IT Audit of Online Single Submission (OSS) Application version 1.1 with COBIT 5.0

(Case Study at the XYZ City One Stop Investment and Integrated Services Office)

  • Pratiwiyani Pratiwiyani Universitas Sahid Surakarta
  • Sri Huning Anwariningsih Universitas Sahid Surakarta
  • Firdhaus Hari Saputro Al Haris Universitas Sahid Surakarta


Investment and One Stop Integrated Service Office (DPMPTSP) is a government agency that serves licensing and investment that uses the information system from BKPM RI, OSS 1.1. DPMPTSP of XYZ City found several obstacles in the use of OSS 1.1, including OSS 1.1 unable to display reports based on the type of permit, there were some licenses that were not integrated yet, there was no link with the licensing agency, so an OSS 1.1 system audit was needed. with a case study in DPMPTSP XYZ City. This audit aims to determine the OSS system capability level 1.1. which refers to the implementation process in DPMPTSP. The method used is descriptive qualitative with primary data type in the form of data from interviews with DPMPTSP. Data collection was carried out by interview and question methods from the COBIT 5 domain. Based on the results of an audit of research conducted using the CobIT 5.0 framework, resulting in a level of capability and recommendations. The current OSS system capability level 1.1, Evaluate, Direct and Monitor (EDM) domains are at capability level 2.6 (Managed), Align, Plan and Organize (APO) domains are at capability level 2.4 (Managed), Build domain, Acquire and Implement (BAI) are at capability level 2.3 (Managed), Deliver domains, Service and Support (DSS) are at capability level 2.3 (Managed), Monitor, Evaluate and Assess (MEA) domains are at level capability 2.6 (Managed). In this condition OSS 1.1 system governance has been implemented well in XYS City DPMPTSP with several recommendations to DPMPTSP so that it can be submitted to BKPM RI to improve OSS 1.1 system governance so that it runs more optimally.

Keywords: Information Technology audit, capacity model, COBIT 5, Investment and One Stop Integrated Service Office (DPMPTSP)


Andry, J. F. (2016) ‘Performace Measurement IT Of Process Capability Model Based on COBIT : A Study Case’, Jurnal Ilmiah DASI, 17 No. 3, pp. 21–26.
Ciptaningrum, Dewi;Nugroho, Eko; Adhipta, D. (2015) ‘Audit Keamanan Sistem Informasi Pada Kantor Pemerintah Kota Yogyakarta Menggunakan COBIT 5’, in Seminar Nasional Teknologi Informasi dan Komunikasi 2015 (SENTIKA 2015). Yogyakarta: FTI, Universitas Atma Jaya Yogyakarta, pp. 65–74. Available at:
Curtis, B. (2020) The Value of IT Governance. Available at: (Accessed: 2 July 2020).
De Haes, S., Debreceny, R. and Van Grembergen, W. (2013) ‘IT Policy Framework based on COBIT 5’, ISACA-Journal. Available at:
De Haes, S., Van Grembergen, W. and Debreceny, R. S. (2013) ‘COBIT 5 and enterprise governance of information technology: Building blocks and research opportunities’, Journal of Information Systems, 27(1), pp. 307–324. doi: 10.2308/isys-50422.
ISACA (2013) COBIT 5 ISACA’S newframework for IT Governance, Risk, Security and Auditing An overview. ISACA Whitepapers,.
Joshi, A. et al. (2018) ‘Explaining IT governance disclosure through the constructs of IT governance maturity and IT strategic role’, Information and Management. Elsevier, 55(3), pp. 368–380. doi: 10.1016/
Maskur et al. (2016) ‘Perancangan Tata Kelola TI Dengan Menggunakan Framework Cobit 5 (Studi Kasus: Pemerintah Kab. Jeneponto)’, Jurnal Teknologi Informasi dan Komputer, 1(1), pp. 10–15.
Pemerintah Indonesia (2018) Peraturan Pemerintah Republik Indonesia Nomor 24 Tahun 2018 Tentang Pelayanan Perizinan Berusaha Terintegrasi Secara Elektronik.
Ruslie, G. and Hapsari, A. (2019) ‘Analysis of Information System Governance Audits Based on CobIT 5 . 0 in Regional Financial Agency City of Salatiga’, International Journal of Information Technology and Business, 1(2), pp. 1–8.