AUDIT OF TRADING PLATFORM INFORMATION SYSTEM FROM THE PERSPECTIVE OF INFORMATION SECURITY GOVERNANCE IN COMMODITY FUTURES TRADE

Syifaurachman; Muhamad Ihsan Ashari; Galuh Oka Safitri

doi:10.23960/jitet.v14i1.8724

Authors

Syifaurachman Universitas Pamulang
Muhamad Ihsan Ashari Universitas Pamulang
Galuh Oka Safitri Universitas Pamulang

DOI:

https://doi.org/10.23960/jitet.v14i1.8724

Abstract Views: 89 File Views: 46

Keywords:

information systems audit; information security; trading platform; commodity futures trading

Abstract

Information system-based trading platforms play an important role in supporting real-time, high-value, and high-risk commodity futures trades. With their complex designs, huge transaction volumes, and reliance on digital technology, information system security is crucial to operational reliability and stakeholder confidence. Weak security measures can result in financial losses, service disruptions, and reputational damage. This study employs an information system audit approach to assess the efficacy of information system security controls on a commodity futures trading platform. A descriptive qualitative approach with a case study at Company X was used. Data were gathered by analyzing security audit reports, internal policies, and operational processes, conducting interviews with system management and supervisory people, and observing platform activities. Data analysis involved comparing real system circumstances to information system audit best practices and digital transaction security standards. The findings indicate that security procedures have been widely implemented but are only partially compliant. Key holes were detected in risk planning that is not frequently updated, insufficient documentation of operational controls, flaws in human resource competency management, and a lack of comprehensive continuous monitoring and improvement processes. These findings emphasize that effective information system security necessitates not just the establishment of controls, but also consistent implementation, thorough documentation, and alignment of technology controls with business operations.

Downloads

Download data is not yet available.

References

M. Alshaikh, “Developing cybersecurity audit maturity models,” Int. J. Inf. Manage., vol. 54, p. 102145, 2020.

L. M. Fonseca and J. P. Domingues, “Information security governance and risk management,” J. Ind. Inf. Integr., vol. 19, p. 100150, 2020.

S. E. Chang, Y. C. Chen, and C. S. Lin, “Exploring information security governance in critical information systems,” Inf. Syst. Front., vol. 22, pp. 1309–1324, 2020.

J. Kwon and M. E. Johnson, “Security practices and financial performance in digital platforms,” J. Cybersecurity, vol. 7, no. 1, 2021.

O. Ali, A. Shrestha, V. Osmanaj, and S. Muhammed, “Cloud computing security audit challenges,” J. Cloud Comput., vol. 10, no. 1, pp. 1–18, 2021.

I. A. Tøndel, M. B. Line, and M. G. Jaatun, “Information security incident management,” Comput. Secur., vol. 92, p. 101746, 2020.

C. Vroom and R. von Solms, “Towards cyber security maturity evaluation,” Comput. Secur., vol. 105, p. 102242, 2021.

P. F. Hsu, H. J. R. Yen, and J. C. Chung, “Assessing information security governance,” Inf. Comput. Secur., vol. 29, no. 1, pp. 45–63, 2021.

P. Ifinedo, “Security audit practices and organizational performance,” Inf. Manage., vol. 58, no. 4, p. 103439, 2021.

S. Al-Dhahri and A. Al-Sarti, “Auditing information systems in electronic trading environments,” Int. J. Account. Inf. Syst., vol. 48, p. 100604, 2023.

A. Ahmad, S. B. Maynard, and G. Shanks, “Information security management systems: A maturity perspective,” Comput. Secur., vol. 105, p. 102237, 2021.

B. Betri and D. Maidiana, “Pengaruh keefektifan audit sistem informasi dan risiko audit terhadap deteksi kesalahan,” Balance, vol. 10, no. 1, pp. 1–12, 2025.

A. Ab Rahman and K. K. R. Choo, “Information security auditing: Trends and future directions,” IEEE Access, vol. 10, pp. 10411–10425, 2022.

M. Alim, M. Rasyid, and A. P. Juledi, “Evaluasi keamanan sistem informasi dalam lingkungan bisnis digital,” J. Ilmu Komput. Sist. Inf., vol. 7, no. 1, pp. 328–332, 2024.

S. Serliana and J. N. Utamajaya, “Pendekatan terintegrasi audit sistem informasi,” J. Ilm. Sains Teknol. Inf., vol. 3, no. 2, pp. 45–58, 2025.

R. Wijaya and H. Santoso, “Evaluasi pengendalian keamanan informasi,” J. Inf. Syst. Eng., vol. 9, no. 1, pp. 15–28, 2024.

A. Purnomo and Y. Nugroho, “Audit keamanan sistem informasi pada layanan transaksi elektronik,” J. Sist. Inf., vol. 20, no. 2, pp. 89–102, 2024.

A. Alruwaili and S. R. Gulliver, “Information systems risk assessment in financial platforms,” J. Inf. Secur. Appl., vol. 65, p. 103102, 2022.

E. Sutisna, “Evaluating security risks and the impact of analytic technology on the audit process,” Adv. Manag. Audit Res., vol. 3, no. 1, pp. 30–43, 2025.

S. Choi and J. Lee, “Governance mechanisms for secure digital transaction systems,” Electron. Commer. Res., vol. 23, pp. 421–445, 2023.

R. G. Faradilla, “AUDIT SISTEM INFORMASI MENGGUNAKAN COBIT 5 DOMAIN DSS001 DAN DSS005 (STUDI KASUS PERPUSTAKAAN UPN VETERAN JAWA TIMUR)”, JITET, vol. 13, no. 1, Jan. 2025.