 processes [4]. The smart governance framework consists of 4 EA processes, 11 COBIT processes, and 15 ITIL processes with 3 KPI suggestions.
The EA process will be discussed in the next section, while the COBIT and ITIL processes can be seen in Table 2. For effectiveness and for the focus of the analysis, 50% of Informatics 2023, 10, 53 6 of 21 these processes were selected, which generally form the basis of IT governance (selected processes have italicized words in Table 2). Maturity level analysis using COBIT [21] ITIL can help simplify IT management [22]. The maturity level of IT governance is as follows: • Incomplete (0) or the process is not finished. • Initial (1), i.e., the process has been carried out, but the target of the process has not been achieved. • Performed (2) or the process has been performed by planning and measuring process performance but has not been set according to standards. • Defined (3) or has guidelines in accordance with the standards (minimum requirements) of the process. • Managed (4) or regular quantitative measurements have been carried out to improve service performance. • Optimized (5) or process optimization has been carried out with continuous improvement.

EA Analysis
We can analyze EA conditions based on ES capabilities. The ES capabilities that are the focus of analysis are Customer Channel, Customer Management, Service Integration, Business Intelligence and Analytics, Cloud Management, and Cyber Security Solutions [5]. Then, using the results of the interviews and analysis of EA conditions, the authors designed an EA using the Zachman Framework 2 × 6 layer (see Table 3).

Bio-Business Licensing Service Improvement Recommendations
Based on the above EA analysis, some recommendations for improving business services along with implementation time and program priorities are provided. Those improving or increasing the maturity of IT governance and solutions/technology will use an impact-effort matrix approach (see Figure 3). The impact and effort matrix consists of 4 quadrants, namely quick wins, major projects, low-hanging fruit, and not worth doing [23]. An impact-effort matrix is a tool that can assist in the decision-making process-for example, when determining crisis management decisions [24].

Bio-Business Licensing Service Improvement Recommendations
Based on the above EA analysis, some recommendations for impr vices along with implementation time and program priorities are pr proving or increasing the maturity of IT governance and solutions/tech impact-effort matrix approach (see Figure 3). The impact and effort m quadrants, namely quick wins, major projects, low-hanging fruit, an [23]. An impact-effort matrix is a tool that can assist in the decision-m example, when determining crisis management decisions [24]. Complying with and improving internal processes is part of the pact category, whereas the fulfillment of documentation that can imp cesses and customer satisfaction is included in the less effort-high imp recommendation requires a solution in the form of system/technology has an impact on internal processes and or customer satisfaction, the rized as high effort-high impact (see Table A7). Recommendations wit implemented in the first year, while those with high effort will be im second year. Jobs with high impact will be the top priority. Complying with and improving internal processes is part of the less effort-low impact category, whereas the fulfillment of documentation that can improve internal processes and customer satisfaction is included in the less effort-high impact category. If the recommendation requires a solution in the form of system/technology development that has an impact on internal processes and or customer satisfaction, then it will be categorized as high effort-high impact (see Table A7). Recommendations with low effort will be implemented in the first year, while those with high effort will be implemented in the second year. Jobs with high impact will be the top priority.

The Results of the Practice of Making Business Licenses
In the first step, the applicant requires access rights. The applicant must choose the business scale as an individual, business entity (BU), representative, or foreign BU. Then, the applicant must enter their telephone number and email data. A verification code is then sent through WhatsApp or email. By using the verification code provided, the user can continue to the next process, namely, creating a password. There are some additional data needed if the business actors are non-individuals, namely, business entities or cooperatives.
After gaining access to the OSS application, users can continue their main activity, namely, the registration of business licenses. For a new application, the applicant must complete the business actor's data, namely, personal data (NIK, name, gender, date of birth, and telephone number) and membership data such as NPWP, email, and BPJS. Next, the applicant completes the business field data by selecting the type of activity; the business field refers to KBLI based on PP 5/2021 and the scope of activity. Detailed business data are also needed, such as land and the location of the business, including the amount of business capital.
Based on detailed business data, the OSS system will automatically determine the business scale (see Table 4) and risk level (see Figure 4a). The level of business sector risk has been determined by the government to be R, MR, MT, and T. The applicant can then complete business field details such as a description, number of workers, and production capacity. Additional information that can be included is if the business being carried out has been completed with documents/certificates, such as SNI certificates, SS, halal certificates, and environmental approvals (certain KBLI). namely, the registration of business licenses. For a new application, the applicant m complete the business actor's data, namely, personal data (NIK, name, gender, dat birth, and telephone number) and membership data such as NPWP, email, and B Next, the applicant completes the business field data by selecting the type of activity; business field refers to KBLI based on PP 5/2021 and the scope of activity. Detailed b ness data are also needed, such as land and the location of the business, including amount of business capital. Based on detailed business data, the OSS system will automatically determine business scale (see Table 4) and risk level (see Figure 4a). The level of business sector has been determined by the government to be R, MR, MT, and T. The applicant can t complete business field details such as a description, number of workers, and produc capacity. Additional information that can be included is if the business being carried has been completed with documents/certificates, such as SNI certificates, SS, halal cer cates, and environmental approvals (certain KBLI).    At the end of the process, there is an independent statement that the applicant is able to fulfill the requirements for maintaining K3L, environmental management, SNI, and halal products. After the applicant states that the data filled in are correct, the NIB will be publishable in real-time, especially for permits with low-or medium-low categories. The applicant can download or print the NIB shown in Figure 5.
At the end of the process, there is an independent statement that the applicant is able to fulfill the requirements for maintaining K3L, environmental management, SNI, and halal products. After the applicant states that the data filled in are correct, the NIB will be publishable in real-time, especially for permits with low-or medium-low categories. The applicant can download or print the NIB shown in Figure 5.

Licensing Implementation Data for Selected KBLI Bio-Business Services
Looking at NIB issuance data for almost 10 months since the OSS-RBA (data taken on 30 May 2022), there have been more than 1.2 million NIBs issued with a percentage of UMK of 97.85% and non-UMK of 2.15%. One year of risk-based OSS implementation from 4 August 2021 to 3 August 2022 is visible in Appendix A (data taken on 4 August 2022). It appears that business permits with a low level of risk were released in real-time. Several NIBs also have multiple locations and are proven by the project number.
There are more requirements for NIBs with MT and T risks compared to low-risk NIBs. This has been regulated in the business licensing guide for KBLI [25]. Therefore, the fulfillment of NIB is not published in real-time and takes longer. The authors assume that high-risk businesses are one-fifth of small businesses for large businesses and one-sixth of medium-sized businesses (based on annual population data from OSS-RBA), and permits have not been released yet. From the data taken on 8 November 2022, there were 74 NIBs issued from KBLI 01262 (MT risk) and 51 (T risks), and 1 NIB issued from KBLI 10794 (MT risk).

Monitoring Tools
Second Support

Licensing Implementation Data for Selected KBLI Bio-Business Services
Looking at NIB issuance data for almost 10 months since the OSS-RBA (data taken on 30 May 2022), there have been more than 1.2 million NIBs issued with a percentage of UMK of 97.85% and non-UMK of 2.15%. One year of risk-based OSS implementation from 4 August 2021 to 3 August 2022 is visible in Appendix A (data taken on 4 August 2022). It appears that business permits with a low level of risk were released in real-time. Several NIBs also have multiple locations and are proven by the project number.
There are more requirements for NIBs with MT and T risks compared to low-risk NIBs. This has been regulated in the business licensing guide for KBLI [25]. Therefore, the fulfillment of NIB is not published in real-time and takes longer. The authors assume that high-risk businesses are one-fifth of small businesses for large businesses and one-sixth of medium-sized businesses (based on annual population data from OSS-RBA), and permits have not been released yet. From the data taken on 8 November 2022, there were 74 NIBs issued from KBLI 01262 (MT risk) and 51 (T risks), and 1 NIB issued from KBLI 10794 (MT risk).
The lengthy licensing process for MT and T risks might be because some permit processes are still in the Ministries/Agencies (Ministries/Agencies), such as for PBG and other permits. Obtaining a PBG starts with obtaining a KKPR and AMDAL/UKL/UPL from the KLHK. Of course, this permit is required to consider that the risk is not low. Meanwhile, for NIBs with low risk, it is also necessary to monitor the fulfillment of the commitments given, especially given the large number of permits issued for the low category. Oversight function fulfillment of commitments is currently not regulated, regardless of whether in BKPM or K/L. However, routinely, there several monitoring activities have been carried out. The development of the monitoring function prototype is highly recommended.

System Analysis and Governance of Bio-Business Licensing
The analysis of business licensing systems and governance will be explained in three subsections. There are interviews related to EA capabilities, the IT governance maturity level, and EA design of licensing service systems using the EA Framework.

Results of Interviews with Stakeholders
In general, the conclusions from the interview notes with several stakeholders based on the capabilities of the EA are as follows: • • Business Intelligence and Analysis: The data warehouse (DWH) uses IBM Cognos, and data visualization uses Tableau. The future development idea is to increase the capability from DWH to the data lake, but this requires additional internal and external resources. Along with the increase in the amount of data managed both in the form of structured and unstructured data, in the future, it will be necessary to increase the DB (database) from SQL-based ones such as Postgres to non-SQL such as MongoDB. It is important to assess whether there is a need for data analytics so that it can continue to enhance the business climate and create new jobs. Of course, this capability requires an increase in/addition of internal resource capabilities. • Cloud Management: There are production, staging, and development environments in the data center. It already has a DRC (Disaster Recovery Center) but has never performed a rehearsal test and results. It is important to see whether the current configuration accommodates HA (high availability) capabilities. It also needs to consider cloud solutions with better profit considerations (operational and cost aspects). • Cyber Security Solution: System security has been equipped with network access control using a firewall (Check Point), including IDS and IPS functions. Penetration testing from BSSN is regularly conducted every year. With the enactment in the PDP (Personal Data Protection) Law, it needs to implement information security to carry out regular security testing or implement information security into system development activities by implementing DevSecOps.

Results of IT Governance Maturity Level
The results of interviews conducted with the BKPM team and from the consultant's assessment showed that the average maturity level of the ITIL and COBIT processes was at level 1. The authors suggest increasing the process maturity to level 3 for the selected items in the smart governance framework. It is expected that the process can be defined and enforced within BKPM. This process has become the minimum standard for managing IT governance. Thus, it is hoped that implementing this process can increase the ease of the business licensing process. Increasing the maturity level to level 3 will also be the basis for measuring the achievement of the process's implementation and continuous improvement. The following describes some of the process recommendations:

•
Monitoring and event management. Some monitoring tools are applicable to monitor OSS (operational support services). There are two tools/applications, tools for monitoring IT infrastructure (using products from solar wind) and tools for monitoring OSS applications (using products from Dynatrace). Both will automatically send alarm notifications (in the form of an email) to the PIC of each device if an anomaly occurs. There is a condition that needs to be activated: the device needs to send an alarm notification to categorize it as an incident and the PIC of the device needs to be late in realizing it. Therefore, a layer of functions is needed. This layer can provide information and ensure the alarm given has a true impact on services or is critical. This is called the operational center for OSS (see Figure 5a). With this operational center, alarms from monitoring tools will be sorted and categorized into the warning or incident category. Based on the knowledge base, the PIC will be contacted if there is an incident. Alarm and incident logs will form the basis of future system improvements.

•
Service request management and incident management. From the initial explanation in the customer management section, each application escalates to the second support or person in charge of the device. Customer requests and complaints are recorded manually by the coordinator/admin. For the monitoring process to be carried out in real-time and to record the length of time for completion, it is necessary to make an SLA for each request or complaint from a customer. SLA achievement is monitorable periodically, and resolutions are made if necessary. Therefore, the authors recommend having a single ticketing system called a service desk. This function serves customer complaints regarding applications (see Figure 5b). The service desk in its journey will be effective if supported with a knowledge base in solving similar customer requests or complaints. There is also knowledge transfer between team members [26].
As an example, there is a classification of requests (low, high, medium, and critical) for the service level of each ticket in a knowledge base. Additionally, managing the same and repeated tickets is performed so that a permanent solution can be found.
Recommendations for increasing the level of maturity of other processes can be seen in Table A8.

Results of Service System Design Analysis Using the EA Framework
EA uses the Zachman Framework consisting of several layers. Zachman's framework can be applied as a basis for technology investment [27]. For the first layer related to scope, the results of the research are as follows: • Layer 1

Function:
The main processes in business licensing: submission of business licenses, validation (NIK, Passport, NPWP, articles of incorporation, KKPR at Sea, KKPR on Land, and Forest Area), choosing a business scale, choosing a KBLI, and printing NIB.

Network:
List of business licensing service locations: the main service location is at the central BKPM office, with service locations in 34 provinces and local districts.

4.
People: List of organizational units that play an important role:

Time:
Operational time Monday-Friday 08 AM to 4 PM Jakarta Time (except for virtual until 3 PM Jakarta Time).

Motivation:
The vision of the business licensing service is: Improving the investment ecosystem and business activities including (Article 6 of the Job Creation Law): a. Application of risk-based business licensing; b.
Simplification of the basic requirements for business licensing; c.
Simplification of the business licensing sector; d.
Simplification of investment requirements.
Risk-based business licensing is carried out based on determining the level of risk and rating of the business scale of business activities (Article 7 paragraph (1) and paragraph (7) of the Job Creation Law).

Data:
This consists of a relational diagram of business entities as shown in Figure 6a. This diagram illustrates that the business licensing process consists of two activities: registration and the issuance of business licenses. During the registration process, a validation process is required from several organizational units outside BKPM.

Function:
This section describes the business process model of business licensing services (see Figure A1). This business process is more detailed than a relational diagram, in which there are stages in registering a business license. It starts from the selection of whether the business actor is an individual or a business entity. The validation process is checked by several applications outside the OSS-RBA. Once validated, the next step is to select the KBLI and list of businesses. This selection will determine additional requirements based on predetermined risks.

Network:
This section explains the connectivity between business locations (see Figure 6b). The place for business licensing services consists of the central BKPM office, DPTMSP scattered in each province, and ministries/institutions that validate business actors and issue business licensing requirements.

4.
People: The regulation of the Minister of Investment/Head of the Investment Coordinating Board Number 6 of 2021, concerning the organization and working procedures of the Ministry of Investment/The Investment Coordinating Board is visible in Figure A2. The management of OSS RBA is the Deputy for Investment Information Technology.

5.
Time: The implementation schedule of the business licensing service improvement program is discussable in the next section, namely, Section 3.3.

6.
Motivation: This section explains in more detail the mission to achieve BKPM's vision. BKPM's strategic plan consists of BKPM KPIs: Encouraging high-value investments by partnering with national entrepreneurs, especially MSMEs in project areas; Deployment of quality investments; Focused investment promotion by sector and country; Encouraging an increase in domestic investment/PMDN, especially in MSMEs.

Network:
This section explains the connectivity between business locations (see Figure 6b). The place for business licensing services consists of the central BKPM office, DPTMSP scattered in each province, and ministries/institutions that validate business actors and issue business licensing requirements.
(a) (b)  Figure A2. The management of OSS RBA is the Deputy for Investment Information Technology.

Time:
The implementation schedule of the business licensing service improvement program is discussable in the next section, namely, Section 3.3.

Motivation:
This section explains in more detail the mission to achieve BKPM's vision. BKPM's strategic plan consists of BKPM KPIs: ▪ Encouraging high-value investments by partnering with national entrepreneurs, especially MSMEs in project areas; Improving the ease of conducting business is critical for BKPM's investment strategy roadmap. Therefore, initiatives or recommendations for improving the licensing service governance system are defined. This recommendation is explained in more detail in Section 3.3.

Recommendations for Service Improvement
This section will display a list of recommendations from the results of the RBA-OSS system analysis and business licensing service governance (see Table 5). These will be mapped into an impact-effort matrix so that a time plan for implementation can be obtained (see Figure 7a). These recommendations can be grouped into proposed implementation plans (see Figure 7b). This proposed plan can change according to other internal targets in BKPM. It is assumed that all recommendations will have a beneficial impact. Development of a single ticketing system for customer requests or complaints R9 Define a stakeholder list R10 Application of risk management processes in the organization R11 Regularly review the SDLC process, including change, testing, and release processes R12 Implementation of internal controls and compliance R13 Measurement of KPI/OKR achievement

Recommendations for Service Improvement
This section will display a list of recommendations from the results of the RBA-OSS system analysis and business licensing service governance (see Table 5). These will be mapped into an impact-effort matrix so that a time plan for implementation can be ob tained (see Figure 7a). These recommendations can be grouped into proposed implemen tation plans (see Figure 7b). This proposed plan can change according to other interna targets in BKPM. It is assumed that all recommendations will have a beneficial impact.

Discussion
Applying for a bio-business business license through the OSS-RBA is simple and i achievable by using the web or mobile application. The data show that more than 97% o business permits have been produced for the MSME category. The NIB will be released in real-time for the low-risk category, which occurs after the business actor fills in the state ment and commitment.
However, the NIB with MT and T risk categories in certain selected KBLIs has no been published yet. Supervision of applications for business licenses with a low-risk cat egory is also needed, especially with regard to how to ensure that business actors fulfil their promised commitments. Thus, monitoring is needed to track the duration of the MT and T category NIB processes.

Discussion
Applying for a bio-business business license through the OSS-RBA is simple and is achievable by using the web or mobile application. The data show that more than 97% of business permits have been produced for the MSME category. The NIB will be released in real-time for the low-risk category, which occurs after the business actor fills in the statement and commitment.
However, the NIB with MT and T risk categories in certain selected KBLIs has not been published yet. Supervision of applications for business licenses with a low-risk category is also needed, especially with regard to how to ensure that business actors fulfill their promised commitments. Thus, monitoring is needed to track the duration of the MT and T category NIB processes.
By conducting an analysis using the smart governance framework and EA capabilities using the Zachman Framework, some recommendations were proposed to improve business services. In the context of efforts to improve the ease of achieving the business rating, one of the important recommendations is to increase the maturity level of IT governance at BKPM. This is achieved by defining standard processes in the organization. Increasing the capability of the OSS system is also needed, such as reviewing applications with the latest technology planning data lake solutions, HA/DRC, and managing information security. This OSS system also needs a service operations center, a single ticketing system, and an agile SDLC process.
This research is a follow-up to a study related to smart governance for bio-business permits, followed by the development of a smart governance framework and ES capabilities. Other studies, especially studies in the area of smart governance, state that there is very little research in the area of smart governance in Asian countries, including its implementation [28]. Additionally, there have been few attempts to develop a research model for smart governance [29].
Therefore, this research is very important as it not only defines a smart governance framework but also implements it into an integrated business license service, involving collaboration between ministries and institutions. Apart from implementation, for further research, this smart governance framework can also be used in other one-stop integrations, either within one government institution or between institutions. Other research is needed to create collaboration tools for smart governance [30]. More specifically, for business licensing, there are tools for monitoring compliance with existing business license requirements in each K/L.

Conclusions
Based on the above discussion, there are two parameters for the successful implementation of business licenses. The target is to fulfill business licenses in accordance with the SLA listed in each KBLI by increasing the maturity of each process that supports smart governance. The current condition is that there is still a long wait for the fulfillment of permits at the initial maturity level of the governance process. With the maturity level rising from the initial level to the defined level, it is hoped that the SLA at least can be monitored regularly and improvements can be made to achieve it, thereby increasing user satisfaction. The use of the EA framework has been proven to align technology, organization, and processes in order to support continuous improvement processes.
We conclude that the implementation of OSS RBA services also needs to be regularly controlled for risks by looking at regulatory compliance, SLA/KPI achievement, and improvement. The results of the recommendations for bio-business licenses can also be used to improve the process for other business licenses. This is achieved by reviewing the stakeholder list for the service. These recommendations can be adjusted following other BKPM program priorities.     Note: Real-time = a few minutes, * assuming one-fifth is from small businesses and the permit has not been issued.  Make a risk profile list (risk register) that includes but is not limited to: risk, impact, frequency, mitigation plan, and risk owner b.
Conduct a risk assessment to obtain a risk control matrix referring to incident reports (confidentiality, availability, and integrity) 3 Service Level Management a. Define the definition, scope, provider, and owner of the service b.
Set target service level, but not limited to service time, service availability (percentage), incident/request response time, and incident/request turnaround time c.
Monitor the achievement of SLA d.
Obtain input from customers and follow up on service improvement recommendations 4 Change Control a. Define change categories based on impact and urgency (standard change, normal change, and emergency change) b.
Establish control authority for each change c.
Monitor change schedule and implementation status d.
Evaluate the implementation of change within a certain period Obtain assurance of compliance with external regulations Table A9. Abbreviation-terms mapping.