Systematic Literature Review on Auditing Information Technology Risk Management Using the COBIT Framework

Abstract

Information technology has an important role in carrying out company management activities. It is important that information technology is managed properly so that no risks arise that could endanger the company. Companies can implement information technology risk management through risk management audits. An audit on information technology risk management can help evaluate companies by identifying information technology risks and minimizing information technology risks. Such audits can be carried out with the help of the COBIT framework. This study intends to conduct a systematic literature review on risk management audits related to information technology using the COBIT framework. Literature search from IEEXplore, ScienceDirect and Garuda Kemdikbud database sources. Papers were selected based on inclusion criteria. Inclusion criteria include paper language is Indonesian and English, paper is published between 2019-2023, the paper describes COBIT in IT risk management audits, and paper is available as full text. The results obtained were 24 papers. There are two criteria for assessing paper quality, namely the paper contains the COBIT framework used for IT risk management audits and the paper contains the COBIT domain used. The results of the analysis of research questions indicate that COBIT 5 is a guide used by many researchers in information technology audits for risk management. COBIT 5 provides a complete and comprehensive risk governance guide for measuring enterprise IT risk management. Implementation of COBIT 5 in IT risk management audits to assist in risk assessment and risk management in order to minimize and prevent IT risks that may occur. Domain APO12 (Manage Risk) and EDM03 (Ensure Risk Optimization) as a reference in conducting IT risk management.