The Implementation of COBIT 4.1 and COBIT 5-Based IT Governance Audits in the Ministry of Finance of Indonesia

Nur Imroatun Sholihat


Abstract: Lately, organizations including the governmental ones started to realize the crucial role of IT for their organizations. For example, in the last 3 years, The Ministry of Finance (MoF) has spent Rp1.244 billion (USD 93,57 million) for IT investment itself. Weill (2004) stated that the benefit received from the IT investment is influenced by its governance. To ensure that IT is well-governed, IT governance audit is performed. In Indonesia, Inspectorate General of MoF is the first and only internal audit organization to carry out IT governance audit to date. IT governance audit in the Ministry of Finance has also implemented the globally accepted framework, COBIT. For those reasons, IT governance audit practice in the MoF could be the acceptable benchmark for another public sector organization about the aforesaid area of audit. This research aims to get the understanding about the implementation of IT governance audits in the Ministry of Finance (MoF) and compare them with Assessor Guide: Using COBIT 5. This study is important because meanwhile IT governance audit is important, to the best of author’s knowledge, research about IT governance audit practice in Indonesia’s public sector is very limited. To achieve the research’s purpose, this research will be served as a qualitative descriptive research. The result showed that MoF’s IT governance audit practice implemented Assessor Guide: Using COBIT 5 with some adjustments were done. Despite being in the early stage, the IT governance audit which combined COBIT 4.1 and COBIT 5 assessment approaches is fair performed.


Abstrak: Dewasa ini, organisasi termasuk organisasi pemerintah mulai menyadari peran penting TI untuk organisasi mereka. Misalnya, dalam 3 tahun terakhir, Kementerian Keuangan (Kemenkeu) telah menghabiskan Rp1.244 miliar (USD 93,57 juta) untuk investasi TI. Weill (2004) menyatakan bahwa manfaat yang diterima dari investasi TI dipengaruhi oleh tata kelolanya. Untuk memastikan bahwa TI dikelola dengan baik, audit tata kelola TI dilakukan. Di Indonesia, Inspektorat Jenderal Kemenkeu adalah organisasi audit internal pertama dan satu-satunya yang melakukan audit tata kelola TI hingga saat ini. Audit tata kelola TI di Kemenkeu juga telah menerapkan framework yang diterima secara global, COBIT. Untuk alasan tersebut, praktik audit tata kelola TI di Kemenkeu dapat menjadi tolok ukur bagi organisasi sektor publik lainnya tentang bidang audit tersebut.. Penelitian ini bertujuan untuk mendapatkan pemahaman tentang pelaksanaan audit tata kelola TI di Kemenkeu dan membandingkannya dengan Assessor Guide: Using COBIT 5. Studi ini penting sebab meskipun audit tata kelola TI penting, sepanjang pengetahuan penulis, penelitian tentang praktik audit tata kelola TI di sektor publik Indonesia sangat terbatas. Untuk mencapai tujuan penelitian, penelitian ini akan disajikan sebagai penelitian kualitatif deskriptif. Hasil penelitian menunjukkan bahwa praktik audit tata kelola TI Kemenkeu telah menerapkan Assessor Guide: Using COBIT 5 dengan beberapa penyesuaian. Meskipun berada di tahap awal, audit tata kelola TI yang menggabungkan pendekatan assessment COBIT 4.1 dan COBIT 5 telah dilakukan secara cukup baik.



COBIT 4.1; COBIT 5; IT Governance Audit; Ministry of Finance

Full Text:



Africa, D. 2009. Auditing IT Governance Seminar.ISACA Manila Professional Development Center. Manila: ISACA Manila Chapter.

Al-Hayale, T.,& Abu Khadra, H. 2006. Evaluation of The Effectiveness of Control Systems in The Computerized Accounting Information Systems: An Empirical Research Applied on Jordanian Banking Sector. Journal of Accounting. Business,and Management 13: 39-68.

Bermejo, P.H.S., Tonelli, A.O. Zambalde, and A.L. 2014. Developing IT Governance in Brazilian Public Organizations. Int. Bus. Res 7(3): 101-114.

Crawford, Adam. 2006. Networked Governance and the Post-Regulatory State? Steering, Rowing and Anchoring the Provision of Policing And Security. Theoritical Criminology 10(4): 449-479.

DiCicco, Barbara, and Crabtree, Benjamin F. 2006.“The Qualitative Research Interview”. Medical Education 40: 314-321.

Gheorghe, M. 2010. Audit Methodology for IT Governance. Informatica Economica 1: 32-42.

Grembergen, De Haes, and Guldentops. 2004. Structures, Processes and Relational Mechanisms for IT Governance. London: Idea Group Inc.

Guldentops, E. 2003. Governing Information Technology Through COBIT. In W. Van Grembergen (Ed.), Strategies For Information Technology Governance. Hershey, PA: Idea Group Publishing.

ITGI. 2003. “IT Governance Institute, Board Briefing on IT governance. 2nd Edition”.

ITGI. 2007. “COBIT 4.1 Framework, Control Objectives, Management Guidelines, Maturity Value”.

ITGI. 2007. “IT Assurance Guide: Using COBIT”.

ISACA (Information System Audit and Control Association). 2009. Implementing and Continually Improving IT Governance. Rolling Meadows, IL: Information Systems Audit and Control Association.


Juiz, C., C. Guerrero, and I Lera. 2014. Implementing Good Governance Principles for the Public Sector in Information Technology Governance Frameworks. Open Journal of Accounting 3: 9-27.


Kemenkeu. 2015. “BPKP: MoF’s Government Internal Supervisory Apparatus Could Be Role Model”.

LM, Applegate., Austin RD, and McFarlan FW. 2003. Corporate Information Strategy and Management: Text and Cases.6th Ed. New York: McGraw-Hill.

Nkwe, Nugi. 2011. State of Information Technology Auditing in Botswana. Asian Journal of Finance & Accounting 3: 125-136.

Omari, Loai Al: Paul Barnes: and Grant Pitman. 2013. Delphy Study into the Audit Challenges of IT Governance in the Australian Public Sector. Electronic Journal of Computer Science and Information Technology 4(1): 5.

Sethibe, T., J. Campbell, and C. McDonald. 2007. “IT Governance in Public and Private Sector Organisations: Examining the Differences and Defining Future Research Directions”. 18th Australian Conference on Information Systems: 833-843.

Spremic, Mario., Marijana Ivanov. and Bozidar Jakovic. 2012. IT Governance and Information System Auditing Practice in Credit Institutions in The Republic of Croatia. International Journal of Applied Mathematics and Informatics 6: 101-108.

Tempo. 2015. “Cyber Crime, Lebih dari Rp 33 M Melayang Gara-gara Hacker”.

Van Grembergen, W. and S. DeHaes.2008. Enterprise Governance of IT. Belgium: Idea Group Publishing Antwerp University.

Weill, P and J.W. Ross. 2004. IT Governance: How Top Performers Manage IT Decision Rights for Superior Performance. USA: Harvard Business School Press.

Weill, P. 2004. Don’t Just Lead, Govern: How Top Performing Firms Govern IT, MIT Sloan School of Management, Center for Information Systems Research, Working Paper No. 34.



  • There are currently no refbacks.


The Indonesian Journal of Accounting Research (IJAR)

Editorial Secretariat

Master of Science and Doctoral Programs
Faculty of Economics and Business, Gadjah Mada University

Jl. Nusantara, Bulaksumur Yogyakarta 55281
CP : Novita
Phone  : +62 812-2848-2829
Fax    : +62 274 524606
Email  :

Marketing and Sales Office

Ikatan Akuntan Indonesia
Graha Akuntan, Jl. Sindanglaya No.1 Menteng, Jakarta Pusat 10310
CP : Reza Fauzi
Divisi Pelayanan, Keanggotaan dan Mitra IAI.
Grha Akuntan, Jl. Sindanglaya No.1, Menteng.
Telp.021-31904232 Ext.324/321



ISSN 2086-6887 (Print)
ISSN 2655 - 1748 (online)


Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.