Risk Assessment on Wilujeng Hospital IT Process Using COBIT 2019 Framework

Abstract

The utilization of information technology within hospitals introduced risks to both operational efficiency and patient information security. Risks at Wilujeng Hospital include information systems tracking not being updated by staff, human error due to a lack of computer skills, no available personnel dedicated to the protection of computer information, and no clear task for all staff members on how to understand systems. The hospital did not perform a risk management capability assessment which is an important part of assessing risk management maturity. This study reviewed Wilujeng Hospital's risk management capabilities using the COBIT 2019 framework and provided suggestions for improving governance. Data collection and analysis were based on the COBIT 2019 principles, specifically on capabilities through design factor analysis. The study examined three relevant components of COBIT, including DSS05 (Managed Security Services), APO07 (Managed Human Resources), and APO12 (Managed Risk). The findings indicated that all three areas achieved competency level 1 with respective scores of 61.5%, 80.55%, and 58.33%. This indicates that the hospital's risk management capabilities are still evolving and that security and human resources management should be improved to enhance IT governance and data protection.