To see the other types of publications on this topic, follow the link: COBIT: A Framework for Internal Controls.
Journal articles on the topic 'COBIT: A Framework for Internal Controls'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'COBIT: A Framework for Internal Controls.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Rubino, Michele, and Filippo Vitolla. "Internal control over financial reporting: opportunities using the COBIT framework." Managerial Auditing Journal 29, no. 8 (2014): 736–71. http://dx.doi.org/10.1108/maj-03-2014-1016.
Full textAbstract:
Purpose – The purpose of this paper is to analyze how the COBIT framework, integrated within the internal control framework, enables improvement in the quality of financial reporting while helping to reduce or eliminate the material weaknesses (MWs) of internal control over financial reporting (ICFR). The Control Objectives for Information and Related Technology (COBIT) model is a framework for information technology (IT) management and IT governance. It is a supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks. Preliminarily, the analysis in this paper illustrates how the Committee of Sponsoring Organizations (COSO) framework impacts on the MWs, highlighting strengths and weaknesses. This paper shows how these limits can be overcome with the use of the COBIT framework. Design/methodology/approach – This is a conceptual paper that aims to highlight the relationship between COBIT and COSO, by illustrating how the IT processes reduce or eliminate the main MW categories. Findings – The analysis indicates that the implementation of the COBIT framework, or more generally the adoption of effective IT controls, provides important benefits to the entire company or organization. IT control objectives have a direct impact on the IT control weaknesses and indirectly on the other categories of material weaknesses. Practical implications – The adoption of the framework allows managers to implement effective ICFR. In particular, the COBIT approach provides managers with a more evolved tool in terms of compliance with the Sarbanes–Oxley Act requirements. This framework also improves the reliability of financial reporting in relation to the requirements of Public Company Accounting Oversight Board’s Auditing Standards No. 2 and 5. Originality/value – The analysis provides an interdisciplinary approach, connecting accounting and information systems themes, and suggest solutions and tools than can help managers to address the internal control weaknesses. This paper addresses an area of relevance to both practitioners and academics and expands existing accounting literature.
2
Agung Yuliyanto Nugroho. "Analisis Efektivitas Tata Kelola TI Menggunakan Framework Framework Cobit 5 pada PT Bima Mandira Abadi." Jurnal Teknik Mesin, Industri, Elektro dan Informatika 3, no. 4 (2024): 01–13. http://dx.doi.org/10.55606/jtmei.v3i4.4286.
Full textAbstract:
This study aims to analyze the effectiveness of implementing the COBIT 5 framework in Information Technology (IT) governance in organizations. The main focus is to evaluate the extent to which COBIT 5 is able to improve IT management, operational efficiency, and the achievement of the organization's strategic objectives. This study uses a case study approach with qualitative methods. Data were collected through interviews with IT stakeholders, analysis of IT policy and procedure documents, and employee surveys to assess their perceptions of the effectiveness of IT governance. The assessment was carried out by comparing the implementation of COBIT 5 against the performance indicators and controls set out in the framework. This study revealed that although COBIT 5 provides a comprehensive framework for IT governance, the success of its implementation is highly dependent on managerial support, adequate training, and adjustments to the specific needs of the organization. Recommendations for improving effectiveness include strengthening training, improving internal communication, and periodic evaluation of COBIT 5 implementation. The implementation of COBIT 5 has shown substantial benefits in improving IT governance and supporting the achievement of organizational goals. However, to maximize its effectiveness, attention is needed to the aspects that influence the adoption and implementation of this framework.
3
Maria Miliani Pan Ardana and Yuki Firmanto. "Analisis Pengendalian Internal Sistem Kredit Pada Kopdit Xyz Menggunakan Framework Cobit 2019." Reviu Akuntansi, Keuangan, dan Sistem Informasi 3, no. 4 (2023): 845–57. https://doi.org/10.21776/reaksi.2024.3.4.307.
Full textAbstract:
This study aims to analyze the internal control of the credit system of XYZ Credit Cooperative of Malang City utilizing the Control Objectives for Information and Related Technologies (COBIT 2019) framework. This study employs a descriptive analysis involving both primary and secondary data collected from observation, interviews, documentation, and questionnaires. The object of this study includes the credit system of XYZ Credit Cooperative, whose analysis is presented in diagrammatic form. The results of this study reveal a series of internal controls as presented on the COBIT 2019 design toolkit including strategies, goals, risk profiles, IT related issues, threat landscape, compliance requirements, the role of IT, sourcing models for IT, IT implementation models, technology adoption strategies, and organization size. The analysis results indicate several credit system problems in the XYZ Credit Cooperative, and the internal control utilizing the COBIT 2019 framework runs relatively properly despite some weaknesses. Abstrak Penelitian ini bertujuan untuk mengetahui pengendalian internal sistem kredit pada KOPDIT XYZ di Kota Malang menggunakan framework Control Objectives for Information and Related Technologies (COBIT 2019). Jenis penelitian ini adalah penelitian dengan pendekatan deskriptif. Sumber data dari penelitian ini adalah data primer dan data sekunder. Objek penelitian ini adalah sistem kredit pada Kopdit XYZ. Teknik pengumpulan data dilakukan dengan observasi, wawancara, dokumentasi, dan kuesioner. Analisis sistem kredit Kopdit XYZ disajikan dalam bentuk diagram. Hasil penelitian ini berupa rangkaian pengendalian internal yang dilihat melalui design toolkit COBIT 2019 meliputi strategi, tujuan, profil resiko, isu terkait TI, lanskap ancaman, kebutuhan kepatuhan, peran dari TI, model sumber untuk TI, model implementasi TI, strategi adopsi teknologi, dan ukuran organisasi. Hasil analisis menunjukkan ada beberapa masalah dalam sistem kredit Kopdit XYZ serta pengendalian internal sistem kredit XYZ menggunakan framework COBIT 2019 berjalan cukup baik meskipun masih terdapat kelemahan.
4
Nguen, Thi Ha Mi. "Application of COSO and COBIT Frameworks for the Purpose of Organization of Internal Control." Auditor 7, no. 5 (2021): 15–23. http://dx.doi.org/10.12737/1998-0701-2021-7-5-15-23.
Full textAbstract:
This article analyzes the relevance of this framework for the purposes of organizing internal control and proposes a scheme for integrating COBIT and COSO frameworks: the theses of these two frameworks are interconnected through the concepts of «process» and «information fl ows». The article also considers the application of the integrated concept in the context of the implementation of the principles of sustainable development in the activities of the organization.
5
Li, Hsing-Jung, She-I. Chang, Tawei Wang, and Li-Min Chang. "Information Technology Internal Control Items for the Post-Implementation Phase of Enterprise Resource Planning Systems." Journal of Information Systems 34, no. 3 (2019): 159–97. http://dx.doi.org/10.2308/isys-52615.
Full textAbstract:
ABSTRACT Our understanding of relevant internal controls at the post-implementation phase remains limited in spite of general guidance from professional frameworks or standards. In this study, based on the COBIT 5 framework, we reviewed 56 studies from relevant academic journals from 1998 to 2014 to form an initial list of information technology (IT) internal control items for the post-implementation phase of enterprise resource planning (ERP) systems. An expert survey was conducted to validate the list, and 45 control items were ranked using the Delphi method. The proposed items may assist companies and auditors in focusing on essential internal control issues during the ERP system post-implementation phase.
6
Dari, Wulan, and Heru Bastian. "AUDIT TATA KELOLA TEKNOLOGI INFORMASI PADA KEJAKSAAN NEGERI SANGGAU MENGGUNAKAN FRAMEWORK COBIT 2019." IJIS - Indonesian Journal On Information System 10, no. 1 (2025): 48. https://doi.org/10.36549/ijis.v10i1.358.
Full textAbstract:
Perkembangan teknologi informasi yang pesat memberikan dampak besar terhadap bisnis organisasi, sehingga diperlukan tata kelola TI yang efektif. COBIT 2019 sebagai kerangka kerja standar menyediakan panduan penerapan tata kelola TI. Kejaksaan Negeri Sanggau menghadapi beberapa kekurangan dalam tata kelola TI dan tidak pernah melaksanakan audit untuk menilai tingkat kemampuannya. Penelitian ini bertujuan mengevaluasi tingkat kemampuan dan kesenjangan tata kelola TI, serta menyajikan rekomendasi perbaikan menggunakan COBIT 2019. Dari proses yang diidentifikasi, terdapat 8 objektif yang relevan, yaitu APO07 (Managed Human Resources), DSS01 (Managed Operations), DSS02 (Managed Service Requests and Incidents), DSS03 (Managed Problems), DSS06 (Managed Business Process Controls), MEA01 (Managed Performance and Conformance Monitoring), MEA02 (Managed System of Internal Control) dan MEA03 (Managed Compliance With External Requirements). Hasil menunjukkan bahwa APO07, DSS02, MEA01 dan MEA03 berada pada level 1 (as-is), dengan target (to-be) level 3, sehingga kesenjangan adalah 2. Sementara itu, DSS03 dan DSS06 berada pada level 2, dengan target level 3, menghasilkan kesenjangan 1. DSS01 dan MEA02 berada pada level 3, dengan target level 4, juga memiliki kesenjangan 1. Peningkatan kemampuan dapat dicapai dengan melengkapi aktivitas yang belum dilakukan hingga mencapai fully achieved pada setiap level.Kata Kunci: Audit, Tata Kelola Teknologi Informasi, COBIT 2019
7
Satria, Wahyu Indra, Farwis Ilmi, and Nuning Indah Pratiwi. "Evaluation of IT Governance in Indonesia's One-Door Investment and Integrated Services Institution using COBIT 5." TIERS Information Technology Journal 5, no. 2 (2024): 141–52. https://doi.org/10.38043/tiers.v5i2.5680.
Full textAbstract:
This research aims to evaluate the information technology governance at Indonesia's One-Door Investment and Integrated Services Institution using the COBIT 5 framework. COBIT 5 is a comprehensive framework that provides a model for managing and governing information technology within an organization, to ensure the achievement of strategic and operational objectives. The research was conducted through several stages, including identifying relevant information technology processes, data collection through questionnaires and interviews, and analysis of the evaluation results using capability levels provided by COBIT 5 framework. The study results indicate that most information technology processes at Indonesia's One-Door Investment and Integrated Services Institution are at capability levels that require improvement, particularly in information technology risk management, performance management, and internal controls. Several recommendations are provided to enhance information technology governance at Indonesia's One-Door Investment and Integrated Services Institution, such as strengthening information technology policies and procedures, increasing human resource capacity through continuous training, and implementing regular monitoring and evaluation systems. By adopting these recommendations, it is expected that information technology governance at Indonesia's One-Door Investment and Integrated Services Institution can be optimized to support the achievement of organizational goals better and improve public services for the citizens.
8
Rapina and Umar Faruq Vista. "Analisis Kinerja Pelayanan Teknologi Informasi Menggunakan Framework Cobit 4.1 Pada Manajemen Pelayanan di PT.XYZ." BITJournal: Bangka Information Technology Journal 1, no. 1 (2024): 31–40. http://dx.doi.org/10.33019/ta4gr826.
Full textAbstract:
This study aims to analyze the performance of Information Technology services in Service Management at PT. XYZ using the COBIT 4.1 Framework. Information Technology has a crucial role in supporting the company's business operations and strategies, therefore it is important to ensure that the performance of IT services meets the established standards. The research method used is a qualitative approach with data collection through observation, interviews, and document analysis. This research will evaluate key aspects of IT services, such as risk management, internal control, and performance measurement, using the COBIT 4.1 framework. The results of this study show that PT XYZ's IT service performance has been successful in some areas, but there is still room for improvement. One of the key findings is that risk management needs to be improved to effectively identify and manage potential risks that could disrupt IT operations. In addition, internal controls should be strengthened to ensure the security and reliability of information systems. The recommendations provided in this study include the implementation of specific measures to improve IT service performance. First, the company should develop a clearer and more detailed risk management policy, including procedures to mitigate identified risks. Second, internal controls should be strengthened through stricter control mechanisms and regular monitoring of system security. In addition, steps are needed to improve IT performance measurement, including the use of measurable and more systematic measures to evaluate the effectiveness and efficiency of IT services. The findings and recommendations of this research are expected to provide a deeper understanding of IT. PT. XYZ's service performance and practical improvements are needed to improve the effectiveness, efficiency and security of IT management. The implications of this research can assist companies in making strategic decisions regarding the right IT infrastructure investment and development to improve competitiveness and achieve long-term business goals.
9
Rubino, Michele, Filippo Vitolla, and Antonello Garzoni. "The impact of an IT governance framework on the internal control environment." Records Management Journal 27, no. 1 (2017): 19–41. http://dx.doi.org/10.1108/rmj-03-2016-0007.
Full textAbstract:
Purpose The purpose of this paper is to analyze how an IT governance framework [Control Objectives for Information and related Technology (COBIT)] influences the control environment and the internal control system. In particular, it aims to illustrate how the COBIT’s structure and processes impact on the seven categories of factors that compose the control environment. Design/methodology/approach This paper aims to highlight how an IT governance framework with its processes enables to improve the control environment assessment and implementation. Findings The analysis indicates that the implementation of the COBIT framework provides some indications for managers and auditors, which must implement or assess internal control system. Practical implications The adoption of the framework allows managers to focus effectively on integrating, aligning and linking processes. This improves the understanding of the key aspects connected to the control environment. In addition, the adoption of the framework allows overcoming some limitations regarding the Committee of Sponsoring Organizations framework. Originality/value This paper addresses an area of relevance to both practitioners and academics. This analysis focuses on Accounting Information Systems themes and, through the examination of an IT governance framework, suggests solutions and tools than can help managers and auditors to address the control environment assessment.
10
Olawale, Habeeb Olatunji, Ngozi Joan Isibor, and Joyce Efekpogua Fiemotongha. "An Integrated Audit and Internal Control Modeling Framework for Risk-Based Compliance in Insurance and Financial Services." International Journal of Social Science Exceptional Research 1, no. 3 (2022): 31–35. https://doi.org/10.54660/ijsser.2022.1.3.31-35.
Full textAbstract:
In an increasingly complex regulatory environment, insurance and financial services organizations face significant challenges in maintaining compliance while ensuring operational resilience. This paper proposes an integrated audit and internal control modeling framework that unifies IT General Controls, internal audit loops, and risk prioritization matrices into a cohesive, adaptive compliance system. Drawing from established theories such as COSO, COBIT, and the Three Lines of Defense, and grounded in regulatory mandates including SOX, Basel III, Solvency II, and IFRS, the framework addresses critical gaps in siloed control implementations. Through architectural modeling, scenario-based applications, and a feedback-driven control ecosystem, the study demonstrates how the integrated approach enhances control assurance, improves risk visibility, and fosters proactive governance. Practical implications include shifts in corporate governance, internal audit methodologies, and IT policy development. Limitations related to empirical validation and industry-specific variability are acknowledged, with future research avenues identified in AI-enhanced auditing and real-time compliance analytics.
11
Cereola, Sandra J., and Ronald J. Cereola. "Breach of Data at TJX: An Instructional Case Used to Study COSO and COBIT, with a Focus on Computer Controls, Data Security, and Privacy Legislation." Issues in Accounting Education 26, no. 3 (2011): 521–45. http://dx.doi.org/10.2308/iace-50031.
Full textAbstract:
ABSTRACT Internal control frameworks (ICF) provide a basis for understanding controls in an organization and for making judgments about the effectiveness of controls. The Sarbanes-Oxley Act of 2002 (SOX) requires companies to report, on an ongoing basis, the effectiveness of their internal controls in their annual filings. The Securities and Exchange Commission (SEC) recommends companies use ICF to help achieve compliance with SOX. ICF provide a useful tool for management and auditors evaluating and addressing the adequacy of controls in their organization. As there is no such thing as a “risk-free” enterprise, developing an understanding of ICF is important for students entering the accounting profession. This instructional case provides students the opportunity to assess internal control risks within an organization's information system using a “real-world” problem following COSO (SEC-recommended ICF) and/or COBIT as a guide. Students then evaluate the organization's overall level of internal control risks and formulate recommendations for mitigating such risks.
12
Tuttle, Brad, and Scott D. Vandervelde. "An empirical examination of CobiT as an internal control framework for information technology." International Journal of Accounting Information Systems 8, no. 4 (2007): 240–63. http://dx.doi.org/10.1016/j.accinf.2007.09.001.
Full text
13
Ali, Osama, Saqer Al-tahat, Khaleel Al-Duleemi, Dr Jamal Al-Afeef, and Dr Hamza Al-hawamdah. "The Impact of the Decisions of the COBIT 5 Committee on the Effectiveness of the Internal Control Systems in the Jordanian Industrial Joint Stock Companies." Journal of Social Sciences Research, no. 511 (November 5, 2019): 1587–99. http://dx.doi.org/10.32861/jssr.511.1587.1599.
Full textAbstract:
The objective of this study was to identify the impact of IT governance under the COBIT5 framework on the effectiveness of internal control systems in Jordanian industrial companies. In order to achieve the objectives of this study, the descriptive and analytical methodology was used. The study society is composed of the accounting and financial departments, the number of (65) questionnaires were distributed to each company from the study sample of (43) companies, the researchers retrieved (97) questionnaires. After reviewing the retrieved questionnaires it was found that there are (4) questionnaires that are not valid for the statistical analysis. And thus the suitable number of questionnaires for analysis is (93). In order to analyze the study data and test hypotheses, the SPSS program was used in the various statistical analyzes, descriptive statistics and the internal consistency coefficient (Kronbach Alpha). The multiple linear correlation test was also used using the Pearson correlation coefficient and the variance inflation coefficient, Analysis of simple and multiple linear regression. The study reached several results, the most important of which was the existence of a strong and statistically significant relationship between the implementation of COBIT5’s decisions (planning and organization, acquisition and implementation, service provision and support, evaluation and observation). The study concluded with several recommendations, the most important of which was the increase in the degree of companies’ use of the pioneering brainstorming method in the qualification of employees within the companies and evaluating their performance according to the COBIT framework.5 In addition to the need for companies To develop future plans to activate the concept of control and auditing in the environment of the computer and the gradual transition to modern control methods, including automatic control under the COBIT5 framework.
14
Rivera León, Félix Armando, and Félix A. Rivera Sandoval. "COBIT, Herramienta de Control en la Gestión Empresarial." Gestión en el Tercer Milenio 22, no. 43 (2019): 93–99. http://dx.doi.org/10.15381/gtm.v22i43.16958.
Full textAbstract:
En concordancia con las nuevas necesidades y tendencias de los negocios como: “COSO (Committee of Sporisoring Organisation of the treadway Commission Internal Control-Integrated Framework, 1992 en los EUA, Cadhuay en el Reino Unido, CoCo en Canada y King en Sudáfrica, y la coexistencia de modelos de control en los niveles de tecnología de información como: Security Code of conduct del DTT( Departamento de Industria y Comercio , Reino Unido ) y el Security Handbook de Nist( Nacional Institute of Standards and technology, EUA).”
 Ante la necesidad que los modelos mencionados no proporcionen un modelo de control completo y utilizable en a gestión empresarial, la ISACF (Information Systems Audit an Control foudation) y El ITGI (Governance Institute), desarrollan COBIT para cubrir el vacío pre-existente para logar los fines planeados en las organizaciones, con el desarrollo con el nuevo punto de vista que planetan las nuevas tecnologías de informacion. COBIT integra y consolida normas y reglamentos ya señaladas por las instituciones mencionadas.
15
Neely, M. Pamela, and Jack S. Cook. "Fifteen Years of Data and Information Quality Literature: Developing a Research Agenda for Accounting." Journal of Information Systems 25, no. 1 (2011): 79–108. http://dx.doi.org/10.2308/jis.2011.25.1.79.
Full textAbstract:
ABSTRACT: This paper provides a framework for guiding accounting-related Data and Information Quality (DIQ) research, based on four major research strands: people and decision-making, governance, operations, and technology (PGOT). The last three have been broken down further into three subtopics each, a total of ten subcategories. With people connecting the four strands, the resulting PGOT framework provides a structure to create DIQ research questions. DIQ-related articles published between the years of 1994 and 2008 were identified, the predominant research focus and method were determined. The coding identified research areas that need further exploration. Traditionally, DIQ research has been pursued by non-accountants. Accounting-oriented DIQ literature tends to concentrate on the decision aspects of the PGOT. With an increased emphasis on compliance, CobiT, and internal controls the accounting discipline can make a substantial contribution to the DIQ field, particularly with respect to the decision-making context within the relevant environment. See Supplemental Material
16
Wijaya, Andri. "Penyelarasan Tujuan dan Sasaran Bisnis Teknologi Informasi Menggunakan Kerangka Kerja COBIT 4.1." JuSiTik : Jurnal Sistem dan Teknologi Informasi Komunikasi 7, no. 1 (2023): 1–6. http://dx.doi.org/10.32524/jusitik.v7i1.1037.
Full textAbstract:
In carrying out its business strategy the company is now using information technology (IT) as a support to get certainty effective and efficient that the business strategy is working as expected. Thus IT is now becoming an integral part and integrated with an organization's business objectives so that the evaluation and monitoring of the effectiveness of the company's information technology governance are urgently required in order to know the extent of the application of IT in the company will affect the achievement of the vision, mission or strategic objectives. One very important process, aligning with business objectives and IT objectives. In this paper the alignment is done by reference to the standard IT governance good that standardization Framework COBIT 4.1 and in this paper also presents examples and techniques based on research that has been done, how to align business goals and objectives of IT, to find the appropriate evaluation in preparing IT governance based on best practices in accordance standardization COBIT. By knowing this alignment will allow companies to rearrange and implementing IT governance within the enterprise so that internal controls will be the utilization of IT can be applied to evaluate the shortcomings, weaknesses, and can improve the performance of IT in line and in accordance with its business strategy.
17
Sahd, Lize-Marie, and Riaan Rudman. "Mobile Technology Risk Management." Journal of Applied Business Research (JABR) 32, no. 4 (2016): 1079–96. http://dx.doi.org/10.19030/jabr.v32i4.9723.
Full textAbstract:
Mobile technology is fast becoming an indispensable part of consumers’ lives and an essential business tool in improving productivity, streamlining business processes and remaining competitive. The mobile revolution is transforming business operations, but the pervasive nature of mobile technology also introduces new and significant risks into all areas of the businesses. In most businesses, however, the governance of mobile technology and its related risks is often disjointed and implemented in an ad hoc manner, resulting in all risks not being addressed. This lack of appropriate governance policies and procedures is a direct consequence of a lack of understanding of the technology and the speed at which new technologies are developed and adopted. If the risks are not addressed in a comprehensive manner, it could have severe consequences for a business. The objective of this research is to address this problem by using an appropriate control framework, Control Objectives for Information Technology (COBIT), to identify a comprehensive set of internal controls to address mobile technology risks at a governance, management and operational level. The research proposes a comprehensive set of internal controls which can be used by those charged with governance to manage each significant risk arising from the implementation of mobile technology.
18
Champak Dutta. "Diagnosing internal control failures in India’s petroleum subsidy programs: A COSO-COBIT Governance Analysis." World Journal of Advanced Research and Reviews 26, no. 2 (2025): 2007–11. https://doi.org/10.30574/wjarr.2025.26.2.1863.
Full textAbstract:
This study investigates systemic internal control failures within India’s petroleum subsidy programs, particularly Liquefied Petroleum Gas (LPG) and Public Distribution System (PDS) kerosene schemes. Using the COSO Internal Control Framework (2013) and COBIT (2019) governance principles, alongside forensic data analytics and selected case studies, this paper identifies recurring issues in beneficiary verification, delivery validation, invoice oversight, and IT governance. Despite reforms like Aadhaar-based deduplication and Direct Benefit Transfer for LPG (DBTL), vulnerabilities in real-time monitoring, audit trail consistency, and inter-agency data integration persist. Notably, over 35 million fraudulent LPG accounts were removed, highlighting both progress and past systemic flaws. This research proposes a robust governance model leveraging artificial intelligence, geo-mapping, and control matrices to enhance transparency and accountability. The model is designed to be replicable for other developing nations reforming public welfare distribution systems.
19
Kumbara, Cokis Ratih, Linawati Linawati, and I. Made Oka Widyantara. "Audit Infrastruktur Aplikasi Pelayanan Publik Pemerintah Kota Denpasar." Majalah Ilmiah Teknologi Elektro 16, no. 2 (2017): 78. http://dx.doi.org/10.24843/mite.2017.v16i02p14.
Full textAbstract:
Salah satu Tugas Pokok dan Fungsi utama Dinas Komunikasi dan Informatika Kota Denpasar adalah sebagai pengelola infrastruktur aplikasi pelayanan publik di Pemerintah Kota Denpasar. Pelayanan publik berupa pelayanan kependudukan di Kota Denpasar menggunakan aplikasi Sistem Informasi Administrasi Kependudukan (SIAK) yang meliputi pembuatan KTP, KK, dan Akta Kelahiran. Jika infrastruktur aplikasi pelayanan publik ini mengalami permasalahan, maka akan sangat menghambat semua proses yang berujung kepada komplain masyarakat dan berdampak pada menurunnya tingkat kepercayaan publik. Oleh karena itu dilakukan suatu evaluasi internal berupa audit dalam pengelolaan infrastruktur aplikasi pelayanan publik agar pihak pengelola dapat melakukan perencanaan untuk perbaikan serta peningkatan dan pengembangan infrastruktur yang telah dibangun. Audit dilakukan dengan menggunakan COBIT 4.1 sebagai kerangka kerja kontrol. Berdasarkan hasil audit dengan menggunakan Maturity Model COBIT 4.1, diperoleh tingkat kematangan pada proses AI3 (Mendapatkan dan Memelihara Infrastruktur Teknologi) yaitu berada pada level 3 (defined). Untuk penilaian secara objektif, tingkat kematangan berada diantara level 3 (defined) dan level 4 (managed and measurable) yaitu sebesar 3,53. Rekomendasi diberikan secara bertahap berdasarkan tingkat kematangan yang diperoleh dari hasil evaluasi yaitu tingkat kematangan 3 (defined) untuk dapat ditingkatkan ke tingkat kematangan 4 (managed and measurable), kemudian ditingkatkan lagi menuju tingkat kematangan ideal yaitu 5 (optimized). One of the main functions of Communications and Information Department of Denpasar is a public service application infrastructure management in Denpasar Government. Public services such as settlement services in Denpasar using the Administrasi Information System (SIAK) application which includes the manufacture of ID Card, Family Registers and a birth certificate. If the application infrastructure of public service is experiencing problems, it will greatly hamper the whole process that led to the people's complaints and decrease the level of public confidence. Therefore, an evaluation of internal audit in the form of public service application infrastructure was held so that the manager can do the planning for improvement and development of infrastructure that has been built. Audits carried out by using the COBIT 4.1 framework as controls. Based on the results of audits using COBIT 4.1 Maturity Model, obtained level of maturity in the process AI3 (Obtain and Maintain Infrastructure Technology) which is located on level 3 (defined). For an objective assessment, the maturity level is between level 3 (defined) and level 4 (managed and measurable) amounting 3,53. Recommendation given in stages based on the level of maturity that is obtained from the evaluation that maturity level 3 (defined) to be improved to the maturity level 4 (managed and measurable), then increased again towards the ideal maturity level 5 (optimized).
20
Fagbore, Olasunbo Olajumoke, Jeffrey Chidera Ogeawuchi, Oluwatosin Ilori, Ngozi Joan Isibor, Azeez Odetunde, and Bolaji Iyanu Adekunle. "A Review of Internal Control and Audit Coordination Strategies in Investment Fund Governance." International Journal of Social Science Exceptional Research 1, no. 2 (2022): 58–74. https://doi.org/10.54660/ijsser.2022.1.2.58-74.
Full textAbstract:
This paper presents a comprehensive review of internal control and audit coordination strategies in investment fund governance, with particular emphasis on the integration of control frameworks, deficiency tracking systems, and IT General Controls (ITGCs) oversight. Drawing from firsthand audit interactions within investment fund environments, the study synthesizes current practices and identifies critical touchpoints between internal control design, real-time audit collaboration, and technology-enabled compliance. In the evolving landscape of fund governance, internal control frameworks serve as the bedrock for financial integrity, regulatory compliance, and operational resilience. However, fragmented audit processes, siloed control owners, and ineffective issue resolution mechanisms often result in recurring audit findings, delayed remediations, and elevated risk exposure. This review explores how synchronized audit coordination, particularly between internal and external audit teams, can eliminate redundancy, enhance transparency, and accelerate risk mitigation. Special focus is placed on the role of ITGCs in shaping the effectiveness of automated financial processes across fund administration systems. The review highlights successful models of ITGC collaboration with functional audits especially in access controls, change management, and data integrity to reduce material weaknesses. It further emphasizes the growing importance of cross-functional deficiency tracking platforms that centralize audit comments, streamline management responses, and monitor remediation progress against regulatory timelines. This paper identifies emerging trends such as continuous control monitoring, risk-adjusted control mapping, and integration of audit readiness tools with governance, risk, and compliance (GRC) systems. Case-based insights from real-world audit walkthroughs illustrate how funds can adopt agile audit methodologies, enforce accountability through escalation matrices, and align control environments with COSO and COBIT frameworks. By bridging audit and control operations, fund managers, compliance officers, and audit liaisons can foster a proactive governance culture that is audit-ready, data-driven, and investor-focused. The study concludes with strategic recommendations for implementing scalable audit coordination protocols, reinforcing internal controls with automation, and promoting stakeholder collaboration across fund entities.
21
Kerr, David S., and Uday S. Murthy. "The importance of the CobiT framework IT processes for effective internal control over financial reporting in organizations: An international survey." Information & Management 50, no. 7 (2013): 590–97. http://dx.doi.org/10.1016/j.im.2013.07.012.
Full text
22
Mulgund, Pavankumar, Palak Pahwa, and Gaurav Chaudhari. "Strengthening IT Governance and Controls Using COBIT." International Journal of Risk and Contingency Management 8, no. 4 (2019): 66–90. http://dx.doi.org/10.4018/ijrcm.2019100104.
Full textAbstract:
With the emergence of COBIT in 1996, organizations were introduced to a framework that aimed to combine the best practices and provide essential guidelines for the successful business development along with the growth of competitiveness of the organization. Today, COBIT 5 has been adopted by numerous organizations as the primary business framework for the governance and management of enterprise IT. This article explores the evolution of the framework since its genesis to the present. The authors perform a systematic literature review taking into account a total of 93 publications that relate to various aspects of COBIT. The research papers have been categorized on the basis of their scope and on their nature (empirical, conceptual or descriptive). The data collected from these publications are analyzed to identify various trends- commonalities, differences, themes, and the nature of the study. This article also provides an overview in terms of the need of COBIT, the strengths and weaknesses of each version of the framework and how each version addresses the shortcomings of its predecessors. The research article also comprehensively discusses the state of art version of the framework COBIT 5. Further, they present a detailed analysis of how this framework is currently leveraged by organizations to identify and mitigate IT and organizational risk through better governance. In conclusion, this article also discusses the issues faced by the enterprises in its implementation today and scope of future research.
23
Rubino, Michele, and Filippo Vitolla. "Corporate governance and the information system: how a framework for IT governance supports ERM." Corporate Governance 14, no. 3 (2014): 320–38. http://dx.doi.org/10.1108/cg-06-2013-0067.
Full textAbstract:
Purpose – The purpose of this paper is to illustrate how information technology (IT) governance supports the process of enterprise risk management (ERM). In particular, the paper illustrates how the Control Objectives for Information and related Technology (COBIT) framework helps a company reach its objectives by integrating and supporting the Enterprise Risk Management by the Committee of Sponsoring Organizations (COSO ERM) framework. Design/methodology/approach – This paper explains how the integration between the two frameworks (COSO ERM and COBIT 5) can represent, for any organization, a good way to achieve the objectives of internal control and risk management and, more generally, corporate governance. Findings – The paper identifies some gaps in the COSO ERM and illustrates how the COBIT framework facilitates the implementation of an adequate system of internal control. Originality/value – The originality of the work presented here is in analyzing the COBIT 5 together with the COSO ERM framework. This paper highlights that is not enough to apply only an internal control framework for achieving the risk management and internal control system objectives. An IT governance framework, such as COBIT 5 is proposed as a tool that support risk management in order to develop an adequate system of internal control.
24
Supit, Yonal, and Edy Irwansyah. "Kajian Keamanan Sistem Informasi Akademik Menggunakan Framework COBIT 5." Teknomatika: Jurnal Informatika dan Komputer 17, no. 1 (2024): 10–24. http://dx.doi.org/10.30989/teknomatika.v17i1.1330.
Full textAbstract:
This study examines the security of academic information systems using the COBIT 5 Framework. Key issues are uncertainty in protecting student and staff data, the potential for cyberattack vulnerabilities, and non-compliance with international security standards. The goal is to evaluate the security level of the system and suggest improvement recommendations according to COBIT 5 principles. Research methods include Renstar IT policy analysis, system audits, and interviews with IT personnel and related academic communities. Data is analyzed quantitatively to identify weaknesses and opportunities for improvement. The COBIT 5 framework is used as a security assessment framework. The results highlight the need for improvement, including access management, activity monitoring, and continuous improvement plans. Using COBIT 5, substantial measures such as strengthening access controls and developing disaster recovery plans can be identified. The research emphasizes the importance of a structured approach in improving the security of academic information systems, with COBIT 5 as a useful tool. With the right measures, system security can be enhanced to protect the integrity, confidentiality, and availability of critical data for educational institutions. In conclusion, these measures demonstrate how important COBIT 5 implementation is in addressing information security challenges in academic environments.
25
Damayanti, Mira, and Agnes Advensia Chrismastuti. "INTERNAL AUDIT MODEL POST-ERP IMPLEMENTATION (ENTERPRISE RESOURCE PLANNING) AT PT XYZ." KEUNIS 11, no. 2 (2023): 188. http://dx.doi.org/10.32497/keunis.v11i2.4358.
Full textAbstract:
<em><span lang="EN-US">The research aims to compare the audit process carried out after ERP implementation with the audit model using the 2019 COBIT framework in the Monitor, Evaluate and Assess domain. It is evaluating the effectiveness of the audit using COBIT 2019 compared to the audit currently being conducted at PT XYZ. This research is applied research, using a case study method and a qualitative approach. The object of this research is PT XYZ, a company distributing pipe and pump products. 2017 PT XYZ implemented an ERP system to replace the previous program. Data analysis with the steps applied compared to the current audit process carried out at PT XYZ with the 2019 COBIT-based audit using the Monitor, Evaluate, and Assess (MEA) approach and evaluated the effectiveness of the audit model using COBIT 2019, which can ensure that audit objectives in the ERP system can be achieved effectively. The result of the research shows that there are differences in the audit process that PT has carried out. XYZ after implementing ERP with an audit model using the COBIT 2019 framework. This difference can be affected by the time of system implementation. The audits using COBIT 2019 can be considered very effective compared to the previous audits conducted by PT XYZ. By using COBIT 2019, it can help PT XYZ in designing governance using several design factors that have been provided.</span></em>
26
AB, Mutiara, Prihandoko, Prasetyo E, and Widya C. "Analyzing COBIT 5 IT Audit Framework Implementation using AHP Methodology." JOIV : International Journal on Informatics Visualization 1, no. 2 (2017): 33. http://dx.doi.org/10.30630/joiv.1.2.18.
Full textAbstract:
COBIT has been known as the best practice standard in IT Governance, both in management or evaluated of the IT utilization. The role of IT Audit framework to evaluate the benefits of Information Technology in an enterprise either its gain benefits or fail in order to achieved the business objective. In Indonesia, most organization has been implemented the IT as their main support of process business, and deliberately conduct the evaluation of the implementation used some IT Audit framework such as ITIL, TOGAF, COBIT and other Government rule. Those frameworks have been known as an IT governance framework, most of organizations are choosing COBIT and ITIL due to the internal control issues. Therefore, this research will be focus on COBIT 5 utilization as an IT audit frameworks, a comparison also will be done between the COBIT 5 and ITIL. The comprehensive parameters in COBIT 5 which provides 5 category process in two domain, management and control will be the variables of prioritizing process among them for each object. This paper will analyze the use of those parameters for some selected organization and prioritize them using the Analytical Hierarchy Process (AHP) methodology that will lead to create a new model of IT Audit frameworks based on the user requirement and opinion. the analyzing process the implementation of COBIT 5 framework in some organizations, and priorities the preferred attributes of COBIT 5 that very likely and suitable to the culture and needs of user in Indonesia using AHP Methodology, and create the best qualified model of IT Audit that fit with the requirements of the organizations especially for Indonesia organizations and companies.
27
Edirisinghe Vincent, Nishani, and Robert Pinsker. "IT risk management: interrelationships based on strategy implementation." International Journal of Accounting & Information Management 28, no. 3 (2020): 553–75. http://dx.doi.org/10.1108/ijaim-08-2019-0093.
Full textAbstract:
Purpose Risk management is an under-explored topic in information systems (IS) research that involves complex and interrelated activities. Consequently, the authors explore the importance of interrelated activities by examining how the maturity of one type of information technology risk management (ITRM) practice is influenced by the maturity of other types of ITRM practices. The purpose of this paper is to explore these relationships, the authors develop a model based on organizational strategy implementation theory and the COBIT framework. The model identifies four types of ITRM practices, namely, IT governance (ITG); communications; operations; and monitoring. Design/methodology/approach The authors use a survey methodology to collect data on senior information technology (IT) executives' perceptions on ITRM practices. The authors use an exploratory factor analysis (EFA) to identify four dimensions of ITR M practices and conduct a structural equation model to observe the associations. Findings The survey of senior IT executives' perceptions suggests that the maturity of ITRM practices related to ITG, communications and monitoring positively influence the maturity of operations-related ITRM practices. Further, the maturity of communications-related ITRM practices mediates the relationship between ITG and operations-related ITRM practices. The aggregate results demonstrate the inter-relatedness of ITRM practices and highlight the importance of taking a holistic view of ITRM. Research limitations/implications Given the content and complexity of the study, it is difficult to obtain senior executives’ responses in large firms. Therefore, this study did not use a separate sample to conduct the EFA to obtain the underlying four constructs. Also, the ITRM practices identified are perceptions. Even though the authors consider this to be a limitation, it also communicates the pressing areas that senior IT professionals are expected to focus given various external and internal pressures. This study focuses on large firms, hence, small to midsize firms are not well represented. Practical implications Given the demanding regulatory and financial reporting requirements and the complexity of IT, there is an increasing possibility that the accounting profession will require IT professionals to focus on operations-related ITRM practices, such as security, availability and confidentially of data and IS are closely related to internal controls. However, as this study demonstrates, the maturity of operations-related ITRM practices cannot be achieved by focusing solely on operations-related IT risks. Therefore, IT practitioners can use this study to raise awareness of the complex interrelationships among ITRM practices among managers to improve the overall ITRM practices in a firm. Social implications The study also shows the importance of establishing proper communication channels among various business functions with regard to ITRM. Extant IT research identifies the importance of the firm’s communication structure on various firm performance measures. For example, Krotov (2015) mentions the importance of communication in improving trust between the Chief Executive Officer and Chief Financial Officer. Firms with established communication channels have the necessary medium to educate and involve other departments with regard to the security of data. Thus, such firms are more likely to have mature risk management practices because of increased awareness of risks and preventive techniques. Originality/value The study contributes to ITG and risk management literature by identifying the role of monitoring-related ITRM practices on improving other areas of risk management. The study also extends the existing ITRM literature by providing an organizational strategy perspective to ITRM practices and showing how ITRM practices follow organizational strategy implementation. Further, the authors identify four underlying ITRM categories. Consequently, researchers could choose between two factors (Vincent et al., 2017) or four factors based on the level of detail required for the particular study.
28
Toyner, Lilis Griffith, and Sfenrianto Sfenrianto. "INFORMATION SYSTEM SECURITY EVALUATION USING COBIT 5 FRAMEWORK." Journal of Information System Management (JOISM) 4, no. 2 (2023): 147–57. http://dx.doi.org/10.24076/joism.2023v4i2.992.
Full textAbstract:
Most companies use information technology to develop their business. But there are things to note, some threats can occur and cause losses. Undesirable events hinder the achievement of company goals and strategies. PT XYZ believes that information security is important in all business activities. Threats that can compromise information security. Information is an important asset for PT XYZ. Therefore, it is necessary to evaluate or measure the controls and activities that have been implemented to protect company data/information. Evaluation in this paper uses the COBIT 5 Framework which focuses on Manage Security Services (DSS05). Keywords: Evaluation, COBIT 5, Manage Security Services, Capability Level
29
Anggun Putri Dwi Meilina, Aji Priyambodo, and Andreas Tigor Oktaga. "AUDIT SISTEM INFORMASI MENGGUNAKAN FRAMEWORK COBIT 5 PADA SIAKAD INSTITUT TEKNOLOGI DAN BISNIS (ITB) SEMARANG." Jurnal Cakrawala Informasi 4, no. 2 (2024): 121–40. https://doi.org/10.54066/jci.v4i2.528.
Full textAbstract:
Penelitian ini bertujuan untuk melaksanakan audit system informasi pada Sistem Informasi Akademik (SIAKAD) di Institut Teknologi dan Bisnis (ITB) Semarang dengan memanfaatkan kerangka kerja COBIT 5. Audit system informasi merupakan Langkah krusial untuk menilai efektivitas, efesiensi, serta keamanan system informasi yang dioperasikan oleh organisasi. COBIT 5 sebagai kerangka kerja yang di akusi secara internasional, menyediakan pendekatan terstruktur untuk memastikan tata keloladan manajemen teknologi informasi yang efektif. Penelitian ini mengguakan metodologi evaluasi terhadap proses-proses kunci dalam COBIT 5, seperti manajemen risiko, pengelolaan layanan TI, dan pengelolaan sumber daya TI, yang relevan dengan implementasi SIAKAD. Data diperoleh melalui wawancara, observasi, dan penelaahan dokumen internal. Hasil audit mematuhi beberapa standar COBIT 5, meskipun terdapat beberapa area yang masih membutuhkan perbaikan untuk meningkatkan performa dan keamanan sistem. Peneliti ini diharapkan dapat memberikan rekomendasi strategis bagi ITB Semarang untuk mengoptimalkan sistem informasi akademik, serta menjadi acuan bagi institusi lain yang ingin menerapkan COBIT 5 dalam audit sistem informasi.
30
Anggun Putri Dwi Meilina, Aji Priyambodo, and Andreas Tigor Oktaga. "AUDIT SISTEM INFORMASI MENGGUNAKAN FRAMEWORK COBIT 5 PADA SIAKAD INSTITUT TEKNOLOGI DAN BISNIS (ITB) SEMARANG." Jurnal Cakrawala Informasi 4, no. 2 (2024): 121–40. https://doi.org/10.54066/jci.v4i2.498.
Full textAbstract:
Penelitian ini bertujuan untuk melaksanakan audit system informasi pada Sistem Informasi Akademik (SIAKAD) di Institut Teknologi dan Bisnis (ITB) Semarang dengan memanfaatkan kerangka kerja COBIT 5. Audit system informasi merupakan Langkah krusial untuk menilai efektivitas, efesiensi, serta keamanan system informasi yang dioperasikan oleh organisasi. COBIT 5 sebagai kerangka kerja yang di akusi secara internasional, menyediakan pendekatan terstruktur untuk memastikan tata keloladan manajemen teknologi informasi yang efektif. Penelitian ini mengguakan metodologi evaluasi terhadap proses-proses kunci dalam COBIT 5, seperti manajemen risiko, pengelolaan layanan TI, dan pengelolaan sumber daya TI, yang relevan dengan implementasi SIAKAD. Data diperoleh melalui wawancara, observasi, dan penelaahan dokumen internal. Hasil audit mematuhi beberapa standar COBIT 5, meskipun terdapat beberapa area yang masih membutuhkan perbaikan untuk meningkatkan performa dan keamanan sistem. Peneliti ini diharapkan dapat memberikan rekomendasi strategis bagi ITB Semarang untuk mengoptimalkan sistem informasi akademik, serta menjadi acuan bagi institusi lain yang ingin menerapkan COBIT 5 dalam audit sistem informasi.
31
Destriani, Maya, and Yeffry Handoko Putra. "Rencana Audit Tata Kelola Sistem Informasi Di Universitas Subang Menggunakan Framework COBIT 2019." Jurnal Tata Kelola dan Kerangka Kerja Teknologi Informasi 9, no. 1 (2023): 19–33. http://dx.doi.org/10.34010/jtk3ti.v9i1.9164.
Full textAbstract:
Pemanfaatan sistem informasi pada perusahaan dapat mendukung operasional sebagai salah satu faktor untuk tercapainya rencana strategis dari organisasi. Universitas Subang merupakan lembaga perguruan tinggi swasta yang telah menggunakan sistem informasi sebagai serangkaian prosedur kerja yang menangani beberapa proses diantaranya Sistem Informasi Akademik, Sistem Informasi Keuangan, Sistem Informasi Audit Internal dan Sistem Informasi Penerimaan Mahasiswa Baru. Saat ini Lembaga Penjaminan Mutu (LPM) belum pernah melakukan audit internal untuk tata kelola Sistem Informasi yang ada di lingkungan Universitas Subang, sehingga diperlukan penyusunan rencana audit tata kelola sistem informasi untuk dapat membantu LPM dalam mengevaluasi kesesuaian kinerja maupun operasional dari sistem informasi yang telah berjalan dan orang yang terlibat didalamnya, Framework yang digunakan sebagai panduan Audit tata Kelola sistem informasi pada penelitian ini adalah Framework COBIT 2019, COBIT 2019 dipilih karena bersifat konseptual, fleksibel dan terbuka yang dapat disesuaikan dengan tujuan bisnis perusahaan. Adanya rencana audit tata kelola sistem informasi diharapkan dapat membantu auditor di Universitas Subang mengenai tahapan audit tata kelola sistem informasi untuk mengetahui tingkat kemampuan (capability level), berikut temuan dan rekomendasi dengan menggunakan Framework COBIT 2019.
32
Jawad, Mohammed Majeed, Mohammed Hashim Ali, Ameer Ali Khaleel, and Mohammed Faez Hasan. "Evaluating the performance of IT management under the implementation of the COBIT 2019 framework." Eximia 12 (August 25, 2023): 18–36. http://dx.doi.org/10.47577/eximia.v12i1.331.
Full textAbstract:
The study aims to identify the concepts and principles of the COBIT framework 2019 and its role in evaluating the performance of information technology management. Work efficiency, keeping pace with modern trends, and assisting in strategic decision-making This study was adopted to demonstrate the impact of the 2019 COBIT framework for evaluating the performance of information technology management on data obtained from the International Development Bank to link study variables and prove its hypotheses. The study reached several conclusions, the most important of which is that the COBIT 2019 framework is one of the most important control frameworks that can be integrated with the Balanced Scorecard (BSC) technology to enhance confidence and internal control procedures and fill gaps in the economic units that use information technology in their activities.
33
Trisnawati, Ni Komang Adi, I. Kadek Noppi Adi Jaya, and Ida Ayu Utari Dewi. "Mengukur Tingkat Kematangan Learning Management System (LMS) Menggunakan Framework COBIT 5 Domain MEA dan EDM (Studi Kasus: Universitas Hindu Indonesia)." RESI : Jurnal Riset Sistem Informasi 3, no. 2 (2025): 275–84. https://doi.org/10.32795/resi.v3i2.7008.
Full textAbstract:
LMS is a platform for managing, delivering and tracking online training or education. COBIT is a framework that will be used for information technology (IT) management and governance. The MEA Domain ensures the system has the appropriate design and controls required to comply with regulatory requirements. Meanwhile, EDM will ensure goals are achieved by evaluating stakeholder needs, conditions and choices. The data collection process used is Interview, Observation, Questionnaire. The process carried out to determine information system technology that is in accordance with the COBIT 5 standard is Maturity Level analysis and Gap Analysis. The Maturity Level of the Learning Management System at Hindu Indonesia University using COBIT 5 MEA and EDM Domains with the COBIT 5 framework reaches Level 4: Predictable Process. The level of gap in the Learning Management System at Indonesian Hindu University is 0.52 in MEA01 and 0.5 in EDM01. To reach Maturity Level 5, managers need to improve the quality of governance, supervision and stakeholder involvement in the LMS management process.
34
Ahmad, Hisham Mohammed, and Al-Shayeb Al-Shayeb. "The Impact of Cybersecurity Assurance on the Quality of Internal Audit at The Financial Technology Companies in Jordan: The Moderating Role of COBIT 2019." International Journal of Applied Economics, Finance and Accounting 22, no. 2 (2025): 116–32. https://doi.org/10.33094/ijaefa.v22i2.2305.
Full textAbstract:
Investigate the impact of cybersecurity assertions across its five dimensions (data security, system security, network security, operational security, and physical security) on the quality of internal auditing in FinTech companies operating and examined the role of the COBIT2019 framework as a moderating variable in this relationship. The research relied on a descriptive analytical approach. The study targeted employees of the internal audit, cybersecurity, and IT governance departments in FinTech companies. A total of 180 questionnaires were distributed, and 143 valid responses were obtained for analysis. Cybersecurity assurances have a positive impact on internal audit quality. System security is considered the most influential factor in internal audit quality. The COBIT2019 framework also strengthens this impact by aligning governance and audit processes. The COBIT 2019 framework provides a systematic mechanism for aligning cybersecurity requirements with internal audit standards, and contributes to enhancing integration between information security units and audit teams, leading to improved integration of risk management and decision-making. Fintech companies build a governance framework that ensures their effectiveness by adopting the COBIT 2019 standards as a foundation for digital governance and measuring the compliance of IT governance practices with the International Standards for Internal Auditing.
35
Novitasari, Dewi, and Dr Tata Sutabri. "Perencanaan Srategis Sistem Informasi Pariwisata menggunakan Framework Cobit 5." JURNAL TEKNOLOGI DAN ILMU KOMPUTER PRIMA (JUTIKOMP) 6, no. 1 (2023): 23–32. http://dx.doi.org/10.34012/jutikomp.v6i1.3607.
Full textAbstract:
Failure to plan the utilization of Information Systems and Information Technology results in organizations/institutions facing a relatively high increase in financial expenses. Advances in information technology make Information Systems and Information Technology have an important role for the running of an organization today. Information system strategic planning is needed that is aligned with organizational goals that are in accordance with organizational needs and can provide benefits. Strategic planning must be in accordance with the needs of activities and organizational goals. This research was conducted using the Cobit 5 Framework with the Ward and Peppard method by applying several stages of analysis. It is known that the priority of the BSC Cobit 5 Dimension sequentially is financial, learning and growth, internal and costumer. While TI's goal of the cobit 5 process, number 7 gets the first priority where the processes that are the first order are EDM04, APO01 and APO07 and so on.
36
Destyanto, Febrian, Kusrini Kusrini, and Henderi Henderi. "Evaluasi Tata Kelola TI Berdasarkan Perspektif Internal Balance Scorecard dan Framework Cobit 4.1 (Studi Kasus: Institut Teknologi Budi Utomo Jakarta Timur)." Respati 15, no. 2 (2020): 37. http://dx.doi.org/10.35842/jtir.v15i2.346.
Full textAbstract:
INTISARITata kelola sistem informasi menentukan tingkat pencapaian dari tujuan bisnis perusahaan. Semakin baik tata kelola sistem informasi berdampak pada keberhasilan mengelola proses dan tujuan bisnis dalam aspek akuntabilitas, resposibilitas dan transparansi. Model COBIT 4.1 digunakan untuk dapat mengukur tingkat keberhasilan suatu tata kelola sistem informasi sesuai dengan tujuan bisnis perusahaan. penelitian ini dilakukan untuk mengetahui tingkat kematangan tata kelola sistem informasi dari institut teknologi budi utomo dengan menggunakan perspektif internal dengan focus peningkatan dan pemeliharaan fungsionalitas proses bisnis pada model Balanced Scorecard sebagai alat untuk memetakan rencana strategis perusahaan, lalu dilakukan pengukuran tingkat kematangan menggunakan sub domain terpilih pada COBIT 4.1. Dari pemetaan Balanced Scorecard dan COBIT4.1 diperoleh sub domain PO2, PO3, AI2, AI4, dan AI7 yang digunakan untuk mengevaluasi tata kelola sistem informasi pada institut teknologi budi utomo berdasarkan model framework COBIT 4.1. Hasil pengukuran tingkat kematangan sub domain terpilih didapatkan hasil tingkat kematangan level 2 atau proses sudah dilakukan namun belum baku dan terdokumentasi secara terstruktur. Sedangkan tingkat kematangan yang diharapkan berada pada level 3 atau proses sudah terdefinisi baku dan terdokumentasi dengan struktur yang jelas dan baik. Hasil akhir dari penelitian berupa rekomendasi perbaikan untuk menuju tingkat kematangan yang diharapkan. Kata Kunci : Tingkat Kematangan, Balanced Scorecard (BSC), Perspektif Internal, COBIT 4.1, Tata Kelola Sistem Informasi ABSTRACTInformation system governance determines the level of achievement of the company's business goals. The better governance of information systems affects the success of managing business processes and objectives in aspects of accountability, resposibility and approval. The COBIT 4.1 model is used to measure the success of an information system governance in accordance with the company's business goals. This research was conducted to study the maturity level of information systems governance Institut Teknologi Budi Utomo using an internal perspective with a focus on improving and maintaining business process functionality in the Balanced Scorecard model as a tool to map out the company's strategic plan, then measuring the maturity level using sub domains obtained in COBIT 4.1. From the mapping of the Balanced Scorecard and COBIT4.1, PO2, PO3, AI2, AI4, and AI7 sub-domains are used to collect information systems governance at the utmost Budi technology institution based on the framework of the COBIT 4.1 model. The results of the measurement of the level of maturity of the sub domain are taken the level 2 maturity level results or the process has been carried out but not yet standardized and structured documented. While the expected level of maturity at level 3 or process is standard and documented with a clear and good structure. The final results of the study consisted of improvements to achieve the expected level of maturity. Keywords: Maturity Level, Balanced Scorecard (BSC), Internal Perspective, COBIT 4.1, Information System Governance
37
Ledezma Rojo, Daniela, Rocío Ortega Palacios, and Porfirio Espejel Flores. "Expert System for Automation in the Implementation of COBIT 5 Case study: Teacher evaluation at UPPachuca." International Journal of Combinatorial Optimization Problems and Informatics 16, no. 1 (2025): 248–57. https://doi.org/10.61467/2007.1558.2025.v16i1.998.
Full textAbstract:
Information technology (IT) governance and management are critical to organizational success inthe digital age. The COBIT (Control Objectives for Information and Related Technologies) frameworkhas been widely recognized as an effective tool for aligning IT with strategic objectives, managing risksand ensuring regulatory compliance. However, COBIT implementation and monitoring can becomplex and resource-demanding, which has generated growing interest in its automation. Thisarticle explores how COBIT model automation, through the integration of technology, can optimizeIT management processes, improve the accuracy of controls, and provide real-time information.Additionally, the challenges inherent to this automation are addressed, such as adaptation tospecific contexts and integration with pre-existing systems. Based on a theoretical analysis and a casestudy, a reference framework is offered for the successful implementation of COBIT automation,highligh its potential to transform IT governance in organizations in various sectors
38
Pawan, Elvis. "Evaluation of Information Technology Governance in Banking Companies Using BSC and COBIT 4.1." International Journal of Computer and Information System (IJCIS) 2, no. 2 (2021): 23–27. http://dx.doi.org/10.29040/ijcis.v2i2.27.
Full textAbstract:
Abstract - The era of industrial revolution 4.0, the progress of companies to achieve their vision and mission goals, is largely determined by the role of information technology, especially banking companies such as BPR PMM, the problem is that BPR PPM has not fully realized the importance of managing a business change, in order to maintain the company's existence. To determine the maturity level of the application of information technology in a company, it is necessary to conduct a thorough evaluation. In this study, there are seventeen processes in Cobit 4.1 that are solved on an internal balanced scorecard perspective. Cobit is a framework that is very well used in measuring the effectiveness of the application of information technology, while the balanced scorecard (BSC) is a framework that is very suitable to be applied to measure or assess the performance of a company. The combination of the two frameworks can provide a clear picture of internal perspectives that can be used by company leaders in improving information technology governance. This study resulted in a conclusion that the company maturity level in terms of business change management based on Cobit 4.1 and the internal balanced scorecard perspective has an average value of 2.90 at level 3 with defined categories.
39
Nalenan, Mirna Susanti. "ANALISIS TATA KELOLA SISTEM INFORMASI MANAJEMEN RUMAH SAKIT UMUM DAERAH PROF. DR. W. Z. JOHANNES KUPANG MENGGUNAKAN COBIT 5 FRAMEWORK." HOAQ (High Education of Organization Archive Quality) : Jurnal Teknologi Informasi 12, no. 2 (2023): 90–102. http://dx.doi.org/10.52972/hoaq.vol12no2.p90-102.
Full textAbstract:
It is needed an audit system control that does not only provide an evaluation of the Analysis Information System Management of Regional General Hospital Prof. Dr. W. Z. Johannes Kupang Using the Cobit 5 Framework, but also can provide input for the improvement of IT management in the future. This research is qualitative using interview and observation methods to assess the processes of several domains contained in the Cobit 5-based Capability Level standard. Researchers used the Cobit 5 framework with a focus on the MEA domain (Monitor, Evaluate, and Assess) as a reference. The focus is on the domain based on the problems that exist in the Regional General Hospital Prof. Dr. W. Z. Johannes Kupang to monitor, evaluate and assess the suitability of the domain with the hospital strategy in assessing the needs of the hospital and whether the current system still meets the objectives that have been designed and controls needed to meet regulatory requirements or not. This research is expected to provide good results so that it can be used as material or a reference in the development of Analysis Information System Management in the Regional General Hospital Prof. Dr. W. Z. Johannes Kupang Using the Cobit 5 Framework.
40
Phillips, Brandis. "Information Technology Management Practice." Journal of Organizational and End User Computing 25, no. 4 (2013): 50–74. http://dx.doi.org/10.4018/joeuc.2013100103.
Full textAbstract:
The purpose of this research is to put forth a model that examines the impact of information technology (IT) related management practices upon IT effectiveness. Given the nature and use of these practices as a management activity, control theory is used as a framework to determine if IT management practices serving as controls can achieve positive outcomes. A portion of the Control Objectives for IT (COBIT) framework is used as a proxy for management practices due to the ability to ground the COBIT practices in previous literature and serve as IT controls. The results of a survey of IT and audit professionals suggest that the model put forth with IT related management practices as an independent second order factor, does indeed explain variance in perceptions of IT effectiveness as mediated through perceptions of IT value and perceptions of IT risk however only IT value is a significant predictor of IT effectiveness.
41
Yuliana, Arika. "the analysis information technology service management." Smart Techno (Smart Technology, Informatics and Technopreneurship) 5, no. 2 (2023): 25–32. https://doi.org/10.59356/smart-techno.v5i2.87.
Full textAbstract:
: Menggambarkan masalah yang terjadi dalam layanan IT di PT. Pelindo III, baik dari segi internal maunpun external. Beberapa masalah yang dihadapi meliputi kurangnya pemahaman sistem dan transfer knowledge yang tidak maksimal saat terjadinya perubahan, keterlambatan dalam penyelesaian layanan IT karena beban kerja yang tinggi, komunikasi yang kurang efektif antara pihak internal maupun eksternal dalam menginformasikan pemberitahuan sistem, serta faktor-faktor lain seperti kurangnya transfer knowledge kepada pengguna, keterbatasan personal yang menangani sistem, dan kurangnya informasi yang diberikan oleh pengguna internal terhadap penguna eksternal terkait permaslahan yang tersampaikan. PT Pelindo III telah menetapkan SLA (Service Level Agreement) atau penyelesaian sesuai dengan kategori permasalahan, dan permasalahan tersebut di informasikan kepada pengguna eksternal beserta cara penyelesaiannya agar dapat dihindari dimasa depan atau dapat diselesaikan oleh pengguna itu sendiri. Untuk meningkatkan tata Kelola layanan IT, penulis menyatakan perlunya dilakukan audit sistem informasi menggunakan framework COBIT 5. Framework ini digunakan untuk mengukur dan menilai tata Kelola dan manajemen TI di suatu instnsi atau organisasi. Dalam penelitian ini, penulisi akan menganalisis Information Technology Service Management (ITSM) dalam operasi dukungan menggunakan framework COBIT 5.
42
Hartanti, Benih. "ANALYZING THE STRATEGIC ALIGNMENT BETWEEN INFORMATION SYSTEM TECHNOLOGY AND BUSINESS PROCESS IN SMALL MEDIUM ENTERPRISE (SME) USING FRAMEWORK COBIT 4.1– A CASE STUDY IN UNIVERSAL TRADING, SURABAYA." TIJAB (The International Journal of Applied Business) 1, no. 1 (2019): 47. http://dx.doi.org/10.20473/tijab.v1.i1.2017.47-59.
Full textAbstract:
This research was conducted in Universal Trading as one of SME that applies Information Technology as daily business process in order to analyze whether the use of Information Technology is alligned with the strategy formulation. Type of research is Descriptive Research with Qualitative technique by using direct observation and depth interview with all user of TI from leader to staff. In depicting a further detail description, Internal and External Matrixas well as COBIT Verse 4.1 were utilized in supporting so. From the position of Average as a result of IFE-EFE Matrix and the Score of COBIT 4.1 in primary process of Strategic Allingment is 2,95 could be concluded that only strategy of new market penetration could be alligned by the use of Information Technology as the company basic business process is limiting the strategy of new product development using only company’s internal source. Keyword: strategic allignment, information technology, COBIT 4.1
43
MIRA, TRISARI, Eko Sediyono, and Ade Iriani. "Audit Pemanfaatan Sistem Informasi Akademik Di Universitas Kristen Wira Wacana Sumba Menggunakan Framework Cobit 5." Jointer - Journal of Informatics Engineering 2, no. 02 (2021): 7–16. http://dx.doi.org/10.53682/jointer.v2i02.39.
Full textAbstract:
Universitas Kristen Wira Wacana Sumba dalam menunjang aktivitasnya sebagai Lembaga Pendidikan diwajibkan menggunakan Sistem Informasi Akademik. Memiliki sebuah Sistem Informasi Akademik seperti Ecampuz yang berbasis web tentu membutuhkan Audit, Pengawasan dan Evaluasi terhadap kinerjanya agar layanan yang dihasilkan terus menunjukan kualitas yang baik. Evaluasi dan Audit Sistem dilakukan dengan menggunakan kerangka kerja Cobit 5, sedangkan pada Pengujian dan Pengukuran Kualitas website menggunakan perangkat Apache Jmeter. Proses Cobit 5 yang digunakan yaitu: Optimasi Risiko (EDM03), Pengelolaan Keamanan (APO13), Pengelolaan Risiko (APO12), Pengelolaan Perubahan (BAI06), Mengelola Operasi (DSS01), Permintaan Layanan (DSS02), Penanganan Masalah (DSS03), Layanan Keamanan (DSS05) , Pemantauan dan Evaluasi Kerja (MEA01), Kendali Internal Terhadap Pemantauan dan Evaluasi (MEA02). Analisis kesenjangan dan Maturity Level ditujukan untuk memperoleh hasil Audit dengan kematangan yang baik. Hasil yang diperoleh dari nilai rata - rata berdasarkan Analisis Kesenjangan terhadap 10 Proses Cobit 5 adalah 1.2 dan pengujian Apache Jmeter menunjukan throughput sebesar 101.746/menit dan Deviasi adalah 3671.
44
Rahayu Utami, Lala Arika, and Sri Dewi Novita. "Analisis Audit Sistem Informasi Pelayanan Perpustakaan Menggunakan Framework Cobit 5." Merkurius : Jurnal Riset Sistem Informasi dan Teknik Informatika 2, no. 4 (2024): 216–26. http://dx.doi.org/10.61132/merkurius.v2i4.165.
Full textAbstract:
Libraries as information service providers require information systems that can manage data and information effectively and efficiently. Information system audits are needed to evaluate information system performance and ensure organizational goals are achieved. This research aims to analyze library service information system audits using the COBIT 5 framework, because it focuses on services and service requests. The stages of an ABC library service audit include determining audit objectives, identifying library services using the Framework, capability level analysis, testing controls and evidence at the capability level, verifying results, and compiling audit results reports and recommendations. Audits carried out for library services focus on Process Domains DSS01 and DSS02.
45
Ramanda, Rezky. "AUDIT TATA KELOLA TEKNOLOGI INFORMASI MENGGUNAKAN FRAMEWORK COBIT 4.1 PADA TELKOM PENAJAM." Journal of Software Engineering and Information Systems 4, no. 2 (2021): 63–75. http://dx.doi.org/10.37859/seis.v4i2.6837.
Full textAbstract:
Penelitian ini bertujuan untuk mengevaluasi dan meningkatkan keamanan data di Plasa Telkom Penajam menggunakan pendekatan audit tata kelola teknologi informasi dengan memanfaatkan framework COBIT 4.1. metode pengumpulan data pada peneilitian ini wawancara, observasi, dan penelusuran dokumentasi yang relevan. Temuan audit mengungkapkan bahwa Plasa Telkom Penajam masih memiliki beberapa kelemahan dalam aspek keamanan data yang memerlukan perbaikan.Audit tata kelola TI dengan menggunakan framework COBIT 4.1 akan membantu Telkom Penajam untuk mengidentifikasi celah keamanan dan mengimplementasikan kontrol yang efektif untuk melindungi data sensitif mereka dari ancaman internal dan eksternal. Hasil dari penelitian ini beberapa aspek keamanan data yang perlu ditingkatkan demi menjaga integritas dan kerahasiaan informasi yang dikelola oleh perusahaan. Diharapkan penelitian ini dapat mengurangi risiko terhadap ancaman keamanan data, meningkatkan kesadaran dan pemahaman karyawan mengenai keamanan data, serta memperkuat infrastruktur teknologi informasi perusahaan.
46
Wilonotomo, W., Wahyu Eka Putra, and Dedi Muhaemin. "ANALYSIS OF E-ARRIVAL CARD SYSTEM WITH COBIT 5 FRAMEWORK IN THE DELIVER, SERVICE, SUPPORT (DSS) DOMAIN." TEMATICS: Technology ManagemenT and Informatics Research Journals 3, no. 1 (2021): 91–102. http://dx.doi.org/10.52617/tematics.v3i1.308.
Full textAbstract:
E-arrival card is an electronic arrival card that is used to collect data on foreigners entering Indonesia. Bandung Immigration Office Class I of Border Control is one of the Immigration Offices in West Java that has implemented an electronic arrival card called IDN E-Arrival Card Jabar. Every foreign citizen who enters Indonesia through the Immigration Checkpoint of Husein Sastranegara International Airport is required to fill in data on the e-arrival card system. This e-arrival card system must run with maximum and optimal conditions, therefore an analysis system is needed to determine the service performance and security of the e-arrival card system by carrying out an audit process. The audit process using the COBIT 5 framework. The purpose of this study is to measure the capability level of the e-arrival card system and provide recommendations and suggestions regarding the results of measuring the capability level of the e-arrival card system using the COBIT 5 framework in the DSS (Deliver, Service, Support) domain. The research method used is qualitative using the COBIT 5 framework. The results obtained regarding the measurement of capability level on the e-arrival card system with the COBIT 5 framework in DSS01 (manage operations) are at level 4 is predictable process, for DSS02 (Manage service requests and incidents), DSS03 (Manage problems), DSS04 (Manage continuity), DSS05 (Manage security services) and DSS06 (Manage business process controls) are each at level 3 is established process. Recommendations that can be given are to carry out periodic maintenance and evaluation as well as to make standard operating procedures (SOP) for services and incidents regarding the e-arrival card system.
47
Megasari, Ria, and Ir Rina Djunita Pasaribu Pasaribu. "Strategy to Improve IT Maturity Level Using COBIT 2019 Framework to Improve Service Quality at PT XYZ." International Journal of Scientific Research and Management (IJSRM) 13, no. 05 (2025): 9927–140. https://doi.org/10.18535/ijsrm/v13i05.em18.
Full textAbstract:
In the digital era, IT governance maturity is a critical driver of service quality and business sustainability. This study investigates how the COBIT 2019 framework can be strategically applied to enhance IT maturity and service delivery in the Testing, Inspection, and Certification (TIC) sector. A case study was conducted at PT XYZ, focusing on three key COBIT domains: APO02 (Managed Strategy), DSS06 (Managed Business Process Controls), and EDM03 (Ensured Risk Optimization), chosen for their direct impact on organizational agility, risk management, and process control. Using a qualitative case study approach, data were gathered through triangulation combining in-depth interviews, document reviews, and onsite observations. Respondents evaluated the implementation of COBIT design factors using a five-point Likert scale and open-ended responses, capturing both quantitative patterns and qualitative insights. Findings show that the maturity level across the three domains remains at Level 2 (Managed), indicating partial implementation without standardized processes or integrated risk governance. However, strong executive support and ongoing digital transformation efforts provide a solid foundation for structured improvements. The study proposes tailored strategies, derived from SWOT and TOWS analyses, to guide the organization toward Level 3 (Defined). These strategies emphasize formalized processes, proactive risk management, and stronger business-IT alignment. Ultimately, this study demonstrates the relevance of COBIT 2019 in tackling digital governance challenges in evolving sectors. It offers practical insights for professionals and policymakers aiming to enhance IT maturity, digital readiness, and organizational agility.
48
Al-Taee, Salowan Hafadh Hamed, and Hakeem Hammood Flayyih. "Impact of the electronic internal auditing based on IT governance to reduce auditing risk." Corporate Governance and Organizational Behavior Review 7, no. 1 (2023): 94–100. http://dx.doi.org/10.22495/cgobrv7i1p9.
Full textAbstract:
This paper analysed the effect of electronic internal auditing (EIA) based on the Control Objectives for Information and Related Technologies (COBIT) framework. Organisations must implement an up-to-date accounting information system (AIS) capable of meeting their auditing requirements. Electronic audit risk (compliance assessment, control assurance, and risk assessment) is a development by Weidenmier and Ramamoorti (2006) to improve AIS. In order to fulfil the study’s objectives, a questionnaire was prepared and distributed to a sample comprising 120 employees. The employees were financial managers, internal auditors, and workers involved in the company’s information security departments in the General Company for Electricity Distribution (GCBED) of Baghdad, owned by the Iraqi federal government. The Statistical Package for the Social Sciences (SPSS) software was employed to analyse the data and hypotheses. The study concluded that there is a substantial effect on the performance of EIA depending on the COBIT framework in reducing electronic audit risk in GCBED. According to the findings, additional research should be undertaken to improve efficiency, accounting control efficiency, and asset protection programs to lessen audit risk.
49
So, Idris Gautama, N. J. Setiadi, B. Papak, and Rudy Aryanto. "Action Design of Information Systems Security Governance for Bank Using COBIT 4.1 and Control Standard of ISO 27001." Advanced Materials Research 905 (April 2014): 663–68. http://dx.doi.org/10.4028/www.scientific.net/amr.905.663.
Full textAbstract:
The aim of the study is to design remediation information systems security governance at Bank. This study provided proposed solutions to solve the existing gaps between the current condition and the expected information systems of the bank's security governance. A case study of a commercial bank is used in this study. There are 7 process frameworks of COBIT 4.1 used to measure the maturity level of information systems security governance. Of these processes, appropriate controls within the framework of COBIT 4.1 and ISO27001 are undertaken. As a result, the security of governance information systems is increasing. In conclusion, there is a need of reliable information systems security governance to achieve the intended business goals.
50
Sukamto, Anggi Srimurdianti, Haried Novriando, and Aldi Reynaldi. "Tata Kelola Teknologi Informasi Menggunakan Framework COBIT 2019 (Studi Kasus: UPT TIK Universitas Tanjungpura Pontianak)." Jurnal Edukasi dan Penelitian Informatika (JEPIN) 7, no. 2 (2021): 210. http://dx.doi.org/10.26418/jp.v7i2.47859.
Full textAbstract:
UPT TIK UNTAN merupakan suatu lembaga yang melakukan pengelolaan TI. Tata kelola TI mencakup kepemimpinan, struktur serta proses organisasi yang memastikan bahwa TI dimanfaatkan seoptimal mungkin dan berkonsentrasi pada kinerja dan transformasi TI untuk memenuhi kebutuhan saat ini dan yang akan datang, baik dari sudut internal maupun eksternal. COBIT 2019 adalah kerangka kerja untuk tata kelola dan manajemen informasi dan teknologi perusahaan. Sedangkan COBIT Performance Management merupakan model yang berisi kerangka dasar dalam memberikan panduan untuk menilai dan mengukur tingkat kapabilitas dan tingkat kematangan yang berkaitan dengan proses tata kelola dan manajemen TI. Hasil pengukuran tata kelola TI pada UPT TIK UNTAN dinyatakan bahwa tingkat kapabilitas proses APO08 (Managed Relationships) yang dicapai berada pada tingkat 5. Tingkat kapabilitas proses APO09 (Managed Service Agreements) yang dicapai berada pada tingkat 1. Sedangkan tingkat kapabilitas proses APO11 (Managed Quality) yang dicapai berada pada tingkat 2. Kesenjangan antara tingkat kapabilitas proses saat ini dan tingkat kapabilitas harapan pada objektif proses APO08 bernilai 0, sedangkan pada objektif proses APO09 dan APO11 bernilai -1. Pada objektif proses APO09 kesenjangannya 2%, sedangkan pada objektif proses APO11 kesenjangannya 8%. Berdasarkan hasil analisis, maka diberikan rekomendasi perbaikan yang mengacu pada COBIT 2019 untuk meningkatkan tingkat kapabilitas harapan.