The purpose of this research is to make a risk assessment aimed at to help the company chosen before knowing the kind of risks to occur. This study uses OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation) Allegro Methodology to identify and evaluate information security risks. The respondents considered are Head of IT, Manager IT Research and Development, and Manager IT Operation. The results obtained include: (1) there are 10 critical asset information in e-money operation system in PT. XYZ, and (2) there are 52 risks that may occur during the operations of e-money.

risk management, operational risk of e-money, risk control.