This theses analyze the operational risk specifically information technology risk at PT. XYZ using Cause-Effect method. Cause-Effect method is a risk assessment method that uses a logic of causality relationship in determining the possible risks that can occur. Implementation of ISO 27001 at the Information Technology unit of PT. XYZ generate risk profiles that is used as the basis of the Information Technology Security Management System implementation. This study uses the risk profile of Information Technology unit PT. XYZ as the basis for quantifying operational risk assessment using the Cause-Effect method. PT. XYZ's operational risk quantification begins by decomposing and forming submodel of technology risk profile information. Based on the risk parameters that exist in PT. XYZ's risk management policy, risk quantification simulations using Loss Distribution Approach - Aggregation model can be done to provide illustrations on financial loss that may occur.