Businesses of any scale today cannot be separated from Information Systems and Technology, whether large or small scale requires a reliable information system to support appropriate, effective and efficient decision making for stakeholders. The information system that is currently trending in the business world is an Enterprise Resource Program (ERP) based on cloud computing (Cloud) which can help users run a business anywhere and anytime. In a report released by Delloite entitled: Hot Topics for IT Internal Audit In Financial Services reveals that the current hot issues are Cyber Security, Data Protection and Data Privacy, IT Governance and IT Risk. PT Petrokopindo is a company that has implemented cloud-based ERP. However, the potential for risks such as Cyber Security, Data Protection and Data Privacy from Cloud ERP can occur, which can disrupt the company's business operations. In this research, case studies will be carried out on companies that have implemented Cloud-ERP. The method used is the COBIT 5 Framework, which was chosen as the best and more complete guideline than other frameworks in the IT / IS management field (Sutikno, 2014). The expected result is to be able to identify security gaps and material weaknesses of the Cloud- ERP information system and then provide recommendations for improvements so that IS / IT becomes more reliable. It is hoped that this research can be useful for the development of IS / IT governance science, and as input for stakeholders on the Cloud-ERP platform in increasing the reliability of an IS / IT against the risk of information leakage and cyber attacks.
enterprise resource program; analytical hirearcy process; COBIT5.
Delloite, 2020 Hot Topics for IT Internal Audit In Financial Services, Delloite LLP, London, 2020.
M. Wolden, R. Valverde dan M. Talla, “The effectiveness of cobit 5 information security framework for reducing cyber attacks on supply chain management system,” IFAC-Papers Online, vol. 48, no. 3, pp. 1846-1852, 2015.
K. H. Guo dan B. L. Eschenbrenner, “Cvs pharmacy: an instructional case of internal controls for regulatory compliance and it risks,” Journal of Accounting Education, vol. 42, pp. 17-26, 2018.
M. S. Islam, N. Farah dan T. F. Stafford, “Factors associated with security/cybersecurity audit by internal audit function: an international study,” Managerial Auditing Journal, vol. 33, no. 4, pp. 377-409, 2018.
PT. Petrokopindo Citra Selaras, Rencana Jangka Panjang Perusahaan, Gresik: PT. Petrokopindo Citra Selaras, 2020