SEKOLAH TINGGI AKUNTANSI NEGARA

Public Services
Reorientation

Performances Improvement
Good Governance

Organizational
Restructuring

Business Process
Reengineering

Improvement of
Discipline and
Human
Resources
Management

Special
Servicing Units

BSC:Key
Performance
Indcators

Jobs Grading:
Remuneration

State Financial Reformation

CHANGES OF ORGANIZATION PARADIGM

Environments:

Volatility

Uncertainty

Complexity

Ambiguity

BUSINESS UNIT

OLD PARADIGM

NEW PARADIGM

Process

Task/duties performance

Mission/Objectives
Achievements

Approaches

Compliance Control

Partnerships towards
Missions

Control

Internal Control

Business Risks

Risk Response

Passive & Reactive

Proactive & Anticipative

RISK
AS/NZS 4360: 2004: The chance of something happening that

will have an impact on objectives

COSO ERM 2004:

Risk is the possibility that an event will occur and adversely affect
the achievement of objectives.
Event is an incident or occurrence, from sources internal or
external to an entity, that affects achievement of objectives.

ISO/IEC Guide 73: The combination of the probability of an event

and its consequences.
Oxford Dictionary: The possibility of something bad happening at
some time in the future.

RISK
Business Process

Risk Sources

risks
Likelihood

Objectives
Impacts

Pasal 1 PMK 191

2. Risiko adalah segala sesuatu yang berdampak negatif terhadap

pencapaian tujuan yang diukur berdasarkan kemungkinan dan
dampaknya.
Tim Pembimbingan dan Konsultasi Manajemen Risiko Kementerian Keuangan
am2011

AUDIT INTERN PEMERINTAH

alimugiono.itjen@gmail.com

Institute of Internal Audit, 1999:

Internal auditing is an independent, objective assurance and
consulting activity designed to add value and improve an organizations
operations. It helps an organization accomplish its objectives by bringing a
systematic, disciplined approach to evaluate and improve the effectiveness
of risk management, control, and governance processes.

COSO-ERM-IF (2004)

Enterprise risk management

is a process, effected by an entitys

board of directors, management and
other personnel, applied in strategy
setting and across the
enterprise, designed to identify
potential events that may affect the
entity, and manage risk to be within its
risk appetite, to provide reasonable
assurance regarding the achievement
of entity objectives.

Risk Management
AS/NZS
4360:2004
Risk management is the
culture, processes, and
structures that are directed
towards realizing potential
opportunities while
managing adverse effects.

Risk management process is

the systematic application of
management policies,
procedures and practices to the
tasks of communicating,
establishing the context,
identifying, analysing,
evaluating, treating, monitoring
and reviewing risk.

Treasury Board of Canada:

Risk management is a systematic approach to setting the best course of
action under uncertainty by identifying, assessing, understanding,
making decisions on and communicating risk issues.
PMK 191/2008:
Dalam Peraturan Menteri Keuangan ini yang dimaksud dengan:
1. Manajemen Risiko adalah pendekatan sistematis untuk menentukan
tindakan terbaik dalam kondisi ketidakpastian.

Keharusan Penerapan Manajemen Risiko

Unit Eselon I
Unit Eselon II

harus menerapkan &

mengembangkan manajemen
risiko
Unit Pemilik Risiko

Pimpinan
Eselon II

Pemilik Risiko
Pasal 2 PMK 191

1. Setiap unit Eselon I di lingkungan Departemen Keuangan harus menerapkan

dan mengembangkan Manajemen Risiko di lingkungan masing-masing.
2. Penerapan dan pengembangan Manajemen Risiko sebagaimana dimaksud
pada ayat (1) dilaksanakan oleh seluruh unit Eselon II sebagai unit yang
memiliki Risiko yang selanjutnya disebut Unit Pemilik Risiko.
3. Pimpinan unit Eselon II sebagaimana dimaksud pada ayat (2) merupakan
Pemilik Risiko.
am2011

Risk Management Process

Iterative process

Identifications

Focus on
Missions &
Objectives

if any risk not

identified

Antisipative
&
Transparance

The risk will not

monitored or
controlled

Risks are exist

whether it is
identified or not

The loss events may

happen and
mission/objectives not
achieved
Organization
will be in
dangers

am2011

10

Risk Types (categorizations)

Risk identifications

Types

Descriptions

Fraud

the intencity to break the law and take

opportunity of others losses

Strategic &
Policy

The changes of stakeholders policy which may

brings obstacles on objectives achievement

Operational

Weakness or demaged of internal

system/resources of business process

Compliance

Disobediyence of laws and regulations

Financial

Failures of third parties to realize their

obligations

Tim Pembimbingan dan Konsultasi Manajemen Risiko Kementerian Keuangan

am2011

11

Analysis

Risk
Criteria for
Impacts

Risk
Criteria for
Likelihood

Tim Pembimbingan dan Konsultasi Manajemen Risiko Kementerian Keuangan

12

Medium
Low

Impacts

High

Risk Scale Policy

Low
medium

High

am2011

Low

Medium

High

Likelihood

13

Risk Evaluation
Step to evaluate all risks into priority
rank position with specified formulations.
It is a systematic process to decide which
risks are most urgent to be controlled.
It is the basic for risk treatment strategy
It is about consideration of risk apetite

Tim Pembimbingan dan Konsultasi Manajemen Risiko Kementerian Keuangan

am2011

14

Risk Prioritization Formula

1. Risk Total Level

2. Risk Impacts
3. Risk Type:
a. FRAUD

b. STRATEGIC & POLICY

c. OPERATIONAL
d. COMPLIANCE
e. FINANCIAL

4. Likelihood

5. SUBJECTIVE JUDGEMENT
Tim Pembimbingan dan Konsultasi Manajemen Risiko Kementerian Keuangan
am2011

15

Treating the Risks

A. Avoid the risks
B. Accept the risks
C. Reduce the Likelihood

Options
D. Reduce Impacts
E. Transfer the Risks
F. Delegate the Risks
G. Diversified the Risks
Tim Pembimbingan dan Konsultasi Manajemen Risiko Kementerian Keuangan
am2011

16

Risks in Risk management

Risks
Level

Process
controls

Treatment
Inherent Level
Risk Level by
existing
controls

Identification

Analysis & evaluation

Residual
Level of Risks
Risk
Treatment

RM
Processes

17

Monitoring and Reviu

Scope & Frequency

Ongoing Monitoring

Periodical
Monitoring
Review by
Third Party

18

TIME HORIZON IN RISK MANAGEMENT

Assessment
Period X-1

Time horizon X-1

Assessment
Periode X

1 January 2011

30 June 2011

Risk management Period

19

am2011

COMMUNICATION AND CONSULTANCY

Reporting
broader
meanings

Communication
media

Report

Reporting all of Risk

management Activities

Narrower
meaning
Reporting the review
results

20

Communication and Consultation

Reporting Process
Risk Owner Units

Chief of Risk
management
Compilation

Risks Profile and

map
Risk Treatment
Plan

Risks Profile
andmap
Risk Treatment
Plan

Risk Monitoring
Report

Risk Monitoring
Report

Every 6 months

Committee of
Risk
Management

Risk
Management
Report

Ministry of
Finance
Bab VI Pedoman Pelaksanaan

21

Risk Map Report

Form 7.0 Monitoring Results
3

fraud
strategic

Impact

operational
compliance
financial

Before treatment
After treatment
1
2
Likelihood

3
22