Adopting COBIT 2019 for the Evaluation of Information Technology Risk Management in a Startup Company


Authors : Aulia Oktaviana; Kusworo Adi; Budi Warsito

Volume/Issue : Volume 9 - 2024, Issue 6 - June

Google Scholar : https://tinyurl.com/4exsrwzu

Scribd : https://tinyurl.com/4ykz5ce8

DOI : https://doi.org/10.38124/ijisrt/IJISRT24JUN1542

PlumX Metrics

Semantic Scholar

ResearchGate

Note : A published paper may take 4-5 working days from the publication date to appear in PlumX Metrics, Semantic Scholar, and ResearchGate.

Abstract : The start-up XYZ operates in tourism and digital agencies, where every business activity relies on IT from the outset. We must implement good risk management to ensure optimal operation of all business processes and minimize risks, particularly in light of the post-pandemic changes. The study uses the COBIT 2019 framework to evaluate the risk management of the company's business processes. The study comprises five stages: a preliminary study, a research planning phase, data collection, data analysis, and a recommendation phase. As a result, the company has successfully identified potential risks, along with their respective impact levels, and gained insights into IT-related issues. However, the company still requires an extensive evaluation for its field implementation. While the company believes it has effectively managed risks, subsequent assessments reveal that it is still in the early stages, necessitating numerous improvements in risk management implementation. This is evident from the evaluation of the EDM03 and APO12 processes; the company's capacity is currently at level 1 with a gap of 2. The overarching recommendation is for companies to document all past risks, standardize SOPs, and regularly evaluate them to ensure continuous improvement in future business processes.

Keywords : Startup, COBIT 2019, Risk Management, EDM03, APO12.

References :

  1. S. De Haes, W. Van Grembergen, J. Anant, dan T. Huygh, Enterprise Governance of Information Technology. Achieving Alignment and Value in Digital Organizations, Third Edit. Springer Nature Switzerland AG, 2020.
  2. J. S. Suroso dan B. Rahadi, “Development of IT risk management framework using COBIT 4.1, implementation in it governance for support business strategy,” ACM Int. Conf. Proceeding Ser., vol. Part F1306, no. July 2017, hal. 92–96, 2017, doi: 10.1145/3124116.3124134.
  3. B. C. Alberts dan A. Dorofee, Managing Information Security Risks : The OCTAVE SM Approach, First Edit. Addison-Wesley Longman Publishing Co., Inc., 2002.
  4. O. Ozdemir, T. Dogru, M. Kizildag, M. Mody, dan C. Suess, “Quantifying the economic impact of COVID-19 on the U.S. hotel industry: Examination of hotel segments and operational structures,” Tour. Manag. Perspect., vol. 39, no. November 2020, hal. 100864, 2021, doi: 10.1016/j.tmp.2021.100864.
  5. D. F. Tanjung, A. Oktaviana, dan A. P. Widodo, “Analisis Manajemen Risiko Startup Pada Masa Pandemi COVID-19 Menggunakan COBIT® 2019,” J. Teknol. Inf. dan Ilmu Komput., vol. 8, no. 3, hal. 635–642, 2021, doi: 10.25126/jtiik.202184914.
  6. A. P. Auliya dkk., “Online Business Transformation in the Covid-19 Pandemic Era (Case Study of Msme Activities in Tangerang City),” Int. J. Econ. Account. Res., vol. 6, no. 1, hal. 546–552, 2022, [Daring]. Tersedia pada: https://jurnal.stie-aas.ac.id/index.php/IJEBAR/article/view/4744/2108.
  7. H. M. Astuti, F. A. Muqtadiroh, E. W. T. Darmaningrat, dan C. U. Putri, “Risks Assessment of Information Technology Processes Based on COBIT 5 Framework: A Case Study of ITS Service Desk,” Procedia Comput. Sci., vol. 124, hal. 569–576, 2017, doi: 10.1016/j.procs.2017.12.191.
  8. P. P. Thenu, A. F. Wijaya, dan C. Rudianto, “Analisis Manajemen Risiko Teknologi Informasi Menggunakan Cobit 5 (Studi Kasus: Pt Global Infotech),” J. Bina Komput., vol. 2, no. 1, hal. 1–13, 2020, doi: 10.33557/binakomputer.v2i1.799.
  9. dkk Richard M. Steinberg, “Enterprise Risk Management-Integrated Framework,” Comm. Spons. Organ. Treadw. Comm., Sep 2004, doi: 10.1002/9781119201939.app4.
  10. V. Raval dan R. Sharma, “Small business interruptions,” ISACA J., vol. 3, hal. 18–21, 2019.
  11. A. Rafeq, “Using COBIT 2019 to Proactively Mitigate the Impact of COVID-19,” ISACA Journal, 2021.
  12. R. M. Maskur, Nixon Adolong, “IMPLEMENTASI TATA KELOLA TEKNOLOGI INFORMASI MENGGUNAKAN FRAMEWORK COBIT 5 DI BPMPTSP BONE BOLANGO Kabupaten Bone Bolango dipetakan untuk,” J. Masy. Telemat. dan Inf., vol. 8, no. 2, hal. 109–126, 2017.
  13. F. Jingga, R. Kosala, B. Ranti, dan S. H. Supangkat, “It governance implementation in indonesia: A systematic literature review,” Int. J. Sci. Technol. Res., vol. 8, no. 10, hal. 2074–2079, 2019.
  14. ISACA, “Introducing COBIT 2019 - OVERVIEW November 2018,” no. November, 2018, [Daring]. Tersedia pada: http://www.isaca.org/COBIT/Documents/COBIT-2019-Toolkit_fmk_eng_1118.zip.
  15. ISACA, “Introducing COBIT 2019, Major Differences with COBIT 5,” 2018, [Daring]. Tersedia pada: https://www.isaca.org/resources/cobit.
  16. ISACA, Governance and Management Objectives. 2018.
  17. D. Lanter, COBIT 2019 Framework Introduction and methodology. 2019.
  18. N. A. N. Dewi dan I. G. P. H. Yudana, “Analisa Manajemen Risiko Pada Sistem Akademik di STMIK STIKOM Bali,” Semin. Nas. Teknol. Inf. dan Multimed. 2016, hal. 6–7, 2016.
  19. A. B. : Charles R. Vorst, D.S. Priyarsono, Manajemen Risiko Berbasis SNI ISO 31000, Edisi Pert. Jakarta: Badan Standardisasi Nasional, 2018.

The start-up XYZ operates in tourism and digital agencies, where every business activity relies on IT from the outset. We must implement good risk management to ensure optimal operation of all business processes and minimize risks, particularly in light of the post-pandemic changes. The study uses the COBIT 2019 framework to evaluate the risk management of the company's business processes. The study comprises five stages: a preliminary study, a research planning phase, data collection, data analysis, and a recommendation phase. As a result, the company has successfully identified potential risks, along with their respective impact levels, and gained insights into IT-related issues. However, the company still requires an extensive evaluation for its field implementation. While the company believes it has effectively managed risks, subsequent assessments reveal that it is still in the early stages, necessitating numerous improvements in risk management implementation. This is evident from the evaluation of the EDM03 and APO12 processes; the company's capacity is currently at level 1 with a gap of 2. The overarching recommendation is for companies to document all past risks, standardize SOPs, and regularly evaluate them to ensure continuous improvement in future business processes.

Keywords : Startup, COBIT 2019, Risk Management, EDM03, APO12.

Video Explanation for Published paper

Never miss an update from Papermashup

Get notified about the latest tutorials and downloads.

Subscribe by Email

Get alerts directly into your inbox after each post and stay updated.
Subscribe
OR

Subscribe by RSS

Add our RSS to your feedreader to get regular updates from us.
Subscribe