THE ROLE OF COMMISSIONERS

IN EFFECTIVE ENTERPRISE RISK

MANAGEMENT (ERM) OVERSIGHT

Dr. Setyanto P. Santosa

Former CEO of Telkom Tbk.,
Former Commissioner of PT. Indosat Tbk.

TASK OF BOARD OF COMMISSIONER

CORPORATE LAW NO. 40/2007

BOC supervises the management policies, management performance

in general, both in respect of the Company and the companys

business, and provides advice to the BOD.
The supervision and advice shall be carried out in the companys
interests in accordance with the companys purposes and objectives.
Each member of BOC must undertake, in good faith, prudence and
responsibility, the tasks of supervising and advising to BOD
Each member of BOC shares personal liability for the companys loss,
if he is at fault or is negligent carrying out his tasks.
Member cannot be held liable for the loss if he proves that
- he has undertaken the supervision in good faith & with prudence in the
companys interest
- no conflict of interest on the management act that caused the loss
- he has given advice to BOD to prevent the loss from occurring.

Pengertian Good Corporate Governance

Pengaturan hubungan
pemegang saham,
saham, pengurus,
pengurus, serta
stakeholder lainnya

Penciptaan struktur

tujuan perusahaan,
n, usahaha-usaha pencapaian
tujuan, dan pemant
auan kinerja

an
Pencapaian tujum/peraturann--peraturan
ku
sesuai dengan hu
ku
yang berla

Pengertian Good Corporate Governance

Suatu sistem yang diterapkan untuk mengarahkan dan

mengendalikan perusahaan sehingga dapat mendorong

dan mendukung :

pengembangan perusahaan,

pengelolaan sumber daya dan risiko secara efisien dan
efektif,

pertanggung jawaban perusahaan kepada pemegang

saham dan stakeholders lainnya

Responsibility
Perusahaan sebagai salah satu bagian dari
masyarakat mematuhi seluruh peraturan dan
perundang-undangan yang berlaku.

5 Prinsip Dasar
Good Corporate
Governance:
Transparency

Independency

Kebijakan dan keputusan yang diambil

Pengurus Bank dilarang merangkap jabatan
harus dilakukan secara transparan pada perusahaan, instansi dan lembaga
sehingga stakeholder dapat memperoleh pemerintah atau jabatan lain yang dapat
informasi secara merata dan akurat
menimbulkan benturan kepentingan (conflict
of interest).

Accountability
Pertanggungjawaban jajaran Direksi,
Fairness
Komisaris dan Pemilik (shareholders)
Seluruh kebijakan dan keputusan
dalam
menjalankan
pengelolaan
yang diambil selalu memperhatikan prinsip
perusahaan.
equality terhadap seluruh pihak baik yang
terkait maupun tidak terkait

Manfaat GCG
Karyawan:

Transparansi aktifitas operasional perusahaan.

Tingkat keluar-masuk karyawan rendah.
Efisiensi dan produktifitas tinggi.
Kesejahteraan meningkat.

Pengembangan Bisnis
COF yang lebih rendah
Efisiensi usaha tinggi
Iklim usaha kondusif

Reputasi Bisnis
Komitmen dan penerapan kode etik
Goodwill dan reputasi
(corporate image) yang baik

Komunitas:
Hubungan yang terjaga baik.
Lingkungan, kesejahteraan sosial dan
perekonomian.

Penerapan GCG

Harus diadakan perubahan orientasi.
IMPLEMENTASI PRINSIPS
GCG
TARIF

1. TRANSPARENCY
2. ACCOUNTABILITY

Orientasi
Perusahaan

3. RESPONSIBILITY
4. INDENPENDENCY
5. FAIRNESS

SUSTAINABILITY & GROWTH

 SOCIAL RESPONSIBILITY
 EMPLOYEE PRODUCTIVITY &
WELFARE
 MORE VALUE TO CUSTOMERS

Hambatan Penerapan GCG

Pemahaman yang salah

Kesulitan dalam penerapan kode etik

Bukan semata-mata permasalah salah benar secara

hukum

Kurangnya komitmen dan konsistensi yang kontinyu
dari manajemen puncak

MANAGING RISK

Risk is defined as this uncertainty of outcome, whether

positive opportunity or negative threat, of actions and

events.

The risk has to be assessed in respect of the combination
of the likelihood of something happening, and the impact
which arises if it does actually happen.

Risk management : all the processes involved in
identifying, assessing and judging risks, assigning
ownership, taking actions to mitigate or anticipate them,
and monitoring and reviewing progress

The risk of direct or indirect loss due to a failure

of people, process or systems, or due to external
events.

Compliance Risk

Legal Risk

Reputation Risk

Business Risk

THE DRIVERS OF KEY RISK

RISK MANAGEMENT PROCESS

HIERARCHY OF RISK

RISK MANAGEMENT MODEL

ROLE OF BOC

The Board has responsibility for determining the strategic

direction of the organization and for creating the

environment and the structures for risk management to
operate effectively.

This may be through an executive group, a non executive
committee, an audit committee or such other function that
suits the organizations way of operating and is capable of
acting as a sponsor for risk management.

ROLE OF THE BOARD

The Board should, as a minimum, consider, in

evaluating its system of internal control:
the nature and extent of downside risks acceptable for
the company to bear within its particular business
the likelihood of such risks becoming a reality
how unacceptable risks should be managed
the companys ability to minimize the probability and
impact on the business
the costs and benefits of the risk and control activity
undertaken
the effectiveness of the risk management process
the risk implications of board decisions

ROLE OF RISK MANAGEMENT FUNCTION

The role of the Risk Management function should include :

setting policy and strategy for risk management

primary champion of risk management at strategic and operational
level

building a risk aware culture within the organization including
appropriate education

establishing internal risk policy and structures for business units

designing and reviewing processes for risk management

coordinating the various functional activities which advise on risk
management issues within the organization

developing risk response processes, including contingency and business
continuity programs

preparing reports on risk for the board and the stakeholders

ROLE OF BUSINESS UNIT

This includes the following:

the business units have primary responsibility for managing
risk on a day to- day basis

business unit management is responsible for promoting risk
awareness within their operations; they should introduce
risk management objectives into their business

risk management should be a regular managementmeeting item to allow consideration of exposures and to
re-prioritize work in the light of effective risk analysis

business unit management should ensure that risk
management is incorporated at the conceptual stage of
projects as well as throughout a project

RISK DESCRIPTION

CONSEQUENCES (THREATS & OPPORTUNITIES)

10

Sources of Operational Risk

(Top-2-Box, 1 = Not at all Important 7 = Extremely Important)

External fraud

75%

Execution, delivery and

process management

74%

Business disruption and

system failure

71%

Clients, products and

business practices

67%
59%

Internal fraud
Employment practices and
workplace safety

38%
30%

Damage to physical assets

0%

20%

40%

60%

80%

100%

RMA Survey 2003

Importance of Drivers
(Top-2-Box, 1 = Not at all Important 7 = Extremely Important)

83%

Improving performance

73%

Reducing operational losses

Increasing accountability and
improving governance

70%
66%

Protecting against loss of reputation

52%

Meeting Sarbanes/Oxley requirements

Optimizing the allocation of capital

51%

Combating the threat of business

disruption, including terrorism

44%

Meeting Basel II regulatory requirements

36%
0%

20%

40%

60%

80%

100%

RMA Survey 2003

11

Risk Maps

Risk Assessment Criteria

Impact

1. Insignificant

2. Minor

3. Moderate

4. Major

5. Catastrophic

Consequence or implications to the organisation as a result of the identified

risk event materialising. A risk event, when it materialises may have impact in
more than one dimension - financial, customer, reputation, and productivity.
The participants need to consider all applicable impact dimensions and rate
the worse case impact.
4 Impact Dimensions Financial, Customer , Reputation and Productivity
Likelihood

1. Rare

2. Unlikely

3. Possible

4. Likely

5. Almost Certain

Probability of the risk event occurring, based on the participants experience of the
controls and mitigating factors in place.

12

Control Assessment Criteria- Compliance

Existing controls will be rated in terms of effectiveness and compliance.

Compliance is the extent to which the control is adopted/ implemented within
the process.

Rating

Compliance

Control is always adopted/ implemented.

Control is most of times adopted/ implemented.

Control is sometimes adopted/ implemented.

Control is rarely adopted/ implemented.

Control is never adopted/ implemented.

Possible Risk Assessment Criteria - Impact

Score

Rating

Description

Extreme

Could seriously weaken the survival

of the business

High

Moderate

Could cause some damage

Low

Impact is minor and can be

contained

Negligible

Could cause substantial damage

without threatening the survival of
the business

Impact expected to be negligible

13

Possible Risk Assessment Criteria - Likelihood

Score

Rating

Description

Extreme

High

Probable to occur within 1 year

Moderate

Probable to occur within 3 years

Low

Possible to occur within 3 years

Negligible

Highly probable to occur within 1

year

Likelihood of occurrence is remote

Control Assessment Criteria - Effectiveness

Existing controls will be rated in terms of effectiveness and compliance. Effectiveness is the
adequacy of the control activity in mitigating the risk it is designed to control.

Score

Control
Effectivenes
s

Description

Very Good

Policies and procedures are well-defined and designed to meet

control objectives; and there are no known non-compliance i.e.
control is effective and risk mitigated

Good

Policies and procedures are well-defined and designed to meet

control objectives; and compliance is generally good with some
minor infractions i.e. control is effective and risk mitigated

Satisfactory

Policies and procedures are adequate to meet control objectives

although they can be further improved; there are some cases of
non-compliance although not serious but further improvement is
required

Unsatisfactory

Policies and procedures are inadequate or not clear resulting in

control objectives not met i.e. risks are not mitigated

Poor

There are no policies and procedures i.e. the necessary controls

are clearly not in place and the company is exposed to risks

14

Control Categories

Business Policies and Procedures

Proxy Instruction

Standard operations Procedure

Confirmation

(SOP)

Reconciliation

Training Policy and Procedure

Staff Rotating System

Segregation of Duties

Dual Control

Counterparty/ Trading Limits

Inventory Check

IT Control

Reporting Control

Plausible Check

Risk Scenario
Risk Scenario

PT. X is unable to
operate efficiently and
effectively due to low
workforce
performance.
Reference
PT. Xs 5 year average net
operating margin is
26.5%, in comparison to
PT. Y of 43% and PT. Z of
17.8%.

Risk Factor

Human

Resource Risk.

Corporate

Culture Risk.

Existing Risk
Mitigation Plan

Permanent head

count freeze policy in

place.

Voluntary early
retirement program
has been
implemented since
2006.

Risk
Assessme
nt
Imp
act
(15)

Control
Assessme
nt

Like Co Effe
li.
mp.
ct.
(1-5) (1-5) (1-5)

Action Plan
Establish and
communicate KPIs and
appropriate
remuneration structure
to encourage improved
performance by an
employee, his/her
division and PT. X
overall.

PT. Xs revenue
generated per employee
is Rp 1.4 B in comparison
to PT. Yof Rp 1.7 B and
PT. Z of Rp 2.8 B.

15

CLOSING
1.

The Board has responsibility for determining the

strategic direction of the organization and for creating
the environment and the structures for risk
management to operate effectively.

2.

To work effectively, the risk management process

requires:

commitment from the chief executive and executive

management of the organization
assignment of responsibilities within the organization
allocation of appropriate resources for training and the
development of an enhanced risk awareness by all
stakeholders.

16