JDBIM
(Journal of Digital Business and Innovation Managemen.
Volume 4 No.
December 2025, 393-410 ISSN 2962-3898 (Onlin.
DOI: 10.
26740/jdbim.
https://ejournal.
id/index.
php/jdbmi/i Design of an Audit Instrument for the Internship Information System (IIS) Based on COBIT 2019 (A Case Study at Universitas XYZ) Atika Naiylatan Syirfa 1.
Renny Sari Dewi1.
Rindu Puspita Wibawa2 1Department of Digital Business.
Faculty of Economics.
Universitas Negeri Surabaya Jalan Ketintang.
Surabaya 60231.
Indonesia 2Directorate of Cooperation.
Information Technology, and Data Center.
Universitas Negeri Surabaya Jalan Ketintang.
Surabaya 60231.
Indonesia 21047@mhs.
Abstract The Internship Information System (IIS) at XYZ University plays a key role in managing student internship administration but faces challenges such as data access issues, inaccurate information, and delayed updates.
The transition to a new system occurred without evaluating IIS performance, risking similar problems in the future.
This study aims to design an audit working paper based on COBIT 2019Aos Monitor.
Evaluate, and Assess (MEA) domain to systematically evaluate IIS performance, control, and compliance aspects.
A qualitative case study approach was applied, using interviews, observations, and document analysis at the Directorate of Cooperation.
Information Technology, and Data Center.
The results indicate weaknesses in performance monitoring, control documentation, and compliance reporting.
The proposed audit working paper, consisting of process documents, checklists, and audit steps, is applicable as an internal audit tool.
This study concludes that the MEA domain of COBIT 2019 is effective as a foundation for developing audit instruments for information systems in higher education.
Keywords: Information System Audit.
MEA Domain.
COBIT 2019 Framework.
Performance Evaluation.
IIS.
To cite this document:
Svirfa.
Dewi.
, & Wibawa.
Design of an Audit Instrument for the Internship Information System (IIS) Based on COBIT 2019 (A Case Study at Universitas XYZ).
JDBIM (Journal of Digital Business and Innovation Managemen.
Vol.
4 Np.
2, pp.
DOI link JDBIM (Journal of Digital Business and Innovation Managemen.
Volume 4 No.
December 2025
E-ISSN 2962-3898
Page 393-410 Received: 1 June 2025.
Accepted: 25 July 2025.
Published: December 2025 *Corresponding author Email: atika.
21047@mhs.
Abstrak Sistem Informasi Magang (IIS) Universitas XYZ berperan penting dalam pengelolaan administrasi magang mahasiswa, namun masih menghadapi kendala seperti gangguan akses data, ketidaksesuaian informasi, dan keterlambatan Transisi sistem baru dilakukan tanpa evaluasi kinerja IIS secara menyeluruh, sehingga berpotensi mengulang permasalahan.
Penelitian ini bertujuan merancang kertas kerja audit berbasis domain Monitor.
Evaluate, and Assess (MEA) COBIT 2019 untuk mengevaluasi aspek kinerja, pengendalian, dan kepatuhan IIS secara sistematis.
Metode penelitian menggunakan studi kasus kualitatif di Direktorat Kerjasama.
Teknologi Informasi, dan Pusat Data dengan teknik wawancara, observasi, dan studi dokumentasi.
Hasil penelitian menunjukkan lemahnya monitoring kinerja, dokumentasi pengendalian, dan pelaporan kepatuhan.
Kertas kerja audit yang dirancang terdiri dari dokumen proses audit, checklist audit, dan langkah audit, dan dapat diimplementasikan sebagai alat evaluasi internal.
Penelitian ini menyimpulkan bahwa domain MEA COBIT 2019 efektif digunakan sebagai dasar perancangan kertas kerja audit sistem informasi di lingkungan perguruan tinggi.
Kata kunci: Audit Sistem Informasi.
Domain MEA.
Kerangka COBIT 2019.
Evaluasi Kinerja.
IIS
INTRODUCTION
The integration of digital technologies in higher education has redefined the management of academic processes, including internships, which are critical in bridging academic learning with industrial practice (Rohmah et al.
, 2022a.
Tukino et al.
, 2.
Information systems designed to manage internship programs are essential to ensure systematic data handling, process transparency, and performance monitoring.
These systems support not only the administrative aspects but also contribute to academic quality assurance (Fuad, 2.
At Universitas XYZ, the Internship Information System (IIS) serves as the primary platform for managing student internships, including registration, monitoring, assessment, and reporting.
However, based on operational evaluations.
IIS presents multiple challenges.
System disruptions, including data inconsistencies, unauthorized access risks, and reporting delays, frequently occur (Prasetyo & Mukaromah, 2.
These issues indicate fundamental weaknesses in system governance, especially in performance management, internal control, and regulatory compliance.
https://ejournal.
id/index.
php/jdbmi/index Atika Naiylatan Syirfa.
Renny Sari Dewi.
Rindu Puspita Wibawa Design of an Audit Instrument for the Internship Information System (IIS) Based on COBIT 2019: A Case Study at Universitas XYZ The absence of structured evaluations exacerbates these Although Universitas XYZ transitioned to the MBKM Information System (SIMBKM), the lack of prior assessment of IIS performance raises concerns about inherited system risks.
According to Rahayu et al.
, ignoring performance evaluations prior to system migration can propagate latent risks and operational inefficiencies.
Globally recognized frameworks such as COBIT 2019 offer structured mechanisms to evaluate IT governance processes, ensuring that digital systems support institutional objectives and comply with regulations (ISACA, 2.
However, in Indonesian higher education, structured IT audits are often limited to financial or administrative systems (Nurhayati, 2.
, neglecting systems critical to academic output such as internship management platforms.
Internship systems, in particular, present complex governance challenges due to their multi-stakeholder nature, integrating internal academic processes with external industry collaborations.
This complexity necessitates robust control frameworks (Guntara et al.
, 2.
The adoption of the COBIT 2019 MEA domain, which focuses on performance monitoring (MEA.
, internal controls (MEA.
, and regulatory compliance (MEA.
, offers a promising solution to address these gaps.
Despite the potential of COBIT 2019, existing research has yet to operationalize this framework specifically for internship systems within the higher education sector.
Previous studies often lack domain-specific audit instruments, limiting their applicability in such contexts (Sahara, 2024.
Addressing this gap is not merely a managerial concern but an academic imperative, as failures in internship management directly impact student outcomes and institutional credibility.
In response, this study proposes the design of an audit instrument for the Internship Information System (IIS) at Universitas XYZ, utilizing the COBIT 2019 framework, specifically focusing on the Monitor.
Evaluate, and Assess (MEA) domain.
The designed instrument aims to serve as a structured tool for assessing system performance, evaluating internal controls, and ensuring compliance with academic and regulatory standards, thereby supporting the operational effectiveness and governance of IIS within the context of higher education.
LITERATUR REVIEW
INFORMATION SYSTEM AUDITING
Information system auditing is a systematic process conducted to evaluate the effectiveness, efficiency, and compliance of information https://ejournal.
id/index.
php/jdbmi/index JDBIM (Journal of Digital Business and Innovation Managemen.
Volume 4 No.
December 2025
E-ISSN 2962-3898
Page 393-410 systems with organizational goals and applicable regulations.
According to Rohmah et al.
, audits are essential to ensure that information systems operate optimally and are free from systemic failures.
In higher education institutions, information system audits typically focus on financial and administrative systems(Nurhayati, 2.
, while audits of systems supporting academic programs, such as internship management platforms, remain limited.
Rahayu et al.
highlight that in the absence of regular audits, information systems are vulnerable to undetected weaknesses, particularly in access control, data integrity, and service performance.
Therefore, audit mechanisms should be specifically designed based on the operational characteristics of each system to effectively identify weaknesses and provide relevant corrective recommendations.
COBIT 2019 as an FRAMEWORK COBIT 2019 is an internationally recognized framework for IT governance and management developed by ISACA.
It provides structured guidance to organizations for assessing and improving the governance and management of enterprise IT processes (ISACA, 2.
Compared to earlier versions.
COBIT 2019 introduces greater flexibility through design factors and focus areas, allowing customized assessments aligned with specific organizational objectives, regulatory requirements, and operational contexts (Steuperaert, 2.
The framework consists of five primary domains: Evaluate.
Direct and Monitor (EDM).
Align.
Plan and Organize (APO).
Build.
Acquire and Implement (BAI).
Deliver.
Service and Support (MEA).
and Monitor.
Evaluate and Assess (MEA).
COBIT 2019 also employs the goals cascade, a mechanism that links enterprise goals to IT-related goals and subsequently to enabler goals.
This ensures that IT initiatives directly support business objectives (ISACA.
Through this mechanism, governance and management objectives are systematically derived from the organizationAos strategic goals.
https://ejournal.
id/index.
php/jdbmi/index Atika Naiylatan Syirfa.
Renny Sari Dewi.
Rindu Puspita Wibawa Design of an Audit Instrument for the Internship Information System (IIS) Based on COBIT 2019: A Case Study at Universitas XYZ Figure 1 Goal Cascade (ISACA,2.
In terms of process performance evaluation.
COBIT 2019 adopts capability levels, ranging from Level 0 (Incomplete Proces.
to Level 5 (Optimizing Proces.
These levels help organizations measure the maturity of each IT process and identify areas for improvement systematically.
Figure 2 Capability Level COBIT 2019 (ISACA, 2.
The combination of domain structures, the goals cascade mechanism, and capability levels in COBIT 2019 allows organizations to systematically evaluate IT process maturity and effectiveness, providing a clear roadmap for continuous improvement and governance optimization.
To strengthen the foundation of this research, several relevant previous studies are presented below.
https://ejournal.
id/index.
php/jdbmi/index JDBIM (Journal of Digital Business and Innovation Managemen.
Volume 4 No.
December 2025
E-ISSN 2962-3898
Page 393-410 Table 1 Previous Research Ref (Fadhilah.
Findings Research Gap Designed IT audit plan using COBIT 2019 focusing on APO.
BAI.
MEA Telkom University.
(Destriani & Applied COBIT Putra, 2.
2019 to general Universitas Subang (Windasari et Audited , 2.
governance using MEA and MEA capability levels remained low.
(Hariyono et Applied COBIT , 2.
epayment systems SMK
XYZ
focusing on APO
MEA
emphasized risk (Sahara.
Conducted audit e-learning COBIT 2019.
Relevance This Study Did not target Shows COBIT
academic support 2019 applicability like in Limited did not operational audit
Highlights potential of goals Focused general university systems, lacking domain-specific Supports selection of MEA
domain for audit
Focused financial systems, not academic IT Demonstrates practical use of APO and MEA
Did not address
Reinforces need
structured audit
METHODS
This research uses a qualitative case study approach to design and implement an audit instrument for the Internship Information System (IIS) at https://ejournal.
id/index.
php/jdbmi/index Atika Naiylatan Syirfa.
Renny Sari Dewi.
Rindu Puspita Wibawa Design of an Audit Instrument for the Internship Information System (IIS) Based on COBIT 2019: A Case Study at Universitas XYZ XYZ University, based on the COBIT 2019 framework.
The qualitative method involves analysis through observation, interviews, and document review, focusing on a single system as the unit of analysis.
The research process, illustrated in the research flowchart Figure 3 below.
Figure 3 Research Metods Based on Figure 3, the explanation of each stage is as follows:
Domain Determination The first stage involved identifying the audit domain using the Goals Cascade approach in COBIT 2019.
This process mapped organizational goals into IT-related objectives to determine priority areas for governance evaluation aligned with the characteristics of the internship information system.
Audit Instrument Design Based on the selected domain, an audit instrument was developed consisting of process audit, audit checklist, and step by step audit.
The instrument was designed with reference to COBIT 2019 standards and adjusted to the operational context of the system.
Audit Instrument Implementation and Capability Level Assessment The audit instrument was implemented through interviews, observations, and document analysis.
Each audit point was assessed, and process maturity was evaluated using COBIT 2019Aos capability levels.
Findings and Recommendation https://ejournal.
id/index.
php/jdbmi/index JDBIM (Journal of Digital Business and Innovation Managemen.
Volume 4 No.
December 2025
E-ISSN 2962-3898
Page 393-410 Audit findings were analyzed and classified to identify improvement needs.
Recommendations were then formulated based on the evaluation results to improve the performance, control, and compliance of the internship information system.
RESULT AND DISCUSSION
Domain Determination The audit domain mapping was carried out using the Goals Cascade approach from COBIT 2019.
This process aimed to identify the IT governance domain most relevant to the characteristics and operational needs of the Internship Information System (IIS) at XYZ University.
Based on an analysis of the vision and mission of the universityAos Information Technology Management Unit, several Enterprise Goals (EG) were identified as relevant, as presented in Table 1 below.
Table 2 Mapping of Organization Goals Visi/Misi Dimensi BSC As a Center for Services and Customer Development of Reliable and Quality Information and Communication Technology Providing reliable and stable Internal Developing academic and Customer Conducting continuous Internal information system audits Financial Improving ICT HR quality through training and Learning & Growth Enterprise Goal (EG) EG05 Ae Customeroriented service EG07 Ae Quality of EG06 Ae Business service continuity and EG07 Ae Quality of EG11 Ae Compliance with internal policies EG03 Ae Compliance with external laws and EG13 Ae Product and business Inovation The next step is to map the six previously selected Enterprise Goals into the Alignment Goals of COBIT 2019.
https://ejournal.
id/index.
php/jdbmi/index Atika Naiylatan Syirfa.
Renny Sari Dewi.
Rindu Puspita Wibawa Design of an Audit Instrument for the Internship Information System (IIS) Based on COBIT 2019: A Case Study at Universitas XYZ Figure 4 Mapping Enterprise Goals and Alignment Goals The next step is to map the previously selected Enterprise Goals (EG) to the relevant Alignment Goals (AG) based on COBIT 2019.
From this process, 7 Alignment Goals were identified that are aligned with the strategic objectives of XYZ University, namely AG01.
AG04.
AG07 AG08.
AG10.
AG11, and AG13.
These Alignment Goals were then mapped to the corresponding Governance and Management Objectives (GM) to determine the most relevant governance focus areas for the Internship Information System (IIS).
This mapping uses a Primary (P) and Secondary (S) prioritization scale to indicate the priority level of each GM objective.
https://ejournal.
id/index.
php/jdbmi/index JDBIM (Journal of Digital Business and Innovation Managemen.
Volume 4 No.
December 2025
E-ISSN 2962-3898
Page 393-410 Figure 5 Result Domain Determination Based on the results of the mapping, the domain selected through the Goals Cascade approach at XYZ University is the MEA domain (Monitor.
Evaluate & Asses.
This domain was chosen because it holds a Primary priority level in the relevant Governance and Management Objectives related to the management and evaluation of the Internship Information System (IIS).
The MEA domain was selected as it covers three key processes that align with the audit needs of the IIS, namely: MEA01(Monitoring of performance and service conformanc.
MEA02 (Evaluation of the internal control syste.
, and MEA03 (Assessment of compliance with internal policies and external Therefore, this study focuses on the MEA domain, which serves as the basis for developing the audit instrument in the next stage.
https://ejournal.
id/index.
php/jdbmi/index Atika Naiylatan Syirfa.
Renny Sari Dewi.
Rindu Puspita Wibawa Design of an Audit Instrument for the Internship Information System (IIS) Based on COBIT 2019: A Case Study at Universitas XYZ Audit Instrumen Design After determining the priority domain, the next stage of this study was to design an audit instrument as a tool for evaluating the Internship Information System (IIS) at XYZ University.
The instrument was developed step-by-step with reference to the official indicators of the MEA domain from COBIT 2019.
The audit instrument was classified into three main document types: Audit Process Form.
Audit Checklist Form, and Audit Step Form.
Table 2 presents the number of documents for each audit instrument Table 3 Mapping Domain Dokument Type Audit Audit Audit step Domain Index MEA01.
MEA02.
MEA03
MEA01.
MEA01.
MEA01.
MEA01.
MEA01.
MEA02.
MEA02.
MEA02.
MEA02.
MEA03.
MEA03.
MEA03.
MEA03.
MEA01.
MEA01.
MEA01.
MEA01.
MEA01.
MEA01.
MEA01.
MEA01.
MEA01.
MEA01.
MEA01.
MEA01.
MEA01.
MEA01.
MEA01.
MEA01.
MEA01.
MEA01.
MEA01.
MEA01.
MEA01.
MEA01.
MEA01.
MEA01.
MEA01.
MEA01.
MEA01.
MEA02.
MEA02.
MEA02.
MEA02.
MEA02.
MEA02.
MEA02.
MEA02.
MEA02.
MEA02.
MEA02.
MEA02.
MEA02.
MEA02.
MEA02.
MEA02.
MEA02.
MEA02.
MEA02.
Total Documents https://ejournal.
id/index.
php/jdbmi/index JDBIM (Journal of Digital Business and Innovation Managemen.
Volume 4 No.
December 2025
E-ISSN 2962-3898
Page 393-410 Dokument Type Total Documents Domain Index MEA02.
MEA02.
MEA02.
MEA02.
MEA02.
MEA02.
MEA03.
MEA03.
MEA03.
MEA03.
MEA03.
MEA03.
MEA03.
MEA03.
MEA03.
MEA03.
MEA03.
MEA03.
MEA03.
MEA03.
MEA03.
MEA03.
MEA03.
MEA03.
MEA03.
These documents serve as structured guidelines for conducting systematic audits, starting from process identification to checklist verification and detailed audit steps.
The instruments are designed to ensure that the audit of IIS is conducted consistently and comprehensively at all process levels.
Audit Instrument Implementation and Capability Level Assessment The audit instruments that had been designed were then implemented to evaluate the Internship Information System (IIS) at XYZ University.
The implementation was carried out systematically using the audit process form, audit checklist form, and audit step form.
Data collection was conducted through interviews, observations, and document reviews involving the system management unit.
Each evaluation result was measured using the capability level scale from COBIT 2019, ranging from Level 0 (Incomplete Proces.
to Level 5 (Optimizing Proces.
, to determine the process maturity level of each subdomain.
The assessment results are presented in Table 3 below.
Table 4 Result of Domain MEA Capability Assessment
Domain
MEA
Deskripssi Managed Performance and Conformance Monitoring Managed System of Internal Control.
Managed Compliance with External Requirements Subdomain
Skala
MEA01
2,99
MEA02
2,96
MEA03
3,05
https://ejournal.
id/index.
php/jdbmi/index Atika Naiylatan Syirfa.
Renny Sari Dewi.
Rindu Puspita Wibawa
Design of an Audit Instrument for the Internship Information System (IIS) Based on COBIT 2019: A Case Study at Universitas XYZ
Avarage MEA02
3,00
The capability level assessment results indicate that the management processes of the Internship Information System (IIS) at XYZ University vary between Level 2 and Level 3.
The MEA01 subdomain achieved a score of 2.
99, indicating that the process is managed but not yet fully The MEA02 subdomain scored 2.
96, showing the presence of basic internal control management.
Meanwhile.
MEA03 recorded a score of 3.
05, suggesting that external compliance processes have begun to be standardized, although they are not yet fully optimized.
These results are visualized using a radar chart in Figure 6, illustrating the score distribution across each subdomain.
DOMAIN MEA
MEA01.
MEA01.
MEA01.
Figure 6 Radar Chart Domain MEA The average score of 3.
00 for the MEA domain indicates that the IIS processes are at Level 3 (Established Proces.
, where processes are performed in a standardized manner but still require improvements in monitoring, documentation, and process control to achieve higher capability levels.
Findings and Recommendation Based on the audit instrument implementation results for the Internship Information System (IIS) at XYZ University, several gaps were identified between current management practices and the process standards defined in COBIT 2019.
The findings cover aspects of performance monitoring, internal control, and compliance with external regulations within the domains of MEA01.
MEA02, and MEA03.
As follow-up, improvement recommendations were formulated to strengthen system management, particularly through enhanced documentation, standardized control https://ejournal.
id/index.
php/jdbmi/index JDBIM (Journal of Digital Business and Innovation Managemen.
Volume 4 No.
December 2025
E-ISSN 2962-3898
Page 393-410 processes, and the development of more structured monitoring and evaluation mechanisms.
To support optimal implementation of these recommendations, the estimated costs were calculated based on the 2025 INKINDO Standard Cost Guidelines, adjusted to the East Java Province index.
All findings and recommendations are explained in detail in the following domain-based .
DOMAIN MEA01 In the MEA01 domain, the audit identified that stakeholder involvement in system monitoring is conducted informally without formal guidelines or clearly defined roles.
System performance targets and conformance standards have not been formally established, with no defined KPIs or alignment with institutional Although operational data is collected, there is no SOP for validating data completeness and accuracy.
Performance reports are not standardized and are not submitted periodically to management.
Additionally, follow-up actions are conducted incidentally without standardized reporting formats or documented completion records.
To address these issues, several improvement activities are recommended:
A Preparation of monitoring approach documents.
KPIs, data validation SOPs, and standardized performance reporting formats.
A Organization of workshops and socialization sessions, covering monitoring procedures.
KPI development, data processing, performance reporting, and follow-up A System development, including modules for KPI input, reporting, analytical dashboards, and automated reporting A Procurement of basic monitoring tools.
A Documentation, printing of official SOPs, and archiving of The total estimated budget required for implementing recommendations in Domain MEA01 is IDR 224,500,000, based on the 2025 INKINDO Standard Cost Guidelines, adjusted to the East Java Province index.
DOMAIN MEA02 https://ejournal.
id/index.
php/jdbmi/index Atika Naiylatan Syirfa.
Renny Sari Dewi.
Rindu Puspita Wibawa Design of an Audit Instrument for the Internship Information System (IIS) Based on COBIT 2019: A Case Study at Universitas XYZ In the MEA02 domain, the audit revealed the absence of formal procedures for validating and assuring the quality of system performance evaluation results.
There is no independent oversight or user feedback mechanism related to monitoring The evaluation of system control effectiveness is conducted incidentally without fixed procedures or defined evaluation indicators.
Additionally, no formal evaluation plan exists, with no established indicators, schedules, or designated responsible personnel.
Benchmarking and gap analysis are not applied in internal control management, and handling of system nonconformities is carried out without SOPs, formal documentation, or a structured issue log.
To address these issues, the following activities are recommended:
A Development of SOPs for quality assurance, system nonconformity handling, and an issue log recording A Organization of workshops and training sessions on report validation, evaluation techniques, benchmarking, and issue reporting.
A Conducting regular audits and independent reviews to evaluate control effectiveness and monitoring results.
A Development of a structured system for logging system A Preparation of evaluation reports, monitoring templates, and audit reports.
The total estimated budget for Domain MEA02 is IDR 193,500,000, referring to the 2025 INKINDO Standard Cost Guidelines, adjusted to the East Java Province index.
DOMAIN MEA03 In the MEA03 domain, the audit found that although the IIS management unit has identified relevant external regulations and partially implemented system adjustments, compliance activities are not yet documented within a formal compliance matrix.
Reporting of regulatory changes remains informal without a standardized inter-unit communication procedure.
Verification of regulatory compliance is not performed systematically, and no formal evaluation method is in place.
In addition, existing external audit results have not been followed up effectively through structured action plans or system updates, and no clear schedule https://ejournal.
id/index.
php/jdbmi/index JDBIM (Journal of Digital Business and Innovation Managemen.
Volume 4 No.
December 2025
E-ISSN 2962-3898
Page 393-410 for subsequent external audits has been established.
To address these issues, the following actions are recommended:
A Development of a formal compliance matrix.
SOPs for reporting regulatory changes, structured verification methods, and follow-up plans for external audit results.
A Conducting legal workshops, policy communication training, and compliance verification sessions.
A Performing internal regulatory audits and establishing a regular external audit schedule through formal agreements (MoU.
A Preparation and documentation of audit reports and compliance assurance reports.
The total estimated budget required for Domain MEA03 is IDR 129,000,000, calculated based on the 2025 INKINDO Standard Cost Guidelines, adjusted to the East Java Province index.
CONCLUSION
This study aimed to design and implement an audit instrument for the Internship Information System (IIS) at XYZ University using the COBIT 2019 framework, focusing on the MEA01.
MEA02, and MEA03 domains.
The results indicate that the management processes of IIS have reached an established stage but still exhibit several weaknesses related to documentation, standardization, internal controls, and compliance The proposed audit instrument, consisting of audit process forms, audit checklists, and detailed audit steps, has proven effective in identifying specific management gaps and providing structured recommendations for improvement.
The recommendations formulated address not only corrective actions but also strategic improvements to enhance system governance, control mechanisms, and compliance management.
The use of COBIT 2019 as a reference ensures that the improvement initiatives align with international IT governance standards.
Suggestions for IIS management include prioritizing the formalization of monitoring procedures, establishment of clear performance indicators, structured compliance documentation, and routine internal evaluations.
Ensuring management commitment and cross-department coordination is essential to achieve consistent implementation of the recommended This study is not without limitations.
The evaluation was conducted on a single system within one university environment, with the focus limited to three MEA domains.
Broader assessments involving other governance https://ejournal.
id/index.
php/jdbmi/index Atika Naiylatan Syirfa.
Renny Sari Dewi.
Rindu Puspita Wibawa Design of an Audit Instrument for the Internship Information System (IIS) Based on COBIT 2019: A Case Study at Universitas XYZ domains such as APO or DSS may provide a more comprehensive understanding of IIS governance maturity.
For future research, it is recommended to expand the audit instrument
application to different systems or higher education institutions, and integrate additional COBIT 2019 domains to obtain more holistic evaluation Further studies could also explore system performance benchmarking and the development of automated compliance monitoring REFERENCES