Journal of Theoretical and Applied Information Technology

10th May 2016. Vol.87. No.1

© 2005 - 2016 JATIT & LLS. All rights reserved.

ISSN: 1992-8645 www.jatit.org E-ISSN: 1817-3195

AUDIT INFORMATION SYSTEMS CORE BANKING

SYSTEM USING ITIL V.3 CASE STUDY ON
BTPN SHARIA BANK
1
MOCHAMAD WAHYUDI, 2ARIEF DESWANDI

Sekolah Tinggi Manajemen Informatika dan Komputer Nusa Mandiri (STMIK Nusa Mandiri)
1
E-mail: [email protected], 2 [email protected]

ABSTRACT

This research on the application of information systems audit, namely Corebanking System, is to measure
how to handle problems that occur and how long the problems that can be solved in accordance with the
ITIL V3 framework at the sub-domain of Service Desk, Incident Management and Problem Management
included in the domain of Service Operation. The role of Information Technology Service Management
(ITSM) in improving a company's, in this case is BanK BTPN Syaria’s, ability to provide the best services
that suit the needs of the customer (customer satisfaction) and in line with the interests of the company is
becoming increasingly important. IT Infrastructure Library (ITIL) provides an integrated device of best
practices to serve the management of Information Technology. ITIL is a set of concepts and techniques for
managing the infrastructure, development, and operation of information technology (IT). ITIL V3 using IT
approach "Service Life Cycle" is how to improve what they have to ensure adjustment to the new standards
that provide adjustments to the process of upgrading hardware and software. The results of the audit
assessment (self-assessment) contained the findings for each sub domain procedures are still not in
accordance with the standards of best practice ITIL V.3. From the sub domain of Management Service
Desk, the level of Intent, Process Capability and Customer Interface need some upgrading/improvement.
In the Problem Management sub domain, the level needs to have upgrading/improvement are the External
Integration and Customer Interface level. While the upgrading/improvement at the Incident Management
sub domain is at the level of External Integration and Customer Interface. For the reason, the company
must fix the process steps whing are still failing, especially those oriented towards customers.

Keywords: Audit of Information Systems, IT Infrastructure Library (ITIL), Core Banking System, Service
Life Cycle

1. INTRODUCTION always moves to achieve a competitive advantage.

A very competitive and rapidly changing business
The role of Information Technology (IT) is industry has made organizations increasingly aware
becoming increasingly important because we have of the potential benefits of the technology,
entered the era of information (information age). particularly information technology (IT). Many
Information technology is used for processing, benefits can be taken if the organizations are able to
obtaining, compiling, storing and manipulating data implement information technology in their business
in various ways to produce quality information, processes. Time reduction in service delivery,
which is relevant, accurate and timely used for quality improvement, functional and ease of use as
personal, business, and government needs. In well as continuous improvement done with
addition, it is a strategic information used for minimum cost are several advantages which
decision making. In this case, the technology uses a eventually help the organizations achieve their
computer system to process data and the network vision and mission. The amount of benefits the
system to connect one computer to another as organizations get has encouraged the increased
needed. Telecommunications technology is used so expectations on the role of IT. IT is expected to no
that data can be distributed and accessed globally. longer be a driving tool but to become an integrated
The development of information technology has part in the implementation of the organizations
implicated directly to the business world which business strategy.

38
 Journal of Theoretical and Applied Information Technology
10th May 2016. Vol.87. No.1
© 2005 - 2016 JATIT & LLS. All rights reserved.

ISSN: 1992-8645 www.jatit.org E-ISSN: 1817-3195

The role of Information Technology Service Bank Tabungan Pensiunan Nasional Syariah
Management (ITSM) in improving a company's (BTPN Syariah) is one of Islamic syaria banks in
ability to provide the best services that suit the Indonesia using a web-based Core Banking System
needs of the customer (customer satisfaction) and in of the Temenos solution, known as T24, dedicated
line with the interests of the company is becoming to Islamic syaria banking. The main benefits of the
increasingly important. However, the application of implementation of the core banking system is to
IT which is not business oriented, non-customer help of BTPN Shariah focus on business growth,
focus, not centralized, and fragmented, the old risk management, and cost control as well as meet
paradigm of the application of IT, will not only all the requirements of Bank Indonesia as the
make it difficult for the company to satisfy its central bank and the Financial Services Authority
customers, but is also inefficient, ineffective, and (FSA). BTPN Syariah itself is a new Islamic syaria
costly. business units run by BTPN. Starting from the
IT Infrastructure Library (ITIL) provides an acquisition and conversion of Bank Purba Danarta,
integrated device of best practices to serve the along with the spin-off of its sharia banking
management of Information Technology. ITIL is a business unit, BTPN Shariah aims at serving
series of concepts in engineering and infrastructure customers who want to follow Islamic syaria which
management, development, and operation of is increasing in Indonesia.
information technology (IT). ITIL keeps growing The performance level of a Core Banking System
through a variety of processes. In 2005, it was is very important in supporting the bank's day-to-
revised by ITMSF (Information Technology day operations. Thus we need further research on
Service Management Forum). ITIL Version 3 (ITIL whether the current level of performance of the T24
V.3) which is the revision of ITIL and the ITIL Core Banking System at BTPN Syariah has been
version 2 was released in 2007. Amongst IT optimized in accordance with the vision, mission
community, ITIL V.3 is the most popular one of the and goals of the organization. Optimization services
all versions. It uses IT approach "Service Life can be achieved by referring to the framework of
Cycle" which improves what they have to ensure its ITIL version 3. ITIL V.3 specifically conduct an
adjustment to the new standards that provide assessment on the functions, operations, and
adjustments to the process of upgrading hardware organizational attributes needed in order to fully
and software. ITIL V.3 is not a standard but it is optimize operasional governance, in this case the
only a frame containing 8 series of best practices approach used in sub domain Service Desk,
regarding ITSM and distribution of high-quality IT Incident Management and Problem Management
services. There has been a growing awareness that are included in Service Operation domain.
information is a strategic resource that must be
2. BASIS THEORY
managed by an organization. The quality of IT
services will be provided to business organizations
In this study, the authors conducted a review
through the collection, analysis, production and
study using books and journals related to the
distribution of the information itself. Organizations
selected theme.
need to understand and recognize that IT Services
is a very strategic and important asset of the
2.1 Audit
organization. Most organizations underestimate
Arens and Loebbecke in Joseph (2001, p.1)
some important aspects in IT services. Therefore,
suggests: "Audit is a process of gathering evidence
organizations must invest adequate level of
and operation of information that can be measured
resources into the delivery and support of IT
on an economic entity which is carried out by
service management. A good service management
someone who is competent and independent to be
must be established to ensure that IT services are in
able to determine and report the suitability of the
accordance with business needs and actively
information is the criteria specified."
support business needs.
In banking, the development of information
2.2 Information Systems
technology, especially the Core Banking System,
Information system according to (Nash, 1995,
has become one of the strategic supporters of the
P8) in La Midjan and Azhar Susanto (2001, p.30) is
business bank itself. That is without Core Banking
"the information system is a combination of human,
System, the main activities of the Bank will not
facilities or means of technology, media, and
work, and it will have a direct impact on the
control procedures which intends to organize
organization losses both materially and morally.
essential communication networks, processing of
certain transactions and routine, assist management

39
 Journal of Theoretical and Applied Information Technology
10th May 2016. Vol.87. No.1
© 2005 - 2016 JATIT & LLS. All rights reserved.

ISSN: 1992-8645 www.jatit.org E-ISSN: 1817-3195

and internal and external users and provides the wide range of other banking services. Compared to
basis for making the right decision ." other industries, the application of Core Banking
System is similar to Billing System of
2.3 Information System Audit telecommunication company, or the ERP of
According Gondodiyoto (2003, p.151), manufacturing company. However, There is a bit
"Information Systems Audit is an evaluation to different to the two earlier industries, Core Banking
determine how the level of compatibility between System of banking industry is extremely diverse
information systems applications with established ranging from inhouse development, local vendors
procedures and determine whether an information to works conducted by the foreign vendor (source:
system has been designed and implemented www.gartner.com).
effectively, efficiently, and economically, has asset
security mechanisms are adequate, and ensure 2.6 Review of Previous Studies
adequate data integrity ."
2.6.1 Devi Fitrianah and Yudho Giri
2.4 Information Technology Infrastructure Suchayo (2012).
Library (ITIL) In a journal entitled "Audit of
According to Addy (2007, p38), the Information Systems/Information Technology
Information Technology Infrastructure Library with the COBIT Framework for the
(ITIL) is a set of guidelines developed by the Evaluation of Information Technology
United Kingdom's Office of Government Management at the University XYZ," using
Commerce (OGC). This guideline, which describes the COBIT framework-ISACA and 210
the integrated processes, provides a best practice detailed control objectives, they conduct a
approach to manage IT services. mapping to the phase of IT audit and its
The fifth part of ITIL is usually referred to control which were then applied to an
part of a cycle. It is also known as the ITIL Service organization, namely the University of XYZ
Cycle. Briefly, each part is described in the to see the performance of the existing IT.
following picture:

2.6.2 Ria Kurniawati and Augie David

Manuputty (2012).
In their journal entitled "An Analysis
of Information Technology Services Quality
Using Information Technology Infrastructure
Library V.3 (ITIL V.3) Domain Service
Transition Framework (A Case Study on the
Customer Service of Telkom Salatiga Area)",
they examine the role and quality of
information service transition ITIL V.3. ITIL,
or Information Technology Infrastructure
Library, is a set of concepts and techniques for
the development of the management and
operation of information technology (IT).
Source :
http://hci-itil.com/options_assessment.html
2.6.3 Diana Trivena Yulianti, Dian
Figure 1. Itil Service Cycle Anggraini (2012).
In their writing entitled "An Analysis
of the IT management of PT. X Using V.3
ITIL, Service Operation," They conduct their
analysis in a system, expected to be one of the
2.5 Core Banking System (CBS) alternative data processing and delivery of
Applications Core Banking System (CBS) is information which will save time, effort, and
the core application that becomes the heart of the cost of PT X.
banking system. It is used to process loan, savings
or checking accounts (saving), deposits (time
deposits), Customer Information File (CIF), up to a

40
 Journal of Theoretical and Applied Information Technology
10th May 2016. Vol.87. No.1
© 2005 - 2016 JATIT & LLS. All rights reserved.

ISSN: 1992-8645 www.jatit.org E-ISSN: 1817-3195

2.7 Organization Overview previous research studies. Secondary data

BTPN Shariah is a 12th Islamic syaria bank in were also obtained from books and the
Indonesia, which has the determination to develop internet related to ITSM and ITIL.
the millions of people of Indonesia in order to have B. The second stage is the single cross-sectional
a better life. Through its products and activities, descriptive study (a type of study design in
BTPN Syariah continues to encourage and involve which the collection of information from the
all stakeholders to jointly provide an ease access to samples is only done once) by means of field
the people in using or utilizing the bank's products surveys. This study uses primary data that is
and services (financial inclusion), provide collected by direct survey using questionnaires
information and sustainable and scalable filled by the respondents themselves.
empowerment activities.
BTPN Syariah was born from a combination 3.1 Research Steps
of the two powers, namely, PT. Bank Sahabat The discussion of steps covering all the
Purbadanarta and BTPN’s Syaria Business Unit. activities of auditors from the beginning of the
Bank Sahabat Purbadanarta, established since event until the end of the audit results obtained.
March 1991 in Semarang, is a non-foreign bank Figure 3.1 is a plot of a series of information
which 70% of the shares acquired by PT. Bank systems audit research activities.
Tabungan Pensiunan Nasional (National Pesions SI Audit Planning and Preparation
Saving Bank), Tbk (BTPN), on January 20th, 2014. Audit Planning SI:
It is then converted into BTPN Syariah based on the Study of literature :
1. Identify business processes
and IT
Decree of the Financial Services Authority (FSA) - Study of ITIL V3
2. Identify space the scope and
on 22 May 2014. BTPN’s Syaria Business Unit objectives of the audit
3. Determine methods and
focusing on serving and empowering make the engagement letter
underprivileged families throughout Indonesia is
one of the business segments in PT. Bank
1
Tabungan Nasional (National Savings Bank), Tbk
since March 2008, which was then spined off and Audit Preparation SI:
Study of literature : 4. Determining auditee
merged into BTPN Syariah in June 2014. - Study of ITIL V3 5. Develop a schedule of audits
(audit working plan)
6. Making a statement
2.8 Framework 7. Make inquiries
This study includes input, process and output.
Visually, the framework can be seen in Figure 2.
FRAMEWORK

Input Proses Output Audit SI:

1. Conducting interviews
ITIL V.3 Study of literature : 2. Perform inspection
DOMAIN SERVICE
OPERATION - Study of ITIL V3 3. documentation (data and
- Self Assessment evidence) 2
Data field Assessment
result domain
4. Conduct an assessment
Survey process: operation 5. Compile a list of findings and
- Deployment
Current conditions:
questionnaire
recommendation
Performance monitoring of
Core Banking System - Purposive sampling recommendati
BTPN Sharia Bank - The number of ons for
respondent 3 improvements

Audit Reporting SI:

Figure 2. Research Framework 1. Reporting the results of the
study / audit 3

3. RESEARCH METHODOLOGY

Methods of research conducted by the author Figure 3. Research System Information Audit Activity
is a combination of survey and experimental Steps
research methods by distributing questionnaires
from respondents. The study design is one through 3.2 Sample Selection method
two stages, namely: In the selection of the sample, the authors take
A. The first stage is explanatory research with the data from the limited population (population limit)
aim at providing insight and comprehension of using purposive sampling, the sampling is done on
the object to examine. The method used at this the basis of the consideration that the problems that
stage is to analyze secondary data, i.e. relevant occur and are parts of the decision makers for this
assessment. Respondents taken in the selection of

41
 Journal of Theoretical and Applied Information Technology
10th May 2016. Vol.87. No.1
© 2005 - 2016 JATIT & LLS. All rights reserved.

ISSN: 1992-8645 www.jatit.org E-ISSN: 1817-3195

this sample are the IT expert respondents who deal B. The population of respondents involved in this
with IT in Bank BTPN Syariah. study are the parties who are involved or have
the authority to IT and IT users.
Table 1. Expert Respondents C. The filling of the questionnaires is done
No. Respondents Number simultaneously by the respondent at the same
1. Head of the Division of IT 1 place accompanied by the researchers to
Data Center Operational provide guidelines to fill in the questionnaires
2. Head of IT Application 1 so that it is expected that the results are more
Support Division accurate and describe the state of the overall
3. Head of the Division of IT 1 population.
Helpdesk
TOTAL 3

4. RESULTS AND DISCUSSION

3.3 Method of collecting data
This study uses primary data and secondary The rationale of the assessment system in ITIL
data. Primary data collection is done by using a V.3 self-assessment is contained in the following
survey questionnaire filled solely by the Figure 4:
respondents to be guided by the statements in the
questionnaire. Secondary data were obtained
through the study of literature, journals, and articles
on IT Service Management.
The sequence of data collection techniques
are:
A. A literature study related to the evaluation and
instruments of IT Service Management in
accordance with the vision and mission of the
Bank BTPN Syariah.
B. Designing the content of the research
questionnaire/instrument, which is based on
the existing literature on the ITIL V.3
C. Data processing. After the data obtained from Source: the book of Self Assessment Guide ITIL V.3
the questionnaires distributed to the experts
respondents, and the expected data has been Figure 4. The Rationale Of The System Of Assessment
obtained, the data is then processed using (Self-Assessment) ITIL V.3
Microsoft Office program, in this case using
Microsoft Excel 2007 (according to the format The respondents in this study are three expert
and template of Self Assessment Tools ITIL). respondents who will represent each sub domain
D. Analysis and interpretation of data. The results that will be appraised in Core Banking System
of questionnaires data processing and Audit Information on BTPN Syariah. The
literature study are serves as the study's assessment of sub domain of Service Desk
findings. Calculations could then determine respondent was the Head of IT Help Desk, Problem
the expected value. This could be Management sub domains was the Head of IT
recommendations for improvement for each Application Support Division and sub domains of
domain service. Incident Management is the Head of IT Operations.
Each question in each sub-domain has been
3.4 Research Instruments determined of how many questions must be
The research instruments used in helping the answered (there are some mandatory/ compulsory
research process were questionnaires taken basedn questions) with different scoring weights.
on the existing literature regarding to ITIL V.3. The In the assessment phase, researchers used a
reason for the use of research instruments are: assessment standard of Self Assessment V.3 ITIL
A. Questionnaire is one instrument that can be for the existing Service Operation domain to asses
used in survey research approach. the Service Desk, Problem Management and
Incident Management sub domain.

42
 Journal of Theoretical and Applied Information Technology
10th May 2016. Vol.87. No.1
© 2005 - 2016 JATIT & LLS. All rights reserved.

ISSN: 1992-8645 www.jatit.org E-ISSN: 1817-3195

Table 2 will summarize the results of Self Level 3 - 4 5 Pass

Assessment Scoring for the sub domain V.3 ITIL Products
Service Desk. Level 3.5 - 5 6 Pass
Quality
Table 2. The Results Of Self Assessment Scoring Service Control
Desk Level 4 - 3 3 Pass
Criteria Minimum Assessm Pass/ Management
Value ent Fail Information
Value Level 4.5 - 18 11 Fail
Level 1 - Pre- 3 3 Pass External
requisites Integration
Level 1.5 - 5 3 Fail Level 5 - 5 3 Fail
Management Customer
Intent Interface
Level 2 - 21 18 Fail
Process The results of Self Assessment Scoring for the
Capability sub domain ITIL V3 Incident Management can be
Level 2.5 - 4 6 Pass summarized in Table 4 below:
Internal
Integration Table 4. The Results Of Self Assessment Scoring Incident
Level 3 - 3 3 Pass Management
Products Criteria Minimum Assessm Pass/
Level 3.5 - 5 6 Pass Value ent Fail
Quality Value
Control Level 1 - Pre- 3 4 Pass
Level 4 - 7 7 Pass requisites
Management Level 1.5 - 3 4 Pass
Information Management
Level 4.5 - 7 8 Pass Intent
External Level 2 - 14 17 Pass
Integration Process
Level 5 - 5 2 Fail Capability
Customer Level 2.5 - 7 9 Pass
Interface Internal
Integration
The results of Self Assessment Scoring ITIL Level 3 - 5 5 Pass
V3 for Problem Management sub domain can be Products
summarized in Table 3 below: Level 3.5 - 5 6 Pass
Quality
Table 3. The Results Of Self Assessment Scoring Problem Control
Management Level 4 - 12 13 Pass
Criteria Minimum Assessm Pass/ Management
Value ent Fail Information
Value Level 4.5 - 62 61 Fail
Level 1 - Pre- 4 5 Pass External
requisites Integration
Level 1.5 - 4 5 Pass Level 5 - 5 3 Fail
Management Customer
Intent Interface
Level 2 - 16 19 Pass
Process
Capability 4.1 Findings
Level 2.5 - 7 8 Pass Based on the Self Assessment ITIL V3 done
Internal on the Service Desk, Problem Management and
Integration Incident Management sub domains as parts of the

43
 Journal of Theoretical and Applied Information Technology
10th May 2016. Vol.87. No.1
© 2005 - 2016 JATIT & LLS. All rights reserved.

ISSN: 1992-8645 www.jatit.org E-ISSN: 1817-3195

Information Systems Audit Core Banking at Bank of repairs to the user. In the future, it is
BTPN Syariah, it can be concluded that each sub- hoped that bulletin can be made to be
domain needs repairement and enhancement.The used by the user to monitor the progress
parts to be developed are as the following: of the activity of incidents solving.
A. In Service Desk Sub-domain, level of Intent Thirdly, the current Service Desk has not
Management, Process Capability and been informed of the requirements of the
Customer Interface are parts need to be new support in carrying out their
developed. activities. In the future, it is hoped that
B. In Problem Management Sub domains, parts there will be a mechanism to inform new
to be developed are level of External support requirements as the tools needed
Integration and Customer Interface. to carry out their daily activities.
C. In Incident Management Sub-domain, level of 3) At the level of Customer Interface,
External Integration and Customer Interface there are two things that need to be
need to be developed. improved at this level. Initially, There is
no customer survey on any agenda of
4.2 Recommendation service improvement for its customers.
From some of the findings of the ITIL In the future, it is hoped that there is a
assessment (Self Assessment) and based on the customers survey questionnaire
analysis of the incidents occurred, the following reagarding the complaints or critics and
recommendations are given: suggestions from customers for service
A. In the subdomain of Service Desk, the needs improvement. Second, there is no
for some improvement to the level of Intent process or mechanism that monitors
Management, Process Capability and customer assessment. It si hoped that
Customer Interface are as follows: monitoring of customer assessment can
1) In Intent Management level, there are be run to determine the needs of
two things that need to be improved. customers of Bank services.
Firstly, the current Service Desk does not B. At the subdomain of Problem Management,
have a manual to handle calls or incident the need for process improvement is at the
reports from users. This is a mandatory level of External Integration and Customer
question (required), so that it is expected Interface:
that it will be fulfilled. Secondly, 1) At the level of External Integration,
currently, there is no support for the first- there are two things to improve. The first
line in handling the incident occurred so one is the absence of information
that the handling of the incident is still exchange between Configuration
handled by the vendor. Thus it is hoped Management and Problem Management
that, in the future, there will be a special in terms of the quality of the incidents
team to handle such incident—at least, it recording that cause the potential of the
will give first aid to handle the incident occurrence of failure on the system
until the incident is completely solved by configuration. It is expected that there
the vendor. will be an exchange of information
2) At the level of Process Capability, between Configuration Management and
there are three things that need to be Problem Management in order to
improved. Firstly, the current Service facilitate monitoring if there are
Desk operators haven’t got a strategy in incidents related to the system
obtaining detailed data or information of configuration. The second one is the
the user who reported the incident, but absence of information exchange
note taking. In the future, it is hoped that between the Service Desk and Problems
Service Desk operators must, in detail, Management related to incidents that
inquire and ask for attachments, evidence occurred in the initial handling follow-up
and data needed when an incident occurs such as bulletin. The existence of
Which function as an investigative tool information exchange between the
in tracking incidents and make Service Desk and Problem Management
improvements. Secondly, currently, in following up the initial handling of
BTPNS does not have a bulletin for incidents occurred is hopefully made to
some lists of incidents and the progress let users know the progress.

44
 Journal of Theoretical and Applied Information Technology
10th May 2016. Vol.87. No.1
© 2005 - 2016 JATIT & LLS. All rights reserved.

ISSN: 1992-8645 www.jatit.org E-ISSN: 1817-3195

2) There are two things that must be occurred using V.3 ITIL method for the
improved at the level of Customer Service Operation domain on Service Desk,
Interface,. The first thing is the lack of Problem Management and Incident
interaction between the bank and its Management sub domain is very useful and
customer for the incident occurred, quite effective in measuring the process of
particularly regarding to the customer's handling the incident, best practically, in
account. The interaction between the BTPN Syariah whether it is already sufficient
bank and its customer in case of or good or still need to be increased in
incidents related to transactional services accordance to the ITIL V.3assessment
which impact the Bank services to the standard.
customer is expectantly made to solve B. The ITIL V.3 assessment standard method is
the problem. Secondly, there is no very useful to be applied in measuring the
activity to monitor customer satisfaction efficiency and effectiveness of Information
trends. In the future, it is hoped that there System corporate governance within the
is some activities regarding to monitor organization BTPN Syariah, especially in the
the level of customers satisfaction. Service Operation domain including Service
C. There must be a process improvement on the Desk sub domain (in this case is the division
Incident Management subdomain, namely at of IT Help Desk), Problem Management sub-
the level of External Integration and Customer domain (in this case is the IT Application
Interface. Support division) and the sub domain of
1) At the level of External Integration, the Incident Management (in this case is the IT
thing need to be improved is the absence division Operation).
of regular meetings with the Service
Desk to discuss the progress of incidents 5.2 Recommendations
solving, escalated incidents and closed Based on the results of Self Assessment
incidents. The meeting with the Service (assessment) used in this study is consistent with
Desk is hopefully done regularly. ITIL V.3 method, there are some suggestions to put
2) At the level of Customer Interface, the forward:
absence of interaction activity between A. The domain measured in Information Systems
the bank with its customer to monitor the Auditing in this research is only one domain,
level of customers satisfaction with the i.e the Service Operation. While other
services that have been given over the domains within the framework, namely
years. It is hoped that there will be a Service Design, Service Strategy, Service
mechanism to monitor the level of Transition of ITIL V.3 can also be applied to
customer satisfaction to improve service. be more comprehensive in the organization of
D. IT development team should be given product BTPN Syariah so that the whole unit can be
knowledge, specifically in technical training, more optimal in carrying out their respective
in handling occuring incident on T24 Core functions and in accordance with best practice
Banking application from the license owner exist.
directly. B. The audit can be done regularly so that it can
E. It is necessary to develop functional features reduce the risks of things that do not fit either
that comply Indonesia regulation. in regulation or functionally.
F. There sould be improvement in terms of C. As soon as possible, there should be some
infrastructure so that applications can be more handling on the findings identified in this
optimal. study to minimize the risks that might arise as
the result of the problems existing.
5. CONCLUSIONS AND
RECOMMENDATIONS
REFRENCES:
5.1 Conclusions
From the research, it can be drawn several [1] Association of Certified Public Accountants.
conclusions, as follows: (2001). Generally Accepted Accounting
A. The research on on the Information Systems Standards. Salemba Four: Jakarta.
Audit T24 Core Banking Bank Syariah Bank
in measuring the handling of the incident that

45
 Journal of Theoretical and Applied Information Technology
10th May 2016. Vol.87. No.1
© 2005 - 2016 JATIT & LLS. All rights reserved.

ISSN: 1992-8645 www.jatit.org E-ISSN: 1817-3195

[2] Gondodiyoto, Sanyoto, and Henny Hendarti.

(2007). Advanced Information Systems
Auditing. Jakarta: Partners Media Discourse.
[3] Ron Weber .1999. Information Systems
Control and Audit. Prentice-Hall, Inc.: New
Jersey.
[4] Office of Government Commerce. (2005).
ITIL Small Scale Implementation. The
Stationery Office ; ISBN 0-11-33-09805
[5] ITIL V3 Service Operation (2009). ITIL
Service Operation. Retrieved Jan 16, 2010,
fromhttp://wiki.en.itprocessmaps.com/index.p
hp/ITIL_V3_SERVICE_OPERATIONS
[6] Definition of Application Landscape.
Software Engineering for Business
Information Systems (SEBIS). Jan 21, 2009.
[7] Kroenke, D M. (2008). Experiencing MIS.
Prentice-Hall, Upper Saddle River, NJ
[8] O'Brien, J A. (2003). Introduction to
information systems: essentials for the e-
business enterprise. McGraw-Hill, Boston,
MA
[9] Alter, S. The Work System Method:
Connecting People, Processes, and IT for
Business Results. Works System Press, CA
[10] Beynon-Davies P. (2009). Management
Information Systems. Palgrave, Basingstoke.
[11] James A. O’Brien. (2007). Management
Information Systems - 10th edition.Palgrave,
Basingstoke.
[12] Laudon, Kenneth C.; Laudon, Jane P. (2007).
Management Information Systems. Palgrave,
Basingstoke.
[13] IT Service Management: Service Support
Self-Assessment Questionnaire, from
http://www.contentedits.com/img.asp?id=418
3

46