Risk

Governance (1)
Case: PT Jasa Marga (Persero) Tbk
 Group 7

Ruth Angeli Maghfira Iza H Hadila Franciska

1806134556 1706072405 1706058672
 01
Risk Governance

Definition and Structure

 Definition

Defines the way

company Provides guidance
The architecture
undertakes risk for sound and
within which risk
management.It is informed
management
essential for the decision-making
operates in a
company to have and effective
company.
clarity about what allocation
risks are being of resources.
managed and how.
 Specifies Principles of Good Governance
Risk Governance mobilises ● Transparency
2 issues: ● Effectiveness and efficiency
● Accountability
Descriptive ● Strategic focus
● Respect to the rule and law
Normative ● Sustainability,equity,and fairness
● Politically and legal feasible
● Ethically and public acceptance
Risk Governance Framework (IRGC, 2017)
Risk Governance in Context (IRGC, 2017)
 IRGC Framework

IRGC Framework stresses that the broader social, institutional, political and
economic contexts must be taken into account in risk-related decision making

It is important to recognise the organisational capacity, the network of actors,

and the political cultures or the governmental and regulatory ‘styles

Also important is the risk culture, which impacts on the level of risk tolerance and
the degree of trust in the institutions responsible for risk governance.
Structure
 Risk Governance Structure

The Board as a Whole Audit Committee (AC)

The Board‘s decision to establish another Because the Audit Committee already oversees
committee to assist it with risk governance would risks related to the integrity of the financial
depend on various factors, including: statements, it is in a good position to have
oversight of most of the company‘s risks.
● the size and composition of the Board.
● the scale, diversity and complexity of the
company‘s operations.
● the nature of the significant risks that the
company faces.
 cons
Risk Committee
Board’s Risk Committee help the board to oversee
& give advice on:
● Overall risk tolerance & strategy,
● Current risk exposure & future risk strategy,
● Monitoring of large exposures & certain risk,
● Overall risk assessment processes,
● Parameters used in risk measurement,
● Procedures on detecting fraud & WBS
System, and
● Monitor the independence of risk
management functions throughout the
organisation.
Management - Chief Risk Officer
A Chief Risk Officer (CRO) may be appointed
to provide executive oversight and
co-ordination of the company‘s risk
management efforts.
Such decision would depend on various
factors, including the scale, diversity and
complexity of the company‘s operations.
In appointing a CRO, companies must be
mindful that ownership of risks still reside
with the relevant departments and not the
CRO.
 02
Sound System of Internal
Control and Risk Governance
 Understanding The Sound System of Internal Control

A sound system of risk management and internal controls contributes to the safeguarding of the
company‘s assets and consequently shareholders‘ investment. It is the Board‘s oversight responsibility
to ensure that risks relevant to the company are adequately addressed and mitigated.

There is a need to recognise that the pursuit of any opportunity in business always encompasses risk,
and that a sound system of risk management and internal controls does not eliminate risk, but rather
optimises risk-taking such that the company understands the risk-reward trade-off and makes a
decision that is commensurate with its risk tolerance.

A company‘s objectives, its organisational structure and the environment in which it operates are
continually evolving, and as a result, the risks it faces are continually changing. A sound system of risk
management and internal controls therefore depends on a thorough and regular evaluation of the
nature and extent of risks to which the company is exposed.
 Understanding The Sound System of Internal Control

In determining the company‘s risk management and internal control policies, and thereby assessing
what constitutes a suitable sound system of risk management and internal controls while having regard
to the particular circumstances of the company, the Board‘s deliberations should include consideration
of the following factors:

● The nature and extent of the risks facing the company

● The extent and categories of risk which it regards as acceptable for the company to bear
● The likelihood of the risks concerned materialising
● In respect of risks that do materialise, the company‘s ability to reduce the incidence and impact
on its business
● The risk-reward trade-off, i.e. the costs of operating particular controls relative to the benefit
thereby obtained in managing the related risks
● The adequacy of resources and availability of requisite experience to manage risks.
 03
IT Risks and Comprehensive
Risk Management Policy
 Risk Management Policy

● Risk Governance: risk management and internal control objectives

● Risk Strategy: attitude of the organization to risk
● Description of the risk awareness culture or control environment
● Risk Tolerance: level and nature of risk that is acceptable
● Risk Architecture: risk management organisation and arrangements
● Risk Assessment: procedures for risk recognition and ranking
● Risk Protocols: documentation for analysing and reporting risk
● Risk Response: risk mitigation requirements and control mechanisms
● Criteria for monitoring and benchmarking of risks
 IT RISKS

1 IT Governance & Oversight 6 Data Privacy

Information Security and

2 Standards
7 New Generation Technologies

3 Compliance 8 Outsourcing

Incident Management and

4 Data Loss Protection 9
Business Continuity Planning

5 Cyber Security
PT JASA MARGA (PERSERO) TBK
Risk Governance Analysis
 Company Overview
Company Logo Description
Jasa Marga is a state-owned company in Indonesia which is engaged in providing toll road services. The
company was formed on March 1978 after the construction of the first toll road connecting Jakarta-Bogor
was completed. As the first toll road company in Indonesia, with more current experience Jasa Marga is the
leader in managing more than 531 km of toll roads or 76% of the total toll roads in Indonesia.

Vision
To be the Largest, Most Trusted, and Sustainable National Toll Road Company.

Mission
1. Leading Toll Road Across the Value Chain Professionally
2. Optimizing Area Development for Community Progress
3. Increase Value for Shareholders
4. Increasing Customer Satisfaction Through Excellent Service
5. Encourage the Development and Improvement of Employee Performance in a Harmonious Environment

About Risk Management Risk Management Framework Scheme

The Risk Management Policy and Risk Management Manual
within the Company uses ISO 31000:2018 as a reference and
is stated in the Board of Directors Decree No. 119/KPTS/2019
concerning Risk Management Policy and Risk Management
Manual of the PT Jasa Marga (Persero) Tbk.
 Risk Governance
In carrying out business activities, the Jasa Marga realizes that risk is an integral part of every
operational activity and can affect the results of the Company’s business and performance. Since
the toll road business is a large investment with long-term returns and has high uncertainty
during the construction and operation period, the application of risk management becomes
increasingly important for Jasa Marga’s movement in carrying out its business

Risk governance assists decision making by considering uncertainty and its effects on achieving
the Company’s strategic objectives. Recognizing the risks faced, the Company proactively strives
to improve risk management capabilities in the Company. To be able to gain legitimacy
throughout the organization, the policy of implementing risk management needs to be
emphasized through management commitment that is adjusted to the applicable rules.
 The Policy

● In order to implement the Risk policy, the Company has implemented Corporate
Governance principles, namely Transparency, Accountability, Responsibility, Independency
and Fairness.
● Risks should be understood as all possible events in the Company’s business processes in
achieving its business objectives.
● All risks of the Company must be managed optimally by utilizing the Company’s resources
to stay within the limits of the Risk Tolerance of the Company.
● The Directors, all employees and business partners of the Company have a role in risk
management in accordance with their respective responsibilities.
● Improve the risk management system continuously in accordance with current conditions
and encourage all employees to always develop and maintain a risk conscious culture in
order to maintain the value of the Company and the trust of stakeholders.
Risk Governance
 AWARDS
● The Best GRC For Compliance & Risk Management 2020
(In Services Industry)

GRC & Performance Excellence Award 2020

BusinessNews Indonesia - July 29, 2020

● The Most Committed GRC Leader 2020 for Jasa Marga

President Director Subakti Syukur

● TOP GRC 2020 #4 stars for Perseroan

TOP GRC (Governance, Risk and Compliance) Award 2020

October 15, 2020
 RECOMMENDATIONS

RISKS RECOMMENDATIONS

Regulator’s policies ● Intensify monitoring and coordination of

(Tariff adjustments and compliance with new policy
vehicle classification) ● Optimize toll revenue recognition

Covid-19 ● Add automated processes

● Enhance monitoring to be more effective and
efficient
 The End

THANKS
ANY QUESTION?