Information technology has an important role in carrying out company management activities. It is important that information technology is managed properly so that no risks arise that could endanger the company. Companies can implement information technology risk management through risk management audits. An audit on information technology risk management can help evaluate companies by identifying information technology risks and minimizing information technology risks. Such audits can be carried out with the help of the COBIT framework. This study intends to conduct a systematic literature review on risk management audits related to information technology using the COBIT framework. Literature search from IEEXplore, ScienceDirect and Garuda Kemdikbud database sources. Papers were selected based on inclusion criteria. Inclusion criteria include paper language is Indonesian and English, paper is published between 2019-2023, the paper describes COBIT in IT risk management audits, and paper is available as full text. The results obtained were 24 papers. There are two criteria for assessing paper quality, namely the paper contains the COBIT framework used for IT risk management audits and the paper contains the COBIT domain used. The results of the analysis of research questions indicate that COBIT 5 is a guide used by many researchers in information technology audits for risk management. COBIT 5 provides a complete and comprehensive risk governance guide for measuring enterprise IT risk management. Implementation of COBIT 5 in IT risk management audits to assist in risk assessment and risk management in order to minimize and prevent IT risks that may occur. Domain APO12 (Manage Risk) and EDM03 (Ensure Risk Optimization) as a reference in conducting IT risk management.

IT Audit; COBIT; Risk Management; Systematic Literature Review

Ahmed, H. S. A. (2017). COBIT 5 for Risk—A Powerful Tool for Risk Management. ISACA. https://www.isaca.org/resources/news-and-trends/industry-news/2017/cobit-5-for-riska-powerful-tool-for-risk-management

Alfiansyah, F. I., Trias Hanggara, B., & Suprapto. (2020). Evaluasi Manajemen Risiko Teknologi Informasi menggunakan Standar Cobit 5 IT Risk pada PTPN X Pabrik Gula Meritjan Kediri. Jurnal Pengembangan Teknologi Informasi Dan Ilmu Komputer, 4(11), 4207–4216. https://j-ptiik.ub.ac.id/index.php/j-ptiik/article/view/8289

Amirta, H. C. T., Jambak, M. I., Suarli, P. P., Utama, Y., Wedhasmara, A., & Sevtiyuni, P. E. (2023). Risk Management Evaluation in Hospital Management Information Systems Using Framework COBIT 2019-Case Study: Ernaldi Bahar South Sumatera Hospital. Sriwijaya Journal of Informatic and Applications, 4(1), 2807–239. http://sjia.ejournal.unsri.ac.id

Aprianto, K., & Nugroho, S. M. S. (2021). Analisis Manajemen Risiko SPBE Menggunakan COBIT 5 For Risk dan ISO 31000:2018 di Kabupaten Magetan E-Government Risk Management Analysis Using COBIT 5 For Risk and ISO 31000:2018 in Magetan Regency. Jurnal Ilmu Pengetahuan Dan Teknologi Komunikasi, 23(2), 107–123. https://doi.org/http://dx.doi.org/10.33169/iptekkom.23.2.2021.107-123

Audia, R., & Sugiantoro, B. (2022). Evaluation and Implementation of IT Governance Using the 2019 COBIT Framework at the Department of Food Security, Agriculture and Fisheries of Balangan Regency. International Journal on Informatics for Development, 11(1), 152–161. https://doi.org/10.14421/ijid.2022.3381

Dzakiyyah, A., Nurul Zahra, M., Azizi Rachim, N., & Khofifah Munjiyanti, S. (2021). Manajemen Risiko Sistem Informasi Rumah Sakit (Studi Kasus : Rumah Sakit EMC Tangerang). Seminar Nasional Mahasiswa Ilmu Komputer Dan Aplikasinya (SENAMIKA), 456–469.

Farikhah, N., Fauzi, R., & Dewi, F. (2021). Analisis Manajemen Risiko TI Menggunakan Seven Enablers Berdasarkan COBIT 5 For Risk (Studi Kasus: PT. ABC). Journal of Science and Social Research, 4(3), 236–240. http://jurnal.goretanpena.com/index.php/JSSR

Flores, D. A., & Morocho, G. (2020). Cloud-GMR: A Qualitative Framework for Governance and Risk Management of Cloud-hosted Public Services. Proceedings - 2020 46th Latin American Computing Conference, CLEI 2020, 294–303. https://doi.org/10.1109/CLEI52000.2020.00041

Goman, M. (2019). Current State of IT Risk Analysis in Management Frameworks: Is It Enough? 2019 60th International Scientific Conference on Information Technology and Management Science of Riga Technical University (ITMS) IEEE, 1–5. https://doi.org/10.1109/ITMS47855.2019.8940653

Hartono, S., Tjahyadi, R., & Cassandra, C. (2019). Analysis of Trouble Ticket System Using COBIT 5 Framework (A Case Study Approach). 2019 International Conference on Information Management and Technology (ICIMTech), 420–425. https://doi.org/10.1109/ICIMTech.2019.8843709

Hasibuan, D., & Setyadi, R. (2022). Analysis Risk Management Application e-Raport Using COBIT 4.1. SISFORMA: Journal of Information Systems, 9(1), 32–37. https://doi.org/10.24167/sisforma.v8i2.4038

Ikhsan, M., Widodo, A. P., & Adi, K. (2021). Systematic Literature Review on Corporate Information Technology Governance in Indonesia using Cobit 2019. Prisma Sains : Jurnal Pengkajian Ilmu Dan Pembelajaran Matematika Dan IPA IKIP Mataram, 9(2), 354. https://doi.org/10.33394/j-ps.v9i2.4370

Irsheid, A., Murad, A., Alnajdawi, M., & Qusef, A. (2022). Information security risk management models for cloud hosted systems: A comparative study. Procedia Computer Science, 204, 205–217. https://doi.org/10.1016/j.procs.2022.08.025

ISACA. (2013). Process Assessment Model (PAM): Using COBIT 5. ISACA.

Khairuna, D., Wibowo, S., & Gamayanto, I. (2020). Evaluasi Pengelolaan Risiko Teknologi Informasi Menggunakan Framework COBIT 5 Berdasarkan Domain APO12 (Manage Risk) Pada Kantor Pusat BPR Agung Sejahtera. JOINS (Journal of Information System), 5(1), 18–26. https://doi.org/10.33633/joins.v5i1.3088

Kurniati, A., Edi Nugroho, L., & Nur Rizal, M. (2020). Manajemen Risiko Teknologi Informasi pada e-Government: Information Technology Risk Management on e-Government: Systematic Literature Review. Jurnal Ilmu Pengetahuan Dan Teknologi Komunikasi, 22(2), 207–222. https://doi.org/10.33164/iptekkom.22.2.2020.207-222

Miranda, N. B., Rodavia, M. R. D., & Miranda, M.-M. I. (2019). IT Infrastructure Auditing using COBIT Framework. 2019 6th International Conference on Technical Education (ICTechEd6) IEEE, 1–6. https://doi.org/10.1109/ICTechEd6.2019.8790861

Monev, V. (2020). Organisational Information Security Maturity Assessment Based on ISO 27001 and ISO 27002. 2020 IEEE International Conference on Information Technologies (InfoTech-2020), 1–5. https://doi.org/10.1109/InfoTech49733.2020.9211066

Nugraha, I. P. Y., Fauzi, R., & Prasetyo, Y. A. (2021). Analisis Risiko Operasional Teknologi Informasi Menggunakan COBIT 5 For Risk Pada Dinas Komunikasi dan Informatika Kota Tangerang Selatan. E-Proceeding of Engineering, 8(2), 2723–2734. openlibrarypublications.telkomuniversity.ac.id

Othman, N. A. A., Norman, A. A., & Kiah, M. L. M. (2021). Information System Audit for Mobile Device Security Assessment. 3rd International Cyber Resilience Conference (CRC), 1–6. https://doi.org/10.1109/CRC50527.2021.9392468

Prasetyo, B., Qomariah, L., & Retnani, W. E. Y. (2023). Risk Management using COBIT 5 for Risk : A Case Study on Local Government in Indonesia. Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control, 8(1), 435–444. https://doi.org/10.22219/kinetik.v8i1.1585

Prasetyo, M. A., & Setyadi, R. (2022). Risk Management Analysis Website E-klim at Civil Service Savings and Insurance Using COBIT 4.1. SISFORMA: Journal of Information Systems, 9(1), 26–31.

Puspitasari, E. Y., Arifin, O., & Pentiana, D. (2020). Audit of Information Technology Governance Based on COBIT 5 (Study at the Office of Communication and Information Technology of Pringsewu Regency) Audit Tata Kelola Teknologi Informasi dengan Pendekatan COBIT 5 (Studi Pada Dinas Komunikasi dan Informatika Kabupaten Pringsewu). Jurnal Ilmiah Esai, 14(1). https://doi.org/10.25181/esai.v14i1.2385

Rajjani, J. S. A., Hanggara, B. T., & Musityo, Y. T. (2021). Evaluasi Manajemen Risiko Teknologi Informasi pada Department of ICT PT Semen Indonesia (Perseo) Tbk menggunakan Framework COBIT 2019 dengan Domain EDM03 dan APO12. Jurnal Pengembangan Teknologi Informasi Dan Ilmu Komputer, 5(5), 1734–1744. https://j-ptiik.ub.ac.id/index.php/j-ptiik/article/view/8982

Salman, S. (2017). COBIT 5 for Risk: Making Sense of IT Risk Management. ISACA. https://www.isaca.org/resources/news-and-trends/industry-news/2017/cobit-5-for-risk-making-sense-of-it-risk-management

Sarmini, & Adipurwoko, S. P. (2019). Ensure Risk Optimisation Implementasi Teknologi Informasi Menggunakan Kerangka Kerja COBIT 5. Jurnal SIMETRIS, 10(2), 795–800. https://doi.org/https://doi.org/10.24176/simet.v10i2.3496

Setiawan, J., & Fianty, M. I. (2023). Risk Assessment and Recommendation Strategy Based on COBIT 5 For Risk - A Case Study of an Internet Service Provider Company. Journal of Information Systems and Informatics, 5(1), 243–258. https://doi.org/10.51519/journalisi.v5i1.453

Setyadi, R., & Anggoro, S. (2021). Risk Management Analysis Using COBIT 4.1 at Vehicle Testing Management Information System. Jurnal Teknik Informatika Dan Sistem Informasi, 7(1). https://doi.org/10.28932/jutisi.v7i1.3419

Setyadi, R., & Prabowo, H. N. (2021). Risk Management Analysis Of Bus Transportation Application Using COBIT 4.1. JURTEKSI (Jurnal Teknologi Dan Sistem Informasi), 7(2), 203–212. https://doi.org/10.33330/jurteksi.v7i2.1046

Silvianthie, M., & Perdanakusuma, A. R. (2022). Evaluasi Tata Kelola dan Manajemen Risiko Teknologi Informasi pada PT. IKI Karunia Indonesia menggunakan COBIT 2019. Jurnal Pengembangan Teknologi Informasi Dan Ilmu Komputer, 6(12), 5726–5735. http://j-ptiik.ub.ac.id

Wulandari, S. A., Dewi, A. P., Rizki Pohan, M., Sensuse, D. I., Mishbah, M., & Syamsudin. (2019). Risk assessment and recommendation strategy based on COBIT 5 for risk: Case study sikn Jikn helpdesk service. Procedia Computer Science, 161, 168–177. https://doi.org/10.1016/j.procs.2019.11.112

Ximenes, A. (2019). Risk Management Analysis on Implementation of Information System in Organization Liantimoroan Using COBIT 5. Journal of Applied Information, Communication and Technology, 6(1), 29–35. https://doi.org/10.33555/ejaict.v6i1.62

Yubo, H. (2020). IT Risk Control for Internet Finance Based on COBIT. Proceedings - 2020 International Conference on Big Data and Artificial Intelligence and Software Engineering, ICBASE 2020, 275–278. https://doi.org/10.1109/ICBASE51474.2020.00064

Zakaria, H., Abu Bakar, N. A., Hassan, N. H., & Yaacob, S. (2019). IoT security risk management model for secured practice in healthcare environment. Procedia Computer Science, 161, 1241–1248. https://doi.org/10.1016/j.procs.2019.11.238

Zakkadiaksa, I., Tria Hanggara, B., & Sapta Prakoso, B. (2020). Evaluasi Manajemen Resiko Teknologi Informasi Menggunakan COBIT 5 dengan Domain EDM03 dan APO12 (studi kasus pada UPT-TIK Universitas Brawijaya) (Vol. 4, Issue 8). http://j-ptiik.ub.ac.id