The use ISO 31000:2018 in Indonesian Fintech Lending Companies: What Can We Learn?

Enterprise risk management (ERM) is significant in running a company. ISO 31000 is one of the ERM types that are familiar. However, there are still pros and cons of ISO 31000. Thus, this study aimed to find out the responses of the Indonesian fintech lending companies managements in implementing ISO 31000. Specifically, this study tried to identify the problems in implementing ISO 31000:2018 to be implemented as ERM. Besides, it also discussed the benefits of the ISO 31000:2018 implementation from the companies' management's perspectives. The data were collected through questionnaires and interviews. The questionnaire results were quantified and interpreted in percentage, while the interview results were analyzed qualitatively using the interactive data analysis method. The study results showed that most of the companies' management believed that they had no significant problems implementing ISO 31000:2018. In addition, they felt that implementing ISO 31000:2018 as ERM gave many benefits in running the companies. The study's findings were discussed by connecting them with the current theories and empirical reviews. However, since the study was done qualitatively, a further study that involves quantitative study to measure the effectiveness of ISO 31000 empirically is needed to support the results of this study.

Enterprise Risk Management (ERM) Practices to Achieve Long Term and Sustainable Organization’s Goals: Case of Institut Teknologi Bandung (ITB)

Every choice made in the pursuit of objectives has its risks. From day-to-day operational decisions to the fundamental trade-offs in the boardroom, dealing with uncertainty in these choices is a part of the organizational lives. A strategy is nothing more than a commitment to a set of coherent, mutually reinforcing policies or behaviours aimed at achieving a specific competitive goal. In order to ensure the implementation of efforts and the allocation of resources to achieve strategic goals, top management should conduct integrated risk management practices to all activities/initiatives of the organization’s management, both individually and collectively. Risk management is an intrinsic part of business planning and decision making. No direction is taken without looking at the potential risks and comparing them against the organization’s risk appetite. This paper aims to research in general the practice of enterprise risk management within Institut Teknologi Bandung (ITB) as a well-known and public-state-owned university in Indonesia. This research concludes that the enterprise risk management implementation is not fully implemented yet within ITB as an enterprise. Almost all respondents agree that the implementation of enterprise risk management has a positive and significant influence on the organization’s objectives achievement. Improving university performance overall will require an effective enterprise risk management practice. Author highly recommends ITB to adopt risk management practice based on ISO-31000 standard, and it can be combined with other risk management standards available nowadays if necessary. ITB needs to start the implementation at the soonest as possible, in order to maintain its strategic position as a top university in Indonesia, increase its competitive advantages to compete in the global scale, and at the same time achieving its vision and mission in a long-term and sustainable manner.

Analisis Risiko Teknologi Informasi Menggunakan ISO 31000 (Learning Management System SMPN 6 Salatiga)

SMP Negeri 6 Salatiga merupakan salah satu sekolah yang berada di Kota Salaatiga yang saat ini sudah menggunakan e-learning sejak tahun 2017 untuk membantu dalam kegiatan belajar mengajar di sekolahan. Aplikasi Moodle, merupakan e-learning yang digunakan oleh SMP Negeri 6 Salatiga. Aplikasi ini memiliki fungsi untuk memperbaharui, menyimpan, mendistribusikan serta membagi materi belajar mengajar untuk para guru dan murid. Namun aplikasi Moodle ini sering mengalami berbagai masalah seperti server yang sering down, web service mati secara tiba-tiba, koneksi jaringan sering terputus. Masalah – masalah seperti ini dapat mengganggu kegiatan belajar siswa, maka dari itu penelitian ini membahas tentang manajemen risiko menggunakan framework ISO 31000, untuk mengetahui segala bentuk risiko terhadap aplikasi Moodle, sehingga risiko dapat di minimalisir, serta dapat diatasi oleh pihak sekolah. Hasil akhir dari penelitian ini berupa rekomendasi untuk mengatasi serta meminimalisir risiko yang ada.

ANALISIS MANAJEMEN RISIKO TEKNOLOGI INFORMASI PADA PERUSAHAAN TOKO UJUNG PANDANG GROSIR PENAJAM PASER UTARA MENGGUNAKAN FRAMEWORK ISO 31000:2018

Toko grosir ujung pandang penajam paser utara merupakan sebuah perusahaan yang bergerak dalam bidang penjualan sembako, toko tersebut sudah menggunakan penerapan Teknologi Informasi dalam menunjang aktivitas bisnis yang dijalankan. Toko tersebut menggunakan website yang digunakan untuk menunjang penjualan, mendata stok barang, serta mendata pengeluaran sehari-hari yang dibutuhkan. Namun dalam dunia manajemen pasti selalu ada kemungkinan risiko yang mungkin dapat terjadi dan dapat mengganggu aktivitas bisnis dalam penggunaan sistem tersebut. Adapun tujuan dari penelitian ini untuk menganalisis risiko yang sangat diperlukan yang terhadap sumber daya Teknologi Informasi yang terdapat pada toko tersebut dengan menggunakan ISO 31000 diharapkan dapat meminimalisasi risiko yang terdapat pada website. Peneliti ini menggunakan metode penelitian Case Study Research dengan pendekatan kualitatif yaitu pendekatan yang dilakukan dengan mendeskripsikan atau menguraikan data dan fakta yang terjadi di dalam objek studi kasus kedalam bentuk kata-kata. Adapun hasil dari analisis risiko ini berupa analisis kemungkinan risiko, mengelompokkan kemungkinan risiko berdasarkan dampak nya sehingga menghasilkan usulan tindakan risiko terhadap kemungkinan risiko yang terdapat pada website, dengan begitu toko tersebut dapat memperlakukan kemungkinan risiko yang ada sesuai dengan prioritas level risikonya dan dapat mencegah serta meminimalisasi sehinga tidak mengganggu aktivitas bisnis di Toko ujung pandang grosir penajam paser utara.

A Regional Approach For Health Risk Assessment of Toxicants in Plastic Food Containers

Plastic food containers are being used popularly, generating a waste of about 115 million tons in Vietnam. Such waste is causing environmental and health issues. This study conducted a field survey with 309 local people and selected 59 samples out of 135 plastic food containers collected in Go Vap district, Vietnam. Collected plastic samples identified compositions were PET 13.6 %, PP 28.8 %, PS 16.9 %, and 40.7 % X. Although most people are aware of the toxicity of plastics, plastics are still widely used due to their convenience and price with easy use and purchase. Collected plastic samples were classified based on the plastic type using recycling code and quantitatively analyzed with X-ray fluorescence spectroscopy method to assess concentrations of Cd, Sb, Pb, Hg, Sn, Cr, Br, Cl, and S. Most of these collected plastic samples (91.5 %) were found to contain 8/9 hazardous substances and most elements contained in these plastics were below their standard thresholds. However, elements Cl and Sb exceeded their safe thresholds, reached the highest concentrations of 1990.3 ppm and 469.2 ppm, respectively. Thus, additional health risks need to be assessed using the USEtox model. Finally, this study proposed a screening process to assess the risk of toxicity of elements contained in plastic food containers through ISO 31000:2018.

Comparison of Indonesian Banking Regulation for Integrated Governance, Risk Management, Compliance with Its ISO Counterparts

The research is aiming at obtaining understanding and assurance whether the regulation of Indonesia Financial Services Authority (orOtoritas Jasa Keuangan/OJK) for banking industry on Governance, Risk Management, and Compliance (GRC) in Indonesia are compatible with the requirements and suggested practices of ISO 37000/DIS on Governance, ISO 31000:2018 Risk Management, and ISO 37301: Compliance Management as international standards for Governance, Risk, and Compliance (GRC). The regulatory requirements as set forth by Indonesian FSA to banking industry for integrated GRC have all been compatible with all the elements of ISO 37000, ISO 31000:2018, and ISO 37301. This study utilizes a comparative study method, which is conducted by assessing the similarities and differences between two standards or regulations, or in this study, between Indonesia Financial Services Authority Regulation, or Peraturan Otoritas Jasa Keuangan (POJK) on Governance, Risk Management and Compliance (GRC), with their ISO Standards counterparts. The result is expected to show the degree of fitness of Indonesian banking regulations with these ISO standards. There is only a very small number of studies have been done in the light of calibrating the Indonesian banking regulation in Governance, Risk Management and Compliance (GRC) with their ISO counterparts. Therefore, the result of this paper could be used as generic inputs and considerations for banks which have initiated their integrated GRC practices, and/or just recently commenced, and/or improving their practices more effectively. Whereas the study provides general understanding and assurance of the compatibility, it is not supported yet by empirical evidence of how banks practically exercise the implementation of integrated GRC based on ISO 37000, ISO 31000, and ISO 37301 and how do they conduct calibration efforts to its efficacy. Therefore, it is recommended to conduct such empirical case study in several banks in Indonesia as further study. Further, a field study such as interviews and surveys with Indonesian banking professionals could also be performed to provide additional perspectives on how integrated GRC is implemented in Indonesian banking.

Emotional Intelligence and Risk Leadership on the Effectiveness of ISO 31000 Implementation in Organisation

ISO 31000 indicates that risk management is a science in which competencies are embedded in the individuals. It also emphasises the importance of having proper leadership while demonstrating the commitment towards the risk management implementation. Humans are emotional creatures—we could sometimes be influenced by the force of feelings, rather than rational discussion. This paper describes the dynamics of emotional intelligence and risk leadership in implementing risk management. The research used a qualitative-descriptive design with the verification strategy of case study. It used a non-probability sampling to individuals in the top management position. The findings suggest that without a proper level of emotional intelligence, it is difficult for leaders to cultivate an effective risk culture. These findings may equip decision makers on the interrelationships between emotional intelligence, risk culture, and organisation’s risk management maturity.

Risk Analysis of Microfinance Conversion Based on ISO 31000 PT. Bank BRI Syariah. Tbk Aceh

Aceh government issued Aceh Qanun No. 11 of 2018 about Sharia Financial Institutions, which demands that all financial contracts in Aceh adhere to Sharia principles. This regulation has an impact on the Aceh region's financial business. PT Bank BRI Tbk Aceh has decided to conversion entire financing and funding portfolio to one of its sharia-compliant subsidiaries, PT Bank BRIsyariah Tbk. microfinance portfolio is bigger than other segments. By constructing a risk analysis based on ISO 31000, this study assesses the business risk associated with converting PT Bank BRIsyariah Tbk's microfinance segment in the Aceh region. The results indicate that twenty risks have been identified and evaluated. Risk can be classified into five broad categories: operational, reputational, strategic, credit, and compliance. The risk analysis results indicate that the risk is significant and requires immediate attention. Operational risk is associated with differences in data capacity, servers, the core banking system, and financing applications, whereas strategic risk is associated with differences in financial analysis, guarantee provisions, and regulations.

Conceptual Review: Compatibility of regulatory requirements of FSA to Insurance industry in Indonesia for Integrated GRC

This study aims to obtain understanding and assurance whether the regulatory requirements of FSA for integrated GRC to the insurance industry are compatible with the requirements and suggested practices of ISO 37000 on Governance, ISO 31000 on risk management, and ISO 37301 on Compliance. The qualitative approach in which literature review and comparative study are conducted to find the degree of fitness of POJK with these ISO standards (ISO 37000, ISO 31000, and ISO 37301). This study found out that the regulatory requirements set forth by FSA (Financial Services Authority) to Insurance Industry for integrated GRC have all been compatible with all the elements of ISO 37000, ISO 31000, and ISO 37301. It means Insurance companies could use those ISO as standards. Therefore, it would be some efforts needed by the industry to carry out their learning curves in assuring the implementation of integrated GRC is continuously calibrated to their respective context either as an insurance company in general or as a particular organization that has its own respective and unique characteristic. The result of this paper could be used as generic inputs and considerations for insurance companies that have initiated their integrated GRC practices and/or just recently commenced and/or improved their practices more effectively.