Title: Control self-assessment on information technology business processes as COBIT 2019-based pre-audit activities

Authors: Lukman Abdurrahman

Addresses: Information Systems Study Program, School of Industrial and Systems Engineering, Telkom University, Bandung, Indonesia

Abstract: Control self-assessment (CSA) is a management tool to help management identify some shortcomings within the business processes. The CSA resembles the auditing process, viz. the CSA benefited business process owners by helping them evaluate their businesses, while the auditing process was conducted by internal or external auditors. This study aims to examine the management of risks and their controls to assess their effectiveness in mitigating the risks within business processes. To apply the CSA, Directorate of Centre of Information Technology (DCIT) of Telkom University Bandung will be a venue to do so. There are 29 risks with medium- or high-risk level. To examine the control effectiveness, the CSA has performed the control designs and their operation. The results show that four controls are ineffective, while the others are effective. In other words, the CSA resulted in 13.79% of controls being ineffective, while 86.21% were effective. This circumstance indicates that the DCIT's controls are mostly effective.

Keywords: control self-assessment; CSA; auditing; business process; internal control; risk.

DOI: 10.1504/IJKMTH.2024.136327

International Journal of Knowledge Management in Tourism and Hospitality, 2024 Vol.3 No.3, pp.185 - 200

Received: 19 May 2023
Accepted: 29 May 2023
Published online: 30 Jan 2024 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article