xix

REFERENCES

Books:

ALARM., AIRMIC. & IRM, 2002, “A Risk Management Standard”, London, UK.

Ali, Masyhud., 2006, “Manajemen Risiko: Strategi Perankan dan Dunia Usaha

Menghadapi Tantangan Globalisasi Bisnis”, Jakarta, INA: PT RajaGrafindo

Persada.

Amsyah, Zulkfli., 2001, “Manajemen Sistem Informasi”, Jakarta: Gramedia Pustaka

Utama.

Crouhy, Michel., Galai, Dan., & Mark, Robert., 2001, “Risk Management”. New York,

USA: Mc-Graw-Hill.

Crouhy, Michel. Galai,.Dan., and Mark,Robert.2006. “The Essentials of Risk

Management”. Mc-Graw Hill. New York.

Djohanputro, Bramantyo., 2006, ”Manajemen Risiko Korporat Terintegrasi,

Memastikan Keamanan & Kelanggengan Perusahaan Anda, Jakarta, INA:

Penerbit PPM.

Hanafi, Mamduh., 2006, “Manajemen Risiko”, Yoyakarta, INA: UPP STIM YKPN.

Horcher, A. Karen., 2005, “Essentials of Financial Risk Management”. New Jersey,

USA: Wiley Inc.

Konrath, Larry F., 2006, “Auditing, A Risk Analysis Approach”. Mason, Ohio, USA:

South Western..

Kountur, Ronny., 2004, “Manajemen Risiko Operasional, Memahami Cara

Mengelola Risiko Operasional Perusahaan”. Jakarta, INA: Penerbit PPM.

Kountur, Ronny., 2004, “Manajemen Risiko”. Jakarta, INA: Penerbit PPM.

Lam, James., 2007. “Enterprise Risk Management”. New Jersey, INA: Willey Inc.

Laudon, Kenneth C. & Laudon, Jane P., 2006, “Management Information System,

Managing the Digital Firm, Ninth Edition”, New Jersey, USA: Pearson

Education.

Malhotra, Naresh K., 2006, “Market Research, an Applied Orientation”, New Jersey,

USA: Pearson Education.

Nugroho, B. Agung., 2005, ”Strategi Jitu Memilih Metode Statistik Penelitian Dengan

SPSS”, Yogyakarta, INA: CV Andi Offset.

Tampubolon, Robert., 2006, ”Manajemen Risiko, Pendekatn Kualitatif untuk Bank

Komersial”, Jakarta, INA: Elex Media Komputindo.

xx

Wideman, R. Max., 1992, “Project and Program Risk Management, A guide to

Managing Project Risks and Opportunity”, Sylva, North Carolina, USA:

Publication of Project Management Institute.

Bank Ekspor Indonesia Annual Report:

2005 Annual Report

Internet:

Bexi.co.id, 2007, Bank Ekspor Indonesia company profile and annual report, retrieved

on April 23, 2007 from

http://www.bexi.co.id

Investopedia.com, 2007, RTGS definitions, retrieved on July 28, 2007 from

http://www.investopedia.com

Pcmag.com, 2007, the best IDS software, retrieved on July 29, 2007 from

http://www.pcmag.com

Webopedia.com, 2007, proxy server and SMTP definitions, retrieved on July 25, 2007

from

http://www.webopedia.com/TERM/P/proxy_server.html

Washingtonpost.com, 2004, SWIFT code definitions, retrieved on July 25, 2007 from

http://www.washingtonpost.com

xxi

APPENDIX

xxii

APPENDIX A

Glossary

“Firewall is hardware or software which placed between an organization’s internal

network and an external network to prevent outsiders invading private networks.

(Laudon, Laudon. 2006: G6)

“Internet service provider (ISP) is a commercial organization with permanent

connection o the internet that sells temporary connection to subscribers.(Laudon,

Laudon. 2006: G7)

“Proxy server is a tool to intercepts all requests to the real server to see if it can

fulfill the requests itself. If not, it forwards the request to the real server

(webopedia.com, 2007).

“Private Branch eXchange (PBX) is a telephone exchange that serves a particular

business or office, as opposed to one that a common carrier or telephone company

operates for many businesses or for the general public. PBXs are also referred to

as:

o PABX - Private Automatic Branch eXchange

o EPABX - Electronic Private Automatic Branch Exchange”

(Laudon, Laudon. 2006: G10).

“Real Time Gross Settlement (RTGS) is an online system for settling transactions

of financial institutions, especially banks. RTGS systems are "push payment"

systems with transactions initiated by the paying bank” (investopedia.com, 2007).

“Simple Mail Transfer Protocol (SMTP) is the de facto standard for e-mail

transmissions across the Internet (Kudlick, n.d retrieved from webopedia.com, n.d).

”SWIFT Code is a standard format of Bank Identifier Codes approved by the

International Organization for Standardization. It is the unique identification code

of a particular Bank. It can be found on the Account Statements. It is necessary for

sending money across countries” (washingtonpost.com, 2005).

xxiii

APPENDIX B

Research Approval Letter from BEI

xxiv

APPENDIX C

BEI Risk Management Roadmap

xxv

APPENDIX D

BEI Risk Management Reporting

xxvi

APPENDIX E

BEI Risk Management Capital Allocation

xxvii

APPENDIX F

BEI Operational Risk Management Database

xxviii

xxix

APPENDIX G

BEI IT Infrastructure Description

xxx

xxxi

APPENDIX H

The Questionnaire

xxxii

xxxiii

APPENDIX I

The Questionnaire Result

Probability Measurement

Risks RMD1 RMD2 RMD3 RMD TISD OAD IAD Total Probability Score

Weight 35% 30% 20% 15%

1 3 1 1 1.67 1 1 1 1.23

2 3 1 1 1.67 1 1 1 1.23

3 2 3 1 2.00 1 1 1 1.35

4 2 2 1 1.67 0 1 1 0.93

5 3 2 2 2.33 0 1 1 1.17

6 2 2 2 2.00 1 1 1 1.35

7 3 3 2 2.67 0 1 1 1.28

8 2 3 2 2.33 1 1 2 1.62

9 2 3 2 2.33 3 1 2 2.22

10 2 2 1 1.67 1 2 1 1.43

11 2 3 2 2.33 1 1 2 1.62

12 3 3 2 2.67 2 2 1 2.08

13 3 3 2 2.67 1 2 1 1.78

14 3 2 1 2.00 0 2 1 1.25

15 2 3 2 2.33 1 2 1 1.67

16 2 2 1 1.67 0 2 1 1.13

17 2 3 1 2.00 1 2 1 1.55

18 2 3 2 2.33 0 2 1 1.37

19 3 2 1 2.00 0 1 1 1.05

Probability Average 1.44

Probability Rank Table

Probability

Rank Risks

Total Probability

Score

1 Miss data entry 2.22

2 Hardware working systems failures 2.08

3 Network and electricity (internet or intranet) broke down 1.78

4 Software working systems failures 1.67

5 Lack of maintenance staff 1.62

6 Error reporting failures 1.62

7 Telecommunication tools failures 1.55

8 Systems maintenance failures 1.43

9 Physical assets damage (hardware, software, and application modules) caused

by force majeure 1.37

10 Company and secret information robbery 1.35

11 Password (access code authorization) misuses 1.35

12 Data manipulation 1.28

13 Hacking via internet 1.25

14 Unauthorized transaction 1.23

15 Unauthorized access to limited area 1.23

16 Hardware robbery 1.17

17 Website failures 1.13

18 Cyber terrorism 1.05

19 Systems misuses 0.93

xxxiv

Severity Measurement

Risks RMD1 RMD2 RMD3 RMD TIS ODA IAT Total Severity Score

Weight 35% 30% 20% 15%

1 3 1 1 1.67 1 1 1 1.23

2 3 1 1 1.67 1 1 1 1.23

3 3 3 1 2.33 1 1 1 1.47

4 3 1 1 1.67 1 1 1 1.23

5 3 1 2 2.00 1 1 1 1.35

6 2 1 1 1.33 1 1 1 1.12

7 3 1 1 1.67 1 1 1 1.23

8 3 1 1 1.67 1 1 1 1.23

9 2 2 2 2.00 3 1 1 1.95

10 2 1 1 1.33 1 2 1 1.32

11 2 2 2 2.00 1 1 1 1.35

12 3 2 1 2.00 1 2 1 1.55

13 3 2 1 2.00 2 2 1 1.85

14 3 1 1 1.67 0 2 1 1.13

15 2 2 2 2.00 2 2 1 1.85

16 2 1 1 1.33 0 2 1 1.02

17 2 2 2 2.00 1 2 1 1.55

18 2 2 1 1.67 1 2 1 1.43

19 3 1 1 1.67 0 1 1 0.93

Severity Average 1.37

Severity Rank Table

Severity

Rank Risks

Total Severity

Score

1 Miss data entry 1.95

2 Network and electricity (internet or intranet) broke down 1.85

3 Software working systems failures 1.85

4 Hardware working systems failures 1.55

5 Telecommunication tools failures 1.55

6 Company and secret information robbery 1.47

7 Physical assets damage (hardware, software, and application modules) caused by

force majeure 1.43

8 Hardware robbery 1.35

9 Error reporting failures 1.35

10 Systems maintenance failures 1.32

11 Unauthorized transaction 1.23

12 Unauthorized access to limited area 1.23

13 Systems misuses 1.23

14 Data manipulation 1.23

15 Lack of maintenance staff 1.23

16 Hacking via internet 1.13

17 Password (access code authorization) misuses 1.12

18 Website failures 1.02

19 Cyber terrorism 0.93