Assessment of Capability Levels and Improvement Recommendations Using COBIT 2019 for the IT Consulting Industry

Abstract

The company engaged in services and information technology solutions is facing issues with Standard Operating Procedures (SOPs) to document IT risks. Additionally, there has been system downtime on the local server, resulting in data loss for employee records, financial data, inventory data, and purchase data. An assessment of the company's IT governance capability is conducted using the COBIT 2019 framework, focusing on operational and security areas. The results of the capability assessment for the APO12 process indicate that it has reached level 2, with a target of level 3. The DSS01 process has already achieved level 3, meeting the target capability level, while the DSS02 process has reached level 2 with a target of level 3. This demonstrates a 1-level gap within the APO12 and DSS02 processes. The recommendation provided to the company is to concentrate on risk management, finding a balance between the costs and benefits of managing IT-related risks.