Organization that is struggling to effectively implement risk management or have not implemented a formal, proactive, structured risk management framework could use ISO 31000 as a useful guidance

1. GETTING OUR RISK MANAGEMENT
RIGHT ON TRACK
Diane Christina | 2011
CRMS Half Day Seminar on ERM Using ISO 31000
16 February 2011

2. DC | 2011 | Getting Our Risk Management Right on Track using ISO 31000
Key Points
• Using ISO 31000 as a useful guidance to implement
risk management
• Strategies for enhancing risk management based
on ISO 31000

3. DC | 2011 | Getting Our Risk Management Right on Track using ISO 31000
Key Points
Is our organization struggling to effectively implement risk
management?
Strategies for enhancing risk management based on ISO 31000
or
Is risk management not implemented as a formal, proactive
based on structured risk management framework?
Using ISO 31000 as a useful guidance to implement risk management

4. DC | 2011 | Getting Our Risk Management Right on Track using ISO 31000
Using ISO 31000 as a useful guidance
to implement risk management in Indonesia Context
ISO 31000 provides “essential qualities” for effective
risk management through its 11 principles
Define the Importance of Managing Risk as Part of Strong
1 1mo
Corporate Governance
Develop the Risk Management Framework and Organizational
2 arrangement include plan, relationship, accountabilities, 3mo
resources, capability, process, and activity
3 Putting theory into practice by Implementing Risk Management 4mo
Build effective monitoring mechanism through well-designed
4 2mo
periodic reporting to stakeholder
Facilitates continual improvement to improve current processess
5 and/or progress towards a more mature risk management 2mo
framework

5. DC | 2011 | Getting Our Risk Management Right on Track using ISO 31000
Using ISO 31000 as a useful guidance
to implement risk management in Indonesia Context
Define the Importance of Managing Risk as Part of Strong
1
Corporate Governance
ISO 31000 introduction list 18 benefits of managing risk:
• increase the likelihood of • improve mandatory and • enhance health and
achieving objectives; voluntary reporting; safety performance, as
• encourage proactive • improve governance; well as environmental
management; • improve stakeholder protection;
• be aware of the need to confidence and trust; • improve loss prevention
identify and treat risk • establish a reliable basis and incident
throughout the for decision making and management;
organization; planning; • minimize losses;
• improve the identification • improve controls; • improve organizational
of opportunities and • effectively allocate and learning; and
threats; use resources for risk • improve organizational
• comply with relevant legal treatment; resilience.
and regulatory • improve operational
requirements and effectiveness and
international norms; efficiency;

6. DC | 2011 | Getting Our Risk Management Right on Track using ISO 31000
Using ISO 31000 as a useful guidance
to implement risk management in Indonesia Context
Develop the Risk Management Framework and Organizational
2 arrangement include plan, relationship, accountabilities, resources,
capability, process, and activity
ISO 31000 state the prerequisite element of effective risk management

7. DC | 2011 | Getting Our Risk Management Right on Track using ISO 31000
Using ISO 31000 as a useful guidance
to implement risk management in Indonesia Context
3 Putting theory into practice by Implementing Risk Management
ISO 31000 adopted risk management process identical to AS/NZS 4360
comprises 5 key activites
• Ensuring the risk management
process is understood by risk owner
through good communication and
training
• Ensuring the risk management
activities is taken place through risk
assessments, risk workshops,
internal control, etc

8. DC | 2011 | Getting Our Risk Management Right on Track using ISO 31000
Using ISO 31000 as a useful guidance
to implement risk management in Indonesia Context
Build effective monitoring mechanism through well-designed
4
periodic reporting to stakeholder
ISO 31000 Clausal 4 & 5
• Key Principles
• Process Elements
Compliance & Risk Unit
Governance Unit
Internal
Audit

9. DC | 2011 | Getting Our Risk Management Right on Track using ISO 31000
Using ISO 31000 as a useful guidance
to implement risk management in Indonesia Context
Facilitates continual improvement to improve current processess and/or
5
progress towards a more mature risk management framework
ISO 31000 Clausal 4 & Annex A: Attibutes of enhanced risk management
• Continual Improvement
• Full Accountability for Risks
• Application of Risk Management in all
Decision Making Processes
• Continual Communications
• Full Integration in the Organization’s
Governance Structure

10. DC | 2011 | Getting Our Risk Management Right on Track using ISO 31000
Using ISO 31000 as a useful guidance
to implement risk management in Indonesia Context
Facilitates continual improvement to improve current processess and/or
5
progress towards a more mature risk management framework
Risk Maturity level Year 2010
Based on 35 Companies

11. DC | 2011 | Getting Our Risk Management Right on Track using ISO 31000
Strategies for enhancing risk management
based on ISO 31000
ISO 31000 provides “essential qualities” for effective
risk management through its 11 principles
Refine the Importance of Managing Risk in related to the
1 1mo
achievement of objectives
Review and Update the Existing Management Framework 2mo
2
align with ISO 31000 prerequisite elements
3 Communicate the key changes whilst having buy-in from 2mo
management and risk owners
Appoint risk owner for risk management ‘refreser’ training
4 3mo
and encourage them to undertake a review and updated of
their risk register/profile

12. Terima Kasih
Sekretariat Indonesia PRiMA
Wisma Bisnis Indonesia lt 2
Jl. KH Mas Mansyur 12A
Jakarta 10220 - Indonesia
T 021 9827 6708
E. sekretariat@indonesiaprima.org
12

13. DC | 2011 | Getting Our Risk Management Right on Track using ISO 31000
Profil
Diane Christina
[diane.christina1@gmail.com]
Diane Christina menempuh pendidikan S-1 bidang akuntansi di Universitas
Katolik Parahyangan dan lulus S-2 bidang keuangan perusahaan dengan
predikat Cum Laude dari Unpar pada tahun 2004.
Beliau memulai kariernya sebagai konsultan pajak dan internal auditor di
beberapa perusahaan di Bandung sebelum akhirnya memutuskan untuk
memulai bisnisnya sendiri di bidang pajak, keuangan, dan akuntansi.
Saat ini beliau menjabat sebagai direktur di APB Group (Indonesia | Australia), yang bergerak di
bidang Business Advisories, Knowledge, and Solutions. Sejak awal 2010, beliau juga dipercaya
sebagai anggota Komite Audit dan Komite Pemantau Risiko di Bank Harda Internasional. Beliau
memegang beberapa sertifikat profesional dari dalam dan luar negeri di bidang manajemen risiko
dan business continuity seperti CPRM (Certified Practising Risk Management) dari Australia, CRMP
(Certifed in Risk Management Professional) dari Indonesia, BCCP (Business Continuity Certified
Planner) dari Singapura. Beliau juga terlibat di berbagai organisasi profesi seperti LKDI (Lembaga
Komisaris dan Direksi Indonesia), RMIA (Risk Management Institution of Australasia), PRMIA
(Professional Risk Managers’ International Association), dan Indonesia PRiMA (Professional in Risk
Management Association), serta dunia akademis sebagai pengajar di almamaternya.
Kegiatan beliau yang terakhir adalah ikut terlibat dalam tim penyusun Pedoman Manajemen Risiko
berbasis Governance yang diprakarsai oleh KNKG (Komite Nasional Kebijakan Governance) bentukan
Kementerian Koordinator Bidang Perekonomian Indonesia.
13