Penerapan Manajemen Risiko IT pada Bank X dengan Menggunakan Framework COBIT 2019
Abstract
At Bank X, various problems occurred in business processes involving IT. problems occur such as unstable server network conditions and experiencing problems when carrying out business processes inputting data. The purpose of this thesis is to find out what factors or causes are the most influential in the use of IT in Bank X's business processes and provide a response to existing risks based on the 2019 CobiT guidelines with the Align, Plan and Organize (APO) domain in the APO 11 Managed Quality process. and APO 12 Managed Risk. Methodology The research will be conducted by examining the capability level and conducting a risk assessment using the OWASP standard in the APO11 and APO12 domains in accordance with the results in the Mapping Alignment Goal (AG) and Enterprise Goal (EG) as well as the BSC dimensions. Based on the results of research conducted, the authors found several risks that have an impact on the company's IT business processes along with the responses and solutions provided. The solution given is to Mitigate or Avoid depending on the risk severity of the risks. The conclusion of this research is that the IT Division has an important role in running the company's business processes. In addition to acting as support, the IT division also has a role in software development in customer banking applications, respondent transparency and the IT division as the company's support system are important factors in assisting this research.
References
[1] Admin. 2019 June 2. Align, Plan and Organise (COBIT 2019). URI=https://wiki.process-symphony.com.au/framework/lifecycle/align-plan-and-organise-cobit/
[2] Admin. 2019 June. Quality Management – APO11 (COBIT2019). URI= https://wiki.process-symphony.com.au/framework/lifecycle/process/quality-management-apo11-cobit2019/
[3] Admin. 2019 June 2. Risk Management-APO12 (COBIT2019). URI= https://wiki.process-symphony.com.au/framework/lifecycle/process/risk-management-apo12-cobit2019/
[4] Anoruo, C. 2019 October 28. Employing COBIT 2019 for Enterprise Governance Strategy. URI= https://www.isaca.org/resources/news-and-trends/industry-news/2019/employing-cobit-2019-for-enterprise-governance-strategy
[5] Atrinawati, I., et.al. 2020. Assessment of Process Capability Level in University XYZ Based on COBIT 2019 (Yogyakarta, Indonesia October 08 - 09, 2020). 1 – 11. DOI= 10.1088/1742-6596/1803/1/012033
[6] businessaustralia. 2009. Best Practice Principles for undertaking risk management. URI= https://www.businessaustralia.com/how-we-help/be-a-better-employer/managing-risk/best-practice-principles-for-undertaking-risk-management-on-your-business
[7] BSI. 2018 February 28. BS ISO 31000:2018. URI= http://lpm.uin-suka.ac.id/media/dokumen_akademik/011_20191007_ISO%2031000.2018%20-%20Risk%20Management%20-%20Guidelines.pdf
[8] Ham, H. 2019. PEGA SYSTEM. URI= https://socs.binus.ac.id/2019/12/23/pega-system/
[9] Kiky, A. 2020 March. Manajemen risiko terhadap black swan event maret 2020 di Indonesia. Studi Kasus efek covid-19 terhadap pasar modal Indonesia (Tangerang, Banten March 2020). 90 – 105. DOI= https://doi.org/10.52859/jbm.v8i2.89
[10] Kurniati, A., et.al. 2020, December 14. Information Technology Risk Management on e-Government: Systematic Literature Review (Yogyakarta, Indonesia December 2020 ). 207 – 222. DOI= http://dx.doi.org/10.33164/iptekkom.22.2.2020.207-222
[11] Lanin, I. 2018. Standar Baru Manajemen Risiko ISO 31000:2018. URI= https://grc-indonesia.com/standar-baru-manajemen-risiko-iso-310002018/#:~:text=Pada%20Februari%202018%2C%20organisasi%20standar,%3A2018%20Risk%20management%20%E2%80%94%20Guidelines.&text=ISO%2031000%20adalah%20panduan%20penerapan,%2C%20dan%20proses%20(process).
[12] Lanter, D.D. 2018. COBIT 2019. URI= https://community.¬-mis.temple.edu/mis5203sec001sp2019/files/2019/01/COBIT-2019-Framework-Introduction-and-Methodology_res_eng_1118.pdf
[13] Mahendra, R. 2016 April 4. ISO 31000, Standar Manajemen Risiko. URI= https://isoindonesiacenter.com/iso-31000-standar-manajemen-risiko.
[14] Oktriwina, A.S. 2021 March 15. Mobile Banking dan Internet Banking, Apa Bedanya?. URI= https://glints.com/id/lowongan/mobile-banking-internet-banking/#:~:text=Internet%20banking%20adalah%20kegiatan%20yang,bank%20yang%20dilengkapi%20sistem%20keamanan.&text=Berbeda%20dengan%20mobile%20banking%20yang,diakses%20langsung%20melalui%20browser%20kamu.
[15] Rohman, A.F., et.al. 2020 December 20. Analisis Manajemen Risiko IT dan Keamanan Aset Menggunakan Metode Octave-S (Surabaya, Indonesia December 2020). 298 – 310. DOI = https://doi.org/https://doi.org/10.31539/intecoms.v3i2.1854
[16] Syahputri, H.Y. 2020 September 2020. Enterprise Risk Management Analysis of Group XYZ Based on ISO31000:2018 Framework (Bandung, Indonesia September 30 2020). 1 - 12. DOI= https://doi.org/https://doi.org/10.31521/1854
[17] Williams, J. 2016. OWASP Risk Rating Methodology. URI= https://owasp.org/www-community/OWASP_Risk_Rating_Methodology