Manajemen Risiko TI Pada BID TIK Polda Sumsel Menggunakan Framework Cobit 5

Abstract

Information technology plays an important role in supporting operational effectiveness, including in government institutions such as the Indonesian National Police. BIDTIK POLDA SUMSEL is a work unit responsible for managing and developing information and communication technology systems, supported by the Renmin Subdivision, Tekkom Subdivision, and Tekinfo Subdivision. In its implementation, BidTIK faces various information technology risks, such as human error, connection disruption, device damage, and system security incidents that have not been formally documented. To manage these risks optimally, a structured approach such as COBIT 5 is needed, especially the APO12 (Manage Risk) domain which provides systematic guidance in identifying, assessing, and mitigating information technology risks in a documented and sustainable manner. The assessment was carried out on six APO12 subprocesses through questionnaires and quantitative analysis of the current (As Is) and expected (To Be) conditions. From the results of a structured approach with COBIT 5 in the APO12 domain, the average As Is value is 2.07 (Level 2), indicating that the process is running but not yet consistently documented. While the To Be value is 3.43 (Level 3), reflecting a documented and structured process target. The difference between actual and target conditions indicates the need for improvement in documentation, coordination, and technology utilization in risk management.