This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Risk Management using COBIT 5 for Risk : A Case Study on Local Government in Indonesia
Corresponding Author(s) : Beny Prasetyo
Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control,
Vol. 8, No. 1, February 2023
Abstract
BP4D (Regional Development Planning, Research and Development Agency) Bondowoso utilizes information technology to support its duties and functions, one of which is SIPD (Sistem Informasi Pemerintah Daerah). SIPD provides many benefits and conveniences such as improving the quality of public services, transparency, improving bureaucratic accountability, but in its implementation SIPD can also pose dangerous risks both from processes involving the system and the system itself. These risks can disrupt BP4D Bondowoso's business processes and cause various losses. To protect BP4D Bondowoso from losses caused by risk, risk management is carried out using the relevant framework, namely COBIT 5 Enabling Process and COBIT 5 for Risk with the APO12 risk management process. Data were collected by interview and distributing questionnaires. Fifty-one risks were identified in the implementation of SIPD at BP4D Bondowoso consisting of 48 negative risks and 3 positive risks. The risks found dominate the type of IT Benefit / Value Enablement and the category of regulatory compliance. Identified 3 very high risks in the category of regulatory compliance and software. Overall risk dominates the medium rating, which is 28 risks and the high risk consists of 20 risks. The negative risk response is dominated by mitigate, which is 33 risks.
Keywords
Download Citation
Endnote/Zotero/Mendeley (RIS)BibTeX
- Z. G. Tompo, A. G. Kadir, and A. Murfhi, “Analisis Peranan Bappeda dalam Pembangunan di Kabupaten Jeneponto,” J. Ilmu Pemerintah., vol. 5, pp. 9–20, 2012.
- S. N. Ajizah, E. Wijaya, and F. Meutia, “Peran Badan Perencanaan Pembangunan Daerah (BAPPEDA) Kota Depok Dalam Penyusunan Rencana Pembangunan Jangka Menengah Daerah,” vol. 4, no. 1, pp. 44–64, 2021, doi: https://doi.org/10.35814/jlr.v4i1.2966.
- Kemendagri, “Kemendagri Luncurkan Sistem Informasi Pemerintah Daerah,” Kemendagri, 2019. https://www.kemendagri.go.id/berita/baca/24443/kemendagriluncurkan-sistem-informasi-pemerintahan-daerah (accessed Jan. 11, 2022).
- Menteri Dalam Negeri Republik Indonesia, “Peraturan Menteri Dalam Negeri Republik Indonesia Nomor 70 Tahun 2019 tentang Sistem Informasi Pemerintah Daerah.” Indonesia, pp. 1–16, 2019.
- Menteri Dalam Negeri Republik Indonesia, “Peraturan Menteri Dalam Negeri Republik Indonesia Nomor 8 Tahun 2014 Tentang sistem Informasi Pembangunan Daerah.” pp. 1–29, 2014.
- N. K. Sudianing and K. A. Seputra, “Peran Sistem Informasi Pemerintahan Daerah Dalam Menunjang Peningkatan Kualitas Perencanaan Pembangunan Daerah,” Locus Maj. Ilm. FISIP, vol. 11, no. 2, pp. 1–22, 2019.
- F. Dione and U. Faradina, “Implementasi Sistem Informasi Pembangunan Daerah (SIPD) dalam Meningkatkan Koordinasi Pembangunan di Daerah (Studi tentang Penerapan SIPD pada BAPPEDA Kota Bengkulu),” J. Kebijak. Pemerintah., vol. 1, no. January, pp. 21–28, 2020.
- Mukhsin, “Peranan Teknologi Informasi Dan Komunikasi Menerapkan Sistem Informasi Desa Dalam Publikasi Informasi Desa Di Era Globalisasi,” Teknokom, vol. 3, no. 1, pp. 7–15, 2020, doi: https://doi.org/10.31943/teknokom.v3i1.43.
- H. M. Astuti, F. A. Muqtadiroh, E. W. T. Darmaningrat, and C. U. Putri, “Risks Assessment of Information Technology Processes Based on COBIT 5 Framework: A Case Study of ITS Service Desk,” Procedia Comput. Sci., vol. 124, pp. 569–576, 2017, doi: https://doi.org/10.1016/j.procs.2017.12.191.
- P. Hopkin, Fundamentals of Risk Management, 4th ed. USA: Kogan Page Limited, 2017.
- D. A. Prastiyawan, A. Ambarwati, and E. Setiawan, “Analisis Manajemen Risiko Layanan Sistem Manajemen Dealer Menggunakan COBIT 5,” Matrix J. Manaj. Teknol. dan Inform., vol. 10, no. 2, pp. 43–49, 2020, doi: https://doi.org/10.31940/matrix.v10i2.1913.
- R. Astuti, “Implementasi Manajemen Risiko Sistem Informasi Menggunakan COBIT 5,” Media Inform., vol. 17, no. 1, pp. 18–28, 2018, doi: https://doi.org/10.37595/mediainfo.v17i1.7.
- Y. Supriyadi and C. W. Hardani, “Information system risk scenario using COBIT 5 for risk and NIST SP 800-30 Rev. 1 a case study,” Proc. - 2018 3rd Int. Conf. Inf. Technol. Inf. Syst. Electr. Eng. ICITISEE 2018, pp. 287–291, 2018, doi: https://doi.org/10.1109/ICITISEE.2018.8721034.
- E. Ismawan, A. S. Putri, and N. J. Utamaja, “Using COBIT 5 for Risk Management Assessment E-Wallet Information Technology in Indonesia,” Int. J. Progress. Res. Sci. Eng., vol. 2, no. 8, pp. 741–745, 2021.
- ISACA, COBIT 5 Enabling Processes. USA: ISACA, 2012.
- F. Adikara, “Implementasi Tata Kelola Teknologi Informasi Perguruan Tinggi Berdasarkan Cobit 5 Pada Laboratorium Rekayasa Perangkat Lunak,” Semin. Nas. Sist. Inf. Indones., no. 2, pp. 2–4, 2013.
- Y. Kusumaningrum and Wella, “Adoption of COBIT 5 Framework in Risk Management for Startup Company,” Turkish J. Comput. Math. Educ., vol. 12, no. 3, pp. 1446–1452, 2021, doi: https://doi.org/10.17762/turcomat.v12i3.942.
- R. D. A. Putra, E. Setiawan, and A. Ambarwati, “Evaluasi Manajemen Risiko Teknologi Informasi Berdasarkan Framework COBIT 5 Pada PT.BTM,” JSI J. Sist. Inf., vol. 11, no. 2, pp. 1754–1762, 2019, doi: https://doi.org/10.36706/jsi.v11i2.9103.
- ISACA, COBIT 5: A business framework for the governance and management of enterprise IT COBIT 5. USA: ISACA, 2012.
- G. Stoneburner, A. Goguen, and A. Feringa, “Risk Management Guide for Information Technology Systems Recommendations,” Comput. Secur. Div. Inf. Technol. Lab. Natl. Inst. Stand. Technol. Gaithersbg., p. 54, 2002, doi: https://doi.org/10.6028/NIST.SP.800-30.
- N. Gibbs, “COBIT 5 for Risk,” Int. Conf. Vancouver, BC, Canada, pp. 1–54, 2015.
- ISACA, COBIT 5 For Risk. USA: ISACA, 2013.
- D. R. Indah, Harlili, and M. A. Firdaus, “Risk Management for Enterprise Resource Planning Post Implementation Using COBIT 5 for Risk,” Proceeding 1st Int. Conf. Comput. Sci. Eng., pp. 113–118, 2014.
- Menteri Dalam Negeri Republik Indonesia, “Peraturan Menteri Dalam Negeri Republik Indonesia Nomor 86 Tahun 2017 Tentang Tata Cara Perencanaan, Pengendalian Dan Evaluasi Pembangunan Daerah, Tata Cara Evaluasi Rancangan Peraturan Daerah Tentang Rencana Pembangunan Jangka Panjang Daerah Dan Rencana.” pp. 1–644, 2017.
- D. Hillson, “Effective strategies for exploiting opportunities,” Present. Proc. Proj. Manag. Inst. Annu. Semin. Symp. Nashville, TN., 2001.
References
Z. G. Tompo, A. G. Kadir, and A. Murfhi, “Analisis Peranan Bappeda dalam Pembangunan di Kabupaten Jeneponto,” J. Ilmu Pemerintah., vol. 5, pp. 9–20, 2012.
S. N. Ajizah, E. Wijaya, and F. Meutia, “Peran Badan Perencanaan Pembangunan Daerah (BAPPEDA) Kota Depok Dalam Penyusunan Rencana Pembangunan Jangka Menengah Daerah,” vol. 4, no. 1, pp. 44–64, 2021, doi: https://doi.org/10.35814/jlr.v4i1.2966.
Kemendagri, “Kemendagri Luncurkan Sistem Informasi Pemerintah Daerah,” Kemendagri, 2019. https://www.kemendagri.go.id/berita/baca/24443/kemendagriluncurkan-sistem-informasi-pemerintahan-daerah (accessed Jan. 11, 2022).
Menteri Dalam Negeri Republik Indonesia, “Peraturan Menteri Dalam Negeri Republik Indonesia Nomor 70 Tahun 2019 tentang Sistem Informasi Pemerintah Daerah.” Indonesia, pp. 1–16, 2019.
Menteri Dalam Negeri Republik Indonesia, “Peraturan Menteri Dalam Negeri Republik Indonesia Nomor 8 Tahun 2014 Tentang sistem Informasi Pembangunan Daerah.” pp. 1–29, 2014.
N. K. Sudianing and K. A. Seputra, “Peran Sistem Informasi Pemerintahan Daerah Dalam Menunjang Peningkatan Kualitas Perencanaan Pembangunan Daerah,” Locus Maj. Ilm. FISIP, vol. 11, no. 2, pp. 1–22, 2019.
F. Dione and U. Faradina, “Implementasi Sistem Informasi Pembangunan Daerah (SIPD) dalam Meningkatkan Koordinasi Pembangunan di Daerah (Studi tentang Penerapan SIPD pada BAPPEDA Kota Bengkulu),” J. Kebijak. Pemerintah., vol. 1, no. January, pp. 21–28, 2020.
Mukhsin, “Peranan Teknologi Informasi Dan Komunikasi Menerapkan Sistem Informasi Desa Dalam Publikasi Informasi Desa Di Era Globalisasi,” Teknokom, vol. 3, no. 1, pp. 7–15, 2020, doi: https://doi.org/10.31943/teknokom.v3i1.43.
H. M. Astuti, F. A. Muqtadiroh, E. W. T. Darmaningrat, and C. U. Putri, “Risks Assessment of Information Technology Processes Based on COBIT 5 Framework: A Case Study of ITS Service Desk,” Procedia Comput. Sci., vol. 124, pp. 569–576, 2017, doi: https://doi.org/10.1016/j.procs.2017.12.191.
P. Hopkin, Fundamentals of Risk Management, 4th ed. USA: Kogan Page Limited, 2017.
D. A. Prastiyawan, A. Ambarwati, and E. Setiawan, “Analisis Manajemen Risiko Layanan Sistem Manajemen Dealer Menggunakan COBIT 5,” Matrix J. Manaj. Teknol. dan Inform., vol. 10, no. 2, pp. 43–49, 2020, doi: https://doi.org/10.31940/matrix.v10i2.1913.
R. Astuti, “Implementasi Manajemen Risiko Sistem Informasi Menggunakan COBIT 5,” Media Inform., vol. 17, no. 1, pp. 18–28, 2018, doi: https://doi.org/10.37595/mediainfo.v17i1.7.
Y. Supriyadi and C. W. Hardani, “Information system risk scenario using COBIT 5 for risk and NIST SP 800-30 Rev. 1 a case study,” Proc. - 2018 3rd Int. Conf. Inf. Technol. Inf. Syst. Electr. Eng. ICITISEE 2018, pp. 287–291, 2018, doi: https://doi.org/10.1109/ICITISEE.2018.8721034.
E. Ismawan, A. S. Putri, and N. J. Utamaja, “Using COBIT 5 for Risk Management Assessment E-Wallet Information Technology in Indonesia,” Int. J. Progress. Res. Sci. Eng., vol. 2, no. 8, pp. 741–745, 2021.
ISACA, COBIT 5 Enabling Processes. USA: ISACA, 2012.
F. Adikara, “Implementasi Tata Kelola Teknologi Informasi Perguruan Tinggi Berdasarkan Cobit 5 Pada Laboratorium Rekayasa Perangkat Lunak,” Semin. Nas. Sist. Inf. Indones., no. 2, pp. 2–4, 2013.
Y. Kusumaningrum and Wella, “Adoption of COBIT 5 Framework in Risk Management for Startup Company,” Turkish J. Comput. Math. Educ., vol. 12, no. 3, pp. 1446–1452, 2021, doi: https://doi.org/10.17762/turcomat.v12i3.942.
R. D. A. Putra, E. Setiawan, and A. Ambarwati, “Evaluasi Manajemen Risiko Teknologi Informasi Berdasarkan Framework COBIT 5 Pada PT.BTM,” JSI J. Sist. Inf., vol. 11, no. 2, pp. 1754–1762, 2019, doi: https://doi.org/10.36706/jsi.v11i2.9103.
ISACA, COBIT 5: A business framework for the governance and management of enterprise IT COBIT 5. USA: ISACA, 2012.
G. Stoneburner, A. Goguen, and A. Feringa, “Risk Management Guide for Information Technology Systems Recommendations,” Comput. Secur. Div. Inf. Technol. Lab. Natl. Inst. Stand. Technol. Gaithersbg., p. 54, 2002, doi: https://doi.org/10.6028/NIST.SP.800-30.
N. Gibbs, “COBIT 5 for Risk,” Int. Conf. Vancouver, BC, Canada, pp. 1–54, 2015.
ISACA, COBIT 5 For Risk. USA: ISACA, 2013.
D. R. Indah, Harlili, and M. A. Firdaus, “Risk Management for Enterprise Resource Planning Post Implementation Using COBIT 5 for Risk,” Proceeding 1st Int. Conf. Comput. Sci. Eng., pp. 113–118, 2014.
Menteri Dalam Negeri Republik Indonesia, “Peraturan Menteri Dalam Negeri Republik Indonesia Nomor 86 Tahun 2017 Tentang Tata Cara Perencanaan, Pengendalian Dan Evaluasi Pembangunan Daerah, Tata Cara Evaluasi Rancangan Peraturan Daerah Tentang Rencana Pembangunan Jangka Panjang Daerah Dan Rencana.” pp. 1–644, 2017.
D. Hillson, “Effective strategies for exploiting opportunities,” Present. Proc. Proj. Manag. Inst. Annu. Semin. Symp. Nashville, TN., 2001.