Knowledge

Sharing RISK MANAGEMENT By Tenny Aji Lestari

Every business takes risks ……

anything that may impede an

organization from achieving its objectives

Threat

or Hazard

risk of loss or something bad

happening

Uncertain

outcomes

not meeting

expectations

Opportunity

risk of lost opportunity or

something good not happening

Risk is ……

By Tenny Aji Lestari

COSO - ERM FRAMEWORK (COMMITTEE OF SPONSORING

ORGANIZATIONS)

By Tenny Aji Lestari

ERM (ENTERPRISE RISK MANAGEMENT)

Strategic Risks

Technical

Risks

Operational

Risks

Commercial

Risks

Financial

Controls

Risks

Plans

•Acquisitions

•Mergers

•Change of Government

•Innovation

Financial

•Treasury

•Accounting

•Systems

•Fraud

Relationships

•Suppliers

•Customers

•Government

•Stakeholder

•Third Parties

•Competitors

Human

Factors

Physical

Assets

•Error

•Safety

•Health

•Selection

•Skills

•Equipment failure

•Infrastructure

•Natural Perils

•New Technology

By Tenny Aji Lestari

Avoid surprises: Proactive identification and management of key risks reduce earning fluctuations and

increase shareholders’ confidence

A routine and systematic process to identify and manage potential issues before they become serious business problems

Achieve ef fic iencies: Successful companies align and coordinate risk management effort and efficiently

allocate resources to focus on key risks

More effective risk functions and better coordination between them

Foster better decision making: Better decisions can be made with a structured consideration of risks built into

existing activities to make risk part of key decision making process

Considering the business impact of a broader range of scenarios and “what -ifs” improves the quality of decisions

Improve corporate governance: Solid risk management with defined reporting and communication protocols can help

companies fulfill their responsibilities to key stakeholders and comply with regulatory requirements

Clear risk roles and responsibilities, clear risk communication and language, clear risk reporting and escalation process

THE BENEFITS OF ERM ARE …

By Tenny Aji Lestari

WHO’S RESPONSIBLE?

By Tenny Aji Lestari

The board sets the tone

The executive oversees risk management

The business units own operations and related

risks

Certain functions (HR, finance, IT, legal, tax)

support risk management from background

Other functions (internal audit, risk, and

compliance) monitor the performance

ROLES AND RESPONSIBLE IN ERM

By Tenny Aji Lestari

WHERE DOES RISK LIVE?

By Tenny Aji Lestari

Strategic

Operational

Technology

Financial

Others

Admin

RISKS CONTROLS ACTION

PLANS INDICATORS LOSSES

Risk

Management

Audit

HR

Legal

Graphs

Reports

Dasboards

Alerts

Organizational Response

By Tenny Aji Lestari

Monitor & Report

• Operational vs. oversight

• Regulatory

• Exposure vs. actual

• Early warnings

Risk Treatment

• Accept, Mitigate, avoid,

exploit, transfer

• Contingency Plans

• Provisions & Reserves

• Improvement of business

strategies, control and

processes

Identify & Map

• Credit

• Market/

financial

• Liquidity

• Operational

• Strategic

• Where?

• The cause?

• Risk owner?

• Control?

Measure & Evaluate

• How Much ?

• Individual vs. Organization wide

• What if scenarios

• Normal vs. Crisis

• Range of measurement

methods & tools

Monitor

Identify

Manage

Assess

Risk Management Process

By Tenny Aji Lestari

Risk is evaluated (or measured)

according to the likelihood and the

severity of an event – this is

normally shown as a matrix:

High Risk = Requires Senior

Management attention

Medium Risk = Requires ongoing action

Low Risk = No action required (managed

by routine procedures)

1 =

Extremely

Improbable

2 =

Extremely

Remote

3 =

Remote

4=

Frequent

1 =

Minor

4 =

Catastrophe

3 =

Hazardous

2 =

Major Likeli-

hood

Severity

Low

Low

Low

High

Medium

High

Low

Low

Medium

Extreme Risk = Requires immediate

action

Extreme Extreme

Extreme

High

High Medium

Medium

Monitor

Identify

Manage

Assess

Monitor

Identify

Manage

Assess

HOW DO WE EVALUATE RISK?

By Tenny Aji Lestari

There are four basic approaches to managing risk – all are appropriate!

The four basic methods for managing

risk are:

Accept the risk by taking no action

Transfer the risk by insuring against

the event

Mitigate the risk by reducing the

likelihood / severity

Eliminate the risk by eliminating the

likelihood – where possible!

Transfer Eliminate

Accept Mitigate

Monitor

Identify

Manage

Assess

Monitor

Identify

Manage

Assess

How Do We Manage Risk?

By Tenny Aji Lestari

TAKE ACTION!

Risk might

occur

Risk already

occured

Risk not yet

occur

Improve

control

Establish

control

Fix

Control

HOW TO HANDLE RISK?

Regulations

Culture

Board Composition

OPERATIONAL RISK

Contracts

Natural Events

Suppliers

Environment

Hazard Risk

Strategic Risk

Competition

Customer Changes

Industry Changes

Customer Demand

Financial Risk

Interest Rate

Foreign Exchange

Credit M&A Integration

Bussiness Dev

Intellectual Capital

Internally Driven

Liquidity & Cash Flow

Accounting Controls

Information Systems

Recruitment

Supply Chain

Public Access

Employees

Properties

Services

Externally Driven

Externally Driven

By Tenny Aji Lestari

RISK MGMT. DEVELOPMENT STAGES

By Tenny Aji Lestari

By Tenny Aji Lestari

Strategic Plan

Budget and Key Performance Index

Business Process and Organization

Financial and Operating Report

Portfolio Risk Assessment

Research and

Benchmarking

RISK REGISTER

Business Continuity

Planning

RISK MANAGEMENT SYSTEM

High Level Risk

Interview

Business Process Risk Assessment

Risk and Control

Self Assessment

Business Process

and Risk Interview

Insurance Security and

Environment

Business Control

Implementation

Good Corporate

Governance

By Tenny Aji Lestari

Corporate Governance

Environment Health &

Safety Quality Social Risk

QHSE Management

Corporate Social Responsibility

Environment

Environment Health &

Safety

Health &

Safety Quality

Quality Social

QHSE, CORPORATE GOVERNANCE AND SOCIAL

RESPONSIBILITY

By Tenny Aji Lestari

CORPORATE GOVERNANCE FRAMEWORK

By Tenny Aji Lestari

By Tenny Aji Lestari

HU B U NG AN ANTARA P RINS IP, K ERANGK A K ERJA DAN P RO S ES M ANAJEM EN

R IS IKO ( IS O 310 0 0 )

1. Nilai Tambah

2. Bagian terpadu dari proses

organisasi

3. Bagian dari pengambilan

keputusan

4. Secara khusus menangani

ketidakpastian

5. Sistematis, terstruktur dan tepat

waktu

6. Berdasarkan informasi terbaik

yang ada

7. Tailored

8. Mempertimbangkan faktor

manusia dan budaya

9. Transparan dan inklusif

10.Dinamis, berulang dan responsif

terhadap perubahan

11.Memfasilitasi perbaikan

sinambung dan peningkatan

organisasi

PRINSIP UNTUK MENGELOLA

RISIKO

Mandat dan

komitmen

Desain kerangka

kerja untuk

mengelola risiko

Perbaikan

sinabung

kerangka kerja

Penerapan

manajemen

risiko

Pemantauan dan

reviu kerangka

kerja

KERANGKA KERJA UNTUK

MENGELOLA RISIKO

Ko

mu

nik

asi

da

n k

on

su

lta

si

Mo

nito

ring

da

n re

view

Menentukan konteks

Risk Assessment

Identifikasi risiko

Analisa risiko

Evaluasi risiko

Perlakuan risiko

PROSES UNTUK MENGELOLA

RISIKO