Wardhiana, I Nyoman Gde Artadana Mahaputra (2025) Pemanfaatan Metode Graf Dalam Deteksi Process-Based Fraud Untuk Mendukung Penilaian Kapabilitas Pada APO12 COBIT 2019. Masters thesis, Institut Teknologi Sepuluh Nopember.
|
Text
6025231022-Master_Thesis.pdf Restricted to Repository staff only Download (17MB) | Request a copy |
Abstract
Digitalisasi proses bisnis meningkatkan potensi process-based fraud (PBF), yakni kecurangan yang terjadi ketika aktivitas aktual menyimpang dari Standar Operasional Prosedur (SOP). Sementara itu, penilaian kapabilitas risiko TI dalam COBIT 2019 masih bersifat subjektif dan sulit diverifikasi. Penelitian ini mengusulkan pendekatan deteksi PBF berbasis metode graf menggunakan Neo4j, dengan kombinasi kemiripan graf dan berbasis aturan yang diimplementasikan dalam bahasa cypher. SOP dimodelkan sebagai graf referensi, sementara event log aktual dipetakan menjadi graf instansi. Deviasi proses diidentifikasi melalui skor kemiripan pada jalur aktivitas, peran pelaksana, dan durasi eksekusi. Enam jenis PBF yang dideteksi meliputi skipped activity, wrong resource, wrong duty, wrong pattern, wrong decision, dan wrong throughput time. Temuan anomali dikonversi menjadi indikator kuantitatif yang disisipkan ke dalam metrik APO12.01–.03 untuk mendukung penilaian risiko yang berbasis data. Sistem diuji pada event log sintetis dari SOP Account Receivable & Reminder perusahaan XYZ, dengan hasil F1-score = 1 pada keenam jenis anomali di ambang optimal, 0,95–1,00 untuk skipped activity, wrong resource, wrong duty, dan wrong pattern, 0,75–1,00 untuk wrong decision, 0,65 untuk wrong throughput time. Integrasi hasil deteksi ke dalam metrik APO12 menghasilkan nilai 2,9% pada APO12.01, 1 kasus risiko tinggi pada APO12.02, dan 100% kelengkapan atribut risiko pada APO12.03. Evaluasi penerimaan pengguna menggunakan model UTAUT menunjukkan peningkatan rerata skor sebelum dan sesudah penggunaan sistem, mencerminkan penerimaan positif, yakni performance expectancy (4,3 ke 4,7), effort expectancy (4,1 ke 4,6), social influence (3,8 ke 4,6), dan facilitating conditions (4,0 ke 4,7). Hasil ini membuktikan bahwa pendekatan graf yang diusulkan efektif mendeteksi PBF secara komputasional efisien, dan menjadikan penilaian risiko TI lebih objektif, terukur, serta adaptif terhadap dinamika proses bisnis digital.
================================================================================================================================
Digitalization of business processes increases the potential for process-based fraud (PBF), which is fraud that occurs when actual activities deviate from Standard Operating Procedure (SOP). Meanwhile, the IT risk capability assessment in COBIT 2019 is still subjective and difficult to verify. This research proposes a graph method-based PBF detection approach using Neo4j, with a combination of graph similarity and rule-based implemented in cypher language. SOPs are modelled as reference graphs, while actual event logs are mapped into instance graphs. Process deviations are identified through similarity scores on activity paths, executor roles, and execution duration. The six types of PBF detected include skipped activity, wrong resource, wrong duty, wrong pattern, wrong decision, and wrong throughput time. Anomaly findings were converted into quantitative indicators that were inserted into APO12.01-.03 metrics to support data-driven risk assessment. The system was tested on synthetic event logs from the Account Receivable & Reminder SOP of XYZ company, with F1-score = 1 for all six types of anomalies at the optimal threshold, 0.95-1.00 for skipped activity, wrong resource, wrong duty, and wrong pattern, 0.75-1.00 for wrong decision, 0.65 for wrong throughput time. Integration of detection results into APO12 metrics resulted in a value of 2.9% in APO12.01, 1 high risk case in APO12.02, and 100% completeness of risk attributes in APO12.03. Evaluation of user acceptance using the UTAUT model shows an increase in the average score before and after system use, reflecting positive acceptance, namely performance expectancy (4.3 to 4.7), effort expectancy (4.1 to 4.6), social influence (3.8 to 4.6), and facilitating conditions (4.0 to 4.7). These results prove that the proposed graph approach effectively detects PBF in a computationally efficient manner, and makes IT risk assessment more objective, measurable, and adaptive to the dynamics of digital business processes.
| Item Type: | Thesis (Masters) |
|---|---|
| Uncontrolled Keywords: | APO12, COBIT 2019, Graf, Process-based Fraud, UTAUT |
| Subjects: | T Technology > T Technology (General) > T174.5 Technology--Risk assessment. T Technology > T Technology (General) > T57.5 Data Processing T Technology > T Technology (General) > T58.5 Information technology. IT--Auditing |
| Divisions: | Faculty of Intelligent Electrical and Informatics Technology (ELECTICS) > Informatics Engineering > 55101-(S2) Master Thesis |
| Depositing User: | I Nyoman Gde Artadana Mahaputra Wardhiana |
| Date Deposited: | 03 Jul 2026 03:50 |
| Last Modified: | 03 Jul 2026 03:50 |
| URI: | http://repository.its.ac.id/id/eprint/126818 |
Actions (login required)
![]() |
View Item |
