DEVELOPMENT OF INTEGRATED RISK MANAGEMENT INFORMATION SYSTEM USING SYSTEM DEVELOPMENT LIFE CYCLE METHOD -Wahyu Sardjono
ABSTRACT. The integrated risk management data management process owned by the company consists of many long-term risks, corporate risk profiles, operational risks, project risks, and fraud risks. In the risk assessment process such as the risk register, control and mitigation are still recorded by each risk owner, not well coordinated, so the data is not integrated and not well documented. This makes the risk of losing risk data even greater, and the visibility of monitoring the risk management process becomes difficult there is no historical risk management that can be evaluated further. and the time it takes to make an executive summary longer. This research aims to improve the performance of the company’s risk management in managing risk data through an integrated risk management information system that is expected to meet the needs and improve the performance of integrated risk management in the company. Methods of data collection were carried out by means of interviews and literature studies. While the system development method uses the System Development Life Cycle (SDLC) method with the waterfall model. The results of this study are in the form of an information system that can be managed and accessed by all employees in the company. Methods of data collection were carried out by means of interviews and literature studies. While the system development method uses the System Development Life Cycle (SDLC) method with the waterfall model. The results of this study are in the form of an information system that can be managed and accessed by all employees in the company. Methods of data collection were carried out by means of interviews and literature studies. While the system development method uses the System Development Life Cycle (SDLC) method with the waterfall model. The results of this study are in the form of an information system that can be managed and accessed by all employees in the company.
- Introduction
The business processes carried out by the company in the process of achieving annual targets can experience obstacles both from internal and external issues. These constraints are uncertainties that can affect the achievement of the company’s goals which are called risks. This risk can be managed by identifying, analyzing, and evaluating whether the risk will be managed by a predetermined risk treatment method.
The risk management process is implemented in all business process activities in the company, both business development activities and non-business development activities where which results in an increasing level of complexity in risk management faced by strategic, operational, financial, compliance, fraud and project risks where data such as descriptions of risks, causes, impacts, level of risk, control and mitigation are recorded in working papers by each risk owner which results in data not being integrated and not properly documented. This will cause losses to the company due to the occurrence of greater risk data loss, the visibility of monitoring the risk management process becomes difficult, there is no historical risk management that can be evaluated in the future,
Therefore, a computer-based information system is needed to solve company problems to improve risk management by providing risk-related information. The development of computer-based information systems cannot be separated from the System Development Life Cycle or known as SDLC. SDLC is the stages of the process of building an information system and methods in the process of developing the system. SDLC consists of several phases starting from the planning phase, analysis phase, design phase, and implementation phase to the system maintenance phase. The concept of SDLC is that it underlies various types of software development models to form a framework that will be used in the planning and control process of making information systems. A web-based information system is a means of a computerized system that has features and designs in such a way as to suit the needs that will be used in the data input process with the aim of simplifying, accelerating, and accelerating the data that has been processed. Website technology processes data into information in a way that is to identify, collect, manage and provide information that can be accessed together.
The implementation of the SDLC model is expected to support the company’s performance and can help manage risk data faced by the company. This new information system which will later be used is website-based with an integrated database in accordance with the ISO 31000:2018 framework, where this database system will be on the back-end which will be connected to the data storage process.