2. Deddy Jacobus
• Senior Risk Management Partner, JPM & Partners,
Jakarta
• Secretary General, the Association of Risk Management
Practitioners (ARMP), Jakarta, www.id.armp-asia.com
• Member of the Steering Committee, Professional Risk
Managers International Association (PRMIA), Chicago,
US, www.prmia.org
• Certified Member of the Institute of Internal Auditors
(IIA), Florida, US., www.theiia.org
• Certified Member of Lembaga Komisaris dan Direktur
Indonesia (LKDI)
• Certified in Risk and Control Self-Assessment (CCSA),
IIA
• MBA, Risk Management, Universitas Gadjah Mada.
3. Sharing Objectives
• Sharing Objective #1: To establish the importance
of Enterprise Risk Management (ERM) to achieve
corporate objectives
• Sharing Objective #2: An overview of ISO
31000:2009 Risk Management Principles and
Guideline
4. Sharing Objective #1
To establish the importance of Enterprise Risk
Management (ERM) to achieve corporate
objectives
5. • What is risk?
Some is the first...
• What basic
difference
between risk
and
uncertainty?
• Why is it
important to
manage
risks?
• And...why
the
enterprise
risk
6. is...
•"...the effect
•of uncertainty on
objectives."
7. Triggers of uncertainty
The wave of
changes
Driven by
Uncertainty
Driven by
external and
external and
internal factors
internal factors
Poor ability to
response
8. Some effects of uncertainties
Disasters do not just happen. They are
critical chain of events...
9. A need of paradigm shift
+
Well-informed
Reliable and responsive
Proven model
information Decision
Making
Risk management transforms a
guesswork decision making
into a well-informed and responsive
11. ERM drives a paradigm shift in...
Paradigma Paradigma
Lama Baru
Pengawasan/Pengendali Pemberdayaan/Owners
an hip
Silo Integrated
'Sinten' 'Sistem'
Jangka Pendek Jangka Panjang
Krisis/Minimize Risiko/Optimize
13. Risk management process in general
Start Risk Assessment Plan
Risk Context Definition
Accepta
Accepta
ble? Risk Assessment
ble?
Risk Management Plan
Risk Response and Execution
Risk Register Risk Monitoring
End
15. ERM COSO Model
• Enterprise Risk Management (ERM) yang efektif membutuhkan adanya komponen-
komponen berikut ini:
1. Niat & Kesungguhan
2. Tujuan yang tepat dan
selaras
3. Paham perubahan
eksternal & internal yang
Komponen- mungkin terjadi
komponen
4. Paham dampak perubahan
4. Paham dampak perubahan
untuk
(risiko)
(risiko)
memastikan
bahwa suatu 5. Tanggap strategik yang
perusahaan efektif thd perubahan
memiliki:
6. Pengendalian secara
Internal
7. Optimalisasi knowledge
untuk...
8. Perbaikan Berkelanjutan
17. Risk Register
Business Unit/Project Name: Date:
Process/Phase: RCSA Participants:
Time Period of Risk Assessment:
Objective of Risk Assessment:
Estimated
Risk Risk Risk
Inherent Expected Risk Residual
Risk Inherent Current after Owner,
Objectives Risk Level L I Risk Level Response/Tr L I Risk Level after
Id Risk Controls Control PIC, and
(L, M, H) (L, M, H) eatments Treatment
(L, M, H) Sponsor
(L, M, H)
Our worksheets must demonstrate the interrelated
Our worksheets must demonstrate the interrelated
of objectives, risks, and controls
of objectives, risks, and controls
18. Risk assessment
• How do we review our
existing controls?
• Given our existing
controls, how likely the
event will occur?
• How the impacts will
be measured?
• How the risk level will
be determined?
• What measures to
decide whether it is
acceptable or
unacceptable?
• What risks need to be
responded?
19. Risk: exposure, appetite, tolerance and
controls
Acceptable with Unacceptable/
Too low risk level Acceptable ranges conditions avoid
range of risk levels
20. An example of risk map and risk appetite
R1
R1 R6
R6
R5
R5
R4
R2 R3