Maidian Setiawati and Wisnu Yuwono
241
Received : June 05,2023 Accepted : June 07, 2023 Published : September 05, 2023
Conference on Business, Social Sciences and Technology https://journal.uib.ac.id/index.php/conescintech
Risk Management Planning Analysis for Information Analyst Position
Maidian Setiawati1, Wisnu Yuwono2[email protected]1,[email protected]2
1,2Master of Management, Universitas Internasional Batam, Indonesia
Abstract
Currently, government organizations have started implementing GRM (Government Risk Management) in order to realize GRM (Government Risk Management) but its implementation still faces many obstacles in its implementation, one of which is risk recognition which is considered to be less sharp because it is too focused on operational matters.
Meanwhile, an information analyst has an important role because they play a role in ensuring that government decisions and actions are based on accurate data and in-depth analysis. The risk analysis for the position of risk information analyst specifically identified five risks: data input errors, data security vulnerabilities, sudden power outages, eye fatigue, and burnout. The analysis carried out in this study used interview and brainstorming data collection techniques with the number of respondents being four people, through several stages, namely (1) risk register, (2) risk analysis, (3) risk evaluation, and (4) risk treatment. From the results of the analysis, it is known that eye fatigue is a risk with the highest level of severity, so it requires appropriate prevention and management measures. The risks of sudden power outages and burnout are classified as medium risks and also require proper precautions. Finally, data input errors and vulnerabilities are identified as low-level risks, which still require precautions to prevent future problems. The implementation of risk management in the Information Analyst position helps identify potential risks that could hinder the position's ability to provide quality services. In risk management, there are several important stages, such as risk registers, risk analysis, risk evaluation, and risk treatment, which assist in planning and risk management. By implementing risk management, disruption to service activities can be minimized. Therefore, risk management planning is crucial for the position of Information Analyst in government organizations.
Keywords:
Risk Analysis, Information Analysis, Potential Risk
Introduction
The word ERM (Enterprise Risk Management) is no stranger to CRM studies, but now government organizations are also starting to implement GRM (Government Risk Management). Government organization risk management is regulated in RI government regulation number 60 of 2008 concerning the Government's internal control system [1], and subsequently updated to be implemented in governmental environments. In Permen PAN and RB RI number 43 of 2021 states that risk management is an arrangement of planned and measurable activities to manage and control risks that have the potential to threaten the sustainability and achievement of the organization [2]. How important risk management is in an organization is to be able to find out risks and make follow-up plans to minimize risks that will occur, and to make policies in risk management is in the risk management section [3]
Maidian Setiawati and Wisnu Yuwono
242
Every part of a government organization is the owner of the risk itself [4], to realize good governance risk management is an important part of identifying and managing risks that will affect the achievement of the value desired by the organization. Risk management in government organizations functions to be in charge of managing and achieving organizational goals, analyst positions need to identify potential risks that can hinder the ability of analyst positions to provide quality services [5]. One of the analyst positions that play an important role is information analyst [6]. Because of this, the application of risk management is very important for information analyst positions, so that by managing risk it can minimize disruption to quality service activities [3]
The implementation of GRM (Government Risk Management) still faces many obstacles in its implementation, one of which is the identification of risks that are felt to be less sharp because they are too focused on operational matters. And in Indonesia itself, the implementation of new risk management is entirely in BUMN and the Ministry of Finance. While GRM (Government Risk Management) is a crucial thing to implement to realize good governance (17), including one of the local government organizations. Therefore, the authors are interested in conducting a risk management analysis in information analyst positions in local government organizations.
Literature Review Risk Management
Risk management in PERMEN PAN RB year 41 of 2022 is a series of planned and measurable activities to manage and control risks that have the potential to threaten the sustainability and achievement of organizational goals. The importance of risk management in government organizations aims to reduce the risk itself in every organizational activity, and to reduce the losses that the organization will face or the risks that are accepted are still within the capabilities of the organization [7]. A risk register or risk list is the first step in risk management. The risk register contains a list of potential problems in an organization [8]. In Permen PAN RB Number 43 of 22 Risk Identification is an activity of identifying all risks or potential risks that can affect the achievement of organizational goals/targets [2]. Risk is something that will happen related to uncertainty as a result of the company's goals, vision and mission to be achieved so that the information needed about things that will happen is unclear it affects the results achieved. Risk will appear anytime, and to anyone, because everything is very closely related to risk, generally, this risk is interpreted as something that triggers a loss for certain events [9]
Therefore, it is necessary to carry out risk identification using ISO 310002018 references. ISO 31000 is an international standard released by the International Organization for Standardization (ISO) to manage risk so that from the risk list you can find and analyze possible risks and even provide mitigation efforts [10]. In government organizations risk management, a risk event is an event that is likely to occur and could adversely affect the organization. Factors that influence risk events can be internal or external which have an impact on time, cost, quality, human resources, and organizational goals [11]
A risk trigger is an event or action that triggers a risk event. Triggers can speed up or slow down the occurrence of risk events, as well as increase or decrease the impact of these risk events [11]. The Risk Breakdown Structure (RBS) method adopted from the Work Breakdown Structure (WBS) will be able to define and classify risk- based risks for each level in detail so that operational risk measurement provides a structured picture of all the risks faced by the company [12 ]
Similar to the Work Breakdown Structure (WBS) used for project planning, RBS involves breaking down risks into smaller subcategories or components that represent different types of project risks that may occur during the project life cycle [12]
To reduce risk, it is necessary to have risk management, risk identification, and risk assessment. Risk response (risk response) is an effort to manage identified risks in an activity to reduce the impact of risk. Several
Maidian Setiawati and Wisnu Yuwono
243
risk treatment options based on PAN RB Regulation No. 43 of 2022 are (a) reducing the risk, (b) sharing the risk, (c) avoiding the risk, and (d) avoiding the risk [13 ].
Risk evaluation is very important in risk management because it can help organizations identify and reduce risks associated with their activities, to avoid losses and minimize negative impacts on organizations and society [14]. The purpose of risk evaluation is to understand the level of risk associated with an event or activity so that appropriate action can be taken to reduce or manage the risk. Risk evaluation involves collecting and analyzing data, identifying risk factors, assessing the level of risk, and developing an effective risk management strategy [15]
Risk treatment, which deals with risk protection measures, involves the best way to manage risk events that may occur. In simple terms, risk treatment involves managing potential risks according to the action plan that has been set out in the risk register [16].
Figure 1. Risk Treatment
Risk Management in Information Analyst
The Swedish government rarely uses the term risk but prefers the possibility and consequences of the term of work, but in Indonesia, several regulations have been created in each ministry regarding risk management [17].
Based on the theory above, each job has its risks that are returned to the organization [2]. The position of information analyst itself has duties and functions, namely conducting analysis and review of information on the development of educators and education staff in the framework of preparing policy recommendations.
Permen DIKBUD number 66 of 2015 concerning risk management states that risk owners implement and develop risk management within their respective risk owner units. The risk owner prepares a risk profile report and risk map which contains the type, level, and trend of all relevant risk exposures together with the previous semester's risk profile and map so that they can be compared.
Research Methods
The methodology is needed in planning data collection in a study. The most important processes in research methodology include the data collection process, data collection methods, and how to process the data [18]. This research is quanlitative descriptive to explain the risk management research variables from the position of an information analyst, the data source is primary data identified through interviews and brainstorming with the information analyst work team and a section head. The time for carrying out data collection is the period 27-31 March 2022.
The steps taken in analyzing the data in this study are through several stages, namely (1) risk register, (2) risk analysis, (3) risk evaluation, and (4) risk treatment, the use of these four stages can help in risk management planning.
Results and Discussion
The framework for risk management provides a foundation that includes policies, objectives, mandates, and commitments to manage risk itself. [19] . The analysis and discussion of this risk management plan refer to
Maidian Setiawati and Wisnu Yuwono
244
conditions under research methodology procedures because research methods refer to research sites, research instruments, data sources, and data analysis techniques. [20]
A. Risk Register
Risk identification is the first step in risk management, and it is very important to ensure that the risks associated with an activity or project have been identified and managed appropriately [21]. The risk identification process is carried out to create the main risk register document (risk list [8]. A risk register is a record of information from identified risks that contains causes, and events that are comprehensive and have an impact on achieving goals and targets (or key elements) identified from the context of the risk register [8]
Several techniques are used in the risk identification process by authors include interviews and brainstorming [19]
Risk identification is carried out with 4 analysis team members and one supervisor who is directly involved in the work. With the following characteristics:
Table 1. Characteristics of Respondents Respondents
Respondent A Respondents B Respondent C Respondents D Characteristic Features
Position Section Chief Analyst Analyst Analyst
Gender Woman Woman Woman Man
Age 57 Years 38 Years 40 Years 45 Years
Years of service 32 years 12 years old 15 years 17 years
Education Bachelor Bachelor Bachelor Bachelor
The following are possible risks that may occur in the position of educator information analyst and education staff:
Table 2. Risk Register No.
Risk Risk Events Opportunities/Threats Risk Description Action Plan Responsibility 1. Error in inputting data Threat Occurs due to carelessness in
inputting data, causing financial losses for the data owner
Refine and correct data
Analyst 1 activity range 1-6 month 2 Data security
vulnerabilities
Threat This risk is related to the possibility of a security breach or data leak due to a weakness in the organization's security system.
This risk can lead to the loss of sensitive data or customer privacy and be detrimental
organization
Improve data security controls
IT TEAM 1 time each year
3. Power cut suddenly Threat This risk is associated with a sudden power outage
arrived, so
causing failures in the system and degradation productivity
Backup generator installation
Analyst 3 times every month
4. Saturation Threat This risk is related to the task of the analyst which is monotonous Give
job rotation
Analyst 12 times per year
Maidian Setiawati and Wisnu Yuwono
245
thereby reducing the motivation of the analyst in
activity 5. Fatigue in the Eye
Muscles
Threat This risk is associated with viewing computer screens for long periods.
Implement ergonomic performance
Analyst 3 times (per week)
Based on the risk identification analysis, it is found that five risks are included in the risk register along with their description, opportunity/threat, action plan, and probability which will become the basis for planning analysis of risk management.
B. Risk Events and Triggers
Risk events are the causes or factors that underlie the occurrence of a risk, these are events or situations that increase the likelihood or impact of a risk. So, risk triggers are outcomes or consequences that may occur due to certain risks. Risk events can be caused by one or several risk triggers that are the root cause or factor. Identifying risk triggers can help organizations proactively mitigate risks and prevent risk events from occurring [22].
Table 3. Risk Events and Triggers No.
Risk Risk Risk Events Triggers Impact Action Plan
1. Error in Inputting Data
The data does not match
Error data source, lack of training
Wrong decision-making, financial loss, legal consequences
Perform data verification procedures, adequate training, control the accuracy of input data 2 Data Security
Vulnerabilities
Error Application Lack of data security protocols and procedures
Data breach, reputation damage
Implement data security protocols
3. Power Cut Suddenly
Power Off and connection the internet is disconnected
Central power grid failure, local power grid breakdown
failure, data loss, crashes
productivity Local electricity generator, perform data storage system automatic
4. Saturation Postpone
work
Monotonous work Decreased employee motivation, low productivity
Create rotations, provide sufficient rest time, provide training
5. Fatigue in the Eye Muscles
Decreased eye health
Lack of rest and long working hours.
decline
health analysts, rising health costs
Proper light settings, use eye protection equipment
Identifying risk events and risk triggers can help organizations proactively mitigate risks and prevent risk events from occurring by implementing preventive and corrective actions under organizational goals.
C. Risk Breakdown Structure
The risks identified in the risk register are then categorized into the risk breakdown structure [11]. A risk breakdown structure is a grouping of risks into a hierarchical organizational risk composition that is logical, systematic, and naturally structured under the organizational or project structure. The goal of implementing a risk breakdown structure is clarity of risk stakeholders or increased understanding of organizational or project risks in the context of a logical and systematic framework.
The following is a breakdown of the risk breakdown structure of the position of information analyst:
Maidian Setiawati and Wisnu Yuwono
246
Figure 2. Risk Breakdown
By understanding the distribution of internal and external risks, organizations and information analysts can identify and manage risks more effectively to maintain the success and security of the information managed by the Information Analyst position.
D. Risk Response
To reduce the negative impact of the risk or maximize the positive opportunities of the risk, it is necessary to take actions to manage or respond to the risks that have been identified [17]. The following is the risk response carried out:
R1. Risk of data input errors
a. Avoidance: Implement data quality controls and train analysts to reduce the likelihood of input errors b. Mitigate: Re-check data before use to reduce the possibility of input errors and make improvements if
errors are found
c. Accept: Accept the risk of data input errors as an operational risk and plan corrective actions d. Transfer: Collaborating with the IT team.
R2. Data security Vulnerability Risk
a. Avoidance: Using strict data security protocols and training analysts to avoid actions that may open data security holes.
b. Mitigate: Update the data security system regularly and carry out routine security checks to reduce the possibility of leaks
Analis Informasi
Eksternal
1.
Data Input Errors
• Human errors due to lack of attention or concentration
• Human errors stemming from insufficient training or experience
• Lack of
accountability
• Inadequate data validation and quality control protocols
2.
Eye Fatigue
• Inadequate
workplace or ergonomic
equipment
• Insufficient rest time
• Extended computer usage
• Inadequate lighting
3.
Fatigue
• Working for extended periods
• Poor management
• Lack of involvement
• Lack of analyst motivation
5.
Sudden Power Outage
• Sudden power outage
• Electric grid failure
• Local electric network failure or damage
• Inadequately maintained backup power
4.
Data Security Vulnerability
• Inadequate access controls
• Firewall or antivirus protection
• Human errors due to lack of caution
• Intentional data exposure
• Data security vulnerabilities Eksternal
Maidian Setiawati and Wisnu Yuwono
247
c. Accept: Accept data security risk as an operational risk and plan corrective actions in the event of a data leak
d. Transfer: Cooperate with the owner of the provider R3. Sudden power outage
a. Avoidance: Implementing a backup system for the power grid and ensuring its supporting infrastructure continues to function in an emergency
b. Mitigate: Carry out routine maintenance and replacement of old and prone-to-failure electrical equipment
c. Accept: Accept the risk of a sudden power failure as an operational risk and plan corrective actions in the event of a power outage
d. Transfer: Cannot be transferred R4. Eyestrain
a. Avoidance: Provide an ergonomic workspace and provide sufficient rest time for employees.
b. Mitigate: Reducing the duration of eye exposure by providing sufficient rest and reducing the brightness of the light in the work area
c. Accept: Accept the risk of eye fatigue as an operational risk and plan corrective actions if health problems occur due to eye fatigue
d. Transfer: Unable to transfer this risk.
R5. Saturation
a. Avoidance: Provide opportunities for job rotation, career development, and training to avoid monotony.
b. Mitigate: Provide challenging and interesting tasks to reduce boredom and monotony
c. Accept: Accept the risk of burnout as an unavoidable risk, but still ensure the welfare of employees d. Transfer: Unable to transfer this risk
E. Risk Analysis
By carrying out a risk analysis we will know the level of risk that will be faced by an information analyst. From information on risk analysis, it will be useful for risk management in organizations for the position of information analyst [21]
Table 4. Risk Analysis No.
Risk Risk Risk Probability Impact
1. Error in inputting data The data does not match 0.08% Wrong decision-making, financial loss, legal consequences 2 Data security vulnerabilities Error Application 0.08% Data breach, reputation
damage
3. Power cut suddenly Power Off and connection
the internet is disconnected
3% failure, data loss, crashes
productivity
4. Saturation Postpone
work
1% Decreased employee
motivation, low productivity
5. Fatigue in the Eye Muscles Decreased eye health 12% decline
health analysts, rising health costs
Maidian Setiawati and Wisnu Yuwono
248
The following is a risk analysis table with details of no risk, probability of occurrence (P), impact (I), weighted risk (W), and risk level.
Table 5. Risk Analysis
No Risk P I W Risk Levels
1. Input error data 2 2 4 Low
2. Data security vulnerabilities 2 2 4 Low
3. Sudden power outage 3 2 6 Currently
4. Eyestrain 4 4 16 Very high
5. Saturation 4 2 8 Currently
Based on the table, it can be seen that the risk with a very high level of eye fatigue has a weighted risk (W) value of 16. The moderate level risk is a sudden power outage and saturation with a W value of 6 and 8.
Meanwhile, the low-level risk is input error. data and data security vulnerabilities with a value of W 4.
F. Risk Evaluation
This risk evaluation helps in determining the risk treatment. In carrying out the risk evaluation process, a company must be able to assist the process of making decisions about risk, treating that behavior, and also implementing risk treatment. Risk evaluation is used as a guide for the actions needed if a problem occurs.
The form of risk evaluation can be in the form of a matrix. A risk matrix is a tool used to determine the effectiveness that organizations can use to increase awareness and clarity so that risk decisions can be made.
The matrix helps identify risks by requiring a quick response from the results of a combination of the probability score and the impact of the risk.
The evaluation process will use a qualitative method, namely by using a matrix as the probability of occurrence and the impact of risk. This matrix will show which operational risks are included in the handling of the red zone (High), the green zone (Medium), and the yellow zone (Low). Sequentially these risks have an emergency level from the highest (High), moderate (Medium), and lowest (Low). These zones are obtained through the probability and impact matrix by combining the results of risk analysis.
The following are the results of risk grouping:
Table 6. Category (Risk Level)
LEVELS AMOUNT OF RISK CRITERIA
1 1 - 2 VERY LOW
2 3 - 4 LOW
3 5 - 9 CURRENTLY
4 10-15 TALL
5 16 - 25 VERY HIGH
Maidian Setiawati and Wisnu Yuwono
249
Figure 3. Risk Analysis
G. Risk Treatment
Risk treatment is a process that aims to change the risk so that it can be eliminated or reduced. By applying the right risk treatment, it is hoped that the risk can be reduced to a tolerable level, both in terms of impact and probability. [15]
Table 7. Risk Treatment
No Risk Treatment
1. Input error data
1. Standardization 2. Quality control 3. Distribution of tasks 4. Audits
5. Backup data 2. Data security vulnerabilities 1. Data security policy
2. Data safety awareness 3 Rights Management 4. Security Audit
5. Maintenance of security systems 3. Sudden power outage 1. Power backup system
2. Automatic data storage
4. Eyestrain 1. Ergonomic workspace arrangement
2. Pause Work 3. Screen protector 4. Eye health check 5. Eye health education
5. Saturation 1. Various assignments
2. Timing
3. Career promotion 4. Awards
Probability
high R4
Medium R3, R5
Low R1, R2
Low Medium high
Impact
Maidian Setiawati and Wisnu Yuwono
250
5. Communication
In the role of an information analyst, implementing effective risk treatment is an important step in maintaining data security and integrity, as well as maintaining the availability of critical information systems.
By understanding the risks involved and taking appropriate actions, an information analyst can help organizations identify, mitigate and efficiently manage risks. Through careful risk treatment efforts, information analysts can play a key role in maintaining smooth operations and business continuity, and ensuring that sensitive and important information remains safe and protected.
Conclusions
Risk management in government organizations is needed to realize good governance with risk management applying GRM (Government Risk Management). An information analyst in government organizations carrying out their duties and functions under laws and regulations has risks inherent in this position. it can be concluded that risk management is very important in the position of Information Analyst in government organizations.
Risk analysis is an important process in identifying potential risks and their severity. In the risk analysis for the position of Information Analyst, five specific risks were identified, namely data input errors, data security vulnerabilities, sudden power outages, eyestrain, and burnout. Based on the analysis results, the risk with the highest severity level is eyestrain. Therefore, proper precautions and management are necessary to reduce this risk. The risk of a sudden power outage and eyestrain is classified as moderate risk and also requires proper precautions. Meanwhile, data input errors and data security vulnerabilities were identified as low-level risks, but still require precautions to prevent future problems.
Risk management in government organizations, such as GRM (Government Risk Management), is an important part of realizing Good Governance. The implementation of risk management in the Information Analyst position helps identify potential risks that could hinder the position's ability to provide quality services. In risk management, there are several important stages, such as risk registers, risk analysis, risk evaluation, and risk treatment, which assist in planning and risk management. The application of risk management in government organizations still faces obstacles, especially in the identification of less sharp risks. However, risk management remains important for realizing good governance and reducing risk in every organizational activity. Along with that, risk identification and risk evaluation using appropriate methods, such as ISO 31000, assist in identifying and analyzing potential risks and providing effective mitigation efforts.
In the context of the position of Information Analyst, risk management plays an important role in managing and mitigating risks that can affect quality service activities. By implementing risk management, disruption to service activities can be minimized. Therefore, risk management planning is crucial for the position of Information Analyst in government organizations.
References
[1] Mendagri, “PP RI no 60 Tahun 2008 tentang Sistem Pengendalian Intern Pemerintah,” PP RI no 60 Tahun 2008 tentang Sist. Pengendali. Intern Pemerintah, vol. 49, pp. 69–73, 2008.
[2] P. P. dan R. N. 43 tahun 2021 tentang M. R. di L. K. P. A. N. da R. Birokrasi, “Permen PAN dan RB No 43 tahun 2021 tentang Manajemen Risiko di Lingkungan Kementrian Pendayagunaan Aparatur Neggara da Reformasi Birokrasi,” Permen PAN dan RB No 43 tahun 2021, vol. 151, no. 2, pp. 10–17, 2018.
[3] K. B. Mahardika, A. F. Wijaya, and A. D. Cahyono, “Manajemen Risiko Teknologi Informasi Menggunakan Iso 31000 : 2018 (Studi Kasus: Cv. Xy),” Sebatik, vol. 23, no. 1, pp. 277–284, 2019, doi:
Maidian Setiawati and Wisnu Yuwono
251 10.46984/sebatik.v23i1.572.
[4] Kemendikbud, “Permendikbud no 66 Tahun 2015 tentang Manajemen Risiko di Lingkungan Kemendikbud,”
p. 66, 2015.
[5] F. M. Ahmad, “Mewujudkan Good Governance Pada Pemerintah Kabupaten Bandung Barat,” Ind. Res.
Work. Natl. Semin., pp. 1182–1192, 2019.
[6] H. Panrb, “Permen PANRB No. 45 Tahun 2022,” 2022.
[7] E. Khristian, H. Karamoy, and N. S. Budiarso, “Analisis Manajemen Risiko Dalam Mewujudkan Good Corporate Governance (Studi Kasus Pada Pt Angkasa Pura I (Persero)),” J. Ris. Akunt. dan Audit.
“GOODWILL,” vol. 12, no. 2, pp. 112–128, 2021.
[8] A. Subagyo, R. Simanjutak, and A. I. Bukit, Dasar-Dasar Manajemen Risiko. 2020. [Online]. Available:
www.mitrawacanamedia.com
[9] Y. N. Qintharah, “Perancangan Penerapan Manajemen Risiko,” JRAK J. Ris. Akunt. dan Komputerisasi Akunt., vol. 10, no. 1, pp. 67–86, 2019, doi: 10.33558/jrak.v10i1.1645.
[10] A. Wibowo, “Risiko Manajemen,” p. 407, 2022.
[11] F. Arifin and R. Setyadi, “Penerapan COBIT pada Analisis Manajemen Risiko pada Sistem Informasi Desa,”
JURIKOM (Jurnal Ris. Komputer), vol. 9, no. 3, p. 733, 2022, doi: 10.30865/jurikom.v9i3.4315.
[12] C. L. Pritchard, “Work Breakdown Structure,” Proj. Manag. Drill B., no. June, pp. 147–156, 2019, doi:
10.4324/9780203741764-14.
[13] A. Cahyadi, D. Putra Budiman, and J. Rahardjo, “Perancangan Analisis Risiko ISO 9001:2015 di PT XYZ,”
Peranc. Anal. Risiko ISO 90012015 di PT.XYZ, vol. 5, no. 2, pp. 327–332, 2017.
[14] R. Sun, Z. Gong, G. Gao, and A. A. Shah, “Comparative analysis of Multi-Criteria Decision-Making methods for flood disaster risk in the Yangtze River Delta,” Int. J. Disaster Risk Reduct., vol. 51, 2020, doi:
10.1016/j.ijdrr.2020.101768.
[15] A. samimi, “Risk Management in Information Technology,” Prog. Chem. Biochem. Res., vol. 3, no. 2, pp.
130–134, 2020, doi: 10.33945/sami/pcbr.2020.2.6.
[16] H. Hardana and M. Syafruddin, “Analisispengungkapan Manajemen Risiko(Bukti Indonesia),” Diponegoro J.
Account., vol. 8, no. 2, pp. 1–15, 2019.
[17] F. S. Rahayu, T. Indrawan, and S. Kamarudin, “Risk Mitigation Strategies in Implementing Scrum Framework for Internet-Based IT Companies in Indonesia,” Indones. J. Inf. Syst., vol. 3, no. 1, pp. 50–63, 2020, doi:
10.24002/ijis.v3i1.3589.
[18] A. Syahza, Buku Metodologi Penelitian, Edisi Revisi Tahun 2021. 2021.
[19] BSN, Manajemen Risiko Berbasis SNI ISO 31000.
[20] dkk Hardani, Buku Metode Penelitian Kualitatif dan Kualitatif, no. April. 2020.
[21] R. Sun, Z. Gong, G. Gao, and A. A. Shah, “Comparative analysis of Multi-Criteria Decision-Making methods for flood disaster risk in the Yangtze River Delta,” Int. J. Disaster Risk Reduct., vol. 51, no. August, p. 101768, 2020, doi: 10.1016/j.ijdrr.2020.101768.
[22] H. Sudarsono, “Analisis Keaktifan Manajemen Risiko Dalam Menentukan Kebijakan Struktural Modal, Keputusan Pemberian Kredit, Tingkat Risiko dan Profabilitas Bank Umum,” vol. 14, no. 2, pp. 234–245, 2020.
