Risks Assessment of Information Technology Processes Based on COBIT 5 Framework: A Case Study of ITS Service Desk

Hanim Maria Astuti, Feby Artwodini Muqtadiroh, Eko Wahyu Tyas Darmaningrat*, Chitra Utami Putri

*Corresponding author for this work

Research output: Contribution to journalConference articlepeer-review

23 Citations (Scopus)


Directorate of Information Technology and Systems Development (Direktorat Pengembangan Teknologi dan Sistem Informasi, DPTSI) is an organization unit of Institut Teknologi Sepuluh Nopember (ITS) Surabaya which responsible for providing services related to information technology and system for all stakeholders. Incident management and requests fulfillment are part of the services managed by Service Desk unit of DPTSI. Incident management and requests fulfillment hold significant role yet prone to error, they could pose threats and risks for the organization. Hence, identification and assessment of risks, especially risks of IT processes, are highly required to avoid problem or disruption in organizational business processes and to minimize losses. In this research, COBIT 5 Enabling Process is used as a framework to identify the IT processes, whereas COBIT 5 for Risks is used to conduct the risk management activities. Risks are identified from Service Desk's business processes and existing condition of DPTSI. Data and information are obtained from interviews and observation, then they are mapped to corresponding ideal conditions based on COBIT 5 process DSS02 Manage Service Requests and Incidents. Furthermore, risks related to information technology processes are being identified, assessed and managed based on COBIT 5 process APO12 Manage Risks. The output of this research is a document containing list of IT risk assessment and risk control justification which can be used as a reference document for Service Desk unit of DPTSI ITS in managing risks associated with IT Processes. A good risk management processes will help the decisions' maker of the organization to make strategic decisions. In addition, the document may be used as a reference for other organizations with similar business processes.

Original languageEnglish
Pages (from-to)569-576
Number of pages8
JournalProcedia Computer Science
Publication statusPublished - 2017
Event4th Information Systems International Conference 2017, ISICO 2017 - Bali, Indonesia
Duration: 6 Nov 20178 Nov 2017


  • COBIT 5 for Risk
  • Incident Management
  • Requests Fulfillment
  • Risk Management
  • Risk of IT Process


Dive into the research topics of 'Risks Assessment of Information Technology Processes Based on COBIT 5 Framework: A Case Study of ITS Service Desk'. Together they form a unique fingerprint.

Cite this