Analisis Analysis of IT Risk Management Using COBIT 5 Domain APO12 at XYZ Automotive Company in Palembang

Abstract

This research discusses Information Technology (IT) risk management at XYZ Company in Palembang, which operates in the automotive sector, using the COBIT 5 framework, specifically in the APO12 (Risk Management) domain. IT audits are conducted periodically to identify, assess, and manage IT risks that could potentially affect the company's business continuity. The research method applied includes interviews with the ICT (Information and Communication Technology) Manager, as well as several stages such as data collection, risk analysis, maintenance of risk profiles, risk communication, portfolio identification, and risk response. The findings reveal that the company faces various IT risks, including threats from environmental factors, human errors, and disruptions to systems and infrastructure. Based on the capability assessment, the company’s current condition (As-is) is at level 3 (Established Process), indicating that the risk management process is functioning well, though there is still room for improvement. The company aims to improve to level 5 (Optimizing Process), where risk management can be applied more comprehensively and sustainably. This research is expected to provide recommendations and controls to strengthen IT risk management, including improving IT Governance controls. By implementing more effective risk management, the company can minimize potential risks to IT continuity, enhance operational stability, and ensure efficiency in supporting its business continuity, thereby achieving excellence in the company.