Project Risk Management

Mitigation of Operational Risk

N o te :
A d a p t e d f r o m s lid e o f t h e t e x t b o o k : S c h w a lb e , K a t h y . M a n a g in g I n f o r m a t io n T e c h n o lo g y P r o je c t - S ix t h E d it io n . B o s t o n , M A :
T h o m s o n C o u r s e T e c h n o lo g y , 2 0 1 0 .
S e e t h e t e x t it s e lf f o r f u ll c it a t io n s .
 Project Management
Framework

“Information Technology Project Management”, Kathy Schwalbe, 2012

In fo r m a tio n S y s te m P r o je c t M a n a g e m e n t 2
Project Integration Management

In fo r m a tio n T e c h n o lo g y P r o je c t 3
M a n a g e m e n t, S ix th E d itio n
 The Importance of Project Risk
Management
• P r o je c t r is k m a n a g e m e n t is th e a r t a n d s c ie n c e o f
id e n tify in g , a n a ly z in g , a n d r e s p o n d in g to r is k
th r o u g h o u t th e life o f a p r o je c t a n d in th e b e s t
in te r e s ts o f m e e tin g p r o je c t o b je c tiv e s

• R is k m a n a g e m e n t is o fte n o v e r lo o k e d in p r o je c ts ,
b u t it c a n h e lp im p r o v e p r o je c t s u c c e s s b y h e lp in g
s e le c t g o o d p r o je c ts , d e te r m in in g p r o je c t s c o p e ,
a n d d e v e lo p in g r e a lis tic e s tim a te s

4
 Research Shows Need to Improve
Project Risk Management
• S tu d y b y Ib b s a n d K w a k s h o w s r is k h a s th e
lo w e s t m a tu r ity r a tin g o f a ll k n o w le d g e a r e a s
• A s im ila r s u r v e y w a s c o m p le te d w ith s o ftw a r e
d e v e lo p m e n t c o m p a n ie s in M a u r itiu s , S o u th A fr ic a
in 2 0 0 3 , a n d r is k m a n a g e m e n t a ls o h a d th e
lo w e s t m a tu r ity
• K L C I s tu d y s h o w s th e b e n e fits o f fo llo w in g g o o d
s o ftw a r e r is k m a n a g e m e n t p r a c tic e s

5
Table 11-1. Project Management Maturity
by Industry Group and Knowledge Area*
KEY: 1 = LOWEST MATURITY RATING 5 = HIGHEST MATURITY RATING

Engineering/ Telecommunications Information Hi-Tech

Knowledge Area Construction Systems Manufacturing

Scope 3.52 3.45 3.25 3.37

Time 3.55 3.41 3.03 3.50
Cost 3.74 3.22 3.20 3.97
Quality 2.91 3.22 2.88 3.26
Human Resources 3.18 3.20 2.93 3.18

Communications 3.53 3.53 3.21 3.48

Risk 2.93 2.87 2.75 2.76
Procurement 3.33 3.01 2.91 3.33

*Ibbs, C. William and Young Hoon Kwak. “Assessing Project Management Maturity,”
Project Management Journal (March 2000).

6
Figure 11-1. Benefits from Software Risk
Management Practices*

*Kulik, Peter and Catherine Weber, “Software Risk Management

Practices – 2001,” KLCI Research Group (August 2001).
7
 Media Snapshot
• Many people around the world suffered from financial losses as various financial
markets dropped in the fall of 2008, even after the $700 billion bailout bill was
passed by the U.S. Congress
• According to a global survey of 316 financial services executives, more than 70
percent of respondents believed that the losses stemming from the credit crisis were
largely due to failures to address risk management issues
• They identified several challenges in implementing risk management, including data
and company culture issues

8
 Negative Risk
• A dictionary definition of risk is “the possibility of loss or injury”

• Negative risk involves understanding potential problems that

might occur in the project and how they might impede project
success

• Negative risk management is like a form of insurance; it is an

investment

9
 Risk Can Be Positive
• Positive risks are risks that result in good things happening;
sometimes called opportunities

• A general definition of project risk is an uncertainty that can

have a negative or positive effect on meeting project objectives

• The goal of project risk management is to minimize potential

negative risks while maximizing potential positive risks

10
 Best Practice
• Some organizations make the mistake of only addressing
tactical and negative risks when performing project risk
management
• David Hillson (www.risk-doctor.com) suggests overcoming this
problem by widening the scope of risk management to
encompass both strategic risks and upside opportunities, which
he refers to as integrated risk management

11
 Risk Utility
• Risk utility or risk tolerance is the amount of satisfaction or
pleasure received from a potential payoff
– Utility r is e s a t a d e c r e a s in g r a te fo r p e o p le
w h o a r e r is k -a v e r s e
– Th o s e w h o a r e r is k -s e e k in g h a v e a h ig h e r
to le r a n c e fo r r is k , a n d th e ir s a tis fa c tio n
in c r e a s e s w h e n m o r e p a y o ff is a t s ta k e
– Th e r is k -n e u tr a l a p p r o a c h a c h ie v e s a b a la n c e
b e tw e e n r is k a n d p a y o ff

12
Figure 11-2. Risk Utility Function
and Risk Preference

13
 Risk Management Process

“Software Risk Management”,

Boehm, 1989
In fo r m a tio n S y s te m P r o je c t M a n a g e m e n t 14
 Project Risk Management Processes
• Planning risk management: d e c id in g h o w to a p p r o a c h a n d
p la n th e r is k m a n a g e m e n t a c tiv itie s fo r th e p r o je c t

• Identifying risks: d e te r m in in g w h ic h r is k s a r e lik e ly to

a ffe c t a p r o je c t a n d d o c u m e n tin g th e
c h a r a c te r is tic s o f e a c h

• Performing qualitative risk analysis: p r io r itiz in g r is k s b a s e d

o n th e ir p r o b a b ility a n d im p a c t o f o c c u r r e n c e

15
 Project Risk Management
Processes (continued)
• Performing quantitative risk analysis: n u m e r ic a lly e s tim a tin g
th e e ffe c ts o f r is k s o n p r o je c t o b je c tiv e s
• Planning risk responses: ta k in g s te p s to e n h a n c e
o p p o r tu n itie s a n d r e d u c e th r e a ts to m e e tin g p r o je c t
o b je c tiv e s
• Monitoring and controlling risks: m o n ito r in g id e n tifie d a n d
r e s id u a l r is k s , id e n tify in g n e w r is k s , c a r r y in g o u t r is k
r e s p o n s e p la n s , a n d e v a lu a tin g th e e ffe c tiv e n e s s o f
r is k s tr a te g ie s th r o u g h o u t th e life o f th e p r o je c t

16
Figure 11-3. Project Risk
Management Summary

17
 Risk Management Planning
• The main output of risk management planning is a risk
management plan, a plan that documents the procedures for
managing risk throughout a project

• The project team should review project documents and

understand the organization’s and the sponsor’s approaches
to risk

• The level of detail will vary with the needs of the project
18
 Table 11-2. Topics Addressed in a
Risk Management Plan
• Methodology

• Roles and responsibilities

• Budget and schedule

• Risk categories

• Risk probability and impact

• Risk documentation
19
 Contingency and Fallback Plans,
Contingency Reserves
• Contingency plans are predefined actions that the project team will take if an identified
risk event occurs
• Fallback plans are developed for risks that have a high impact on meeting project
objectives and are put into effect if attempts to reduce the risk are not effective
• Contingency reserves or allowances are provisions held by the project sponsor or
organization to reduce the risk of cost or schedule overruns to an acceptable level

20
 Common Sources of Risk in
Information Technology Projects
• S e v e r a l s tu d ie s s h o w th a t IT p r o je c ts s h a r e s o m e
c o m m o n s o u r c e s o f r is k

• Th e S ta n d is h Gr o u p d e v e lo p e d a n IT s u c c e s s
p o te n tia l s c o r in g s h e e t b a s e d o n p o te n tia l r is k s

• Oth e r b r o a d c a te g o r ie s o f r is k h e lp id e n tify
p o te n tia l r is k s

21
 Table 11-3. Information
Technology Success Potential
Scoring Sheet
Success Criterion Relative Importance
User Involvement 19
Executive Management support 16
Clear Statement of Requirements 15
Proper Planning 11
Realistic Expectations 10
Smaller Project Milestones 9
Competent Staff 8
Ownership 6
Clear Visions and Objectives 3
Hard-Working, Focused Staff 3
Total 100

22
 Broad Categories of Risk
• Market risk

• Financial risk

• Technology risk

• People risk

• Structure/process risk

23
 What Went Wrong?
• K P M G, a la r g e c o n s u ltin g fir m , p u b lis h e d a s tu d y
in 1995 th a t fo u n d th a t 55 p e r c e n t o f runaway
p r o je c ts —p r o je c ts th a t h a v e s ig n ific a n t c o s t o r
s c h e d u le o v e r r u n s —d id no risk m a n a g e m e n t a t a ll,
3 8 p e r c e n t d id s o m e (b u t h a lf d id n o t u s e th e ir
r is k fin d in g s a fte r th e p r o je c t w a s u n d e r w a y ), a n d
7 p e r c e n t d id n o t k n o w w h e th e r th e y d id r is k
m anagem ent or not
• Th e tim in g o f r is k m a n a g e m e n t is a ls o a n
im p o r ta n t c o n s id e r a tio n

24
 Risk Breakdown Structure
• A risk breakdown structure is a hierarchy of potential risk
categories for a project

• Similar to a work breakdown structure but used to identify and

categorize risks

25
 Figure 11-4. Sample Risk
Breakdown Structure

26
Information Technology Project Management, Sixth Edition
Table 11-4. Potential Negative Risk Conditions
Associated with Each Knowledge Area

27
 Identifying Risks
• Identifying risks is the process of understanding what potential
events might hurt or enhance a particular project
• Risk identification tools and techniques include:
– Brainstorming
– The Delphi Technique
– Interviewing
– SWOT analysis

28
 Brainstorming
• Brainstorming is a te c h n iqu e b y w h ic h a g r o u p
a tte m p ts to g e n e r a te id e a s o r fin d a s o lu tio n fo r a
s p e c ific p r o b le m b y a m a s s in g id e a s
s p o n ta n e o u s ly a n d w ith o u t ju d g m e n t
• A n e xp e r ie n c e d fa c ilita to r s h o u ld r u n th e
b r a in s to r m in g s e s s io n
• Be c a r e fu l n o t to o v e r u s e o r m is u s e b r a in s to r m in g
– Psychology literature shows that individuals produce a greater number of ideas
working alone than they do through brainstorming in small, face-to-face groups
– Group effects often inhibit idea generation

29
 Delphi Technique
• Th e Delphi Technique is u s e d to d e r iv e a c o n s e n s u s
a m o n g a p a n e l o f e xp e r ts w h o m a k e p r e d ic tio n s
a b o u t fu tu r e d e v e lo p m e n ts

• P r o v id e s in d e p e n d e n t a n d a n o n y m o u s in p u t
r e g a r d in g fu tu r e e v e n ts

• Us e s r e p e a te d r o u n d s o f qu e s tio n in g a n d w r itte n
r e s p o n s e s a n d a v o id s th e b ia s in g e ffe c ts
p o s s ib le in o r a l m e th o d s , s u c h a s b r a in s to r m in g

30
 Interviewing
• Interviewing is a fact-finding technique for collecting information
in face-to-face, phone, e-mail, or instant-messaging discussions

• Interviewing people with similar project experience is an

important tool for identifying potential risks

31
 SWOT Analysis
• SWOT analysis (strengths, weaknesses, opportunities, and
threats) can also be used during risk identification

• Helps identify the broad negative and positive risks that apply to
a project

32
 Risk Register
• The main output of the risk identification process is a list of identified risks and other
information needed to begin creating a risk register
• A risk register is:
– A document that contains the results of various risk management processes and that is
often displayed in a table or spreadsheet format
– A tool for documenting potential risk events and related information
• Risk events refer to specific, uncertain events that may occur to the detriment or
enhancement of the project

33
 Risk Register Contents
• An identification number for each risk event
• A rank for each risk event
• The name of each risk event
• A description of each risk event
• The category under which each risk event falls
• The root cause of each risk

34
 Risk Register Contents
(continued)
• Triggers for each risk; triggers are indicators or symptoms of
actual risk events
• Potential responses to each risk
• The risk owner or person who will own or take responsibility for
each risk
• The probability and impact of each risk occurring
• The status of each risk

35
 Table 11-5. Sample Risk
Register

36
Information Technology Project Management, Sixth Edition
 Performing Qualitative Risk
Analysis
• Assess the likelihood and impact of identified risks to
determine their magnitude and priority
• Risk quantification tools and techniques include:
– P r o b a b ility /im p a c t m a tr ixe s
– Th e To p Te n R is k Ite m Tr a c k in g
– Exp e r t ju d g m e n t

37
 Probability/Impact Matrix
• A probability/impact matrix o r chart lis ts th e r e la tiv e
p r o b a b ility o f a r is k o c c u r r in g o n o n e s id e o f a
m a tr ix o r a xis o n a c h a r t a n d th e r e la tiv e im p a c t o f
th e r is k o c c u r r in g o n th e o th e r
• L is t th e r is k s a n d th e n la b e l e a c h o n e a s h ig h ,
m e d iu m , o r lo w in te r m s o f its p r o b a b ility o f
o c c u r r e n c e a n d its im p a c t if it d id o c c u r
• C a n a ls o c a lc u la te risk factors
– Numbers that represent the overall risk of specific events based on their probability
of occurring and the consequences to the project if they do occur

38
 Figure 11-5. Sample
Probability/Impact Matrix

39
 Figure 11-6. Chart Showing High-,
Medium-, and Low-Risk Technologies

40
 Top Ten Risk Item Tracking
• Top Ten Risk Item Tracking is a qu a lita tiv e r is k a n a ly s is
to o l th a t h e lp s to id e n tify r is k s a n d m a in ta in a n
a w a r e n e s s o f r is k s th r o u g h o u t th e life o f a
p r o je c t
• Es ta b lis h a p e r io d ic r e v ie w o f th e to p te n p r o je c t
r is k ite m s
• L is t th e c u r r e n t r a n k in g , p r e v io u s r a n k in g ,
n u m b e r o f tim e s th e r is k a p p e a r s o n th e lis t o v e r
a p e r io d o f tim e , a n d a s u m m a r y o f p r o g r e s s
m a d e in r e s o lv in g th e r is k ite m

41
Table 11-6. Example of Top Ten Risk Item
Tracking

42
 Watch List
• A watch list is a list of risks that are low priority but are still
identified as potential risks
• Qualitative analysis can also identify risks that should be
evaluated on a quantitative basis

43
 Performing Quantitative Risk
Analysis
• Often follows qualitative risk analysis, but both can be done
together
• Large, complex projects involving leading edge technologies
often require extensive quantitative risk analysis
• Main techniques include:
– De c is io n tr e e a n a ly s is
– S im u la tio n
– S e n s itiv ity a n a ly s is

44
 Decision Trees and Expected
Monetary Value (EMV)
• A decision tree is a diagramming analysis technique used to help
select the best course of action in situations in which future
outcomes are uncertain
• Estimated monetary value (EMV) is the product of a risk event
probability and the risk event’s monetary value
• You can draw a decision tree to help find the EMV

45
Figure 11-7. Expected Monetary
Value (EMV) Example

46
 Simulation
• S im u la tio n u s e s a r e p r e s e n ta tio n o r m o d e l o f a
s y s te m to a n a ly z e th e e xp e c te d b e h a v io r o r
p e r fo r m a n c e o f th e s y s te m
• Monte Carlo analysis s im u la te s a m o d e l’s o u tc o m e
m a n y tim e s to p r o v id e a s ta tis tic a l d is tr ib u tio n o f
th e c a lc u la te d r e s u lts
• To u s e a M o n te C a r lo s im u la tio n , y o u m u s t h a v e
th r e e e s tim a te s (m o s t lik e ly , p e s s im is tic , a n d
o p tim is tic ) p lu s a n e s tim a te o f th e lik e lih o o d o f th e
e s tim a te b e in g b e tw e e n th e m o s t lik e ly a n d
o p tim is tic v a lu e s
47
Steps of a Monte Carlo Analysis
1. A s s e s s th e r a n g e fo r th e v a r ia b le s b e in g
c o n s id e r e d
2 . De te r m in e th e p r o b a b ility d is tr ib u tio n o f e a c h
v a r ia b le
3 . Fo r e a c h v a r ia b le , s e le c t a r a n d o m v a lu e b a s e d
o n th e p r o b a b ility d is tr ib u tio n
4. R u n a d e te r m in is tic a n a ly s is o r o n e p a s s th r o u g h
th e m o d e l
5. R e p e a t s te p s 3 a n d 4 m a n y tim e s to o b ta in th e
p r o b a b ility d is tr ib u tio n o f th e m o d e l’s r e s u lts
48
 Figure 11-8. Sample Monte Carlo
Simulation Results for Project Schedule

49
 What Went Right?
• A la r g e a e r o s p a c e c o m p a n y u s e d M o n te C a r lo
s im u la tio n to h e lp qu a n tify r is k s o n s e v e r a l
a d v a n c e d -d e s ig n e n g in e e r in g p r o je c ts , s u c h a s
th e Na tio n a l A e r o s p a c e P la n (NA S P )
• Th e r e s u lts o f th e s im u la tio n w e r e u s e d to
d e te r m in e h o w th e c o m p a n y w o u ld in v e s t its
in te r n a l r e s e a r c h a n d d e v e lo p m e n t fu n d s
• S e e te xt fo r e xa m p le s o f h o w Ge n e r a l M o to r s , Eli
L ily , a n d P r o c to r & Ga m b le u s e s im u la tio n s o ftw a r e

50
 Sensitivity Analysis
• Sensitivity analysis is a te c h n iqu e u s e d to s h o w th e
e ffe c ts o f c h a n g in g o n e o r m o r e v a r ia b le s o n a n
o u tc o m e
• Fo r e xa m p le , m a n y p e o p le u s e it to d e te r m in e w h a t
th e m o n th ly p a y m e n ts fo r a lo a n w ill b e g iv e n
d iffe r e n t in te r e s t r a te s o r p e r io d s o f th e lo a n , o r fo r
d e te r m in in g b r e a k -e v e n p o in ts b a s e d o n d iffe r e n t
a s s u m p tio n s
• S p r e a d s h e e t s o ftw a r e , s u c h a s Exc e l, is a c o m m o n
to o l fo r p e r fo r m in g s e n s itiv ity a n a ly s is

51
Figure 11-9. Sample Sensitivity Analysis
for Determining Break-Even Point

52
 Planning Risk Responses
• After identifying and quantifying risks, you must decide how to
respond to them
• Four main response strategies for negative risks
– R is k a v o id a n c e
– R is k a c c e p ta n c e
– R is k tr a n s fe r e n c e
– R is k m itig a tio n

53
Table 11-7. General Risk Mitigation Strategies
for Technical, Cost, and Schedule Risks

54
 Response Strategies for Positive
Risks
• Risk exploitation
• Risk sharing
• Risk enhancement
• Risk acceptance

55
 Residual and Secondary Risks
• It’s also important to identify residual and secondary risks
• Residual risks are risks that remain after all of the response
strategies have been implemented
• Secondary risks are a direct result of implementing a risk
response

56
 Monitoring and Controlling Risks
• Involves executing the risk management process to respond to
risk events
• Workarounds are unplanned responses to risk events that must
be done when there are no contingency plans
• Main outputs of risk monitoring and control are:
– Risk register updates
– Organizational process assets updates
– Change requests
– Updates to the project management plan and other project documents

57
 Using Software to Assist in
Project Risk Management
• Risk registers can be created in a simple Word or Excel file or as
part of a database
• More sophisticated risk management software, such as Monte
Carlo simulation tools, help in analyzing project risks
• You can purchase add-ons for Excel and Project 2007 to perform
simulations

58
 Results of Good Project Risk
Management
• Unlike crisis management, good project risk management often
goes unnoticed
– P R M s e r in g te r ja d i ta n p a d is a d a r i
• Well-run projects appear to be almost effortless, but a lot of work
goes into running a project well
• Project managers should strive to make their jobs look easy to
reflect the results of well-run projects

59
 Summary
• P r o je c t r is k m a n a g e m e n t is th e a r t a n d s c ie n c e
o f id e n tify in g , a n a ly z in g , a n d r e s p o n d in g to r is k
th r o u g h o u t th e life o f a p r o je c t a n d in th e b e s t
in te r e s ts o f m e e tin g p r o je c t o b je c tiv e s
• M a in p r o c e s s e s in c lu d e :
– Plan risk management
– Identify risks
– Perform qualitative risk analysis
– Perform quantitative risk analysis
– Plan risk responses
– Monitor and control risks

60
Mitigasi Risiko Operasional dan
Mitigasi Resiko pada Investigasi
Internal
 • Pada akhir November 2001, seorang
karyawan UBS Warburg, sebuah bank di
Swiss, melakukan kesalahan dalam
perdaganganb di Tokyo. Trader tersebut
memasukkan order menjual saham Dentsu
Ilustrasi Risiko sebanyak 610.000 lembar dengan harga 16
yen perlembar saham, meskipun sistem

Operasional komputer sudah menanyakan ulang order

tersebut. Padahal dia seharusnya menjual 16
lembar saham Dentsu dengan harga 610.000
yen. Dengan demikian, dia menjual saham
dengan harga terlalu murah. Sebagai
akibatnya, UBS warburg mengalami kerugian
US$ 50 juta
Pendahuluan

● Risiko Operasional terjadi karena masalah

operasional merupakan peristiwa kerugian yang
dihadapi perusahaan saat kegiatan dimulai
bahkan sebelum dimulai.
● Masalas operasional tersebut misal memasang
peralatan, menyusun sistem gaji, mengawasi
karyawan, mengawasi kegiatan produksi, dan
lain-lain.
Definisi Risiko Operasional

● Risiko operasional merupakan tipe risiko yang paling tua tetapi paling sedikit dipahami
dibandingkan dengan tipe risiko lainnya.
● Contoh perusahaan sudah lama tahu ada risiko kesalahan pencatatan, kegagalan sistem
komputer, ancaman teroris, serangan virus, pengawasan yang tidak memadai, dll.
● Perusahaan secara tidak langsung telah mengantisipasi risiko operasional tadi walaupun
tidak dengan nama manajemen risiko. Misal perusahaan berusaha memperbaiki sistem,
prosedur atau proses bisnis melalui manajemen kualitas
● Risiko operasional adalah segala kemungkinan kerugian yang akan dihadapi perusahaan
berkaitan dengan kegiatan operasional perusahaan.
 ● Kegagalan Proses Internal
merupakan risiko yang barkaitan dengan kegagalan
proses atau prosedur internal perusahaan.
● Kegagalan mengelola SDM
Kerugian yang dihadapi oleh perusahaan yang

Jenis-Jenis
dilakukan karyawan baik disengaja ataupun tidak
disengaja.
● Risiko Eksternal
Risiko Berkaitan dengan kejadian yang bersumber dari luar
organisasi dan diluar pengendalian organisasi.

Operasional ● Risiko Sistem

Risiko yang muncul karena adanya perkembangan
sistem teknologi dan masalah yang terjadi pada sistem
teknologi tersebut.
Pengukuran Risiko Operasional

● Klasifikasi pengukuran risiko

1.Frekuensi atau Probabilities Terjadinya Risiko
2.Tingkat Keseriusan Kerugian atau Impact dari Risiko
● Dengan dua dimensi tersebut kita bisa membuat matriks
frekuensi atau tingkat keseriusan risiko yang ada.
● Contoh Risiko gagal bayar merupakan risiko yang jarang
terjadi tetapi jika terjadi maka perusahaan menghadapi
kerugian yang besar. Berarti risiko gagal bayar berfrekuensi
(likelihood)rendah tetapi severity (significance) tinggi
Pengukuran Risiko Operasional

Kesalahan pencatatan atau proses seringkali terjadi dalam

produksi tetapi risiko kerugian yang dihadapi tidak terlalu tinggi.
Berarti frekuensi tinggi tetapi severity(significance) rendah.

Dengan menggambarkan frekuensi dan severity memiliki implikasi

bagaimana dalam mengelola risiko
Matriks frekuensi dan
signifikansi
● Signifikansi (Severity) rendah dan likehood
(frekuensi) rendah
● Signifikansi (Severity) tinggi dan likehood
(frekuensi) rendah
● Signifikansi (Severity) rendah dan likehood
(frekuensi) tinggi
● Signifikansi (Severity) tinggi dan likehood
(frekuensi) tinggi
 Kuadran II Kuadran IV
Detect And Monitor Prevent At Source
Strategi
Menghadapi
Risiko
Berdasarkan
Matriks Severity
Frekuensi
Kuadran I Kuadran III
(Low Control) Monitor
Signifikansi
(Severity) Perusahaan menerapkan sistem
pengawasan rendah terhadap risiko
ini.
rendah dan
likehood Pengawasan yang terlalu berlebihan

(frekuensi)
pada jenis risiko ini menimbulkan
biaya yang relatif besar dibanding
dengan manfaatnya,

rendah
Signifikansi (Severity) tinggi dan likehood (frekuensi)
rendah
● Risiko ini menantang untuk dihadapi karena jika risiko ini muncul maka perusahaan
menghadapi kerugian yang besar dan bisa mengakibatkan kebangkrutan.
● Risiko ini jarang terjadi dan kadang sulit dikenali oleh perusahaan oleh karena itu risiko ini
sulit dipahami karakteristiknya dan sulit diprediksi kapan datangnya
● Contoh : Baring gagal melakukan pengawasan trading yang diluar batas oleh seorang
tradernya, kemudian terjadi kerugian yang mengakibatkan kebangkrutan perusahaan
Signifikansi (Severity) rendah dan likehood (frekuensi)
tinggi
● Risiko ini sering muncul tetapi besarnya kerugian relatif kecil.
● Risiko ini akibat perusahaan menjalankan bisnisnya. Contoh perusahaan supermarket ada risiko
shoplifting (pencurian oleh pembeli), barang dagangan rusak, botol pecah, dll.
● Risiko ini bisa dianggap sebagai biaya dari kegiatan bisnis (cost of doing business) dan dimasukkan
dalam kmponen harga.
● Jika risiko bergerak melewati batas cost of doing business maka perusahaan segera harus melakukan
penanganan risiko
Signifikansi (Severity) tinggi dan likehood (frekuensi)
tinggi
● Jika risiko ini terjadi berarti perusahaan sudah tidak dapat mengendalikan risiko dan bisa berakibat
kebngkrutan.
● Contoh jika perusahaan tidak dapat menangani penggelapan uang dengan jumlah yang besar yang
dilakukan oleh karyawannya (frekuensi rendah, severity tinggi) maka akan ada kemungkinan akan
berubah menuju kuadran IV yaitu frekuensi tinggi, severity tinggi.
● Jika hal tersebut terjadi maka perusahaan akan bangkrut dalam waktu singkat. Oleh karena itu tugas
manajemen risiko adalah mencegah migrasinya risiko-risiko yang ada kedalam kuadran IV
Perubahan ● Faktor-faktor yang menyebabkan perubahan
karakteristik risiko operasional :
Karakteristik 1.
2.
Globalisasi
Otomatisasi
Risiko 3.
4.
Mengandalkan teknologi
Outsourcing
Operasional 5. Perubahan budaya masyarakat
Reference • hendroagungs.blogspot.co.id
Sistem Pengendalian Internal
Dan Manajemen Risiko
Sistem Pengendalian Internal

• Sistem pengendalian internal bertujuan untuk meningkatkan efektivitas dan efisiensi operasional,
kelayakan atas laporan keuangan, serta kepatuhan terhadap peraturan perundang-undangan yang
berlaku di Indonesia, baik peraturan yang mengatur Perseroan Terbatas, peraturan OJK maupun
kebijakan Perseroan yang telah ditetapkan.
Aktivitas-Aktivitas Sistem Pengendalian Internal

• Formalisasi kebijakan dan prosedur Perseroan oleh Group Corporate Policy Division (GCP) yang dilakukan melalui kajian
dan persetujuan sampai dengan tingkat otorisasi yang telah ditetapkan. Kebijakan dan prosedur Perseroan
dikelompokkan ke dalam 5 kategori; yaitu penjualan & pemasaran, finansial, operasional, governance, serta general
affair (GA).
• Pembaharuan kebijakan prosedur dalam bentuk perbaikan dan penyempurnaan proses yang sudah ada, baik
menyangkut keuangan maupun operasional Perseroan menjadi satu sinergi proses (integrasi).
• Proses sosialisasi kebijakan dan prosedur melalui intranet dan jaringan Web.
• Formalisasi kode etik Perseroan (code of conduct) yang mencakup penerapan nilai, etika, integritas karyawan yang
dapat diakses oleh seluruh karyawan melalui media intranet (portal) Perseroan.
• Penggunaan program komputer yang terintegrasi dalam transaksi keuangan dan operasional
(penjualan, programming dan SDM).
• Pemisahan fungsi sesuai tugas, tanggung jawab dan kewenangan dalam struktur organisasi Perseroan dan unit usaha.
• Adanya supervisi oleh atasan masing-masing pada setiap tugas dan tanggung jawab.
Case study:
Sistem • Sistem manajemen risiko Perseroan diterapkan guna
Manajemen mengevaluasi efektivitas lingkungan internal,
penetapan tujuan, identifikasi kegiatan, penilaian
Risiko yang risiko, pengelolaan risiko, aktivitas pengendalian,
informasi dan komunikasi, pengawasan.
diterapkan
Perseroan
Sistem Manajemen Risiko yang diterapkan Perseroan

• Perseroan menerapkan sistem manajemen risiko komprehensif yang terintegrasi dengan proses perencanaan strategis
dan kegiatan usaha Perseroan. Manajemen risiko Perseroan dilaksanakan melalui seluruh jajaran dalam manajemen
sesuai dengan peran dan fungsi masing-masing:
• GCP (Group Corporate Policy), sebagai fungsi identifikasi risiko yang dituangkan dalam bentuk kebijakan dan prosedur.
• Internal Control, sebagai fungsi pengendalian internal manajemen risiko.
• Internal Audit, sebagai fungsi evaluasi dari sistem manajemen risiko, pengendalian internal dan perangkat sistem
informasi manajemen terkait.
• IT Audit, sebagai fungsi memastikan kecukupan kontrol atas sistem yang digunakan oleh Perseroan.
• CCSA (Compliance and Control Self Assessment), sebagai fungsi evaluasi dari sistem manajemen risiko, pengendalian
internal dan perangkat sistem informasi manajemen terkait.
• MARS (Management Awareness Reporting System), sebagai fungsi manajemen risiko dalam mengidentifikasi,
melaporkan dan menyelesaikan permasalahan-permasalahan yang dihadapi oleh Perseroan dan unit usaha.
Risiko Utama yang dihadapi Perseroan

• Strategi yang dapat diterapkan dalam pengelolaan risiko adalah dengan cara membagi risiko, menghindari risiko, mengurangi tingkat risiko melalui sistem
pengendalian internal, atau menerima risiko yang ada. Risiko-risiko utama yang dihadapi oleh Perseroan pada dasarnya dapat dikelompokkan menjadi dua
yaitu:
• Risiko Eksternal
• Risiko akibat perubahan terhadap peraturan perundang-undangan baik yang dikeluarkan oleh Pemerintah maupun pihak berwenang lainnya.
• Risiko akibat perubahan orientasi pelanggan/pemirsa.
• Risiko akibat perkembangan teknologi.
• Risiko akibat pesaing baru.
• Risiko akibat keluhan/ketidakpuasan pelanggan.
• Risiko Internal
• Risiko akibat kesalahan proses.
• Risiko akibat adanya kelemahan dalam manajemen aset.
• Risiko akibat kesalahan atau penyalahgunaan sistem.
• Risiko atas kegagalan produksi.
• Risiko akibat kegagalan atau rendahnya distribusi hasil produksi kepada konsumen.
Mitigasi Risiko yang dilakukan Perseroan
• Selama kuartal III dan IV tahun 2018, sistem manajemen risiko telah berjalan secara efektif dengan mitigasi risiko sebagai berikut:
• Risiko Eksternal
1. Mematuhi perubahan atau adanya undang-undang dan peraturan Pemerintah yang baru baik di industri media maupun perpajakan.
2. Memantau selera pasar dengan mengevaluasi program-program berdasarkan hasil riset dari The Nielsen Company mengenai rating.
3. Melakukan efisiensi melalui perbaikan proses, serta mendukung implementasi dan proyek transformasi bisnis melalui penurunan risiko dengan memastikan
proses governance berjalan dan mengurangi kesalahan/error data manual.
• Risiko Internal
1. Menjaga kualitas dan kesinambungan kegiatan operasional sehari-hari Perseroan dengan melakukan:
-Pembuatan kebijakan yang terpusat untuk menjaga konsistensi dan keseragaman prosedur di setiap proses bisnis di semua unit usaha Perseroan.
-Proses pengambilan keputusan berdasarkan matrix approval yang diketahui oleh Manajemen Perseroan.
-Koordinasi antara setiap unit usaha dalam pengembangan dan pengaturan SDM.
-Proses audit berbasis risiko.
-Peningkatan pemantauan unit usaha terkait atas kepatuhan dalam kegiatan operasional.
-Pengembangan sistem manajemen kebijakan dan prosedur melalui intranet dan jaringan Web.

2. Melakukan efisiensi melalui perbaikan proses, serta mendukung implementasi dan proyek transformasi bisnis melalui:
-Peningkatan proses kerja dan pengendalian proses melalui sistem yang dijalankan secara terpusat.
-Eliminasi pelaksanaan kerja secara manual dan meningkatkan pelaksanaan kerja secara otomatisasi untuk mempercepat proses melalui sistem yang terintegrasi.
-Mempersiapkan rencana pengembangan yang akurat dan merekomendasikannya pada isu bisnis yang berulang.
-Meningkatkan efisiensi dan kualitas kerja dengan mendukung integrasi tenaga kerja serupa pada unit yang berbeda