This document outlines a risk management process that involves identifying risks, classifying them by category, measuring their probability and magnitude, scoring the risks, analyzing controls, and visualizing the risk profile. Key steps include appointing risk agents to identify risks, classifying risks into 15 categories, determining probability and impact scales, calculating risk scores, creating a questionnaire to assess board controls, and comparing risks to controls in a visualization. The process is meant to be implemented on a semi-annual basis to regularly review and update the organization's risk assessment and management.
2. How to Manage risk
Risk identification Kuesioner wewenang
Risk classification dan tanggung jawab
Risk magnitude Direksi dan Komisaris
measure yang terkait dengan
pengendalian internal
Risk probability dan Risiko
measure
Control identification
Risk scoring Control classification
Control scoring
4. The Process (in time)
Risk Analysis
Risk
Risk Identification Risk Measure Risk Scoring
Classification
Assess once, review
semi-annually
semi-annually
Control Analysis
Questioner Control Control
Control Scoring
of Board’s control Identification Classification
Create once, review
semi-annually
every three years
5. How to identify
Risk Identification
Create counterpart per
department, per Company with
“SK Direksi” to be the man in-
charge at their company as risk
agent [because risk owner will
precisely identify any on going
risk happen better than Holding’s
RMO]
Risk Agent will define the
business process in a flowchart
form at their department
Risk Agent then identify the risk
on each process
6. How to identify
Risk Identification
No Risk
Put all the risk 1 Jaminan TKI tak terbayar pada
tahun 2010
together in worksheet 2 Regulasi ketenagakerjaan
Handed to Holding’s
3 Hubungan diplomatik luar negeri
4 Karyawan yang di deliver ke
RMO client under standard
5 Rugi kurs
6 Pengembangan pasar stagnan
RMO then will compile 7 Keterlambatan bayar dari klien
8 Proses bisnis tidak terarah
all the risk together, 9 Perusahaan tidak memiliki arah
eliminate any recurrent 10 Terkena hukuman eksternal
(fiskus, eksternal auditor dll)
11 Reputasi buruk
risks
12 Karyawan under-stress
13 Lemahnya kontrol dan
komunikasi
14 Miskomunikasi dengan klien
7. Classifying yourrisk
Risk No Risk Risk Category
Classification 1 Jaminan TKI tak terbayar pada Liquidity risk
tahun 2010
RMO then classify risk into 15
category: 2 Regulasi ketenagakerjaan Legal risk
Interest rate risk 3 Hubungan diplomatik luar negeri Political risk
Exchange rate risk
4 Karyawan yang di deliver ke Productivity risk
Liquidity risk client under standard
Credit risk (gagal bayar) 5 Rugi kurs Exchange rate risk
Capital structure risk 6 Pengembangan pasar stagnan Innovation risk
7 Keterlambatan bayar dari klien Credit risk
Human resource risk 8 Proses bisnis tidak terarah Procedure risk
Productivity risk
Technology risk 9 Perusahaan tidak memiliki arah Innovation risk
Innovation risk 10 Terkena hukuman eksternal Legal risk
Information system risk (fiskus, eksternal auditor dll)
Procedure risk 11 Reputasi buruk Reputational risk
Environment risk 12 Karyawan under-stress Human resources risk
Reputational risk
Legal risk
Political risk 13 Lemahnya kontrol dan Procedure risk
komunikasi
14 Miskomunikasi dengan klien Human resources risk
8. Classifying your risk
Risk
Classification
RMO decide the
magnitude standard for
each category
Probable
Moderate High High
(High)
Likelihood
Reasonably Possible
Low Moderate High
(Moderate)
Remote
Low Low Moderate
(Low)
Insignificant Significant Material
(Low) (Moderate) (High)
Magnitude
9. Classifying your risk
Risk
Classification Risk Category Magnitude
Interest rate risk M
RMO decide the Exchange rate risk M
Liquidity risk H
magnitude standard for Credit risk M
each category Capital structure risk L
Human resource risk L
Productivity risk H
Low risk is basic risk L 1 Technology risk L
M 2 Innovation risk L
Medium risk is twice then low risk
Information system risk M
High risk is twice then medium risk H 4
Procedure risk M
Environment risk H
Reputational risk H
Legal risk M
Political risk L
10. Measuring your risk
Risk Measure
Score
No Risk Risk Category Magnitude Weight Porbability
1 Jaminan TKI tak terbayar pada Liquidity risk
RMO then handed- tahun 2010
H 4 50%
2 Regulasi ketenagakerjaan Legal risk
back the risk list 3 Hubungan diplomatik luar negeri Political risk
M 2 15%
L 1 1%
categorized to risk 4 Karyawan yang di deliver ke
client under standard
Productivity risk
H 4 75%
5 Rugi kurs Exchange rate risk M 2 50%
agent for them to 6 Pengembangan pasar stagnan
7 Keterlambatan bayar dari klien
Innovation risk
Credit risk
L
M
1
2
95%
25%
8 Proses bisnis tidak terarah Procedure risk
measure the risks 9 Perusahaan tidak memiliki arah Innovation risk
M 2 80%
L 1 80%
Risk Agent measure 10 Terkena hukuman eksternal
(fiskus, eksternal auditor dll)
Legal risk
M 2 95%
11 Reputasi buruk Reputational risk
the probability 12 Karyawan under-stress Human resources risk
H 4 50%
L 1 50%
Very unlikely 10%
Unlikely 20%
Likely 40%
Very likely 80%
Certain 100%
11. Scoring your risk
Risk Scoring
Score Risk
Risk Agent handed Magnitude Weight Porbability Score
back measured risk
H 4 50% 4%
lists to RMO
M 2 15% 1%
RMO finalize the risk
L 1 1% 0.0%
of each category into
H 4 75% 6.1%
scoring of risk M 2 50% 2.0%
L 1 95% 1.9%
RS = (RM*prob)/TR M 2 25% 1.0%
M 2 80% 3.3%
RS = Risk Score
RM = Risk Magnitude L 1 80% 1.6%
TR = Total Risk Magnitude
on each Category
13. BoD and BoC control
Create questionnaire for BOD & BOC regardless control of risks on:
Interest rate risk Innovation risk
Exchange rate risk Information system risk
Liquidity risk Procedure risk
Credit risk Environment risk
Capital structure risk Reputational risk
Human resource risk Legal risk
Productivity risk Political risk
Technology risk
14. Scoring your control
Questionnaire filled to see the score and then
compared to its risk
Score = 1 – questionnaire filled
To simplify the visualization of risk against control
16. Need to do
The list need to be
SK Direksi penunjukkan Risk agent
Review on 15 category of risks
Review on magnitude standard of each
risk category
Control questionnaire