SlideShare a Scribd company logo

ERM OPTIMAL

wisnu wardhana, i nyoman
wisnu wardhana, i nyoman

an ERM in practice towards business competitiveness - an approach of risk management in PT. Telkom

Business
1 of 70
Download to read offline
Jakarta, April 2016 an Enterprise Risk Management in Practice towards Business Competitiveness Risk & Process Management PT. Telekomunikasi Indonesia, Tbk I Nyoman Wisnu Wardhana Senior Advisor II – PT. Telkom
Disclaimer This document may contain forward-looking statements within the meaning of safe-harbor. Actual results could differ materially from projections, estimations or expectations. These may involve risks and uncertainty, and may cause actual results and development to differ substantially from those expressed or implied in the statements. The company does not guarantee that any action, which may have been taken in reliance of this document will bring specific results as expected. Subdit Risk & Process Management PT. Telekomunikasi Indonesia, Tbk
O U T L I N E  Telkom at glance  ERM – Latest Concept  ERM Framework  ERM‘ Processes  Takeaway The latest of risk management, GRC, Risk Based approach Framework Risk Profile and Treatment
Total Shares 100,799,996,400 shares Market Capitalization at IDX Telkom Indonesia is listed at Indonesia Stock Exchange (TLKM IJ) and New York Stock Exchange (TLK US) Public 46.76% Government 53.24% Treasury Shares 2.6% IDR 333,14 Tn. Telkom at a glance
Telkom at a glance – The Group
Telkom at a glance – Corporate philosophy Telkom ada untuk memberikan yang terbaik bagi bangsa Indonesia dan semesta alam Telkom memberikan service dan solusi terbaik yang dibutuhkan dan dicintai oleh Customer Telkom meningkatkan value perusahaan,. profesionalisme dan kesejahteraan pegawai serta return yang optimal bagi shareholder MEGA MAKRO MIKRO Warna Merah Putih: Persembahan Telkom Indonesia untuk Indonesia dan semesta alam The World in Your Hand: Yang terbaik untuk pelanggan Company: Value perusahaan, professionalisme, shareholder
Telkom at a glance – Corporate Strategy Vision Be the King of Digital in the Region Mission Lead Indonesian Digital Innovation and Globalization Strategic Objective Corporate Strategy  Directional Strategy : Sustainable Competitive Growth  Portfolio Strategy : Converged TIMES Portfolio  Parenting Strategy : Strategic Guidance Top 10 Market Capitalization Telco in Asia-Pacific by 2020
• RPM & Personnel • Framework • Methodology & Tool • Policy & Procedure • Risk Ownership Assured by Internal Audit Telkom‘s BOC and BOD Support and Oversight Risk management Vision: Bring Risk Management into Telkom‘s culture that embedded to PT. Telkom‘s business process and operational Risk Management Mission: To be a ―Partner‖ for all PT. Telkom‘s business unit and operational Sukses Implementasi ERM di PT. Telkom bergantung kepada adanya dukungan dan komitmen dari BoD dan BoC (Tone at the Top) serta adanya Fungsi yang menjamin Efektivitas Implementasi dan memberi masukan untuk pengembangan lebih Lanjut (IA) Telkom at a glance – Visi, Misi Telkom ERM
Telkom at a glance – Corporate Legal Consideration Consider PT. Telekomunikasi Indonesia, Tbk. Sebagai Perseroan Terbatas Law  UU No. 40/2007 tentang Perseroan Terbatas Regulation  Per-Pres, Kep-Pres, Per-Men, Per- Pem, etc. Sebagai Perusahaan Milik Negara Law  UU No. 19/2003 tentang BUMN; UU No. 17/2003 tentang Keuangan Negara, etc. Regulation  Per-Pres, Kep-Pres, Per-Men, Per- Pem, etc. Sebagai Perusahaan Telekomunikasi Law  UU No. 36/1999 tentang Telekomunikasi; UU No. 11/2008 tentang ITE, etc. Regulation  Per-Pres, Kep-Pres, Per-Men, Per- Pem, etc. Sebagai Perusahaan Publik Law  UU No. 8/1995 tentang Pasar Modal; Regulation  Per-Pres, Kep-Pres, Per-Men, Per- Pem, Per-OJK (Bapepam), SOX-SEC, IDX Reg, etc. Consider Consider Consider The Bylaw Company‘ internal regulations: Peraturan Direksi Peraturan Direktur Peraturan Kepala Unit Bisnis Policies Procedures SOP/SMP Etc. Other public laws, for instance: - UU No. 31/1999 - UU No. 5/1999 - KUHP - Etc.
―The greatest risk of all is to take no risk at all‖ – Forbes
Latest Concept of ERM – Business Turbulence Latest Progress New Concept The Fact Challenge Perubahan yang sangat cepat bahkan seringkali tidak terduga (highly volatile) Pentingnya memberi perhatian khusus pada kebijakan dan proses yang berkaitan dengan Tatakelola Perusahaan (GCG), Manajemen Risiko, dan Kepatuhan (increasing attention to GRC) Pentingnya memberi perhatian Kebanyakan perusahaan mengelola GCG, Manajemen Risiko, dan Kepatuhan berjalan sendiri-sendiri bahkan terjadi silo-silo diantara mereka Bagaimana perusahaan mampu mengelola risiko bisnisnya yang sangat efisien dan lincah dengan dimilikinya sistem Pemantauan Pengendalian yang seimbang dan terintegrasi
Financial risk Liquidity risk Diversification risk – No-diversification risk Development risk Growth risk - Stagnation risk Income stream risk Political risk Regulation risk Demand risk Supply risk Sale & Marketing risk Reputational risk Business continuity risk Health and safety risk, …. Latest Concept of ERM – Risk is everywhere Operational Failure Disruption of Main Process Decreasing of Quality of service Shrinkage of Market and Investor Business Performance Inflammation Raising Cost
Latest Concept of ERM – Fragmentation Increases Risk Supplier ―black list‖ Anti – terrorist trade practices High credit risk customer Balance credit profile Data leakage & security Security IT infrastructure Employee safety compliance Environmental health & safety compliance Disconnected risk analysis Integrated risk analysis Complex, Int. compliance req. Global finance reporting compliance Exc. Compensation practices Evidence for decision & directives Incomplete global risk profile Increase confidence in business result ProcurementSales, Services IT OperationHuman ResourcesCompliance /Risk Office FinanceDireksi/Dekom & Audit Comittee Executive& Managers New pressures, new risks • Diversification - range of business streams • Commercial competition • Care & support; social enterprise • Market renting; market sale • New partners; joint ventures • New funding models • Emphasis on self-regulation, co- regulation • Increasing focus on governance
Latest Concept of ERM – Fragmentation Increases Risk
Latest Concept of ERM – Fragmentation Increases Risk
Latest Concept of ERM – Don‘t to be a stranger man TOP 10 RISK 1 Damage to reputation/brand 2 Economic slowdown/slow recovery 3 Regulatory/ legislative changes 4 Increasing competition 5 Failure to attract or retain top talent 6 Failure to innovate/meet customer needs 7 Business interruption 8 Third-party liability 9 Computer crime/ hacking/viruses/ malicious codes 10 Property damage TOP 10 Global Risk 2015 Top 10 Risk in Telecommunications 2014
Latest Concept of ERM – TOP 10 Risks Competitive is a must! 1 Damage to reputation/brand 2 Economic slowdown/slow recovery 3 Regulatory/ Legislative changes 4 Increasing Competition 5 Failure to attract or retain top talent 6 Failure to innovate/meet customer needs 7 Business Interruption 8 Third party liability 9 Computer crime/hacking/viruses/ malicious codes 10 Property damage 1 Increasing Competition 2 Economic slowdown/slow recovery 3 Regulatory/ Legislative changes 4 Failure to innovate/meet customer needs 5 Damage to reputation/brand 6 Failure to attract or retain top talent 7 Computer crime/hacking/viruses/ malicious codes 8 Commodity price risk 9 Political risk/uncertainties 10 Growing burden and consequences of corporate governance/compliance 2015‘ risks 2018 projected
Latest Concept of ERM – Going to risk based approach Risk & Strategic Planning Risk & ICoFR Risk & BCMS (ISO 22300) Risk & ISMS (ISO 27000) Risk & Asset Management Toward intelligent Risk Taking Ensure reliability of financial reporting Prevent business disruption Protected of asset information (CIA) Effective and efficient, and well protected of asset
Latest Concept of ERM – The Survey How challenging is each of the following in defining and implementing your organization‘s enterprise- level risk appetite statement? Complying with regulatory expectation regarding risk appetite 55% 55% 38% 37% 35% 21% 18% 11% Defining risk appetite for strategic risk Defining risk appetite for reputational risk Defining risk appetite for operational risk Allocating the risk appetite among different business units Translating the risk appetite for individual risk types into quantitative risk limits Integrating stress testing results when defining risk appetite Gaining the active participation of business units in implementing the risk appetite and risk limits
―Nearly 90 percent of firms do not conduct a risk assessment when outsourcing production.‖ ―Risk: It's Time to Measure It,‖ Harvard Business Review
ERM Framework – The History 1970s Risk management gains wider acceptance 1980s Companies begin Risk departments, typically focused on insurance 1990s Risk management matures as companies begin to focus on ―business risk‖ 19801970 1990 2000 2004 Release of COSO ERM Integrated Framework 19601950 1950s-1960s Traditional Risk Management (―TRM‖) 1977 Foreign Corrupt Practices Act (―FCPA‖) Early1980s Increased focus on internal control and compliance 1985 National Commission on Fraudulent Financial Reporting — Treadway Commission 1992 Committee of Sponsoring Organizations (―COSO‖) published Internal Control — Integrated Framework 1990s-2000 Continued focus on internal control, risk management, and responsibilities (Blue Ribbon Commission, Competency Framework for Internal Audit, others) 2002 Sarbanes-Oxley Act of 2002 Enterprise Risk Management is intertwined with the development of internal control standards and the regulatory environment.
ERM Framework – The Defined Framework Japan Financial Services Agency (JFSA) – ERM Framework 2013 ISO 31000:2009 the new International Risk Management Standard Federation of European Risk Management Association (FERMA) Risk and Insurance Management Society (RIMS) Basel II – Integrated Risk Management Solution COSO ERM framework AS/NZS 4360:2004 RIMS Risk Maturity Model
ERM Framework – The COSO Framework 1. Entity objectives 2. Activities at all levels 3. The eight components of the framework 1 2 3
ERM Framework – Telkom ERM Framework Telkom ERM system with reference to the COSO ERM framework. Risk management is inherent in the implementation of GCG as well as internal control mechanism within the company. Therefore, since 2008 we have established and developed:  Structural Aspects which include developing risk management vision, mission, commitment, tone at the top, conducive internal environment, policy, competence development, IT tools and systems.  Operational Aspects which include determination of Risk Acceptance Criteria, conducting risk assessment and developing specific-functions risk management.  Maintenance Aspects which include monitoring risk management implementation, periodical risk reporting report, safeguarding the continuity of competency development. Regularly assessing the quality of implementation of risk management through Risk Management Index, Risk Culture Survey and Risk Maturity Level.
―An ounce of prevention is worth a pound of cure.‖ - BF
ERM Framework – Road Map 2008 2010 2012 2015 Beyond Developed Risk Management Implementation and Creating values 2009 2011 2013 2014 2016 • Restrukturissi Kebijakan • Risk Assessment • Review Risiko Inisiatif • Sosialisasi dan internalisasi • Risk Management Information System dan ISMS terimplementasi • Protap dan standar perjanjian maupun standar proses penyelesaian dokumen hukum dan bantuan hukum menjadi acuan baku dalam setiap pelaksanaan aktivitas Legal Compliance • Tersedianya Sistem Informasi Legal Compliance • Peningkatan kompetensi bidang C&RM • Implementasi ketegasan pemberian sanksi atas pelanggaran service level & kebijakan • Memastikan adanya suatu ukuran risiko dalam setiap KPI suatu unit • Implementasi Kejelasan reward & punishment terkait dengan pemenuhan risk indicator/ rasio yang ada • Risk monitoring and reporting system terimplementasi • Meningkatnya pemahaman dan kesadaran akan peran hukum • Sistim informasi menjadi bagian dalam setiap pelaksaan tugas karyawan. • Effisiensi ratio, loss ratio, potensial risk ratio menjadi salah satu KPI utama dari ―enterprise- wide‖ • Memastikan Risk assessment dilakukan pada setiap proses bisnis, inisiatif kebijakan maupun pengambilan keputusan • Memastikan tersedianya informasi tepat waktu tentang kondisi risiko awal (Early warning signal) • Kepatuhan hukum merupakan bagian dalam setiap pelaksanaan aktivitas • Terlaksananya transaksi perusahaan yang aman dan terlindungi dari aspek hukum. • Adanya Nilai tambah atas tiap produk / inisiatif yang sdh dilakukan risk assessment • Memastikan Efektivitas mitigasi plan risk control • Perusahaan memiliki sistim kontrol dari aspek hukum yang mampu mendeteksi secara dini terjadinya pelanggaran/permas alahan . • Implementasi Governance Risk Compliance + Culture (GRC) • Menjadi role model pengelolaan risiko di industri Telco • Memastikan system enterprise security yang aman pada seluruh system yang ada dan zero revenue leakage (tidak ada kebocoran) • Terpenuhinya kepatuhan hukum atas setiap tindakan Manajemen dalam pengelolaan perusahaan sesuai dengan peraturan internal dan external. • Memastikan pelaksanaan risk management berlangsung efektif dalam setiap level entitas perusahaan • Memastikan pelaksanaan risk mangement pada subsidiaries (Telkom Group) • Integrated risk assessment untuk operasional (Security, IT, Asset, Infrastruktur/network) • Kepatuhan hukum atas setiap tindakan Manajemen terhadap seluruh boundary Governance (Mandatory and Voluntary) • Penyusunan Konsep GRC berbasis IT • Eksploitasi data berbasis risk management dalam pengambilan keputusan perusahaan berbasis early warning System • Kolaborasi data Key Risk dan Key Performance dalam penyusunan RKAP • Integrated risk based dalam management system (IMS: BCMS, ISMS, QMS) • Fully Comply to all boundary of Governance (Mandatory and Voluntary) • Scheme of GRC berbasis IT developing • New Concept of Risk Management implemented coincide with Organization Re- structuring. • Enhancement Integrated risk based dalam management system (IMS: BCMS, ISMS, QMS, dan IT- SMS) • Fully Comply to all boundary of Governance (Mandatory and Voluntary) • IT system of GRC • Early warning for all system management. • Fully Integrated risk based dalam management system (IMS: BCMS, ISMS, QMS) • Fully Comply to all boundary of Governance (Mandatory and Voluntary) • IT system of GRC run
ERM Framework – Telkom ERM activities Telkom‘s ERM activities is done through: 1. Quarterly review and monitoring of unit (and subsidiaries) risk management. 2. Preparation of regular quarterly Risk and Compliance Analysis Reports. 3. Meetings to discuss corporate risks through meetings at BoD as well as BoC level. 4. Measurement of risk culture implementation through internal surveys conducted on a number of respondents. 5. Measurement of risk management maturity level (ERM Maturity Level). The data to be considered: 1. Country-related risks such as changes in politics, society, macro economy and natural disasters. 2. Company-related risks (Operational, Financial, Legal compliance, Regulatory, Competition, Market, etc.) 3. Any external and Internal change. 4. Governance requirement. 5. Interested parties requirement.
RKAP 2016 Risk Profile 2016 RISK APPETITE 2015 Risk Profile 2015 Makro Ekonomi, Industri, kompetisi, Teknologi, Regulasi Benchmark & RiskAssessment CSS 2016-2020 RKAP 2015 LM TW 1,2 2015 Draft CAM 2015 Masukan BOD Risk Profile Unit Memberikan indikasi tingkat risiko dan prioritas program mitigasi dalam rangka menghindari risiko gagalnya pencapaian tujuan perusahaan ERM Framework – Risk Based RKAP
ERM Framework – ERM Process VISI & MISI STRATEGIC OBJECTIVE  DIRECTIONAL - Disruptive competitive growth: Need to achieve double digit growth by 2020.  PORTFOLIO - Customer value through Digital TIMES portfolio: More focus on Digital businesses.  PARENTING - Strategic Control: More streamlined control on subsidiaries Corporate Strategy 10 Strategic Initiative 2016’s Corporate Risk GBP/MPCAM 2016 RKAP 2016 RKM Mitigation Plan Corporate Risk factor 2016-2020 Risk & Opportunity Subsidiaries Business Unit Division TopDownRiskAssessmentScheme ButtomupRiskAssessmentScheme
ERM Framework – Risk Map O4C3; O1 S1; C1 F1; F2; F3 C2; S3; S4 S2 O2 O3 Appetite Likelihood Impact Very Low Low Medium High Very High VeryLowLowMediumHighVeryHigh VL L M H VH Increased Foreign exchange Increased Interest Rate Fail in Managing Liquidity F.1 F.2 F.3 S.1 S.2 S.3 S.4 Less/decline Product Competitiveness Failure in M&As activities and Partnership Failure to maximize technology as a competitive value Failure in Corporate University program C.1 C.2 C.3 Regulatory Pressure and Impediments Business dispute and litigation Late submission of Financial Statements and Deficiency on ICOFR O.1 O.2 O.3 O.4 Failure in managing Information and Technology Revenue Leakage Business Interruption Failure to max. Revenue Over Invested Capital expenditure
ERM Framework – Risk Radar Less/decline Product Competitiveness Failure in managing Information and Technology Increase d Forex Business dispute and litigation Failure to maximize technology as a competitive value Failure in Corporate University program Failure in M&As activities and Partnership Revenue Leakage Regulatory Pressure and Impediments Business Interruption Failure to Max. Rev.Over Invested Capex Increased Interest Rate Fail in Managing Liquidity Late submission of Financial Statements and Deficiency on ICOFR  Increased Forex  Increased Interest Rate  Fail in Managing Liquidity Strategic Risks Operation Risks Financial RisksCompliance Risks  Less/decline Product Competitiveness  Failure in M&As activities and Partnership  Failure to maximize technology as a competitive value  Failure in Corporate University program  Regulatory Pressure and Impediments  Business dispute and litigation  Late submission of Financial Statements and Deficiency on ICOFR  Failure in managing Information and Technology  Revenue Leakage  Business Interruption  Failure to Maximize Revenue Over Invested Capex
Dikonotasikan dengan langkah men-tansfer risiko kepada pihak ketiga. Misal: Outsourcing, Partnership, Insurance, etc. Dalam hal ini, perusahaan berarti akan menerima risiko tersebut, berdasarkan perhitungan bahwa di bawah appetite perusahaan. Langkah ‗optimization‘ merupakan program yang diambil untuk mengurangi severity yang ditimbulkan oleh potensi risiko yang ada (self insured) Menghindari terjadinya risiko , dipilih apabila suatu langkah (inisiatif, mitigasi, rencana bisnis, dll) akan dilakukan dengan mempertimbangkan potensi risiko. ERM Framework – Risk Treatment Commonly, there are 4 types of risk treatment could be taken: Risk Transfer (Sharing Risk) To move the exposure and its severity (risks) through 3rd party. Risk Accepted (Retention) If cost beyond its risk (exposure). Note: Cost > Risk Risk Reduction (Limitation) Optimization process of remedy, to reduce its severity Risk Avoidance (Elimination) Escaping from any initiative, business plan, etc. Considering the potential risks.
ERM Framework – Operational Risk Management in Telkom Operation Risks Failure in managing Information and Technology Revenue Leakage Business Interruption Failure to Maximize Revenue Over Invested Capital expenditure High Very High Very High Very High Risk Level Risk Treatment Mitigation Key Risk Indicators Risk Dashboard  Reduce: Update Tech.  Transfer: Partnership  Reduce: Control, System Update, Process update, Customer check, etc.  Reduce: Asset protection, Early warning system security, BCMS, Simulation/exercise.  Transfer: Outsources, Insurance.  Reduce: Asset Management, CAPEX- tracking, Synergy, total solution, product management.  Applications and IT System  IT Security, Customer Base, Big Data, Data Warehouse System  Fraud, Transaction, No Bill  Bad debt  Network failure, human error, downtime network, SLG, SLA  Catastrophe; natural hazard, earthquake, fire, lightning, tsunami, etc.  ROA, ROI, Revenue, Cost, Impairment Value, etc. Asset Failure Business Interruption Revenue Leakage
If your User Interface even vaguely resembles an airplane cockpit, you‘re doing it wrong. — JOHN GRUBER
Take away Beware of risk as a ‘black swan’ phenomena It‘s a ‗weird‘ doing business with no risk Risk is like fire: If controlled it will help you; if uncontrolled it will rise up and destroy you. Risk is about running the business, manage it! If you only take small risks, you are only entitled to a small life
Implementasi ERM di TELKOM Company‘ Objectives 1. Memastikan reliability Objectives Perusahaan. 2. Memberikan gambaran stepping/milestone pencapaian Objectives yang terukur. 3. Memberikan alternatives dalam pencapaian Objectives. 4. Memperhitungkan alokasi resources dalam pencapaian Objectives. 5. Mengantisipasi terhadap perkembangan yang berpengaruh pada pencapaian Objectives. 6. Mengoptimalkan potensi dan kesempatan (Opportunities) dalam pencapaian Objectives. 10 Strategic Initiatives: 1. Optimizing POTS and Strengthening Broadband 2. Consolidate& Grow FWA Business and Manage Wireless Portfolio 3. Integrated Telkom Group Ecosystem Solutions 4. Invest in IT Services 5. Invest in Media & Edutainment Business 6. Invest in Wholesale and Strategic int’l Opportunities 7. Invest in Strategic domestic opportunities that leverage the assets 8. IntegrateNGN & OBCE 9. Align Business Structure and Portfolio Management 10. Transforming Culture Objectives v. Risk Management STRATEGIC OBJECTIVE Creating Superior Position by Strengthening The Legacy & Growing New Wave Businesses to Achieve 60% Of Industry Revenue in 2015
RISK BASED KRIs and KPIs – Company‘ Objectives Menentukan ‘key business objectives’ berdasarkan strategi korporasi  Identifikasi Risiko-Risiko yang berpengaruh terhadap pencapaian objectives.  Menyusun Profil Risiko (a company- wide risk profile) Menentukan kriteria/level toleransi risiko berdasarkan hasil assessment likelihood and potential impact. Menentukan alokasi rencana mitigasi (strategi yang tepat), sumberdaya, dan akuntabilitas untuk mengelola risiko. Eksekusi strategi (mitigasi) dan melakukan identifikasi KRIs dan KPIs yang terukur secara financial dan operational. Monitoring progress untuk identifikasi potensi peningkatan performansi (kinerja) dalam pencapaianobjectives. 1 2 3 4 5
Business Objectives Event Identification Significant Business Issues Control Activities Risk Response Risk Assessment Client Mission Statement Client Objectives Business Unit Objectives Targets Performance Measures Current Major Issues Potential Future Events Capture Process Impacts Analyses Response Management Planning Process Key Drivers Dependencies Performance Management Track Record Completeness Integration SMART Roles & Responsibilities Data Management Issues Management Integration with Business Planning Event Portfolio Internal/External Capture Process Repository Maintenance / Refresh Roles & Responsibilities Data Management Event Management Integration with Business Planning Risk Portfolio Definitions Categorizations Assessment Criteria Structure Roles & Responsibilities Timing & Frequency Expert Involvement Consistency Client Business Process Model Policies Procedures Response Portfolio Definitions Decision Drivers Decision Criteria Process Completeness Communications Training Roles & Responsibilities Monitoring Effectiveness Process Roles & Responsibilities Decision Protocols Reporting Timing Review Areas Review AreasReview AreasReview AreasReview AreasReview Areas Focus FocusFocusFocusFocusFocus RISK BASED KRIs and KPIs – Company‘ Objectives Managing Business Risk within your organization
RISK BASED KRIs and KPIs – Company‘ Objectives – cont.‘ 1. Management mengetahui secara dini potensi tidak tercapainya target/objective perusahan karena perkembangan risiko. 2. Management dapat menyusun program mitigasi yang efektif untuk mengantisipasi perkembangan risiko. Dengan demikian Objective Perusahaan apabila dikelola tanpa memperhatikansistem manajemen risiko (ERM), alignment dengan isu strategis, arah perkembangan bisnis, dan kondisi operasional, maka sistem tersebut akan kehilangan pijakan dalam operasional perusahaan. Sehingga, diperlukan penghubung sebagai alat navigasi dan kontrolnya, dalam hal ini sistem manajemen risiko yang didasarkan pada KRIs dan KPIs. agar:
RISK BASED KRIs and KPIs – Risk Identification Identifikasi Risiko,  Adalah proses untuk menemukenali segala kemungkinan (kejadian) yang muncul dalam suatu aktivitas usaha yang berhubungan dengan objective perusahaan.  Identifikasi risiko secara akurat dan menyeluruh menjadi sangat vital dalam suatu manajemen risiko.  Salah satu aspek penting dalam identifikasi risiko adalah melakukan pencatatan (me- register) risiko-risiko yang mungkin terjadi sebanyak mungkin. Dalam Framework COSO, dilakukan pem-bedaan antara Risiko dan Peluang, dimana kemungkinan (kejadian) yang berdampak negatif disebut Risiko, sedangkan Peluang merupakan kemungkinan (kejadian) yang dapat berdampak positif (natural offsets/opportunities) yang mendukung strategi dalam pencapaian objectives.
RISK BASED KRIs and KPIs – Risk Identification…The Technique Dengan melakukan identifikasi risiko, akan diperoleh sekumpulan informasi tentang kejadian risiko, informasi mengenai penyebab risiko, bahkan informasi mengenai dampak apa saja yang bisa ditimbulkan oleh risiko tersebut. Teknik- teknik yang dapat digunakan dalam melakukan identifikasi risiko antara lain: Benchmark Professional Judgement (Pendapat Para Ahli di Bidangnya) Wawancara, Survey (Pengamatan) Informasi historis (analysis data historis) Kelompok kerja (Brainstorming) dll.
RISK BASED KRIs and KPIs – Risk Identification…The Technique Cont.‘ Benchmark  Mencari informasi tentang risiko di tempat atau perusahaan lain yang memiliki kesamaan pada tataran tertentu. (eg. Kesamaan pasar, portofolio bisnis, industri, dlsb.)  Data hasil benchmark harus disesuaikan dengan kondisi aktual yang terjadi dan dihadapi langsung oleh perusahaan.  Contoh: – dari berita di media massa, atau internet, dapat diketahui bahwa tingkat kejadian bencana alam di Indonesia memiliki peluang yang sangat tinggi. Hal ini menunjukkan, bahwa secara umum risiko Business Interruption akibat bencana alam sangat besar. – Harga minyak dunia naik?...... – Suku bunga perbankan di US turun?..... – Harga tiket pesawat naik?.....
RISK BASED KRIs and KPIs – Risk Identification…The Technique Cont.‘ Professional Judgment (Pendapat Para Ahli di Bidangnya)  Mencari informasi dari ahli di bidang risiko tertentu, terkait risiko yang berpengaruh terhadap suatu objective perusahaan  Contoh:  Dari bertanya pada bankir, dapat diketahui bahwa ketidak-stabilan kondisi ekonomi di US memiliki risiko pada Foreign Exchange terkait transaksi yang menggunakan mata uang asing (US Dollar)  Dari bertanya pada dokter, dapat diketahui bahwa orang dengan tingkat kolesterol tinggi berisiko kena penyakit jantung
RISK BASED KRIs and KPIs – Risk Identification…The Technique Cont.‘ Pengamatan/Survey  Melakukan investigasi atau pencarian data langsung di tempat kejadian dengan mengajukan kuesioner atau wawancara (data primer)  Contoh:  Dengan melakukan CSLS (Cust. Loyalty and Satisfaction Survey), dapat diketahui bahwa tingkat kepuasan yang rendah akan berisiko pada churn pelanggan  Dengan mengamati proses produksi dan availabilitas dari catu daya PLN, dapat diketahui bahwa perusahaan menghadapi risiko lampu mati (Interruptable Power Supply)  Validitas data sekunder?.....
RISK BASED KRIs and KPIs – Risk Identification…The Technique Cont.‘ Analisis Data Historis • Menggunakan berbagai informasi dan data yang tersedia dalam perusahaan mengenai segala sesuatu yang pernah terjadi • Biasanya data historis harus menggunakan lebih dari satu periode kebelakang agar prediksi risiko dapat lebih akurat • Contoh:  Dari data historis kepegawaian, dapat diketahui bahwa perusahaan menghadapi risiko kehilangan karyawan yang penting  Dari data historis keuangan, dapat diketahui risiko penurunan growth revenue  Dari data historis market, dapat diketahui risiko tingkat kompetisi dalam suatu industri
RISK BASED KRIs and KPIs – Risk Identification…The Technique Cont.‘ Kelompok Kerja (Brainstorming)  Menggunakan berbagai informasi dan data, dilakukan diskusi creative thinking (brainstorming) oleh tim manajemen risiko untuk menemukenali potensi risiko dari suatu objective  Creative thinking yang sukses, biasanya menghasilkan suatu rumusan risiko yang tepat dari suatu objective  Contoh:  Dari data global market, dilakukan brainstorming sehingga dapat diketahui bahwa terkait objective perusahaan untuk ‘invest broadband’ akan menghadapi risiko; teknologi dan kompetisi, country risk factors, etc.
Alignment Process Dengan demikian, alignment antara KRIs dan KPIs sangat signifikan untuk dilakukan agar pencapaian objective dapat terlaksana. Proses Alignment KRIs dan KPIs: Identify risks Quantify risk Identify Actions required Monitor Performance Monitor Changes (internal/ external) Update objectives Agree Acceptable Risk levels Identify risk related Actions Agree Strategic objectives Risk Management PerformanceManagement RISK BASED KRIs and KPIs – Alignment KPIs and KRIs
RISK BASED KRIs and KPIs – Defining Key Risk Indicators  Key Risk Indicator (KRIs), adalah faktor-faktor kunci dari suatu risiko yang digunakan dalam proses manajemen untuk menentukan tingkat risiko pada suatu aktifitas usaha. Merupakan indikator dari kemungkinan dampak negative dimasa yang akan datang (the possibility of future adverse impact).  KRIs memberikan suatu sinyal/tanda ‘Early Warning’ bagi manajemen untuk identifikasi kejadian yang berpotensi menghambat suatu program/aktifitas.  Biasanya ukuran ini disajikan berupa data statistik atau matriks tertentu dengan formula atau model tertentu yang menyediakan informasi terkait posisi dari suatu risiko yang dihadapi oleh perusahaan.  KRIs berbeda dengan Key Performance Indicators (KPIs), dimana KPIs dimaksudkan sebagai ukuran kesuksesan/keberhasilan dari suatu program kerja (aktifitas usaha terkait objectives). Definisi
Key Risk Indicator (KRIs), pada dasarnya dapat dikelompokan ke dalam 4 (empat) kategori:  Coincident indicators, ukuran yang mewakili kegagalan yang terjadi secara bersamaan pada proses bisnis internal. Misal, kegagalan penyelesaian proyek pengadaan/investasi yang secara bersamaan berisiko pada kegagalan pengembangan produk berbasis teknologi.  Causal indicators, Ukuran kegagalan yang berasal dari turunan kegagalan suatu kejadian (root causes event). Misal, risiko kegagalan teknologi yang menyebabkan terjadinya risiko churn pelanggan.  Control effectiveness indicators, merupakan ukuran tingkat kegagalan yang berasal dari proses monitoring performansi. Misal, prosentase kenaikan ARPU pelanggan Flexi.  Volume indicators (Inherent Risk Indicators) biasanya disamakan dengan KPIs, yang dapat menentukan posisi peluang kejadian dan dampak dari suatu risiko (indikator ini biasanya ber-korelasi dengan risiko lainnya). Misal, Jumlah pelanggan, Kapasitas bandwidth, dll. Pengelompokan KRIs RISK BASED KRIs and KPIs – Defining Key Risk Indicators…cont.‘
RISK BASED KRIs and KPIs – Defining Key Risk Indicators…cont.‘ Metode Menentukan KRIs Untuk dapat menentukan KRIs secara tepat dan efektif dapat menggunakan beberapa pendekatan. Salah satu pendekatan yang efektif dan terstruktur dengan baik adalah dengan menggunakan 6 langkah (berhubungan dengan 6-sigma tools): 1. Identify existing metrics. 2. Assess gaps. 3. Improve metrics. 4. Validate and determine trigger levels. 5. Design dashboard. 6. Establish control plan. Ke-enam langkah tersebut merupakan salah satu pendekatan yang dapat diterapkan untuk menentukan KRIs, mulai dari proses melakukan Identifikasi KRIs, Validasi, dan meng- implementasikannya kedalam Early Warning pada segala macam bisnis model.
1. Identify existing metrics.  Untuk menentukan KRIs, langkah pertama yang harus ditempuh adalah dengan Risk Assessment sehingga semua kejadian (events) dapat di-identifikasi, di-assess, dan di-kelompokan bersama sesuai dengan kriteria tertentu yang dapat di monitor dan di-analisa berdasarkan root-causes (analisa sebab-akibat). Tools yang dapat digunakan misalnya, diagram tulang ikan, dll.  Biasanya dalam menentukan KRIs, kejadian penting yang berpengaruh langsung terhadap risiko (inherent risk) maupun residual risk di-identifikasi  Langkah selanjutnya adalah menentukan metric (calon KRIs) bagi masing-masing kejadian yang ber-risiko tinggi (high risk potensial events)  Dalam menentukan kRIs, semakin banyak ukuran kejadian (metric) yang mempengaruhi suatu risiko, maka semakin efektif KRIs dalam memberikan gambaran potensi risiko  Common practice, biasanya untuk penentuan KRIs yang efektif, suatu risiko terdiri atas 5 sampai 10 metric potensial KRIs dan mengandung minimal 1 atau lebih kategori KRIs (type—coincident, causal, control, and volume). Contoh:  Menentukan risiko pada operasional call-center.  Risiko yang ter-identifikasi adalah: Pelanggan tidak tertanggani secara profesional dan tidak akuratnya informasi pelanggan RISK BASED KRIs and KPIs – Defining Key Risk Indicators…cont.‘
2. Assess gaps. Setelah proses inventory seluruh potensi KRIs selesai, langkah berikut adalah melakukan evaluasi kelayakan dan efektifitas tiap-tiap indicators (metric). Terdapat 2 (dua) tools yang digunakan:  the gap assessment  the design matrix Gap Assessment akan memberikan gambaran, apakah indicators (metrics) dalam inventory akan efektif untuk dijadikan KRIs. Dimana, ukuran yang digunakan adalah berdasarkan composite score tabel, biasanya score diatas 4 merupakan syarat cukup untuk dijadikan KRIs. RISK BASED KRIs and KPIs – Defining Key Risk Indicators…cont.‘
RISK BASED KRIs and KPIs – Defining Key Risk Indicators…cont.‘ Digunakan scoring kriteria 0-1-3-9. Dengan menggunakan design matrix, maka tiap- tiap indikator yang mendapat score 9 akan mendapat rating Y. Dengan memperhatikan 2 tools ini, dapat ditentukan indicators (metrics) yang layak dan efektif untuk dijadikan KRIs. Design Matrix merupakan tabel matrik berbasis 6-sigma, dimana akan dilihat keterkaitan Risk Events Driver (RED)dengan indicators yang terdapat dalam inventory. RED merupakan root-causes yang berpengaruh pada munculnya kejadian (indicators). Masing-masing RED diberi pembobotan sesuai dengan prosentase kontribusi.
RISK BASED KRIs and KPIs – Defining Key Risk Indicators…cont.‘ 3. Improve metrics. Proses ‘improve metric’ dilakukan dengan cara membandingkan hasil assessment dari 2 (dua) tools gap dan design matrix. Proses komparasi dilakukan dengan cara:  Analisa indicators di design matrix yang mempunyai score ‘9’ , namun mendapat score rendah di gap assessment. Apabila scoring rendah tersebut dapat dicarikan solusi atau justifikasinya, maka indicators tersebut dapat dipertimbangkan untuk dijadikan KRIs.  Analisa berikutnya dilakukan pada indicators yang mendapat score tinggi di gap assessment, namun tidak mendapat ‘9’di design matrix. Apabila terdapat modifikasi yang berpengaruh pada peningkatan rating di design matrix dan signifikan, maka indicators tersebut juga dapat dijadikan alternative KRIs. Pada tahap ini, dimungkinkan untuk dilakukan modifikasi pada potensial KRIs (indicators).  Langkah ini ditutup dengan menghapus seluruh indicators yang tidak mempunyai relasi yang cukup dari penilaian ke-dua tools tabel.
RISK BASED KRIs and KPIs – Defining Key Risk Indicators…cont.‘ 4. Validation and trigger-level identification.  Langkah sebelumnya biasanya menggunakan ‘subjective judgment’ untuk meng-assess relasi antara the risk- event drivers dan the metrics. Untuk indicators dimana relasi antara ‘the risk-event drivers dan the metrics’ dapat dinyatakan secara wajar (dalam tataran operasional –self evident), maka validasi tidak perlu dilakukan.  Namun bila terdapat Metric baru (lihat langkah 3-modifikasi metric), maka diperlukan proses validasi untuk memastikan bahwa metric tersebut adalah KRIs.  Validasi, umumnya menggunakan data historis, bila tidak tersedia maka dapat dilakukan asumsi yang sesuai untuk menggambarkan korelasi antara ‘the risk- event drivers dan the metrics hasil modifikasi’ sehingga didapat trigger level identifikasi. (lihat contoh disamping)
RISK BASED KRIs and KPIs – Defining Key Risk Indicators…cont.‘ 5. Dashboard design.  Sebagai bagian dalam penentuan KRIs yang layak dan efektif untuk memberikan gambaran perkembangan risiko, maka ‘dashboard’ merupakan bagian yang sangat penting bagi business managers, process owners, and senior management.  Dashboard adalah bagian dalam proses mamajemen risiko dan bermanfaat dalam ‘monthly business review’, dan meeting- meeting lainnya terkait pencapaian objective perusahaan.  Dashboard biasanya menggunakan gambar grafik dan tabel yang menunjukkan informasi yang tepat dan komprehensif terkait kondisi risiko perusahaan dan KRIs yang menjadi konsen manajemen.
RISK BASED KRIs and KPIs – Defining Key Risk Indicators…cont.‘ 6. Control plan and escalation criteria.  Fungsi utama dari ‘Control plan’ adalah memastikan tersedianya kriteria eskalasi (‘escalation criteria and roles ‘) untuk intervensi terhadap KRIs yang telah disepakati. Sehingga, siapa-pun, dan kapan-pun dilakukan treatment terhadap KRIs yang berpengaruh terhadap Objective perusahaan tidak menimbulkan efek perubahan baik proses dan prosedur yang telah ditetapkan diawal.  Umumnya, ‘control plan’ berisi: the KRI metric, the measurement frequency, a description of the measurement system, goals, trigger levels, escalation criteria, dan the owner for the escalation criteria. (sebagaimana terlihat pada contoh tabel dibawah).
RISK BASED KRIs and KPIs – Defining Key Risk Indicators…cont.‘ Siap jual Eks cabutan Repair Potensi Eksisting Deployment Sales Churn Net Add & ARPU Qualitas produk kurang baik Layanan purna jual kurang baik Harga tidak competitif Usage Price Tariff Gimmick Tunggakan Aps Cabut Manajemen Omset Competitor Voice Data SMS Demand Pnetrasi
RISK BASED KRIs and KPIs – Structuring Vision-Mission - KRIs Vision - Mision STRATEGIC OBJECTIVE Creating Superior Position by Strengthening The Legacy & Growing New Wave Businesses to Achieve 60% Of Industry Revenue in 2015 Corporate’ 10-StrategyInitiatives Significant Risks Notable Significant Risks Deployment Thru Risk Identification & Assessment Risk Relate to Performance Financial RiskStrategic Risk Operational Risk Business Growth Revenue Leakage Business Interruption Forex Interest Rate Liquidity Cost Eff. & Effect. Control Eff. & Effect .Co-Incident Indicators Causal Indicators Volume Indicators Key Risk Indicators
RISK BASED KRIs and KPIs – Defining Dashboard Business Growth Business Growth Early Warning SystemRISKS RISK MAP/LEVEL KEY RISK INDICATORs Business Growth Strategic Risks Financial Risks Operational Risks Market Risks Minutes of usage # LIS Current # LIS Churn Tariff FlexiFlexiFlexiFlexiSpeedy TLKM’ Products Data Ware-house TLKM’ Existing Applications TiBs TREMs TiCAREs External Info.Internal Sources PTA1 = f [KRI1,KRI2, …,KRIn] if, for instance f (x) = KRI1 x (KRI2 - KRI3) KRI1 KRI2 KRI3 S1 Appetite S1 S1 S1 S1 Dynamic MAP Indicators
Level of Maturity and Its Measurement Telkom‘s Perspective Public Relation Compliance Protection Optimization Value Creation Risk Maturity Graph Level Maturity Excellent Strong Adequate Weak Weak [Nonexistent] Level 5: Level 4: Level 3: Level 2: Level 1: Nonexistent Leadership Managed Repeatable Initial Ad hoc Excellent  Advanced capabilities to identify, measure, manage all risk exposures within tolerances  Advanced implementation, development and execution of ERM parameters  Consistently optimizes risk adjusted returns throughout the organization Strong  Clear vision of risk tolerance and overall risk profile  Risk Control exceeds adequate for most major risks  Has robust processes to identify and prepare for emerging risks  Incorporates risk management and decision making to optimize risk adjusted returns Adequate  Has fully functioning control systems in place for all of their major risks  May lack a robust process for identifying and preparing for emerging risks  Performing good classical “silo” based risk management  Not fully developed process to optimize risk adjusted returns. Weak  Incomplete control process for one or more major risks  Inconsistent or limited capabilities to identify, measure or manage major risk exposures Standard & Poor’s ERM Quality Classifications Where does your organization been stood?
MATURITY LEVEL – Revenue Assurance Framework 1 2 3 4 5 Dependent Repeatable Defined Managed Optimizing Ad-hoc, chaotic. Dependent on individual heroic. Basic Project/ Process management. Repeatable tasks. Standardized approach developed. Designing-in control commences. Leakage quantitatively understood and controlled. Continuous improvement via feedback. Decentralized ownership, holistic control.
MATURITY LEVEL – ERM Maturity Methodology Tahapan dari ERM maturity assessment adalah sebagai berikut:
MATURITY LEVEL – ERM Maturity Methodology Model dari ERM maturity assessment adalah terdiri dari 3 komponen penilaian sebagai berikut:
MATURITY LEVEL – ERM Maturity Methodology Berdasarkan riset/kaji pustaka dan kasus-kasus internasional serta interaksi mendalam dengan sejumlah besar perusahaan di Indonesia baik dalam konsultasi maupun kegiatan pengembangan kompetensi, dikembangkan sebuah model untuk mengukur tingkat maturitas implementasi ERM di sebuah perusahaan, dengan model sebagai berikut:
MATURITY LEVEL – ERM Maturity Methodology  Ad hoc level: No ERM policy. ERM is a compliance issue and implemented by a so called risk management team or persons. Commitment of corporate board, executive, and management arelacking.  Basic level : ERM policy and structure. Risk assessment is conducted by some units of the entity. Silo and fragmented approach. Commitment of corporate board, executive, and management are weak.  Defined level : ERM is conducted through out the entity. Risk data is available but limited. Qualitative and some degree of quantitative approaches to risk assessment. Risk management is reported regularly. Commitment of corporate board, executive, and management are normally strong.  Quantified level : Extensive use of internal and external data for risk quantification. Utilising quantitative methods in analysing risks. Confidence level towards risk management results is strong and high. Commitment of corporate board, executive, and management are very strong.  Optimised level : All decisions are risk based, risk-adjusted performance measures. Risk optimisation to achieve strategic competitiveness. Commitment of corporate board, executive, and management are extremely strong.
MATURITY LEVEL – ERM Maturity - Result Total, Korporat dan Unit - Maturity Assessment Score
 Ad hoc level: No ERM policy. ERM is a compliance issue and implemented by a so called risk management team or persons. Commitment of corporate board, executive, and management arelacking.  Basic level : ERM policy and structure. Risk assessment is conducted by some units of the entity. Silo and fragmented approach. Commitment of corporate board, executive, and management are weak.  Defined level : ERM is conducted through out the entity. Risk data is available but limited. Qualitative and some degree of quantitative approaches to risk assessment. Risk management is reported regularly. Commitment of corporate board, executive, and management are normally strong.  Quantified level : Extensive use of internal and external data for risk quantification. Utilising quantitative methods in analysing risks. Confidence level towards risk management results is strong and high. Commitment of corporate board, executive, and management are very strong.  Optimised level : All decisions are risk based, risk-adjusted performance measures. Risk optimisation to achieve strategic competitiveness. Commitment of corporate board, executive, and management are extremely strong. Total - Maturity Assessment Level MATURITY LEVEL – ERM Maturity - Result
Maturity Assessment Score dan Level - Component/Parameter MATURITY LEVEL – ERM Maturity - Result
ERM OPTIMAL

Recommended

04 enterprise risk management telkom 2011 technical risk assessment
04 enterprise risk management telkom 2011 technical risk assessment04 enterprise risk management telkom 2011 technical risk assessment
04 enterprise risk management telkom 2011 technical risk assessmentwisnu wardhana, i nyoman
 
01 enterprise risk management pegantar - telkom
01 enterprise risk management pegantar - telkom 01 enterprise risk management pegantar - telkom
01 enterprise risk management pegantar - telkom wisnu wardhana, i nyoman
 
02 enterprise risk management coso framework telkom 2011
02 enterprise risk management coso framework telkom 201102 enterprise risk management coso framework telkom 2011
02 enterprise risk management coso framework telkom 2011wisnu wardhana, i nyoman
 
08 enterprise risk management telkom 2011 risk profile
08 enterprise risk management telkom 2011 risk profile08 enterprise risk management telkom 2011 risk profile
08 enterprise risk management telkom 2011 risk profilewisnu wardhana, i nyoman
 
10 enterprise risk management telkom 2011 early warning system
10 enterprise risk management telkom 2011 early warning system10 enterprise risk management telkom 2011 early warning system
10 enterprise risk management telkom 2011 early warning systemwisnu wardhana, i nyoman
 
06 enterprise risk management telkom 2011 erm online
06 enterprise risk management telkom 2011 erm online06 enterprise risk management telkom 2011 erm online
06 enterprise risk management telkom 2011 erm onlinewisnu wardhana, i nyoman
 
07 enterprise risk management telkom 2011 risk control self assessment
07 enterprise risk management telkom 2011 risk control self assessment07 enterprise risk management telkom 2011 risk control self assessment
07 enterprise risk management telkom 2011 risk control self assessmentwisnu wardhana, i nyoman
 
09 enterprise risk management telkom 2011 key risk indicators
09 enterprise risk management telkom 2011 key risk indicators09 enterprise risk management telkom 2011 key risk indicators
09 enterprise risk management telkom 2011 key risk indicatorswisnu wardhana, i nyoman
 

Recommended

04 enterprise risk management telkom 2011 technical risk assessment
04 enterprise risk management telkom 2011 technical risk assessment04 enterprise risk management telkom 2011 technical risk assessment
04 enterprise risk management telkom 2011 technical risk assessmentwisnu wardhana, i nyoman
 
01 enterprise risk management pegantar - telkom
01 enterprise risk management pegantar - telkom 01 enterprise risk management pegantar - telkom
01 enterprise risk management pegantar - telkom wisnu wardhana, i nyoman
 
02 enterprise risk management coso framework telkom 2011
02 enterprise risk management coso framework telkom 201102 enterprise risk management coso framework telkom 2011
02 enterprise risk management coso framework telkom 2011wisnu wardhana, i nyoman
 
08 enterprise risk management telkom 2011 risk profile
08 enterprise risk management telkom 2011 risk profile08 enterprise risk management telkom 2011 risk profile
08 enterprise risk management telkom 2011 risk profilewisnu wardhana, i nyoman
 
10 enterprise risk management telkom 2011 early warning system
10 enterprise risk management telkom 2011 early warning system10 enterprise risk management telkom 2011 early warning system
10 enterprise risk management telkom 2011 early warning systemwisnu wardhana, i nyoman
 
06 enterprise risk management telkom 2011 erm online
06 enterprise risk management telkom 2011 erm online06 enterprise risk management telkom 2011 erm online
06 enterprise risk management telkom 2011 erm onlinewisnu wardhana, i nyoman
 
07 enterprise risk management telkom 2011 risk control self assessment
07 enterprise risk management telkom 2011 risk control self assessment07 enterprise risk management telkom 2011 risk control self assessment
07 enterprise risk management telkom 2011 risk control self assessmentwisnu wardhana, i nyoman
 
09 enterprise risk management telkom 2011 key risk indicators
09 enterprise risk management telkom 2011 key risk indicators09 enterprise risk management telkom 2011 key risk indicators
09 enterprise risk management telkom 2011 key risk indicatorswisnu wardhana, i nyoman
 
Implementasi ERM dan Internal Control-
Implementasi ERM dan Internal Control-Implementasi ERM dan Internal Control-
Implementasi ERM dan Internal Control-Directorate of Information Security | Ditjen Aptika
 
05 enterprise risk management telkom 2011 value at risk
05 enterprise risk management telkom 2011 value at risk05 enterprise risk management telkom 2011 value at risk
05 enterprise risk management telkom 2011 value at riskwisnu wardhana, i nyoman
 
COSO ERM
COSO ERMCOSO ERM
COSO ERMSophia Abigayle
 
Manajemen Risiko Berbasis Standar di Lembaga Informasi: Pengenalan SNI ISO 31...
Manajemen Risiko Berbasis Standar di Lembaga Informasi: Pengenalan SNI ISO 31...Manajemen Risiko Berbasis Standar di Lembaga Informasi: Pengenalan SNI ISO 31...
Manajemen Risiko Berbasis Standar di Lembaga Informasi: Pengenalan SNI ISO 31...Muhammad Bahrudin
 
Pengertian Risiko & Manajemen Risiko _Training RISK MANAGEMENT
Pengertian Risiko & Manajemen Risiko _Training RISK MANAGEMENTPengertian Risiko & Manajemen Risiko _Training RISK MANAGEMENT
Pengertian Risiko & Manajemen Risiko _Training RISK MANAGEMENTKanaidi ken
 
Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite Andrew Smart
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk ManagementDinas Komunikasi dan Informatika
 
Penilaian Profil Risiko Bank
Penilaian Profil Risiko BankPenilaian Profil Risiko Bank
Penilaian Profil Risiko BankDwi Wahyu
 
GRI ERM Roadmap - Program Overview
GRI ERM Roadmap - Program OverviewGRI ERM Roadmap - Program Overview
GRI ERM Roadmap - Program OverviewDenise Robinson
 
03 enterprise risk management telkom 2011 rac
03 enterprise risk management telkom 2011 rac03 enterprise risk management telkom 2011 rac
03 enterprise risk management telkom 2011 racwisnu wardhana, i nyoman
 
Mnajemen risiko kemenkeu radin
Mnajemen risiko kemenkeu radinMnajemen risiko kemenkeu radin
Mnajemen risiko kemenkeu radinDr .Maizar Radjin, SE., M.Ak., QIA., QRMA, CRGP
 
Desain Implementasi ISO 31000 sebagai Pedoman Manajemen Risiko di Unit Dokume...
Desain Implementasi ISO 31000 sebagai Pedoman Manajemen Risiko di Unit Dokume...Desain Implementasi ISO 31000 sebagai Pedoman Manajemen Risiko di Unit Dokume...
Desain Implementasi ISO 31000 sebagai Pedoman Manajemen Risiko di Unit Dokume...Muhammad Bahrudin
 
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB
 
Coso Erm(2)
Coso Erm(2)Coso Erm(2)
Coso Erm(2)deeptica
 
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...PECB
 
Managing Your Risk Taxonomy within StratexPoint
Managing Your Risk Taxonomy within StratexPointManaging Your Risk Taxonomy within StratexPoint
Managing Your Risk Taxonomy within StratexPointAscendore Limited
 
Manajemen Risiko 02 Enterprise Risk Management
Manajemen Risiko 02 Enterprise Risk ManagementManajemen Risiko 02 Enterprise Risk Management
Manajemen Risiko 02 Enterprise Risk ManagementJudianto Nugroho
 
Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard Andrew Smart
 
Pelatihan Manajemen Resiko
Pelatihan Manajemen ResikoPelatihan Manajemen Resiko
Pelatihan Manajemen ResikoShobrie Hardhi, SE, CFA, CLA, CPHR, CPTr.
 
INTEGRATED ENTERPRISE RISK MANAGEMENT (Based on ISO 31000: 2018 & COSO ERM 20...
INTEGRATED ENTERPRISE RISK MANAGEMENT (Based on ISO 31000: 2018 & COSO ERM 20...INTEGRATED ENTERPRISE RISK MANAGEMENT (Based on ISO 31000: 2018 & COSO ERM 20...
INTEGRATED ENTERPRISE RISK MANAGEMENT (Based on ISO 31000: 2018 & COSO ERM 20...Pangeran Sitompul
 
Manajemen resiko.pptx
Manajemen resiko.pptxManajemen resiko.pptx
Manajemen resiko.pptxIccang2
 
SIPI,5,Hajuini,Hapzi Ali, Cobit coso dan ERM,Universitas Mercu Buana,2018.Pdf.
SIPI,5,Hajuini,Hapzi Ali, Cobit coso dan ERM,Universitas Mercu Buana,2018.Pdf.SIPI,5,Hajuini,Hapzi Ali, Cobit coso dan ERM,Universitas Mercu Buana,2018.Pdf.
SIPI,5,Hajuini,Hapzi Ali, Cobit coso dan ERM,Universitas Mercu Buana,2018.Pdf.HAJUINI ZEIN
 

More Related Content

What's hot

05 enterprise risk management telkom 2011 value at risk
05 enterprise risk management telkom 2011 value at risk05 enterprise risk management telkom 2011 value at risk
05 enterprise risk management telkom 2011 value at riskwisnu wardhana, i nyoman
 
Manajemen Risiko Berbasis Standar di Lembaga Informasi: Pengenalan SNI ISO 31...
Manajemen Risiko Berbasis Standar di Lembaga Informasi: Pengenalan SNI ISO 31...Manajemen Risiko Berbasis Standar di Lembaga Informasi: Pengenalan SNI ISO 31...
Manajemen Risiko Berbasis Standar di Lembaga Informasi: Pengenalan SNI ISO 31...Muhammad Bahrudin
 
Pengertian Risiko & Manajemen Risiko _Training RISK MANAGEMENT
Pengertian Risiko & Manajemen Risiko _Training RISK MANAGEMENTPengertian Risiko & Manajemen Risiko _Training RISK MANAGEMENT
Pengertian Risiko & Manajemen Risiko _Training RISK MANAGEMENTKanaidi ken
 
Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite Andrew Smart
 
Penilaian Profil Risiko Bank
Penilaian Profil Risiko BankPenilaian Profil Risiko Bank
Penilaian Profil Risiko BankDwi Wahyu
 
GRI ERM Roadmap - Program Overview
GRI ERM Roadmap - Program OverviewGRI ERM Roadmap - Program Overview
GRI ERM Roadmap - Program OverviewDenise Robinson
 
03 enterprise risk management telkom 2011 rac
03 enterprise risk management telkom 2011 rac03 enterprise risk management telkom 2011 rac
03 enterprise risk management telkom 2011 racwisnu wardhana, i nyoman
 
Desain Implementasi ISO 31000 sebagai Pedoman Manajemen Risiko di Unit Dokume...
Desain Implementasi ISO 31000 sebagai Pedoman Manajemen Risiko di Unit Dokume...Desain Implementasi ISO 31000 sebagai Pedoman Manajemen Risiko di Unit Dokume...
Desain Implementasi ISO 31000 sebagai Pedoman Manajemen Risiko di Unit Dokume...Muhammad Bahrudin
 
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB
 
Coso Erm(2)
Coso Erm(2)Coso Erm(2)
Coso Erm(2)deeptica
 
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...PECB
 
Managing Your Risk Taxonomy within StratexPoint
Managing Your Risk Taxonomy within StratexPointManaging Your Risk Taxonomy within StratexPoint
Managing Your Risk Taxonomy within StratexPointAscendore Limited
 
Manajemen Risiko 02 Enterprise Risk Management
Manajemen Risiko 02 Enterprise Risk ManagementManajemen Risiko 02 Enterprise Risk Management
Manajemen Risiko 02 Enterprise Risk ManagementJudianto Nugroho
 
Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard Andrew Smart
 
INTEGRATED ENTERPRISE RISK MANAGEMENT (Based on ISO 31000: 2018 & COSO ERM 20...
INTEGRATED ENTERPRISE RISK MANAGEMENT (Based on ISO 31000: 2018 & COSO ERM 20...INTEGRATED ENTERPRISE RISK MANAGEMENT (Based on ISO 31000: 2018 & COSO ERM 20...
INTEGRATED ENTERPRISE RISK MANAGEMENT (Based on ISO 31000: 2018 & COSO ERM 20...Pangeran Sitompul
 

What's hot (20)

Implementasi ERM dan Internal Control-
Implementasi ERM dan Internal Control-Implementasi ERM dan Internal Control-
Implementasi ERM dan Internal Control-
 
05 enterprise risk management telkom 2011 value at risk
05 enterprise risk management telkom 2011 value at risk05 enterprise risk management telkom 2011 value at risk
05 enterprise risk management telkom 2011 value at risk
 
COSO ERM
COSO ERMCOSO ERM
COSO ERM
 
Manajemen Risiko Berbasis Standar di Lembaga Informasi: Pengenalan SNI ISO 31...
Manajemen Risiko Berbasis Standar di Lembaga Informasi: Pengenalan SNI ISO 31...Manajemen Risiko Berbasis Standar di Lembaga Informasi: Pengenalan SNI ISO 31...
Manajemen Risiko Berbasis Standar di Lembaga Informasi: Pengenalan SNI ISO 31...
 
Pengertian Risiko & Manajemen Risiko _Training RISK MANAGEMENT
Pengertian Risiko & Manajemen Risiko _Training RISK MANAGEMENTPengertian Risiko & Manajemen Risiko _Training RISK MANAGEMENT
Pengertian Risiko & Manajemen Risiko _Training RISK MANAGEMENT
 
Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk Management
 
Penilaian Profil Risiko Bank
Penilaian Profil Risiko BankPenilaian Profil Risiko Bank
Penilaian Profil Risiko Bank
 
GRI ERM Roadmap - Program Overview
GRI ERM Roadmap - Program OverviewGRI ERM Roadmap - Program Overview
GRI ERM Roadmap - Program Overview
 
03 enterprise risk management telkom 2011 rac
03 enterprise risk management telkom 2011 rac03 enterprise risk management telkom 2011 rac
03 enterprise risk management telkom 2011 rac
 
Mnajemen risiko kemenkeu radin
Mnajemen risiko kemenkeu radinMnajemen risiko kemenkeu radin
Mnajemen risiko kemenkeu radin
 
Desain Implementasi ISO 31000 sebagai Pedoman Manajemen Risiko di Unit Dokume...
Desain Implementasi ISO 31000 sebagai Pedoman Manajemen Risiko di Unit Dokume...Desain Implementasi ISO 31000 sebagai Pedoman Manajemen Risiko di Unit Dokume...
Desain Implementasi ISO 31000 sebagai Pedoman Manajemen Risiko di Unit Dokume...
 
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
 
Coso Erm(2)
Coso Erm(2)Coso Erm(2)
Coso Erm(2)
 
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
 
Managing Your Risk Taxonomy within StratexPoint
Managing Your Risk Taxonomy within StratexPointManaging Your Risk Taxonomy within StratexPoint
Managing Your Risk Taxonomy within StratexPoint
 
Manajemen Risiko 02 Enterprise Risk Management
Manajemen Risiko 02 Enterprise Risk ManagementManajemen Risiko 02 Enterprise Risk Management
Manajemen Risiko 02 Enterprise Risk Management
 
Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard
 
Pelatihan Manajemen Resiko
Pelatihan Manajemen ResikoPelatihan Manajemen Resiko
Pelatihan Manajemen Resiko
 
INTEGRATED ENTERPRISE RISK MANAGEMENT (Based on ISO 31000: 2018 & COSO ERM 20...
INTEGRATED ENTERPRISE RISK MANAGEMENT (Based on ISO 31000: 2018 & COSO ERM 20...INTEGRATED ENTERPRISE RISK MANAGEMENT (Based on ISO 31000: 2018 & COSO ERM 20...
INTEGRATED ENTERPRISE RISK MANAGEMENT (Based on ISO 31000: 2018 & COSO ERM 20...
 

Similar to ERM OPTIMAL

Manajemen resiko.pptx
Manajemen resiko.pptxManajemen resiko.pptx
Manajemen resiko.pptxIccang2
 
SIPI,5,Hajuini,Hapzi Ali, Cobit coso dan ERM,Universitas Mercu Buana,2018.Pdf.
SIPI,5,Hajuini,Hapzi Ali, Cobit coso dan ERM,Universitas Mercu Buana,2018.Pdf.SIPI,5,Hajuini,Hapzi Ali, Cobit coso dan ERM,Universitas Mercu Buana,2018.Pdf.
SIPI,5,Hajuini,Hapzi Ali, Cobit coso dan ERM,Universitas Mercu Buana,2018.Pdf.HAJUINI ZEIN
 
TERBARU...Silabus Pelatihan _"Penerapan MANAJEMEN RISIKO pada BUMN" (Permen B...
TERBARU...Silabus Pelatihan _"Penerapan MANAJEMEN RISIKO pada BUMN" (Permen B...TERBARU...Silabus Pelatihan _"Penerapan MANAJEMEN RISIKO pada BUMN" (Permen B...
TERBARU...Silabus Pelatihan _"Penerapan MANAJEMEN RISIKO pada BUMN" (Permen B...Kanaidi ken
 
Silabus Training _"FRAUD & INVESTIGATIVE AUDITING" (Teknik Pencegahan & Iden...
Silabus Training _"FRAUD & INVESTIGATIVE AUDITING" (Teknik Pencegahan & Iden...Silabus Training _"FRAUD & INVESTIGATIVE AUDITING" (Teknik Pencegahan & Iden...
Silabus Training _"FRAUD & INVESTIGATIVE AUDITING" (Teknik Pencegahan & Iden...Kanaidi ken
 
(2022) Silabus Pelatihan "Governance, Risk and Compliance (GRC)"
(2022) Silabus Pelatihan "Governance, Risk and Compliance (GRC)"(2022) Silabus Pelatihan "Governance, Risk and Compliance (GRC)"
(2022) Silabus Pelatihan "Governance, Risk and Compliance (GRC)"Kanaidi ken
 
Officeless as Platform - HSE Management System v1.0.0
Officeless as Platform - HSE Management System v1.0.0Officeless as Platform - HSE Management System v1.0.0
Officeless as Platform - HSE Management System v1.0.0jojonomic
 
RISK MANAGEMENT BY MEIKA
RISK MANAGEMENT BY MEIKARISK MANAGEMENT BY MEIKA
RISK MANAGEMENT BY MEIKAguest6816b5
 
RISK MANAGEMENT BY MEIKA
RISK MANAGEMENT BY MEIKARISK MANAGEMENT BY MEIKA
RISK MANAGEMENT BY MEIKAguest6816b5
 
RISK MANAGEMENT BY MEIKA
RISK MANAGEMENT BY MEIKARISK MANAGEMENT BY MEIKA
RISK MANAGEMENT BY MEIKAguest6816b5
 
(2021) Silabus Training "FRAUD RISK ASSESSMENT (FRA)"_Metode dan Teknik Asesm...
(2021) Silabus Training "FRAUD RISK ASSESSMENT (FRA)"_Metode dan Teknik Asesm...(2021) Silabus Training "FRAUD RISK ASSESSMENT (FRA)"_Metode dan Teknik Asesm...
(2021) Silabus Training "FRAUD RISK ASSESSMENT (FRA)"_Metode dan Teknik Asesm...Kanaidi ken
 
mengidentifikasi risiko xxxxxxxxxxxx.ppt
mengidentifikasi risiko xxxxxxxxxxxx.pptmengidentifikasi risiko xxxxxxxxxxxx.ppt
mengidentifikasi risiko xxxxxxxxxxxx.pptharis916240
 
Si pi, deewi indriyani, hapzi ali, cobit, coso dan erm, universitas mercu bua...
Si pi, deewi indriyani, hapzi ali, cobit, coso dan erm, universitas mercu bua...Si pi, deewi indriyani, hapzi ali, cobit, coso dan erm, universitas mercu bua...
Si pi, deewi indriyani, hapzi ali, cobit, coso dan erm, universitas mercu bua...Dewiindriyaniwahdiyansyah
 
SI & PI, Riri Pratiwi, Prof. Hapzi Ali, Kerangka Pengendalian : COBIT, COSO d...
SI & PI, Riri Pratiwi, Prof. Hapzi Ali, Kerangka Pengendalian : COBIT, COSO d...SI & PI, Riri Pratiwi, Prof. Hapzi Ali, Kerangka Pengendalian : COBIT, COSO d...
SI & PI, Riri Pratiwi, Prof. Hapzi Ali, Kerangka Pengendalian : COBIT, COSO d...RiriPratiwi2
 
(2021) Silabus Training "FRAUD RISK ASSESSMENT (FRA)"_Metode dan Teknik Asesm...
(2021) Silabus Training "FRAUD RISK ASSESSMENT (FRA)"_Metode dan Teknik Asesm...(2021) Silabus Training "FRAUD RISK ASSESSMENT (FRA)"_Metode dan Teknik Asesm...
(2021) Silabus Training "FRAUD RISK ASSESSMENT (FRA)"_Metode dan Teknik Asesm...Kanaidi ken
 
Bab 2 Enterprise Risk Management.pdf
Bab 2 Enterprise Risk Management.pdfBab 2 Enterprise Risk Management.pdf
Bab 2 Enterprise Risk Management.pdfDodi Suryadi
 
RENCANA Penyelenggaraan + Link2 Materi Pelatihan "MANAJEMEN RISIKO STRATEGIS ...
RENCANA Penyelenggaraan + Link2 Materi Pelatihan "MANAJEMEN RISIKO STRATEGIS ...RENCANA Penyelenggaraan + Link2 Materi Pelatihan "MANAJEMEN RISIKO STRATEGIS ...
RENCANA Penyelenggaraan + Link2 Materi Pelatihan "MANAJEMEN RISIKO STRATEGIS ...Kanaidi ken
 
Be & gg, ade, hapzi ali, ethics and business, risk management tugas 10, u...
Be & gg, ade, hapzi ali, ethics and business, risk management tugas 10, u...Be & gg, ade, hapzi ali, ethics and business, risk management tugas 10, u...
Be & gg, ade, hapzi ali, ethics and business, risk management tugas 10, u...Ade Caswito
 

Similar to ERM OPTIMAL (20)

Manajemen resiko.pptx
Manajemen resiko.pptxManajemen resiko.pptx
Manajemen resiko.pptx
 
SIPI,5,Hajuini,Hapzi Ali, Cobit coso dan ERM,Universitas Mercu Buana,2018.Pdf.
SIPI,5,Hajuini,Hapzi Ali, Cobit coso dan ERM,Universitas Mercu Buana,2018.Pdf.SIPI,5,Hajuini,Hapzi Ali, Cobit coso dan ERM,Universitas Mercu Buana,2018.Pdf.
SIPI,5,Hajuini,Hapzi Ali, Cobit coso dan ERM,Universitas Mercu Buana,2018.Pdf.
 
TERBARU...Silabus Pelatihan _"Penerapan MANAJEMEN RISIKO pada BUMN" (Permen B...
TERBARU...Silabus Pelatihan _"Penerapan MANAJEMEN RISIKO pada BUMN" (Permen B...TERBARU...Silabus Pelatihan _"Penerapan MANAJEMEN RISIKO pada BUMN" (Permen B...
TERBARU...Silabus Pelatihan _"Penerapan MANAJEMEN RISIKO pada BUMN" (Permen B...
 
Silabus Training _"FRAUD & INVESTIGATIVE AUDITING" (Teknik Pencegahan & Iden...
Silabus Training _"FRAUD & INVESTIGATIVE AUDITING" (Teknik Pencegahan & Iden...Silabus Training _"FRAUD & INVESTIGATIVE AUDITING" (Teknik Pencegahan & Iden...
Silabus Training _"FRAUD & INVESTIGATIVE AUDITING" (Teknik Pencegahan & Iden...
 
erm.ppt
erm.ppterm.ppt
erm.ppt
 
(2022) Silabus Pelatihan "Governance, Risk and Compliance (GRC)"
(2022) Silabus Pelatihan "Governance, Risk and Compliance (GRC)"(2022) Silabus Pelatihan "Governance, Risk and Compliance (GRC)"
(2022) Silabus Pelatihan "Governance, Risk and Compliance (GRC)"
 
Pengurusan Risiko
Pengurusan RisikoPengurusan Risiko
Pengurusan Risiko
 
Officeless as Platform - HSE Management System v1.0.0
Officeless as Platform - HSE Management System v1.0.0Officeless as Platform - HSE Management System v1.0.0
Officeless as Platform - HSE Management System v1.0.0
 
RISK MANAGEMENT BY MEIKA
RISK MANAGEMENT BY MEIKARISK MANAGEMENT BY MEIKA
RISK MANAGEMENT BY MEIKA
 
RISK MANAGEMENT BY MEIKA
RISK MANAGEMENT BY MEIKARISK MANAGEMENT BY MEIKA
RISK MANAGEMENT BY MEIKA
 
RISK MANAGEMENT BY MEIKA
RISK MANAGEMENT BY MEIKARISK MANAGEMENT BY MEIKA
RISK MANAGEMENT BY MEIKA
 
(2021) Silabus Training "FRAUD RISK ASSESSMENT (FRA)"_Metode dan Teknik Asesm...
(2021) Silabus Training "FRAUD RISK ASSESSMENT (FRA)"_Metode dan Teknik Asesm...(2021) Silabus Training "FRAUD RISK ASSESSMENT (FRA)"_Metode dan Teknik Asesm...
(2021) Silabus Training "FRAUD RISK ASSESSMENT (FRA)"_Metode dan Teknik Asesm...
 
mengidentifikasi risiko xxxxxxxxxxxx.ppt
mengidentifikasi risiko xxxxxxxxxxxx.pptmengidentifikasi risiko xxxxxxxxxxxx.ppt
mengidentifikasi risiko xxxxxxxxxxxx.ppt
 
Si pi, deewi indriyani, hapzi ali, cobit, coso dan erm, universitas mercu bua...
Si pi, deewi indriyani, hapzi ali, cobit, coso dan erm, universitas mercu bua...Si pi, deewi indriyani, hapzi ali, cobit, coso dan erm, universitas mercu bua...
Si pi, deewi indriyani, hapzi ali, cobit, coso dan erm, universitas mercu bua...
 
SI & PI, Riri Pratiwi, Prof. Hapzi Ali, Kerangka Pengendalian : COBIT, COSO d...
SI & PI, Riri Pratiwi, Prof. Hapzi Ali, Kerangka Pengendalian : COBIT, COSO d...SI & PI, Riri Pratiwi, Prof. Hapzi Ali, Kerangka Pengendalian : COBIT, COSO d...
SI & PI, Riri Pratiwi, Prof. Hapzi Ali, Kerangka Pengendalian : COBIT, COSO d...
 
(2021) Silabus Training "FRAUD RISK ASSESSMENT (FRA)"_Metode dan Teknik Asesm...
(2021) Silabus Training "FRAUD RISK ASSESSMENT (FRA)"_Metode dan Teknik Asesm...(2021) Silabus Training "FRAUD RISK ASSESSMENT (FRA)"_Metode dan Teknik Asesm...
(2021) Silabus Training "FRAUD RISK ASSESSMENT (FRA)"_Metode dan Teknik Asesm...
 
Bab 2 Enterprise Risk Management.pdf
Bab 2 Enterprise Risk Management.pdfBab 2 Enterprise Risk Management.pdf
Bab 2 Enterprise Risk Management.pdf
 
PERTEMUAN 12 MANAJEMEN RISIKO BISNIS TINGKATKORPORASI, STRATEGI BISNIS DAN PR...
PERTEMUAN 12 MANAJEMEN RISIKO BISNIS TINGKATKORPORASI, STRATEGI BISNIS DAN PR...PERTEMUAN 12 MANAJEMEN RISIKO BISNIS TINGKATKORPORASI, STRATEGI BISNIS DAN PR...
PERTEMUAN 12 MANAJEMEN RISIKO BISNIS TINGKATKORPORASI, STRATEGI BISNIS DAN PR...
 
RENCANA Penyelenggaraan + Link2 Materi Pelatihan "MANAJEMEN RISIKO STRATEGIS ...
RENCANA Penyelenggaraan + Link2 Materi Pelatihan "MANAJEMEN RISIKO STRATEGIS ...RENCANA Penyelenggaraan + Link2 Materi Pelatihan "MANAJEMEN RISIKO STRATEGIS ...
RENCANA Penyelenggaraan + Link2 Materi Pelatihan "MANAJEMEN RISIKO STRATEGIS ...
 
Be & gg, ade, hapzi ali, ethics and business, risk management tugas 10, u...
Be & gg, ade, hapzi ali, ethics and business, risk management tugas 10, u...Be & gg, ade, hapzi ali, ethics and business, risk management tugas 10, u...
Be & gg, ade, hapzi ali, ethics and business, risk management tugas 10, u...
 

More from wisnu wardhana, i nyoman

Risk and governance presentation telkom indonesia
Risk and governance presentation telkom indonesia Risk and governance presentation telkom indonesia
Risk and governance presentation telkom indonesia wisnu wardhana, i nyoman
 
Legal presentation konsepsi business judgment rule doctrine - telkom indon...
Legal presentation konsepsi business judgment rule doctrine - telkom indon...Legal presentation konsepsi business judgment rule doctrine - telkom indon...
Legal presentation konsepsi business judgment rule doctrine - telkom indon...wisnu wardhana, i nyoman
 

More from wisnu wardhana, i nyoman (20)

Business law module 10
Business law module 10Business law module 10
Business law module 10
 
Business law module 9
Business law module 9Business law module 9
Business law module 9
 
Business law module 8
Business law module 8Business law module 8
Business law module 8
 
Business law module 7
Business law module 7Business law module 7
Business law module 7
 
Business law module 6
Business law module 6Business law module 6
Business law module 6
 
Business law module 5
Business law module 5Business law module 5
Business law module 5
 
Business law module 4
Business law module 4Business law module 4
Business law module 4
 
Business law module 3
Business law module 3Business law module 3
Business law module 3
 
Business law module 2
Business law module 2Business law module 2
Business law module 2
 
Business law module 1
Business law module 1Business law module 1
Business law module 1
 
Mergers & Acquisitions XII
Mergers & Acquisitions XIIMergers & Acquisitions XII
Mergers & Acquisitions XII
 
Mergers & Acquisitions X dan XI
Mergers & Acquisitions X dan XIMergers & Acquisitions X dan XI
Mergers & Acquisitions X dan XI
 
Mergers & Acquisitions IX
Mergers & Acquisitions IXMergers & Acquisitions IX
Mergers & Acquisitions IX
 
Mergers & Acquisitions VIII
Mergers & Acquisitions VIIIMergers & Acquisitions VIII
Mergers & Acquisitions VIII
 
Mergers & Acquisitions VII
Mergers & Acquisitions VIIMergers & Acquisitions VII
Mergers & Acquisitions VII
 
Mergers & Acquisitions VI
Mergers & Acquisitions VIMergers & Acquisitions VI
Mergers & Acquisitions VI
 
Mergers & Acquisitions III
Mergers & Acquisitions IIIMergers & Acquisitions III
Mergers & Acquisitions III
 
Merger & Acquisition I-II
Merger & Acquisition I-IIMerger & Acquisition I-II
Merger & Acquisition I-II
 
Risk and governance presentation telkom indonesia
Risk and governance presentation telkom indonesia Risk and governance presentation telkom indonesia
Risk and governance presentation telkom indonesia
 
Legal presentation konsepsi business judgment rule doctrine - telkom indon...
Legal presentation konsepsi business judgment rule doctrine - telkom indon...Legal presentation konsepsi business judgment rule doctrine - telkom indon...
Legal presentation konsepsi business judgment rule doctrine - telkom indon...
 

Recently uploaded

Tajuk: SV388: Platform Unggul Taruhan Sabung Ayam Online di Indonesia
Tajuk: SV388: Platform Unggul Taruhan Sabung Ayam Online di IndonesiaTajuk: SV388: Platform Unggul Taruhan Sabung Ayam Online di Indonesia
Tajuk: SV388: Platform Unggul Taruhan Sabung Ayam Online di IndonesiaHaseebBashir5
 
LAPORAN PKP yang telah jadi dan dapat dijadikan contoh
LAPORAN PKP yang telah jadi dan dapat dijadikan contohLAPORAN PKP yang telah jadi dan dapat dijadikan contoh
LAPORAN PKP yang telah jadi dan dapat dijadikan contohkhunagnes1
 
Slide tentang Akuntansi Perpajakan Indonesia
Slide tentang Akuntansi Perpajakan IndonesiaSlide tentang Akuntansi Perpajakan Indonesia
Slide tentang Akuntansi Perpajakan IndonesiaNovrinKartikaTumbade
 
Capital Asset Priceng Model atau CAPM 11
Capital Asset Priceng Model atau CAPM 11Capital Asset Priceng Model atau CAPM 11
Capital Asset Priceng Model atau CAPM 11Al-ghifari Erik
 
DRAFT Penilaian Assessor _MIiii_UIM.pptx
DRAFT Penilaian Assessor _MIiii_UIM.pptxDRAFT Penilaian Assessor _MIiii_UIM.pptx
DRAFT Penilaian Assessor _MIiii_UIM.pptxnairaazkia89
 
PRESTIGE BUSINESS PRESENTATION BULAN APRIL 2024
PRESTIGE BUSINESS PRESENTATION BULAN APRIL 2024PRESTIGE BUSINESS PRESENTATION BULAN APRIL 2024
PRESTIGE BUSINESS PRESENTATION BULAN APRIL 2024HelmyTransformasi
 
PREMIUM!!! WA 0821 7001 0763 (FORTRESS) Bahan Pintu Aluminium Kamar Mandi di ...
PREMIUM!!! WA 0821 7001 0763 (FORTRESS) Bahan Pintu Aluminium Kamar Mandi di ...PREMIUM!!! WA 0821 7001 0763 (FORTRESS) Bahan Pintu Aluminium Kamar Mandi di ...
PREMIUM!!! WA 0821 7001 0763 (FORTRESS) Bahan Pintu Aluminium Kamar Mandi di ...FORTRESS
 
04 AKMEN new.pdf........................
04 AKMEN new.pdf........................04 AKMEN new.pdf........................
04 AKMEN new.pdf........................rendisalay
 
SV388: Platform Taruhan Sabung Ayam Online yang Populer
SV388: Platform Taruhan Sabung Ayam Online yang PopulerSV388: Platform Taruhan Sabung Ayam Online yang Populer
SV388: Platform Taruhan Sabung Ayam Online yang PopulerHaseebBashir5
 
Mengenal Rosa777: Situs Judi Online yang Populer
Mengenal Rosa777: Situs Judi Online yang PopulerMengenal Rosa777: Situs Judi Online yang Populer
Mengenal Rosa777: Situs Judi Online yang PopulerHaseebBashir5
 
UNIKBET : Agen Slot Resmi Pragmatic Play Ada Deposit Sesama Linkaja
UNIKBET : Agen Slot Resmi Pragmatic Play Ada Deposit Sesama LinkajaUNIKBET : Agen Slot Resmi Pragmatic Play Ada Deposit Sesama Linkaja
UNIKBET : Agen Slot Resmi Pragmatic Play Ada Deposit Sesama Linkajaunikbetslotbankmaybank
 
Judul: Mengenal Lebih Jauh Tentang Jamintoto: Platform Perjudian Online yang ...
Judul: Mengenal Lebih Jauh Tentang Jamintoto: Platform Perjudian Online yang ...Judul: Mengenal Lebih Jauh Tentang Jamintoto: Platform Perjudian Online yang ...
Judul: Mengenal Lebih Jauh Tentang Jamintoto: Platform Perjudian Online yang ...HaseebBashir5
 
PPT - PSAK 109 TENTANG INSTRUMEN KEUANGAN
PPT - PSAK 109 TENTANG INSTRUMEN KEUANGANPPT - PSAK 109 TENTANG INSTRUMEN KEUANGAN
PPT - PSAK 109 TENTANG INSTRUMEN KEUANGANdewihartinah
 
Perspektif Psikologi dalam Perubahan Organisasi
Perspektif Psikologi dalam Perubahan OrganisasiPerspektif Psikologi dalam Perubahan Organisasi
Perspektif Psikologi dalam Perubahan OrganisasiSeta Wicaksana
 
Tentang Gerhanatoto: Situs Judi Online yang Menarik Perhatian
Tentang Gerhanatoto: Situs Judi Online yang Menarik PerhatianTentang Gerhanatoto: Situs Judi Online yang Menarik Perhatian
Tentang Gerhanatoto: Situs Judi Online yang Menarik PerhatianHaseebBashir5
 
Time Value of Money Mata Kuliah Ekonomi 2
Time Value of Money Mata Kuliah Ekonomi 2Time Value of Money Mata Kuliah Ekonomi 2
Time Value of Money Mata Kuliah Ekonomi 2PutriMuaini
 
MAKALAH MANAJEMEN BISNIS RIRIS DAN YUDI.docx
MAKALAH MANAJEMEN BISNIS RIRIS DAN YUDI.docxMAKALAH MANAJEMEN BISNIS RIRIS DAN YUDI.docx
MAKALAH MANAJEMEN BISNIS RIRIS DAN YUDI.docxYogiAJ
 
KUAT!!! WA 0821 7001 0763 (FORTRESS) Harga Pintu Besi Plat Polos di Serang .pptx
KUAT!!! WA 0821 7001 0763 (FORTRESS) Harga Pintu Besi Plat Polos di Serang .pptxKUAT!!! WA 0821 7001 0763 (FORTRESS) Harga Pintu Besi Plat Polos di Serang .pptx
KUAT!!! WA 0821 7001 0763 (FORTRESS) Harga Pintu Besi Plat Polos di Serang .pptxFORTRESS
 
ESTETIK!!! WA 0821 7001 0763 (FORTRESS) Bahan Pintu Aluminium Coklat di Denpa...
ESTETIK!!! WA 0821 7001 0763 (FORTRESS) Bahan Pintu Aluminium Coklat di Denpa...ESTETIK!!! WA 0821 7001 0763 (FORTRESS) Bahan Pintu Aluminium Coklat di Denpa...
ESTETIK!!! WA 0821 7001 0763 (FORTRESS) Bahan Pintu Aluminium Coklat di Denpa...FORTRESS
 
Memaksimalkan Waktu untuk Mendapatkan Kampus Impian melalui SBMPTN (1).pptx
Memaksimalkan Waktu untuk Mendapatkan Kampus Impian melalui SBMPTN (1).pptxMemaksimalkan Waktu untuk Mendapatkan Kampus Impian melalui SBMPTN (1).pptx
Memaksimalkan Waktu untuk Mendapatkan Kampus Impian melalui SBMPTN (1).pptxSintaDosi
 

Recently uploaded (20)

Tajuk: SV388: Platform Unggul Taruhan Sabung Ayam Online di Indonesia
Tajuk: SV388: Platform Unggul Taruhan Sabung Ayam Online di IndonesiaTajuk: SV388: Platform Unggul Taruhan Sabung Ayam Online di Indonesia
Tajuk: SV388: Platform Unggul Taruhan Sabung Ayam Online di Indonesia
 
LAPORAN PKP yang telah jadi dan dapat dijadikan contoh
LAPORAN PKP yang telah jadi dan dapat dijadikan contohLAPORAN PKP yang telah jadi dan dapat dijadikan contoh
LAPORAN PKP yang telah jadi dan dapat dijadikan contoh
 
Slide tentang Akuntansi Perpajakan Indonesia
Slide tentang Akuntansi Perpajakan IndonesiaSlide tentang Akuntansi Perpajakan Indonesia
Slide tentang Akuntansi Perpajakan Indonesia
 
Capital Asset Priceng Model atau CAPM 11
Capital Asset Priceng Model atau CAPM 11Capital Asset Priceng Model atau CAPM 11
Capital Asset Priceng Model atau CAPM 11
 
DRAFT Penilaian Assessor _MIiii_UIM.pptx
DRAFT Penilaian Assessor _MIiii_UIM.pptxDRAFT Penilaian Assessor _MIiii_UIM.pptx
DRAFT Penilaian Assessor _MIiii_UIM.pptx
 
PRESTIGE BUSINESS PRESENTATION BULAN APRIL 2024
PRESTIGE BUSINESS PRESENTATION BULAN APRIL 2024PRESTIGE BUSINESS PRESENTATION BULAN APRIL 2024
PRESTIGE BUSINESS PRESENTATION BULAN APRIL 2024
 
PREMIUM!!! WA 0821 7001 0763 (FORTRESS) Bahan Pintu Aluminium Kamar Mandi di ...
PREMIUM!!! WA 0821 7001 0763 (FORTRESS) Bahan Pintu Aluminium Kamar Mandi di ...PREMIUM!!! WA 0821 7001 0763 (FORTRESS) Bahan Pintu Aluminium Kamar Mandi di ...
PREMIUM!!! WA 0821 7001 0763 (FORTRESS) Bahan Pintu Aluminium Kamar Mandi di ...
 
04 AKMEN new.pdf........................
04 AKMEN new.pdf........................04 AKMEN new.pdf........................
04 AKMEN new.pdf........................
 
SV388: Platform Taruhan Sabung Ayam Online yang Populer
SV388: Platform Taruhan Sabung Ayam Online yang PopulerSV388: Platform Taruhan Sabung Ayam Online yang Populer
SV388: Platform Taruhan Sabung Ayam Online yang Populer
 
Mengenal Rosa777: Situs Judi Online yang Populer
Mengenal Rosa777: Situs Judi Online yang PopulerMengenal Rosa777: Situs Judi Online yang Populer
Mengenal Rosa777: Situs Judi Online yang Populer
 
UNIKBET : Agen Slot Resmi Pragmatic Play Ada Deposit Sesama Linkaja
UNIKBET : Agen Slot Resmi Pragmatic Play Ada Deposit Sesama LinkajaUNIKBET : Agen Slot Resmi Pragmatic Play Ada Deposit Sesama Linkaja
UNIKBET : Agen Slot Resmi Pragmatic Play Ada Deposit Sesama Linkaja
 
Judul: Mengenal Lebih Jauh Tentang Jamintoto: Platform Perjudian Online yang ...
Judul: Mengenal Lebih Jauh Tentang Jamintoto: Platform Perjudian Online yang ...Judul: Mengenal Lebih Jauh Tentang Jamintoto: Platform Perjudian Online yang ...
Judul: Mengenal Lebih Jauh Tentang Jamintoto: Platform Perjudian Online yang ...
 
PPT - PSAK 109 TENTANG INSTRUMEN KEUANGAN
PPT - PSAK 109 TENTANG INSTRUMEN KEUANGANPPT - PSAK 109 TENTANG INSTRUMEN KEUANGAN
PPT - PSAK 109 TENTANG INSTRUMEN KEUANGAN
 
Perspektif Psikologi dalam Perubahan Organisasi
Perspektif Psikologi dalam Perubahan OrganisasiPerspektif Psikologi dalam Perubahan Organisasi
Perspektif Psikologi dalam Perubahan Organisasi
 
Tentang Gerhanatoto: Situs Judi Online yang Menarik Perhatian
Tentang Gerhanatoto: Situs Judi Online yang Menarik PerhatianTentang Gerhanatoto: Situs Judi Online yang Menarik Perhatian
Tentang Gerhanatoto: Situs Judi Online yang Menarik Perhatian
 
Time Value of Money Mata Kuliah Ekonomi 2
Time Value of Money Mata Kuliah Ekonomi 2Time Value of Money Mata Kuliah Ekonomi 2
Time Value of Money Mata Kuliah Ekonomi 2
 
MAKALAH MANAJEMEN BISNIS RIRIS DAN YUDI.docx
MAKALAH MANAJEMEN BISNIS RIRIS DAN YUDI.docxMAKALAH MANAJEMEN BISNIS RIRIS DAN YUDI.docx
MAKALAH MANAJEMEN BISNIS RIRIS DAN YUDI.docx
 
KUAT!!! WA 0821 7001 0763 (FORTRESS) Harga Pintu Besi Plat Polos di Serang .pptx
KUAT!!! WA 0821 7001 0763 (FORTRESS) Harga Pintu Besi Plat Polos di Serang .pptxKUAT!!! WA 0821 7001 0763 (FORTRESS) Harga Pintu Besi Plat Polos di Serang .pptx
KUAT!!! WA 0821 7001 0763 (FORTRESS) Harga Pintu Besi Plat Polos di Serang .pptx
 
ESTETIK!!! WA 0821 7001 0763 (FORTRESS) Bahan Pintu Aluminium Coklat di Denpa...
ESTETIK!!! WA 0821 7001 0763 (FORTRESS) Bahan Pintu Aluminium Coklat di Denpa...ESTETIK!!! WA 0821 7001 0763 (FORTRESS) Bahan Pintu Aluminium Coklat di Denpa...
ESTETIK!!! WA 0821 7001 0763 (FORTRESS) Bahan Pintu Aluminium Coklat di Denpa...
 
Memaksimalkan Waktu untuk Mendapatkan Kampus Impian melalui SBMPTN (1).pptx
Memaksimalkan Waktu untuk Mendapatkan Kampus Impian melalui SBMPTN (1).pptxMemaksimalkan Waktu untuk Mendapatkan Kampus Impian melalui SBMPTN (1).pptx
Memaksimalkan Waktu untuk Mendapatkan Kampus Impian melalui SBMPTN (1).pptx
 

ERM OPTIMAL

  • 1. Jakarta, April 2016 an Enterprise Risk Management in Practice towards Business Competitiveness Risk & Process Management PT. Telekomunikasi Indonesia, Tbk I Nyoman Wisnu Wardhana Senior Advisor II – PT. Telkom
  • 2. Disclaimer This document may contain forward-looking statements within the meaning of safe-harbor. Actual results could differ materially from projections, estimations or expectations. These may involve risks and uncertainty, and may cause actual results and development to differ substantially from those expressed or implied in the statements. The company does not guarantee that any action, which may have been taken in reliance of this document will bring specific results as expected. Subdit Risk & Process Management PT. Telekomunikasi Indonesia, Tbk
  • 3. O U T L I N E  Telkom at glance  ERM – Latest Concept  ERM Framework  ERM‘ Processes  Takeaway The latest of risk management, GRC, Risk Based approach Framework Risk Profile and Treatment
  • 4. Total Shares 100,799,996,400 shares Market Capitalization at IDX Telkom Indonesia is listed at Indonesia Stock Exchange (TLKM IJ) and New York Stock Exchange (TLK US) Public 46.76% Government 53.24% Treasury Shares 2.6% IDR 333,14 Tn. Telkom at a glance
  • 5. Telkom at a glance – The Group
  • 6. Telkom at a glance – Corporate philosophy Telkom ada untuk memberikan yang terbaik bagi bangsa Indonesia dan semesta alam Telkom memberikan service dan solusi terbaik yang dibutuhkan dan dicintai oleh Customer Telkom meningkatkan value perusahaan,. profesionalisme dan kesejahteraan pegawai serta return yang optimal bagi shareholder MEGA MAKRO MIKRO Warna Merah Putih: Persembahan Telkom Indonesia untuk Indonesia dan semesta alam The World in Your Hand: Yang terbaik untuk pelanggan Company: Value perusahaan, professionalisme, shareholder
  • 7. Telkom at a glance – Corporate Strategy Vision Be the King of Digital in the Region Mission Lead Indonesian Digital Innovation and Globalization Strategic Objective Corporate Strategy  Directional Strategy : Sustainable Competitive Growth  Portfolio Strategy : Converged TIMES Portfolio  Parenting Strategy : Strategic Guidance Top 10 Market Capitalization Telco in Asia-Pacific by 2020
  • 8. • RPM & Personnel • Framework • Methodology & Tool • Policy & Procedure • Risk Ownership Assured by Internal Audit Telkom‘s BOC and BOD Support and Oversight Risk management Vision: Bring Risk Management into Telkom‘s culture that embedded to PT. Telkom‘s business process and operational Risk Management Mission: To be a ―Partner‖ for all PT. Telkom‘s business unit and operational Sukses Implementasi ERM di PT. Telkom bergantung kepada adanya dukungan dan komitmen dari BoD dan BoC (Tone at the Top) serta adanya Fungsi yang menjamin Efektivitas Implementasi dan memberi masukan untuk pengembangan lebih Lanjut (IA) Telkom at a glance – Visi, Misi Telkom ERM
  • 9. Telkom at a glance – Corporate Legal Consideration Consider PT. Telekomunikasi Indonesia, Tbk. Sebagai Perseroan Terbatas Law  UU No. 40/2007 tentang Perseroan Terbatas Regulation  Per-Pres, Kep-Pres, Per-Men, Per- Pem, etc. Sebagai Perusahaan Milik Negara Law  UU No. 19/2003 tentang BUMN; UU No. 17/2003 tentang Keuangan Negara, etc. Regulation  Per-Pres, Kep-Pres, Per-Men, Per- Pem, etc. Sebagai Perusahaan Telekomunikasi Law  UU No. 36/1999 tentang Telekomunikasi; UU No. 11/2008 tentang ITE, etc. Regulation  Per-Pres, Kep-Pres, Per-Men, Per- Pem, etc. Sebagai Perusahaan Publik Law  UU No. 8/1995 tentang Pasar Modal; Regulation  Per-Pres, Kep-Pres, Per-Men, Per- Pem, Per-OJK (Bapepam), SOX-SEC, IDX Reg, etc. Consider Consider Consider The Bylaw Company‘ internal regulations: Peraturan Direksi Peraturan Direktur Peraturan Kepala Unit Bisnis Policies Procedures SOP/SMP Etc. Other public laws, for instance: - UU No. 31/1999 - UU No. 5/1999 - KUHP - Etc.
  • 10. ―The greatest risk of all is to take no risk at all‖ – Forbes
  • 11. Latest Concept of ERM – Business Turbulence Latest Progress New Concept The Fact Challenge Perubahan yang sangat cepat bahkan seringkali tidak terduga (highly volatile) Pentingnya memberi perhatian khusus pada kebijakan dan proses yang berkaitan dengan Tatakelola Perusahaan (GCG), Manajemen Risiko, dan Kepatuhan (increasing attention to GRC) Pentingnya memberi perhatian Kebanyakan perusahaan mengelola GCG, Manajemen Risiko, dan Kepatuhan berjalan sendiri-sendiri bahkan terjadi silo-silo diantara mereka Bagaimana perusahaan mampu mengelola risiko bisnisnya yang sangat efisien dan lincah dengan dimilikinya sistem Pemantauan Pengendalian yang seimbang dan terintegrasi
  • 12. Financial risk Liquidity risk Diversification risk – No-diversification risk Development risk Growth risk - Stagnation risk Income stream risk Political risk Regulation risk Demand risk Supply risk Sale & Marketing risk Reputational risk Business continuity risk Health and safety risk, …. Latest Concept of ERM – Risk is everywhere Operational Failure Disruption of Main Process Decreasing of Quality of service Shrinkage of Market and Investor Business Performance Inflammation Raising Cost
  • 13. Latest Concept of ERM – Fragmentation Increases Risk Supplier ―black list‖ Anti – terrorist trade practices High credit risk customer Balance credit profile Data leakage & security Security IT infrastructure Employee safety compliance Environmental health & safety compliance Disconnected risk analysis Integrated risk analysis Complex, Int. compliance req. Global finance reporting compliance Exc. Compensation practices Evidence for decision & directives Incomplete global risk profile Increase confidence in business result ProcurementSales, Services IT OperationHuman ResourcesCompliance /Risk Office FinanceDireksi/Dekom & Audit Comittee Executive& Managers New pressures, new risks • Diversification - range of business streams • Commercial competition • Care & support; social enterprise • Market renting; market sale • New partners; joint ventures • New funding models • Emphasis on self-regulation, co- regulation • Increasing focus on governance
  • 14. Latest Concept of ERM – Fragmentation Increases Risk
  • 15. Latest Concept of ERM – Fragmentation Increases Risk
  • 16. Latest Concept of ERM – Don‘t to be a stranger man TOP 10 RISK 1 Damage to reputation/brand 2 Economic slowdown/slow recovery 3 Regulatory/ legislative changes 4 Increasing competition 5 Failure to attract or retain top talent 6 Failure to innovate/meet customer needs 7 Business interruption 8 Third-party liability 9 Computer crime/ hacking/viruses/ malicious codes 10 Property damage TOP 10 Global Risk 2015 Top 10 Risk in Telecommunications 2014
  • 17. Latest Concept of ERM – TOP 10 Risks Competitive is a must! 1 Damage to reputation/brand 2 Economic slowdown/slow recovery 3 Regulatory/ Legislative changes 4 Increasing Competition 5 Failure to attract or retain top talent 6 Failure to innovate/meet customer needs 7 Business Interruption 8 Third party liability 9 Computer crime/hacking/viruses/ malicious codes 10 Property damage 1 Increasing Competition 2 Economic slowdown/slow recovery 3 Regulatory/ Legislative changes 4 Failure to innovate/meet customer needs 5 Damage to reputation/brand 6 Failure to attract or retain top talent 7 Computer crime/hacking/viruses/ malicious codes 8 Commodity price risk 9 Political risk/uncertainties 10 Growing burden and consequences of corporate governance/compliance 2015‘ risks 2018 projected
  • 18. Latest Concept of ERM – Going to risk based approach Risk & Strategic Planning Risk & ICoFR Risk & BCMS (ISO 22300) Risk & ISMS (ISO 27000) Risk & Asset Management Toward intelligent Risk Taking Ensure reliability of financial reporting Prevent business disruption Protected of asset information (CIA) Effective and efficient, and well protected of asset
  • 19. Latest Concept of ERM – The Survey How challenging is each of the following in defining and implementing your organization‘s enterprise- level risk appetite statement? Complying with regulatory expectation regarding risk appetite 55% 55% 38% 37% 35% 21% 18% 11% Defining risk appetite for strategic risk Defining risk appetite for reputational risk Defining risk appetite for operational risk Allocating the risk appetite among different business units Translating the risk appetite for individual risk types into quantitative risk limits Integrating stress testing results when defining risk appetite Gaining the active participation of business units in implementing the risk appetite and risk limits
  • 20. ―Nearly 90 percent of firms do not conduct a risk assessment when outsourcing production.‖ ―Risk: It's Time to Measure It,‖ Harvard Business Review
  • 21. ERM Framework – The History 1970s Risk management gains wider acceptance 1980s Companies begin Risk departments, typically focused on insurance 1990s Risk management matures as companies begin to focus on ―business risk‖ 19801970 1990 2000 2004 Release of COSO ERM Integrated Framework 19601950 1950s-1960s Traditional Risk Management (―TRM‖) 1977 Foreign Corrupt Practices Act (―FCPA‖) Early1980s Increased focus on internal control and compliance 1985 National Commission on Fraudulent Financial Reporting — Treadway Commission 1992 Committee of Sponsoring Organizations (―COSO‖) published Internal Control — Integrated Framework 1990s-2000 Continued focus on internal control, risk management, and responsibilities (Blue Ribbon Commission, Competency Framework for Internal Audit, others) 2002 Sarbanes-Oxley Act of 2002 Enterprise Risk Management is intertwined with the development of internal control standards and the regulatory environment.
  • 22. ERM Framework – The Defined Framework Japan Financial Services Agency (JFSA) – ERM Framework 2013 ISO 31000:2009 the new International Risk Management Standard Federation of European Risk Management Association (FERMA) Risk and Insurance Management Society (RIMS) Basel II – Integrated Risk Management Solution COSO ERM framework AS/NZS 4360:2004 RIMS Risk Maturity Model
  • 23. ERM Framework – The COSO Framework 1. Entity objectives 2. Activities at all levels 3. The eight components of the framework 1 2 3
  • 24. ERM Framework – Telkom ERM Framework Telkom ERM system with reference to the COSO ERM framework. Risk management is inherent in the implementation of GCG as well as internal control mechanism within the company. Therefore, since 2008 we have established and developed:  Structural Aspects which include developing risk management vision, mission, commitment, tone at the top, conducive internal environment, policy, competence development, IT tools and systems.  Operational Aspects which include determination of Risk Acceptance Criteria, conducting risk assessment and developing specific-functions risk management.  Maintenance Aspects which include monitoring risk management implementation, periodical risk reporting report, safeguarding the continuity of competency development. Regularly assessing the quality of implementation of risk management through Risk Management Index, Risk Culture Survey and Risk Maturity Level.
  • 25. ―An ounce of prevention is worth a pound of cure.‖ - BF
  • 26. ERM Framework – Road Map 2008 2010 2012 2015 Beyond Developed Risk Management Implementation and Creating values 2009 2011 2013 2014 2016 • Restrukturissi Kebijakan • Risk Assessment • Review Risiko Inisiatif • Sosialisasi dan internalisasi • Risk Management Information System dan ISMS terimplementasi • Protap dan standar perjanjian maupun standar proses penyelesaian dokumen hukum dan bantuan hukum menjadi acuan baku dalam setiap pelaksanaan aktivitas Legal Compliance • Tersedianya Sistem Informasi Legal Compliance • Peningkatan kompetensi bidang C&RM • Implementasi ketegasan pemberian sanksi atas pelanggaran service level & kebijakan • Memastikan adanya suatu ukuran risiko dalam setiap KPI suatu unit • Implementasi Kejelasan reward & punishment terkait dengan pemenuhan risk indicator/ rasio yang ada • Risk monitoring and reporting system terimplementasi • Meningkatnya pemahaman dan kesadaran akan peran hukum • Sistim informasi menjadi bagian dalam setiap pelaksaan tugas karyawan. • Effisiensi ratio, loss ratio, potensial risk ratio menjadi salah satu KPI utama dari ―enterprise- wide‖ • Memastikan Risk assessment dilakukan pada setiap proses bisnis, inisiatif kebijakan maupun pengambilan keputusan • Memastikan tersedianya informasi tepat waktu tentang kondisi risiko awal (Early warning signal) • Kepatuhan hukum merupakan bagian dalam setiap pelaksanaan aktivitas • Terlaksananya transaksi perusahaan yang aman dan terlindungi dari aspek hukum. • Adanya Nilai tambah atas tiap produk / inisiatif yang sdh dilakukan risk assessment • Memastikan Efektivitas mitigasi plan risk control • Perusahaan memiliki sistim kontrol dari aspek hukum yang mampu mendeteksi secara dini terjadinya pelanggaran/permas alahan . • Implementasi Governance Risk Compliance + Culture (GRC) • Menjadi role model pengelolaan risiko di industri Telco • Memastikan system enterprise security yang aman pada seluruh system yang ada dan zero revenue leakage (tidak ada kebocoran) • Terpenuhinya kepatuhan hukum atas setiap tindakan Manajemen dalam pengelolaan perusahaan sesuai dengan peraturan internal dan external. • Memastikan pelaksanaan risk management berlangsung efektif dalam setiap level entitas perusahaan • Memastikan pelaksanaan risk mangement pada subsidiaries (Telkom Group) • Integrated risk assessment untuk operasional (Security, IT, Asset, Infrastruktur/network) • Kepatuhan hukum atas setiap tindakan Manajemen terhadap seluruh boundary Governance (Mandatory and Voluntary) • Penyusunan Konsep GRC berbasis IT • Eksploitasi data berbasis risk management dalam pengambilan keputusan perusahaan berbasis early warning System • Kolaborasi data Key Risk dan Key Performance dalam penyusunan RKAP • Integrated risk based dalam management system (IMS: BCMS, ISMS, QMS) • Fully Comply to all boundary of Governance (Mandatory and Voluntary) • Scheme of GRC berbasis IT developing • New Concept of Risk Management implemented coincide with Organization Re- structuring. • Enhancement Integrated risk based dalam management system (IMS: BCMS, ISMS, QMS, dan IT- SMS) • Fully Comply to all boundary of Governance (Mandatory and Voluntary) • IT system of GRC • Early warning for all system management. • Fully Integrated risk based dalam management system (IMS: BCMS, ISMS, QMS) • Fully Comply to all boundary of Governance (Mandatory and Voluntary) • IT system of GRC run
  • 27. ERM Framework – Telkom ERM activities Telkom‘s ERM activities is done through: 1. Quarterly review and monitoring of unit (and subsidiaries) risk management. 2. Preparation of regular quarterly Risk and Compliance Analysis Reports. 3. Meetings to discuss corporate risks through meetings at BoD as well as BoC level. 4. Measurement of risk culture implementation through internal surveys conducted on a number of respondents. 5. Measurement of risk management maturity level (ERM Maturity Level). The data to be considered: 1. Country-related risks such as changes in politics, society, macro economy and natural disasters. 2. Company-related risks (Operational, Financial, Legal compliance, Regulatory, Competition, Market, etc.) 3. Any external and Internal change. 4. Governance requirement. 5. Interested parties requirement.
  • 28. RKAP 2016 Risk Profile 2016 RISK APPETITE 2015 Risk Profile 2015 Makro Ekonomi, Industri, kompetisi, Teknologi, Regulasi Benchmark & RiskAssessment CSS 2016-2020 RKAP 2015 LM TW 1,2 2015 Draft CAM 2015 Masukan BOD Risk Profile Unit Memberikan indikasi tingkat risiko dan prioritas program mitigasi dalam rangka menghindari risiko gagalnya pencapaian tujuan perusahaan ERM Framework – Risk Based RKAP
  • 29. ERM Framework – ERM Process VISI & MISI STRATEGIC OBJECTIVE  DIRECTIONAL - Disruptive competitive growth: Need to achieve double digit growth by 2020.  PORTFOLIO - Customer value through Digital TIMES portfolio: More focus on Digital businesses.  PARENTING - Strategic Control: More streamlined control on subsidiaries Corporate Strategy 10 Strategic Initiative 2016’s Corporate Risk GBP/MPCAM 2016 RKAP 2016 RKM Mitigation Plan Corporate Risk factor 2016-2020 Risk & Opportunity Subsidiaries Business Unit Division TopDownRiskAssessmentScheme ButtomupRiskAssessmentScheme
  • 30. ERM Framework – Risk Map O4C3; O1 S1; C1 F1; F2; F3 C2; S3; S4 S2 O2 O3 Appetite Likelihood Impact Very Low Low Medium High Very High VeryLowLowMediumHighVeryHigh VL L M H VH Increased Foreign exchange Increased Interest Rate Fail in Managing Liquidity F.1 F.2 F.3 S.1 S.2 S.3 S.4 Less/decline Product Competitiveness Failure in M&As activities and Partnership Failure to maximize technology as a competitive value Failure in Corporate University program C.1 C.2 C.3 Regulatory Pressure and Impediments Business dispute and litigation Late submission of Financial Statements and Deficiency on ICOFR O.1 O.2 O.3 O.4 Failure in managing Information and Technology Revenue Leakage Business Interruption Failure to max. Revenue Over Invested Capital expenditure
  • 31. ERM Framework – Risk Radar Less/decline Product Competitiveness Failure in managing Information and Technology Increase d Forex Business dispute and litigation Failure to maximize technology as a competitive value Failure in Corporate University program Failure in M&As activities and Partnership Revenue Leakage Regulatory Pressure and Impediments Business Interruption Failure to Max. Rev.Over Invested Capex Increased Interest Rate Fail in Managing Liquidity Late submission of Financial Statements and Deficiency on ICOFR  Increased Forex  Increased Interest Rate  Fail in Managing Liquidity Strategic Risks Operation Risks Financial RisksCompliance Risks  Less/decline Product Competitiveness  Failure in M&As activities and Partnership  Failure to maximize technology as a competitive value  Failure in Corporate University program  Regulatory Pressure and Impediments  Business dispute and litigation  Late submission of Financial Statements and Deficiency on ICOFR  Failure in managing Information and Technology  Revenue Leakage  Business Interruption  Failure to Maximize Revenue Over Invested Capex
  • 32. Dikonotasikan dengan langkah men-tansfer risiko kepada pihak ketiga. Misal: Outsourcing, Partnership, Insurance, etc. Dalam hal ini, perusahaan berarti akan menerima risiko tersebut, berdasarkan perhitungan bahwa di bawah appetite perusahaan. Langkah ‗optimization‘ merupakan program yang diambil untuk mengurangi severity yang ditimbulkan oleh potensi risiko yang ada (self insured) Menghindari terjadinya risiko , dipilih apabila suatu langkah (inisiatif, mitigasi, rencana bisnis, dll) akan dilakukan dengan mempertimbangkan potensi risiko. ERM Framework – Risk Treatment Commonly, there are 4 types of risk treatment could be taken: Risk Transfer (Sharing Risk) To move the exposure and its severity (risks) through 3rd party. Risk Accepted (Retention) If cost beyond its risk (exposure). Note: Cost > Risk Risk Reduction (Limitation) Optimization process of remedy, to reduce its severity Risk Avoidance (Elimination) Escaping from any initiative, business plan, etc. Considering the potential risks.
  • 33. ERM Framework – Operational Risk Management in Telkom Operation Risks Failure in managing Information and Technology Revenue Leakage Business Interruption Failure to Maximize Revenue Over Invested Capital expenditure High Very High Very High Very High Risk Level Risk Treatment Mitigation Key Risk Indicators Risk Dashboard  Reduce: Update Tech.  Transfer: Partnership  Reduce: Control, System Update, Process update, Customer check, etc.  Reduce: Asset protection, Early warning system security, BCMS, Simulation/exercise.  Transfer: Outsources, Insurance.  Reduce: Asset Management, CAPEX- tracking, Synergy, total solution, product management.  Applications and IT System  IT Security, Customer Base, Big Data, Data Warehouse System  Fraud, Transaction, No Bill  Bad debt  Network failure, human error, downtime network, SLG, SLA  Catastrophe; natural hazard, earthquake, fire, lightning, tsunami, etc.  ROA, ROI, Revenue, Cost, Impairment Value, etc. Asset Failure Business Interruption Revenue Leakage
  • 34. If your User Interface even vaguely resembles an airplane cockpit, you‘re doing it wrong. — JOHN GRUBER
  • 35. Take away Beware of risk as a ‘black swan’ phenomena It‘s a ‗weird‘ doing business with no risk Risk is like fire: If controlled it will help you; if uncontrolled it will rise up and destroy you. Risk is about running the business, manage it! If you only take small risks, you are only entitled to a small life
  • 36. Implementasi ERM di TELKOM Company‘ Objectives 1. Memastikan reliability Objectives Perusahaan. 2. Memberikan gambaran stepping/milestone pencapaian Objectives yang terukur. 3. Memberikan alternatives dalam pencapaian Objectives. 4. Memperhitungkan alokasi resources dalam pencapaian Objectives. 5. Mengantisipasi terhadap perkembangan yang berpengaruh pada pencapaian Objectives. 6. Mengoptimalkan potensi dan kesempatan (Opportunities) dalam pencapaian Objectives. 10 Strategic Initiatives: 1. Optimizing POTS and Strengthening Broadband 2. Consolidate& Grow FWA Business and Manage Wireless Portfolio 3. Integrated Telkom Group Ecosystem Solutions 4. Invest in IT Services 5. Invest in Media & Edutainment Business 6. Invest in Wholesale and Strategic int’l Opportunities 7. Invest in Strategic domestic opportunities that leverage the assets 8. IntegrateNGN & OBCE 9. Align Business Structure and Portfolio Management 10. Transforming Culture Objectives v. Risk Management STRATEGIC OBJECTIVE Creating Superior Position by Strengthening The Legacy & Growing New Wave Businesses to Achieve 60% Of Industry Revenue in 2015
  • 37. RISK BASED KRIs and KPIs – Company‘ Objectives Menentukan ‘key business objectives’ berdasarkan strategi korporasi  Identifikasi Risiko-Risiko yang berpengaruh terhadap pencapaian objectives.  Menyusun Profil Risiko (a company- wide risk profile) Menentukan kriteria/level toleransi risiko berdasarkan hasil assessment likelihood and potential impact. Menentukan alokasi rencana mitigasi (strategi yang tepat), sumberdaya, dan akuntabilitas untuk mengelola risiko. Eksekusi strategi (mitigasi) dan melakukan identifikasi KRIs dan KPIs yang terukur secara financial dan operational. Monitoring progress untuk identifikasi potensi peningkatan performansi (kinerja) dalam pencapaianobjectives. 1 2 3 4 5
  • 38. Business Objectives Event Identification Significant Business Issues Control Activities Risk Response Risk Assessment Client Mission Statement Client Objectives Business Unit Objectives Targets Performance Measures Current Major Issues Potential Future Events Capture Process Impacts Analyses Response Management Planning Process Key Drivers Dependencies Performance Management Track Record Completeness Integration SMART Roles & Responsibilities Data Management Issues Management Integration with Business Planning Event Portfolio Internal/External Capture Process Repository Maintenance / Refresh Roles & Responsibilities Data Management Event Management Integration with Business Planning Risk Portfolio Definitions Categorizations Assessment Criteria Structure Roles & Responsibilities Timing & Frequency Expert Involvement Consistency Client Business Process Model Policies Procedures Response Portfolio Definitions Decision Drivers Decision Criteria Process Completeness Communications Training Roles & Responsibilities Monitoring Effectiveness Process Roles & Responsibilities Decision Protocols Reporting Timing Review Areas Review AreasReview AreasReview AreasReview AreasReview Areas Focus FocusFocusFocusFocusFocus RISK BASED KRIs and KPIs – Company‘ Objectives Managing Business Risk within your organization
  • 39. RISK BASED KRIs and KPIs – Company‘ Objectives – cont.‘ 1. Management mengetahui secara dini potensi tidak tercapainya target/objective perusahan karena perkembangan risiko. 2. Management dapat menyusun program mitigasi yang efektif untuk mengantisipasi perkembangan risiko. Dengan demikian Objective Perusahaan apabila dikelola tanpa memperhatikansistem manajemen risiko (ERM), alignment dengan isu strategis, arah perkembangan bisnis, dan kondisi operasional, maka sistem tersebut akan kehilangan pijakan dalam operasional perusahaan. Sehingga, diperlukan penghubung sebagai alat navigasi dan kontrolnya, dalam hal ini sistem manajemen risiko yang didasarkan pada KRIs dan KPIs. agar:
  • 40. RISK BASED KRIs and KPIs – Risk Identification Identifikasi Risiko,  Adalah proses untuk menemukenali segala kemungkinan (kejadian) yang muncul dalam suatu aktivitas usaha yang berhubungan dengan objective perusahaan.  Identifikasi risiko secara akurat dan menyeluruh menjadi sangat vital dalam suatu manajemen risiko.  Salah satu aspek penting dalam identifikasi risiko adalah melakukan pencatatan (me- register) risiko-risiko yang mungkin terjadi sebanyak mungkin. Dalam Framework COSO, dilakukan pem-bedaan antara Risiko dan Peluang, dimana kemungkinan (kejadian) yang berdampak negatif disebut Risiko, sedangkan Peluang merupakan kemungkinan (kejadian) yang dapat berdampak positif (natural offsets/opportunities) yang mendukung strategi dalam pencapaian objectives.
  • 41. RISK BASED KRIs and KPIs – Risk Identification…The Technique Dengan melakukan identifikasi risiko, akan diperoleh sekumpulan informasi tentang kejadian risiko, informasi mengenai penyebab risiko, bahkan informasi mengenai dampak apa saja yang bisa ditimbulkan oleh risiko tersebut. Teknik- teknik yang dapat digunakan dalam melakukan identifikasi risiko antara lain: Benchmark Professional Judgement (Pendapat Para Ahli di Bidangnya) Wawancara, Survey (Pengamatan) Informasi historis (analysis data historis) Kelompok kerja (Brainstorming) dll.
  • 42. RISK BASED KRIs and KPIs – Risk Identification…The Technique Cont.‘ Benchmark  Mencari informasi tentang risiko di tempat atau perusahaan lain yang memiliki kesamaan pada tataran tertentu. (eg. Kesamaan pasar, portofolio bisnis, industri, dlsb.)  Data hasil benchmark harus disesuaikan dengan kondisi aktual yang terjadi dan dihadapi langsung oleh perusahaan.  Contoh: – dari berita di media massa, atau internet, dapat diketahui bahwa tingkat kejadian bencana alam di Indonesia memiliki peluang yang sangat tinggi. Hal ini menunjukkan, bahwa secara umum risiko Business Interruption akibat bencana alam sangat besar. – Harga minyak dunia naik?...... – Suku bunga perbankan di US turun?..... – Harga tiket pesawat naik?.....
  • 43. RISK BASED KRIs and KPIs – Risk Identification…The Technique Cont.‘ Professional Judgment (Pendapat Para Ahli di Bidangnya)  Mencari informasi dari ahli di bidang risiko tertentu, terkait risiko yang berpengaruh terhadap suatu objective perusahaan  Contoh:  Dari bertanya pada bankir, dapat diketahui bahwa ketidak-stabilan kondisi ekonomi di US memiliki risiko pada Foreign Exchange terkait transaksi yang menggunakan mata uang asing (US Dollar)  Dari bertanya pada dokter, dapat diketahui bahwa orang dengan tingkat kolesterol tinggi berisiko kena penyakit jantung
  • 44. RISK BASED KRIs and KPIs – Risk Identification…The Technique Cont.‘ Pengamatan/Survey  Melakukan investigasi atau pencarian data langsung di tempat kejadian dengan mengajukan kuesioner atau wawancara (data primer)  Contoh:  Dengan melakukan CSLS (Cust. Loyalty and Satisfaction Survey), dapat diketahui bahwa tingkat kepuasan yang rendah akan berisiko pada churn pelanggan  Dengan mengamati proses produksi dan availabilitas dari catu daya PLN, dapat diketahui bahwa perusahaan menghadapi risiko lampu mati (Interruptable Power Supply)  Validitas data sekunder?.....
  • 45. RISK BASED KRIs and KPIs – Risk Identification…The Technique Cont.‘ Analisis Data Historis • Menggunakan berbagai informasi dan data yang tersedia dalam perusahaan mengenai segala sesuatu yang pernah terjadi • Biasanya data historis harus menggunakan lebih dari satu periode kebelakang agar prediksi risiko dapat lebih akurat • Contoh:  Dari data historis kepegawaian, dapat diketahui bahwa perusahaan menghadapi risiko kehilangan karyawan yang penting  Dari data historis keuangan, dapat diketahui risiko penurunan growth revenue  Dari data historis market, dapat diketahui risiko tingkat kompetisi dalam suatu industri
  • 46. RISK BASED KRIs and KPIs – Risk Identification…The Technique Cont.‘ Kelompok Kerja (Brainstorming)  Menggunakan berbagai informasi dan data, dilakukan diskusi creative thinking (brainstorming) oleh tim manajemen risiko untuk menemukenali potensi risiko dari suatu objective  Creative thinking yang sukses, biasanya menghasilkan suatu rumusan risiko yang tepat dari suatu objective  Contoh:  Dari data global market, dilakukan brainstorming sehingga dapat diketahui bahwa terkait objective perusahaan untuk ‘invest broadband’ akan menghadapi risiko; teknologi dan kompetisi, country risk factors, etc.
  • 47. Alignment Process Dengan demikian, alignment antara KRIs dan KPIs sangat signifikan untuk dilakukan agar pencapaian objective dapat terlaksana. Proses Alignment KRIs dan KPIs: Identify risks Quantify risk Identify Actions required Monitor Performance Monitor Changes (internal/ external) Update objectives Agree Acceptable Risk levels Identify risk related Actions Agree Strategic objectives Risk Management PerformanceManagement RISK BASED KRIs and KPIs – Alignment KPIs and KRIs
  • 48. RISK BASED KRIs and KPIs – Defining Key Risk Indicators  Key Risk Indicator (KRIs), adalah faktor-faktor kunci dari suatu risiko yang digunakan dalam proses manajemen untuk menentukan tingkat risiko pada suatu aktifitas usaha. Merupakan indikator dari kemungkinan dampak negative dimasa yang akan datang (the possibility of future adverse impact).  KRIs memberikan suatu sinyal/tanda ‘Early Warning’ bagi manajemen untuk identifikasi kejadian yang berpotensi menghambat suatu program/aktifitas.  Biasanya ukuran ini disajikan berupa data statistik atau matriks tertentu dengan formula atau model tertentu yang menyediakan informasi terkait posisi dari suatu risiko yang dihadapi oleh perusahaan.  KRIs berbeda dengan Key Performance Indicators (KPIs), dimana KPIs dimaksudkan sebagai ukuran kesuksesan/keberhasilan dari suatu program kerja (aktifitas usaha terkait objectives). Definisi
  • 49. Key Risk Indicator (KRIs), pada dasarnya dapat dikelompokan ke dalam 4 (empat) kategori:  Coincident indicators, ukuran yang mewakili kegagalan yang terjadi secara bersamaan pada proses bisnis internal. Misal, kegagalan penyelesaian proyek pengadaan/investasi yang secara bersamaan berisiko pada kegagalan pengembangan produk berbasis teknologi.  Causal indicators, Ukuran kegagalan yang berasal dari turunan kegagalan suatu kejadian (root causes event). Misal, risiko kegagalan teknologi yang menyebabkan terjadinya risiko churn pelanggan.  Control effectiveness indicators, merupakan ukuran tingkat kegagalan yang berasal dari proses monitoring performansi. Misal, prosentase kenaikan ARPU pelanggan Flexi.  Volume indicators (Inherent Risk Indicators) biasanya disamakan dengan KPIs, yang dapat menentukan posisi peluang kejadian dan dampak dari suatu risiko (indikator ini biasanya ber-korelasi dengan risiko lainnya). Misal, Jumlah pelanggan, Kapasitas bandwidth, dll. Pengelompokan KRIs RISK BASED KRIs and KPIs – Defining Key Risk Indicators…cont.‘
  • 50. RISK BASED KRIs and KPIs – Defining Key Risk Indicators…cont.‘ Metode Menentukan KRIs Untuk dapat menentukan KRIs secara tepat dan efektif dapat menggunakan beberapa pendekatan. Salah satu pendekatan yang efektif dan terstruktur dengan baik adalah dengan menggunakan 6 langkah (berhubungan dengan 6-sigma tools): 1. Identify existing metrics. 2. Assess gaps. 3. Improve metrics. 4. Validate and determine trigger levels. 5. Design dashboard. 6. Establish control plan. Ke-enam langkah tersebut merupakan salah satu pendekatan yang dapat diterapkan untuk menentukan KRIs, mulai dari proses melakukan Identifikasi KRIs, Validasi, dan meng- implementasikannya kedalam Early Warning pada segala macam bisnis model.
  • 51. 1. Identify existing metrics.  Untuk menentukan KRIs, langkah pertama yang harus ditempuh adalah dengan Risk Assessment sehingga semua kejadian (events) dapat di-identifikasi, di-assess, dan di-kelompokan bersama sesuai dengan kriteria tertentu yang dapat di monitor dan di-analisa berdasarkan root-causes (analisa sebab-akibat). Tools yang dapat digunakan misalnya, diagram tulang ikan, dll.  Biasanya dalam menentukan KRIs, kejadian penting yang berpengaruh langsung terhadap risiko (inherent risk) maupun residual risk di-identifikasi  Langkah selanjutnya adalah menentukan metric (calon KRIs) bagi masing-masing kejadian yang ber-risiko tinggi (high risk potensial events)  Dalam menentukan kRIs, semakin banyak ukuran kejadian (metric) yang mempengaruhi suatu risiko, maka semakin efektif KRIs dalam memberikan gambaran potensi risiko  Common practice, biasanya untuk penentuan KRIs yang efektif, suatu risiko terdiri atas 5 sampai 10 metric potensial KRIs dan mengandung minimal 1 atau lebih kategori KRIs (type—coincident, causal, control, and volume). Contoh:  Menentukan risiko pada operasional call-center.  Risiko yang ter-identifikasi adalah: Pelanggan tidak tertanggani secara profesional dan tidak akuratnya informasi pelanggan RISK BASED KRIs and KPIs – Defining Key Risk Indicators…cont.‘
  • 52. 2. Assess gaps. Setelah proses inventory seluruh potensi KRIs selesai, langkah berikut adalah melakukan evaluasi kelayakan dan efektifitas tiap-tiap indicators (metric). Terdapat 2 (dua) tools yang digunakan:  the gap assessment  the design matrix Gap Assessment akan memberikan gambaran, apakah indicators (metrics) dalam inventory akan efektif untuk dijadikan KRIs. Dimana, ukuran yang digunakan adalah berdasarkan composite score tabel, biasanya score diatas 4 merupakan syarat cukup untuk dijadikan KRIs. RISK BASED KRIs and KPIs – Defining Key Risk Indicators…cont.‘
  • 53. RISK BASED KRIs and KPIs – Defining Key Risk Indicators…cont.‘ Digunakan scoring kriteria 0-1-3-9. Dengan menggunakan design matrix, maka tiap- tiap indikator yang mendapat score 9 akan mendapat rating Y. Dengan memperhatikan 2 tools ini, dapat ditentukan indicators (metrics) yang layak dan efektif untuk dijadikan KRIs. Design Matrix merupakan tabel matrik berbasis 6-sigma, dimana akan dilihat keterkaitan Risk Events Driver (RED)dengan indicators yang terdapat dalam inventory. RED merupakan root-causes yang berpengaruh pada munculnya kejadian (indicators). Masing-masing RED diberi pembobotan sesuai dengan prosentase kontribusi.
  • 54. RISK BASED KRIs and KPIs – Defining Key Risk Indicators…cont.‘ 3. Improve metrics. Proses ‘improve metric’ dilakukan dengan cara membandingkan hasil assessment dari 2 (dua) tools gap dan design matrix. Proses komparasi dilakukan dengan cara:  Analisa indicators di design matrix yang mempunyai score ‘9’ , namun mendapat score rendah di gap assessment. Apabila scoring rendah tersebut dapat dicarikan solusi atau justifikasinya, maka indicators tersebut dapat dipertimbangkan untuk dijadikan KRIs.  Analisa berikutnya dilakukan pada indicators yang mendapat score tinggi di gap assessment, namun tidak mendapat ‘9’di design matrix. Apabila terdapat modifikasi yang berpengaruh pada peningkatan rating di design matrix dan signifikan, maka indicators tersebut juga dapat dijadikan alternative KRIs. Pada tahap ini, dimungkinkan untuk dilakukan modifikasi pada potensial KRIs (indicators).  Langkah ini ditutup dengan menghapus seluruh indicators yang tidak mempunyai relasi yang cukup dari penilaian ke-dua tools tabel.
  • 55. RISK BASED KRIs and KPIs – Defining Key Risk Indicators…cont.‘ 4. Validation and trigger-level identification.  Langkah sebelumnya biasanya menggunakan ‘subjective judgment’ untuk meng-assess relasi antara the risk- event drivers dan the metrics. Untuk indicators dimana relasi antara ‘the risk-event drivers dan the metrics’ dapat dinyatakan secara wajar (dalam tataran operasional –self evident), maka validasi tidak perlu dilakukan.  Namun bila terdapat Metric baru (lihat langkah 3-modifikasi metric), maka diperlukan proses validasi untuk memastikan bahwa metric tersebut adalah KRIs.  Validasi, umumnya menggunakan data historis, bila tidak tersedia maka dapat dilakukan asumsi yang sesuai untuk menggambarkan korelasi antara ‘the risk- event drivers dan the metrics hasil modifikasi’ sehingga didapat trigger level identifikasi. (lihat contoh disamping)
  • 56. RISK BASED KRIs and KPIs – Defining Key Risk Indicators…cont.‘ 5. Dashboard design.  Sebagai bagian dalam penentuan KRIs yang layak dan efektif untuk memberikan gambaran perkembangan risiko, maka ‘dashboard’ merupakan bagian yang sangat penting bagi business managers, process owners, and senior management.  Dashboard adalah bagian dalam proses mamajemen risiko dan bermanfaat dalam ‘monthly business review’, dan meeting- meeting lainnya terkait pencapaian objective perusahaan.  Dashboard biasanya menggunakan gambar grafik dan tabel yang menunjukkan informasi yang tepat dan komprehensif terkait kondisi risiko perusahaan dan KRIs yang menjadi konsen manajemen.
  • 57. RISK BASED KRIs and KPIs – Defining Key Risk Indicators…cont.‘ 6. Control plan and escalation criteria.  Fungsi utama dari ‘Control plan’ adalah memastikan tersedianya kriteria eskalasi (‘escalation criteria and roles ‘) untuk intervensi terhadap KRIs yang telah disepakati. Sehingga, siapa-pun, dan kapan-pun dilakukan treatment terhadap KRIs yang berpengaruh terhadap Objective perusahaan tidak menimbulkan efek perubahan baik proses dan prosedur yang telah ditetapkan diawal.  Umumnya, ‘control plan’ berisi: the KRI metric, the measurement frequency, a description of the measurement system, goals, trigger levels, escalation criteria, dan the owner for the escalation criteria. (sebagaimana terlihat pada contoh tabel dibawah).
  • 58. RISK BASED KRIs and KPIs – Defining Key Risk Indicators…cont.‘ Siap jual Eks cabutan Repair Potensi Eksisting Deployment Sales Churn Net Add & ARPU Qualitas produk kurang baik Layanan purna jual kurang baik Harga tidak competitif Usage Price Tariff Gimmick Tunggakan Aps Cabut Manajemen Omset Competitor Voice Data SMS Demand Pnetrasi
  • 59. RISK BASED KRIs and KPIs – Structuring Vision-Mission - KRIs Vision - Mision STRATEGIC OBJECTIVE Creating Superior Position by Strengthening The Legacy & Growing New Wave Businesses to Achieve 60% Of Industry Revenue in 2015 Corporate’ 10-StrategyInitiatives Significant Risks Notable Significant Risks Deployment Thru Risk Identification & Assessment Risk Relate to Performance Financial RiskStrategic Risk Operational Risk Business Growth Revenue Leakage Business Interruption Forex Interest Rate Liquidity Cost Eff. & Effect. Control Eff. & Effect .Co-Incident Indicators Causal Indicators Volume Indicators Key Risk Indicators
  • 60. RISK BASED KRIs and KPIs – Defining Dashboard Business Growth Business Growth Early Warning SystemRISKS RISK MAP/LEVEL KEY RISK INDICATORs Business Growth Strategic Risks Financial Risks Operational Risks Market Risks Minutes of usage # LIS Current # LIS Churn Tariff FlexiFlexiFlexiFlexiSpeedy TLKM’ Products Data Ware-house TLKM’ Existing Applications TiBs TREMs TiCAREs External Info.Internal Sources PTA1 = f [KRI1,KRI2, …,KRIn] if, for instance f (x) = KRI1 x (KRI2 - KRI3) KRI1 KRI2 KRI3 S1 Appetite S1 S1 S1 S1 Dynamic MAP Indicators
  • 61. Level of Maturity and Its Measurement Telkom‘s Perspective Public Relation Compliance Protection Optimization Value Creation Risk Maturity Graph Level Maturity Excellent Strong Adequate Weak Weak [Nonexistent] Level 5: Level 4: Level 3: Level 2: Level 1: Nonexistent Leadership Managed Repeatable Initial Ad hoc Excellent  Advanced capabilities to identify, measure, manage all risk exposures within tolerances  Advanced implementation, development and execution of ERM parameters  Consistently optimizes risk adjusted returns throughout the organization Strong  Clear vision of risk tolerance and overall risk profile  Risk Control exceeds adequate for most major risks  Has robust processes to identify and prepare for emerging risks  Incorporates risk management and decision making to optimize risk adjusted returns Adequate  Has fully functioning control systems in place for all of their major risks  May lack a robust process for identifying and preparing for emerging risks  Performing good classical “silo” based risk management  Not fully developed process to optimize risk adjusted returns. Weak  Incomplete control process for one or more major risks  Inconsistent or limited capabilities to identify, measure or manage major risk exposures Standard & Poor’s ERM Quality Classifications Where does your organization been stood?
  • 62. MATURITY LEVEL – Revenue Assurance Framework 1 2 3 4 5 Dependent Repeatable Defined Managed Optimizing Ad-hoc, chaotic. Dependent on individual heroic. Basic Project/ Process management. Repeatable tasks. Standardized approach developed. Designing-in control commences. Leakage quantitatively understood and controlled. Continuous improvement via feedback. Decentralized ownership, holistic control.
  • 63. MATURITY LEVEL – ERM Maturity Methodology Tahapan dari ERM maturity assessment adalah sebagai berikut:
  • 64. MATURITY LEVEL – ERM Maturity Methodology Model dari ERM maturity assessment adalah terdiri dari 3 komponen penilaian sebagai berikut:
  • 65. MATURITY LEVEL – ERM Maturity Methodology Berdasarkan riset/kaji pustaka dan kasus-kasus internasional serta interaksi mendalam dengan sejumlah besar perusahaan di Indonesia baik dalam konsultasi maupun kegiatan pengembangan kompetensi, dikembangkan sebuah model untuk mengukur tingkat maturitas implementasi ERM di sebuah perusahaan, dengan model sebagai berikut:
  • 66. MATURITY LEVEL – ERM Maturity Methodology  Ad hoc level: No ERM policy. ERM is a compliance issue and implemented by a so called risk management team or persons. Commitment of corporate board, executive, and management arelacking.  Basic level : ERM policy and structure. Risk assessment is conducted by some units of the entity. Silo and fragmented approach. Commitment of corporate board, executive, and management are weak.  Defined level : ERM is conducted through out the entity. Risk data is available but limited. Qualitative and some degree of quantitative approaches to risk assessment. Risk management is reported regularly. Commitment of corporate board, executive, and management are normally strong.  Quantified level : Extensive use of internal and external data for risk quantification. Utilising quantitative methods in analysing risks. Confidence level towards risk management results is strong and high. Commitment of corporate board, executive, and management are very strong.  Optimised level : All decisions are risk based, risk-adjusted performance measures. Risk optimisation to achieve strategic competitiveness. Commitment of corporate board, executive, and management are extremely strong.
  • 67. MATURITY LEVEL – ERM Maturity - Result Total, Korporat dan Unit - Maturity Assessment Score
  • 68.  Ad hoc level: No ERM policy. ERM is a compliance issue and implemented by a so called risk management team or persons. Commitment of corporate board, executive, and management arelacking.  Basic level : ERM policy and structure. Risk assessment is conducted by some units of the entity. Silo and fragmented approach. Commitment of corporate board, executive, and management are weak.  Defined level : ERM is conducted through out the entity. Risk data is available but limited. Qualitative and some degree of quantitative approaches to risk assessment. Risk management is reported regularly. Commitment of corporate board, executive, and management are normally strong.  Quantified level : Extensive use of internal and external data for risk quantification. Utilising quantitative methods in analysing risks. Confidence level towards risk management results is strong and high. Commitment of corporate board, executive, and management are very strong.  Optimised level : All decisions are risk based, risk-adjusted performance measures. Risk optimisation to achieve strategic competitiveness. Commitment of corporate board, executive, and management are extremely strong. Total - Maturity Assessment Level MATURITY LEVEL – ERM Maturity - Result
  • 69. Maturity Assessment Score dan Level - Component/Parameter MATURITY LEVEL – ERM Maturity - Result