372

INTERNATIONAL ISLAMIC ECONOMIC SYSTEM CONFERENCE (I-iECONS 2021)

Identifying Risks in Indonesian Zakat Institutions Using Enterprise Risk Management (ERM)

Hartomi Maulana

Faculty of Economics and Management, Universitas Darussalam Gontor, Indonesia Tel: +6282143423857 E-mail: mhartomi@unida.gontor.ac.id

Yayan Firmansah

Faculty of Economics and Management, Universitas Darussalam Gontor, Indonesia Tel: +60163835046 E-mail: yayanf@unida.gontor.ac.id

Naufalt Arkyananto

Faculty of Economics and Management, Universitas Darussalam Gontor, Indonesia Tel: +6281353250807 E-mail: naufaltarkyananto690@gmail.com

Abstract

This study attempts to identify risks exist in Indonesian zakat institutions. Risk management with ERM standards discussed are the internal environment of the institution, identification of risk at the institution, measurement and assessment of risk, response to risks that occur, and risk control. This study uses a qualitative approach with semi-structured interviews. Furthermore, six participants were interviewed, including the manager in each division, and the branch head of the institution. Collecting data, reducing data, presenting data, and withdrawal conclusions are employed as technique analysis. The results of this study indicated that the zakat institution has comprehensively implemented risk management. It can be shown that the institution carries out direct supervision and evaluation of risks. In this COSO ERM framework, the study identified three major risks including operational risk, fund raising risk and distribution risk. The mitigation system for the identified risks is also discussed.

Keywords: Enterprise Risk Management; COSO; zakat institution

1. Introduction

Currently, Indonesia has 16 zakat institutions that have been granted authorization by the Ministry of Religious Affairs. The realization of their zakat institutions to facilitate the Muslim community in Indonesia to fulfill their zakat easily. From the large number of Zakat Institutions, it could be concluded that the growth of zakat in Indonesia is not only on strengthening and forming zakat institutions, however additionally including law enforcement, strengthening zakat laws through government regulations, and zakat collection operations must be clear (Adnan, 2017).

However, many acquisitions of zakat funds, zakat institutions have many challenges. The challenge in zakat institutions on vulnerability management of zakat in Indonesia is sourced from the muzaki, mustahik, and charitable organizations. These barriers include the lack of qualified human resources, understanding fiqh amil inadequate, lack of public awareness, low level of technology used, its minimum zakat information system, the mental attitude of the recipients (Zumrotun, 2016). The challenges and obstacles to the management of zakat could be concluded that zakat institutions certainly have a lot of risks that are vulnerable, and these risks can threaten the integrity and continuity of the amil zakat (Zumrotun, 2016).

373

Risks in zakat are potential events, both anticipated and unanticipated. These risks harm the level of trust, sharia compliance, and sustainability of the business process. These risks can not be avoided, however can be managed and controlled. Therefore, as in other institutions in general, zakat management requires a series of procedures and methodologies to identify, measure, monitor, and control risks arising from business activities, in other words one must apply risk management to a business (Pusat Kajian Strategis, 2018). This, along with the decision of the Core Principles for Effective Supervision Zakat which explains zakat institutions are additionally exposed to various risks, because LAZNAS as well as other financial institutions. However, this type of operational risk exposures faced different zakat institutions. Therefore, the guidelines used to measure the risk of zakat use Zakat Core Principles (ZCP). The ZCP used is ZCP 11 - ZCP 14. The ZCP describes a guideline for zakat supervision authorities and zakat institutions concerning 4 types of risk such as transfer risk, reputation risk, fund allocation risk, and operational risk (Consultative Document, 2016). Efficient risk management practices are problem-solving to avoid disaster and failure risk in the company (Mikes and Kaplan, 2015).

In this case, researchers use the Enterprise Risk Management (ERM) reference as an illustration for identification, assessment, and mitigation of the high level of risk (Humphrey, 2018) faced by the National Amil Zakat Institute (LAZNAS). The study uses the ERM method because, first, the ERM method is an important component in changes in corporate governance, the principles, guidelines, and surrounding standards (Humphrey, 2018). Secondly, Rubino and Vitolla (2014) state that ERM is part of the overall corporate strategy, due to the development of the scope of risk (Rubbino and Vitolla, 2014). Then the third is following Mardessi's research that the effectiveness of ERM performance is studied from the perspective of performance, value, risk of failure, and disclosure in a company (Mardessi and Arab, 2018). Therefore, with the existence of ERM, it is hoped that the LAZNAS institution can focus on friction within the institution and outside influences (Håkan, 2019).

Based on the aforementioned, the research questions of this study are: How is the application of risk management in the Zakat institution? How is the mitigation of risk in the Zakat institution with ERM standards?

Thus, this study examines these research questions.

2. Literature Review 2.1 Zakat risk management

The core of risk management policy is to be able to identify, measure, monitor, and control the course of zakat management activities, with a level of risk that can be measured, integrated, and sustainable. Risk management acts as a filter or early warning for the management of zakat. The virtues of risk management at amil zakat institutions are:

(1). Provider of risk information to regulators and other parties, (2). Ensuring that zakat institutions do not experience opportunity loss is either unacceptable, (3). Minimize the opportunity loss of some uncontrolled risks, Measuring exposure and concentration risks, (5). Ensuring compliance with the sharia in zakat management, particularly in the field of risk mitigation (Pusat Kajian Strategis, 2016).

Zakat institutions have many challenges and risks that come from muzkaki, mustahik and additionaly the zakat institution. These obstacles can pose a risk including (Zumrotun, 2016):

The lack of quality human resources. Work becomes a zakat collector (amil) is not yet the purpose of life or profession of a person, even though graduates of Islamic economics.

Understanding of jurisprudence amil inadequate. The lack of understanding of the zakat fiqh of the amil is one of the obstacles in the management of zakat. It was due to make jurisprudence was understood only in terms of not only the textual context.

Lack of public awareness. Awareness of paying zakat for the public is still low. Already embedded in the minds of some Muslims, zakat orders are only required in the month of Ramadan. Even then, it is still limited to the payment of zakat fitrah.

Low level of technology used. The application of technology in zakat institutions is still very far compared to the application of technology in other financial institutions. It became one of the obstacles inhibiting the progress of the utilization of zakat.

The information system of zakat. This is one of the main obstacles that cause zakat has not been able to provide significantly the impact on the economy. Zakat institutions that exist today have not been able to have or to develop an integrated information system between amil zakat.

374

The mental attitude of the recipients of zakat. The main drawback of the poor as recipients means not only less capital solely in running the business, however more on the mental attitude and readiness of business management in addition to lack of work ethic.

According to Zakat Core Principles (ZCP), there are serval indications of risk to the charity that must tackle at the institution while an indication of risk to the charity has been poured on the ZCP 11 - ZCP 14, explaining (Consultative Document, 2016):

ZCP 11 describes the transfer risks and the country where cross-border transactions to be closed because of globalization. Risk transfer this charity is used to transfer charitable donations to a disaster-stricken country.

Therefore, zakat institutions to explain the dangers of the zakat transfer to another country.

ZCP 12 explained the risk of reputation and good name of the institution, which occurs when zakat institutions that failed in managing zakat funds from muzaki which is not following the wishes of stakeholders, it is not following legal and regulatory actions zakat. These risks have an impact on its less optimal in zakat collection if this risk cannot be solved properly.

ZCP 13 regarding the risk of fund allocation, this risk arises in zakat institutions similar to the risk of liquidation in a financial position. This risk arises because of the misallocation of financial funds and zakat distributed by zakat institutions to 8 recipients of zakat.

ZCP 14 discusses the operational risk and Shariah. This risk arises due to human error, technology, and information systems, strategy and governance structure of operational disruptions, the impact on operational risks and Sharia. The risks that anticipated by an institution is required to establish policies and procedures appropriate for upper-level management.

2.2 Enterprise Risk Management (ERM)

As stated by Lam, Enterprise Risk Management is a comprehensive and integrated framework for managing credit risk, market risk, operational risk, economic capital, and risk transfers to maximize firm value (Lam, 2002).

ERM also is a process conducted by the board of directors, managers and other personnel, applied in strategy- setting and across the enterprise. ERM itself is designed to identify potential events and the effect on the institution and manage risk to fit exactly. Thus, is useful to examine a reasonable assurance of the achievement of the institution (Committee of Sponsoring Organizations of the Treadway Commission, 2004). Furthermore, the ERM was very quick to say as a general paradigm in enterprise risk management. During these two decades, the company's performance and governance of large companies have increased. Then shareholders as an important influence on developments that reflect corporate scandals that involve corporate decision making (Håkan, 2019). The purpose of this understanding is that ERM is a useful measurement tool to measure the impact and risk mapping of an institution.

The definitions explain some basic concepts of ERM are (Committee of Sponsoring Organizations of the Treadway Commission, 2004):

A process, ongoing and flowing through an institution to influence by people at every level of the organization Can be applied in strategy settings

Can be applied across the enterprise, at every level and unit, and includes taking a portfolio view of the institution's risk level

Can be designed to identify events that have the potential of loss, if they occur, which will affect the appearance and for risk management following risk standards

Able to provide reasonable assurance to management and the board of directors of an institution Intended for the achievement of a goal in one or more separate categories overlap.

ERM is a corporate financial analysis tool used to obtain an explanation related to two common risk management issues faced by the company. The board of directors provides a solution to overcome a problem related to agency and asymmetric information on the company by using ERM tools. These theories complement the risk management theory for traditional companies, where this theory focuses on eliminating the effects of divisions that

375

exist outside the company such as taxes, or contractual issues between companies and other market participants (Håkan, 2019).

In this theory, explaining to overcome the two problems in risk management faced by companies, the board of directors must use ERM tools. The first ERM theory is an agency problem. This theory explains the manager's problem, in which the managers may be selfish and take deviations to take action on risk management which may be a benefit for corporate investors. Then the second theory is the theory of asymmetric information, this theory is a problem in gathering information related to risk exposure in a timely, clear, and appropriate, this is used to support decision- making that is centralized about the risk-return on the company. The reason this theory is called asymetric information is that a problem that occurs by decisions that are usually authorized by the organization, and the operating unit that has the information, is not freely available to the board of directors. This event has been proven when during the financial crisis in 2007 - 2009, the crisis occurred due to the company's weak internal capacity to make a big picture of the net exposure to the company's aggregate (Håkan, 2019).

On this study, researcher used Committee of Sponsoring Organizations of the Treadway Commission (COSO) as framework (Pusat Kajian Strategis, 2016). That is a risk management reference standards used by the United States COSO ERM: 2004. This standard is used by several non-profit organizations around the world. COSO guides the application of risk management to improve the effectiveness and efficiency of resource use in achieving goals. The core concept of the COSO is any profit institutions, non-profit and government were established to increase the value for stakeholders and role strategies for-profit agencies.

COSO standard rised at 1970 and early 1980, a period when there were many major organizational failures in the United States due to conditions including very high inflation, the resultant high interest rates, and some aggressive corporate accounting and financial reporting approaches (Moeller, 2007). In COSO there are 4 institutional objectives in the management process, namely:

Strategic objectives, with long-term goals, support and are in line with the vision and mission of the institution Operational objectives, effective and efficient use of resources.

Reporting objectives, the effectiveness of reporting agencies to produce reliable reports, including internal and external reporting.

The purpose of compliance, compliance with laws and regulations that apply in the institution.

The COSO standard has 8 components such as the internal environment, goal setting, event identification, risk assessment, risk response, control activities, information and communication, and monitoring. Then in COSO also has a standard, regarding the model framework that describes the integration and relationship between ERM components, with institutional objectives such as strategic, operational, reporting, and compliance. The COSO has levels such as a subsidiary, divisions, business units, and entity-level (Pusat Kajian Strategis, 2016).

ERM is not just a process that periodically, where one component affects only the next component, however the ERM is a multi-directional process, in which almost every component can be influenced and other influences (Committee of Sponsoring Organizations of the Treadway Commission, 2004). This, according to statements made by Robert E. Hoyt that combines ERM overall risk management activities into one integrated chart, this combination is useful for decision-making in the relationship between the risk of the entire division, and activities that allow not considered in traditional risk management model (Hoyt and Liebenberg , 2015).

3. Methodology and Data

This research is field research with qualitative in nature. Data were collected in a zakat institution. Semi- structured interviews were conducted with six participants that consist of five line managers and one head of branch.

The interview guide was developed drawing on the concept of the COSO. Each interview lasted around an hour. The interviews took place in their rooms during working hours and they were conducted in Indonesian language. The interview transcripts were then translated into English and double-checked by another researcher in order to confirm the accuracy of the translations.

This study used Miles and Huberman’s (1994) model in the process of data analysis. After completing the process of data collection, the steps taken were establishing risk management theory with ERM standards, then reducing the data that has been presented into Microsoft Word, sorting and separating data according to what is

376

needed, and matching between theories (risk management with ERM standards) with data already processed. The next step is data presentation, in which the authors presented the data in tabular form. This process also included mapping the indicators and assessing the standard risk management with ERM into the table. The last step is conclusion drawing, in which the researchers conducted an iterative process of comparing theory with data and analyzing existing data and additional data. The process of concluding had be done repeatedly to find patterns of conclusions.

4. Results and Discussion 4.1 Results

In this study, the author interviewed six participants. Five of them are line managers who have worked at the Headquarter the institution, as well as one participant is the head of the Surabaya branch.

Table 1 Profile of the Participants

No Qualification Ages Specialization/

Position Working Experience

P1 Bachelor of Mathematics Education 31 Manager of Human

Resources Department 9 Years

P2 Still In Bachelor 30 Supervisor Accounting 11 Years

P3 Diploma 30 Operational Manager 12 Years

P4 Bachelor of Mathematics Education 30 Supervisor Research and Development of Program, and Empowerment

4 Years

P5 Engineering Diploma 39 Fundraising Support Manager 10 Years

P6 Bachelor of Syari’a 41 Head of Branch 11 Years

Most participant agreed that their institution indirectly has applied proper risk management. Participant 5 mentioned that to manage risk, his institution conduct double controlling is the bottom up and up to down. he added evaluation and monitoring done by a supervisor one the issue emerged in the institution. Participant 5 state:

"We have tiered supervision, tiered supervision both from top to bottom and from the bottom to the top" "Eee bottom-up like that, all supervise each other remind each other, monitor each other, evaluate each other, so from the topmost Eee structure it oversees the structure underneath, and so on. And from the bottom, the lowest structure can remind or report also if there are findings of the existing structure above the structure above it. "

Supporting participant 5, participant 1 state that monitoring and evaluating process also conducted in each division. he specifically mentioned that:

"That problem must have come a lot huh? For and for eee for what it's called minimize it. Ahem to minimize it we we try to return to his division so right about here "

However, once the issued unresolved among division, participant 6 revealed that the unresolved issue will be taken over with a supervisor or manager. He stated:

"Likewise also in the internal parts themselves. so, in the end, it will indeed return to the structure, so it will be included in the board of supervisors. If indeed conflicts or risks really really have to be the Board of Trustees as the highest structure, they must decide "¹¹⁹

377

It can be explained that the implementation of risk management at the zakat institution has been applied, this can be evidenced by the risk management on HR division and the internal auditor of the institution. Also the risk control in institutions with an integrated system of inter-division and director. The zakat institution has not implemented a structured risk management framework, this statement has been mentioned by P1, P2, and P3. For current risk management, the institution carries out multi-level supervision. This tiered supervision depends on the extent and level of risk vulnerabilities in all divisions. The greater the risk faced by each division, then the risk management decisions can reach superiors such as the head of the Regional Officer, directors, and the board of supervisors. P1 mentioned:

"Eee so whenever there is any problem like that pattern is from the branch directly to the individual, then that could be solved with a manager could be solved, if not longer on it at the respective"

But each of these divisions are trying to avoid settlement problems to superiors. So, some divisions strive for resolving the problem of internal division perpetually. The point when the problems faced by the division is small, then the solution directly handled by internal divisions to provide confidence in each division and each branch institution.

"And yes, like that, and this is often often really the main director for the discussion of the problem and hope it clear straight away, so we avoid what its name from above directly down yes. But trying to give credence to every part ya like it if in us, so there is a small scale just resolved itself like that hehe "

5. Discussion

This study aims to examine how the application of risk management in a selected Indonesian zakat institution.

From these objectives, researchers have found the application of risk management in general and risk management within the COSO ERM framework.

In general, the application of risk management at the selected zakat institution is regulated and overseen directly by the institute's board of directors, the internal auditor board, and the HR division. Besides, the zakat institution always carries out multilevel risks and supervision, between superiors and subordinates, and between subordinates and superiors. This oversight serves to minimize the risk events faced by the institution.

From the results of the discussion above, in the view of COSO ERM, the institution is still facing many identified risks. Among these risks, some risks have the huge impact, particularly risk that exists in the fundraising division.

Furthermore, there are many problems related to information systems in the institution.

Besides, the institution also faces risks that often occur in each division. The risk is the lack of human resources, from the identification of the researchers trying to draw conclusions that employees are still lacking in getting specific training, and job satisfaction at the institution.

Given this fact, the zakat institution has implemented risk management which can be classified into three, i.e., operational risk management, fundraising risk management, and distribution risk management. Such risk managements are described further below:

In the operational risk, researcher has identified the risks such as overbudgeting, lack of asset control systems, lack of optimal information systems, high employee turnover, lack of employee training, low employee performance, violations of institutional code of ethics, errors in recording financial statements. In the aspect of mitigation, the institution have been improving information systems, recording and assets, improving employee performance by conducting training and welfare, and conducting oversight of the financial statements of branch institutions.

In fundraising risk, the researcher found, loss of donations, the donors who break up donations, donors lack trust in institutional programs. From identification of the above, institutions doing mitigate namely increasing the welfare of ZISCO staff, improving the performance of programs in all branches to enhance the reputation and trust, and making an appeal to ZISCO staff to deposit donations into bank accounts immediately.

378

For distribution risk, the authors have identified risk, e.g., program reports to teachers are still lacking, there are differences in performance between program staff in all branches, there are violations in making marketing designs on the program, mustahik does not follow the direction of program staff. As for mitigating these risks, the institution do conducts direct training, creating Key Performance Indicators, increasing program targets, and overseeing intensive care teachers.

In managing information and communication, the zakat institution has tried to improve the system. This increase can be proven from the delivery of information directly to the employees of the institution. Furthermore, the institution also makes an internal memo for the delivery of information to all central and branch employees.

Whereas in the risk monitoring system, this institution also conducts multi-level supervision between superiors and subordinates. This oversight serves as an evaluation and monitoring tool for the entire performance of the institution. Thus, the institution can minimize the risks it faces.

6. Conclusion

This study tries to analyze the implementation of Enterprise Risk Management (ERM) in a selected Indonesian zakat institution. The author tries to analyze the application of risk management, analysis of the application of risk management with ERM standards, analysis of risk mitigation, and analysis of the amount of risk. In this study, three types of major risks were identified, namely operational risk, fund raising risk, and distribution risk. Despite the mitigations done by the institution, there is still a lack of risk mitigation processes. Such an event can be found, for example, in the financial division that still uses a conventional banking account instead of Islamic one to collecting funds. Additionally, financial reporting is still unified. As such, institutions currently face catastrophic and substantial risks.

Future studies can use frameworks other than COSO to investigate further risks exist in zakat institutions. It will also be beneficial to conduct comparative studies in more than one zakat institution to get deeper understanding regarding this issue.

References

Adnan, M. A. 2015. The Need Of Establishment Of Professional ‘Amil Zakat To Enhance The Future Zakat Development.

Committee of Sponsoring Organizations of the Treadway Commission, 2004, Enterprise Risk Management – Integrated Framework Executive Summary.

Consultative Document, 2016,.Core Principles For Effective Zakat Supervision

Håkan, Jankensgård, 2019. A theory of enterprise risk management. Corporate Governance: The international journal of business in society.

10.1108/CG- 02-2018-0092.

Hoyt, R. E., & Liebenberg, A. P., 2015. Evidence of the value of enterprise risk management. Journal of Applied Corporate Finance, 27(1), 41- Humphrey, V., 2018. A progression through risk management for collections— ground-up to enterprise-wide. Journal of the Institute of 47.

Conservation, 41(1), 46-57.

Lam, James, 2002, Enterprise Risk Management From Incentives To Controls, (New Jersey: John Wiley and Sons, Inc). p. 44 – 45.

Mardessi, S. M., & Ben Arab, S. D., 2018. Determinants of ERM implementation: the case of Tunisian companies. Journal of Financial Reporting and Accounting, 16(3), 443-463.

Mikes, A., & Kaplan, R. S., 2015. When one size doesn't fit all: Evolving directions in the research and practice of enterprise risk management.

Journal of Applied Corporate Finance, 27(1).

Miles, M & A. Huberman, 1994. Qualitative data analysis: An expanded sourcebook. California: Sage.

Moeller, Robret R., 2007. COSO Enterprise Risk Management Understanding The New Intergrated ERM Framework. New Jersey: John Wiley &

Sons, Inc

Pusat Kajian Strategis – Badan Amil Zakat Nasional, dan Departemen Ekonomi dan Keuangan Syariah – Bank Indonesia, 2018. Manajemen Risiko Pengelolaan Zakat, Pusat Kajian Strategis Badan Amil Zakat Nasional (BAZNAS), Jakarta Pusat.

Rubino, M., & Vitolla, F., 2014. Corporate governance and the information system: how a framework for IT governance supports ERM.

Corporate Governance, 14(3), 320-338.

Zumrotun, S., 2016. Peluang, Tantangan, dan Stategi Zakat dalam Pemberdayaan Ekonomi Umat. AHKAM: Jurnal Ilmu Syariah, 16(1).