Indonesia

Infrastructure
Learning Institute
( I2LI )
Pengenalan ISO 31000:2018
Day-1, Rabu 27 Oktober 2021
“Risk comes from not knowing what
you’re doing”

Warren Buffet
WHY does risk matter?

The purpose
of risk management is
to create and protect value
 DEFINISI RISIKO

Berdasarkan ISO 31000:2018

Risiko merupakan “pengaruh ketidakpastian dalam pencapaian sasaran”

Mengelola risiko adalah bagian dari tata kelola dan kepemimpinan untuk
menciptakan dan melindungi nilai

Risiko = Ancaman dan Peluang

LOSS RISK GAIN

 What is Risk?

Risk is “Uncertainty that matters” (Hillson, 2003, 2009)

Risk Management is parts of good corporate governance and leadership to

protect and create value.

Destination :Airport
Objection: site visit in Balikpapan
AT 10.00 WITA

How you get there : Taxi? Bus?

Possible risk : Traffic jam, not
enough
money in your balance, rapid test (?)
 How are risk linked to objectives ? (1)

Objectives Risk (corporate) Control

• Corporate • Regulations & Markets • ISO
Example : Key • Strategic • Internal Control
Performance Indicator • Liquidity through effective
(KPI) • Operational business process
• Project
• Credit
• Law
• Reputation
• Compliance
 How are risk linked to objectives? (2)

Objectives Risk Control

Subjective Risk

Relative variation of actual Assesment of Assessment of uncertainty

loss from expected loss based on personal mental
uncertainty state or opinion
Ex. Can be statistically
calculated
based on
personal mental
state or opinion
 Risk quotes

THE BIGGEST RISK IS NOT TAKING ANY RISK

-Mark Zuckerberg-

?
 So, Is Risk Good or Bad?

THREAT OPPORTUNITIES
Based on objectives and A situation in
point of view Any circumstances or
which something can
event with the potential
be improve, when value
to harm something
can be created for a
constituency and
Capture by creator

Downside risk Upside risk

Potential
Potential Loss RISK Gain
 MASALAH VS RISIKO

PAST PRESENT FUTURE

Keputusan Masalah
Action

Problem/Crisis Management
Ketidakpastian
Kita tidak dapat mengelola
ketidakpastian, dan ketika itu menjadi
masalah, kerusakan telah dibuat.
Risiko
Keputusan

Masalah ≠ Risiko Ketidakpastian

Masalah/Krisis: Risiko:
Risiko bukan tentang menghindari masalah,
• Terjadi saat ini • Potensi Risiko tetapi bagaimana kita mempersiapkan untuk
• Akibat keputusan/aktivitas masa • Akibat keputusan/aktivitas
lalu saat ini menghadapi masalah (potensial).
 What is the difference between problem and
risk?

Risk also an
Risk can be a threat opportunity
Beware of future
Dynamic
Danger
Ambiguous
Non-linear
Global (global/local)
Emergent
Relational
 The Black Swan, a hindsight
All swans must be white (?)

In that context, a black swan was impossible or at least nonexistent.

However, in 1697, Dutch explorers led by Willem de Vlamingh became
the first Europeans to see black swans, in Western Australia.The term
subsequently metamorphosed to connote the idea that a perceived
impossibility might later be disproven. Taleb notes that in the 19th
century, John Stuart Mill used the black swan logical fallacy as a new term
to identify falsification.

Nicholas Taleb describes A Black Swan as an event

that:
- Is a surprise
- Has a major/catastrophic impact
- Is rationalized by hindsight after the occurrence
as if it was expected/predictable
- The “unknown unknowns”

Examples: internet occurrence; 9/11

Is corona virus a risk, an issue, or the black swan?

?
 The answer : It is an Issue/ Problem
The Great Plague Marseilles
Arriving in Marseille, France in 1720, the disease killed a total of 100,000 people:
50,000 in the city during the next two years and another 50,000 to the north in
surrounding provinces and towns.

The first cholera pandemic (1817–1824), also known as the first Asiatic cholera
pandemic or Asiatic cholera, began near the city of Calcutta and spread throughout
South and Southeast Asia to the Middle East, eastern Africa and the Mediterranean
coast.

03

The Spanish flu, also known as the 1918 flu pandemic, was
an unusually deadly influenza pandemic caused by
the H1N1 influenza A virus. Lasting from February 1918 to
April 1920, it infected 500 million people – about a third of
02 the world's population at the time – in four successive
waves.
 Risk Management

The systematic application of principles,

approach, and processes to the tasks of
identifying and assessing risks, and then
planning and implementing risk responses.
 SUDUT PANDANG RISIKO

Berdasarkan ▪ Past ▪ Present ▪ Future

Waktu
RISK PROBLEMS/ ISSUES FINDINGS/ AUDIT

RISK
No Information Partial Information Complete Information
Berdasarkan
Informasi
Tersedia
Total General Specific Total
Uncertainty Uncertainty Uncertainty Certainty

ISO Guide 73:2009 defines : uncertainty as “state, Ketidakpastian sebagai "keadaan, bahkan sebagian, dari
even partial, of deficiency of information related to a kekurangan informasi terkait dengan peristiwa di masa depan,
konsekuensi atau kemungkinan".
future event, consequence or likelihood”.
DISASTER, RISK & CRISIS MANAGEMENT
 INTEGRATED RISK MANAGEMENT

Integration of…
STRATEGIC

OPERASIONAL

TACTICAL

Integration of…
 SIAPAKAH PEMILIK RISIKO ITU?
Tingkat berbeda memiliki jenis risiko yang berbeda

Corporate Level RISKS

Division Level
Risks ultimately should be
filtered to the lowest level
possible for ownership and
mitigation
Department Level

Section Level

Source: Diana Borgmeyer, VIMA (2012)

21
 ERM VS IRM

▪ Integrated Risk Management (IRM) merupakan pendekatan yang menghubungkan fokus strategis program
Enterprise Risk Management (ERM) dengan langkah-langkah taktis yang diperlukan untuk melindungi aset
bisnis yang paling relevan
▪ Program ERM biasanya efektif untuk lebih memahami risiko strategis. Namun, program ERM tidak seefektif
mengatasi risiko di tingkat yang lebih rendah.

Sumber: blogs.gartner.com
 LEVEL IMPLEMENTASI ERM

VALUE CONTRIBUTED
Enterprise-wide
Finansial Operasional Manajemen Risk Management
Strategy

Business Risk
Management

Risk
Management

RISK MANAGEMENT PERSPECTIVE

 BUDAYA RISIKO

Increasing Risk Professionalism

Value Driven
Optimized
Managed maturity
Integration of positively
Insight risk and strategy influencing cost
into one office of capital, credit
Risk being rating and
Awareness professionalized with derived
authority form insurance
Board : risk appetite
framework, data board and CEO
Basic awareness with
introduction of governance
Structured commencing
informality, but formal
dependent on processes
local
imperatives and
initiatives Sumber: Risk Management International
COSO ERM VS ISO 31000
 ISO 31000:2018 – OVERVIEW
▪ Definisi istilah-istilah utama, antara lain risiko, manajemen risiko, pemangku kepentingan,
sumber risiko, peristiwa, konsekuensi, probabilitas dan kontrol;
▪ Prinsip-prinsip manajemen risiko, bahwa manajemen risiko terintegrasi dilaksanakan melalui
pendekatan terstruktur, komprehensif, disesuaikan, inklusif dan dinamis berdasarkan informasi
terbaik yang tersedia pada faktor manusia dan budaya dan terus menerus diperbaiki;
▪ Kerangka kerja untuk memastikan bahwa manajemen risiko diterapkan dan diintegrasikan
dengan benar, dirancang secara hati-hati, ditinjau secara berkala dan terus menerus diadaptasi
dan diperbaiki;
▪ Bagian tentang proses manajemen risiko, termasuk identifikasi, analisis, evaluasi dan
perlakuan risiko, serta pemantauan dan peninjauan, komunikasi dan konsultasi.
 IRM BERBASIS ISO 31000:2018

Risk Management Principles

Continual
improvement integrated

Risk Management Framework Human &

Risk Management Process
Structured &
Cultural Comprehensive
Factors
Value
Creation Scope,
Best
& Protection Context,
Integration Criteria
Available Customised
Information
Risk Assessment

Monitoring & Review

Communication &
improvement

consultation
Design Dynamic Inclusive Risk Identification
Leadership &
Commitment Risk Analysis

Risk Evaluation

Evaluation implementation
Risk Treatment

Recording & Reporting

Sumber: ISO 31000:2018
 RISK MANAGEMENT SYSTEM
Laporan Tahunan: Opini yang Independen & Obyektif oleh SPI perihal
Komite Audit apakah risiko risiko telah dikelola sampai pada level yang bisa diterima
BOD perusahaan
Visi dan Misi Laporan Profil
Sasaran Organisasi Risiko (Update
Komite Periodik)
Manajemen
Sasaran Unit Kerja, Risiko
Cabang, Anak Audit Kecukupan Proses
Perusahaan Manajemen Risiko

Risk Management & Internal Audit

Compliance Group

Pengendalian Internal
(Proses Pengelolaan
Risiko)
1. Penyusunan Profil Risiko RKAP
Audit Berbasis Risiko
(RKAP Berbasis Risiko)
2. Laporan Update atas Risk (Membuat Audit Plan)
Register (3 Bulanan)
Pengukuran Maturitas

Risiko-risiko pada
Proses Manajemen Risiko yang
semua Unit Kerja yang Unit kerja, Cabang, Anak
dilakukan berksinambungan
menghambat
oleh Setiap Unit kerja
Perusahaan
Pencapaian Sasaran

RISK OWNER
RCSA / RISK ASSESMENT / RISK REGISTER
Corporate Planning & Budgetting

RISK BASED BUDGETTING

RISK PROFILE – TOP RISK

CORPORATE/DIVISI/CABANG

TOP DOWN – BOTTOM UP

 3 Lines of Defense

First Line of Defense Second Line of Defense Third Line of Defense

Manajemen Risiko dan Kerangka, Kebijakan dan Jaminan dan

Pengendalian Risiko Metodologi Manajemen Risiko Pengawasan Risiko yang
Independen

Dewan Direksi Dewan Komisaris

Komite
Pemilik Risiko (Risk owner) Komite Audit
• Risk and Quality Management Group Risiko dan Hukum
➢ Asset Owner • Tim Sekretariat Komite Manajemen Risiko
• Unit Kerja • Komite Manajemen Risiko
➢ Asset Manager
• Regional Internal Audit
• Anak Perusahaan
➢ Service Provider
• JMTM/JMTO/JMRB
External Audit
3 LINES OF DEFENCES (UPDATED)
PROSES MANAJEMEN RISIKO
 Who should own the risk?

Risk
Objectives

Strategic
Strategic/ Management level
Business value

risk
Objectives

Technical
Technical Technic Manager
Objectives

Project
Risk
Project Project Manager
Objectives

Value
Risk
Personal
Personal Value Individual
 Risk management is natural process
What am I trying to
Objective setting and understanding
01
01 achieve?
scope

Risk identification, uncertainties,

02 future events

Risk assessment, likelihood, impact

03
Mitigation, prevention, Avoid, Reduce, Transfer, Accept > downside
risk/threat
04 What should I do?
Exploit, Share, Enhance, Accept >upside risk/opportunities

05 Did it work? Risk Review

Risk
06 What’s new? Updates
What is the difference between risk appetite and risk tolerance?

Risk appetite The risk you need to take (strategic)

Risk tolerance

The risk you prefer to take

(physicological) Risk Capacity The risk you afford to take (financially)

Balancing risk

Risk Decision
 Risk Attitude

RISK AVERSE RISK SEEKING

RISK NEUTRAL RISK TOLERANT

 did you know this?
WHY?
Inflation or deflatio

Supply demand

Government Policy

Interest rate

Exchanger rate

Other factors

Gold price 1994-2019

...and did you know this?
 It is predicted….we are just not ready….
01
https://www.ted.com/talks/bill_gates_the_next_outbr
eak_we_re_not_ready?language=en

02
Diskusi & Presentasi
Thank you
Co-creation as the collaborative innovation development of: