Professional Documents
Culture Documents
In fo r m a tio n S y s te m P r o je c t M a n a g e m e n t 2
Project Integration Management
In fo r m a tio n T e c h n o lo g y P r o je c t 3
M a n a g e m e n t, S ix th E d itio n
The Importance of Project Risk
Management
• P r o je c t r is k m a n a g e m e n t is th e a r t a n d s c ie n c e o f
id e n tify in g , a n a ly z in g , a n d r e s p o n d in g to r is k
th r o u g h o u t th e life o f a p r o je c t a n d in th e b e s t
in te r e s ts o f m e e tin g p r o je c t o b je c tiv e s
• R is k m a n a g e m e n t is o fte n o v e r lo o k e d in p r o je c ts ,
b u t it c a n h e lp im p r o v e p r o je c t s u c c e s s b y h e lp in g
s e le c t g o o d p r o je c ts , d e te r m in in g p r o je c t s c o p e ,
a n d d e v e lo p in g r e a lis tic e s tim a te s
4
Research Shows Need to Improve
Project Risk Management
• S tu d y b y Ib b s a n d K w a k s h o w s r is k h a s th e
lo w e s t m a tu r ity r a tin g o f a ll k n o w le d g e a r e a s
• A s im ila r s u r v e y w a s c o m p le te d w ith s o ftw a r e
d e v e lo p m e n t c o m p a n ie s in M a u r itiu s , S o u th A fr ic a
in 2 0 0 3 , a n d r is k m a n a g e m e n t a ls o h a d th e
lo w e s t m a tu r ity
• K L C I s tu d y s h o w s th e b e n e fits o f fo llo w in g g o o d
s o ftw a r e r is k m a n a g e m e n t p r a c tic e s
5
Table 11-1. Project Management Maturity
by Industry Group and Knowledge Area*
KEY: 1 = LOWEST MATURITY RATING 5 = HIGHEST MATURITY RATING
*Ibbs, C. William and Young Hoon Kwak. “Assessing Project Management Maturity,”
Project Management Journal (March 2000).
6
Figure 11-1. Benefits from Software Risk
Management Practices*
8
Negative Risk
• A dictionary definition of risk is “the possibility of loss or injury”
9
Risk Can Be Positive
• Positive risks are risks that result in good things happening;
sometimes called opportunities
10
Best Practice
• Some organizations make the mistake of only addressing
tactical and negative risks when performing project risk
management
• David Hillson (www.risk-doctor.com) suggests overcoming this
problem by widening the scope of risk management to
encompass both strategic risks and upside opportunities, which
he refers to as integrated risk management
11
Risk Utility
• Risk utility or risk tolerance is the amount of satisfaction or
pleasure received from a potential payoff
– Utility r is e s a t a d e c r e a s in g r a te fo r p e o p le
w h o a r e r is k -a v e r s e
– Th o s e w h o a r e r is k -s e e k in g h a v e a h ig h e r
to le r a n c e fo r r is k , a n d th e ir s a tis fa c tio n
in c r e a s e s w h e n m o r e p a y o ff is a t s ta k e
– Th e r is k -n e u tr a l a p p r o a c h a c h ie v e s a b a la n c e
b e tw e e n r is k a n d p a y o ff
12
Figure 11-2. Risk Utility Function
and Risk Preference
13
Risk Management Process
15
Project Risk Management
Processes (continued)
• Performing quantitative risk analysis: n u m e r ic a lly e s tim a tin g
th e e ffe c ts o f r is k s o n p r o je c t o b je c tiv e s
• Planning risk responses: ta k in g s te p s to e n h a n c e
o p p o r tu n itie s a n d r e d u c e th r e a ts to m e e tin g p r o je c t
o b je c tiv e s
• Monitoring and controlling risks: m o n ito r in g id e n tifie d a n d
r e s id u a l r is k s , id e n tify in g n e w r is k s , c a r r y in g o u t r is k
r e s p o n s e p la n s , a n d e v a lu a tin g th e e ffe c tiv e n e s s o f
r is k s tr a te g ie s th r o u g h o u t th e life o f th e p r o je c t
16
Figure 11-3. Project Risk
Management Summary
17
Risk Management Planning
• The main output of risk management planning is a risk
management plan, a plan that documents the procedures for
managing risk throughout a project
• The level of detail will vary with the needs of the project
18
Table 11-2. Topics Addressed in a
Risk Management Plan
• Methodology
• Risk categories
• Risk documentation
19
Contingency and Fallback Plans,
Contingency Reserves
• Contingency plans are predefined actions that the project team will take if an identified
risk event occurs
• Fallback plans are developed for risks that have a high impact on meeting project
objectives and are put into effect if attempts to reduce the risk are not effective
• Contingency reserves or allowances are provisions held by the project sponsor or
organization to reduce the risk of cost or schedule overruns to an acceptable level
20
Common Sources of Risk in
Information Technology Projects
• S e v e r a l s tu d ie s s h o w th a t IT p r o je c ts s h a r e s o m e
c o m m o n s o u r c e s o f r is k
• Th e S ta n d is h Gr o u p d e v e lo p e d a n IT s u c c e s s
p o te n tia l s c o r in g s h e e t b a s e d o n p o te n tia l r is k s
• Oth e r b r o a d c a te g o r ie s o f r is k h e lp id e n tify
p o te n tia l r is k s
21
Table 11-3. Information
Technology Success Potential
Scoring Sheet
Success Criterion Relative Importance
User Involvement 19
Executive Management support 16
Clear Statement of Requirements 15
Proper Planning 11
Realistic Expectations 10
Smaller Project Milestones 9
Competent Staff 8
Ownership 6
Clear Visions and Objectives 3
Hard-Working, Focused Staff 3
Total 100
22
Broad Categories of Risk
• Market risk
• Financial risk
• Technology risk
• People risk
• Structure/process risk
23
What Went Wrong?
• K P M G, a la r g e c o n s u ltin g fir m , p u b lis h e d a s tu d y
in 1995 th a t fo u n d th a t 55 p e r c e n t o f runaway
p r o je c ts —p r o je c ts th a t h a v e s ig n ific a n t c o s t o r
s c h e d u le o v e r r u n s —d id no risk m a n a g e m e n t a t a ll,
3 8 p e r c e n t d id s o m e (b u t h a lf d id n o t u s e th e ir
r is k fin d in g s a fte r th e p r o je c t w a s u n d e r w a y ), a n d
7 p e r c e n t d id n o t k n o w w h e th e r th e y d id r is k
m anagem ent or not
• Th e tim in g o f r is k m a n a g e m e n t is a ls o a n
im p o r ta n t c o n s id e r a tio n
24
Risk Breakdown Structure
• A risk breakdown structure is a hierarchy of potential risk
categories for a project
25
Figure 11-4. Sample Risk
Breakdown Structure
26
Information Technology Project Management, Sixth Edition
Table 11-4. Potential Negative Risk Conditions
Associated with Each Knowledge Area
27
Identifying Risks
• Identifying risks is the process of understanding what potential
events might hurt or enhance a particular project
• Risk identification tools and techniques include:
– Brainstorming
– The Delphi Technique
– Interviewing
– SWOT analysis
28
Brainstorming
• Brainstorming is a te c h n iqu e b y w h ic h a g r o u p
a tte m p ts to g e n e r a te id e a s o r fin d a s o lu tio n fo r a
s p e c ific p r o b le m b y a m a s s in g id e a s
s p o n ta n e o u s ly a n d w ith o u t ju d g m e n t
• A n e xp e r ie n c e d fa c ilita to r s h o u ld r u n th e
b r a in s to r m in g s e s s io n
• Be c a r e fu l n o t to o v e r u s e o r m is u s e b r a in s to r m in g
– Psychology literature shows that individuals produce a greater number of ideas
working alone than they do through brainstorming in small, face-to-face groups
– Group effects often inhibit idea generation
29
Delphi Technique
• Th e Delphi Technique is u s e d to d e r iv e a c o n s e n s u s
a m o n g a p a n e l o f e xp e r ts w h o m a k e p r e d ic tio n s
a b o u t fu tu r e d e v e lo p m e n ts
• P r o v id e s in d e p e n d e n t a n d a n o n y m o u s in p u t
r e g a r d in g fu tu r e e v e n ts
• Us e s r e p e a te d r o u n d s o f qu e s tio n in g a n d w r itte n
r e s p o n s e s a n d a v o id s th e b ia s in g e ffe c ts
p o s s ib le in o r a l m e th o d s , s u c h a s b r a in s to r m in g
30
Interviewing
• Interviewing is a fact-finding technique for collecting information
in face-to-face, phone, e-mail, or instant-messaging discussions
31
SWOT Analysis
• SWOT analysis (strengths, weaknesses, opportunities, and
threats) can also be used during risk identification
• Helps identify the broad negative and positive risks that apply to
a project
32
Risk Register
• The main output of the risk identification process is a list of identified risks and other
information needed to begin creating a risk register
• A risk register is:
– A document that contains the results of various risk management processes and that is
often displayed in a table or spreadsheet format
– A tool for documenting potential risk events and related information
• Risk events refer to specific, uncertain events that may occur to the detriment or
enhancement of the project
33
Risk Register Contents
• An identification number for each risk event
• A rank for each risk event
• The name of each risk event
• A description of each risk event
• The category under which each risk event falls
• The root cause of each risk
34
Risk Register Contents
(continued)
• Triggers for each risk; triggers are indicators or symptoms of
actual risk events
• Potential responses to each risk
• The risk owner or person who will own or take responsibility for
each risk
• The probability and impact of each risk occurring
• The status of each risk
35
Table 11-5. Sample Risk
Register
36
Information Technology Project Management, Sixth Edition
Performing Qualitative Risk
Analysis
• Assess the likelihood and impact of identified risks to
determine their magnitude and priority
• Risk quantification tools and techniques include:
– P r o b a b ility /im p a c t m a tr ixe s
– Th e To p Te n R is k Ite m Tr a c k in g
– Exp e r t ju d g m e n t
37
Probability/Impact Matrix
• A probability/impact matrix o r chart lis ts th e r e la tiv e
p r o b a b ility o f a r is k o c c u r r in g o n o n e s id e o f a
m a tr ix o r a xis o n a c h a r t a n d th e r e la tiv e im p a c t o f
th e r is k o c c u r r in g o n th e o th e r
• L is t th e r is k s a n d th e n la b e l e a c h o n e a s h ig h ,
m e d iu m , o r lo w in te r m s o f its p r o b a b ility o f
o c c u r r e n c e a n d its im p a c t if it d id o c c u r
• C a n a ls o c a lc u la te risk factors
– Numbers that represent the overall risk of specific events based on their probability
of occurring and the consequences to the project if they do occur
38
Figure 11-5. Sample
Probability/Impact Matrix
39
Figure 11-6. Chart Showing High-,
Medium-, and Low-Risk Technologies
40
Top Ten Risk Item Tracking
• Top Ten Risk Item Tracking is a qu a lita tiv e r is k a n a ly s is
to o l th a t h e lp s to id e n tify r is k s a n d m a in ta in a n
a w a r e n e s s o f r is k s th r o u g h o u t th e life o f a
p r o je c t
• Es ta b lis h a p e r io d ic r e v ie w o f th e to p te n p r o je c t
r is k ite m s
• L is t th e c u r r e n t r a n k in g , p r e v io u s r a n k in g ,
n u m b e r o f tim e s th e r is k a p p e a r s o n th e lis t o v e r
a p e r io d o f tim e , a n d a s u m m a r y o f p r o g r e s s
m a d e in r e s o lv in g th e r is k ite m
41
Table 11-6. Example of Top Ten Risk Item
Tracking
42
Watch List
• A watch list is a list of risks that are low priority but are still
identified as potential risks
• Qualitative analysis can also identify risks that should be
evaluated on a quantitative basis
43
Performing Quantitative Risk
Analysis
• Often follows qualitative risk analysis, but both can be done
together
• Large, complex projects involving leading edge technologies
often require extensive quantitative risk analysis
• Main techniques include:
– De c is io n tr e e a n a ly s is
– S im u la tio n
– S e n s itiv ity a n a ly s is
44
Decision Trees and Expected
Monetary Value (EMV)
• A decision tree is a diagramming analysis technique used to help
select the best course of action in situations in which future
outcomes are uncertain
• Estimated monetary value (EMV) is the product of a risk event
probability and the risk event’s monetary value
• You can draw a decision tree to help find the EMV
45
Figure 11-7. Expected Monetary
Value (EMV) Example
46
Simulation
• S im u la tio n u s e s a r e p r e s e n ta tio n o r m o d e l o f a
s y s te m to a n a ly z e th e e xp e c te d b e h a v io r o r
p e r fo r m a n c e o f th e s y s te m
• Monte Carlo analysis s im u la te s a m o d e l’s o u tc o m e
m a n y tim e s to p r o v id e a s ta tis tic a l d is tr ib u tio n o f
th e c a lc u la te d r e s u lts
• To u s e a M o n te C a r lo s im u la tio n , y o u m u s t h a v e
th r e e e s tim a te s (m o s t lik e ly , p e s s im is tic , a n d
o p tim is tic ) p lu s a n e s tim a te o f th e lik e lih o o d o f th e
e s tim a te b e in g b e tw e e n th e m o s t lik e ly a n d
o p tim is tic v a lu e s
47
Steps of a Monte Carlo Analysis
1. A s s e s s th e r a n g e fo r th e v a r ia b le s b e in g
c o n s id e r e d
2 . De te r m in e th e p r o b a b ility d is tr ib u tio n o f e a c h
v a r ia b le
3 . Fo r e a c h v a r ia b le , s e le c t a r a n d o m v a lu e b a s e d
o n th e p r o b a b ility d is tr ib u tio n
4. R u n a d e te r m in is tic a n a ly s is o r o n e p a s s th r o u g h
th e m o d e l
5. R e p e a t s te p s 3 a n d 4 m a n y tim e s to o b ta in th e
p r o b a b ility d is tr ib u tio n o f th e m o d e l’s r e s u lts
48
Figure 11-8. Sample Monte Carlo
Simulation Results for Project Schedule
49
What Went Right?
• A la r g e a e r o s p a c e c o m p a n y u s e d M o n te C a r lo
s im u la tio n to h e lp qu a n tify r is k s o n s e v e r a l
a d v a n c e d -d e s ig n e n g in e e r in g p r o je c ts , s u c h a s
th e Na tio n a l A e r o s p a c e P la n (NA S P )
• Th e r e s u lts o f th e s im u la tio n w e r e u s e d to
d e te r m in e h o w th e c o m p a n y w o u ld in v e s t its
in te r n a l r e s e a r c h a n d d e v e lo p m e n t fu n d s
• S e e te xt fo r e xa m p le s o f h o w Ge n e r a l M o to r s , Eli
L ily , a n d P r o c to r & Ga m b le u s e s im u la tio n s o ftw a r e
50
Sensitivity Analysis
• Sensitivity analysis is a te c h n iqu e u s e d to s h o w th e
e ffe c ts o f c h a n g in g o n e o r m o r e v a r ia b le s o n a n
o u tc o m e
• Fo r e xa m p le , m a n y p e o p le u s e it to d e te r m in e w h a t
th e m o n th ly p a y m e n ts fo r a lo a n w ill b e g iv e n
d iffe r e n t in te r e s t r a te s o r p e r io d s o f th e lo a n , o r fo r
d e te r m in in g b r e a k -e v e n p o in ts b a s e d o n d iffe r e n t
a s s u m p tio n s
• S p r e a d s h e e t s o ftw a r e , s u c h a s Exc e l, is a c o m m o n
to o l fo r p e r fo r m in g s e n s itiv ity a n a ly s is
51
Figure 11-9. Sample Sensitivity Analysis
for Determining Break-Even Point
52
Planning Risk Responses
• After identifying and quantifying risks, you must decide how to
respond to them
• Four main response strategies for negative risks
– R is k a v o id a n c e
– R is k a c c e p ta n c e
– R is k tr a n s fe r e n c e
– R is k m itig a tio n
53
Table 11-7. General Risk Mitigation Strategies
for Technical, Cost, and Schedule Risks
54
Response Strategies for Positive
Risks
• Risk exploitation
• Risk sharing
• Risk enhancement
• Risk acceptance
55
Residual and Secondary Risks
• It’s also important to identify residual and secondary risks
• Residual risks are risks that remain after all of the response
strategies have been implemented
• Secondary risks are a direct result of implementing a risk
response
56
Monitoring and Controlling Risks
• Involves executing the risk management process to respond to
risk events
• Workarounds are unplanned responses to risk events that must
be done when there are no contingency plans
• Main outputs of risk monitoring and control are:
– Risk register updates
– Organizational process assets updates
– Change requests
– Updates to the project management plan and other project documents
57
Using Software to Assist in
Project Risk Management
• Risk registers can be created in a simple Word or Excel file or as
part of a database
• More sophisticated risk management software, such as Monte
Carlo simulation tools, help in analyzing project risks
• You can purchase add-ons for Excel and Project 2007 to perform
simulations
58
Results of Good Project Risk
Management
• Unlike crisis management, good project risk management often
goes unnoticed
– P R M s e r in g te r ja d i ta n p a d is a d a r i
• Well-run projects appear to be almost effortless, but a lot of work
goes into running a project well
• Project managers should strive to make their jobs look easy to
reflect the results of well-run projects
59
Summary
• P r o je c t r is k m a n a g e m e n t is th e a r t a n d s c ie n c e
o f id e n tify in g , a n a ly z in g , a n d r e s p o n d in g to r is k
th r o u g h o u t th e life o f a p r o je c t a n d in th e b e s t
in te r e s ts o f m e e tin g p r o je c t o b je c tiv e s
• M a in p r o c e s s e s in c lu d e :
– Plan risk management
– Identify risks
– Perform qualitative risk analysis
– Perform quantitative risk analysis
– Plan risk responses
– Monitor and control risks
60
Mitigasi Risiko Operasional dan
Mitigasi Resiko pada Investigasi
Internal
• Pada akhir November 2001, seorang
karyawan UBS Warburg, sebuah bank di
Swiss, melakukan kesalahan dalam
perdaganganb di Tokyo. Trader tersebut
memasukkan order menjual saham Dentsu
Ilustrasi Risiko sebanyak 610.000 lembar dengan harga 16
yen perlembar saham, meskipun sistem
● Risiko operasional merupakan tipe risiko yang paling tua tetapi paling sedikit dipahami
dibandingkan dengan tipe risiko lainnya.
● Contoh perusahaan sudah lama tahu ada risiko kesalahan pencatatan, kegagalan sistem
komputer, ancaman teroris, serangan virus, pengawasan yang tidak memadai, dll.
● Perusahaan secara tidak langsung telah mengantisipasi risiko operasional tadi walaupun
tidak dengan nama manajemen risiko. Misal perusahaan berusaha memperbaiki sistem,
prosedur atau proses bisnis melalui manajemen kualitas
● Risiko operasional adalah segala kemungkinan kerugian yang akan dihadapi perusahaan
berkaitan dengan kegiatan operasional perusahaan.
● Kegagalan Proses Internal
merupakan risiko yang barkaitan dengan kegagalan
proses atau prosedur internal perusahaan.
● Kegagalan mengelola SDM
Kerugian yang dihadapi oleh perusahaan yang
Jenis-Jenis
dilakukan karyawan baik disengaja ataupun tidak
disengaja.
● Risiko Eksternal
Risiko Berkaitan dengan kejadian yang bersumber dari luar
organisasi dan diluar pengendalian organisasi.
(frekuensi)
pada jenis risiko ini menimbulkan
biaya yang relatif besar dibanding
dengan manfaatnya,
rendah
Signifikansi (Severity) tinggi dan likehood (frekuensi)
rendah
● Risiko ini menantang untuk dihadapi karena jika risiko ini muncul maka perusahaan
menghadapi kerugian yang besar dan bisa mengakibatkan kebangkrutan.
● Risiko ini jarang terjadi dan kadang sulit dikenali oleh perusahaan oleh karena itu risiko ini
sulit dipahami karakteristiknya dan sulit diprediksi kapan datangnya
● Contoh : Baring gagal melakukan pengawasan trading yang diluar batas oleh seorang
tradernya, kemudian terjadi kerugian yang mengakibatkan kebangkrutan perusahaan
Signifikansi (Severity) rendah dan likehood (frekuensi)
tinggi
● Risiko ini sering muncul tetapi besarnya kerugian relatif kecil.
● Risiko ini akibat perusahaan menjalankan bisnisnya. Contoh perusahaan supermarket ada risiko
shoplifting (pencurian oleh pembeli), barang dagangan rusak, botol pecah, dll.
● Risiko ini bisa dianggap sebagai biaya dari kegiatan bisnis (cost of doing business) dan dimasukkan
dalam kmponen harga.
● Jika risiko bergerak melewati batas cost of doing business maka perusahaan segera harus melakukan
penanganan risiko
Signifikansi (Severity) tinggi dan likehood (frekuensi)
tinggi
● Jika risiko ini terjadi berarti perusahaan sudah tidak dapat mengendalikan risiko dan bisa berakibat
kebngkrutan.
● Contoh jika perusahaan tidak dapat menangani penggelapan uang dengan jumlah yang besar yang
dilakukan oleh karyawannya (frekuensi rendah, severity tinggi) maka akan ada kemungkinan akan
berubah menuju kuadran IV yaitu frekuensi tinggi, severity tinggi.
● Jika hal tersebut terjadi maka perusahaan akan bangkrut dalam waktu singkat. Oleh karena itu tugas
manajemen risiko adalah mencegah migrasinya risiko-risiko yang ada kedalam kuadran IV
Perubahan ● Faktor-faktor yang menyebabkan perubahan
karakteristik risiko operasional :
Karakteristik 1.
2.
Globalisasi
Otomatisasi
Risiko 3.
4.
Mengandalkan teknologi
Outsourcing
Operasional 5. Perubahan budaya masyarakat
Reference • hendroagungs.blogspot.co.id
Sistem Pengendalian Internal
Dan Manajemen Risiko
Sistem Pengendalian Internal
• Sistem pengendalian internal bertujuan untuk meningkatkan efektivitas dan efisiensi operasional,
kelayakan atas laporan keuangan, serta kepatuhan terhadap peraturan perundang-undangan yang
berlaku di Indonesia, baik peraturan yang mengatur Perseroan Terbatas, peraturan OJK maupun
kebijakan Perseroan yang telah ditetapkan.
Aktivitas-Aktivitas Sistem Pengendalian Internal
• Formalisasi kebijakan dan prosedur Perseroan oleh Group Corporate Policy Division (GCP) yang dilakukan melalui kajian
dan persetujuan sampai dengan tingkat otorisasi yang telah ditetapkan. Kebijakan dan prosedur Perseroan
dikelompokkan ke dalam 5 kategori; yaitu penjualan & pemasaran, finansial, operasional, governance, serta general
affair (GA).
• Pembaharuan kebijakan prosedur dalam bentuk perbaikan dan penyempurnaan proses yang sudah ada, baik
menyangkut keuangan maupun operasional Perseroan menjadi satu sinergi proses (integrasi).
• Proses sosialisasi kebijakan dan prosedur melalui intranet dan jaringan Web.
• Formalisasi kode etik Perseroan (code of conduct) yang mencakup penerapan nilai, etika, integritas karyawan yang
dapat diakses oleh seluruh karyawan melalui media intranet (portal) Perseroan.
• Penggunaan program komputer yang terintegrasi dalam transaksi keuangan dan operasional
(penjualan, programming dan SDM).
• Pemisahan fungsi sesuai tugas, tanggung jawab dan kewenangan dalam struktur organisasi Perseroan dan unit usaha.
• Adanya supervisi oleh atasan masing-masing pada setiap tugas dan tanggung jawab.
Case study:
Sistem • Sistem manajemen risiko Perseroan diterapkan guna
Manajemen mengevaluasi efektivitas lingkungan internal,
penetapan tujuan, identifikasi kegiatan, penilaian
Risiko yang risiko, pengelolaan risiko, aktivitas pengendalian,
informasi dan komunikasi, pengawasan.
diterapkan
Perseroan
Sistem Manajemen Risiko yang diterapkan Perseroan
• Perseroan menerapkan sistem manajemen risiko komprehensif yang terintegrasi dengan proses perencanaan strategis
dan kegiatan usaha Perseroan. Manajemen risiko Perseroan dilaksanakan melalui seluruh jajaran dalam manajemen
sesuai dengan peran dan fungsi masing-masing:
• GCP (Group Corporate Policy), sebagai fungsi identifikasi risiko yang dituangkan dalam bentuk kebijakan dan prosedur.
• Internal Control, sebagai fungsi pengendalian internal manajemen risiko.
• Internal Audit, sebagai fungsi evaluasi dari sistem manajemen risiko, pengendalian internal dan perangkat sistem
informasi manajemen terkait.
• IT Audit, sebagai fungsi memastikan kecukupan kontrol atas sistem yang digunakan oleh Perseroan.
• CCSA (Compliance and Control Self Assessment), sebagai fungsi evaluasi dari sistem manajemen risiko, pengendalian
internal dan perangkat sistem informasi manajemen terkait.
• MARS (Management Awareness Reporting System), sebagai fungsi manajemen risiko dalam mengidentifikasi,
melaporkan dan menyelesaikan permasalahan-permasalahan yang dihadapi oleh Perseroan dan unit usaha.
Risiko Utama yang dihadapi Perseroan
• Strategi yang dapat diterapkan dalam pengelolaan risiko adalah dengan cara membagi risiko, menghindari risiko, mengurangi tingkat risiko melalui sistem
pengendalian internal, atau menerima risiko yang ada. Risiko-risiko utama yang dihadapi oleh Perseroan pada dasarnya dapat dikelompokkan menjadi dua
yaitu:
• Risiko Eksternal
• Risiko akibat perubahan terhadap peraturan perundang-undangan baik yang dikeluarkan oleh Pemerintah maupun pihak berwenang lainnya.
• Risiko akibat perubahan orientasi pelanggan/pemirsa.
• Risiko akibat perkembangan teknologi.
• Risiko akibat pesaing baru.
• Risiko akibat keluhan/ketidakpuasan pelanggan.
• Risiko Internal
• Risiko akibat kesalahan proses.
• Risiko akibat adanya kelemahan dalam manajemen aset.
• Risiko akibat kesalahan atau penyalahgunaan sistem.
• Risiko atas kegagalan produksi.
• Risiko akibat kegagalan atau rendahnya distribusi hasil produksi kepada konsumen.
Mitigasi Risiko yang dilakukan Perseroan
• Selama kuartal III dan IV tahun 2018, sistem manajemen risiko telah berjalan secara efektif dengan mitigasi risiko sebagai berikut:
• Risiko Eksternal
1. Mematuhi perubahan atau adanya undang-undang dan peraturan Pemerintah yang baru baik di industri media maupun perpajakan.
2. Memantau selera pasar dengan mengevaluasi program-program berdasarkan hasil riset dari The Nielsen Company mengenai rating.
3. Melakukan efisiensi melalui perbaikan proses, serta mendukung implementasi dan proyek transformasi bisnis melalui penurunan risiko dengan memastikan
proses governance berjalan dan mengurangi kesalahan/error data manual.
• Risiko Internal
1. Menjaga kualitas dan kesinambungan kegiatan operasional sehari-hari Perseroan dengan melakukan:
-Pembuatan kebijakan yang terpusat untuk menjaga konsistensi dan keseragaman prosedur di setiap proses bisnis di semua unit usaha Perseroan.
-Proses pengambilan keputusan berdasarkan matrix approval yang diketahui oleh Manajemen Perseroan.
-Koordinasi antara setiap unit usaha dalam pengembangan dan pengaturan SDM.
-Proses audit berbasis risiko.
-Peningkatan pemantauan unit usaha terkait atas kepatuhan dalam kegiatan operasional.
-Pengembangan sistem manajemen kebijakan dan prosedur melalui intranet dan jaringan Web.
2. Melakukan efisiensi melalui perbaikan proses, serta mendukung implementasi dan proyek transformasi bisnis melalui:
-Peningkatan proses kerja dan pengendalian proses melalui sistem yang dijalankan secara terpusat.
-Eliminasi pelaksanaan kerja secara manual dan meningkatkan pelaksanaan kerja secara otomatisasi untuk mempercepat proses melalui sistem yang terintegrasi.
-Mempersiapkan rencana pengembangan yang akurat dan merekomendasikannya pada isu bisnis yang berulang.
-Meningkatkan efisiensi dan kualitas kerja dengan mendukung integrasi tenaga kerja serupa pada unit yang berbeda