Analisis Risiko Teknologi Informasi Menggunakan Metode FMEA dan SAW dengan COBIT 5

Abstract

The use of Information Technology (IT) in a university raises various problems, one of which is the understanding of risks its use. Universitas Quality Medan was identified as having no IT risk documents. This study aims to analyze and rank risks provide recommendations for improvements. Risk assessment is carried out on 9 business processes use COBIT 5 framework in domains APO12 and EDM03, the risk level assessment uses FMEA, for rank and recommendations using SAW. The current risk management process is still level 1 with the APO12 capability value of 1.36 and to be conditions at level 2 a capability value of 2.32 a gap of 0.96. EDM03 current condition is at level 1 a capability value of 1.19, while the expected condition at level 2 a capability value of 2.11 a gap value of 0.91. The results of the identification of risk levels in the APO12 have 3 risk level processes on a scale of 6, 1 process a scale of 7, and 2 processes a scale of 8. For EDM03, have 2 risk level processes a scale of 9 and 1 process level of risk on a scale 8. Priority of risks and recommendations for APO12 is subdomains APO12.06 (Respond to Risk) the most priority to improve management process, and for EDM03 subdomains is the priority for improvement in EDM03.03 (Monitor Risk Management)