Analysis of cause and effect relationship risk using fishbone diagram in SDLC SPASI v. 4.0 business process

Abstract

One of the requirements contained in IT general control is the availability of an SDLC. But until now, PT. Telkom has yet to implement risk management in the SDLC process. In order to manage the risks properly, risk assessment is needed to determine approriate internal controls for SDLC. This study tries to present a methodology to assess this value using semi-quantitative risk assessment. The methodology addresses risk by using fishbone diagram to determine casuality relationship among SDLC risks. SPASI 4.0, PT. Telkom's standard for software development lifecycle, is used to determine the current IT general control, which is desired. The results of the research in this case is the gap analysis of control.