Purpose: This research aims to measure the current condition level (capability level) of DISKOMINFO and then conduct a Gap analysis so that it can provide recommendations for improving IT governance related to IT risk management.

Design/methodology/approach: The framework used is COBIT 2019, which will focus on 2 objectives: EDM03 (Evaluate, Direct, and Monitor)  & APO12 (Align, Plan, and Organize). The data used in this study were obtained through interviews, observation, and distribution of questionnaires which had been mapped using the RACI Chart.

Findings/result:  The results of the assessment show that the capability level/capability level according to DISKOMINFO is level 2 for each objective. Recommendations focus on making documentation of risk management activities in the form of risk guidelines, risk acceptance, activities for risk management methods, as well as the application of risk management evaluation of IT which is used by DISKOMINFO on a regular basis.

Originality/value/state of the art:From various types of risk management research with different frameworks, this research will use the COBIT 2019 performance standards to carry out information technology risk management. Where COBIT 2019 is the latest version of COBIT which was prepared to help companies manage and manage resources to achieve existing goals. COBIT 2019 has a broader scope than ISO SO/IEC 17799:2005 which includes a combination of principles that have been embedded and known as reference models (such as COSO), and are aligned with IT standard infrastructure.

J. Juminovario, et al., "Manajemen Risiko Divisi Sistem Informasi Pada Universitas Bina Insan Menggunakan Framework Cobit 5," CogITo Smart Journal, vol. 8, pp. 491-500, 2022.

D. F. Tanjung, A. Oktaviana, & A. P. Widodo, "Analisis Manajemen Risiko startup Pada Masa pandemi COVID-19 Menggunakan COBIT® 2019," Jurnal Teknologi Informasi Dan Ilmu Komputer, vol. 8, no. 3, pp. 635, 2021.

A. Ariesta, S. Suprapto, S, & A. Perdanakusuma, "Evaluasi Tata Kelola dan Manajemen Risiko Teknologi Informasi pada PT. MyECO Teknologi Nusantara menggunakan Framework COBIT 2019 Proses EDM03 dan APO12," Jurnal Pengembangan Teknologi Informasi Dan Ilmu Komputer, vol. 6, no. 12, pp. 5736-5745, 2023. [Online]. Available: https://j-ptiik.ub.ac.id/index.php/j-ptiik/article/view/11984

J. Ar Rajjani, B. Hanggara, & Y. Musityo, "Evaluasi Manajemen Risiko Teknologi Informasi pada Department of ICT PT Semen Indonesia (Perseo) Tbk menggunakan Framework COBIT 2019 dengan Domain EDM03 dan APO12," Jurnal Pengembangan Teknologi Informasi Dan Ilmu Komputer, vol. 5, no. 5, pp. 1734-1744, 2021. [Online]. Available: https://j-ptiik.ub.ac.id/index.php/j-ptiik/article/view/8982

Putu, et al., "Judul Artikel Terkait Manajemen Risiko IT," Jurnal Manajemen Risiko, vol. 15, pp. 123-145, 2020.

ISACA, "COBIT 2019 Design Guide: Designing an Information and Technology Governance Solution," ISACA, United States of America, 2018.

ISACA, "COBIT 2019 Framework Governance and Management Objectives," ISACA, United States of America, 2018.

ISACA, "COBIT 2019 Framework Introduction and Methodology," ISACA, United States of America, 2018.

ISACA, "COBIT 2019 Implementation Guide: Implementing and Optimizing an Information and Technology Governance Solution," ISACA, United States of America, 2018.

ISACA, "COBIT 5: Enabling processes," ISACA, 2012.

ISACA, "COBIT 5: Process assessment model (PAM): Using COBIT 5," ISACA, 2013.

ISACA, "COBIT 5: For risk," ISACA, 2016.

F. T. Riadi, A. D. Manuputty, and A. Saputra, "Evaluasi Manajemen Risiko Keamanan Informasi Dengan Menggunakan Framework Cobit 5 Subdomain Edm03 (Ensure Risk Optimisation)," Jurnal Terapan Teknologi Informasi, vol. 2, no. 1, pp. 12–21, 2018. [Online]. Available: https://doi.org/10.21460/jutei.2018.21.53

H. A. Sari, Y. Rahardja, and H. P. Chernovita, "Analisis Manajemen Risiko ti pada DISKOMINFO Salatiga Menggunakan Cobit5 Dengan domain APO12," JATISI (Jurnal Teknik Informatika Dan Sistem Informasi), vol. 8, no. 4, pp. 1772–1784, 2021. [Online]. Available: https://doi.org/10.35957/jatisi.v8i4.1089

R. Anugrah, E. Utami, and A. H. Muhammad, "Analisis Manajemen Risiko TI Pada Perguruan Tinggi XYZ Berbasis cobit 2019 dengan pertimbangan domain APO12," Jurnal Ilmiah Universitas Batanghari Jambi, vol. 22, no. 2, p. 991, 2022.