Anda di halaman 1dari 100

RISK MANAGEMENT

POWER GENERATION COMPANY


RISK
Topic covered
1. APA ITU RISK
2. APA ITU RISK MANAJEMEN
3. LANGKAH RISK MANAJEMEN
• Rencana RISK MANAJEMEN
• Identifikasi RESIKO
• Analisa RESIKO
• Evaluasi RESIKO
• Mengelola RESIKO (Rencana TANGGAPAN THD
RESIKO)
• Memonitor dan Pengontrolan RESIKO
4. ENTRPRICE RISK MANAGEMENT (ERM)
5. APA ITU ISO 31000 ?
1. RISK

• Suatu kejadian yg tidak pasti cendrung terjadi dimasa akan


datang atau kondisi yang mana jika terjadi mempengaruhi
tujuan (misi)

• Resiko bisa berdampak positip dan bisa negatip


RISIKO sering dinyatakan terkait dengan
kombinasi konsekuensi dari suatu peristiwa
(termasuk perubahan keadaan) dan
kemungkinan terjadinya, terkait dengan
peristiwa yang terjadi.
Berikut adalah ilustrasi bagaimana saling keterkaitan
tersebut:

SESEORANG PUNYA SATU TAXI PRIBADI, TAXI BEKAS SATU TAHUN


PAKAI, DIBELI DENGAN PAKAI UANG PINJAMAN DARI BANK, TANPA
DIASURANSIKAN KEMUDIAN DISEWAAN KE SUATU PERUSAHAAN
TRAVEL. PERJALANAN TAXI SEWAAN SERING KELUAR KOTA,
DELAPAN JAM PERJALANAN ( BUSINEES PROCESS), DI INDONESIA
KITA MENGENAL BAHWA CUACA TIDAK MENENTU, pengemudi
kendaraan umum banyak yang kurang sabar dan tidak disiplin.
SEMENTARA JALAN MASIH BANYAK YANG BERLOBANG DI SANA
SINI, SEHINGGA berdampak jalan licin, pohon sering tumbang, dan
pengemudi ugal-ugalan (INDIKASI RESIKO) ATAU ( RISK SOURCE )
KEMUNGKINAN TERJADI (LIKELIHOOD) ADALAH DITABRAK ATAU
MENABRAK (RISK EVENT) DAN BILA TERJADI SESUATU
KECELAKAAN, MAKA KEMUNGKINAN YANG TERJADI PEMILIK
MENJADI BANGKRUT ( KENSEKWENSINYA)
Opportunity : Issue :
• Dampak yg positip dinamakan Kesempatan • Resiko terkait dengan kejadian dimasa
• Kita dapat mengambil keuntungan yang akan datang, yang belum terjadi.
sebesar-besarnya dari Resiko Positip ini. • Suatu Resiko yang telah terjadi dianggap
sebagai suatu ïssue
Risk Appetite :
Amount and type of risk that an
organization is prepeared to seek,
accept or tolerate.

(Jumlah dan jenis risiko yang disiapkan


organisasi untuk dicari, menerima atau
mentolerirnya.)

Contoh :

Bila mengoperasikan pembangkit dengan


bahan bakar kalori rendah, maka harus
menerima pembatasan capacity yang dihasilkan
Risk Tolerance :

Organizattion's readiness to bear


the risk after risk treatments in
order to acieve its objectives

(Kesiapan organisasi untuk


menanggung risiko setelah
perawatan risiko dilakukan untuk
mencapai tujuannya)
Why Take Risk ?

There is a balance between Risk and Rewards

Generally more risks leads to more rewards,


but this is not always true
What is Risk Management

Risk Management is the identification,


assessment and prioritization of risks ( positive or
negative ) followed by coordinated and economical
application of resources to minimize, monitor and control
the probability and/or impact of unfortunate events or to
maximize the realization of opportunities.
What is Risk Management

Identification of Risks
minimize monitor control

Probability and/or impact of unfortunate events

Assessment/Analysis Resources
of Risks
maximize
Realization of opportunities
Priorization of Risks
What is Risk Management
Risk Management Principles :

• Creat Values
• be an integral part of organizational processes
• be pat of decision making process
• be systematic and structured
• be transparent
• be responsive to change
• be capable of continual improvement and enhancement
• be continually or periodically re-assessed

Ref. ISO 31000


What is Risk Management
What is Risk Management
Potential Benefits of Risk management :

Better decision making through a good


understanding of risk and their likely impact

• Fewer Surprises

• Effective Use of
Resources

• Reassuring
Stakeholders
RISK MANAGEMENT PROCESS

Risk Management Process can be divided into these 5 (five) key steps :

Plan Risk Plan Risk Monitor and


Management Identify Risk Analyze Risk Control Risks
Response
RISK MANAGEMENT PROCESS

Risk Management Process can be divided into these 5 (five) key steps :

Plan Risk Plan Risk Monitor and


Management Identify Risk Analyze Risk Control Risks
Response

Risk Management To identify The list of risk is Response is Risk are then
plan specifies the potential risks then analysed, planned for monitored and
management and prepare a using qualitative these risks, controlled
intent, system and list of all risks and quantitative depending
procedures techniques to upon the
required for identify high priority
managing risk priority, medium
priority and low
priority risks
RISK MANAGEMENT PROCESS

Step 1

Plan Risk Plan Risk Monitor and


Management Identify Risk Analyze Risk Control Risk
Response

Risk Management plan


specifies the
management intent,
system and procedures
required for managing
risk
1. Plan Risk Management

Various risk related terms

Term and Roles and Tools and


Definition Responsibilities Templates
1. Plan Risk Management

How To Do These

Risk
Risk Analysis Risk Response Risk Monitoring
Identification
1. Plan Risk Management

Plan Risk Management is the process of defining


how to conduct risk management activities for a project
1. Plan Risk Management

Planning Risk
Key input Key Outputs
Management

• Project Scope Statement Tools : Risk Management


• Cost Management Plan Planning meetings Plan
• Schedule Management Plan
• Organizational Assets
Technics :
Assessment
• Communication Method and
( Analysis &
Meetings for Consultations
Evaluation)
1. Plan Risk Management
Komunikasi dan Konsultasi

Hal dasar (hakiki) dalam setiap proses manajemen


risiko

Harus dipertimbangkan dalam setiap tahapan

Manajemen Risiko tidak hanya bersifat teknis tetapi lebih


kapada tindakan dan pengambilan keputusan yang berada pada
konteks sosial
1. Plan Risk Management
Komunikasi dan Konsultasi
Tujuan
• Memastikan bahwa semua partisipan peduli dengan tugas
dan tanggungjawabnya
• Memastikan bahwa berbagai pendapat stakeholder telah
dipertimbangkan
• Meningkatkan pemahaman para stakeholder tentang risiko
dan manajemen risiko

Komunikasi Risiko
• Sebuah proses interaktif pertukaran informasi dan opini
yang berhubungan dengan sifat alamiah risiko dan
manajemen risiko

24
1. Plan Risk Management

Komunikasi dan Konsultasi

Konsultasi
• Sebuah proses menginformasikan komunikasi antara organisasi
dengan stakeholdernya terhadap sebuah isu sebelum pengambilan
sebuah keputusan

Karakteristik Konsultasi
• Merupakan sebuah proses bukan hasil
• Dampaknya terhadap sebuah keputusan terlihat melalui pengaruh
bukan kekuasaan (power)
• Merupakan input terhadap pengambilan keputusan dan tidak perlu
merupakan pengambilan keputusan bersama
25
1. Plan Risk Management

Komunikasi dan Konsultasi


Pentingnya Komunikasi dan Konsultasi:

• Untuk mengembangkan kepedulian risiko / kultur risiko


• Membuat manajemen risiko lebih eksplisit dan relevant
• Memberikan nilai tambah pada organisasi
• Mengintegrasikan berbagai sudut pandang
• Membangun kepercayaan
• Memperbaiki asesmen risiko
• Membangun kepemilikan
• Perlakuan risiko yang efektif

26
Menetapkan Konteks

Proses kunci

• Menjelaskan tujuan (objective) organisasi


• Mengidentifikasi lingkungan dimana tujuan akan
dicapai
• Mentapkan ruang lingkup dan tujuan manajemen
risiko, kondisi batas dan hasil yang diinginkan
• Mengidentifikasi kriteria dimana risiko akan diukur
• Mendefiniskan elemen kunci untuk penyusunan
identifikasi risiko dan proses asesmen

27
Menetapkan Konteks
Dokumentasi penetapan konteks harus
mengidentifikasi:
– Ruang lingkup aktivitas manajemen risiko berikut hasil
yang diinginkan
– Tujuan organisasi dan KPI-nya
– Berbagai faktor lingkungan internal dan eksternal
– Stakeholder yang relevan
– Kriteria evaluasi risiko
Menetapkan Konteks

Daftar dokumen kunci yang mungkin diperlukan:


– Rencana strategis
– Rencana bisnis dan anggaran
– Laporan tahunan
– Analisa Ekonomi
– Analisa SWOT
– Identifikasi dan Analisa Stakeholder
– Dokumen lain yang relevan

29
Menetapkan Konteks
People Injuries or ailments Minor injury or First Serious injury Life threatening Death or multiple
not requiring Aid Treatment Case. causing injury or multiple life threatening
medical treatment. hospitalisation or serious injuries injuries.
multiple medical causing
treatment cases. hospitalisation.
Reputation Internal Review Scrutiny required by Scrutiny required by Intense public, Assembly inquiry or
internal committees external committees political and media Commission of
or internal audit to or ACT Auditor scrutiny. Eg: front inquiry or adverse
prevent escalation. General’s Office, or page headlines, TV, national media.

Kriteria Risiko inquest, etc. etc.

Business Minor errors in Policy procedural One or more key Strategies not Critical system
systems or rule occasionally not accountability consistent with failure, bad policy
Process &
processes requiring met or services do requirements not Government’s advice or ongoing
Systems corrective action, or not fully meet met. Inconvenient agenda. Trends non-compliance.
minor delay without needs. but not client show service is Business severely
impact on overall welfare threatening. degraded. affected.
schedule.

Financial 1% of Budget 2.5% of Budget > 5% of Budget > 10% of Budget >25% of Budget
or <$5K or <$50K or <$500K or <$5M or >$5M
CONSEQUENCES
Insignificant Minor Moderate Major Catastrophic
Probability Probability Historical 1 2 3 4 5
5% likely to happen or hasn't >1 in 10 Is expected to occur
Almost
happened within the last 5 years in most E
Certain
M H H VH VH
circumstances
20% likely to happen or has 1 in 10 - 100 Will probably occur
M M H H VH
LIKELIHOOD

happened once or twice in the last D Likely


5 years
50% likely to happen or has 1 in 100 – 1,000 Might occur at some
happened once or twice within the time in the future C Possible L M H H H
last 24 months
75% likely to happen or has 1 in 1,000 – 10,000 Could occur but
happened at least once or twice in doubtful B Unlikely L M M M H
the last 12 months
99% likely to happen or has 1 in 10,000 – May occur but only
happened on a regular basis over 100,000 in exceptional A Rare L L M M M
the last 12 months circumstances
30
RISK MANAGEMENT PROCESS

Step 2

Plan Risk Plan Risk Monitor and


Management Identify Risk Analyze Risk Control Risk
Response

To identify potensial
risks and prepare a
list of all risks
2. Identify Risks
Once the plan is ini place, identify risks is the first priority step
in actual management of risk. This is the process of identifying
the potential risks, their root cause, and the risk consequences

Identify Risk is when we determine which risks


might affect the project and document the
characteristics of those risks
2. Identify Risks

• Risk identification is systematic, and methodic process.


• It is best done in a group environment.
• Wide number of people participate in this proces including

Management, Emplyee, Customer, Other stake holders


2. Identify Risks
Tools Used :
• Brainstorming is the most common
approach.
• Other tools include :
 Ishikawa Diagram ( Cause and Effect)
 Flow Diagram
 SWOT Diagram ( Strengths,
Weaknesses, Opportunities and Threats )
SWOT Ancaman pendatang baru,

karena ketertarikan dengan


pertumbuhan deman tinggi
, PLN Out source polecy dan
rendahnya unjuk kerja PLN

Supplier Power Buyer Power


Scanning Environment dan
Assessing Company 1. Coal dan Gas
melihat kedepan
Kondisi Internal 1. Tariff : rendah di
pemakai, tetapi
Performance perusahaan adanya Integrasi (full
scope)
1.
2.
Demand tinggi.
Masih banyak
tinggi secara
bulk
Pembangkit Tenaga Listrik 2. Biaya O&M
Terendah, unjuk
pembangkit minyak 2. Kesehatan
Keuangan PLN
di Jawa Bali kerja tinggi belum pulih

Ancaman dari Subsitusi

Pemakaian besar gabi captive


power karena adanya rencana
pipa Gas
2. Identify Risks
Notes :
In the brainstorming , the experts from various groups must together and
list down all the potential risks.

During brainstorming no identified risk is evaluated or critised. The intent here


is to list down as many possible risks in limited time.

The outcome of risk identification is a list of risks or risk register.

What is done with the list of risks depends on the nature of the risk.

A few low priority risks may be kept simply as a list of red flag items and
periodically monitored.

Since high priority risks, may go through the rigorous process.


2. Identify Risks
Proses Kunci
• Mengidentifikasi sumber risiko
• Mengidentifikasi penyebab risiko
• Mengidentifikasi peristiwa risiko (risk event)
• Mengidentifikasi akibat dari risiko
• Mengidentifikasi pengendali risiko dan tingkat
efektivitasnya
Untuk menentukan kapan dan dimana suatu risiko
akan terjadi
38
2. Identify Risks
Pendekatan

• Team-based brainstorming
– Membangun komitmen
– Mempertimbangkan perbedaan perspektif dan
menggabungkan berbagai pengalaman anggota tim
• Structured techniques
– flow charting, system design review, systems analysis,
Hazard and Operability (HAZOP) etc.
– Sebaiknya digunakan jika akibat potensial bersifat
katastropik dan pemakaian pendekatan cost-effective
• What-if and scenario analysis
– Untuk mendefiniskan situasi yang abstrak, seperti pada
risiko stratejik
39
2. Identify Risks
Risk Register
• Output of Identify Risks ia a risk register.
• This list down all the risks identified

A document that details all identified risks, including description category,


cause, probability of occurring, impact on objectives, proposed responses,
owners, and current status.

In the next process these risks are prioritized and action plan is
created to address these risks.
RISK MANAGEMENT PROCESS

Step 3

Plan Risk Plan Risk Monitor and


Management Identify Risk Analyze Risk Control Risk
Response

The list of risk is then analysed, using


qualitative and quantitative techniques
to identify high priority, medium priority
and low priority risks
3. Analyze Risks
Notes :
Analyze risk help in deciding risk that had been identified.
Organizational do not have resources to address all risks.

After having the list of potential risks, the next logical step is to
analyze and prioritize risks.

Some risks may need detailed action plan, and some may just
need periodic monitoring. The organization may accept some of
the risks without any action.
In this step, that is analyze risks, we will look at how the risks are
analyzed and prioritized.
3. Analyze Risks

• Risks are analyzed to set priority


• Sets focus on high priority risks

Notes :
This is the process of quantifying the risk events, documented in the
previous step. So the organization can focus on critical risk.
3. Analyze Risks
Qualitative Risk Quantitative
Analysis Risk Analysis

Qualitative Risk Qualitative Risk


Analysis Analysis

Qualitative Risk Qualitative Risk


Analysis Analysis

Expexted Monitoring Value Analysis


Tools : Probability and Impact Matrix Monte Carlo Analysis
Decision Tree

Notes :
For risk analysis, quantitative analysis are conducted. Quantitative risk analysis is a
subjective analysis is probability and impact matrix. We will cover this tool in next few
slides. On the other hand. Quantitative risk analysis is the detailed analysis of the risk.
3. Analyze Risks
Probability and Impact Matrix

• This as a qualitative risk analysis tool


• This Evaluates :
Likelihood (probability) that a particular risk will occur
Potential impact on an objective if it occurs
3. Analyze Risks
Probability and Impact Matrix

• Each risk is analyzed for probability and impact and is


assigned
o a nine point rating : a score between 1 to 9
o A five point rating : Very Low, Low, Medium, High,
Very High
or a score of 1 to 5
o A three point rating : Low, Medium, High
or score of 1 to 3
• Risk score = Probability x Impact
3. Analyze Risks

Probability and Impact Matrix Example

• If the risk has low probability and is assigned a score of 1


• If the impact is significant and is assigned an impact value of 9
• Risk score = Probability x Impact = 1 x 9 = 9
3. Analyze Risks
Sample Probability Table
Probability Peringkat Probability Description
Catagory Kemungkinan Number
Very High Sangat Tinggi 9 Risk event expected to occur
High Tinggi 7 Risk event more likely than not occur
Probable Sedang 5 Risk event may or may not occur
Low Rendah 3 Risk event less likely than not occur
Very Low Sangat Rendah 1 Risk event not expected to occur
3. Analyze Risks
Sample Impact Table
Project Very Low Low Moderate High Very High
Objective 1 3 5 7 9
Cost Insignificant Cost < 10% Cost 10-20% Cost 20-40% Cost > 40% Cost
Impact Impact Impact Impact Impact
Schedule Insignificant < 5% 5-10% Schedule 10-20% > 20%
Schedule Impact Schedule Impact Impact Schedule Impact Schedule
Impact
Scope Barely noticeable Minor areas Major areas Changes Product
impacted impacted unacceptable to becomes
client effectively
useless
Quality Barely noticeable Minor functions Client must Quality reduction Product
impacted approve quality unacceptable to becomes
reduction client effectively
useless
Tidak Signifikan Minor Medium Signifikan Malapetaka
3. Analyze Risks
Probability and Impact Matrix
[ MATRIK PETA RESIKO ]

Low High
Impact / Impact /
High High
Probability Probability
Probability

Low High
Impact / Impact /
low Low
Probability Probability

Impact
3. Analyze Risks
Probability and Impact Matrix ( I )
[ MATRIK PETA RESIKO ]
1 3 5 7 9

9 9 27 45 63 81

7 7 21 35 49 63
Probability

5 5 15 25 35 45

3 3 9 15 21 27

1 1 3 5 7 9

Impact
3. Analyze Risks
Probability and Impact Matrix ( I )
[ MATRIK PETA RESIKO ]

Very low Low Medium High Very high

Very high Medium


9 Medium
27 High High High

High Low Medium


21 Medium
35 High High
Probability

Medium Low Medium


15 Medium
25 Medium
35 High
Risk Tolerance ?
Low Low Low 15
Medium Medium Medium

Very low Low Low Low Low Medium

Impact
3. Analyze Risks
Probability and Impact Matrix ( II )
[ MATRIK PETA RESIKO ]

1 3 5 7 9

9 9 27 45 63 81

7 7 21 35 49 63
Probability

5 5 15 25 35 45

3 3 9 15 21 27

1 1 3 5 7 9

Impact
3. Analyze Risks
Probability and Impact Matrix ( II )
[ MATRIK PETA RESIKO ]
Moderate Moderate High Extreme Extreme
Very high E=5 9
E.1=5 27
E.2=10 E.3=15 E.4=20 E.5=25
Low Mederat High Extreme Extreme
High D=4 D.1=4
21
D.2=8
35
D.3=12 D.4=16 D.5=20
Probability

Low Mederat High High Extreme


Medium C=3 C.1=3
15
C.2=6
25
C.3=9 35
C.4=12 C.5=15
Low Low Moderate High High
Low B=2 15
B.1=2 B.2=4 B.3=6 B.4=8 B.5=10
Low Low Moderate High High
Very low A=1 A.1=1 A.2=2 A.3=3 A.4=4 A.5=5
Risk Tolerance ?
1 2 3 4 5
Tingkat Resiko :
Tidak
1. Low : Warna Hijau Minor Medium Signifikan Malapetaka
2. Moderat : Warna Biru Muda Signifikan
3. High : Warna Kuning
4. Extreme : Warna Merah Impact
RISK MANAGEMENT PROCESS

Step 4

Plan Risk Plan Risk Monitor and


Management Identify Risk Analyze Risk Control Risk
Response

Response is
planned for these
risks, depending
upon the priority
4. Plan Risk Response

Responding to Risk

How to decrease the possibility of


• Negative risk affecting the objectives

How to increase the possibility of


• Positive risk helping the objectives
4. Plan Risk Response
Responding to Risk

Negative Risk Positive Risk

Avoid Exploit

Mitigate Enhance

Transfer Share

Accept Accept
4. Plan Risk Response

Avoid the risk


Contoh : Negative Risk Positive Risk
1. Merobah Rencana untuk
menghindari resiko
2. Tingkatkan Komunikasi Avoid Exploit
antar tim.
3. Mengaju kepada
pendekatan yang telah
Mitigate Enhance
terbukti dari pada yang
belum jelas. Transfer Share

Accept Accept
4. Plan Risk Response

Reduce the probability


and/or impact of the risk
Contoh : Negative Risk Positive Risk
1. Lengkapi SOP, IK dan JSA untuk
O&M
2. Implementasikan Workaround Avoid Exploit
Management ( as an additional
inspection)
3. Lakukan Daily meeting for solving
Mitigate Enhance
potential risk.
4. Tingkatkan kompetensi pegawai. Transfer Share
5. Implementasikan Budaya
Perusahaan secara benar
6. Implementasikan Reward thd Accept Accept
pegawai tauladan.
4. Plan Risk Response

Transfer the risk to a


third party
Negative Risk Positive Risk
Contoh :

1. Insurance
2. Performance Warranty Avoid Exploit
3. Outsource O&M to a
reputable O&M Company.
Mitigate Enhance

Transfer Share

Accept Accept
4. Plan Risk Response

• Accept the risk if no action


is feasible or If the
probability and/or impact Negative Risk Positive Risk
is too small.

Two types of acceptance : Avoid Exploit


Passive acceptance : no plan
created to deal with these.
Active acceptance : Contingency Mitigate Enhance
plan is created and risk are monitored.
Transfer Share

Accept Accept
4. Plan Risk Response

• Make sure that the positive


risk happens and make
best use of the opportunity Negative Risk Positive Risk

Contoh : Avoid Exploit


1. Put best team members and
more resources Mitigate Enhance
2. Joint operation with another
third party
Transfer Share

Accept Accept
4. Plan Risk Response

• Increase the probability


and/or impact of the risks
Negative Risk Positive Risk

Contoh : Avoid Exploit


1. Put best team members and
more resources Mitigate Enhance
2. Joint operation with another
third party if needed
Transfer Share

Accept Accept
4. Plan Risk Response

• Share the opportunity with


a third party
Negative Risk Positive Risk
Contoh :

1. Forming team Avoid Exploit


2. Partnership with a different
group, department, etc
3. Joint operation with another Mitigate Enhance
third party to exploit the
positive risk.
Transfer Share

Accept Accept
4. Plan Risk Response

• Accept the opportunity


when it happens but not
actively pursuing it. Negative Risk Positive Risk
Contoh :

• Probability and rewards are Avoid Exploit


not attractive

Mitigate Enhance

Transfer Share

Accept Accept
RISK MANAGEMENT PROCESS

Step 5

Plan Risk Plan Risk Monitor and


Management Identify Risk Analyze Risk Control Risks
Response

Risk are then


monitored and
controlled
5. Monitor and Control Risks

• Regularly review the identified risks and ensure that


these are still relevant
 Identify new risks
 Remove risks that are not relevant
• Risk audits may be conducted to ensure that the plan is
being implemented and is effective.
5. Monitor and Control Risks

Unexpected Risks

• Use workarounds to deal with unexpected risks to


reduce the impact
• Workaround should be documented for future reference
RISK MANAGEMENT PROCESS

The 5 (five) key steps of Risk Management Process are :

Plan Risk Plan Risk Monitor and


Management Identify Risk Analyze Risk Control Risks
Response

Risk Management To identify The list of risk is Response is Risk are then
plan specifies the potential risks then analysed, planned for monitored and
management and prepare a using qualitative these risks, controlled
intent, system and list of all risks and quantitative depending
procedures techniques to upon the
required for identify high priority
managing risk priority, medium
priority and low
priority risks
Analisa Risiko
Proses Kunci
• Menentukan kemungkinan risiko yang akan terjadi
• Menentukan akibat dari risiko
• Menentukan tingkat risiko
• Menentukan kontrol risiko yang eksis

Tipe Analisa
• Kualitatif
• Semi-Kuantitatif
• Kuantitatif

75
Evaluasi Risiko
• Membandingkan tingkat risiko yang telah diidentifikasi
pada bahan analisa dengan kriteria yang telah ditetapkan

Tujuan
• Memprioritaskan risiko
• Untuk mengambil keputusan berdasarkan prioritas
– Aktivitas harus dilakukan atau tidak
– Perlakuan terhadap risiko (risk treatment)
– Prioritas perlakuan risiko

76
Evaluasi Risiko
Risk Level Acceptability Management Response

EXTREME RISK Unacceptable with 1.Select and implement treatment option


existing control 2.Assign management responsibility for treatment
3.Supervision of treatment by senior management

HIGH RISK Unacceptable with 1.Select and implement treatment option


existing control 2.Assign management responsibility for treatment
3.Oversight of treatment by senior management

MODERATE Acceptable with 1.Ongoing monitoring and review with TMP


RISK existing control 2.Assign management responsibility for monitoring

LOW RISK Acceptable with 1.Ongoing monitoring and review with Total Management Plan
existing control (TMP)
2.Manage by routine procedure
77
Enterprise Risk Management (ERM)
Enterprise risk management (ERM) is
the leading approach to managing and optimizing risks,
enabling a company to determine how much
uncertainty and risk are acceptable to an organization.

ERM serves as a strategic analysis of risk


throughout an organization, cutting across business
units and departments, and considering end-to-end
processes. In adopting an ERM approach,
companies gain the ability to align their risk criteria
to business strategy by identifying events that could
have an adverse effect on their organizations and
then developing an action plan to manage them.
Enterprise risk management (ERM) adalah pendekatan terdepan untuk
mengelola dan mengoptimalkan risiko, memungkinkan perusahaan menentukan
seberapa besar ketidakpastian dan risiko dapat diterima oleh sebuah
organisasi.

ERM berfungsi sebagai analisis strategis terhadap risiko di


seluruh organisasi, memotong/melalui seluruh unit bisnis dan
departemen, dan mempertimbangkan proses dari awal sampai
akhir. Dalam mengadopsi pendekatan ERM, perusahaan
mendapatkan kemampuan untuk menyelaraskan kriteria risiko
mereka dengan strategi bisnis dengan mengidentifikasi
kejadian yang dapat berdampak buruk pada organisasi
mereka dan kemudian mengembangkan rencana tindakan
untuk mengelolanya.
Why a corporation need an ERM?
Identify strategic risk opportunities that, if undertaken, can facilitate achieving organizational
goals. (Mengidentifikasi peluang risiko strategis yang jika dilakukan, dapat memfasilitasi
ERM can help pencapaian tujuan organisasi.)
organizations:
Provide senior management with the most up-to-date information regarding risk that
may be used in the decision-making process.

Establish co-dependency between the ERM initiative and considerations for capital
market reporting disclosures and other laws and regulations. (Tetapkan keterkaitan
antara inisiatif ERM dan pertimbangan pengungkapan pelaporan pasar modal dan
peraturan perundang-undangan lainnya)

Align annual performance goals with risk identification and management.


(Mensejajarkan tujuan kinerja tahunan dengan identifikasi dan pengelolaan risiko)

Encourage and reward upstream reporting of business-risk opportunities and challenges.


(Mendorong dan memahami pelaporan bisnis dan peluang peluang bisnis)
Value of ERM

ERM increases the


credit rating

ERM helps organization


ERM creates stronger
identify and
governance and
exploit strategic
compliance
opportunities
What is ISO 31000?
ISO 31000 is A generic risk management standard. It was developed by the ISO Technical
Management Board Working Group on risk management. The official name of the standard
is ISO 31000:2009 Risk management - Principles and guidelines. ISO published this new
standard on November 13, 2009

requirements

ISO 31000 contractual obligations

1. Risk Management Principles


a set of guidelines.

2. Risk Management Framework

3. Risk Management Process


MANAJEMEN RISIKO BERBASIS ISO - 31000
Hubungan antara prinsip, kerangka kerja, dan proses MR

Prinsip-Prinsip Manajemen Risiko


Kerangka Kerja Proses Manajemen
1. Mendukung pencapaian sasaran dan
Risiko
perbaikan kinerja Perusahaan Mandat & Komitmen
2. Menjadi bagian yang menyatu pada PENETAPAN KONTEKS
seluruh proses Perusahaan

PENINJ AUAN
KONSULTASI
3. Menjadi bagian dalam pengambilan
Perencanaan
keputusan kerangka Kerja Kajian Risiko
4. Mempertimbangkan ketidakpastian untuk pengelolaan
yang mempengaruhi pengambilan risiko IDENTIFIKASI RISIKO
keputusan
5. Sistematis, terstruktur, dan tepat

DAN
DAN
waktu ANALISIS RISIKO
6. Berdasarkan data informasi yang Pengembangan Penerapan
terbaik berkelanjutan Manajemen

PEMANTAUAN
KOMUNIKASI
kerangka kerja Risiko
7. Disesuaikan dengan kondisi
Perusahaan EVALUASI RISIKO
8. Mempertimbangkan faktor manusia
dan budaya di dalam Perusahaan
9. Transparan, up to date, dan inklusif Pemantauan dan
10. Dinamis, iteratif, dan tanggap peninjauan PENANGANAN RISIKO
terhadap perubahan kerangka kerja
11. Mengupayakan tindak perbaikan
1/31/2019
berkelanjutan dalam Perusahaan
Elemen Pokok Manajemen Risiko
ESTABLISH THE CONTEXT
· The Internal Context
· The External Context
· The Risk Management Context
· Develop Criteria
· Define the Structure

Elemen Pokok:
IDENTIFY RISKS
· What can happen?
· When and Where? – Komunikasi dan Konsultasi
· How and Why
COMMUNICATE AND CONSULT

– Menetapkan Konteks

RISK ASSESSMENT

MONITOR AND REVIEW


ANALYZE RISKS
· Identify existing controls
· Determine likelihood
– Mengidentifikasi Risiko
· Determine consequences
· Determine level of risks
– Menganalisa Risiko
EVALUATE RISKS
· Compare against criteria
– Mengevaluasi Risiko
· Set priorities

Treat
– Pengelolaan Risiko
Risks?

– Memantau dan Meninjau


TREAT RISKS
· Identify options
· Assess options
· Prepare and implement
treatment plans
· Analyze and evaluate residual
risks

94
Topic covered
1. APA ITU RISK
2. APA ITU RISK MANAJEMEN
3. LANGKAH RISK MANAJEMEN
• Rencana RISK MANAJEMEN
• Identifikasi RESIKO
• Analisa RESIKO
• Evaluasi RESIKO
• Mengelola RESIKO (Rencana TANGGAPAN THD
RESIKO)
• Memonitor dan Pengontrolan RESIKO
4. ENTRPRICE RISK MANAGEMENT (ERM)
5. APA ITU ISO 31000 ?
Pengelolaan Risiko
Pengelolaan Risiko membutuhkan :
– Identifikasi threats dan opportunities
– Pemikiran yang teliti
– Pemikiran kedepan
– Akuntabilitas dalam pengambilan keputusan
– Komunikasi
– Pemikiran yang seimbang anatara cost dan benefit

Preminse :
You can’t manage it if you can’t measure it.
96
Pengelolaan Risiko
Tujuan
– Untuk mengidentifikasi berbagi pilihan untuk pengelolaan risiko,
mengkaji pilihan yang dipilih, dan menyiapkan implementasi
rencana pengelolaan.
Proses Kunci
– Mengidentifikasi pilihan untuk pengelolaan risiko
– Mengkaji pilihan pengelolaan risiko
– Menyiapkan dan mengimplementasikan rencana pengelolaan
risiko

97
Pengelolaan Risiko

98
Pemantauan dan Peninjauan
• Pemantauan memberikan pengwasan rutin terhadap performa aktual untuk
dibandingkan dengan performa yang diperlukan / diharapkan
• Peninjauan (Review) melibatkan investigasi periodik dari situasi saat ini, periodic
investigation of the current situation, usually with a specific focus.
• Proses penjaminan dan pemantauan harus kontinyu dan dinamis

Prioritas pemantauan:
• High risks.
• Startegi pengelolaan kegagalan yang kredibel, terutama kegagalan yang memiliki
akibat mayor / katastropik atau kegagalan yang sering terjadi
• Risiko yang memiliki risiko resiual yang tinggi
• Teknologi alternatif yang lebih efektif atau dapat menurunkan biaya dari
pengelolaan risiko saat ini

99
100