Resista Vikaliana,S.Si. MM 5/31/2013 Resista Vikaliana,S.Si. MM Best Practices MANAJEMEN RISIKO

Resista Vikaliana,S.Si. MM 5/31/2013 Resista Vikaliana,S.Si. MM BEST PRACTICES: integrating risk management into other management practices (1) Mempromosikan filosofi dan budaya organisasi bahwa setiap orang adalah manajer risiko Organisasi manajemen risiko Membangun saluran komunikasi terbuka Menggunakan tim dan komite Menggunakan bahasa risiko bisnis yang sederhana dan lazim

Resista Vikaliana,S.Si. MM 5/31/2013 Resista Vikaliana,S.Si. MM BEST PRACTICES: integrating risk management into other management practices (2) Pembentukan fungsi manajemen risiko korporasi Mengkomunikasikan kinerja manajemen risiko Bantuan audit internal dan komite audit dalam mengimplementasikan manajemen risiko Pedoman Pelatihan manajemen risiko

5/31/2013 Resista Vikaliana,S.Si. MM Pendekatan, Alat, dan Teknologi dalam Mengimplementasikan Manajemen Risiko IMPLEMENTASI RISIKO Pemetaan Risiko Usaha Daftar risiko bisnis Peta risiko Matriks risiko utama Pemodelan Analisis skenario Analisis statistik dan VaR Model keuangan Antisipasi hazard Risiko teknis pengembangan produk baru Akumulasi pengalaman masa lalu

Identifikasi Risiko dan Teknik Asesmen Brainstorming groups workshops Questionnaires Self - assessment Control self-assesment/CSA Filters Boston squares Risk quick scan Matrix to assesss supplier capability 5/31/2013 Resista Vikaliana,S.Si. MM

ENTERPRISE RISK MANAGEMENT (ERM) 5/31/2013 Resista Vikaliana,S.Si. MM ENTERPRISE RISK MANAGEMENT (ERM)

Enterprise Risk Management Manajemen Risiko Perusahaan 5/31/2013 Resista Vikaliana,S.Si. MM Enterprise Risk Management Manajemen Risiko Perusahaan Metode dan proses yang digunakan organisasi perusahaan untuk mengelola risiko Rangka atau pedoman untuk menjalankan risiko

Resista Vikaliana,S.Si. MM 5/31/2013 Resista Vikaliana,S.Si. MM Enterprise Risk Management Manajemen Risiko Perusahaan TAHAPAN Identifikasi kejadian atau keadaan yang berkaitan dengan pencapaian tujuan organisasi perusahaan dapat melindungi dan menciptakan nilai tambah kepada para stakeholders pemilik perusahaan, karyawan, pelanggan, regulator dan masyarakat) Menilai risiko dengan dua dimensi: dimensi kemungkinan terjadi dan dimensi akibat terjadi Menentukan strategi yang tepat (avoidance, reduction, share or insurance, atau di-accept)

Who rewards ERM in companies? Business Partners & Suppliers Consumers/ customers Employees Business Partners & Suppliers Investors Local Communities NGOs and Activists Creditors Goverments Mass Media 5/31/2013 Resista Vikaliana,S.Si. MM Stakeholders dari ERM

Resista Vikaliana,S.Si. MM 5/31/2013 Resista Vikaliana,S.Si. MM ERM VERSI COSO

Resista Vikaliana,S.Si. MM 5/31/2013 Resista Vikaliana,S.Si. MM Komponen ERM Komponen Internal environment Objective setting Event identification Risk assessment Risk response Control activities Information and communication Monitoring

Resista Vikaliana,S.Si. MM 5/31/2013 Resista Vikaliana,S.Si. MM Tujuan ERM Tujuan Strategy Operation Financial report Compliance

Resista Vikaliana,S.Si. MM 5/31/2013 Resista Vikaliana,S.Si. MM ERM VERSI RIMS

Resista Vikaliana,S.Si. MM 5/31/2013 Resista Vikaliana,S.Si. MM TUJUH KOMPETENSI UTAMA/ ATRIBUT: ERM Based Approach ERM Process Management Risk Appetite Management Root Cause Uncovering Risks Performance Management Business Resiliency and Sustainability

Resista Vikaliana,S.Si. MM 5/31/2013 Resista Vikaliana,S.Si. MM Contoh ERM Risk Based Audit : Sarbane Oxley Act of 2002 in Boeing

NOTIONAL DATA FOR INSTRUCTIONAL USE ONLY Bottoms Up Risk Matrix Showing Controls Ranked by Transaction Flow Design Teams Data from prior chart shown In risk cube format Can be aggregated by Significant Location, Process, Transaction Flow, Business Unit, etc Excel based Data pulled from one-source compliance application using simple ODBC connectivity, visual basic query technology NOTIONAL DATA FOR INSTRUCTIONAL USE ONLY

NOTIONAL DATA FOR INSTRUCTIONAL USE ONLY Distribution of Risk Assessment Provides Management Ability to Target Opportunities NOTIONAL DATA FOR INSTRUCTIONAL USE ONLY 1 Fraud Risk Financial Reporting Risk Process/System Change Risk 25% 2 3 ~45% 4 5 LIKELIHOOD ~30% 6 Risk Factors include: Inherent Risk of Fraud Accounting complexity History of misstatement / deficiencies Changing business or regulatory environment IMPACT Helps management focus on level of evidence needed; areas where company level controls can achieve greatest impact; opportunity for additional control rationalization

Control Performers for All “Key” Controls Periodically Self-Assess Provides foundation for control reliance – additional evidence may be obtained for controls rated as higher risk

Resista Vikaliana,S.Si. MM 5/31/2013 Resista Vikaliana,S.Si. MM References Siahaan, Hinsa. 2009. Manajemen Risiko pada Perusahaan dan Birokrasi. PT Elex Media Komputindo-Kompas Gramedia, Jakarta. [PPT]Sarbanes-Oxley: Implementing A Risk-Based Approach