UDC 331; DOI 10.18551/rjoas.2023-06.04
RISK MANAGEMENT APPROACH: STRATEGY OF MANAGEMENT CHANGES IN POLITEKNIK PERTANIAN NEGERI PAYAKUMBUH, INDONESIA
Afrizal Roni
Politeknik Pertanian Negeri Payakumbuh, Indonesia E-mail: [email protected]
ABSTRACT
Politeknik Pertanian Negeri Payakumbuh (PPNP) is a vocational college that has been operating for more than 30 years and has the potential to develop its management status from a state university as a working unit (PTN-Satker) to a state higher education institution of public service agency (PTN-BLU). The main objective of this study is to provide an overview of the risk owner management strategy, related to the operational sustainability risk. As for risk; finance, reputation, and law/regulation are not discussed. The Risk and Control Self Assessment Method (RCSA) is used in the analysis referring to ISO 31000:2018 - Risk Management. The results showed that of the seven potential operational risks, under current conditions there is one risk that is in the yellow zone (moderate risk), but after it is mitigated, it is expected within 3 years of the preparation of the PPNP to be PTN-BLU, the risk of such infrastructure failure can be reduced through the construction according to the needs and centralized educational facilities.
KEY WORDS
Risk register, strategic plan, operational risk, working unit.
State higher education (PTN) in Indonesia is divided into three categories: PTN-working unit (PTN-Satker), PTN-public service agencies (PTN-BLU), and PTN-legal agencies (PTN-BH). Status change is a perception as part of the dynamics of change towards independence. Changes in management status are intended to improve services to the community as a service user. PTN-Satker only acquires the power of budget users and or users of assets that are an extension of the Ministry of State. PTN-BLU has autonomy in managing non-tax receipts and reporting them to the state. The highest level of full autonomy in the management of finance and human resources and assets is granted to legal entities (PTN-BH).
The State Agricultural Polytechnic Payakumbuh (PPNP) is currently a PTN-Satker, also required to adjust. Change tends to potentially pose a range of complex, diverse, and ever-evolving risks (Djohanputro, 2013). These risks can have a significant impact on the sustainability of PPNP as a higher education institution in achieving its goals. A systematic, effective risk management approach is used to identify, analyze, measure, manage, evaluate, mitigate and control the risks that will be faced before, when, and after a change of campus category. PPNP need to have a clear and integrated risk management framework with the institutional strategy.
The main objective of this study is to create a risk register of the potential risk of operational sustainability of PPNP as part of strategic planning if there is a change in management status into PTN-BLU.
METHODS OF RESEARCH
This study belongs to qualitative descriptive research that describes risk management maps (Afrizal, 2014; Sugiyono, 2015). Risk and Control Self Assessment (RCAS) is used as a framework for organizational risk analysis (Siahaan, 2013). In this case mainly related to the operational PPNP analyzed with detailed calculations referring to ISO 31000: 2018. Financial risk, reputation risk, as well as legal and regulatory risks are not described in this study. RCSA will clarify the objectives, identify and deal with the risks that threaten those
objectives and know the priorities of activities (Abdullatif dan Kawuq, 2015). The steps in the implementation of RCSA in the PPNP refer to Prabantarikso (2022).
RESULTS AND DISCUSSION
Risk management processes based on ISO 31000: 2018 should be an integral part of management and decision-making processes, as well as integrated into all organizational structures, operations, and processes. Its implementation is comprehensively carried out at both strategic, routine and non-routine operational levels, as well as project levels. Operational risks can trigger other risks.
RCSA is a process used by an organization to identify, evaluate, and manage internal risks associated with its operations. Each organization can tailor these RCSA measures according to their operational needs and complexity (Fernandez-Laviada, 2007). It is essential to involve relevant stakeholders, including internal risk management teams and various business units, in the implementation of RCSA to gain a holistic understanding of organizational risk and develop effective control measures.
There are eight steps in the implementation of RCSA in PPNP, as follows:
• Set RCSA Scope Space: that is, the area or process to be evaluated. It can cover various operational aspects of an organization, such as finance, human resources, legal compliance, information technology, or specific business processes;
• Risk Identification: Identifying potential risks that may occur within the specified scope. Involving various parties involved in the business process or area being evaluated can help in identifying relevant risks. Use tools such as risk lists, cause-effect analysis, or past experiences to help in the identification process;
• Risk Assessment: to determine the severity and impact of each risk. This can be done by combining factors such as risk probability, financial impact, reputation, compliance, or other aspects relevant to the organization;
• Identification of Controls;
• Evaluation of Control Effectiveness;
• Develop a Plan of Action;
• Monitoring and Reporting;
• Update and Improvement.
The RCSA area analyzed in this paper is the operational campus of PPNP. Risk management is a continuous process. PPNPs need to establish a risk management team or unit that is responsible for continuously monitoring and managing risk. These units should have a good understanding of the risks faced, and work with relevant parties to implement appropriate mitigation measures.
Risk management involves proactively engaged human resources. Based on the organization structure in the PPNP, as well as its role in the RCSA, the competent parties are; (i). Director as a risk owner at the level of the institution responsible for creating a risk map / PPNP risk profile, (ii). SPI-MR as the appointed agency and assisting the Director in risk management, which is a special part of the internal supervisory unit, and (iii) as the risk officer responsible for creating the risk register, is the Deputy Director I for academic, II for general and finance, as well as deputy director III for students affair. Includes the entire field coordinator (6 fields), chief of department (5 majors), head of technical executive unit (4 upt), and head of P3M. The vice director along with the chief of the college is also at the same time a risk owner for the faculty level. Under the coordination of the major there are the head of the laboratory competence (18 labor units), and the coordinator of the study program.
Risk Identification: PPNP needs to conduct comprehensive risk identification by involving various stakeholders, including institutional leaders, faculty/professional, staff, and students. The risks that need to be identified include academic risk, operational risk, financial risk, reputation risk, legal risk, security risk, and environmental risk. The spectrum and range are tailored to RCSA needs. It identifies the operational risks to be analyzed. The operational
risks obtained through self-evaluation that may occur in connection with the change to PTN-BLU on the PPNP campus are:
• Information Systems Disruption: The vulnerability of information and communication technology systems on campus can lead to significant operational risks. Disruptions in computer networks, hardware failures, or cyber attacks can interfere with the overall teaching, administration, and campus service process. This can trigger other risks such as data loss, privacy violation, or failure to provide critical services;
• Infrastructure Failures: Failures in campus infrastructure such as electricity, water, or other supporting facilities can hinder campus operations and affect learning-teaching activities as well as campus services;
• Natural Disasters: The campus is also vulnerable to the risk of natural disasters such as earthquakes, floods, or fires. Physical damage to buildings, infrastructure, or supporting facilities can disrupt the operation of the campus and cause other risks such as discomfort for students and staff, academic delays, or loss of assets;
• Security Disruption: Campus security can be an operational risk in the event of criminal acts such as theft, robbery, defamation, human rights violations, sexual harassment and/or violence. Security disturbances can disrupt academic activities, create discomfort, and reduce and damage a serious campus reputation. Educational institutions must ensure security, equality and inclusion for all members of the campus community;
• Lack of Workforce: A lack of qualified academic or administrative staff can be a significant operational risk on campus. This can hinder the efficiency and effectiveness in the provision of academic, administrative, and student support services. Deficiency can also mean instability in college leadership, such as frequent change of rectors or open internal conflict, can create uncertainty and damage the institution's reputation in the eyes of the public, prospective students, and other stakeholders. This can reduce public confidence in the integrity and transparency of the university, as well as affect the overall image of the institution. A lack of qualified academic and administrative staff will affect academic services, student guidance, or administrative support provided to students and lecturers. Poor student service potential tends to increase, such as lack of academic support, prolonged administrative problems, or failure to deal with student complaints, can harm the college's reputation and affect student satisfaction. These risks can trigger other risks such as increased workloads, decreased quality of service, work ethics issues, or reduced productivity;
• Regulatory Non-Compliance: PPNP must comply with the regulations and laws, as well as various regulation and policies applicable in higher education. Violations of the rules can result in legal sanctions and reputation loss. Legal and regulatory risk management involves an in-depth understanding of applicable regulations, monitoring relevant legal changes, and proper compliance. Non-compliance with applicable educational regulations can result in legal sanctions, funding restrictions, or a decline in the campus's reputation. This non-compliance may be related to academic requirements, personal data protection, or safety and health in the campus environment. Failure to comply with legal and regulatory requirements can lead to highly detrimental operational risks. Examples of non-compliance with applicable educational regulations and policies, such as: failure to meet academic standards, financial violations, or lack of transparency in the management of institutions. Everything can damage the reputation of the university and trigger a decline in public confidence. Controversies related to research or educational activities carried out by the university, such as conflicts of interest, methodological errors, or controversial content, can create polemics and undermine the image of the institution in the eyes of the public or within the academic community. These risks can trigger other risks such as a decrease in student interest, a decline in the quality of academic programs, or the inability to access additional funding. Further consequences may be a decline in
academic quality; such as a decrease in national or international ratings, a lack of quality of study programs, or a low graduation rate, can harm the college's reputation and reduce the interest of prospective students to enroll;
• Financial Management Failures (which are accountable and transparent): Errors in financial management, such as losing funds, misuse of funds or budget imbalances, can negatively impact on the operational sustainability of the campus and the services provided to students. Financial risks are also operational risks that can trigger other risks on campus. Loss of funds through unethical financial practices, abuse of authority, or acts of corruption can harm the campus financially. This can disrupt operational sustainability, reduce the quality of education provided, or damage the campus's reputation. (Chapelle, 2019).
Risk Assessment and Management: Once the risk has been identified, it is necessary to evaluate the impact and possible occurrence of risk. Risk management involves developing strategies to reduce risk or minimize its impact. This involves formulating clear policies and procedures, proper allocation of resources, and implementation of preventive and risk mitigation measures. In addition, the college needs to develop a business continuity plan to address the risks that interfere with the operation of the institution. The risk assessment at the PPNP campus is carried out using methods of probability and impact analysis, as follows:
Current Scores
Table 1 - PPNP's Operational Risk Register
Post-mitigation Scores
Operational Risk
Disruption of
information
system
Infrastructure failure
Natural disaster
Security disruption Lack of
workforce (losing key resources) Non-compliance with regulations Failure of financial management
Risk Impact Risk Likelihood Current Score
3 3 9
4 3 12
1 1 1
2 2 4
2 2 4
1 1 1
1 1 1
Risk Post- Post- Post-
Response mitigation mitigation mitigation
Impact Likelihood Scores
Reduce
Reduce
Accept
Reduce
Avoid
Avoid
Avoid
Mitigation Action/Plan
Recruit SDM Competent IT
Priority building and management of the room centrally Simulation of disaster mitigation Rules and units of officers
A well-planned SDM recruitment system
SMART plan
Education, Competence Training, Rotation
2
2
a
b
2
2
c
d
e
0
0
0
0
Risk mitigation planning is the most important part of this phase. PPNP need to develop effective risk mitigation plans to reduce the negative impact of risk and increase the likelihood of achieving targets. Risk mitigation plans should include specific measures, emergency response, and recovery in the face of potential risks. The selection of mitigation measures should be carried out carefully, prioritizing aspects of effectiveness and efficiency.
Table 1 shows today's conditions, that of seven potential operational risks, there is one risk that is in the risk tolerance zone (yellow area) with a score of 12 related to the potential risk of infrastructure failure. Adequate infrastructure needs should be a priority of development and management. To become a ptn-blu campus, PPNP must increase the number of students. Today's conditions relate to room capacity for face-to-face lectures and practice in the lab, often controlled. Because of the relatively dense space usage traffic at a certain time, as well as the management of the room that is not centralized.
Control Identification is a measure to identify controls that already exist in an organization to manage or reduce previously identified risks. These controls can be policies, procedures, security measures, or other control mechanisms that have been implemented in the organization's operations.
Control Effectiveness Assessment: A review of whether existing controls are already sufficient to manage risk or whether there are weaknesses or gaps that need to be fixed. Involving stakeholders involved in such risk management can also help in this assessment.
Develop an Action Plan: If there are weaknesses in existing controls or risks that are not sufficiently controlled create an action plan to improve or strengthen existing controlling. This action plan should be clear, containing responsibilities, timetables, and the resources necessary for implementation (Goodwin and Kent, 2006).
Risk management should be a continuous and dynamic process. PPNP should monitor and evaluate the effectiveness of the implemented risk management strategies and identify risks that change over time. Periodic evaluations will help colleges to improve and strengthen their risk management (Hidayah, et al., 2018; Haas, et al., 2006).
Monitoring and Reporting: Once an action plan is implemented, perform periodic monitoring to ensure that updated or new controls have been effective in managing risk. In addition, make regular reports on RCSA results, including the identified risks, the controls applied, and the steps taken to manage risk as part of knowledge management in PPNP.
Update and Improvement: RCSA should be a continuous process. Review and update the RCSA process periodically to ensure its relevance and effectiveness. Also, learn from previous experience and findings to improve overall risk management.
All of the above steps can be adjusted in a more complete risk register table compared to Table 1, based on the needs of the organization's risk management.
CONCLUSION AND SUGGESTIONS
PPNP should have a risk management guide book. Management of potential risks associated with operational survival due to status changes to PTN-BLU, as follows: disruption of information systems; failure of infrastructure; natural disasters; disruption of security; lack of workforce (key power source);non-compliance with regulations; failure of financial management. All of these risks potentially disrupt the transitional status of management. Especially operational risks (1) and (2) that must be reduced within four years of preparation. The main impact is interfering with academic and administrative activities.
Operational sustainability risk management should involve; disaster recovery planning, infrastructure backup, and reliable use of technology. It is important for the management of the PPNP campus to proactively manage these operational risks by taking appropriate preventive measures and having an effective emergency plan. PPNP leaders need to integrate risk management as an integral part of management practices. A strong risk culture across the institution must start right now. As its foundation, effective communication and risk management-related training becomes a need for PPNP to help all parties understand the importance of risk management and their role in the process.
PPNP is expected to maintain operational smoothness, provide a safe and quality environment for students, and support the achievement of educational goals, institutional strategic goals, strengthening reputation, and improvement of sustainability. PPNP can be a superior and competitive campus in the midst of an increasingly dynamic and complex higher education environment.
REFERENCES
1. Abdullatif, M., & Kawuq, S. 2015. The Role of Internal Auditing in Risk Management: Evidence from Banks in Jordan. Journal of Economic and Administrative Sciences, 31(1), 30-50. https://doi.org/10.1108/jeas-08-2013-0025.
2. Afrizal. 2014. Metodologi Penelitian Kualitatif, Sebuah Upaya Mendukung Penggunaan Penelitian Kualitatif dalam Berbagai Disiplin Ilmu. Jakarta. PT Raja Grafindo Persada.
3. Chapelle, Ariane. 2019. Operational Risk Management; Best Practices in the Financial Services Industry. Great Britain. Wiley.
4. Djohanputro, Bramantyo. 2013. Manajemen Risiko Korporat Terintegrasi. Jakarta. PPM.
5. Fernandez-Laviada, A. 2007. Internal Audit Function Role in Operational Risk Management. Journal of Financial Regulation and Compliance, 15(2), 143-155. https://doi.org/10.1108/13581980710744039.
6. Goodwin-Stewart, J., and Kent, P. 2006. The Use of Internal Audit by Australian Companies. Managerial Auditing Journal, 21(1), 81-101. https://doi.org/10.1108/02686900610634775.
7. Hass, S., Abdolmohammadi, M. J., and Burnaby, P. 2006. The Americas Literature Review on Internal Auditing. Managerial Auditing Journal, 21(8), 835-844. https://doi.org/10.1108/02686900610703778.
8. Hidayah, R., Sukirman, S., Suryandari, D., and Rahayu, R. 2018. Peran Auditor Internal dalam Implementasi Manajemen Risiko pada Perguruan Tinggi. Journal of Applied Accounting and Taxation, 3(2), 129-133. https://doi.org/10.30871/jaat.v3i2.847.
9. Prabantarikso, R. M., Edian Fahmy, Zaenal Abididin, Yosef Abdulrachman. 2022. Konsep dan Penerapan Manajemen Risiko Operasional: RCSA-KRI-LED. Yogyakarta. Deepublish.
10. Rustam, Bambang Rianto. 2018. Manajemen Risiko: Prinsip, Penerapan, dan Penelitian. Jakarta. Salemba Empat.
11. Siahaan, Hinsa. 2013. Manajemen Risiko pada Perusahaan dan Birokrasi. Jakarta. Elex Media Komputindo.
12. Sugiyono. 2015. Metode Penelitian Kuantitatif, Kualitatif, dan R&D. Bandung. Alfabeta.