2 ERM Approach

8/12/2019 2 ERM Approach

1/20

MOHAMAD HASSAN, MAFIS, QIA, CRMP, CRMA


2/20

APAKAH RISIKO?

ISO 31000:2009

engaruhketidakpastianterhadaptujuan

Penyimpangan dariyang diharapkan -positif atau negatif

Kekurangan informasi yang terkait

dengan suatu peristiwa,dampaknya, ataukemungkinannya

Berbagai aspek, misalkeuangan, keselamatan,

lingkungan Berbagai level: strategi,

projek, divisi


3/20

3

How to explain Risks

Register Risiko

Sumber risiko(hazard)

Peristiwa(kapan & dimana?)

Outcome(konsekuensi)

Penyebab

(bagaimana,mengapa)

Api(kebakaran) Kebakaran di kantorpusat Kerugian Rp. 500juta Arus pendek

Virus Wabah H1N1 Gangguan operasi Pegawaiterkena kontak


4/20

4JENIS

RISIKO SUMBERRISIKO PERISTIWAATAUEKSPOSURE

KONSEKUENSI SEBAB RISK FACTOR

Safety Bekerja diketinggian Jatuh Luka ataumeninggal Disain yangjelek Ketinggian(dari tanah)

Kesehatan Chemical Kontak Cancer Tidakmemahamibahan kimia

Jumlah bahankimia

Keuangan Sukubunga Naik lebih dari2% dalam satu

tahunPenurunanprofit Tekananinflasi Besarnyapinjaman

Proyek Sumberpasokan Pengirimanspare part

terlambatProjek delay Kebakaran di

gudangpemasok

Ada tidaknyapemasokalternatif

Understanding of Risks ..


5/20


6/20


7/20

ENTERPRISE RISK MANAGEMENT APPROACHES

HOLISTIC APPROACHSILO APPROACH

SINGLE RISK LIBRARY (USE OF A

COMMON LANGUAGE)

ASSURED CONSISTENCY

MULTIPLE RISK LIBRARY

SCATTERED ACROSS DEPTSINCONSISTENCIES POSSIBLY

OCCURED

RISK MANAGEMENT OPINION

AGGREGATION ISSUES


DIRECTLY CATCHES FROM THERISK REGISTERS


AGGREGATION ISSUES


8/20

ENTERPRISE RISK MANAGEMENT MODEL

CONTROL PROCESS MODELMEASUREMENT MODEL

FOCUS ON CONTROL OVER

IMPORTANT BUSINESS

PROCESSES

FOCUS ON SIGNIFICANT

MEASURABLE RISKS IN TERMS

OF IMPACT MATERIALITY &

LIKELIHOOD OF OCCURENCE


9/20

Traditional RM vs. ERM: Essential Differences

Traditional risk management ERM

Risk as individual hazards Risk in the context of businessstrategy

Risk identification and assessment Risk portfolio development

Focus on discrete risks Focus on critical risks

Risk mitigation Risk optimization

Risk limits Risk strategy

Risks with no owners Defined risk responsibilities

Haphazard risk quantification Monitoring and measuring of risks

Risk is not my responsibility Risk is everyones responsibility

Source: KPMG LLP.


10/20

Integrated versus siloEWRM should

provide a strategic

and consolidated

picture from two

perspectives:

individual risk

classes acrossbusiness lines

all key risk classes

across the

organization

Executive Management

SENIOR

MGMT.CRO

credit

risk

market

riskops

risk

liquidity

risk

liquidity

risk

ops

risk

market

risk

credit

risk

LOB1

liquidity

risk

ops

risk

market

risk

credit

risk

LOB 2

liquidity

risk

ops

risk

market

risk

credit

risk

LOB 3

credit

risk

opsrisk

market

risk

liquidity

risk

LOB 4


11/20

Risk Management as a Process

Establish Business Risk

Management Process Goals and Objectives

Common Language

Oversight Structure

Information

for Decision-

Making

Develop Business Risk

Management Strategies

Avoid

Transfer

Retain

Exploit

Reduce

Assess Business Risks

IdentifySource

Measure

Continuously Improve

Risk Management

Capabilities

Design/Implement

Risk Management

Capabilities

Monitor Risk

Management

Performance

Source: Enterprise-wide Risk Management: Strategies for linking risk and opportunity


12/20

1. Mantapkan kelembagaan & oversight:

a. Common language dan standards

b. Organisasi (oversight)

c. Tetapkan kebijakan (limit)

2. Process yang seragam

a. Tetapkan risk owners

b. Integrasi dengan strategi perusahaan

Lesson Learned


13/20

1. Kembangkan RM capabilities

2. Lakukan selangkah demi selangkah

3. Fokus pada semua sumber value

4. Kembangkan (latih) fasilitator

5. Tetapkan strategi manajemen risiko yang jelas

Lesson Learned


14/20

Development of Risk Management apability

Capabilities

are

characteristicof individuals,

not of the

organization

Process

established

and

repeating;reliance

on people is

reduced

Policies,

processes and

standards

defined and

formalizedacross the

company

Risks

measured and

managed

quantitatively

and aggregated

on an

enterprise-wide

basis

Organization

focused

on continuousimprovement of

business risk

management

Initial Repeatable Defined Managed Optimizing

Source: Derived from Carnegie Mellon model for inclusion in Enterprise-wide Risk Management: Strategies for linking risk and opportunity

Systematically uild and Improve Risk Management Capabilities


15/20

Risk Identification

Improved ERM Capabilities:

Initial Repeatable Defined

Managed/

Optimizing

Defined process

EWRM responsibilities

Policy guidelines

followed across the

organization

Risk measurement

Consistent risk

reporting

Enterprise-wide limits

Common language

Dedicated resources

Risk management

policy

Risk sourcing

Enterprise-wide risk

strategies

Risk diversification

exploited competitively

Quantification of risk

versus tolerances

Integrated risk

measurement systems

Risk measures applied

to business

performance goals

Source: Enterprise-wide Risk Management: Strategies for linking risk and opportunity


16/20

Initial Repeatable Defined Managed Optimizing

LevelofRiskManageme

ntCapability

Desired level

Current level

STAGE 1

STAGE 2


17/20

Operations

Finance

Technology

Human resources

Competition

RegulatoryEnvironmental

Global expansion

Reputation

From:

Finance function

To:Entire enterprise

Financial risks

Risk insurance

Treasury risk

Foreign exchange

Source:

FutureBrand


18/20Source: Enterprise-wide Risk Management: Strategies for linking risk and opportunity

Systems

and dataMethodologiesManagement

reportsPeople

Business

and Risk

Management

processes

Business

strategies

and policies

Risk if component is deficient:

Process does

not achieve

strategy

People cannot

perform

process

Reports do not

provide

information for

effectivemanagement

Methodologies

do not

adequately

analyzeinformation

Information is

not available

for analysis

and reporting


19/20


20/20

2 ERM Approach

Documents

Transcript of 2 ERM Approach