This document outlines a risk management process that involves identifying risks, classifying them by category, measuring their probability and magnitude, scoring the risks, analyzing controls, and visualizing the risk profile. Key steps include appointing risk agents to identify risks, classifying risks into 15 categories, determining probability and impact scales, calculating risk scores, creating a questionnaire to assess board controls, and comparing risks to controls in a visualization. The process is meant to be implemented on a semi-annual basis to regularly review and update the organization's risk assessment and management.

1. Master Plan

2. How to Manage risk
 Risk identification  Kuesioner wewenang
 Risk classification dan tanggung jawab
 Risk magnitude Direksi dan Komisaris
measure yang terkait dengan
pengendalian internal
 Risk probability dan Risiko
measure
 Control identification
 Risk scoring  Control classification
 Control scoring

3. The Method
Musavie Abdillah

4. The Process (in time)
Risk Analysis
Risk
Risk Identification Risk Measure Risk Scoring
Classification
Assess once, review
semi-annually
semi-annually
Control Analysis
Questioner Control Control
Control Scoring
of Board’s control Identification Classification
Create once, review
semi-annually
every three years

5. How to identify
Risk Identification
 Create counterpart per
department, per Company with
“SK Direksi” to be the man in-
charge at their company as risk
agent  [because risk owner will
precisely identify any on going
risk happen better than Holding’s
RMO]
 Risk Agent will define the
business process in a flowchart
form at their department
 Risk Agent then identify the risk
on each process

6. How to identify
Risk Identification
No Risk
 Put all the risk 1 Jaminan TKI tak terbayar pada
tahun 2010
together in worksheet 2 Regulasi ketenagakerjaan
 Handed to Holding’s
3 Hubungan diplomatik luar negeri
4 Karyawan yang di deliver ke
RMO client under standard
5 Rugi kurs
6 Pengembangan pasar stagnan
 RMO then will compile 7 Keterlambatan bayar dari klien
8 Proses bisnis tidak terarah
all the risk together, 9 Perusahaan tidak memiliki arah
eliminate any recurrent 10 Terkena hukuman eksternal
(fiskus, eksternal auditor dll)
11 Reputasi buruk
risks
12 Karyawan under-stress
13 Lemahnya kontrol dan
komunikasi
14 Miskomunikasi dengan klien

7. Classifying yourrisk
Risk No Risk Risk Category
Classification 1 Jaminan TKI tak terbayar pada Liquidity risk
tahun 2010
 RMO then classify risk into 15
category: 2 Regulasi ketenagakerjaan Legal risk
 Interest rate risk 3 Hubungan diplomatik luar negeri Political risk
 Exchange rate risk
4 Karyawan yang di deliver ke Productivity risk
 Liquidity risk client under standard
 Credit risk (gagal bayar) 5 Rugi kurs Exchange rate risk
 Capital structure risk 6 Pengembangan pasar stagnan Innovation risk
7 Keterlambatan bayar dari klien Credit risk
 Human resource risk 8 Proses bisnis tidak terarah Procedure risk
 Productivity risk
 Technology risk 9 Perusahaan tidak memiliki arah Innovation risk
 Innovation risk 10 Terkena hukuman eksternal Legal risk
 Information system risk (fiskus, eksternal auditor dll)
 Procedure risk 11 Reputasi buruk Reputational risk
 Environment risk 12 Karyawan under-stress Human resources risk
 Reputational risk
 Legal risk
 Political risk 13 Lemahnya kontrol dan Procedure risk
komunikasi
14 Miskomunikasi dengan klien Human resources risk

8. Classifying your risk
Risk
Classification
 RMO decide the
magnitude standard for
each category
Probable
Moderate High High
(High)
Likelihood
Reasonably Possible
Low Moderate High
(Moderate)
Remote
Low Low Moderate
(Low)
Insignificant Significant Material
(Low) (Moderate) (High)
Magnitude

9. Classifying your risk
Risk
Classification Risk Category Magnitude
Interest rate risk M
 RMO decide the Exchange rate risk M
Liquidity risk H
magnitude standard for Credit risk M
each category Capital structure risk L
Human resource risk L
Productivity risk H
Low risk is basic risk L 1 Technology risk L
M 2 Innovation risk L
Medium risk is twice then low risk
Information system risk M
High risk is twice then medium risk H 4
Procedure risk M
Environment risk H
Reputational risk H
Legal risk M
Political risk L

10. Measuring your risk
Risk Measure
Score
No Risk Risk Category Magnitude Weight Porbability
1 Jaminan TKI tak terbayar pada Liquidity risk
 RMO then handed- tahun 2010
H 4 50%
2 Regulasi ketenagakerjaan Legal risk
back the risk list 3 Hubungan diplomatik luar negeri Political risk
M 2 15%
L 1 1%
categorized to risk 4 Karyawan yang di deliver ke
client under standard
Productivity risk
H 4 75%
5 Rugi kurs Exchange rate risk M 2 50%
agent for them to 6 Pengembangan pasar stagnan
7 Keterlambatan bayar dari klien
Innovation risk
Credit risk
L
M
1
2
95%
25%
8 Proses bisnis tidak terarah Procedure risk
measure the risks 9 Perusahaan tidak memiliki arah Innovation risk
M 2 80%
L 1 80%
 Risk Agent measure 10 Terkena hukuman eksternal
(fiskus, eksternal auditor dll)
Legal risk
M 2 95%
11 Reputasi buruk Reputational risk
the probability 12 Karyawan under-stress Human resources risk
H 4 50%
L 1 50%
Very unlikely 10%
Unlikely 20%
Likely 40%
Very likely 80%
Certain 100%

11. Scoring your risk
Risk Scoring
Score Risk
 Risk Agent handed Magnitude Weight Porbability Score
back measured risk
H 4 50% 4%
lists to RMO
M 2 15% 1%
 RMO finalize the risk
L 1 1% 0.0%
of each category into
H 4 75% 6.1%
scoring of risk M 2 50% 2.0%
L 1 95% 1.9%
RS = (RM*prob)/TR M 2 25% 1.0%
M 2 80% 3.3%
 RS = Risk Score
 RM = Risk Magnitude L 1 80% 1.6%
 TR = Total Risk Magnitude
on each Category

12. The Detail

13. BoD and BoC control
Create questionnaire for BOD & BOC regardless control of risks on:
 Interest rate risk  Innovation risk
 Exchange rate risk  Information system risk
 Liquidity risk  Procedure risk
 Credit risk  Environment risk
 Capital structure risk  Reputational risk
 Human resource risk  Legal risk
 Productivity risk  Political risk
 Technology risk

14. Scoring your control
 Questionnaire filled to see the score and then
compared to its risk
Score = 1 – questionnaire filled
 To simplify the visualization of risk against control

15. Visualization of Risk Profile

16. Need to do
The list need to be
 SK Direksi penunjukkan Risk agent
 Review on 15 category of risks
 Review on magnitude standard of each
risk category
 Control questionnaire