2 ERM Approach
-
Upload
carwadevilisback -
Category
Documents
-
view
228 -
download
2
Transcript of 2 ERM Approach
-
8/12/2019 2 ERM Approach
1/20
MOHAMAD HASSAN, MAFIS, QIA, CRMP, CRMA
-
8/12/2019 2 ERM Approach
2/20
APAKAH RISIKO?
ISO 31000:2009
engaruhketidakpastianterhadaptujuan
Penyimpangan dariyang diharapkan -positif atau negatif
Kekurangan informasi yang terkait
dengan suatu peristiwa,dampaknya, ataukemungkinannya
Berbagai aspek, misalkeuangan, keselamatan,
lingkungan Berbagai level: strategi,
projek, divisi
-
8/12/2019 2 ERM Approach
3/20
3
How to explain Risks
Register Risiko
Sumber risiko(hazard)
Peristiwa(kapan & dimana?)
Outcome(konsekuensi)
Penyebab
(bagaimana,mengapa)
Api(kebakaran) Kebakaran di kantorpusat Kerugian Rp. 500juta Arus pendek
Virus Wabah H1N1 Gangguan operasi Pegawaiterkena kontak
-
8/12/2019 2 ERM Approach
4/20
4JENIS
RISIKO SUMBERRISIKO PERISTIWAATAUEKSPOSURE
KONSEKUENSI SEBAB RISK FACTOR
Safety Bekerja diketinggian Jatuh Luka ataumeninggal Disain yangjelek Ketinggian(dari tanah)
Kesehatan Chemical Kontak Cancer Tidakmemahamibahan kimia
Jumlah bahankimia
Keuangan Sukubunga Naik lebih dari2% dalam satu
tahunPenurunanprofit Tekananinflasi Besarnyapinjaman
Proyek Sumberpasokan Pengirimanspare part
terlambatProjek delay Kebakaran di
gudangpemasok
Ada tidaknyapemasokalternatif
Understanding of Risks ..
-
8/12/2019 2 ERM Approach
5/20
-
8/12/2019 2 ERM Approach
6/20
-
8/12/2019 2 ERM Approach
7/20
ENTERPRISE RISK MANAGEMENT APPROACHES
HOLISTIC APPROACHSILO APPROACH
SINGLE RISK LIBRARY (USE OF A
COMMON LANGUAGE)
ASSURED CONSISTENCY
MULTIPLE RISK LIBRARY
SCATTERED ACROSS DEPTSINCONSISTENCIES POSSIBLY
OCCURED
RISK MANAGEMENT OPINION
AGGREGATION ISSUES
RISK MANAGEMENT OPINION
DIRECTLY CATCHES FROM THERISK REGISTERS
RISK MANAGEMENT OPINION
AGGREGATION ISSUES
-
8/12/2019 2 ERM Approach
8/20
ENTERPRISE RISK MANAGEMENT MODEL
CONTROL PROCESS MODELMEASUREMENT MODEL
FOCUS ON CONTROL OVER
IMPORTANT BUSINESS
PROCESSES
FOCUS ON SIGNIFICANT
MEASURABLE RISKS IN TERMS
OF IMPACT MATERIALITY &
LIKELIHOOD OF OCCURENCE
-
8/12/2019 2 ERM Approach
9/20
Traditional RM vs. ERM: Essential Differences
Traditional risk management ERM
Risk as individual hazards Risk in the context of businessstrategy
Risk identification and assessment Risk portfolio development
Focus on discrete risks Focus on critical risks
Risk mitigation Risk optimization
Risk limits Risk strategy
Risks with no owners Defined risk responsibilities
Haphazard risk quantification Monitoring and measuring of risks
Risk is not my responsibility Risk is everyones responsibility
Source: KPMG LLP.
-
8/12/2019 2 ERM Approach
10/20
Integrated versus siloEWRM should
provide a strategic
and consolidated
picture from two
perspectives:
individual risk
classes acrossbusiness lines
all key risk classes
across the
organization
Executive Management
SENIOR
MGMT.CRO
credit
risk
market
riskops
risk
liquidity
risk
liquidity
risk
ops
risk
market
risk
credit
risk
LOB1
liquidity
risk
ops
risk
market
risk
credit
risk
LOB 2
liquidity
risk
ops
risk
market
risk
credit
risk
LOB 3
credit
risk
opsrisk
market
risk
liquidity
risk
LOB 4
-
8/12/2019 2 ERM Approach
11/20
Risk Management as a Process
Establish Business Risk
Management Process Goals and Objectives
Common Language
Oversight Structure
Information
for Decision-
Making
Develop Business Risk
Management Strategies
Avoid
Transfer
Retain
Exploit
Reduce
Assess Business Risks
IdentifySource
Measure
Continuously Improve
Risk Management
Capabilities
Design/Implement
Risk Management
Capabilities
Monitor Risk
Management
Performance
Source: Enterprise-wide Risk Management: Strategies for linking risk and opportunity
-
8/12/2019 2 ERM Approach
12/20
1. Mantapkan kelembagaan & oversight:
a. Common language dan standards
b. Organisasi (oversight)
c. Tetapkan kebijakan (limit)
2. Process yang seragam
a. Tetapkan risk owners
b. Integrasi dengan strategi perusahaan
Lesson Learned
-
8/12/2019 2 ERM Approach
13/20
1. Kembangkan RM capabilities
2. Lakukan selangkah demi selangkah
3. Fokus pada semua sumber value
4. Kembangkan (latih) fasilitator
5. Tetapkan strategi manajemen risiko yang jelas
Lesson Learned
-
8/12/2019 2 ERM Approach
14/20
Development of Risk Management apability
Capabilities
are
characteristicof individuals,
not of the
organization
Process
established
and
repeating;reliance
on people is
reduced
Policies,
processes and
standards
defined and
formalizedacross the
company
Risks
measured and
managed
quantitatively
and aggregated
on an
enterprise-wide
basis
Organization
focused
on continuousimprovement of
business risk
management
Initial Repeatable Defined Managed Optimizing
Source: Derived from Carnegie Mellon model for inclusion in Enterprise-wide Risk Management: Strategies for linking risk and opportunity
Systematically uild and Improve Risk Management Capabilities
-
8/12/2019 2 ERM Approach
15/20
Risk Identification
Improved ERM Capabilities:
Initial Repeatable Defined
Managed/
Optimizing
Defined process
EWRM responsibilities
Policy guidelines
followed across the
organization
Risk measurement
Consistent risk
reporting
Enterprise-wide limits
Common language
Dedicated resources
Risk management
policy
Risk sourcing
Enterprise-wide risk
strategies
Risk diversification
exploited competitively
Quantification of risk
versus tolerances
Integrated risk
measurement systems
Risk measures applied
to business
performance goals
Source: Enterprise-wide Risk Management: Strategies for linking risk and opportunity
-
8/12/2019 2 ERM Approach
16/20
Initial Repeatable Defined Managed Optimizing
LevelofRiskManageme
ntCapability
Desired level
Current level
STAGE 1
STAGE 2
-
8/12/2019 2 ERM Approach
17/20
Operations
Finance
Technology
Human resources
Competition
RegulatoryEnvironmental
Global expansion
Reputation
From:
Finance function
To:Entire enterprise
Financial risks
Risk insurance
Treasury risk
Foreign exchange
Source:
FutureBrand
-
8/12/2019 2 ERM Approach
18/20Source: Enterprise-wide Risk Management: Strategies for linking risk and opportunity
Systems
and dataMethodologiesManagement
reportsPeople
Business
and Risk
Management
processes
Business
strategies
and policies
Risk if component is deficient:
Process does
not achieve
strategy
People cannot
perform
process
Reports do not
provide
information for
effectivemanagement
Methodologies
do not
adequately
analyzeinformation
Information is
not available
for analysis
and reporting
-
8/12/2019 2 ERM Approach
19/20
-
8/12/2019 2 ERM Approach
20/20