ENTERPRISE RISK MANAGEMENT

FOR INSURERS
INSTRUKTUR : Dr. Syamsul Bahri, SE, M.Si, AAIK, Anziff (Snr Assoc), AMRP,
QCRO
“If Everything is matter of luck,
risk management is a
meaningless excercise”
Peter Bernstein

2
WHAT IS RISK MANAGEMENT

Risk Management refers to coordinated set

of activities and methods that used to direct
an organization and to control the many
risks that can affect its ability to achieve
objectives.

3
 Rising Expectations for Strategic RM
- Survey yang dilakukan oleh E & Y menemukan bahwa 72% BOD meyakini
bahwa secara keseluruhan dari risiko meningkat dalam setiap 2 tahun dan
41% menyatakan risiko meningkat dengan signifikan.
- IBM Reported menyatakan bahwa 62% perusahaan dengan pendapatan > $
5 billion menghadapi major risk event yang sangat substansial berdampak
pada operasi perusahaan, 41% menyatakan bahwa mereka tidak
mempunyai persiapan yang memadai.
- Banyak ancaman risiko pada perusahaan yang sukar untuk dilihat dan
dikelola dan dapat memberikan dampak sistemik.
- Namun demikian banyak risiko mungkin yang kita tidak ketahui namun
sering mempunyai dampak yang mirip atau sama.
- BOD dan Senior Executives makin bertambah tanggunjawabnya untuk
mempertimbangkan probabilities dan dampak dari berbagai kemungkinan
skenario risiko yang melekat pada keseluruhan strategi bisnis bahkan untuk
risk events yang tidak dapat diramalkan 4
 Rising Expectations for Strategic RM
- Sebagai contoh terjadinya 9/11, badai katrina, gempa bumi, banjir besar
(risiko yang bersifat katastrop) yang tidak dapat diramalkan atau tidak
diketahui kapan terjadinya mempunyai “similar impact” yaitu :
- Loss of employess
- Destroyed operations
- Damaged IT Infrastructure
- Lack of Cash Flows
- Drastics shift in regulations
- dll
- Kita tidak dapat memprediksinya tetapi diharapkan dapat
mempertimbangkan dan proactive atas pemikiran atas respons events
tersebut yang mempunyai “similar impact”
- SO, manajemen harus mempunyai rencana untuk setiap signifikan skenario
yang dapat membawa konsekuensi yang mungkin menganggu core strategy
seperti kerugian diatas
5
 Rising Expectations for Strategic RM

- Meningkatnya volume dan kerumitan risiko sangat menyulitkan karena

secara fakta bahwa banyak teknik yg digunakan BOD tidak berlaku, kurang
berpengalaman, dan lebih sering bersifat ad hoc.
- Sedikit BOD yang mempunyai KRI yang sehat dan kuat yang dapat
memberikan data yang memadai utk dapat mengenali perpindahan pola dari
risiko dalam dan eksternal organsasi yang menghasilkan ketidakmampuan
untuk proaktif merubah Strategic Initiative jauh kedepan ketika risiko
terjadi
- Hal ini lah yang menciptakan “expectations gap” antara stakeholders expects
dengan BOD dan Senior Management untuk melakukan secara luas ERM dan
secara aktual apa yang dikerjakan
- Goal dari ERM adalah untuk meningkatkan kemungkinan organisasi akan
mencapai tujuan dengan mengelola risiko dalam stakeholders appetite for
risk.
6
 Integrating Risk Into Strategic Planning
Recognizing Strategic Business Risk
What initially appeared to be a minor disruption in the value chain for Nokia and Ericsson in March 2000
turned out to be a critical event for both companies. On Friday, March 17, 2000, a line of thunderstorms
appeared in Albuquerque, New Mexico. A lightning bolt struck a Philips semiconductor plant, causing a
fire in a plant that made chips for both Nokia and Ericsson and presented similar risks to both
companies. The fire was minor, lasting only 10 minutes, and the damage at first ppeared to be limited,
so Philips expected to be back in operation within a week. As it turns out, the disruption to the plant
was months rather than weeks, and the impact on production was significant.
Nokia quickly noticed the problem with the supply of the parts even before Philips told them there was a
real problem. They took fast action to address the situation once they determined that the potential
impact of the disruption in the supply of chips from the Philips plant could translate into an inability to
produce 4 million handsets, representing 5 percent of the company’s sales at the time.
In contrast, Ericsson responded slowly and didn’t have alternative sourcing options. By the time
management realized the extent of the problem, they had nowhere else to turn for several key parts.
This partly stemmed from the company’s strategy in the mid-1990s, when it simplified its supply chain
to cut costs and in the process weakened its supply backup. One manager at Ericsson said: “We did
not have a Plan B.” Underestimating the risk of the disruption in supply from the Philips plant and being
unable to manage the problem were major factors that led to Ericsson exiting the phone headset
production market in 2001

7
Integrating Risk Into Strategic Planning

Recognizing Strategic Business Risk

What lessons do these

contrasting cases above ?

8
Integrating Risk Into Strategic Planning
Recognizing Strategic Business Risk

The Leassons is :
•1

•2

•3

•4

-Intinya adalah : Risk Management ……………………………………………………………..

…………………………………………………………………………………………………………………………
…………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………….. 9
RM Organ

10
Risk Management Organ (ISO 31000)

11
10 Principles for Risk Management (ISO 31000)

12
Frameworks

13
Overview Risk Management Process

14
 Risk Management Process (RMP)

Establising the context

- Context adalah menentukan risiko yang relevan dihadapi oleh perusahaan.

Berdasarkan POJK bahwa ada 7 risiko yang dihadapi oleh perusahaan
asuransi.
- Output utama dari Context adalah Risk Criteria yg digunakan untuk
menentukan acceptability of the risk

15
 Risk Management Process (RMP)

Risk Assessment

16
 Risk Management Process (RMP)
Risk Assessment : RISK IDENTIFICATION

17
 Risk Management Process (RMP)
Risk Assessment : RISK ANALYSIS

18
 Risk Management Process (RMP)
Risk Assessment : RISK EVALUATION

19
 Risk Management Process (RMP)

RISK TREATMENT

20
 Risk Management Process (RMP)

Communication and Consultation

21
 Risk Management Process (RMP)
Monitoring and Review

22
Creating a Risk Registers
 Why manage risks?
• “the threat or possibility that an action or event will adversely or
• beneficially affect an organization's ability to achieve its objectives”

risk KNOWN POTENTIAL

definition PROBLEMS PROBLEMS

Issues pro-active Risks

management

Fire-fighting Containment actions

Damage limitation Contingency
Costly emergency
actions
• lower costs
• less stressful
 What is a risk register?

A risk is an undesirable future event. The

Risk Register analyzes risks and drives
action to:
• Reduce the likelihood of the risk
occurring.
• Increase the visibility of the risk.
• Increase the ability to handle the risk,
should it occur.
• Reduce the impact of the risk, should it
occur.
Risk register Components
include:

• Dates – important because the register is a “living

document”
• Risk Identification (Description, Category, Cause, Effect,
Indicators, etc.
• Risk Type
• Likelihood of occurrence
• Severity of effect
• Countermeasures – Actions to be taken
• Owner – Responsible individual
• Status – Being fixed, fixed or to be fixed
EXAMPLE and Exercise
a Risk Registers
Indentifying
KRI & ROOT CAUSE
What is a Key Risk Indicator ?

Definition
-A KRI is a measure to indicate the potential presence, level, or trend of a risk
-KRI memberikan informasi mengenai situasi risiko yang mungkin ada atau tidak
ada yang memberikan sinyal untuk melakukan tindakan lebih lanjut
-KRI dapat menjadi termometer yang mengukur temperatur perusahaan
-KRI jika dirancang dengan baik maka dapat sebagai EWS atas kemungkinan
perubahan dalam organization risk profile
-KRI harus jelas dan dipilih yang sangat relevan pada risiko yang dimonitor dan
menggambarkan keunikan pada organisasi atau business area.

29
What is a Key Risk Indicator ? - Example

Human Resources Information Technology Finance

•Average time to fill •System usage versus •Daily profit and loss
vacant positions capacity adjustments (number,
•Staff •Number of systme account)
absenteeism/sickness rate upgrades/version releases •Reporting deadlines
•Percentage of staff •Number of help desk calls missed (number)
appraisals below •Incomplete profit and
“satisfactory” loss sign-offs (number.
Aged)
Legal/Compliance Audit Risk Management
•O/S litigation cases •O/S high risk issues •Management overrides
(number, amount) (number, aged) •Credit Defaults (number,
•Compliance investigations •Audit findings (number, amount)
(number) severity) •Limit Breaches (number,
•Revised management amount
action target dates
(number)
Sumber : Fraser, 2010 30
What is a Key Risk Indicator ? - Example

• Number of defective items produced – in each production line.

• Percentage of defective items produced – in each production line.
• Change – daily, weekly, monthly, etc. – in the number of defective items
produced in each production line.
• Number of items returned as defective for each product (again, this may
be expressed in numbers, percentages or monetary value).
• Number of maintenance calls for each production line – absolute or per
unit of time.
• Number of accidents on the production lines.
• Number of unplanned stoppages of each production line.

31
KRI VS KPI

KRI dapat berasal dari specific risk dalam organisasi yang dimonitor. Tabel
dibawah ini memberikan gambaran mengenai hubungan KRI dengan Risk,
Performance dan Strategy

Sumber : Fraser, 2010

32
Design Principles of KRI
Sumber informasi untuk Merancang KRI

Sumber : Fraser, 2010

33
KRI for Insurers
KRIs adalah parameters yang dapat bertindak sebagai indikator dan yang dapat
melihat prediksi sehubungan terjadinya perubahan pada risk profile pada suatu
bisnis.
KRI dapat dengan tepat waktunya mengambil tindakan ketika isu tersebut
muncul. KRIs mengukur indikasi tingkatan dan perubahan risk profile suatu
organisasi

Bagaimana Mengindifikasi KRIs ???

e
C aus
ot
Ro

Fokus pada Root Cause

Root Cause merupakan Leading KRIs bisa Supplier dan dan Customer, Laporan
keuangan, perubahan ekonomi, perubahan regulasi dll
34
Examples in Insurers
Insurance Specific Operational Risk KRIs
Risk Category Example KRI
People Staff Turnover Rate
Sickness rate, etc
Process Underwriting Process
- Perncentage slips recorded within 24 hours
- Percentage slip entry error
Claims Process
- Percentage of material claims/complaints etc reported to board
- etc
External event - Number of incidents of third party provider failure from outsource
provides per month/year
etc
Etc etc

36
Insurance Specific Operational Risk KRIs
Contoh 2

Risk Risk Indicators Risk Size Frequency Source Data

Category Description
Process Jumlah Terjadinya Jumlah dan Bulanan Claim Process
terjadinya keluhan klaim nominal Center
keluhan klaim akan keluhan
dari nasabah menyebabkan klaim
ketidakpuasa
n pelanggan,
akan
berkurangnya
pelanggan dll

37
SELESAI

Terima Kasih

38