Adoption of COBIT 5 Framework in Risk Management for Startup Company
Main Article Content
Abstract
The research method used is qualitative, where data collection is done by interviewing informants related to risk findings and identification of the root of the problem using fishbone analysis with category 6M (Man, Money, Machine, Material, Method, Measurement). The results of the identification of the root causes are included in the risk quadrant with the risk probability categories (high, medium, low) and risk impact categories (high, medium, low). After getting the data needed, the stages of creating a risk management model that is mapping the results of identifying the root causes with the COBIT 5 framework. The results of interviews related to the risks experienced by small and medium enterprises obtained as many as 19 risks and the results of fishbone analysis (identification of the root causes) obtained as many as 48 root causes, but this study took a quadrant I-VI with a total of 24 root causes. This research produces a risk management model in the form of COBIT 5 process that is in line with the root of the problem that occurs in small and medium-sized enterprises, namely EDM03 (Ensure Risk Optimization), APO12 (Manage Risks), BAI02 (Manage Requirements Definition), DSS05 (Manage Security Service) , MEA02 (Monitor, Evaluate and Assess the System of Internal Control).
Downloads
Metrics
Article Details
Licensing
TURCOMAT publishes articles under the Creative Commons Attribution 4.0 International License (CC BY 4.0). This licensing allows for any use of the work, provided the original author(s) and source are credited, thereby facilitating the free exchange and use of research for the advancement of knowledge.
Detailed Licensing Terms
Attribution (BY): Users must give appropriate credit, provide a link to the license, and indicate if changes were made. Users may do so in any reasonable manner, but not in any way that suggests the licensor endorses them or their use.
No Additional Restrictions: Users may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.