The  IT GOVERNANCE IN REGIONAL WATER COMPANY RISK MANAGEMENT USING THE COBIT 2019 METHOD

Firmansyah Firmansyah; Antonius Wahyu Sudrajat

doi:10.47709/cnahpc.v8i1.7723

Authors

Firmansyah Universitas MDP, South Sumatera, Indonesia
Antonius Wahyu Sudrajat Universitas MDP, South Sumatera, Indonesia

DOI:

https://doi.org/10.47709/cnahpc.v8i1.7723

Keywords:

IT Governance, Risk Management, COBIT 2019, Design Factors, Regional Water Utility, Capability Level.

Abstract

Digital transformation in the public utility sector, particularly in regional water-owned enterprises (BUMD), presents complex risk challenges ranging from cybersecurity threats to operational distribution disruptions. PT Tirta Sriwijaya Maju (Perseroda), as the research object, faces constraints in IT risk management processes that are currently manual, reactive, and disintegrated, potentially threatening the sustainability of public services. This study aims to evaluate the current IT governance capability and design risk management improvements using the COBIT 2019 framework. The research methodology employs a mixed-method approach utilizing the Design Toolkit to determine domain priorities based on the company's risk profile and strategy. The evaluation focuses on six critical domains: EDM03, APO12, APO13, BAI03, DSS01, and MEA01. The Design Factors analysis established a target capability at Level 3 (Defined Process) to ensure regulatory compliance. However, the current state (As-Is) measurement indicates that the company is at an average of Level 1 (Performed). A gap of 2 levels was identified, primarily caused by a disconnected evaluation cycle (MEA01), the absence of a formal Risk Appetite document, and reliance on spreadsheet-based risk monitoring. As a solution, this study provides strategic recommendations including the formalization of risk policies, the design of an integrated digital Monitoring Dashboard, and an Implementation Roadmap for 2025-2027. The implementation of this roadmap is expected to enhance risk governance maturity, ensure customer data integrity, and guarantee operational stability in accordance with Good Corporate Governance standards.

Keywords: IT Governance, Risk Management, COBIT 2019, Design Factors, Regional Water Utility, Capability Level.

Downloads

Download data is not yet available.

References

Abdurrahman, L. (2023). Control Self-Assessment (CSA) on Information Technology Business Processes as COBIT 2019-based Pre-Audit Activities. International Journal of Knowledge Management in Tourism and Hospitality,

1(1). https://doi.org/10.1504/ijkmth.2023.10057578

Ahmad, H. M. (2025). The Impact of Cybersecurity Assurance on the Quality of Internal Audit at The Financial Technology Companies in Jordan : The Moderating Role of COBIT 2019. 22(2), 116–132. https://doi.org/10.33094/ijaefa.v22i2.2305

Algiffary, M. A., Cholil, W., Tjahjanto, Kunang, Y. N., Amin, Z., & Prihandoko. (2024). Utilization of COBIT 2019 for an Advanced Strategic Evaluation of IT Risk Management in the Application of e-Government at Palembang City Governance. 2024 International Conference on Informatics, Multimedia, Cyber and Information System (ICIMCIS), 766–772. https://doi.org/10.1109/ICIMCIS63449.2024.10957083

Arba’ah, Z. D. K. W., Utami, E., & Muhammad, A. H. (2023). Information & Technology Audit of E-Government Using Cobit a Literature Review. JIKO (Jurnal Informatika dan Komputer), 6(1), 21–27. https://doi.org/10.33387/jiko.v6i1.5606

Deagama, M., Antariksa, S., Angin, M. P., & Widodo, A. P. (2025). COBIT 2019 Framework in IT Governance : A Systematic Literature Review of Implementation Challenges and Benefits Across Various Industry Sectors. 99–105.

Handayani, R., Utami, E., & Luthfi, E. T. (2023). Systematic Literature Review on Auditing Information Technology Risk Management Using the COBIT Framework. Prisma Sains : Jurnal Pengkajian Ilmu dan Pembelajaran Matematika dan IPA IKIP Mataram, 11(4), 1028. https://doi.org/10.33394/j-ps.v11i4.8871

Hidayah, N. A., Fetrina, E., & Ratnawati, S. (2025). Analysis of Information Technology Governance Priorities at PTKIN Using the COBIT 2019 Framework. 8(1), 111–120. https://doi.org/10.15408/aism.v8i1.45011

Hidayat, R. S., Indrajit, R. E., & Dazki, E. (2024). Evaluation of Information Technology Governance Maturity Using COBIT 2019: A Case Study on the IT Security Industry. Journal La Multiapp, 5(4), 286–303. https://doi.org/10.37899/journallamultiapp.v5i4.1442

Jamali, R. H., & Arifin, Z. (2025). AUDIT TATA KELOLA DAN MANAJEMEN RISIKO TEKNOLOGI INFORMASI PADA WEBSITE KANTOR CAMAT PAYUNG SEKAKI MENGGUNAKAN FRAMEWORK COBIT 2019. 2(4), 1306–1314.

Leonardo, K., & Latuperissa, R. (2024). Information Technology Governance Design in Trading Companies Using the COBIT 2019 Framework. 6(2), 3–5. https://doi.org/10.51519/journalisi.v6i3.798

Megasari, R., Rina, I., Pasaribu, D., & Sc, M. (2025). Strategy to Improve IT Maturity Level Using COBIT 2019 Framework to Improve Service Quality at PT XYZ. 13(05), 9127–9140. https://doi.org/10.18535/ijsrm/v13i05.em18

Morris, G., Tangka, W., & Lompoliu, E. (2025). Optimizing IT Governance in BTS . id : A COBIT 2019-Based Analysis of Design Factors. 5(April), 699–710.

Morris, G., Tangka, W., Lumingkewas, C., & Lompoliu, E. (2025). IT Governance Maturity Assessment at PT PLN Suluttengo Using COBIT 2019. 5(2), 195–203.

Nadira, R. R., Mawaddah, H., & Tirtana, A. (2024). Implementation of COBIT 2019 with Domain DSS01 , DSS03 , and MEA01 for Audit of Customer Water Usage Recording Information System at HIPPAM Mandiri Arjowinangun. 1000–1010.

Nurhakim, F., & Melati, D. (2024). Implementation of Water Customer Information System (SIPA) at PDAM Tirta Medal City. Decision: Jurnal Administrasi Publik, 2, 59–67. https://doi.org/10.23969/decision.v6i2.24341 Nurtjahjo, F., Harnadi, B., & Koeswoyo, G. (2025). Evaluation of Governance and Measurement of Maturity Levels

System Plastic Injection Company Information Using COBIT 2019 and Luftman Maturity Model. SISFORMA, 11, 135–144. https://doi.org/10.24167/sisforma.v11i2.12008

Oktaviana, A., Adi, K., & Warsito, B. (2024). Adopting COBIT 2019 for the Evaluation of Information Technology Risk Management in a Startup Company. International Journal of Innovative Science and Research Technology (IJISRT), July, 1613–1621. https://doi.org/10.38124/ijisrt/ijisrt24jun1542

Parenreng, J., Zain, S., & Fajri, S. (2024). Performance Evaluation Of Hybrid System Monitoring Solar Panels Based On WSN Case In Smart Regional Drinking Water Company (PDAM). Internet of Things and Artificial

Intelligence Journal, 4, 384–394. https://doi.org/10.31763/iota.v4i3.747

Rashikha, N., Mulyana, R., & Hanafi, R. (2019). Using COBIT 2019 SME for Digital Transformation Governance of BPRDCo. 1678–1691.

Rifki, B., Prasetya, W., & Muhammad, A. H. (2025). QUALITY MANAGEMENT OF INFORMATION TECHNOLOGY GOVERNANCE COBIT 2019 FRAMEWORK EDUCATION FACTORS IN INDONESIA : A

REVIEW. 8(1), 48–54. https://doi.org/10.33387/jiko.v8i1.9498

Salihu, A., & Dervishi, R. (2024). Evaluating the Impact of Risk Management Frameworks on IT Audits: A Comparative Analysis of COSO, COBIT, ISO/IEC 27001, and NIST CSF. 2024 International Conference on Electrical, Communication and Computer Engineering (ICECCE), 1–8. https://doi.org/10.1109/ICECCE63537.2024.10823548

Sari, M., Andriyani, Y., Id, I. D., & Sukamto, S. (2024). Analysis IT Governance of Perumdam Tirta Siak using COBIT 2019 and ISO27001. Sistemasi, 13(2), 583. https://doi.org/10.32520/stmsi.v13i2.3429

Sholeh, M. B., & Pramudya, N. D. (2025). Comparative Study of Information System Governance Frameworks : Foundations for IT Risk Management Using COBIT 2019 and ITIL. 22(2), 73–80.

Solikhah, M., Magdalena, L., & Hatta, M. (2024). Implementation of the COBIT 2019 Framework on Information Technology Governance and Risk Management (Study Case: CV. Syntax Corporation Indonesia). Eduvest - Journal of Universal Studies, 4(7), 5922–5944. https://doi.org/10.59188/eduvest.v4i7.1504

Teguh, A., Slamet, J., Saputro, H., Sungkono, K., & Sarno, R. (2024). Optimizing IT Governance and Project Management in Software Development through AI Integration and COBIT 2019 Framework. 2024 2nd International Conference on Technology Innovation and Its Applications (ICTIIA), 1–6. https://doi.org/10.1109/ICTIIA61827.2024.10761914

Tulus, B. V., & Tanaamah, A. R. (2023). Design of Information Technology Governance in Educational Institutions Using COBIT 2019 Framework. Journal of Information Systems and Informatics, 5(1), 31–43. https://doi.org/10.51519/journalisi.v5i1.408

Utomo, D., Wijaya, M., Suzanna, Efendi, & Sagala, N. T. M. (2022). Leveraging COBIT 2019 to Implement IT Governance in SME Context: A Case Study of Higher Education in Campus A. CommIT Journal, 16(2), 129–141. https://doi.org/10.21512/commit.v16i2.8172

Wulyatiningsih, T., & Mambu, J. Y. (2025). IT Governance Maturity and Business Alignment : A COBIT 2019 Evaluation at RSUD ODSK. 5(2), 248–255.

Wulyatiningsih, T., Mokodaser, W. G., & Mambu, J. Y. (2024). Information Technology Governance Analysis Using COBIT 2019 Framework at Bank Mandiri Girian Bitung Branch. Journal of Information Systems and Informatics, 6(2), 865–881. http://journal-isi.org/index.php/isi

Zaini, A., Widodo, A. P., Mutiara, D., & Nugraheni, K. (2025). Information System Governance Evaluation at Diskominfo Central Java Using COBIT 2019 Framework. 12(1), 67–76. https://doi.org/10.15294/sji.v12i1.22883