<![CDATA[ABSTRACT The implementation of Information Technology at XYZ Hospital serves as a key driver in enhancing the efficiency of healthcare services, but it also raises the organization’s vulnerability to significant operational risks. The primary risks identified involve inaccurate data resulting from human mistakes, breakdowns in system interoperability, and the deterioration of hardware infrastructure that may interfere with patient care. This research seeks to assess the governance of IT risk management and determine the organization’s capability level using the COBIT 5.0 framework, focusing on the APO12 (Manage Risk) domain. The study employs qualitative methods, gathering information through interviews and direct observations, and then conducts a gap analysis to compare the current state (As-Is) with the desired future state (To-Be). Findings show that the organization’s capability is currently at Level 2 (Managed Process) with a score of 1.87, which is still below the intended maturity level of 3 (Established Process) at 2.94. These results indicate that risk management activities are still largely reactive and rely on intuition, with no standardized procedures embedded within the institution. Ultimately, the study suggests formalizing a Risk Register, standardizing mitigation procedures through established SOPs, and developing a Disaster Recovery Plan to strengthen risk governance into a more systematic, preventive, and resilient framework.]]>
Copyrights © 2026
