Evaluation of the Effectiveness of Audit Management System (AMS) Using COBIT 2019 and ISO 31000:2018 in the Internal Audit Function

Authors

  • Indra Setya Miharja Manajemen Teknologi, Institut Teknologi Sepuluh Nopember
  • Raden Venantius Hari Ginardi Manajemen Teknologi, Institut Teknologi Sepuluh Nopember https://orcid.org/0000-0002-6996-8859

DOI:

https://doi.org/10.46984/sebatik.v29i2.2627

Keywords:

Effectiveness, Internal Audit, Audit Management System (AMS), COBIT 2019, ISO 31000:2018 Risk Management

Abstract

The Audit Management System (AMS) is utilized by the Internal Audit Function to manage audit processes in a structured, documented, efficient, and risk-aligned manner, aiming to provide added value to the organization. This system is supported by the Pentana Audit software, implemented across 22 entities, functioning as a secure platform that records the entire audit process in real-time. This study aims to identify gaps, analyze areas for improvement, assess potential financial and operational impacts, and provide recommendations and mitigation steps related to AMS management. The evaluation applies the COBIT 2019 and ISO 31000:2018 Risk Management frameworks, focusing on five Governance and Management Objectives from COBIT 2019: EDM03, APO12, APO14, DSS03, and MEA04. The novelty of this research lies in the dual-framework approach that systematically integrates COBIT and ISO standards to produce a strategic, risk aligned improvement roadmap. The specific focus on AMS within the Internal Audit context also contributes to strengthening governance and audit risk management. The findings indicate that AMS management has not yet reached full effectiveness, with 13 identified areas of improvement that may cause financial and operational impacts. Key issues include the lack of integration between the audit risk database and ERM, absence of automated notifications, no monitoring dashboard, inadequate data security policies, and suboptimal real-time utilization across entities. APO12 recorded the largest gap, primarily related to IT based audit risk management integration. Recommendations are categorized into three mitigation priorities using an action priority matrix: quick wins, important tasks, and other tasks, with phased implementation over three years.

References

Anasta, L., Christine, C., Permatasari, P. S., Aulia, S., Ristyanti, A., Nulhakim, F. A., Fadlirahman, M., Fauzia, N. R., & Alkotdriyah, P. P. (2024). Audit Internal: Teori, Konsep, dan Praktik. Penerbit Salemba.

Ayu, A. L., Lubis, M., Abdurrahman, L., Zamzami, I. F., Alqahtani, R. A., & Ramadhani, R. (2024). Assessment of IT Risk Management at the Faculty of Industrial Engineering, Telkom University, Utilizing the COBIT 2019 Framework’s APO12 Domain with LAM INFOKOM Standards Mapping. Electronic Integrated Computer Algorithm Journal, 1(2), 50–56. https://doi.org/10.62123/enigma.v1i2.21

Efe, A. (2023). A Comparison of Key Risk Management Frameworks: COSO-ERM, NIST RMF, ISO 31.000, COBIT. Denetim ve Güvence Hizmetleri Dergisi, 3(2), 185–205. http://orcid.org/0000-

Exacta, A. B., Suprapto, & Rachmadi, A. (2025). Evaluasi Tata Kelola Teknologi Informasi Menggunakan Kerangka Kerja COBIT 2019 pada Proses EDM04, APO07, dan DSS01 (Studi Kasus: Dinas Komunikasi dan Informatika Kabupaten Mojokerto). Jurnal Pengembangan Teknologi Informasi Dan Ilmu Komputer, 9(6), 1–13.

Fawwazdzaky, R., Nurtrisha, W. A., & Praditya, D. (2025). Analisis IT Risk Management Dengan Menggunakan Framework COBIT 2019 Pada Risk Profile Logical Attacks, Program and Projects Lifecycle Management, Software Adoption/Usage Problems, dan Unauthorized Actions (Studi Kasus: PT XYZ). JIPI (Jurnal Ilmiah Penelitian Dan Pembelajaran Informatika), 10(3), 2448–2458.

Idris, H., Arfiani, F., & Salsabila, A. (2025). Manajemen Risiko Keuangan: Penelitian. Jurnal Pengabdian Masyarakat Dan Riset Pendidikan, 4(1), 3017–3024.

Ilori, O., Nwosu, N. T., & Naiho, H. N. N. (2024). A comprehensive review of it governance: effective implementation of COBIT and ITIL frameworks in financial institutions. Computer Science & It Research Journal, 5(6), 1391–1407.

Intan, A., Setiawan, A., & Maengkom, M. R. (2023). Studi Literatur terhadap Peran dan Manfaat COBIT 2019 dalam Tata Kelola Teknologi Informasi di Indonesia. Innovative: Journal Of Social …, 3(5), 1681–1692. http://j-innovative.org/index.php/Innovative/article/view/4966

Lenz, R., & O’Regan, D. J. (2024). the Global Internal Audit Standards–Old Wine in New Bottles? Edpacs, 69(3), 1–28. https://doi.org/10.1080/07366981.2024.2322835

Lestari, M., Puspita, M. E., & Wijaya, A. F. (2025). Model Tata Kelola TI Terintegrasi untuk Keamanan Informasi di Sektor Fintech. Jurnal Teknologi Dan Manajemen Industri Terapan, 4(3), 766–776.

Manuputty, G. P., Azis, A. A., & Pratami, N. A. N. (2022). Analisis Manajemen Risiko Berbasis Iso 31000 Pada Aspek Operasional Teknologi Informasi Pt. Schlumberger Geophysics Nusantara. E-Prosiding Akuntansi, 3(1).

Nasution, M. I., Nasution, M. I. P., & Andriana, S. D. (2021). Analisis Efektifitas Tata Kelola Teknologi Informasi Pada UPT Pustipada UIN Sumatera Utara Menggunakan COBIT 4.1. Applied Information System and Management (AISM), 4(2), 63–70. https://doi.org/10.15408/aism.v4i2.20091

Nugroho, A., & Ginardi, H. (2024). Information Technology Governance Analysis to Reduce Information Security Risks Using Cobit 2019: A Case Study of Manufacturing Companies. Jurnal Indonesia Sosial Teknologi, 5(8), 3721–3733. https://doi.org/10.59141/jist.v5i8.1198

Prawesti, N. F. R., Anwariningsih, S. H., & Ruswanti, D. (2024). Audit Sistem Informasi Pinjam Ruang pada Pemerintah Kota Salatiga Menggunakan Framework COBIT 2019. Universitas Sahid Surakarta.

Prima, G. A., & Fibriani, C. (2023). Perancangan Tata Kelola Teknologi Informasi Dengan Penerapan COBIT 2019 Pada Perusahaan Properti. Progresif: Jurnal Ilmiah Komputer, 19(2), 800–814.

Safitri, R. A., Mutiah, N., & Febriyanto, F. (2023). Information Technology Services Management Audit Using the Cobit and Itil Framework. JURTEKSI (Jurnal Teknologi Dan Sistem Informasi), 9(2), 231–238. https://doi.org/10.33330/jurteksi.v9i2.1933

Sari, R. A., & Juwairiah, J. (2023). Evaluation of IT Risk Management in DISKOMINFO of Magelang Regency using COBIT Framework 2019 Objectve EDM03 & APO12. Telematika, 20(3), 442. https://doi.org/10.31315/telematika.v20i3.11867

Supriyadi, S. T. P., & Zaharuddin, S. E. (2023). Evaluasi kinerja organisasi. Manajemen & Evaluasi Kinerja Organisasi: Implementasi Pada Pendidikan Anak Usia Dini, 1, 308–320.

Syafrizal, M., Fahrizal, F., & Pahlevi, O. (2023). Load Balancing Dengan Metode HSRP Untuk Meningkatkan Akses Layanan Server Pt. Telekomunikasi Indonesia Tbk. JEIS : Jurnal Elektro Dan Informatika Swadharma, 3(1), 42–48. https://doi.org/10.56486/jeis.vol3no1.291

Wahyuni, I. (2022). Analisis Tata Kelola E-Government Pelayanan Administrasi Menggunakan Framawork COBIT 5. Jurnal Informatika Ekonomi Bisnis, 39–45. https://doi.org/10.37034/infeb.v4i2.123

Downloads

Published

2025-12-26

How to Cite

Miharja, I. S. and Ginardi, R. V. H. (2025) “Evaluation of the Effectiveness of Audit Management System (AMS) Using COBIT 2019 and ISO 31000:2018 in the Internal Audit Function”, Sebatik, 29(2), pp. 343–360. doi: 10.46984/sebatik.v29i2.2627.

Issue

Vol. 29 No. 2 (2025): December 2025

Section

Articles

License

Copyright (c) 2025 Indra Setya Miharja, Raden Venantius Hari Ginardi

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

 

Authors retain all their rights to the published works, such as (but not limited to) the following rights; Copyright and other proprietary rights relating to the article, such as patent rights, The right to use the substance of the article in own future works, including lectures and books, The right to reproduce the article for own purposes, The right to self-archive the article