Risk management using COBIT 5 for risk: a case study on local government in Indonesia

Abstract

BP4D (Regional Development Planning, Research and Development Agency) Bondowoso utilizes information technology to support its duties and functions, one of which is SIPD (Sistem Informasi Pemerintah Daerah). SIPD provides many benefits and conveniences such as improving the quality of public services, transparency, improving bureaucratic accountability, but in its implementation SIPD can also pose dangerous risks both from processes involving the system and the system itself. These risks can disrupt BP4D Bondowoso's business processes and cause various losses. To protect BP4D Bondowoso from losses caused by risk, risk management is carried out using the relevant framework, namely COBIT 5 Enabling Process and COBIT 5 for Risk with the APO12 risk management process. Data were collected by interview and distributing questionnaires. Fifty-one risks were identified in the implementation of SIPD at BP4D Bondowoso consisting of 48 negative risks and 3 positive risks. The risks found dominate the type of IT Benefit / Value Enablement and the category of regulatory compliance. Identified 3 very high risks in the category of regulatory compliance and software. Overall risk dominates the medium rating, which is 28 risks and the high risk consists of 20 risks. The negative risk response is dominated by mitigate, which is 33 risks.