5/31/2013 Resista Vikaliana,S.Si.

MM 1

BEST PRACTICES

MANAJEMEN RISIKO
5/31/2013 Resista Vikaliana,S.Si. MM 2

BEST PRACTICES: integrating risk management into

other management practices (1)

Mempromosikan filosofi dan budaya organisasi bahwa setiap orang

adalah manajer risiko
Organisasi manajemen risiko
Membangun saluran komunikasi terbuka
Menggunakan tim dan komite
Menggunakan bahasa risiko bisnis yang sederhana dan lazim
5/31/2013 Resista Vikaliana,S.Si. MM 3

Pembentukan fungsi manajemen risiko korporasi

Mengkomunikasikan kinerja manajemen risiko
Bantuan audit internal dan komite audit dalam
mengimplementasikan manajemen risiko
Pedoman
Pelatihan manajemen risiko
5/31/2013 Resista Vikaliana,S.Si. MM 4

Pendekatan, Alat, dan Teknologi dalam

Mengimplementasikan Manajemen Risiko

Daftar risiko bisnis

Pemetaan Risiko
Peta risiko
Usaha
Matriks risiko utama
IMPLEMENTASI Analisis skenario
RISIKO
Analisis statistik dan VaR
Model keuangan
Pemodelan
Antisipasi hazard
Risiko teknis pengembangan produk
baru
Akumulasi pengalaman masa lalu
 5

Identifikasi Risiko dan Teknik Asesmen

5/31/2013 Resista Vikaliana,S.Si. MM

5/31/2013 Resista Vikaliana,S.Si. MM 6

ENTERPRISE RISK
MANAGEMENT (ERM)
5/31/2013 Resista Vikaliana,S.Si. MM 7

Enterprise Risk Management

Manajemen Risiko Perusahaan
Metode dan proses yang digunakan organisasi perusahaan
untuk mengelola risiko
Rangka atau pedoman untuk menjalankan risiko
5/31/2013 Resista Vikaliana,S.Si. MM 8

TAHAPAN
Identifikasi kejadian atau keadaan yang berkaitan dengan pencapaian tujuan
organisasi perusahaan dapat melindungi dan menciptakan nilai tambah kepada
para stakeholders pemilik perusahaan, karyawan, pelanggan, regulator dan
masyarakat)
Menilai risiko dengan dua dimensi: dimensi kemungkinan terjadi dan dimensi
akibat terjadi
Menentukan strategi yang tepat (avoidance, reduction, share or insurance, atau
di-accept)
 5/31/2013 Resista Vikaliana,S.Si. MM 9

Stakeholders dari ERM

5/31/2013 Resista Vikaliana,S.Si. MM 10

ERM VERSI COSO

5/31/2013 Resista Vikaliana,S.Si. MM 11

Komponen ERM
Komponen
Internal environment
Objective setting
Event identification
Risk assessment
Risk response
Control activities
Information and communication
Monitoring
5/31/2013 Resista Vikaliana,S.Si. MM 12

Tujuan ERM

Tujuan
Strategy
Operation
Financial report
Compliance
5/31/2013 Resista Vikaliana,S.Si. MM 13

ERM VERSI RIMS

5/31/2013 Resista Vikaliana,S.Si. MM 14

TUJUH KOMPETENSI UTAMA/ ATRIBUT:

1. ERM Based Approach
2. ERM Process Management
3. Risk Appetite Management
4. Root Cause
5. Uncovering Risks
6. Performance Management
7. Business Resiliency and Sustainability
5/31/2013 Resista Vikaliana,S.Si. MM 15

Contoh ERM
Risk Based Audit : Sarbane Oxley Act of 2002 in Boeing
 Oxley,
Section
404 16

Bottoms Up Risk Matrix Showing Controls Ranked by

Transaction Flow Design Teams
Control Risk Concentration
by Significant Location, Transaction Flow, Process, etc

Data from prior chart shown

5 4 In risk cube format
L
i
Can be aggregated by Significant
4 2 10 6 41 53
k Location, Process, Transaction
e
l Flow, Business Unit, etc
i 3 8 48 57 89 194
h
o Excel based
o
d 2 17 38 38 36 90
Data pulled from one-source
compliance application using
1 25 6 5 5 13 simple ODBC connectivity,
visual basic query technology
1 2 3 4 5
Significance
NOTIONAL DATA FOR
INSTRUCTIONAL USE ONLY
 Oxley,
Section
404 17
Distribution of Risk Assessment Provides
Management Ability to Target Opportunities
1 2 3 4 5
NOTIONAL DATA FOR
5 1 Fraud Risk
INSTRUCTIONAL USE ONLY
2 Financial Reporting Risk
25% 4 3 Financial Reporting Risk
LIKELIHOOD

4 Financial Reporting Risk

3
~45% 5 Process/System Change Risk

6 Fraud Risk
2

~30% Risk Factors include:

1 1. Inherent Risk of Fraud

2. Accounting complexity
3. History of misstatement / deficiencies
4. Changing business or regulatory environment
IMPACT
Helps management focus on level of evidence needed; areas where company
level controls can achieve greatest impact; opportunity for additional control
rationalization
 Oxley,
Section
404 18

Control Performers for All Key Controls Periodically

Self-Assess
Process

Control Activity No.

Key Control Performer Self Assessment Checklist

Note: The purpose of this form is for you, as the Key Control Performer to assess that the Key Control Activity is being performed as
documented, designed and operating effectively.

By clicking on the box to the right of each field a drop down will appear.
Have you obtained and read the most updated documentation in Risk Navigator for the Key Control Activity(s) listed
1 above? The documentation may include, Key Control Activity description, Test Plan or Process Narrative.

Does the Key Control Activity description, Test Plan and/or Process Narrative accurately describe how you perform
2 the control?
Do you have the evidence required by the Key Control Activity and is it ready and accessible for a Self Assessment
3 or an independent review (by Corporate Audit, Management, D&T, SEC, etc)?

4 Have all changes to the Key Control Activity(s) or Process been identified and communicated?

Have you performed this Key Control Activity as written for each occurrence you were responsible for this year?
5
To the best of your knowledge, do you agree the Key Control Activity has not been bypassed, either manually or
6 systematically?
Comments & Explanations:

Name of Key Control Owner: Date: (enter xx/xx/xx)

Provides foundation for control reliance additional evidence may be

obtained for controls rated as higher risk
5/31/2013 Resista Vikaliana,S.Si. MM 19

References
Siahaan, Hinsa. 2009. Manajemen Risiko pada
Perusahaan dan Birokrasi. PT Elex Media Komputindo-
Kompas Gramedia, Jakarta.
[PPT]Sarbanes-Oxley: Implementing A Risk-Based
Approach