AMBEC 2019 Conference

Operational Risk Analysis in Department of Enterprise Risk Management of PT. XYZ Based on ISO 31000: 2018 Framework
Lucyana Dewi (a*), Mandra Lazuardi Kitri (b)

a) School of Business and Management, Bandung Institute of Technology
Jalan Ganesha 10, Bandung 40132, Indonesia
*lucyana.dewi[at]sbm-itb.ac.id
b) School of Business and Management, Bandung Institute of Technology
Jalan Ganesha 10, Bandung 40132, Indonesia


Abstract

PT. XYZ is a manufacturing company whose business line in the security and defense sector which is located in Bandung, Indonesia. The company has its Department of Enterprise Risk Management whose responsibility is to overcome risk that may occur within the business process of the company. But, until today, even though the department has been formed, risk management implementation in PT. XYZ is still categorized as an inefficient practice. It is indicated by losses and problems faced by the company even though risk management procedures have been carried out to overcome those issues, yet in reality, these risks remain to occur and become a problem for the company. Those issues, for instance, were delays in supply chain management, nonoptimal human capital management, and losses in financial statements in the last 10 years except in 2014 and 2017. The inefficient practice of risk management indicates the failure in the operations of the Department of Enterprise Risk Management in PT. XYZ since ensuring the successful implementation of risk management in the company is the responsibility of the Enterprise Risk Management Department. As far as the authors are aware, there is no previous risk management research carried out on the implementation of risk management itself or which in this research explained as an operational risk at Department of Enterprise Risk Management. Risk analysis was carried out using the ISO 31000: 2018 framework which is only limited to the process of risk identification, risk analysis, risk evaluation, and risk treatment option selection. According to the analysis that has been carried out, 17 risks have been identified with three different types of operational risks, namely process, system, and people. From the assessment of the level of likelihood and consequence for each risk, the result shows that 9 risks belong to the category of "high", 7 includes of "moderate" risk, and 1 “low” risk which means that there is a need for mitigation actions for most operational risks that have been identified to reduce the level of likelihood and consequence of these risks. Risk management is a crucial practice that needs to be carried out to ensure the goals of the business. However, in the implementation itself, the risk may occur and need to be anticipated so that risk management practice can be implemented efficiently.

Keywords: Risk; Operational Risk, Risk Management, ISO 31000: 2018

Topic: Business

Link: https://ifory.id/abstract-plain/9LR3reXpfh4N

Web Format | Corresponding Author (Lucyana Dewi)