1.

the risk management and internal control should not be seen as a periodic
compliance exercise, but instead as an integral part of the company's day to day
business processes
a. Periodic compliance: hanya kepatuhan terhadap aturan (Pt Pupuk kaltim,
indofarma)
b. The risk management and internal control systems should be embedded in
the operations of the company and be capable of responding quickly to
evolving business risks, whether they arise from factors within the company
or from changes in the business environment.
c.
2. What is principal risk?
a.
3. The existence of risk management and internal control systems does not, on its own,
signal the effective management of risk.
a. Effective and on-going monitoring and review are essential components of
sound systems of risk management and internal control. The process of
monitoring and review is intended to allow the board to conclude whether
the systems are properly aligned with strategic objectives; and satisfy itself
that the systems address the company's risks and are being developed,
applied and maintained appropriately.
4. if an ongoing monitoring and review of risk management and internal control has
been in place does the board still need an annual review?
5. The purpose of such reporting is to provide information about the company's current
position and prospects and the principal risks it faces. It helps to demonstrate the
board's stewardship and governance, and encourages shareholders to perform their
own stewardship role by engaging in appropriate dialogue with the board and
holding the directors to account as necessary.
a. Penjagaan pertanggungjawaban
6. How risk can be related to opportunities and innovation
7. The ability to use tools to simultaneously recognize and assess risk and opportunity
can enable a company to manage offensively as an opportunity rather than
defensively as a hazard, which is the more typical response.
8. What is strategic risk? Provide example
a. Strategic risks relate to an organization's choice of strategies to achieve its
objectives. By their nature, these risks endanger the achievement of an
organization's high-level goals that align with and support its mission.
Strategic risk assessment identifies the risks associated with specific
strategies.
9. What is operational risk? Provide example
Quiz 11
1. Explain: the risk management and internal control should not be
seen as a periodic compliance exercise, but instead as an integral
part of the company’s day to day business processes.
 kalo periodic compliance (hanya cari kepatuhannya)
2. Principal risk  The risk of losing the amount invested due
to bankruptcy or default. There is always the possibility that through
some set of circumstances, invested money will decrease or
completely disappear. In this case, principal is lost, not just profits.
 lebih umum disbanding inherent risk dan control risk, risiko yg
major atau utama yang bisa mengancam model bisnis, future
performance, solvency and liquidity (major risk, significant risk)
 ada di FRC no 32
3. Explain: the existence of risk management and internal control
systems does not, on its own, signal the effective management of
risk
 membedakan existence dan effective
 effective itu membantu dalam pencapaian tujuan perusahaan,
kalo sekedar ada aja cuma compliance
4. If an on-going monitoring and review of risk management and
internal control has been in place, does the board still need an
annual review?
 on-going itu cuma disaat itu doang waktu berjalan tapi kalo
annual secara keseluruhan dilakukan review buat tau udh sejauh
mana jalannya terus apa yg perlu diperhatikan lagi (FRC no 42)
5. Explain: reporting risks helps to demonstrate the board’s
stewardship and governance
 stewardship (kepentingan pemilik dan stakeholders diselaraskan
oleh management, pernjagaan dan pertanggung jawaban oleh pihak
direksi)
 perlu reporting buat nyampein risk management dan internal
control system kepada stakeholders
  cara umum untuk komunikasiin risk management dan internal
control system: disclosure
6. How risk can be related to opportunities and innovation?
 dari CIMA, ada peluang dibalik risiko yang akan memunculkan
innovation
7. Manage risk offensively as an opportunity rather than defensively as
a hazard?
 defensive (bertahan nganggep risk itu suatu hal yang berbahaya)
 offensive (menyerang, ambil risk sebagai opportunity)
8. What is strategic risk? Provide example
 berkaitan dengan strategi perusahaan (CIMA exhibit 6)
9. What is operational risk? Provide example

Opportunity from within the organization
- supply chain
- prod and service offering
- process
- technology
- new markets
Opportunity from outside the organization
- customers
- competitors and complementors
- emerging technologies and scientific developments
- influencers and thought shapers
- political, legal, and social forces

How can ROI be modified to evaluate risk and opportunity? Can the
original ROI be used? (CIMA halaman 29, Exhibit 14)

Makin baik reward system, harusnya juga makin baik