Human error dan kelemahan kontrol internal sebagai pemicu risiko operasional

Ahmad Rizqi Romadhoni

Ahmad Rizqi Romadhoni Program Studi Perbankan Syariah, Universitas Islam Negeri Maulana Malik Ibrahim Malang

Keywords: Operational risk, human error, internal control, islamic banking, system malfunction

Abstract

This study aims to analyze the role of human error and weak internal controls as triggers of operational risk in Islamic banking through a case study of the Bank Syariah Indonesia (BSI) system disruption in May 2023. The research employed a descriptive qualitative approach based on a conceptual case study using literature review, incident chronology analysis, and linkage of findings with operational risk and internal control theories. The results indicate that operational risk is not solely caused by external factors such as cyberattacks, but is also significantly influenced by internal factors. The suspected use of outdated systems, weak access controls, low employee cybersecurity awareness, and slow monitoring and incident response were identified as indicators of ineffective internal control systems. The combination of these factors amplified the disruption, causing failures in ATM services, mobile banking, and branch transactions nationwide. In the context of Islamic banking, operational incidents also reduce customer trust, which is the main foundation of the industry. Therefore, Islamic banks need to strengthen COSO-based internal controls, enhance human resource capacity through cybersecurity training, conduct regular information technology audits, and establish effective disaster recovery plans and business continuity plans to mitigate operational risk in the digital era.

Downloads

Download data is not yet available.

References

Ahmad, A., Maynard, S., & Park, S. (2014). Information security strategies: Towards an organizational multi-strategy perspective. Journal of Intelligent Manufacturing, 25. https://doi.org/10.1007/s10845-012-0683-0

Apriyadi, C. (2025). Sentiment Analysis of Cyber Attacks in Bank Syariah Indonesia Using SVM and Indobert Method. 6(2), 819–838.

Arfan, A. (2015). Lima prinsip istinbat kontemporer sebagai konklusi pembaharuan dalam teori penetapan hukum Islam. Al-Manahij, 9(2), 223–236. https://repository.uin-malang.ac.id/609/

Arfan, A., Saifullah, S., & Fakhruddin, F. (2016). Implementasi prinsip bagi hasil dan manajemen risiko dalam produk-produk pembiayaan perbankan syariah di Kota Malang. INFERENSI: Jurnal Penelitian Sosial Keagamaan, 10(1), 213–238. https://repository.uin-malang.ac.id/622/

Aven, T. (2016). Risk assessment and risk management: Review of recent advances on their foundation. European Journal of Operational Research, 253(1), 1–13. https://doi.org/10.1016/j.ejor.2015.12.023

Budianto, E. W. H. (2023). Pemetaan Penelitian Risiko Operasional Pada Industri Keuangan Syariah Dan Konvensional: Studi Bibliometrik Vosviewer Dan Literature Review Eka. 14(November), 158–174.

Committee, B. (2011). Principles for the Sound Management of Operational Risk. (June).

COSO Internal Control – Integrated Framework ( 2013 ). (2013). 1–8.

Fahmi, M. M., Wahyuni, N., Hidayah, Y., & Putra, S. (2023). The Business Cycle as a Moderator of Financing for Financing Risk of Islamic Commercial Banks in Indonesia Siklus Bisnis sebagai Pemoderator Pembiayaan terhadap Risiko Pembiayaan Bank Umum Syariah di Indonesia. 10(1), 27–40. https://doi.org/10.20473/vol10iss20231pp27-40

Fund, E., Fund, L., & Fund, C. (2017). Cyber Risk, Market Failures, and Financial Stability. IMF Working Papers, 17, 1. https://doi.org/10.5089/9781484313787.001

Gramling, A. A., Maletta, M. J., Schneider, A., & Church, B. K. (2004). The role of the internal audit function in corporate governance: A synthesis of the extant internal auditing literature and directions for future research. Journal of Accounting Literature, 23, 194–244.

Hassan, A. (2009). Risk management practices of Islamic banks of Brunei Darussalam. The Journal of Risk Finance, 10(1), 23–37. https://doi.org/10.1108/15265940910924472

Hassandi, I., Yossinomita, & Pangestu, M. G. (2025). Identifikasi Resiko Dalam Era Digital: Studi Kasus Resiko Teknologi Pada PT Bank Syariah Indonesia. 5, 996–1004.

Herbane, B. (2010). The Evolution of Business Continuity Management: A Historical Review of Practices and Drivers. Business History, 52, 978–1002. https://doi.org/10.1080/00076791.2010.511185

Kamila, T. P., & Rahayu, Y. S. (2024). Pengaruh Keamanan,Kepercayaan,Dan Risiko Terhadap Penggunaan Layanan Mobile Banking Pada Mahasiswa Di Kota Malang. 5, 49–61.

Lubis, Z. A., & Lubis, F. A. (2024). Pengaruh Persepsi Keamanan dan Kepercayaan Terhadap Loyalitas Nasabah: Studi Kasus Serangan Siber di Bank Syariah Indonesia. 5(10), 4215–4230.

Mardiana. (2018). Pengaruh Manajemen Risiko Terhadap Kinerja Keuangan (Study Pada Perbankan Syariah Yang Terdaftar Di Bei). 151–166. https://repository.uin-malang.ac.id/7242/

MOOSA, I. A. (2007). Operational Risk: A Survey. (4).

Nabbila, F. L., Andriani, Putri, D. F., & Sari, W. R. (2023). Analisis Manajemen Risiko Operasional Pada Bank Syariah Indonesia (BSI) Pasca Merger. Jurnal Ilmiah Ekonomi Dan Manajemen, 1(4), 91–99.

Nurhaliza, S., Ningsih, A. S., Ismaini, D., & Nurbaiti. (2025). Keamanan data nasabah bank syariah. 2(1), 651–662.

Parsons, K., McCormac, A., Butavicius, M., Pattinson, M., & Jerram, C. (2014). Determining employee awareness using the Human Aspects of Information Security Questionnaire (HAIS-Q). Computers & Security, 42, 165–176. https://doi.org/10.1016/j.cose.2013.12.003

Putra, R., & Hasibuan, A. (2024). Manajemen Risiko Operasional pada Bank Syariah Indonesia ( BSI ) KC Bengkulu. 3(4), 879–891.

Putri, A. A., & Yusuf, H. (2025). Ransomware Di Sektor Keuangan : Studi Kasus Serangan Terhadap Bsi Pada Tahun 2023 Ransomware In The Financial Sector : A Case Study Of Attacks On Bsi In 2023. 15649–15656.

Rahman, H. E. A., & Nasution, H. E. D. (2012). Guiding Principles On Liquidity Risk Management For Institutions [ Excluding Islamic Insurance ( Tak Ā Ful ) Institutions And Islamic Collective Investment Schemes ]. (March).

Rizal, I., & Ardhian, N. (2023). Dampak serangan siber dan kebocoran data pada perbankan syariah terhadap tingkat kepercayaan nasabah. 1(3), 351–359.

Robertson, D. (2015). Managing Operational Risk.

Singer, P., & Friedman, A. (2014). Cybersecurity and Cyberwar: What Everyone Needs to Know®What Everyone Needs to Know®. https://doi.org/10.1093/wentk/9780199918096.001.0001

Sudarmanto, E., Yusuf, S. R., Yuliana, I., Wahyuni, N., & Zaki, A. (2024). Transformasi digital dalam keuangan Islam: Peluang dan tantangan. Jurnal Ilmiah Ekonomi Islam, 10(1), 645–655. https://repository.uin-malang.ac.id/19648/

Timur, Y. P., Ridiwan, A. A., Fikriyah, K., Canggih, C., & Nurafini, F. (2024). How should Bank Syariah Indonesia respond to cyber-attacks? Churn, sentiments, and emotions analysis with machine learning. 10(1), 439–470.

Wang, S., Asif, M., Shahzad, M. F., & Ashfaq, M. (2024). Data privacy and cybersecurity challenges in the digital transformation of the banking sector. Computers & Security, 147, 104051. https://doi.org/10.1016/j.cose.2024.104051

Wati, M. (2024). Digital Transformation in Banking: Shielding Against Cyber Threats and Operational Risks. 1(3), 4–8.

Yuniarti, S., & Sunarjo. (2017). Sistem Pengendalian Risiko Operasional Pada Bank Perkreditan Rakyat Dengan Pendekatan Indikator Dasar Dasar. 21(040), 96–104.

Human error dan kelemahan kontrol internal sebagai pemicu risiko operasional

Studi kasus gangguan sistem Bank Syariah Indonesia

Abstract

Downloads

References

PlumX Metrics