Perancangan Tata Kelola dan Manajemen Risiko Teknologi Informasi Menggunakan Kerangka Kerja Cobit 2019 pada Kota Cerdas Pemerintah Kabupaten

Abstract

Digital transformation driven by the smart city concept has encouraged local governments to integrate information technology into public services. However, high dependency on information systems without adequate risk management poses serious threats to organizational effectiveness, service continuity, and public trust. This study aims to design IT governance and risk management at the Department of Communication and Informatics (Diskominfo) of a district government using the COBIT 2019 framework, focusing on domain EDM03 (Ensure Risk Optimization) and APO12 (Managed Risk). A descriptive-qualitative method was employed using capability assessment through questionnaires, observations, and interviews with 12 key respondents mapped using the RACI model. The results show that the risk governance capability in EDM03 is at Level 2 (Managed), while APO12 is at Level 3 (Defined). The gap analysis reveals the need to strengthen procedural documentation, integrate risk reporting systems, and increase awareness of IT security. This study provides comprehensive risk mitigation recommendations across people, process, and technology aspects. If properly implemented, these strategies are expected to enhance service efficiency, reliability, and institutional readiness for secure and sustainable digital transformation.