1. Public Workshop
Deddy Jacobus, www.rwi.co.id
Enterprise Risk Management

2. Deddy Jacobus
• Senior Risk Management Partner, JPM & Partners, Jakarta
• Secretary General, the Association of Risk Management
Practitioners (ARMP), Jakarta, www.id.armp-asia.com
• Member of the Steering Committee, Professional Risk Managers
International Association (PRMIA), Chicago, US, www.prmia.org
• Certified Member of the Institute of Internal Auditors (IIA), Florida,
US., www.theiia.org
• Certified Member of Lembaga Komisaris dan Direktur Indonesia
(LKDI)
• Certified in Risk and Control Self-Assessment (CCSA), IIA
• MBA, Risk Management, Universitas Gadjah Mada.

3. Sharing Objectives
• Sharing Objective #1: To establish the importance of
Enterprise Risk Management (ERM) to achieve corporate
objectives
• Sharing Objective #2: An overview of ISO 31000:2009
Risk Management Principles and Guideline

4. Sharing Objective #1
To establish the importance of Enterprise Risk Management
(ERM) to achieve corporate objectives

5. Some basic first...
• What is risk?
• What is the
difference
between risk
and
uncertainty?
• Why is it
important to
manage

6. is...
"...the effect
of uncertainty on objectives."
iso 31000:2009

7. Triggers of uncertainty
The wave of
changes
Uncertainty
Driven by external
and internal factors
Poor ability to response

8. Some effects of uncertainties
Disasters do not just happen. They are
critical chain of events...

9. A need of paradigm shift
Reliable
information + Proven model
Well-informed
and responsive
Decision
Making
Risk management transforms a guesswork decision making
into a well-informed and responsive decision making

10. Risk management paradigm shift
Partial approach ERM approach

11. ERM drives a paradigm shift in...
Paradigma Paradigma
Lama Baru
Pengawasan/ Pemberdayaan/
Pengendalian Ownership
Silo Integrated
'Sinten' 'Sistem'
Jangka Pendek Jangka Panjang
Krisis/Minimize Risiko/Optimize

12. Sharing Objective #2
An overview of ISO 31000:2009 Risk Management
Principles and Guideline

13. Risk management process in general
Start Risk Assessment Plan
Risk Context Definition
Acceptable? Risk Assessment
Risk Management Plan
Risk Response and Execution
Risk Register Risk Monitoring
End

14. International standards for ERM
COSO 2004
ISO 31000:2009

15. ERM COSO Model
Enterprise Risk Management (ERM) yang efektif membutuhkan adanya komponen-komponen berikut ini:
1. Niat & Kesungguhan
2. Tujuan yang tepat dan selaras
3. Paham perubahan eksternal &
internal yang mungkin terjadi
Komponen-
komponen
untuk 4. Paham dampak perubahan (risiko)
memastikan
bahwa suatu 5. Tanggap strategik yang
perusahaan efektif thd perubahan
memiliki:
6. Pengendalian secara Internal
7. Optimalisasi knowledge
untuk...
8. Perbaikan Berkelanjutan

16. ISO 31000:2009-principles, framework, process

17. Risk Register
Business Unit/Project Name: Date:
Process/Phase: RCSA Participants:
Time Period of Risk Assessment:
Objective of Risk Assessment:
Estimated
Risk Risk Risk
Inherent Expected Risk Residual
Risk Inherent Current after Owner,
Objectives Risk Level L I Risk Level Response/ L I Risk Level after
Id Risk Controls Control PIC, and
(L, M, H) (L, M, H) Treatments Treatment
(L, M, H) Sponsor
(L, M, H)
Our worksheets must demonstrate the interrelated of
objectives, risks, and controls

18. Risk assessment
• How do we review our
existing controls?
• Given our existing
controls, how likely the
event will occur?
• How the impacts will be
measured?
• How the risk level will be
determined?
• What measures to decide
whether it is acceptable
or unacceptable?
• What risks need to be
responded?

19. Risk: exposure, appetite, tolerance and controls
Acceptable with Unacceptable/
Too low risk level Acceptable ranges conditions avoid
range of risk levels

20. An example of risk map and risk appetite
R1 R6
R5
R4
R2 R3

21. Thank you...
Deddy Jacobus
www.rwi.co.id
deddy@rwi.co.id
081510311103