manrisk-best practice
advertisement
5/31/2013 Resista Vikaliana,S.Si. MM BEST PRACTICES MANAJEMEN RISIKO 1 5/31/2013 Resista Vikaliana,S.Si. MM 2 BEST PRACTICES: integrating risk management into other management practices (1) • Mempromosikan filosofi dan budaya organisasi bahwa setiap orang • • • • adalah manajer risiko Organisasi manajemen risiko Membangun saluran komunikasi terbuka Menggunakan tim dan komite Menggunakan bahasa risiko bisnis yang sederhana dan lazim 5/31/2013 Resista Vikaliana,S.Si. MM • Pembentukan fungsi manajemen risiko korporasi • Mengkomunikasikan kinerja manajemen risiko • Bantuan audit internal dan komite audit dalam mengimplementasikan manajemen risiko • Pedoman • Pelatihan manajemen risiko 3 5/31/2013 Resista Vikaliana,S.Si. MM 4 Pendekatan, Alat, dan Teknologi dalam Mengimplementasikan Manajemen Risiko Daftar risiko bisnis Pemetaan Risiko Usaha Peta risiko Matriks risiko utama IMPLEMENTASI RISIKO Analisis skenario Analisis statistik dan VaR Pemodelan Model keuangan Antisipasi hazard Risiko teknis pengembangan produk baru Akumulasi pengalaman masa lalu 5 Identifikasi Risiko dan Teknik Asesmen 5/31/2013 Resista Vikaliana,S.Si. MM 5/31/2013 Resista Vikaliana,S.Si. MM ENTERPRISE RISK MANAGEMENT (ERM) 6 5/31/2013 Resista Vikaliana,S.Si. MM Enterprise Risk Management Manajemen Risiko Perusahaan • Metode dan proses yang digunakan organisasi perusahaan untuk mengelola risiko • Rangka atau pedoman untuk menjalankan risiko 7 5/31/2013 Resista Vikaliana,S.Si. MM 8 • TAHAPAN • Identifikasi kejadian atau keadaan yang berkaitan dengan pencapaian tujuan organisasiļ perusahaan dapat melindungi dan menciptakan nilai tambah kepada para stakeholdersļ pemilik perusahaan, karyawan, pelanggan, regulator dan masyarakat) • Menilai risiko dengan dua dimensi: dimensi kemungkinan terjadi dan dimensi akibat terjadi • Menentukan strategi yang tepat (avoidance, reduction, share or insurance, atau di-accept) 5/31/2013 Stakeholders dari ERM Resista Vikaliana,S.Si. MM 9 5/31/2013 Resista Vikaliana,S.Si. MM 10 ERM VERSI COSO 5/31/2013 Resista Vikaliana,S.Si. MM Komponen ERM • Komponen • Internal environment • Objective setting • Event identification • Risk assessment • Risk response • Control activities • Information and communication • Monitoring 11 5/31/2013 Resista Vikaliana,S.Si. MM Tujuan ERM • Tujuan • Strategy • Operation • Financial report • Compliance 12 5/31/2013 Resista Vikaliana,S.Si. MM 13 ERM VERSI RIMS 5/31/2013 Resista Vikaliana,S.Si. MM • TUJUH KOMPETENSI UTAMA/ ATRIBUT: 1. ERM Based Approach 2. ERM Process Management 3. Risk Appetite Management 4. Root Cause 5. Uncovering Risks 6. Performance Management 7. Business Resiliency and Sustainability 14 5/31/2013 Resista Vikaliana,S.Si. MM 15 Contoh ERM • Risk Based Audit : Sarbane Oxley Act of 2002 in Boeing Oxley, Section 404 16 Bottoms Up Risk Matrix Showing Controls Ranked by Transaction Flow Design Teams Control Risk Concentration by Significant Location, Transaction Flow, Process, etc 4 5 L i k e l i h o o d 4 2 10 6 41 53 3 8 48 57 89 194 Data from prior chart shown In risk cube format Can be aggregated by Significant Location, Process, Transaction Flow, Business Unit, etc Excel based 2 17 38 38 36 90 1 25 6 5 5 13 1 2 3 4 5 Significance Data pulled from one-source compliance application using simple ODBC connectivity, visual basic query technology NOTIONAL DATA FOR INSTRUCTIONAL USE ONLY Oxley, Section 404 17 Distribution of Risk Assessment Provides Management Ability to Target Opportunities 5 4 3 2 1 NOTIONAL DATA FOR INSTRUCTIONAL USE ONLY 1 Fraud Risk 5 2 Financial Reporting Risk LIKELIHOOD 25% 3 Financial Reporting Risk 4 4 Financial Reporting Risk ~45% 3 5 Process/System Change Risk 6 Fraud Risk 2 Risk Factors include: ~30% 1 IMPACT 1. 2. 3. 4. Inherent Risk of Fraud Accounting complexity History of misstatement / deficiencies Changing business or regulatory environment Helps management focus on level of evidence needed; areas where company level controls can achieve greatest impact; opportunity for additional control rationalization Oxley, Section 404 18 Control Performers for All “Key” Controls Periodically Self-Assess Process Control Activity No. Key Control Performer Self Assessment Checklist Note: The purpose of this form is for you, as the Key Control Performer to assess that the Key Control Activity is being performed as documented, designed and operating effectively. By clicking on the box to the right of each field a drop down will appear. 1 Have you obtained and read the most updated documentation in Risk Navigator for the Key Control Activity(s) listed above? The documentation may include, Key Control Activity description, Test Plan or Process Narrative. 3 Does the Key Control Activity description, Test Plan and/or Process Narrative accurately describe how you perform the control? Do you have the evidence required by the Key Control Activity and is it ready and accessible for a Self Assessment or an independent review (by Corporate Audit, Management, D&T, SEC, etc)? 4 Have all changes to the Key Control Activity(s) or Process been identified and communicated? 2 5 6 Have you performed this Key Control Activity as written for each occurrence you were responsible for this year? To the best of your knowledge, do you agree the Key Control Activity has not been bypassed, either manually or systematically? Comments & Explanations: Name of Key Control Owner: Date: (enter xx/xx/xx) Provides foundation for control reliance – additional evidence may be obtained for controls rated as higher risk 5/31/2013 Resista Vikaliana,S.Si. MM 19 References • Siahaan, Hinsa. 2009. Manajemen Risiko pada Perusahaan dan Birokrasi. PT Elex Media KomputindoKompas Gramedia, Jakarta. • [PPT]Sarbanes-Oxley: Implementing A Risk-Based Approach
