Adoption of COBIT 5 Framework in Risk Management for Startup Company
Main Article Content
Abstract
The research method used is qualitative, where data collection is done by interviewing informants related to risk findings and identification of the root of the problem using fishbone analysis with category 6M (Man, Money, Machine, Material, Method, Measurement). The results of the identification of the root causes are included in the risk quadrant with the risk probability categories (high, medium, low) and risk impact categories (high, medium, low). After getting the data needed, the stages of creating a risk management model that is mapping the results of identifying the root causes with the COBIT 5 framework. The results of interviews related to the risks experienced by small and medium enterprises obtained as many as 19 risks and the results of fishbone analysis (identification of the root causes) obtained as many as 48 root causes, but this study took a quadrant I-VI with a total of 24 root causes. This research produces a risk management model in the form of COBIT 5 process that is in line with the root of the problem that occurs in small and medium-sized enterprises, namely EDM03 (Ensure Risk Optimization), APO12 (Manage Risks), BAI02 (Manage Requirements Definition), DSS05 (Manage Security Service) , MEA02 (Monitor, Evaluate and Assess the System of Internal Control).
Downloads
Metrics
Article Details
You are free to:
- Share — copy and redistribute the material in any medium or format for any purpose, even commercially.
- Adapt — remix, transform, and build upon the material for any purpose, even commercially.
- The licensor cannot revoke these freedoms as long as you follow the license terms.
Under the following terms:
- Attribution — You must give appropriate credit , provide a link to the license, and indicate if changes were made . You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
- No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.
Notices:
You do not have to comply with the license for elements of the material in the public domain or where your use is permitted by an applicable exception or limitation .
No warranties are given. The license may not give you all of the permissions necessary for your intended use. For example, other rights such as publicity, privacy, or moral rights may limit how you use the material.