International Journal of Emerging Research in Engineering, Science, and Management
Vol. 4, Issue 3, pp. 08-14, Jul-Sep 2025.
https://doi.org/10.58482/ijeresm.v4i3.2

This work is licensed under a Creative Commons Attribution 4.0 International License.

Full Text PDF

Integrating COBIT and ISO Frameworks in IT Audits: A Literature Review

Muhammad Fauzan Hanif

Ahmad Rofik Harahap

Ade Fakhrudin

Fadli Fatih Madina

Dimas Febriawan

Department of Industrial Technology and Informatics, University of Muhammadiyah Prof. Dr. HAMKA, Jakarta, Indonesia.

Abstract: The accelerated evolution of information technology (IT) has compelled organizations to adopt structured governance frameworks to enhance audit efficacy and ensure robust information security. This study presents a systematic literature review examining the integration of COBIT and ISO/IEC 27001 within IT audit practices. Employing a qualitative descriptive methodology, the review synthesizes insights from seven primary scholarly sources, including case studies from both public and private sectors. The analysis delineates integration patterns, identifies best practices, and explores the synergistic potential of aligning COBIT’s strategic governance capabilities with the technical control rigour of ISO/IEC 27001. Findings demonstrate that such integration enhances audit capability maturity, facilitates structured risk mitigation, and fosters alignment between IT functions and organizational objectives. Nonetheless, notable research gaps persist, particularly the scarcity of quantitative assessments, limited cross-sector generalizability, and the absence of longitudinal evaluations of implementation outcomes. Additionally, practical challenges—including integration complexity, inadequate human resource competencies, and the lack of standardized implementation guidelines—impede broader adoption. The study concludes that integrating COBIT and ISO/IEC 27001 constitutes a viable foundation for advancing IT governance and audit maturity. However, further empirical investigation and development of pragmatic toolkits are essential. These insights aim to inform auditors, IT governance professionals, and policy makers in devising adaptive, standard-aligned audit strategies.

Keywords: COBIT, ISO/IEC 27001, IT Audit, Risk Management.

References: 

  1. E. Nachrowi, N. Y. Nurhadryani, and N. H. Sukoco, “Evaluation of Governance and Management of Information Technology Services using COBIT 2019 and ITIL 4,” Jurnal RESTI (Rekayasa Sistem Dan Teknologi Informasi), vol. 4, no. 4, pp. 764–774, Aug. 2020, doi: 10.29207/resti.v4i4.2265.
  2. R. Almeida, R. Pereira, and M. M. Da Silva, “IT governance mechanisms patterns,” in Lecture notes in business information processing, 2013, pp. 156–161. doi: 10.1007/978-3-642-38490-5_13.
  3. Allen E. Brown, Gerald G. Grant, “Framing the Frameworks – A Review of IT Governance Research”, Communications of the Association for Information Systems, 15, pp. 696–712, 2005. doi: 10.17705/1CAIS.01538.
  4. M. Nawir, I. Ap, and F. Wajidi, “Integration of Framework ISO 27001 and Cobit 2019 in Smart Tourism Information Security Pt. Yoy International Management,” Jurnal Komputer Dan Informatika, vol. 10, no. 2, pp. 122–128, Sep. 2022, doi: 10.35508/jicon.v10i2.7985.
  5. A. Zein, S. Farizy, E. Suharyanto, C. Tristianto, and F. Marwati, “Information Technology governance between ISO 38500, Risk it and Val it in private university,” Journal of Information System Technology and Engineering, vol. 2, no. 3, pp. 280–286, Sep. 2024, doi: 10.61487/jiste.v2i3.82.
  6. N. K. Gunawan, R. B. Hadiprakoso, and H. Kabetta, “Comparative Study Between the Integration of ITIL and ISO / IEC 27001 with the Integration of COBIT and ISO / IEC 27001,” IOP Conference Series Materials Science and Engineering, vol. 852, no. 1, p. 012128, Jul. 2020, doi: 10.1088/1757-899x/852/1/012128.
  7. Toetik Wulyatiningsih, Wilsen Grivin Mokodaser, Joe Yuan Mambu, “Information Technology Governance Analysis Using COBIT 2019 Framework at Bank Mandiri Girian Bitung Branch,” International Journal of Engineering, Science and Information Technology, vol. 4, no.4, pp. 211–218. 10.52088/ijesty.v4i4.642.
  8. Elok Aflakhah, Benfano Soewito, “Assessing Information Security Using COBIT 2019 and ISO 27001:2013 for Developing a Mitigation Plan,” International Journal of Engineering Trends and Technology, 71, no. 10, pp. 223-237, 2023. doi: 10.14445/22315381/IJETT-V71I10P221.
  9. M. Yasin, A. Akhmad Arman, I. J. M. Edward and W. Shalannanda, “Designing Information Security Governance Recommendations and Roadmap Using COBIT 2019 Framework and ISO 27001:2013 (Case Study Ditreskrimsus Polda XYZ),” 2020 14th International Conference on Telecommunication Systems, Services, and Applications (TSSA, Bandung, Indonesia, 2020, pp. 1-5, doi: 10.1109/TSSA51342.2020.9310875.
  10. G. Mangalaraj, A. Singh, and A. Taneja, “IT governance frameworks and COBIT – A literature review”, 20th Americas Conference on Information Systems, AMCIS 2014, pp. 1–10, 2014.
  11. A. Rusman, R. Nadlifatin, and A. P. Subriadi, “Information System Audit using COBIT and ITIL Framework: Literature review,” SinkrOn, vol. 7, no. 3, pp. 799–810, Jul. 2022, doi: 10.33395/sinkron.v7i3.11476.
  12. G. Bongiorno, D. Rizzo, D. CIOs and the Digital Transformation, CIOs and the Digital Transformation. Springer, 2018. doi: 10.1007/978-3-319-31026-8.
Download PDF

This article is part of Volume 4, Issue 3 (Jul–Sep 2025)