manrisk-best practice

Download Report

Transcript manrisk-best practice

5/31/2013 Resista Vikaliana,S.Si. MM

1

BEST PRACTICES

MANAJEMEN RISIKO

5/31/2013 Resista Vikaliana,S.Si. MM

2

BEST PRACTICES: integrating risk management into other management practices (1) • Mempromosikan filosofi dan budaya organisasi bahwa setiap orang adalah manajer risiko • Organisasi manajemen risiko • Membangun saluran komunikasi terbuka • Menggunakan tim dan komite • Menggunakan bahasa risiko bisnis yang sederhana dan lazim

5/31/2013 Resista Vikaliana,S.Si. MM

3

• Pembentukan fungsi manajemen risiko korporasi • Mengkomunikasikan kinerja manajemen risiko • Bantuan audit internal dan komite audit dalam mengimplementasikan manajemen risiko • Pedoman • Pelatihan manajemen risiko

5/31/2013 Resista Vikaliana,S.Si. MM

Pendekatan, Alat, dan Teknologi dalam Mengimplementasikan Manajemen Risiko

4 IMPLEMENTASI RISIKO Pemetaan Risiko Usaha Pemodelan Daftar risiko bisnis Peta risiko Matriks risiko utama Analisis skenario Analisis statistik dan VaR Model keuangan Antisipasi hazard Risiko teknis pengembangan produk baru Akumulasi pengalaman masa lalu

Identifikasi Risiko dan Teknik Asesmen

5

5/31/2013 Resista Vikaliana,S.Si. MM

Resista Vikaliana,S.Si. MM

6

5/31/2013

ENTERPRISE RISK MANAGEMENT (ERM)

5/31/2013 Resista Vikaliana,S.Si. MM

Enterprise Risk Management

Manajemen Risiko Perusahaan

• Metode dan proses yang digunakan organisasi perusahaan untuk mengelola risiko • Rangka atau pedoman untuk menjalankan risiko

7

5/31/2013 Resista Vikaliana,S.Si. MM

8

• • • • TAHAPAN Identifikasi kejadian atau keadaan yang berkaitan dengan pencapaian tujuan organisasi  perusahaan dapat melindungi dan menciptakan nilai tambah kepada para stakeholders  pemilik perusahaan, karyawan, pelanggan, regulator dan masyarakat) Menilai risiko dengan dua dimensi: dimensi kemungkinan terjadi dan dimensi akibat terjadi Menentukan strategi yang tepat (avoidance, reduction, share or insurance, atau di-accept)

5/31/2013

Stakeholders dari ERM

Resista Vikaliana,S.Si. MM

9

5/31/2013 Resista Vikaliana,S.Si. MM

10

ERM VERSI COSO

5/31/2013

Komponen ERM

• Komponen • • • Internal environment Objective setting Event identification • • • • • Risk assessment Risk response Control activities Information and communication Monitoring Resista Vikaliana,S.Si. MM

11

5/31/2013

Tujuan ERM

• Tujuan • • Strategy Operation • • Financial report Compliance Resista Vikaliana,S.Si. MM

12

5/31/2013 Resista Vikaliana,S.Si. MM

13

ERM VERSI RIMS

5/31/2013 Resista Vikaliana,S.Si. MM

14

• TUJUH KOMPETENSI UTAMA/ ATRIBUT: 1.

ERM Based Approach 2.

3.

4.

5.

6.

7.

ERM Process Management Risk Appetite Management Root Cause Uncovering Risks Performance Management Business Resiliency and Sustainability

5/31/2013 Resista Vikaliana,S.Si. MM

15

Contoh ERM

• Risk Based Audit : Sarbane Oxley Act of 2002 in Boeing

5 L i k e l i h o o d 4 3 2 Sarbanes Oxley, Section 404 16

Bottoms Up Risk Matrix Showing Controls Ranked by Transaction Flow Design Teams

Control Risk Concentration by Significant Location, Transaction Flow, Process, etc 1 2 8 17 25 1 10 48 38 6 2 6 57 38 41 89 36 5 3 Significance 4 5 4 53 194 90 13 5

Data from prior chart shown In risk cube format Can be aggregated by Significant Location, Process, Transaction Flow, Business Unit, etc Excel based Data pulled from one-source compliance application using simple ODBC connectivity, visual basic query technology NOTIONAL DATA FOR INSTRUCTIONAL USE ONLY

Sarbanes Oxley, Section 404 17

Distribution of Risk Assessment Provides Management Ability to Target Opportunities

1 2 3 4

NOTIONAL DATA FOR INSTRUCTIONAL USE ONLY

5 5 1

Fraud Risk

2

Financial Reporting Risk

25% 4 3

Financial Reporting Risk

4

Financial Reporting Risk

~45% 3 5

Process/System Change Risk

6

Fraud Risk

2 ~30%

Risk Factors include:

1

1.

2.

3.

4.

Inherent Risk of Fraud Accounting complexity History of misstatement / deficiencies Changing business or regulatory environment

IMPACT

Helps management focus on level of evidence needed; areas where company level controls can achieve greatest impact; opportunity for additional control rationalization

Sarbanes Oxley, Section 404 18

Control Performers for All “Key” Controls Periodically Self-Assess

Process Control Activity No.

Key Control Performer Self Assessment Checklist Note: The purpose of this form is for you, as the Key Control Performer to assess that the Key Control Activity is being performed as documented, designed and operating effectively.

By clicking on the box to the right of each field a drop down will appear.

1 Have you obtained and read the most updated documentation in Risk Navigator for the Key Control Activity(s) listed above? The documentation may include, Key Control Activity description, Test Plan or Process Narrative. 2 3 Does the Key Control Activity description, Test Plan and/or Process Narrative accurately describe how you perform the control?

Do you have the evidence required by the Key Control Activity and is it ready and accessible for a Self Assessment or an independent review (by Corporate Audit, Management, D&T, SEC, etc)?

Have all changes to the Key Control Activity(s) or Process been identified and communicated?

4 Have you performed this Key Control Activity as written for each occurrence you were responsible for this year? 5 6 To the best of your knowledge, do you agree the Key Control Activity has not been bypassed, either manually or systematically?

Comments & Explanations: Name of Key Control Owner: Date: (enter xx/xx/xx)

Provides foundation for control reliance – additional evidence may be obtained for controls rated as higher risk

5/31/2013 Resista Vikaliana,S.Si. MM

19

References

• Siahaan, Hinsa. 2009. Manajemen Risiko pada Perusahaan dan Birokrasi. PT Elex Media Komputindo Kompas Gramedia, Jakarta.

• [PPT]

Sarbanes-Oxley: Implementing A Risk-Based Approach