The implementation of the risk management system in the Company is part of the effort to fulfill the Company’s strategic objectives. Through the implementation of comprehensive risk management, the Company is expected to protect and continue to create added value for stakeholders. Various steps have been taken in preparing risk management implementation in accordance with the applicable provisions in the form of a study of the importance of risk and creating a risk culture for each work unit.
Risk is defined as the uncertainty of results or events, either positive or negative, which may occur in any business activity or activity, including in the mining and oil gas industry. Negative uncertainty can deter the Company from achieving its stated goals and objectives and can hinder the smoothness of business processes and minimize losses as a potential impact of these events. In the mining and oil gas industry, there is relatively high level of negative uncertainty, therefore risk management is needed to mitigate the risks.
Controlled and measurable risk management has become an integral part of good management practices and corporate governance. With the support of the risk management function within the Company, it is expected to minimize the potential risks which may occur. By identifying and managing several key risks, it is expected that sustainability will be achieved between the risks and benefits of current operations, current development plans, and future prospects. The risk management system is the main responsibility of the Board of Directors whose supervision is carried out by the Board of Commissioners and the Audit Committee whose implementation requires active involvement of the Internal Audit.
Risk Management Application
Risk management which will be taken or also called risk appetite and the Company’s tolerance for risk are major factors in implementing risk management. The application of risk management is carried out by managing risk appetite and risk tolerance. By identifying and mapping the risk appetite of each decision maker, there will be an appropriate balance between uncontrolled innovation and excessive caution. Thus, the application of appropriate risk management will be able to guide Management at the level of risk desired or that can be tolerated by the Company.
The Company manages acceptable risk tolerance by mapping risk through a continuous evaluation system. Two factors mapped in managing risk tolerance are the impact and probability of the possibility of occurrence of a risk (likelihood). Significant risk measurement is carried out comprehensively by covering various areas relevant to the Company’s activities. Furthermore, the Company ranks these risks.
The Company implements risk management using the ISO 31000: 2009 framework. The framework contains 5 main stages in risk management, namely:
a. Determination of Context,
b. Risk Identification,
c. Risk Analysis,
d. Risk Evaluation and
e. Risk Control / Mitigation.
The work flow from the 5 stages of risk management is, after the risk is identified (analysis) and rated (evaluation), the Company prepares a mitigation plan. The aim is to help monitor and report on the status of supervisory actions against each risk. Risks with the highest rating will get top priority to be dealt with immediately. Furthermore, the risk mitigation plan can also assist the Company in directing available resources to manage the most important/critical risks.
In the process of implementing risk management, risk owners are involved and communicate intensively. This intensive communication and consultation will help in improving understanding and fostering a risk culture both structurally and functionally.
Furthermore, on an ongoing basis, the Company continues to develop an integrated and comprehensive risk management system framework and internal control structure to protect the Company from risks that have a negative impact on achieving objectives.
In the risk management system, periodic evaluations are continuously carried out so that the quality management process can be continuously improved. Evaluation of the implementation of risk management conducted by the Company generally through periodic monitoring and review activities. Evaluation of the implementation of risk management is carried out by the Internal Audit. In general, the evaluation results show that there are still aspects that need attention from the Management in order to improve both long and short term.
Company Risk Profile
Generally, there are two kinds of risks inherent in the Company’s business, namely internal and external risks. The following are indications of risk and efforts to reduce the level of risk.