Summary of "3. Video Pembelajaran - Penyusunan Risk Register"

Summary of "3. Video Pembelajaran - Penyusunan Risk Register"

This video provides a detailed instructional guide on compiling an operational Risk Register for an organization, based on the regulatory framework set by the Minister of Agrarian Affairs and Spatial Planning/National Land Agency (ATR BPN) Regulation Number 3 of 2022 concerning risk management.

Main Ideas and Concepts

• Learning Objective: After completing this material, learners should be able to compile an operational Risk Register correctly according to applicable regulations.
• Risk Register Format: The Risk Register is presented in a tabular format, including columns from objectives to risk scores after mitigation. All fields must be filled unless mitigation is not applicable, in which case some columns can be left blank.
• Risk Identification Process: Steps to identify risks in context:
  1. Determine targets and risk periods for the work unit.
  2. Identify activities or business processes linked to these targets.
  3. Select crucial activities that strongly correlate with targets and lack adequate controls.
  4. Identify risks in these activities. Multiple risks can arise per activity.
  • The Job Method is recommended for risk identification, focusing on four perspectives:
    • Network (infrastructure, communication)
    • Outcome (reports, reputation)
    • People (consumers, employees, managers)
    • Goods (products, machines)
  • Risks are linked to events (e.g., “goods” = land area map; “event” = overlapping).
• Risk Statement:
  • Use a standardized format starting with "potential" to indicate the risk has not occurred yet.
  • Risks must relate to objectives and business processes.
  • Risks that have already occurred are considered problems, not risks.
• Classification of Risks:
  • Risk groups are categorized based on identified risk events, as per the Ministerial regulation.
  • Causes and sources of risk are documented:
    • Causes are activities or events leading to risk, prioritized by frequency.
    • Sources can be internal or external; internal causes are prioritized for better control.
    • The 5 Whys (5Y) Method is recommended to determine root causes.
• Impact and Loss Description:
  • The impact describes consequences if the risk occurs, referencing criteria from the regulation.
  • Only one impact per risk is recorded, prioritizing the most significant.
  • Impact magnitude can be expressed nominally (e.g., rupiah), performance percentage, or other relevant metrics.
• Risk Ownership:
  • Assign one risk owner per risk, usually the head of the relevant work unit (UPR).
  • Internal units related to causes are also listed; multiple units can be involved.
• Likelihood and Data Sources:
  • Likelihood of risk occurrence is estimated based on historical data, expert judgment, questionnaires, benchmarking, or focus group discussions (FGD).
  • Likelihood is measured before controls (inherent risk) or after controls (residual risk).
  • Data can be frequency counts or percentages.
• Risk Analysis Matrix:
  • Risks are evaluated using a matrix combining likelihood and impact on a scale of 1 to 5.
  • Risk level is determined by coordinates on the risk map, not by multiplying likelihood and impact.
• Risk Management Strategies: Four main strategies based on risk level:
  1. Accept: Risk is small or below tolerance; no mitigation needed.
  2. Transfer: Share risk impact (e.g., insurance, delegation).
  3. Mitigate: Implement actions like socialization, technical instructions.
  4. Avoid: Risk is very large and threatens the unit; avoid or stop activities.
• Register Mechanism:
  • Objectives are based on Key Performance Indicators (IKK) from the work unit’s performance agreement.
  • Causes use the 5Y method; risks linked to events via the Job Method.
  • Impact and risk levels are filled according to the regulation.
  • Controls are documented, referencing existing technical instructions or guidelines.
• Risk Levels:
  • Inherent and residual risks are currently considered the same due to lack of data on risk reduction.
  • Risk after mitigation is expected to be lower but is not yet quantified.
• Mitigation Planning and Monitoring:
  • Mitigation plans describe actions to reduce risk.
  • Multiple mitigation plans can exist per risk.
  • Implementation schedules are tracked monthly:
    • Blue indicates planned activities.
    • Green indicates realized activities.
  • Evidence or documentation of mitigation is recorded.
  • The person in charge (PIC) or risk owner is responsible for mitigation execution.

Detailed Methodology / Instructions for Compiling a Risk Register

1. Prepare Risk Register Table: -

Category

Educational

Share this summary

Share on X/Twitter Share on Facebook Share on LinkedIn Share on Reddit Share on WhatsApp Share on Telegram

Video