Project Risk Management

Mitigation of Operational Risk

Project Management Framework

“Information Technology Project Management”, Kathy Schwalbe, 2012

Project Integration Management

The Importance of Project Risk Management

• P ro je c t ris k m a n a g e m e n t is th e a rt a n d s c ie n c e o f id e n tify in g , a n a ly z in g , a n d re s p o n d in g to ris k

th ro u g h o u t th e life o f a p ro je c t a n d in th e b e s t in te re s ts o f m e e tin g p ro je c t o b je c tiv e s

• R is k m a n a g e m e n t is o fte n o v e rlo o k e d in p ro je c ts , b u t it c a n h e lp im p ro v e p ro je c t s u c c e s s b y h e lp in g s e le c t g o o d p ro je c ts , d e te rm in in g p ro je c t s c o p e , a n d d e v e lo p in g re a lis tic e s tim a te s

Research Shows Need to Improve Project Risk Management

• S tu d y b y Ib b s a n d K w a k s h o w s ris k h a s th e lo w e s t m a tu rity ra tin g o f a ll k n o w le d g e a re a s

• A s im ila r s u rv e y w a s c o m p le te d w ith s o ftw a re

d e v e lo p m e n t c o m p a n ie s in M a u ritiu s , S o u th A fric a in 2 0 0 3 , a n d ris k m a n a g e m e n t a ls o h a d th e

lo w e s t m a tu rity

• K L C I s tu d y s h o w s th e b e n e fits o f fo llo w in g g o o d s o ftw a re ris k m a n a g e m e n t p ra c tic e s

Table 11-1. Project Management Maturity by Industry Group and Knowledge Area*

KEY: 1 = LOWEST MATURITY RATING 5 = HIGHEST MATURITY RATING

Knowledge Area

Engineering/

Construction

Telecommunications Information Systems

Hi-Tech

Manufacturing

Scope 3.52 3.45 3.25 3.37

Time 3.55 3.41 3.03 3.50

Cost 3.74 3.22 3.20 3.97

Quality 2.91 3.22 2.88 3.26

Human Resources 3.18 3.20 2.93 3.18

Communications 3.53 3.53 3.21 3.48

Risk 2.93 2.87 2.75 2.76

Procurement 3.33 3.01 2.91 3.33

*Ibbs, C. William and Young Hoon Kwak. “Assessing Project Management Maturity,” Project Management Journal (March 2000).

Figure 11-1. Benefits from Software Risk Management Practices*

Media Snapshot

• Many people around the world suffered from financial losses as various financial markets dropped in the fall of 2008, even after the $700 billion bailout bill was passed by the U.S. Congress

• According to a global survey of 316 financial services executives, more than 70

percent of respondents believed that the losses stemming from the credit crisis were largely due to failures to address risk management issues

• They identified several challenges in implementing risk management, including data and company culture issues

Negative Risk

• A dictionary definition of risk is “ the possibility of loss or injury ”

• Negative risk involves understanding potential problems that might occur in the project and how they might impede project success

• Negative risk management is like a form of insurance; it is an

investment

Risk Can Be Positive

• Positive risks are risks that result in good things happening;

sometimes called opportunities

• A general definition of project risk is an uncertainty that can have a negative or positive effect on meeting project objectives

• The goal of project risk management is to minimize potential

negative risks while maximizing potential positive risks

Best Practice

• Some organizations make the mistake of only addressing tactical and negative risks when performing project risk management

• David Hillson (www.risk-doctor.com) suggests overcoming this problem by widening the scope of risk management to

encompass both strategic risks and upside opportunities, which

he refers to as integrated risk management

Risk Utility

• Risk utility or risk tolerance is the amount of satisfaction or pleasure received from a potential payoff

– Utility ris e s a t a d e c re a s in g ra te fo r p e o p le w h o a re ris k -a v e rs e

– Th o s e w h o a re ris k -s e e k in g h a v e a h ig h e r to le ra n c e fo r ris k , a n d th e ir s a tis fa c tio n in c re a s e s w h e n m o re p a y o ff is a t s ta k e

– Th e ris k -n e u tra l a p p ro a c h a c h ie v e s a b a la n c e b e tw e e n ris k a n d p a y o ff

Figure 11-2. Risk Utility Function

and Risk Preference

Risk Management Process

“Software Risk Management”, Boehm, 1989

Project Risk Management Processes

• Planning risk management: d e c id in g h o w to a p p ro a c h a n d p la n th e ris k m a n a g e m e n t a c tiv itie s fo r th e p ro je c t

• Identifying risks: d e te rm in in g w h ic h ris k s a re lik e ly to a ffe c t a p ro je c t a n d d o c u m e n tin g th e

c h a ra c te ris tic s o f e a c h

• Performing qualitative risk analysis: p rio ritiz in g ris k s b a s e d o n th e ir p ro b a b ility a n d im p a c t o f o c c u rre n c e

Project Risk Management Processes (continued)

• Performing quantitative risk analysis: n u m e ric a lly e s tim a tin g th e e ffe c ts o f ris k s o n p ro je c t o b je c tiv e s

• Planning risk responses: ta k in g s te p s to e n h a n c e

o p p o rtu n itie s a n d re d u c e th re a ts to m e e tin g p ro je c t o b je c tiv e s

• Monitoring and controlling risks: m o n ito rin g id e n tifie d a n d

re s id u a l ris k s , id e n tify in g n e w ris k s , c a rry in g o u t ris k re s p o n s e p la n s , a n d e v a lu a tin g th e e ffe c tiv e n e s s o f ris k s tra te g ie s th ro u g h o u t th e life o f th e p ro je c t

Figure 11-3. Project Risk

Management Summary

Risk Management Planning

• The main output of risk management planning is a risk

management plan, a plan that documents the procedures for managing risk throughout a project

• The project team should review project documents and

understand the organization ’ s and the sponsor ’ s approaches to risk

• The level of detail will vary with the needs of the project

Table 11-2. Topics Addressed in a Risk Management Plan

• Methodology

• Roles and responsibilities

• Budget and schedule

• Risk categories

• Risk probability and impact

Contingency and Fallback Plans, Contingency Reserves

• Contingency plans are predefined actions that the project team will take if an identified risk event occurs

• Fallback plans are developed for risks that have a high impact on meeting project objectives and are put into effect if attempts to reduce the risk are not effective

• Contingency reserves or allowances are provisions held by the project sponsor or organization to reduce the risk of cost or schedule overruns to an acceptable level

Common Sources of Risk in

Information Technology Projects

• S e v e ra l s tu d ie s s h o w th a t IT p ro je c ts s h a re s o m e c o m m o n s o u rc e s o f ris k

• Th e S ta n d is h Gro u p d e v e lo p e d a n IT s u c c e s s p o te n tia l s c o rin g s h e e t b a s e d o n p o te n tia l ris k s

• Oth e r b ro a d c a te g o rie s o f ris k h e lp id e n tify p o te n tia l ris k s

Table 11-3. Information

Technology Success Potential Scoring Sheet

Success Criterion Relative Importance

User Involvement 19

Executive Management support 16 Clear Statement of Requirements 15

Proper Planning 11

Realistic Expectations 10 Smaller Project Milestones 9

Competent Staff 8

Ownership 6

Clear Visions and Objectives 3 Hard-Working, Focused Staff 3

Total 100

Broad Categories of Risk

• Market risk

• Financial risk

• Technology risk

• People risk

• Structure/process risk

What Went Wrong?

• K P M G, a la rg e c o n s u ltin g firm , p u b lis h e d a s tu d y in 1995 th a t fo u n d th a t 55 p e rc e n t o f runaway

p ro je c ts —p ro je c ts th a t h a v e s ig n ific a n t c o s t o r s c h e d u le o v e rru n s —d id no risk m a n a g e m e n t a t a ll, 3 8 p e rc e n t d id s o m e (b u t h a lf d id n o t u s e th e ir

ris k fin d in g s a fte r th e p ro je c t w a s u n d e rw a y ), a n d 7 p e rc e n t d id n o t k n o w w h e th e r th e y d id ris k

m a n a g e m e n t o r n o t

• Th e tim in g o f ris k m a n a g e m e n t is a ls o a n im p o rta n t c o n s id e ra tio n

Risk Breakdown Structure

• A risk breakdown structure is a hierarchy of potential risk categories for a project

• Similar to a work breakdown structure but used to identify and

categorize risks

Figure 11-4. Sample Risk

Breakdown Structure

Table 11-4. Potential Negative Risk Conditions Associated with Each Knowledge Area

Identifying Risks

• Identifying risks is the process of understanding what potential events might hurt or enhance a particular project

• Risk identification tools and techniques include:

– Brainstorming

– The Delphi Technique – Interviewing

– SWOT analysis

Brainstorming

• Brainstorming is a te c h n iqu e b y w h ic h a g ro u p

a tte m p ts to g e n e ra te id e a s o r fin d a s o lu tio n fo r a s p e c ific p ro b le m b y a m a s s in g id e a s

s p o n ta n e o u s ly a n d w ith o u t ju d g m e n t

• A n e xp e rie n c e d fa c ilita to r s h o u ld ru n th e b ra in s to rm in g s e s s io n

• Be c a re fu l n o t to o v e ru s e o r m is u s e b ra in s to rm in g

– Psychology literature shows that individuals produce a greater number of ideas working alone than they do through brainstorming in small, face-to-face groups – Group effects often inhibit idea generation

Delphi Technique

• Th e Delphi Technique is u s e d to d e riv e a c o n s e n s u s a m o n g a p a n e l o f e xp e rts w h o m a k e p re d ic tio n s a b o u t fu tu re d e v e lo p m e n ts

• P ro v id e s in d e p e n d e n t a n d a n o n y m o u s in p u t re g a rd in g fu tu re e v e n ts

• Us e s re p e a te d ro u n d s o f qu e s tio n in g a n d w ritte n re s p o n s e s a n d a v o id s th e b ia s in g e ffe c ts

p o s s ib le in o ra l m e th o d s , s u c h a s b ra in s to rm in g

Interviewing

• Interviewing is a fact-finding technique for collecting information in face-to-face, phone, e-mail, or instant-messaging discussions

• Interviewing people with similar project experience is an

important tool for identifying potential risks

SWOT Analysis

• SWOT analysis (strengths, weaknesses, opportunities, and threats) can also be used during risk identification

• Helps identify the broad negative and positive risks that apply to

a project

Risk Register

• The main output of the risk identification process is a list of identified risks and other information needed to begin creating a risk register

• A risk register is:

– A document that contains the results of various risk management processes and that is often displayed in a table or spreadsheet format

– A tool for documenting potential risk events and related information

• Risk events refer to specific, uncertain events that may occur to the detriment or enhancement of the project

Risk Register Contents

• An identification number for each risk event

• A rank for each risk event

• The name of each risk event

• A description of each risk event

• The category under which each risk event falls

• The root cause of each risk

Risk Register Contents (continued)

• Triggers for each risk; triggers are indicators or symptoms of actual risk events

• Potential responses to each risk

• The risk owner or person who will own or take responsibility for each risk

• The probability and impact of each risk occurring

• The status of each risk

Table 11-5. Sample Risk

Register

Performing Qualitative Risk Analysis

• Assess the likelihood and impact of identified risks to determine their magnitude and priority

• Risk quantification tools and techniques include:

– P ro b a b ility /im p a c t m a trixe s

– Th e To p Te n R is k Ite m Tra c k in g – Exp e rt ju d g m e n t

Probability/Impact Matrix

• A probability/impact matrix o r chart lis ts th e re la tiv e

p ro b a b ility o f a ris k o c c u rrin g o n o n e s id e o f a

m a trix o r a xis o n a c h a rt a n d th e re la tiv e im p a c t o f th e ris k o c c u rrin g o n th e o th e r

• L is t th e ris k s a n d th e n la b e l e a c h o n e a s h ig h , m e d iu m , o r lo w in te rm s o f its p ro b a b ility o f

o c c u rre n c e a n d its im p a c t if it d id o c c u r

• C a n a ls o c a lc u la te risk factors

– Numbers that represent the overall risk of specific events based on their probability of occurring and the consequences to the project if they do occur

Figure 11-5. Sample

Probability/Impact Matrix

Figure 11-6. Chart Showing High-,

Medium-, and Low-Risk Technologies

Top Ten Risk Item Tracking

• Top Ten Risk Item Tracking is a qu a lita tiv e ris k a n a ly s is to o l th a t h e lp s to id e n tify ris k s a n d m a in ta in a n a w a re n e s s o f ris k s th ro u g h o u t th e life o f a

p ro je c t

• Es ta b lis h a p e rio d ic re v ie w o f th e to p te n p ro je c t ris k ite m s

• L is t th e c u rre n t ra n k in g , p re v io u s ra n k in g ,

n u m b e r o f tim e s th e ris k a p p e a rs o n th e lis t o v e r a p e rio d o f tim e , a n d a s u m m a ry o f p ro g re s s

m a d e in re s o lv in g th e ris k ite m

Table 11-6. Example of Top Ten Risk Item

Tracking

Watch List

• A watch list is a list of risks that are low priority but are still identified as potential risks

• Qualitative analysis can also identify risks that should be

evaluated on a quantitative basis

Performing Quantitative Risk Analysis

• Often follows qualitative risk analysis, but both can be done together

• Large, complex projects involving leading edge technologies often require extensive quantitative risk analysis

• Main techniques include:

– De c is io n tre e a n a ly s is – S im u la tio n

– S e n s itiv ity a n a ly s is

Decision Trees and Expected Monetary Value (EMV)

• A decision tree is a diagramming analysis technique used to help select the best course of action in situations in which future

outcomes are uncertain

• Estimated monetary value (EMV) is the product of a risk event probability and the risk event ’ s monetary value

• You can draw a decision tree to help find the EMV

Figure 11-7. Expected Monetary

Value (EMV) Example

Simulation

• S im u la tio n u s e s a re p re s e n ta tio n o r m o d e l o f a s y s te m to a n a ly z e th e e xp e c te d b e h a v io r o r

p e rfo rm a n c e o f th e s y s te m

• Monte Carlo analysis s im u la te s a m o d e l’s o u tc o m e

m a n y tim e s to p ro v id e a s ta tis tic a l d is trib u tio n o f th e c a lc u la te d re s u lts

• To u s e a M o n te C a rlo s im u la tio n , y o u m u s t h a v e th re e e s tim a te s (m o s t lik e ly , p e s s im is tic , a n d

o p tim is tic ) p lu s a n e s tim a te o f th e lik e lih o o d o f th e e s tim a te b e in g b e tw e e n th e m o s t lik e ly a n d

Steps of a Monte Carlo Analysis

1. A s s e s s th e ra n g e fo r th e v a ria b le s b e in g c o n s id e re d

2 . De te rm in e th e p ro b a b ility d is trib u tio n o f e a c h v a ria b le

3 . Fo r e a c h v a ria b le , s e le c t a ra n d o m v a lu e b a s e d o n th e p ro b a b ility d is trib u tio n

4. R u n a d e te rm in is tic a n a ly s is o r o n e p a s s th ro u g h th e m o d e l

5. R e p e a t s te p s 3 a n d 4 m a n y tim e s to o b ta in th e p ro b a b ility d is trib u tio n o f th e m o d e l’s re s u lts

Figure 11-8. Sample Monte Carlo

Simulation Results for Project Schedule

What Went Right?

• A la rg e a e ro s p a c e c o m p a n y u s e d M o n te C a rlo s im u la tio n to h e lp qu a n tify ris k s o n s e v e ra l

a d v a n c e d -d e s ig n e n g in e e rin g p ro je c ts , s u c h a s th e Na tio n a l A e ro s p a c e P la n (NA S P )

• Th e re s u lts o f th e s im u la tio n w e re u s e d to

d e te rm in e h o w th e c o m p a n y w o u ld in v e s t its in te rn a l re s e a rc h a n d d e v e lo p m e n t fu n d s

• S e e te xt fo r e xa m p le s o f h o w Ge n e ra l M o to rs , Eli L ily , a n d P ro c to r & Ga m b le u s e s im u la tio n s o ftw a re

Sensitivity Analysis

• Sensitivity analysis is a te c h n iqu e u s e d to s h o w th e e ffe c ts o f c h a n g in g o n e o r m o re v a ria b le s o n a n o u tc o m e

• Fo r e xa m p le , m a n y p e o p le u s e it to d e te rm in e w h a t th e m o n th ly p a y m e n ts fo r a lo a n w ill b e g iv e n

d iffe re n t in te re s t ra te s o r p e rio d s o f th e lo a n , o r fo r d e te rm in in g b re a k -e v e n p o in ts b a s e d o n d iffe re n t a s s u m p tio n s

• S p re a d s h e e t s o ftw a re , s u c h a s Exc e l, is a c o m m o n to o l fo r p e rfo rm in g s e n s itiv ity a n a ly s is

Figure 11-9. Sample Sensitivity Analysis

for Determining Break-Even Point

Planning Risk Responses

• After identifying and quantifying risks, you must decide how to respond to them

• Four main response strategies for negative risks

– R is k a v o id a n c e – R is k a c c e p ta n c e – R is k tra n s fe re n c e – R is k m itig a tio n

Table 11-7. General Risk Mitigation Strategies for Technical, Cost, and Schedule Risks

Response Strategies for Positive Risks

• Risk exploitation

• Risk sharing

• Risk enhancement

• Risk acceptance

Residual and Secondary Risks

• It ’ s also important to identify residual and secondary risks

• Residual risks are risks that remain after all of the response strategies have been implemented

• Secondary risks are a direct result of implementing a risk

response

Monitoring and Controlling Risks

• Involves executing the risk management process to respond to risk events

• Workarounds are unplanned responses to risk events that must be done when there are no contingency plans

• Main outputs of risk monitoring and control are:

– Risk register updates

– Organizational process assets updates – Change requests

– Updates to the project management plan and other project documents

Using Software to Assist in Project Risk Management

• Risk registers can be created in a simple Word or Excel file or as part of a database

• More sophisticated risk management software, such as Monte Carlo simulation tools, help in analyzing project risks

• You can purchase add-ons for Excel and Project 2007 to perform

simulations

Results of Good Project Risk Management

• Unlike crisis management, good project risk management often goes unnoticed

– P R M s e rin g te rja d i ta n p a d is a d a ri

• Well-run projects appear to be almost effortless, but a lot of work goes into running a project well

• Project managers should strive to make their jobs look easy to

reflect the results of well-run projects

Summary

• P ro je c t ris k m a n a g e m e n t is th e a rt a n d s c ie n c e o f id e n tify in g , a n a ly z in g , a n d re s p o n d in g to ris k th ro u g h o u t th e life o f a p ro je c t a n d in th e b e s t in te re s ts o f m e e tin g p ro je c t o b je c tiv e s

• M a in p ro c e s s e s in c lu d e :

– Plan risk management – Identify risks

– Perform qualitative risk analysis – Perform quantitative risk analysis – Plan risk responses

– Monitor and control risks

Mitigasi Risiko Operasional dan

Mitigasi Resiko pada Investigasi

Internal

Ilustrasi Risiko Operasional

• Pada akhir November 2001, seorang karyawan UBS Warburg, sebuah bank di Swiss, melakukan kesalahan dalam perdaganganb di Tokyo. Trader tersebut memasukkan order menjual saham Dentsu sebanyak 610.000 lembar dengan harga 16 yen perlembar saham, meskipun sistem komputer sudah menanyakan ulang order tersebut. Padahal dia seharusnya menjual 16 lembar saham Dentsu dengan harga 610.000 yen. Dengan demikian, dia menjual saham dengan harga terlalu murah. Sebagai akibatnya, UBS warburg mengalami kerugian US$ 50 juta

Pendahuluan

● Risiko Operasional terjadi karena masalah

operasional merupakan peristiwa kerugian yang dihadapi perusahaan saat kegiatan dimulai

bahkan sebelum dimulai.

● Masalas operasional tersebut misal memasang peralatan, menyusun sistem gaji, mengawasi karyawan, mengawasi kegiatan produksi, dan lain-lain.

Definisi Risiko Operasional

● Risiko operasional merupakan tipe risiko yang paling tua tetapi paling sedikit dipahami dibandingkan dengan tipe risiko lainnya.

● Contoh perusahaan sudah lama tahu ada risiko kesalahan pencatatan, kegagalan sistem komputer, ancaman teroris, serangan virus, pengawasan yang tidak memadai, dll.

● Perusahaan secara tidak langsung telah mengantisipasi risiko operasional tadi walaupun tidak dengan nama manajemen risiko. Misal perusahaan berusaha memperbaiki sistem, prosedur atau proses bisnis melalui manajemen kualitas

● Risiko operasional adalah segala kemungkinan kerugian yang akan dihadapi perusahaan berkaitan dengan kegiatan operasional perusahaan.

Jenis-Jenis Risiko

Operasional

● Kegagalan Proses Internal

merupakan risiko yang barkaitan dengan kegagalan proses atau prosedur internal perusahaan.

● Kegagalan mengelola SDM

Kerugian yang dihadapi oleh perusahaan yang dilakukan karyawan baik disengaja ataupun tidak disengaja.

● Risiko Eksternal

Berkaitan dengan kejadian yang bersumber dari luar organisasi dan diluar pengendalian organisasi.

● Risiko Sistem

Risiko yang muncul karena adanya perkembangan sistem teknologi dan masalah yang terjadi pada sistem teknologi tersebut.

Pengukuran Risiko Operasional

● Klasifikasi pengukuran risiko

1. Frekuensi atau Probabilities Terjadinya Risiko

2. Tingkat Keseriusan Kerugian atau Impact dari Risiko

● Dengan dua dimensi tersebut kita bisa membuat matriks frekuensi atau tingkat keseriusan risiko yang ada.

● Contoh Risiko gagal bayar merupakan risiko yang jarang terjadi tetapi jika terjadi maka perusahaan menghadapi kerugian yang besar. Berarti risiko gagal bayar berfrekuensi (likelihood)rendah tetapi severity (significance) tinggi

Pengukuran Risiko Operasional

Kesalahan pencatatan atau proses seringkali terjadi dalam

produksi tetapi risiko kerugian yang dihadapi tidak terlalu tinggi.

Berarti frekuensi tinggi tetapi severity(significance) rendah.

Dengan menggambarkan frekuensi dan severity memiliki implikasi bagaimana dalam mengelola risiko

Matriks frekuensi dan signifikansi

● Signifikansi (Severity) rendah dan likehood (frekuensi) rendah

● Signifikansi (Severity) tinggi dan likehood (frekuensi) rendah

● Signifikansi (Severity) rendah dan likehood (frekuensi) tinggi

● Signifikansi (Severity) tinggi dan likehood (frekuensi) tinggi

Strategi Menghadapi

Risiko Berdasarkan Matriks Severity

Frekuensi

Kuadran II

Detect And Monitor Kuadran IV

Prevent At Source

Kuadran I

(Low Control) Kuadran III

Monitor

Signifikansi (Severity)

rendah dan likehood

(frekuensi) rendah

Perusahaan menerapkan sistem pengawasan rendah terhadap risiko ini.

Pengawasan yang terlalu berlebihan pada jenis risiko ini menimbulkan biaya yang relatif besar dibanding dengan manfaatnya,

Signifikansi (Severity) tinggi dan likehood (frekuensi) rendah

● Risiko ini menantang untuk dihadapi karena jika risiko ini muncul maka perusahaan menghadapi kerugian yang besar dan bisa mengakibatkan kebangkrutan.

● Risiko ini jarang terjadi dan kadang sulit dikenali oleh perusahaan oleh karena itu risiko ini sulit dipahami karakteristiknya dan sulit diprediksi kapan datangnya

● Contoh : Baring gagal melakukan pengawasan trading yang diluar batas oleh seorang tradernya, kemudian terjadi kerugian yang mengakibatkan kebangkrutan perusahaan

Signifikansi (Severity) rendah dan likehood (frekuensi) tinggi

● Risiko ini sering muncul tetapi besarnya kerugian relatif kecil.

● Risiko ini akibat perusahaan menjalankan bisnisnya. Contoh perusahaan supermarket ada risiko shoplifting (pencurian oleh pembeli), barang dagangan rusak, botol pecah, dll.

● Risiko ini bisa dianggap sebagai biaya dari kegiatan bisnis (cost of doing business) dan dimasukkan dalam kmponen harga.

● Jika risiko bergerak melewati batas cost of doing business maka perusahaan segera harus melakukan penanganan risiko

Signifikansi (Severity) tinggi dan likehood (frekuensi) tinggi

● Jika risiko ini terjadi berarti perusahaan sudah tidak dapat mengendalikan risiko dan bisa berakibat kebngkrutan.

● Contoh jika perusahaan tidak dapat menangani penggelapan uang dengan jumlah yang besar yang dilakukan oleh karyawannya (frekuensi rendah, severity tinggi) maka akan ada kemungkinan akan berubah menuju kuadran IV yaitu frekuensi tinggi, severity tinggi.

● Jika hal tersebut terjadi maka perusahaan akan bangkrut dalam waktu singkat. Oleh karena itu tugas manajemen risiko adalah mencegah migrasinya risiko-risiko yang ada kedalam kuadran IV

Perubahan

Karakteristik Risiko

Operasional

● Faktor-faktor yang menyebabkan perubahan karakteristik risiko operasional :

1. Globalisasi

2. Otomatisasi

3. Mengandalkan teknologi

4. Outsourcing

5. Perubahan budaya masyarakat

Reference

^• hendroagungs.blogspot.co.id

Sistem Pengendalian Internal

Dan Manajemen Risiko

Sistem Pengendalian Internal

• Sistem pengendalian internal bertujuan untuk meningkatkan efektivitas dan efisiensi operasional, kelayakan atas laporan keuangan, serta kepatuhan terhadap peraturan perundang-undangan yang berlaku di Indonesia, baik peraturan yang mengatur Perseroan Terbatas, peraturan OJK maupun kebijakan Perseroan yang telah ditetapkan.

Aktivitas-Aktivitas Sistem Pengendalian Internal

• Formalisasi kebijakan dan prosedur Perseroan olehGroup Corporate Policy Division (GCP) yang dilakukan melalui kajian dan persetujuan sampai dengan tingkat otorisasi yang telah ditetapkan. Kebijakan dan prosedur Perseroan

dikelompokkan ke dalam 5 kategori; yaitu penjualan & pemasaran, finansial, operasional,governance, serta general affair (GA).

• Pembaharuan kebijakan prosedur dalam bentuk perbaikan dan penyempurnaan proses yang sudah ada, baik menyangkut keuangan maupun operasional Perseroan menjadi satu sinergi proses (integrasi).

• Proses sosialisasi kebijakan dan prosedur melalui intranet dan jaringanWeb.

• Formalisasi kode etik Perseroan (code of conduct) yang mencakup penerapan nilai, etika, integritas karyawan yang dapat diakses oleh seluruh karyawan melalui media intranet (portal) Perseroan.

• Penggunaan program komputer yang terintegrasi dalam transaksi keuangan dan operasional (penjualan, programming dan SDM).

• Pemisahan fungsi sesuai tugas, tanggung jawab dan kewenangan dalam struktur organisasi Perseroan dan unit usaha.

• Adanya supervisi oleh atasan masing-masing pada setiap tugas dan tanggung jawab.

Case study:

Sistem

Manajemen Risiko yang diterapkan Perseroan

• Sistem manajemen risiko Perseroan diterapkan guna mengevaluasi efektivitas lingkungan internal,

penetapan tujuan, identifikasi kegiatan, penilaian risiko, pengelolaan risiko, aktivitas pengendalian, informasi dan komunikasi, pengawasan.

Sistem Manajemen Risiko yang diterapkan Perseroan

• Perseroan menerapkan sistem manajemen risiko komprehensif yang terintegrasi dengan proses perencanaan strategis dan kegiatan usaha Perseroan. Manajemen risiko Perseroan dilaksanakan melalui seluruh jajaran dalam manajemen sesuai dengan peran dan fungsi masing-masing:

• GCP (Group Corporate Policy), sebagai fungsi identifikasi risiko yang dituangkan dalam bentuk kebijakan dan prosedur.

• Internal Control, sebagai fungsi pengendalian internal manajemen risiko.

• Internal Audit, sebagai fungsi evaluasi dari sistem manajemen risiko, pengendalian internal dan perangkat sistem informasi manajemen terkait.

• IT Audit, sebagai fungsi memastikan kecukupan kontrol atas sistem yang digunakan oleh Perseroan.

• CCSA (Compliance and Control Self Assessment), sebagai fungsi evaluasi dari sistem manajemen risiko, pengendalian internal dan perangkat sistem informasi manajemen terkait.

• MARS (Management Awareness Reporting System), sebagai fungsi manajemen risiko dalam mengidentifikasi, melaporkan dan menyelesaikan permasalahan-permasalahan yang dihadapi oleh Perseroan dan unit usaha.

Risiko Utama yang dihadapi Perseroan

• Strategi yang dapat diterapkan dalam pengelolaan risiko adalah dengan cara membagi risiko, menghindari risiko, mengurangi tingkat risiko melalui sistem pengendalian internal, atau menerima risiko yang ada. Risiko-risiko utama yang dihadapi oleh Perseroan pada dasarnya dapat dikelompokkan menjadi dua yaitu:

• Risiko Eksternal

• Risiko akibat perubahan terhadap peraturan perundang-undangan baik yang dikeluarkan oleh Pemerintah maupun pihak berwenang lainnya.

• Risiko akibat perubahan orientasi pelanggan/pemirsa.

• Risiko akibat perkembangan teknologi.

• Risiko akibat pesaing baru.

• Risiko akibat keluhan/ketidakpuasan pelanggan.

• Risiko Internal

• Risiko akibat kesalahan proses.

• Risiko akibat adanya kelemahan dalam manajemen aset.

• Risiko akibat kesalahan atau penyalahgunaan sistem.

• Risiko atas kegagalan produksi.

Mitigasi Risiko yang dilakukan Perseroan

• Selama kuartal III dan IV tahun 2018, sistem manajemen risiko telah berjalan secara efektif dengan mitigasi risiko sebagai berikut:

• Risiko Eksternal

1. Mematuhi perubahan atau adanya undang-undang dan peraturan Pemerintah yang baru baik di industri media maupun perpajakan.

2. Memantau selera pasar dengan mengevaluasi program-program berdasarkan hasil riset dariThe Nielsen Companymengenairating.

3. Melakukan efisiensi melalui perbaikan proses, serta mendukung implementasi dan proyek transformasi bisnis melalui penurunan risiko dengan memastikan prosesgovernanceberjalan dan mengurangi kesalahan/error data manual.

• Risiko Internal

1. Menjaga kualitas dan kesinambungan kegiatan operasional sehari-hari Perseroan dengan melakukan:

-Pembuatan kebijakan yang terpusat untuk menjaga konsistensi dan keseragaman prosedur di setiap proses bisnis di semua unit usaha Perseroan.

-Proses pengambilan keputusan berdasarkanmatrix approvalyang diketahui oleh Manajemen Perseroan.

-Koordinasi antara setiap unit usaha dalam pengembangan dan pengaturan SDM.

-Proses audit berbasis risiko.

-Peningkatan pemantauan unit usaha terkait atas kepatuhan dalam kegiatan operasional.

-Pengembangan sistem manajemen kebijakan dan prosedur melalui intranet dan jaringanWeb.

2. Melakukan efisiensi melalui perbaikan proses, serta mendukung implementasi dan proyek transformasi bisnis melalui:

-Peningkatan proses kerja dan pengendalian proses melalui sistem yang dijalankan secara terpusat.

-Eliminasi pelaksanaan kerja secara manual dan meningkatkan pelaksanaan kerja secara otomatisasi untuk mempercepat proses melalui sistem yang terintegrasi.

-Mempersiapkan rencana pengembangan yang akurat dan merekomendasikannya pada isu bisnis yang berulang.