risk management knowledge sharing · pdf filesuccessful companies align and coordinate risk...
TRANSCRIPT
Every business takes risks ……
anything that may impede an
organization from achieving its objectives
Threat
or Hazard
risk of loss or something bad
happening
Uncertain
outcomes
not meeting
expectations
Opportunity
risk of lost opportunity or
something good not happening
Risk is ……
By Tenny Aji Lestari
ERM (ENTERPRISE RISK MANAGEMENT)
Strategic Risks
Technical
Risks
Operational
Risks
Commercial
Risks
Financial
Controls
Risks
Plans
•Acquisitions
•Mergers
•Change of Government
•Innovation
Financial
•Treasury
•Accounting
•Systems
•Fraud
Relationships
•Suppliers
•Customers
•Government
•Stakeholder
•Third Parties
•Competitors
Human
Factors
Physical
Assets
•Error
•Safety
•Health
•Selection
•Skills
•Equipment failure
•Infrastructure
•Natural Perils
•New Technology
By Tenny Aji Lestari
Avoid surprises: Proactive identification and management of key risks reduce earning fluctuations and
increase shareholders’ confidence
A routine and systematic process to identify and manage potential issues before they become serious business problems
Achieve ef fic iencies: Successful companies align and coordinate risk management effort and efficiently
allocate resources to focus on key risks
More effective risk functions and better coordination between them
Foster better decision making: Better decisions can be made with a structured consideration of risks built into
existing activities to make risk part of key decision making process
Considering the business impact of a broader range of scenarios and “what -ifs” improves the quality of decisions
Improve corporate governance: Solid risk management with defined reporting and communication protocols can help
companies fulfill their responsibilities to key stakeholders and comply with regulatory requirements
Clear risk roles and responsibilities, clear risk communication and language, clear risk reporting and escalation process
THE BENEFITS OF ERM ARE …
By Tenny Aji Lestari
The board sets the tone
The executive oversees risk management
The business units own operations and related
risks
Certain functions (HR, finance, IT, legal, tax)
support risk management from background
Other functions (internal audit, risk, and
compliance) monitor the performance
ROLES AND RESPONSIBLE IN ERM
By Tenny Aji Lestari
Strategic
Operational
Technology
Financial
Others
Admin
RISKS CONTROLS ACTION
PLANS INDICATORS LOSSES
Risk
Management
Audit
HR
Legal
Graphs
Reports
Dasboards
Alerts
Organizational Response
By Tenny Aji Lestari
Monitor & Report
• Operational vs. oversight
• Regulatory
• Exposure vs. actual
• Early warnings
Risk Treatment
• Accept, Mitigate, avoid,
exploit, transfer
• Contingency Plans
• Provisions & Reserves
• Improvement of business
strategies, control and
processes
Identify & Map
• Credit
• Market/
financial
• Liquidity
• Operational
• Strategic
• Where?
• The cause?
• Risk owner?
• Control?
Measure & Evaluate
• How Much ?
• Individual vs. Organization wide
• What if scenarios
• Normal vs. Crisis
• Range of measurement
methods & tools
Monitor
Identify
Manage
Assess
Risk Management Process
By Tenny Aji Lestari
Risk is evaluated (or measured)
according to the likelihood and the
severity of an event – this is
normally shown as a matrix:
High Risk = Requires Senior
Management attention
Medium Risk = Requires ongoing action
Low Risk = No action required (managed
by routine procedures)
1 =
Extremely
Improbable
2 =
Extremely
Remote
3 =
Remote
4=
Frequent
1 =
Minor
4 =
Catastrophe
3 =
Hazardous
2 =
Major Likeli-
hood
Severity
Low
Low
Low
High
Medium
High
Low
Low
Medium
Extreme Risk = Requires immediate
action
Extreme Extreme
Extreme
High
High Medium
Medium
Monitor
Identify
Manage
Assess
Monitor
Identify
Manage
Assess
HOW DO WE EVALUATE RISK?
By Tenny Aji Lestari
There are four basic approaches to managing risk – all are appropriate!
The four basic methods for managing
risk are:
Accept the risk by taking no action
Transfer the risk by insuring against
the event
Mitigate the risk by reducing the
likelihood / severity
Eliminate the risk by eliminating the
likelihood – where possible!
Transfer Eliminate
Accept Mitigate
Monitor
Identify
Manage
Assess
Monitor
Identify
Manage
Assess
How Do We Manage Risk?
By Tenny Aji Lestari
TAKE ACTION!
Risk might
occur
Risk already
occured
Risk not yet
occur
Improve
control
Establish
control
Fix
Control
HOW TO HANDLE RISK?
Regulations
Culture
Board Composition
OPERATIONAL RISK
Contracts
Natural Events
Suppliers
Environment
Hazard Risk
Strategic Risk
Competition
Customer Changes
Industry Changes
Customer Demand
Financial Risk
Interest Rate
Foreign Exchange
Credit M&A Integration
Bussiness Dev
Intellectual Capital
Internally Driven
Liquidity & Cash Flow
Accounting Controls
Information Systems
Recruitment
Supply Chain
Public Access
Employees
Properties
Services
Externally Driven
Externally Driven
By Tenny Aji Lestari
Strategic Plan
Budget and Key Performance Index
Business Process and Organization
Financial and Operating Report
Portfolio Risk Assessment
Research and
Benchmarking
RISK REGISTER
Business Continuity
Planning
RISK MANAGEMENT SYSTEM
High Level Risk
Interview
Business Process Risk Assessment
Risk and Control
Self Assessment
Business Process
and Risk Interview
Insurance Security and
Environment
Business Control
Implementation
Good Corporate
Governance
By Tenny Aji Lestari
Corporate Governance
Environment Health &
Safety Quality Social Risk
QHSE Management
Corporate Social Responsibility
Environment
Environment Health &
Safety
Health &
Safety Quality
Quality Social
QHSE, CORPORATE GOVERNANCE AND SOCIAL
RESPONSIBILITY
By Tenny Aji Lestari
HU B U NG AN ANTARA P RINS IP, K ERANGK A K ERJA DAN P RO S ES M ANAJEM EN
R IS IKO ( IS O 310 0 0 )
1. Nilai Tambah
2. Bagian terpadu dari proses
organisasi
3. Bagian dari pengambilan
keputusan
4. Secara khusus menangani
ketidakpastian
5. Sistematis, terstruktur dan tepat
waktu
6. Berdasarkan informasi terbaik
yang ada
7. Tailored
8. Mempertimbangkan faktor
manusia dan budaya
9. Transparan dan inklusif
10.Dinamis, berulang dan responsif
terhadap perubahan
11.Memfasilitasi perbaikan
sinambung dan peningkatan
organisasi
PRINSIP UNTUK MENGELOLA
RISIKO
Mandat dan
komitmen
Desain kerangka
kerja untuk
mengelola risiko
Perbaikan
sinabung
kerangka kerja
Penerapan
manajemen
risiko
Pemantauan dan
reviu kerangka
kerja
KERANGKA KERJA UNTUK
MENGELOLA RISIKO
Ko
mu
nik
asi
da
n k
on
su
lta
si
Mo
nito
ring
da
n re
view
Menentukan konteks
Risk Assessment
Identifikasi risiko
Analisa risiko
Evaluasi risiko
Perlakuan risiko
PROSES UNTUK MENGELOLA
RISIKO