Evaluation of IT Risk Management in DISKOMINFO of Magelang Regency using COBIT Framework 2019 Objectve EDM03 & APO12

Abstract

Purpose: This research aims to measure the current condition level (capability level) of DISKOMINFO and then conduct a Gap analysis so that it can provide recommendations for improving IT governance related to IT risk management.Design/methodology/approach: The framework used is COBIT 2019, which will focus on 2 objectives: EDM03 (Evaluate, Direct, and Monitor) & APO12 (Align, Plan, and Organize). The data used in this study were obtained through interviews, observation, and distribution of questionnaires which had been mapped using the RACI Chart.Findings/result: The results of the assessment show that the capability level/capability level according to DISKOMINFO is level 2 for each objective. Recommendations focus on making documentation of risk management activities in the form of risk guidelines, risk acceptance, activities for risk management methods, as well as the application of risk management evaluation of IT which is used by DISKOMINFO on a regular basis.Originality/value/state of the art:From various types of risk management research with different frameworks, this research will use the COBIT 2019 performance standards to carry out information technology risk management. Where COBIT 2019 is the latest version of COBIT which was prepared to help companies manage and manage resources to achieve existing goals. COBIT 2019 has a broader scope than ISO SO/IEC 17799:2005 which includes a combination of principles that have been embedded and known as reference models (such as COSO), and are aligned with IT standard infrastructure.