The risk management system is an integrated process in planning, managing, controlling, and supervising the Company’s activities in a measured manner to reduce risks that have the potential to affect the Company’s conditions. The Company conducts early research and mitigation efforts to deal with these risks, which include business aspects, financial aspects, and several other aspects. By knowing the risks associated with the Company’s business activities, the Company is able to be proactive and preventive.
To implement a comprehensive risk management system, the Company conducts an in-depth study of risks that are relevant to the Company’s business and builds a risk culture in all work units. The Company realizes that structured risk management must be carried out in order to minimize the impact of various risks that may arise. Therefore, the Company manages and mitigates risks in order to achieve a more solid performance. In its implementation, the risk management system is the main responsibility of the Board of Directors whose supervision is carried out by the Board of Commissioners and the Audit Committee whose implementation requires active involvement from the Internal Audit Unit.
Managing the level of risk to be taken or risk appetite and the Company’s tolerance for risk are the main factors in implementing risk management. By identifying and mapping the risk appetite of each decision made, there will be an appropriate balance between innovation and prudential actions. Thus, the application of appropriate risk management can lead to the level of risk desired or tolerated by the Company.
2 (two) factors mapped in the management of risk tolerance are the impact and the likelihood of a risk occurring. The Company implements a risk management system using the ISO 31000:2009 framework which contains 5 (five) main stages in risk management, namely:
a. Setting Context,
b. Risk Identification,
c. Risk Analysis,
d. Risk Evaluation, and
e. Risk Control/Mitigation.
After the risks have been identified (analysis) and rated (evaluation), the Company has prepared a mitigation plan, which aims to help supervise and report on the status of control measures for each risk. Risks with the highest rank will get the top priority to be dealt with immediately. Furthermore, the risk mitigation plan can also assist the Company in directing available resources to manage the most important/critical risks.