8/12/2019 Business Risk Assessment - ERM Process

1/26

BUSINESS RISK ASSESSMENT- ERM Process -

MOHAMAD HASSAN, AK., MAFIS, QIA, CRMP, CRMA

8/12/2019 Business Risk Assessment - ERM Process

2/26

RISK GLOSSARY

Riskis the possibility of an event occurring that could have an impact on

the achievement of objectives.

Risk is measured in term of consequences & likelihood.

Risk Appetiteis the amount of risk, on a broad level, an entity is willing

to accept.

Residual Riskis the remaining after management takes action to reduce

the impact & likelihood of an adverse event, including control activities in

responding to a risk.

Risk Managementis a process to identify, assess, manage, & control

potential events or situations, to provide reasonable assurance regarding

the achievement of the organizations objectives.

8/12/2019 Business Risk Assessment - ERM Process

3/26

BUSINESS RISK ASSESSMENT GRID

High Impact

Low Likelihood

Low ImpactLow Likelihood

Low ImpactHigh Likelihood

High Impact

High Likelihood

Likelihood

Impact

8/12/2019 Business Risk Assessment - ERM Process

4/26

RISK/EVENT CATEGORIES

INTERNAL

Infrastructure

Personnel

Process

Technology

EXTERNAL

Economic

BusinessTechnological

Natural

EnvironmentPolitical/Social

8/12/2019 Business Risk Assessment - ERM Process

5/26

RISK ASSESSMENT OVERVIEW(for internal audit purpose)

Perform Risk Assessmentat the Enterprise Level

Develop Annual Plan

of Audit

Use Enterprise Level Risk

Assessment in Audit Planning

Perform Risk Assessment

in Audit Planning

Complete the Audit Based on

Risk Assessment

Update the Enterprise

Risk Assessment

8/12/2019 Business Risk Assessment - ERM Process

6/26

RISK ASSESSMENT OVERVIEW

Identify

Operational

Activities

Determine

Risk

Factors

Weight

The Risk

Factors

Determine

Scale for

Risk Factors

Assess

Operational

Activities

Develop

& Update

Plans

Identify

Risks

Prioritize

Risks

Identify Ctrl.

& Evaluate

Design

Understand

Bus. Process

& Objectives

Enterprise Risk Management

Internal Audit Assignment

Measure

Risk

Dev. Aud.

Objective

& Program

8/12/2019 Business Risk Assessment - ERM Process

7/26

ENTERPRISE LEVEL RISK ASSESSMENT

Identify Operational Activities:

Functional/Organizational units, or Cost/Profit Centers.

Processes (purchasing, production, inventory, etc.)

Information SystemsLaws & Regulations

Product or Service Lines

Major Contracts & Programs

Component from the Organizations Strategic Plan

Others

8/12/2019 Business Risk Assessment - ERM Process

8/26

Risk Identification

Risk Measurement & Prioritization Risk Management

Action Plan

BUSINESS RISK SSESSMENT PROCESS

8/12/2019 Business Risk Assessment - ERM Process

9/26

METHODOLOGY OF BUSINESS RISK ASSESSMENT PROCESS

8/12/2019 Business Risk Assessment - ERM Process

10/26

The Risk

ManagementProcess

Identify &

Assess Risks

Document Risk

Acceptance Decision

Acceptable

Organizational

Objectives

Identify Current

Control s

No

Yes

Action

Identify & Assess

Residual Risks

8/12/2019 Business Risk Assessment - ERM Process

11/26

OBJECTIVES

RISKSRISK ANALYSIS

RISK COMPONENTS

RISK IDENTIFICATION

8/12/2019 Business Risk Assessment - ERM Process

12/26

Formulasi: Spesific

Measurable

Attainable

Realistic Timeframe

Kesepakatan Bersama

Sosialisasi Tujuan Sinkronisasi Tujuan Unit dan Tujuan Organisasi

OBJECTIVES

8/12/2019 Business Risk Assessment - ERM Process

13/26

DISKUSIKAN & IDENTIFIKASI BRANCH OBJECTIVES :

I. LOGISTIC

II. FINANCE

III. PRODUCTION

IV. MARKETING

V. HRD

VI. ADMINISTRATION

VII. OTHERS (if any)

GROUP DISCUSSION

8/12/2019 Business Risk Assessment - ERM Process

14/26

Exposure Analysis

Kerentanan terhadap aset.

Threat Scenario Analysis

Ancaman terhadap proses kegiatan.

Environment Analysis

Risiko perubahan lingkungan

ANALISIS RISIKO

8/12/2019 Business Risk Assessment - ERM Process

15/26

Financial Assets:

Cash, Securities, Credit

Physical Assets: Land, Building, Equipment

Human Assets: Knowledge, Skills

Intangible Assets: Reputation, Information

EXPOSURE ANALYSIS

8/12/2019 Business Risk Assessment - ERM Process

16/26

Buatkan daftar risikominimal 5 risiko)

berdasarkan pendekatanexposure analysis

GROUP DISCUSSION

8/12/2019 Business Risk Assessment - ERM Process

17/26

ENVORINMENTAL ANALYSIS

Alam

Kondisi Ekonomi

Peraturan

Persaingan

Pelanggan

Mitra Usaha

Serikat Pekerja

Teknologi

8/12/2019 Business Risk Assessment - ERM Process

18/26

Buatkan daftar risiko minimal5 risiko berdasarkan

pendekatan perubahanlingkungan

GROUP DISCUSSION

8/12/2019 Business Risk Assessment - ERM Process

19/26

THREAT SCENARIO

Keterlambatan

Kecelakaan

Kecurangan

Kesalahan

Penundaan

Pemogokan

Pemborosan, dst.

8/12/2019 Business Risk Assessment - ERM Process

20/26

Buatkan daftar risiko minimal5 risiko berdasarkanpendekatan ancaman ATAS

proses kegiatan

GROUP DISCUSSION

8/12/2019 Business Risk Assessment - ERM Process

21/26

8/12/2019 Business Risk Assessment - ERM Process

22/26

IMPA

CT

PROBABILITY

HIGH

MEDIUM

LOW

HIGH

RISK

MEDIUM

RISK

LOWRISK

8/12/2019 Business Risk Assessment - ERM Process

23/26

High

Medium

Low

Low Medium High

Magnitudeof Impact

ProbabilityofOccurrence

Your Risk Appetite

Mission Critical Risks

Risk Measurement

8/12/2019 Business Risk Assessment - ERM Process

24/26

High

Medium

LowLow Medium High

Magnitudeof Impact

ProbabilityofOccurrence

Action to Mitigate

8/12/2019 Business Risk Assessment - ERM Process

25/26

ACTION PLANS

1. Prevent : Menghindari

2. Detect : Pengungkapan diri

3. Protect : Membatasi

8/12/2019 Business Risk Assessment - ERM Process

26/26

Buatkan Business Risk Management

(Risk Response/Risk Treatment) -

Preventive, Detective, & ProtectiveAction

Tentukan untuk prioritas 3 (tiga)risiko

teratas !

GROUP PROJECT