Risk Management System.doc
22
Manajemen risiko Dari Wikipedia bahasa Indonesia, ensiklopedia bebas Langsung ke: navigasi , cari Elemen manajemen risiko Manajemen risiko adalah suatu pendekatan terstruktur/metodologi dalam mengelola ketidakpastian yang berkaitan dengan ancaman; suatu rangkaian aktivitas manusia termasuk: Penilaian risiko , pengembangan strategi untuk mengelolanya dan mitigasi risiko dengan menggunakan pemberdayaan/pengelolaan sumberdaya. Strategi yang dapat diambil antara lain adalah memindahkan risiko kepada pihak lain, menghindari risiko, mengurangi efek negatif risiko, dan menampung sebagian atau semua konsekuensi risiko tertentu. Manajemen risiko tradisional terfokus pada risiko-risiko yang timbul oleh penyebab fisik atau legal (seperti bencana alam atau kebakaran, kematian, serta tuntutan hukum. Manajemen risiko keuangan, di sisi lain, terfokus pada risiko yang dapat dikelola dengan menggunakan instrumen-instrumen keuangan. Sasaran dari pelaksanaan manajemen risiko adalah untuk mengurangi risiko yang berbeda-beda yang berkaitan dengan bidang yang telah dipilih pada tingkat yang dapat diterima oleh masyarakat. Hal ini dapat berupa berbagai jenis ancaman yang disebabkan oleh lingkungan , teknologi , manusia , organisasi dan politik . Di sisi lain pelaksanaan manajemen risiko melibatkan segala cara yang tersedia bagi manusia, khususnya, bagi entitas manajemen risiko (manusia, staff, dan organisasi).
description
Review of Risk Management System
Transcript of Risk Management System.doc
Manajemen risikoDari Wikipedia bahasa Indonesia, ensiklopedia bebasLangsung ke: navigasi, cari
Elemen manajemen risiko
Manajemen risiko adalah suatu pendekatan terstruktur/metodologi dalam mengelola ketidakpastian yang berkaitan dengan ancaman; suatu rangkaian aktivitas manusia termasuk: Penilaian risiko, pengembangan strategi untuk mengelolanya dan mitigasi risiko dengan menggunakan pemberdayaan/pengelolaan sumberdaya. Strategi yang dapat diambil antara lain adalah memindahkan risiko kepada pihak lain, menghindari risiko, mengurangi efek negatif risiko, dan menampung sebagian atau semua konsekuensi risiko tertentu. Manajemen risiko tradisional terfokus pada risiko-risiko yang timbul oleh penyebab fisik atau legal (seperti bencana alam atau kebakaran, kematian, serta tuntutan hukum. Manajemen risiko keuangan, di sisi lain, terfokus pada risiko yang dapat dikelola dengan menggunakan instrumen-instrumen keuangan.
Sasaran dari pelaksanaan manajemen risiko adalah untuk mengurangi risiko yang berbeda-beda yang berkaitan dengan bidang yang telah dipilih pada tingkat yang dapat diterima oleh masyarakat. Hal ini dapat berupa berbagai jenis ancaman yang disebabkan oleh lingkungan, teknologi, manusia, organisasi dan politik. Di sisi lain pelaksanaan manajemen risiko melibatkan segala cara yang tersedia bagi manusia, khususnya, bagi entitas manajemen risiko (manusia, staff, dan organisasi).
Dalam perkembangannya Risiko-risiko yang dibahas dalam manajemen risiko dapat diklasifikasi menjadi
Risiko Operasional Risiko Hazard Risiko Finansial Risiko Strategik
Hal ini menimbulkan ide untuk menerapkan pelaksanaan Manajemen Risiko Terintegrasi Korporasi (Enterprise Risk Management).
Manajemen Risiko dimulai dari proses identifikasi risiko, penilaian risiko, mitigasi,monitoring dan evaluasi.
Daftar isi
[sembunyikan] 1 Sejarah 2 Pengertian Risiko 3 Kategori risiko
o 3.1 Risiko spekulatif o 3.2 Risiko murni
4 Lihat pula 5 Referensi
6 Bacaan lanjutan
[sunting] Sejarah
Rekaman tertua terkait pengelolaan risiko dapat ditemukan pada Piagam Hammurabi (codex Hammurabi), yang dibuat pada tahun 2100 sebelum masehi.[1] Piagam tersebut mencantumkan peraturan dimana pemilik kapal dapat meminjam uang untuk membeli kargo; namun bila dalam perjalanan kapalnya tenggelam atau hilang, ia tidak perlu mengembalikan uang pinjaman tersebut. Masa ini disebut sebagai zaman pertama manajemen risiko, di mana perusahaan hanya melihat risiko non-entrepreneurial (seperti misalnya keamanan).
Tahun 1970-an dan 1980-an disebut sebagai zaman kedua manajemen risiko di mana perusahaan-perusahaan asuransi mulai berusaha mendorong pengusaha untuk benar-benar menjaga barang yang diasuransikan.[1] Pada masa ini juga lahir konsep jaminan mutu (quality assurance) yang menjamin setiap produk memenuhi spesifikasi standarnya. Konsep ini dipopulerkan oleh British Standards Institution yang meluncurkan standar kualitas BS 5750 pada tahun 1979.
Pada tahun 1993, James Lam diangkat menjadi Chief Risk Office, yang merupakan jabatan CRO pertama di dunia.[1]
Zaman ketiga manajemen risiko dimulai tahun 1995 dengan diterbitkannya AS/NZS 4360:1995 oleh Standards Australia of the World's Risk management Standard.[1]
[sunting] Pengertian Risiko
Risiko berhubungan dengan ketidakpastian ini terjadi oleh karena kurang atau tidak tersedianya cukup informasi tentang apa yang akan terjadi.
Sesuatu yang tidak pasti (uncertain) dapat berakibat menguntungkan atau merugikan.menurut Wideman, ketidak pastian yang menimbulkan kemungkinan menguntungkan dikenal dengan istilah peluang (Opportunity), sedangkan ketidak pastian yang menimbulkan akibat yang merugikan dikenal dengan istilah risiko (Risk).
Secara umum risiko dapat diartikan sebagai suatu keadaan yang dihadapi seseorang atau perusahaan dimana terdapat kemungkinan yang merugikan. Bagaimana jika kemungkinan yang dihadapi dapat memberikan keuntungan yang sangat besar sedangkan kalaupun rugi hanya kecil sekali? Misalnya membeli loterei. Jika beruntung maka akan mendapat hadiah yang sangat besar tetapi jika tidak beruntung uang yang digunakan membeli loterei relatif kecil.Apakah ini juga tergolong Risiko? jawabannya adalah hal ini juga tergolong risiko. Selama mengalami kerugian walau sekecil apapun hal itu dianggap risiko.
[sunting] Kategori risiko
Risiko dapat dikategorikan ke dalam dua bentuk :
1. risiko spekulatif, dan2. risiko murni.
[sunting] Risiko spekulatif
Risiko spekulatif adalah suatu keadaan yang dihadapi perusahaan yang dapat memberikan keuntungan dan juga dapat memberikan kerugian.
Risiko spekulatif kadang-kadang dikenal pula dengan istilah risiko bisnis(business risk). Seseorang yang menginvestasikan dananya disuatu tempat menghadapi dua kemungkinan. Kemungkinan pertama investasinya menguntungkan atau malah investasinya merugikan. Risiko yang dihadapi seperti ini adalah risiko spekulatif. Risiko spekulatif adalah suatu keadaan yang dihadapi yang dapat memberikan keuntungan dan juga dapat menimbulkan kerugian.
[sunting] Risiko murni
Risiko murni (pure risk) adalah sesuatu yng hanya dapat berakibat merugikan atau tidak terjadi apa-apa dan tidak mungkin menguntungkan. Salah satu contoh adalah kebakaran, apabila perusahaan menderiat kebakaran,maka perusahaan tersebut akan menderita kerugian. kemungkinan yang lain adalah tidak terjadi kebakaran. Dengan demikian kebakaran hanya menimbulkan kerugian, bukan menimbulkan keuntungan, kecuali ada kesengajaan untuk membakar dengan maksud-maksud tertentu. Risiko murni adalah sesuatu yang hanya dapat berakibat merugikan atau tidak terjadi apa-apa dan tidak mungkin menguntungkan. Salah satu cara menghindarkan risiko murni adalah dengan asuransi. Dengan demikian besarnya kerugian dapat diminimalkan. itu sebabnya risiko murni kadang dikenal dengan istilah risiko yang dapat diasuransikan ( insurable risk ).
Perbedaan utama antara risiko spekulatif dengan risiko murni adalah kemungkinan untung ada atau tidak, untuk risiko spekulatif masih terdapat kemungkinan untung sedangkan untuk risiko murni tidak dapat kemungkinan untung.
[sunting] Lihat pula
Tata kelola perusahaan
[sunting] Referensi
1. ^ a b c d Sadgrove, Kid. 2005. The Complete Guide to Business Risk Management. Gower Publishing Limited: Burlington.
[sunting] Bacaan lanjutan
(Inggris) Alexander, Carol and Sheedy, Elizabeth (2004). The Professional Risk Managers' Handbook: A Comprehensive Guide to Current Theory and Best Practices (1st ed.). Wilmington, DE: PRMIA Publications. ISBN 0-9766097-0-3.
(Inggris) Crockford, Neil (1986). An Introduction to Risk Management (2nd ed.). Woodhead-Faulkner. 0-85941-332-2.
(Inggris) Dorfman, Mark S. (1997). Introduction to Risk Management and Insurance (6th ed.). Prentice Hall. ISBN 0-13-752106-5.
(Inggris) Gorrod, Martin (2003). Risk Management Systems: Technology Trends (Finance & Capital Markets). Palgrave Macmillan. ISBN 1-4039-1617-9.
(Inggris) Lam, James (2003). Enterprise Risk Management: From Incentives to Controls. John Wiley. ISBN-13 978-0471430001.
(Inggris) Stulz, René M. (2003). Risk Management & Derivatives (1st ed.). Mason, Ohio: Thomson South-Western. ISBN 0-538-86101-0.
(Inggris) Thomsett, Rob (2002). Radical project management. Upper Saddle River, NJ: Prentice Hall PTR. ISBN 0-13-009486-2.
(Inggris) van Deventer, Donald R., Kenji Imai and Mark Mesler (2004). Advanced Financial Risk Management: Tools & Techniques for Integrated Credit Risk and Interest Rate Risk Management. John Wiley. ISBN13 978-0470821268.
http://id.wikipedia.org/wiki/Manajemen_risiko
The Risk Management System
Successful risk management is based on a systematic approach: the risk management system. An approach that originally was developed in quality management serves well for designing a risk management system. It is the process approach of Plan - Do - Check - Act or short PDCA model.
The PDCA approach to risk management distinguishes four steps:
PLAN: The PLAN step is about establishing a risk management policy, objectives, targets, processes and procedures relevant to managing risks.
DO: The DO step is implementing and operating what was planned, i.e. risk management policy, controls, processes and procedures.
CHECK: Is the risk management system effective and efficient? The CHECK step is about auditing the risk management system performance against policy, objectives, and practical experience.
ACT: On any audit findings of the CHECK step the ACT step takes corrective and preventive actions in order to achieve continuous improvement of the risk management system.
http://www.noweco.com/risk/riske12.htm
ISO 17799 / ISO 27000 require risk management
ISO 17799 / ISO 27000 provide information on how to ensure information security. ISO 17799 / ISO 27000 describe a management framework that shall be applied.
ISO 17799 / ISO 27000 require to establish an organisation's approach to information security risk management.
These three elements in risk management as mentioned in ISO 17799 / ISO 27000 mean:
Risk Identification and Assessment: ISO 17799 / BS 7799 require to justify the appropriateness of assessment approach, tools and techniques chosen. The following risk assessment details should be documented:- the valuation of the assets- identification of risks (threats and vulnerabilities)- assessment of likelihood and consequences of risks occurring- risk calculation.
Risk treatment plan: The risk treatment plan coordinates the treatments to reduce risks and implement controls required to protect information. It shows the decision whether to accept a risk, transfer it or reduces its likelihood or consequence. Further, the risk treatment plan will provide information on the risk treatment methods as selected, controls (which are in place and which are proposed) and the schedule of implementing treatments and controls.
Risk treatment: The risk treatment is the step to implement all treatments and controls as set out in the risk treatment plan
Enterprise Risk Register® and ISO 17799 / ISO 27000
Enterprise Risk Register® is a valuable software that assists you in meeting the requirements of ISO 17799 / ISO 27000. It allows you to collect, assess, report risks and respond to risks by implementing and managing appropriate treatments.
Enterprise Risk Register® assists you to collect all risks identified in your security management in its risk log or risk register. It helps you to provide consistency across the ISO 17799 project and even the entire organisation.
Enterprise Risk Register® supports qualitative risk assessments and provides the ability to record, sort and filter data by all its characteristics.
And Enterprise Risk Register® allows you to collect treatments against the risks and analyse the effect of implementing the treatments. This way it demonstrates successful risk management leading to cost reduction
http://www.noweco.com/risk/riske13.htm
Basel II - A brief overview
In terms of risks the business of financial institutions can be described as management of credit, market, liquidity and operational risks. Recent instabilities in the financial sector lead to the development of Basel II - the new Capital Accord that targets at internal control systems and management within banks. Solvency II is an equivalent for insurance companies.
The requirements of Basel II (and Solvency II analog) are put into three so-called pillars:
Minimum Capital Requirements: These are rules to calculate required capital. The required capital is based on market risks (risk of adverse price movements), credit risks (risk that a borrower might not honour his contractual obligations), and operational risks (risk of loss resulting from inadequate internal processes or external effects).
Supervisory Review Process: Banks shall ensure to have sound internal processes to assess adequacy of capital based on risk evaluation.
Enhanced Disclosure: It aims to provide market discipline in form of disclosure requirements that are intended to provide information about a bank's exposure to risks.
The Basel II impact on non-financial organisations
Basel II developed for the financial institutions has an indirect impact on non-financial business. Basel II refers to market, credit, liquidity and operational risks of banks. These risks are carried over to the clients of the bank. When they interact with their clients, the banks assess the risk of such interaction. Finally, when the client can proof to the bank that they do not put the bank business at risk, they quality for better conditions, e.g. pay less for a bank loan.
Conclusion: Basel II makes it necessary for all businesses to establish a risk management system by which the risk situation can be shown to a bank.
Basel II and
Enterprise Risk Register® is a valuable tools to improve the risk management in a cost efficient way. It can help you getting better risk ratings by your bank.
Enterprise Risk Register® assists you to collect all risks identified in its risk log or risk register. It helps you to provide consistency across a project and even the entire organisation.
Enterprise Risk Register® supports qualitative risk assessments and provides the ability to record, sort and filter data by all its characteristics.
And Enterprise Risk Register® allows you to collect treatments against the risks and analyse the effect of implementing the treatments. This way it demonstrates successful risk management leading to cost reduction.
http://www.noweco.com/risk/riske14.htm
Sarbanes-Oxley Act - A brief overview
The Sarbanes-Oxley Act concentrates on improving the accuracy and reliability of corporate disclosures. Its legislation requires companies to develop a system for continuous evaluation of both internal and external influences on business performance.
The Sarbanes-Oxley Act contains three main requirements:
The effectiveness of the internal control structure and procedures can be demonstrated by employing risk management with the purpose of minimising the risk of financial reporting errors.
Internal controls target at:
effectiveness and efficiency of operations reliability of financial reporting compliance with applicable laws and regulations
Risk management is an essential part of internal control over these objectives.
Sarbanes-Oxley Act and Enterprise Risk Register®
Enterprise Risk Register® is a valuable tools to improve the risk management in a cost efficient way. It assists you in mitigating risks related to internal controls.
Enterprise Risk Register® assists you to collect all risks identified in its risk log or risk register. It helps you to provide consistency across a project and even the entire organisation.
Enterprise Risk Register® supports qualitative risk assessments and provides the ability to record, sort and filter data by all its characteristics.
And Enterprise Risk Register® allows you to collect treatments against the risks and analyse the effect of implementing the treatments. This way it demonstrates successful risk management leading to cost reduction.
http://www.noweco.com/risk/riske15.htm
COSO - A brief overview
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) issued "Internal Control - Integrated Framework" to help businesses assess and enhance their internal control systems. COSO initiated a project to develop a framework for an organisation's enterprise risk management.
For achieving goals always means to take risks, management has to establish a strategy with objectives to get an optimal balance between achieving goals and related risks. An enterprise risk management comprises:
Match risk appetite (acceptable risk with regard to goals) with strategy Improvement of risk response decisions Reduction of operational losses Identification of multiple and cross-enterprise risks Identification of opportunities Improved deployment of capital.
COSO determines eight interrelated components of an enterprise risk management:
COSO and Enterprise Risk Register®
Enterprise Risk Register® is a valuable tools to improve the risk management in a cost efficient way. It can assist you in your efforts to implement the COSO approach.
Enterprise Risk Register® assists you to collect all risks identified in its risk log or risk register. It helps you to provide consistency across a project and even the entire organisation.
Enterprise Risk Register® supports qualitative risk assessments and provides the ability to record, sort and filter data by all its characteristics.
And Enterprise Risk Register® allows you to collect treatments against the risks and analyse the effect of implementing the treatments. This way it demonstrates successful risk management leading to cost reduction.
http://www.noweco.com/risk/riske16.htm
PRINCE2 - A brief overview
The Office of Government Commerce in the UK developed a project management methodology called PRINCE2 (Projects IN Controlled Environments). PRINCE2 is a structured method for effective project management. It is widely recognised both in the UK and internationally.
PRINCE2 is a process-based approach for project management. Each of its eight processes is defined in terms of input, process, output together with the specific objectives:
Starting up a Project: This process is about team building and setting up a project framework.
Directing a Project: The project manager will control the project which is supervised by the project board.
Initiating a Project: The process results in a project initiation document which includes details on cost estimation, schedule and resources. The project initiation document needs approval by the project board.
Planning: The planning process which is essentially about cost, schedule, time, resources and risks.
Controlling a Stage: Projects are broken down into stages of which each single project stage must be completed before starting the next one. Stages are manageable units of a project.
Managing Stage Boundaries: The process manages the boundaries between two stages. The current stage is reviewed and the subsequent stage is planned.
Managing Product Delivery: Product means the outcome of a project. This process is to ensure that the product is completed and that completion is approved.
Closing a Project: This is the post project review.
The risk methodology employed by PRINCE2 is a risk register or risk log system. It is based on three principles:
PRINCE2 and Enterprise Risk Register®
Enterprise Risk Register® is a valuable tools to improve the risk management in a cost efficient way - whether your project management follows the PRINCE2 approach or any other.
Enterprise Risk Register® assists you to collect all risks identified in its risk log or risk register. It helps you to provide consistency across a project and even the entire organisation.
Enterprise Risk Register® supports qualitative risk assessments and provides the ability to record, sort and filter data by all its characteristics.
And Enterprise Risk Register® allows you to collect treatments against the risks and analyse the effect of implementing the treatments. This way it demonstrates successful risk management leading to cost reduction.
http://www.noweco.com/risk/riske17.htm
KonTraG - A brief overview
In Germany the "Act on Control and Transparency in Enterprises"(KonTraG) was introduced as part of the responsibilities of the management. The boards of public limited companies have to ensure that an adequate risk management is established and risk to the organisation are part of reporting.
KonTraG is not very specific about risk management. What it states is that:
risk management has to be performed. risks have to be uncovered in a way that management has sufficient time to take
appropriate action. risk management has to applied on corporate objectives to allow a prosperous
development of the business.
KonTraG itself is behind modern risk management theory. However, the objective is clear: risk management shall provide an improved 'true and fair view' on the financial situation of an organisation. Next to this formal risk management requirements organisations will have to establish a modern risk management. The objective should be to collect risk in the same way as costs: enterprise-wide. In general the risk management system can follow a process approach such as the Plan - Do - Check - Act principle:
KonTraG and Enterprise Risk Register®
Enterprise Risk Register® is a valuable tools to improve the risk management in a cost efficient way.
Enterprise Risk Register® assists you to collect all risks identified in its risk log or risk register. It helps you to provide consistency across a project and even the entire organisation.
Enterprise Risk Register® supports qualitative risk assessments and provides the ability to record, sort and filter data by all its characteristics.
And Enterprise Risk Register® allows you to collect treatments against the risks and analyse the effect of implementing the treatments. This way it demonstrates successful risk management leading to cost reduction.
http://www.noweco.com/risk/riske18.htm
AS/NZS 4360 - A brief overview
AS/NZS 4360 is a generic guide for risk management so that it applies to all forms of organizations. Risk management" is defined as 'the culture, processes and structures that are directed towards realizing potential opportunities whilst managing adverse effects.'
The model of the risk management process AS/NZS 4360 consists of three major elements. The risk management workflow, monitor and review, and finally communication and consult. The later two continuously interact with the steps of the risk management workflow.
The elements of the AS/NZS 4360 risk management process in more detail:
Establish the Context: It is necessary to fully understand the external and internal aspects of the organisation or organisational part which is subject to risk management.
Identify Risks: This step shall uncover risks, their location, timeframe, root causes, and scenarios.
Analyse Risks: The output of risk analysis is the likelihood of a risk and the consequence in case of risk occurrence.
Evaluate Risks: Risk analysis provides an outcome which is basis for decision making which risks need treatments and in which priority.
Treat Risks: Treatments are responses to risks. Alternative treatments need to be identified, assessed, selected, planned, and implemented.
Monitor and Review: This step shall ensure that the risk management plan remains relevant and all input data, including likelihood and consequence, are up-to-date. Monitor and review relates to all of the above five elements of the risk management workflow.
Communication and Consult: Successful risk management relies on communication with all stakeholders. Communication will improve the level of understanding and treating risks. Communication is important throughout the entire risk management cycle.
AS/NZS 4360 and Enterprise Risk Register®
Enterprise Risk Register® is a valuable tools to improve the risk management in a cost efficient way.
Enterprise Risk Register® assists you to collect all risks identified in its risk log or risk register. It helps you to provide consistency across a project and even the entire organisation.
Enterprise Risk Register® supports qualitative risk assessments and provides the ability to record, sort and filter data by all its characteristics.
And Enterprise Risk Register® allows you to collect treatments against the risks and analyse the effect of implementing the treatments. This way it demonstrates successful risk management leading to cost reduction.
http://www.noweco.com/risk/riske19.htm
'Risk Management Standard' - A brief overview
Risk Management Standard was developed by the major risk management organisations in the UK: The Institute of Risk Management (IRM),The Association of Insurance and Risk Managers (AIRMIC), and ALARM The National Forum for Risk Management in the Public Sector. The risk management process flow consists of the following elements:
The Organisation's Strategic Objectives: All risk management activities finally have to meet the strategy of the organisation.
Risk Identification: As first of three elements of risk assessment risk identification is the step to uncover risks.
Risk Description: The second element of risk assessment is risk description. Its objective is to display the identified risks in a structured format.
Risk Estimation: The third element of risk assessment is risk estimation. It provides values for probability of a risk and consequence in case of risk occurrence.
Risk Evaluation: Risk Evaluation is about preparing for responding to risks. The risk estimation is compared against risk criteria to analyse whether the risk is accepted or requires any treatment.
Risk Reporting: There are different requirements on reporting depending on the level inside (internal reporting) or outside (external reporting) the organisation.
Decision: In this step a decision is made about whether and how to respond to a risk. Risk Treatment: Risk treatment is about selecting and implementing treatments
against risks. Residual Risk Reporting: A specific part of risk reporting is residual risk reporting.
It reports the progress made by mitigating the risk. Monitoring: The monitoring step loops back via modifications to the previous steps.
It is the loop of improvement and update.
The 'Risk Management Standard' adds a formal audit to ensure that the risk management process is performed as planned.
Policy, Roles and Responsibilities in 'Risk Management Standard'
In order to structure and administer the risk management system 'Risk Management Standard' comments on the risk management policy, roles and responsibilities of participants in the risk management process, and resources and implementation.
'Risk Management Standard' and Enterprise Risk Register®
Enterprise Risk Register® is a valuable tools to improve the risk management in a cost efficient way.
Enterprise Risk Register® assists you to collect all risks identified in its risk log or risk register. It helps you to provide consistency across a project and even the entire organisation.
Enterprise Risk Register® supports qualitative risk assessments and provides the ability to record, sort and filter data by all its characteristics.
And Enterprise Risk Register® allows you to collect treatments against the risks and analyse the effect of implementing the treatments. This way it demonstrates successful risk management leading to cost reduction.
http://www.noweco.com/risk/riske20.htm
