Audit Domain Acquire And Implement dengan Cobit 4.1 pada PT Erajaya Swasembada Tbk


  • Viany Utami Tjhin Bina Nusantara University



audit, technology, information, COBIT 4.1, maturity model


The main priority aspect of information and communication technologies is given to control mechanisms, both internal and external in enterprises. It ensures that the reports and the decisions received and generated by the management will support their decision-making. The decisions have honesty and high integrity based on the results of the audit conducted on systems of information and communication technology. The objective of this research is to deliver audit reports of information systems for management and make recommendations on the audit findings in PT Erajaya Swasembada Tbk. Business processes studied included sales, purchasing, finance, and the warehouse. The system used was "Erajaya Live Application Server" and ERP (Enterprise Resource Planning)-based. This research used thedomain of COBIT 4.1: Acquire and Implement. The domain included several sub-domains, which were:identify automated solutions (AI1), acquire and maintain application software (AI2), acquire and maintain technology infrastructure (AI3), enable operation and use (AI4), procure IT resources (AI5), manage changes (AI6), and install and accredit solutions and changes (AI7). Data were collected from interviewing IT Department, distributing questionnaires to respondents, and observing the business processes of this enterprise. Research obtained 57 audit findings on IT implementation. The results of process reference model formulation are 3 findings on AI1subdomain, 5 findings on AI2subdomain, 9 findings on AI3subdomain, 6 findings on AI4 subdomain, 11 findings on AI5subdomain, 13 findings pada AI6subdomain, and 10 findings on AI7subdomain. The level of maturity model of this domain, Acquire and Implement (AI), was found on level 3.

Plum Analytics


Arens, A. A., Elder, R. J., & Beasley, M. S. (2005). Auditing and Assurance Services: An Integrated Approach. Edisi 10. New Jersey: Prentice Hall.

Cangemi, P. M. & Singleton, T. (2003). Managing The Audit Function. Edisi 3. New Jersey: John Willey & Sons.

Cascarino, R. (2012). Auditor’s Guide to IT Auditing. New Jersey: John Wiley & Sons.

Gondodiyoto, S. (2007). Audit Sistem Informasi: Pendekatan COBIT. Edisi Revisi. Jakarta: Mitra Wacana Media.

Hall, J. A. (2011). Information Technology Auditing and Assurance. United States: ACL Services.

Hunton, J. E., Bryant, S. M. & Bagranoff, N. A. (2004). Core Concepts of Information Technology Auditing. International Edition. New Jersey: John Wiley and Sons.

ISACA. (2007). COBIT 4.1. USA: IT Governance Institute.

Lee, W. W. (2014). Why computer ethics matters to computer auditing. Journal of ISACA, 2. Diakses dari Auditing_joa_Eng_0314.pdf

McLeod, R. Jr. (2001). Sistem Informasi Manajemen. Alih bahasa: H. Teguh. Jilid 1, Edisi Bahasa Indonesia. Jakarta: Prenhallindo.

Messier, W. F., Glover, S. M., & Prawitt, D. F. (2006). Auditing & Assurance Services: A Systematic Approach. Buku 1, Edisi 4. Jakarta: Salemba Empat.

Singleton, T. W. (2011). IT risks—present and future. Journal of ISACA, 4. Diakses dari






Abstract 753  .
PDF downloaded 722  .