Risk management is a part of information technology (IT) governance, enabling organizations to safeguard their information assets effectively and efficiently. It involves identifying potential risks, planning mitigation strategies, and establishing relevant policies. An interview with the Head of Pustipanda at Syarif Hidayatullah State Islamic University (SIU) Jakarta revealed that the university underwent an IT governance audit by the National Cyber and Crypto Agency in 2020, with results indicating the need for significant improvements. Given the critical role of the Academic Information System (AIS) as a strategic IT asset in higher education, effective management is essential. This study aims to evaluate the IT governance maturity of Pustipanda using the COBIT 2019 framework and to identify key governance domains that should be prioritized for improvement. The study focuses on the IT governance of Pustipanda Syarif Hidayatullah SIU Jakarta, selected as a sample from the broader population of PTKIN (State Islamic Religious Colleges) in Indonesia. Using the COBIT 2019 framework, the research identifies 22 IT governance domains prioritized for implementation, with six domains categorized as top priority. These findings provide actionable insights for IT governance enhancement, particularly in academic institutions. The methodology presented can serve as a reference for other PTKIN to assess and prioritize IT governance domains according to their specific organizational needs, supporting the development of more secure, efficient, and well-governed IT environments in higher education institutions.

J. S. Suroso and M. Fakhrozi, “Assessment of information system risk management with Octave Allegro at system education,” Procedia Comput. Sci., vol. 135, pp. 202–213, 2018, doi: 10.1016/j.procs.2018.08.167.

M. Moyo, H. Abdullah, and R. C. Nienaber, “Information security risk management in small-scale organizations: A case study of secondary schools computerized information systems,” 2013 Information Security for South Africa, Johannesburg, South Africa, pp. 1–6, 2013, doi: 10.1109/ISSA.2013.6641062.

B. M. Dioubate, N. N. Molok, S. Talib, and A. O. Trap, “Risk assessment model for organizational information security,” ARPN J. Eng. Appl. Sci., vol. 30, no. 23, pp. 17607–17613, 2015.

J. Webb, A. Ahmad, S. B. Maynard, and G. Shanks, “A situation awareness model for information security risk management,” Comput. Secur., vol. 44, pp. 1–15, 2014, doi: 10.1016/j.cose.2014.04.005.

M. Talabis and J. Martin, Information Security Risk Assessment Toolkit: Practical Assessments Through Data Collection and Data Analysis. Newnes, 2012.

A. T. D. Aryani, R. Ahmad, and P. Bill, “User satisfaction on academic information system in UIN KH abdurrahman wahid pekalongan,” Appl. Inf. Syst. Manag., vol. 6, no. 2, pp. 97–104, 2023, doi: 10.15408/aism.v6i2.31245.

K. C. Laudon and J. P. Laudon, Management Information System, thirteenth edition. Pearson, 2004.

H. Alves and M. Raposo, “The influence of university image on student behaviour,” Int. J. Educ. Manag., vol. 24, no. 1, pp. 73–85, 2010, doi: 10.1108/09513541011013060.

I. Sherifi, “Impact of information systems in satisfying students of the university: Case study from epoka university,” Eur. J. Bus. Soc. Sci., vol. 4, no. 04, pp. 167–175, 2015.

H. A. Salsabila and I. Iriyadi, “Evaluasi atas penerapan sistem informasi akademik dan keuangan terhadap tingkat kepuasan mahasiswa (studi kasus mahasiswa jurusan akuntansi S1 angkatan tahun 2016 di IBI kesatuan bogor),” J. Anal. Sist. Pendidik. Tinggi, vol. 4, no. 2, pp. 137–148, 2020, doi:10.36339/jaspt.v4i2.348.

N. L. Kuntari, Y. H. Chrisnanto, and A. I. Hadiana, “Manajemen risiko sistem informasi di Universitas Jenderal Achmad Yani menggunakan metoda OCTAVE Allegro,” in Seminar Nasional Teknologi Informasi, vol. 1, pp. 551-559, Jul. 2018.

D. A. Jakaria, R. T. Dirgahayu, and H. Hendrik, “Manajemen risiko sistem informasi akademik pada perguruan tinggi menggunakan metoda Octave Allegro,” Seminar Nasional Aplikasi Teknologi Informasi (SNATI), pp. 37–42, 2013.

M. I. Cholik, “Analisis manajemen risiko penggunaan sistem informasi menggunakan metode octave allegro (studi kasus PT. XYZ),” M.S. Thesis, Bina Nusantara University, 2018

A. Safar, “Deteksi penilaian resiko pada e-learning SMK bina prestasi AMI balikpapan dengan metode octave allegro,” J. Sist. Inf., vol. 2, no. 2, pp. 69–77, 2019.

R. Rosini, M. Rachmaniah, and B. Mustafa, “Penilaian risiko kerawanan informasi dengan menggunakan metode octave allegro,” J. Pustakawan Indones., vol. 14, no. 1, pp. 1–9, 2015.

A. Zulfia, E. L. Ruskan, and P. Putra, “Penilaian risiko aset informasi dengan metode octave allegro: Studi kasus ICT fakultas ilmu komputer Universitas Sriwijaya,” J. Inf. Syst., vol. 6, no. 1, pp. 40–47, 2021, doi: 10.33633/joins.v6i1.4088.

M. G. Ginanjar, L. Ramadhan, and R. A. Nugraha, “Perancangan tata kelola teknologi informasi menggunakan kerangka kerja COBIT 2019 di DISKOMINFOSAN kabupaten sukabumi,” Smart Comp, vol. 10, no. 03, pp. 160–165, 2021.

P. N. Anastasia and L. H. Atrinawati, “Perancangan tata kelola teknologi informasi menggunakan framework cobit 2019 pada hotel xyz,” JSI J. Sist. Inf., vol. 12, no. 2, pp. 2088–2099, 2020, doi: 10.36706/jsi.v12i2.12329.

L. Merryana, I. Ade, & H. Hendry, “Information technology governance design in devops-based e-marketplace companies using COBIT 2019 framework” INTENSIF, vol. 6, no. 2, pp. 233–252, 2022, doi: 10.29407/intensif.v6i2.18104.

J. Beato, and M. I. Fianty, “COBIT 2019 framework: Evaluating knowledge and quality management capabilities in a printing machine distributor” Journal of Information Systems and Informatics, vol. 6, no. 1, pp. 1–12, 2019, doi: 10.51519/journalisi.v6i1.638.