A vehicle insurance company is grappling with a critical issue amid its efforts to integrate information technology into its operations. The problem revolves around the absence of documented procedures related to IT service management and infrastructure resources, impacting various operational facets, including business processes, staff management, applications, infrastructure, facilities, and vendor relationships. To address these concerns, the company has taken measures, including identification, analysis, control, and mitigation of IT-related risks. However, these measures have proven insufficient for optimal risk management, prompting the need for a comprehensive evaluation of their IT risk management capabilities. This assessment focuses on evaluating the implementation of IT risk management using a qualitative approach within the COBIT 5 framework. Specifically, it assesses the company's performance in two closely related processes: APO 12 (Manage Risk) for identifying IT-related risks and DSS 05 (Manage Security Services) for understanding the role of information security and monitoring security aspects. The assessment results indicate that the company's IT risk management capability is at level 3 (Established) for both processes. However, the company aspires to reach level 4 (Predictable) and improve their risk management. Furthermore, a critical discovery is the absence of Standard Operating Procedures (SOPs) related to data encryption, which is vital for information security. While some monitoring methods for information security service design have been effective, there is a need for enhanced data security through the development of encryption-related SOPs. The company plans to implement improvements based on COBIT 5 framework recommendations to achieve a higher level of risk management capability. These enhancements aim to better align IT-related risk management with the company's business objectives and improve the overall effectiveness of the processes.

Capabilit Level, COBIT 5, IT Governance, Risk Management

F. Salehi, B. Abdollahbeigi, and S. Sajjady, “Impact of Effective IT Governance on Organizational Performance and Economic Growth in Canada,” vol. 3, pp. 14–19, Feb. 2021.

I. Scalabrin Bianchi, R. Sousa, and R. Pereira, “Information Technology Governance for Higher Education Institutions: A Multi-Country Study,” Informatics, vol. 8, p. 26, Apr. 2021, doi: 10.3390/informatics8020026.

W. Santos Castellanos, “Impact of Information Technology (IT) Governance on Business-IT Alignment,” Cuadernos de Gestión, vol. 2020-12–10, Dec. 2020, doi: 10.5295/cdg.180995ws.

D. Smits and J. Hillegersberg, “The development of a hard and soft IT governance assessment instrument,” Procedia Comput Sci, vol. 121, pp. 47–54, Jan. 2017, doi: 10.1016/j.procs.2017.11.008.

A. Nurdin and M. Lubis, “The IT Governance Measurement using Cobit 5 Framework in Quality Assurance Department,” Jurnal Informatika dan Rekayasa Perangkat Lunak, vol. 5, p. 80, Mar. 2023, doi: 10.36499/jinrpl.v5i1.7963.

E. Alsaleem and N. Husin, “The Impact of Information Technology Governance Under Cobit-5 Framework on Reducing the Audit Risk in Jordanian Companies,” International Journal of Professional Business Review, vol. 8, p. e01236, Feb. 2023, doi: 10.26668/businessreview/2023.v8i2.1236.

A. Asmah and M. Kyobe, Towards an Integrative Theoretical Model For Examining IT Governance Audits. 2018. doi: 10.1145/3209415.3209423.

A. Nurdin and M. Lubis, “The IT Governance Measurement using Cobit 5 Framework in Quality Assurance Department,” Jurnal Informatika dan Rekayasa Perangkat Lunak, vol. 5, p. 80, Mar. 2023, doi: 10.36499/jinrpl.v5i1.7963.

H. Nugroho, “Proposed IT Governance at Hospital Based on COBIT 5 Framework,” IJAIT (International Journal of Applied Information Technology), vol. 1, p. 52, Aug. 2017, doi: 10.25124/ijait.v1i02.875.

D. Putri, J. Juwairiah, and F. Kodong, “Capability Level Analysis of IT Governance Using COBIT 5 on Continuity and Availability Of Services (Case Study: LMS Spada Wimaya),” Telematika, vol. 19, p. 283, Oct. 2022, doi: 10.31315/telematika.v19i3.7059.

N. Mutia and R. Nur’ainy, “IT GOVERNANCE: MEASURE CAPABILITY LEVEL USING COBIT 5 FRAMEWORK,” Jurnal Ilmiah Ekonomi Bisnis, vol. 25, pp. 97–110, Aug. 2020, doi: 10.35760/eb.2020.v25i2.2609.

D. Sanjaya and M. I. Fianty, “Measurement of Capability Level Using COBIT 5 Framework (Case Study: PT Andalan Bunda Bijak),” Ultima Infosys : Jurnal Ilmu Sistem Informasi, vol. 13, no. 2, 2022.

A. A. Louis and M. I. Fianty, “Evaluation Human Resources Information System Using COBIT 5 Framework in Technology Insurance Company,” G-Tech: Jurnal Teknologi Terapan, vol. 7, no. 2, pp. 674–682, Mar. 2023, doi: 10.33379/gtech.v7i2.2393.

Y. Bounagui, A. Mezrioui, and H. Hafiddi, “Toward a unified framework for Cloud Computing governance: An approach for evaluating and integrating IT management and governance models,” Comput Stand Interfaces, vol. 62, pp. 98–118, Sep. 2018, doi: 10.1016/j.csi.2018.09.001.

K. Pratama Arthananda, “The Role of COBIT5 as a Reference for Quality Service Quality Improvement Case Study: Private Bank in Indonesia,” Ultima Infosys : Jurnal Ilmu Sistem Informasi, vol. 12, no. 2, 2021.

A. Amorim, M. Mira da Silva, R. Pereira, and M. Gonçalves, “Using agile methodologies for adopting COBIT,” Inf Syst, vol. 101, p. 101496, Feb. 2020, doi: 10.1016/j.is.2020.101496.

A. Tantiono and D. Legowo, “Information System Governance in Higher Education Foundation using COBIT 5 Framework,” International Journal of Recent Technology and Engineering (IJRTE), vol. 8, pp. 2798–2811, Mar. 2020, doi: 10.35940/ijrte.F8192.038620.

F. Muttaqin, M. Idhom, F. Akbar, M. Swari, and E. Putri, “Measurement of the IT Helpdesk Capability Level Using the COBIT 5 Framework,” J Phys Conf Ser, vol. 1569, p. 022039, Jul. 2020, doi: 10.1088/1742-6596/1569/2/022039.

D. Putra and M. I. Fianty, “Capability Level Measurement of Information Systems Using COBIT 5 Framework in Garment Company,” Journal of Information Systems and Informatics, vol. 5, no. 1, pp. 333–346, Mar. 2023, doi: 10.51519/journalisi.v5i1.454.

S. Haes, W. Grembergen, A. Joshi, and T. Huygh, “Enterprise Governance of IT, Alignment, and Value,” 2020, pp. 1–13. doi: 10.1007/978-3-030-25918-1_1.

R. Frogeri, D. Pardini, A. Cardoso, L. Prado, F. Pelloso Piurcosky, and P. Portugal Júnior, “IT Governance in SMEs: The State of Art,” International Journal of IT/Business Alignment and Governance, vol. 10, pp. 55–73, Jan. 2019, doi: 10.4018/IJITBAG.2019010104.

L. Englbrecht, S. Meier, and G. Pernul, “Towards a capability maturity model for digital forensic readiness,” Wireless Networks, vol. 26, pp. 4895–4907, Oct. 2020, doi: 10.1007/s11276-018-01920-5.

S. Saeedinezhad and A. Naghsh, “Management of IT Services in the Field of Pre-Hospital Emergency Management with the Combined Approach of COBIT Maturity Model and ITIL Framework: A Conceptual Model,” 2019.

A. Levstek, T. Hovelja, and A. Pucihar, “IT Governance Mechanisms and Contingency Factors: Towards an Adaptive IT Governance Model,” Organizacija, vol. 51, pp. 286–310, Dec. 2018, doi: 10.2478/orga-2018-0024.