Information System Audit Using COBIT and ITIL Framework: Literature Review


  • Arif Rusman Sepuluh Nopember Institute of Technology Surabaya, Indonesia
  • Reny Nadlifatin Sepuluh Nopember Institute of Technology Surabaya, Indonesia
  • Apol Pribadi Subriadi Sepuluh Nopember Institute of Technology Surabaya, Indonesia




Improved IT performance drives business growth, enhances competitive advantage, and enables strategic improvements in IT management and governance. This condition is increasingly important because business organizations and systems and technology are increasingly complex. In the application and use of technology, information technology audits require a framework based on principles that drive the desired behavior. In writing this literature review, the information technology audit method used is ITIL, and COBIT as guidelines for corporate information technology governance and audit processes. In its use, the ITIL framework is designed to ensure a flexible, coordinated and integrated system for the effective governance and management of IT services. While the COBIT framework is designed from a number of components that function to adjust, maintain, and shape system governance. To conduct an information system audit, the authors need to pay attention to things that can affect IT performance. This study produces a model to determine the factors that affect the Information System Audit. Researchers conducted a literature review from various sources that discussed Information System Auditing Using the COBIT and ITIL Frameworks which were collected from some of the literature found. Several factors that influence the Information System Audit are Design Factors, Knowledge Worker factors, Operational factors, Risk Assessment Factors, and Gather Evidence Factors. The author also conducted a systematic mapping study to find research gaps, namely the method of mapping the relationship between research topics and how much research has covered each topic and the relationship between topics.

GS Cited Analysis


Download data is not yet available.


Alimam, M., Bertin, E., & Crespi, N. (2017). ITIL perspective on enterprise social media. International Journal of Information Management, 317-326.

Al-Matari, O. M., Helal, I. M., Mazen, S. A., & Elhennawy, S. (2021). Adopting security maturity model to the organizations’ capability model. Egyptian Informatics Journal, 193-199.

Alreemy, Z., Chang, V., Walters, R., & Wills, G. (2016). Critical success factors (CSFs) for information technology governance (ITG). International Journal of Information Management, 907-916.

Aminzade, M. (2018). Confidentiality, integrity and availability – finding a balanced IT framework. Netw. Secur, 9-11.

Amorim, A. C., Mira da Silva, M., Pereira, R., & Gonçalves, M. (2021). Using agile methodologies for adopting COBIT. Information Systems, 101496.

Ariffin, K. A., & Ahmad, F. H. (2021). Indicators for maturity and readiness for digital forensic investigation in era of industrial revolution 4.0. Computers & Security, 102237.

Bosse, S., Splieth, M., & Turowski, K. (2016). Multi-objective optimization of IT service availability and costs. Reliability Engineering & System Safety, 142-155.

Bounagui, Y., Mezrioui, A., & Hafiddi, H. (2019). Toward a unified framework for Cloud Computing governance: An approach for evaluating and integrating IT management and governance models. Computer Standards & Interfaces, 98-118.

Breda, G., & Kiss, M. (2020). Overview of information security standards in the field of special protected industry 4.0 areas & industrial security. Procedia Manufacturing, 580-590.

Enríquez, J., Sánchez-Begines, J., Domínguez-Mayo, F., García-García, J., & Escalona, M. (2019). An approach to characterize and evaluate the quality of Product Lifecycle. Computer Standards & Interfaces, 77-88.

Ferreira, C., Nery, A., & Pinheiro, P. R. (2016). A Multi-Criteria Model in Information Technology Infrastructure Problems. Procedia Computer Science, 642-651.

Gantman, S., & Fedorowicz, J. (2016). Communication and control in outsourced IS development projects: Mapping to COBIT domains. International Journal of Accounting Information Systems, 63-83.

Gërvalla, M., Preniqi, N., & Kopacek, P. (2018). IT infrastructure library (ITIL) framework approach to IT governance. IFAC-PapersOnLine, 181-185.

Hoffman, B. W., Sellers, R. D., & Skomra, J. (2018). The impact of client information technology capability on audit pricing. International Journal of Accounting Information Systems, 59-75.

Hosono, S., & Shimomura, Y. (2017). Bridging On-site Practices and Design Principles for Service Development. Procedia CIRP, 422-427.

Joshi, A., Bollen, L., Hassink, H., De Haes, S., & Van Grembergen, W. (2018). Explaining IT governance disclosure through the constructs of IT governance maturity and IT strategic role. Information & Management, 368-380.

Maciá Pérez, F., Berna Martinez, J. V., & Lorenzo Fonseca, I. (2021). Strategic IT alignment Projects. Towards Good Governance. Computer Standards & Interfaces, 103514.

Marnewick, C. (2016). Benefits of information system projects: The tale of. Int. J. Proj. Manag, 748-760.

Orta, E., & Ruiz, M. (2019). Met4ITIL: A process management and simulation-based method for implementing ITIL. Computer Standards & Interfaces, 1-19.

Proença, D., & Borbinha, J. (2016). Maturity Models for Information Systems - A State of the Art. Procedia Computer Science, 1042-1049.

Raymond, L., Bergeron, F., Croteau, A.-M., & Uwizeyemungu, S. (2019). Determinants and outcomes of IT governance in manufacturing. International Journal of Accounting Information, 100422.

Schmitz, C., Schmid, M., Harborth, D., & Pape, S. (2021). Maturity level assessments of information security controls: An empirical analysis of practitioners assessment capabilities. Computers & Security, 102306.

Shrestha, A., Cater-Steel, A., Toleman, M., Behari, S., & Rajaeian, M. M. (2020). Development and evaluation of a software-mediated process assessment method for IT service management. Information & Management, 103213.

Smits, D., & Van Hillegersberg, J. (2017). The development of a hard and soft IT governance assessment instrument. Procedia Computer Science, 47-54.

Smits, D., & Van Hillegersberg, J. (2018). The continuing mismatch between IT governance maturity theory and practice: a new approach. Procedia Computer Science, 549-560.

Terlizzi, M. A., Albertin, A. L., & de Moraes, H. R. (2017). IT benefits management in financial institutions: Practices and barriers. International Journal of Project Management, 763-782.

Wautelet, Y. (2019). A model-driven IT governance process based on the strategic impact evaluation of services. Journal of Systems and Software, 462-475.

Wilkin, C. L., Couchman, P. K., Sohal, A., & Zutshi, A. (2016). Exploring differences between smaller and large organizations' corporate governance of information technology. International Journal of Accounting Information Systems, 6-25.

Yamamoto, S. (2017). A Continuous Approach to Improve IT Management. Procedia Computer Science, 27-35.

Yandri, R., Suharjito, Utama, D. N., & Zahra, A. (2019). Evaluation model for the implementation of information technology service management using fuzzy ITIL. Procedia Computer Science, 290-297.


Crossmark Updates

How to Cite

Rusman, A. ., Nadlifatin, R. ., & Subriadi, A. P. . (2022). Information System Audit Using COBIT and ITIL Framework: Literature Review. Sinkron : Jurnal Dan Penelitian Teknik Informatika, 7(3), 799-810.