The implementation of Good Corporate Governance (GCG) in the Company is not only an obligation but also a necessity for the company to maintain transparency and accountability to all Stakeholders. The Company implements Risk Management based on Enterprise Risk Management (ERM) principles which are divided into three main focuses, namely the main focus, such as Risk Awareness, corporate governance, and habits and culture. In addition, the implementation of Risk Management is also carried out by referring to ISO 31000-2018 which includes:
1. Komunikasi dan konsultasi
Komunikasi dan konsultasi dilakukan untuk memfasilitasi penerapan Enterprise Risk Management yang efektif, baik secara top down maupun bottom up. Salah satu bentuk komunikasi dan konsultasi adalah dalam pengelolaan dan mitigasi risiko, di mana Risk Owner berkonsultasi dengan Fungsi Risk Management untuk melakukan Update Risk Register dan menyampaikan laporan pengelolaan risiko Fungsi/Area/Proyek secara triwulanan, serta dalam pelaksanaan evaluasi mitigasi tiap semester untuk memperbaiki dan meningkatkan cara atau metode yang telah dijalankan agar terjadi perbaikan untuk menurunkan tingkat risiko dalam upaya mencapai sasaran kerja yang direncanakan sampai akhir tahun dan pengelolaan risiko di tahun berikutnya.
2. Menentukan ruang lingkup, konteks, dan kriteria Tujuan penetapan ruang lingkup, konteks dan
kriteria adalah untuk menyesuaikan proses Enterprise Risk Management, membuat penilaian risiko efektif dan pengendalian risiko yang sesuai serta menetapkan parameter-parameter yang relevan dengan Perusahaan, baik internal maupun eksternal yang digunakan dalam Pengelolaan Risiko terutama dalam rangka menetapkan ruang lingkup dan Kriteria Risiko.
3. Penilaian risiko (identifikasi risiko, analisis risiko, dan evaluasi risiko)
Penilaian Risiko adalah proses yang dilakukan untuk mengidentifikasi, menganalisis dan mengevaluasi Risiko. Risiko didasarkan pada visi-misi, Rencana Jangka Panjang Perusahaan (RJPP), Rencana Kerja Anggaran Perusahaan (RKAP), Key Performance Indicator (KPI) dan sasaran unit kerja. Risk Owner bertanggung jawab terhadap seluruh aktivitas Ongoing Business dan Business Development yang sedang terjadi pada masing-masing Fungsi, Area, atau Proyek.
1. Communication and consultation
Communication and consultation is carried out to facilitate the effective implementation of Enterprise Risk Management, both top down and bottom up.
One form of communication and consultation is in Risk Management and mitigation, where the Risk Owner consults the Risk Management Function to Update the Risk Register and submit quarterly Functions/Area/Project Risk Management reports, as Well as in implementing mitigation evaluations every semester to improve and improve methods or methods that have been implemented so that improvements can occur to reduce the level of Risk in an effort to achieve work targets planned until the end of the year and Risk Management in the following year.
2. Determine the scope, context, and criteria
The purpose of determining the scope, context and criteria is to adjust the Enterprise Risk Management process, make an effective Risk assessment and appropriate Risk control and establish relevant parameters to the Company, both internally and externally which are used in Risk Management, especially in determining the scope and Risk Criteria.
3. Risk assessment (Risk identification, Risk analysis, and Risk evaluation)
Risk Assessment is a process carried out to identify, analyze and evaluate Risks. Risk is based on the vision and mission, the Company Long Term Plan (RJPP), the Company Budget Work Plan (RKAP), Key Performance Indicators (KPI) and work unit goals.
The Risk Owner is responsible for all Ongoing Business and Business Development activities that are taking place in each Function, Area, or Project.
4. Penanganan risiko
Penanganan Risiko dilakukan untuk menyeleksi satu atau lebih alternatif metode atau pendekatan yang digunakan untuk mengurangi dampak risiko. Pelaksanaan mitigasi risiko yang sudah direncanakan untuk risiko-risiko Ongoing Business maupun Business Development akan dilakukan monitoring, salah satunya melalui War Room mingguan di Kantor Pusat PGE.
5. Pemantauan dan kaji ulang
Pelaksanaan pemantauan dan kaji ulang meliputi pemantauan berkelanjutan dan peninjauan secara berkala oleh para Pemilik Risiko (Risk Owner) dan fungsi terkait terhadap efektivitas proses Enterprise Risk Management yang diberlakukan dan efektivitas pelaksanaan Penanganan Risiko untuk disempurnakan secara berkesinambungan.
Salah satu implementasi dalam kegiatan pemantauan dan kaji ulang adalah pada proses monitoring risiko di mana laporan triwulan yang telah disusun oleh Risk Owner Fungsi/Area/
Proyek akan di-review kembali oleh Fungsi Risk Management untuk dibuatkan Laporan Triwulan Profil Risiko Korporasi, yang dilaporkan kepada Direksi dalam Rapat Komite Manajemen Risiko (RKMR), dilanjutkan pelaporan kepada Dewan Komisaris PGE.
6. Pencatatan dan pelaporan
Proses Enterprise Risk Management dan hasilnya didokumentasikan dan dilaporkan melalui mekanisme yang sesuai. Hasil evaluasi dalam Rapat Komite Manajemen Risiko (RKMR) digunakan sebagai feedback oleh Fungsi Risk Management untuk memberikan masukan lebih lanjut kepada Risk Owner Fungsi/Area/Proyek, dan menjadi dasar bagi Fungsi Internal Audit untuk melakukan Risk Based Audit (RBA) terhadap implementasi manajemen risiko di Fungsi/Area/
Proyek.
4. Risk Management
Risk Management is carried out to select one or more alternative methods or approaches used to reduce the impact of Risk. The implementation of Risk mitigation that has been planned for both Ongoing Business and Business Development Risks will be monitored, one of which is through the weekly War Room at PGE Head Office.
5. Monitoring and review
The implementation of monitoring and review includes continuous monitoring and periodic reviews by Risk Owners and related functions of the effectiveness of the Enterprise Risk Management process in effect and the effectiveness of the implementation of Risk Management for continuous improvement.
One of the implementations in monitoring and review activities is the Risk monitoring process where the quarterly reports prepared by the Risk Owner Function/Area/Project will be reviewed by the Risk Management Function to produce a Corporate Risk Profile Quarterly Report, which is reported to the Board of Directors at Committee Meetings. Risk Management (RKMR), followed by reporting to the PGE Board of Commissioners.
6. Recording and reporting
The Enterprise Risk Management process and its results are documented and reported through an appropriate mechanism. The evaluation results at the Risk Management Committee Meeting (RKMR) are used as feedback by the Risk Management Function to provide further input to the Risk Owner Function/Area/Project, and become the basis for the Internal Audit Function to conduct Risk Based Audit (RBA) on Risk Management implementation in Functions/Areas/Projects.
Proses Enterprise Risk Management Enterprise Risk Management Process