Enhancing Risk Management in an IT Service Company: A COBIT 2019 Framework Approach


(*) Corresponding Author




Capability Level, COBIT 2019, Information System Audit, IT Governance


The application of information technology is utilized to support the business activities of companies engaged in IT services. One of the prevailing issues pertains to service delivery delays. This issue is paramount as customer satisfaction ranks among the most pivotal factors for business success, significantly influencing the company's continued prosperity. In response to these challenges, this study assesses the level of IT governance within the company using the 2019 COBIT framework. The methodology employed combines a qualitative approach, integrating data collected through interviews and literature analysis. The study's key performance indicators include APO12 (Managed Risk), BAI10 (Managed Configuration), and DSS04 (Managed Continuity). The findings reveal that the measured capability levels for these objectives are at levels 3, 3, and 2, respectively, falling short of the targeted levels, which are 4, 4, and 3. This indicates a 1-level gap in each process. The recommendations provided concentrate on the management of risk records associated with service delay causes, the proper management of IT resources, and the maintenance of a continuous service system to prevent future delays.


Download data is not yet available.


Amorim, A., Mira da Silva, M., Pereira, R., & Gonçalves, M. (2020). Using agile methodologies for adopting COBIT. Information Systems, 101, 101496. https://doi.org/10.1016/j.is.2020.101496

Asmah, A., & Kyobe, M. (2018). Towards an Integrative Theoretical Model For Examining IT Governance Audits. https://doi.org/10.1145/3209415.3209423

Frogeri, R., Pardini, D., Cardoso, A., Prado, L., Pelloso Piurcosky, F., & Portugal Júnior, P. (2019). IT Governance in SMEs: The State of Art. International Journal of IT/Business Alignment and Governance, 10, 55–73. https://doi.org/10.4018/IJITBAG.2019010104

Haes, S., Grembergen, W., Joshi, A., & Huygh, T. (2020). Enterprise Governance of IT, Alignment, and Value (pp. 1–13). https://doi.org/10.1007/978-3-030-25918-1_1

Information Systems Audit and Control Association. (n.d.). COBIT® 2019 Framework : introduction and methodology.

Information Systems Audit and Control Association. (n.d.). COBIT 2019 Design guide designing an information and technology governance solution.

Jaime, L., & Barata, J. (2023). How can FLOSS Support COBIT 2019? Coverage Analysis and a Conceptual Framework. Procedia Computer Science, 219, 680–687. https://doi.org/10.1016/j.procs.2023.01.339

Levstek, A., Hovelja, T., & Pucihar, A. (2018). IT Governance Mechanisms and Contingency Factors: Towards an Adaptive IT Governance Model. Organizacija, 51, 286–310. https://doi.org/10.2478/orga-2018-0024

Louis, A. A., & Fianty, M. I. (2023). Evaluation Human Resources Information System Using COBIT 5 Framework in Technology Insurance Company. G-Tech: Jurnal Teknologi Terapan, 7(2), 674–682. https://doi.org/10.33379/gtech.v7i2.2393

Mubarak, R. F., & Fianty, M. I. (2023). Leveraging COBIT 2019 to Implement IT Governance in Mineral Mining Company. Journal of Information Systems and Informatics, 5(3), 1058–1071. https://doi.org/10.51519/journalisi.v5i3.545

Nachrowi, E., Nurhadryani, Y., & Sukoco, H. (2020). Evaluation of Governance and Management of Information Technology Services Using Cobit 2019 and ITIL 4. Jurnal RESTI (Rekayasa Sistem Dan Teknologi Informasi), 4, 764–774. https://doi.org/10.29207/resti.v4i4.2265

Pratama Arthananda, K. (2021). The Role of COBIT5 as a Reference for Quality Service Quality Improvement Case Study: Private Bank in Indonesia. Ultima Infosys : Jurnal Ilmu Sistem Informasi, 12(2).

Saeedinezhad, S., & Naghsh, A. (2019). Management of IT Services in the Field of Pre-Hospital Emergency Management with the Combined Approach of COBIT Maturity Model and ITIL Framework: A Conceptual Model.

Salehi, F., Abdollahbeigi, B., & Sajjady, S. (2021). Impact of Effective IT Governance on Organizational Performance and Economic Growth in Canada. 3, 14–19.

Sanjaya, D., & Fianty, M. I. (2022). Measurement of Capability Level Using COBIT 5 Framework (Case Study: PT Andalan Bunda Bijak). Ultima Infosys : Jurnal Ilmu Sistem Informasi, 13(2).

Santos Castellanos, W. (2020). Impact of Information Technology (IT) Governance on Business-IT Alignment. Cuadernos de Gestión, 2020-12–10. https://doi.org/10.5295/cdg.180995ws

Scalabrin Bianchi, I., Sousa, R., & Pereira, R. (2021). Information Technology Governance for Higher Education Institutions: A Multi-Country Study. Informatics, 8, 26. https://doi.org/10.3390/informatics8020026

Smits, D., & Hillegersberg, J. (2017). The development of a hard and soft IT governance assessment instrument. Procedia Computer Science, 121, 47–54. https://doi.org/10.1016/j.procs.2017.11.008

Smits, D., & Hillegersberg, J. (2018). The continuing mismatch between IT governance maturity theory and practice: a new approach. Procedia Computer Science, 138, 549–560. https://doi.org/10.1016/j.procs.2018.10.075

Tantiono, A., & Legowo, D. (2020). Information System Governance in Higher Education Foundation using COBIT 5 Framework. International Journal of Recent Technology and Engineering (IJRTE), 8, 2798–2811. https://doi.org/10.35940/ijrte.F8192.038620




How to Cite

Enrique, E., & Fianty, M. I. (2023). Enhancing Risk Management in an IT Service Company: A COBIT 2019 Framework Approach. Jurnal Riset Informatika, 5(4), 499–506. https://doi.org/10.34288/jri.v5i4.212