Risk Management Evaluation in Hospital Management Information Systems Using Framework COBIT 2019 - Case Study: Ernaldi Bahar South Sumatera Hospital

Abstract

Hospital Management Information System (SIMRS) is a system to assist service performance, reporting and data retrieval at hospitals that have been required by the government to be implemented in all hospitals in Indonesia. The existence of SIMRS is certainly an inseparable part of the service process and hospital data management, but it can also cause various IT risks to arise. Therefore, a good risk management is needed to minimize any possible IT risks that have not or have occurred. The performance of an IT risk management can be indicated from its capability levels. This study aims to determine how high the capability levels and the gap value from each process of the IT risk management at Ernaldi Bahar Hospital. The framework used as a reference in the assessment of the risk management process is COBIT 2019 which has 3 stages, namely the mapping process, capability level assessment, and conclusions. This study resulted in the value of capabilities in each process in IT risk management, the gap value, and recommendations for improvement that can be applied to SIMRS Ernaldi Bahar. The results of the measurement of the IT risk management capability of SIMRS Ernaldi Bahar in the EDM03 and DSS03 processes are at level 3, while the APO12 and DSS05 processes are at level 1. The gap values for the EDM03 and DSS03 processes is 1 level, while the gap values for the APO12 and DSS05 processes are 3 levels. Process improvement recommendations refer to COBIT 2019 best practices.