EVALUATION OF IT GOVERNANCE AND RISK MANAGEMENT CAPABILITIES USING THE EDM03 AND APO12 DOMAINS OF COBIT 2019

Authors

  • Fahrul Husaeni STMIK IKMI Cirebon, Indonesia
  • Rini Astuti STMIK IKMI Cirebon, Indonesia
  • Khaerul Anam STMIK IKMI Cirebon, Indonesia
  • Aris Pratama Putra STMIK IKMI Cirebon, Indonesia
  • Bani Nurhakim STMIK IKMI Cirebon, Indonesia

Keywords:

IT Governance, IT Risk Manajemen, Cobit 2019, EDM03, APO12

Abstract

Penelitian ini bertujuan untuk mengevaluasi tingkat kapabilitas tata kelola dan manajemen risiko Teknologi Informasi (TI) pada PT Replay Inti Media dengan menggunakan kerangka COBIT 2019 pada domain EDM03 (Ensure Risk Optimization) dan APO12 (Manage Risk). Permasalahan utama yang melatarbelakangi penelitian ini adalah belum tersedianya pengukuran formal mengenai kapabilitas proses risiko TI, sehingga perusahaan belum mengetahui sejauh mana proses tersebut berjalan dibandingkan standar internasional. Pendekatan mixed method digunakan untuk memperoleh gambaran evaluatif yang komprehensif, di mana pendekatan kualitatif dilakukan melalui wawancara dengan Manajer TI dan Kepala Divisi TI, sedangkan pendekatan kuantitatif diperoleh melalui penyebaran kuesioner skala Likert kepada staf operasional. Instrumen penelitian meliputi pedoman wawancara, daftar pemeriksaan dokumen, serta kuesioner penilaian kapabilitas berdasarkan Process Assessment Model (PAM) COBIT 2019 dengan penilaian atribut PA1–PA5. Hasil penelitian menunjukkan bahwa kedua domain berada pada Level 1 – Performed Process, yang berarti proses telah berjalan tetapi belum terdokumentasi, belum distandardisasi, dan belum memiliki mekanisme pengukuran risiko yang formal. Analisis gap juga menunjukkan kesenjangan signifikan antara kondisi aktual dengan tuntutan COBIT 2019, terutama pada aspek dokumentasi risiko, pembentukan risk owner, penyusunan indikator risiko (KRI), serta mekanisme monitoring dan pelaporan risiko. Penelitian ini menyimpulkan bahwa PT Replay Inti Media perlu meningkatkan tata kelola risiko TI melalui penyusunan SOP risiko, pendefinisian proses yang lebih terstruktur, dan penguatan sistem pengendalian untuk mencapai tingkat kapabilitas yang lebih tinggi.

References

Almaqtari, F. A., Farhan, N. H. S., Al-Hattami, H. M., & Elsheikh, T. (2023). The moderating role of information technology governance in the relationship between board characteristics and continuity management during the Covid-19 pandemic in an emerging economy. Humanities and Social Sciences Communications, 10(1). https://doi.org/10.1057/s41599-023-01552-x

Antariksa, M. D. S., Angin, M. P., & Widodo, A. P. (2025). COBIT 2019 Framework in IT Governance: A Systematic Literature Review of Implementation Challenges and Benefits Across Various Industry Sectors. Journal of Renewable Energy, Electrical, and Computer Engineering, 5(1), 99–105. https://doi.org/10.29103/jreece.v5i1.19501

Ayunda Sari, R. (2023). Evaluation of IT Risk Management in DISKOMINFO of Magelang Regency using COBIT Framework 2019 Objectve EDM03 & APO12. Jurnal Informatika Dan Teknologi Informasi, 20(3), 442–456. https://doi.org/10.31515/telematika.v20i3.11867

Caluwe, L., Wilkin, C. L., De Haes, S., & Huygh, T. (2024). Board roles required for IT governance to become an integral component of corporate governance. International Journal of Accounting Information Systems, 54. https://doi.org/10.1016/j.accinf.2024.100694

Dhlakama, L., & Murairwa, S. (2024). A Literature Survey: Data Gathering Instrument and Method Selection Framework. https://doi.org/10.47772/IJRISS

Handayani, R., Utami, E., & Luthfi, E. T. (2023). Systematic Literature Review on Auditing Information Technology Risk Management Using the COBIT Framework. 11(4), 1028–1036. https://doi.org/10.33394/j

ISACA. (2019). COBIT 2019 Process Assessment Model (PAM): Using COBIT 2019. ISACA Publishing.

KARATAŞ, M. H., & ÇAKIR, H. (2024). A Systematic Literature Review on IT Governance Mechanisms and Frameworks. Journal of Learning and Teaching in Digital Age, 9(1), 88–101. https://doi.org/10.53850/joltida.1300262

Ozkaya, M., Akdur, D., Toptani, E. C., Kocak, B., & Kardas, G. (2023). Practitioners’ Perspectives towards Requirements Engineering: A Survey. Systems, 11(2). https://doi.org/10.3390/systems11020065

Park, K., & Moon, W. (2024). Review of Qualitative Research Methods in Health Information System Studies. In Healthcare Informatics Research (Vol. 30, Issue 1, pp. 16–34). Korean Society of Medical Informatics. https://doi.org/10.4258/hir.2024.30.1.16

Qiu, S., An, P., Kang, K., Hu, J., Han, T., & Rauterberg, M. (2022). A review of data gathering methods for evaluating socially assistive systems. In Sensors (Vol. 22, Issue 1). MDPI. https://doi.org/10.3390/s22010082

Rahadian, B., Venantius, R., & Ginardi, H. (2025). Evaluation of IT Risk Management in the Banking Industry using the COBIT 2019 Framework. JEMSI, 7(1). https://doi.org/10.38035/jemsi.v7i1

Singh, H. P., & Alhulail, H. N. (2023). Information Technology Governance and Corporate Boards’ Relationship with Companies’ Performance and Earnings Management: A Longitudinal Approach. Sustainability (Switzerland), 15(8). https://doi.org/10.3390/su15086492

Utomo, D., Wijaya, M., & Tri Maretta Sagala, N. (2022). Leveraging COBIT 2019 to Implement IT Governance in SME Context: A Case Study of Higher Education in Campus A. In CommIT Journal (Vol. 16, Issue 2).

Zaini, A., Widodo, A. P., & Nugraheni, D. M. K. (2025). Information System Governance Evaluation at Diskominfo Central Java Using COBIT 2019 Framework. Scientific Journal of Informatics, 12(1), 67–76. https://doi.org/10.15294/sji.v12i1.22883

Downloads

Published

2026-06-10

Issue

Vol. 3 No. 01 (2026): JOURNAL OF COMPUTER SCIENCE AND ARTIFICIAL INTELLIGENCE (JCSAI)

Section

Articles

Citation Check

License

Copyright (c) 2026 Fahrul Husaeni, Rini Astuti, Khaerul Anam, Aris Pratama Putra, Bani Nurhakim

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.