Designing a tool for IT Governance Risk Compliance: A case study

Awareness of the importance of risk management related to the implementation of information technology in Indonesia companies began to grow. This is in line with increasingly strict regulations, such as regulations the Minister of State-Owned Enterprises on the necessity of carrying out risk management in state-owned enterprises environment and regulations issued by other authorities such as Bank of Indonesia that must be obeyed by all public banks. Bank of Indonesia has required the implementation of risk management in the use of information technology. This obligation has been implemented by XYZ Bank with the internal policies adopted from that rules, though their IT risk management is currently not providing satisfactory results. Governance, risk management, and compliance in IT are still standing separately so that when incidents occur, sluggish handling often happens. Finally, this can impact on company reputation and resulting financial loss. The bad experiences drive the XYZ Bank to create a tool that combines governance, risk, and compliance in IT. This tool is custom made to fit the needs of the company. Framework selected in the design tool, is the unified modeling language with the use of case diagrams, sequence diagrams and class diagrams.