How to cite:
Minarni Anaci Dethan, Yohanes Demu, Sarinah Joyce Margaret
Rafael. (2022). Risk Management Analysis Based on ISO 13000 at NC
University. Journal Eduvest. Vol 2(2): 207-228
E-ISSN:
2775-3727
Published by:
https://greenpublisher.id/
Eduvest Journal of Universal Studies
Volume 2 Number 2, February, 2022
p- ISSN 2775-3735- e-ISSN 2775-3727
RISK MANAGEMENT ANALYSIS BASED ON ISO 13000
AT NC UNIVERSITY
Minarni Anaci Dethan, Yohanes Demu, Sarinah Joyce Margaret Rafael
Nusa Cendana University, Indonesia
Email: [email protected],
ARTICLE INFO ABSTRACT
Received:
January, 26
th
2022
Revised:
February, 17
th
2022
Approved:
February, 18
th
2022
In order to improve organizational governance, universities
are required to carry out risk management. This study aims
to help NC University to identify, analyze, evaluate and
treat risks systematically. This research is a qualitative
research. The data were analyzed descriptively based on
the ISO 31000:2018 risk management framework, namely a
risk assessment which includes identification, analysis and
evaluation of risks as well as risk treatment. The result of
this research is that there are risks that have been identified
based on three categories, namely strategic risk,
operational risk, and financial risk. In addition, there are
several risk treatment actions taken.
KEYWORDS
Management, Risk, ISO 31000
This work is licensed under a Creative Commons
Attribution-ShareAlike 4.0 International
INTRODUCTION
Universities are required by the government to carry out risk management as part
of the implementation of the Government Internal Control System (SPIP) as stipulated in
Government Regulation Number 60 of 2008 concerning the Government's Internal
Control System. There are five elements in the SPIP, namely the control environment,
risk assessment, control activities, information, communication, and monitoring
(SUGIYONO, Miqdad, & Sulistiyo, 2021).
One of the elements of SPIP, namely risk assessment, is intended to improve
organizational governance through the implementation of risk management (Purwanto,
Sp, & Fitria, 2021). Risk is something that leads to uncertainty over the occurrence of an
event during a certain time interval where the event causes a loss, both small losses that
Minarni Anaci Dethan, Yohanes Demu, Sarinah Joyce Margaret Rafael
Risk Management Analysis Based on ISO 13000 at NC University 208
are not so significant or large losses that affect the survival of an organization (Lokobal,
Sumajouw, & Sompie, 2014). Thus, risk management (risk management) becomes
important for an organization, including educational institutions because educational
activities cannot be separated from risks that can interfere with the achievement of
educational goals.
There are 2 methods that are most often used in risk management, namely the
COSO and ISO methods (Ariff et al., 2014). Both methods have been widely used by
companies and agencies in various countries because they provide guidelines for
implementing risk management that aim to support the level of effectiveness of risk
management for its users. However, both have differences, namely where COSO views
risk as an event that may occur and has a negative influence on the achievement of
organizational goals (Arfiansyah, 2021). On the other hand, ISO defines risk as the effect
of uncertainty on organizational goals (Lalonde & Boiral, 2012). Then to ensure that risk
management runs effectively, ISO mentions eight principles that must be met (Hopkin,
2018). The eight principles include integrated, structured and comprehensive, according
to organizational needs, inclusive, dynamic, based on the best available information,
considering human and cultural factors, continuous improvement. Meanwhile COSO did
not mention the principle (Paape & Speklé, 2012).
KMK number 577/KMK.01/2019 concerning Risk Management within the
Ministry of Finance also uses ISO 31000:2018 as a reference in perfecting the Ministry of
Finance's risk management standards. There are 3 elements of ISO 31000:2018 Risk
management-guidelines used in the KMK which include principles, frameworks and risk
management processes into a more open and interrelated system. In addition, ISO defines
risk not only for events that have a negative effect (downside risk) but also the risk of
having a positive impact (upside risk) for the achievement of organizational goals.
Risk Management is the process of identifying, assessing, and prioritizing risks
followed by the coordination and application of economic resources to minimize, monitor
and monitor the possibility of occurrence of unfavorable events. The risk management
process includes the systematic application of policies, procedures, and various
approaches to carry out communication and consultation, build context and assess risk,
treat, monitor, review, record and report (to interested parties) (Bashynska, Kovalova,
Malovichko, & Shirobokova, 2020).
NC University is one of the PTN designated as PTN BLU based on the Decree of
the Minister of Finance (Kepmenkeu) in 2017 (Astawa, Prayudi, & Diputra, 2020). This
change in status has made NC University serious in risk management. Based on the
Regulation of the Minister of Finance (PMK) No. 200/PMK.05/2017 of 2017 which
regulates the internal control system of the BLU. The PMK states that BLU leaders need
to conduct a risk assessment to identify risks that exist within the organization and
analyze these risks.
The application of risk management will help NC University as a PTN BLU in
achieving organizational goals. Risk management is useful for NC University as PTN
BLU in identifying what risk areas are faced and how risk management will help PTN
BLU in achieving goals and improving the main performance of NC University.
Implementation of risk management is able to minimize the possibility or consequences
of unfavorable events. In addition, good risk management will increase the awareness of
PTN BLU managers in making strategic and appropriate decisions based on the risk
analysis that has been carried out. Based on the description of the background above, this
research was conducted with the aim of conducting an analysis of risk management at the
University of NC.
Eduvest – Journal of Universal Studies
Volume 2 Number 2, February 2022
209 http://eduvest.greenvest.co.id
RESEARCH METHOD
This research approach uses a qualitative descriptive method with a case study at
the University of NC as a BLU College (Syari’udin, Sutoyo, & Yulianti, 2021). This
study uses an interactive model in the analysis of interview data. The interactive model
uses 4 components, namely (1) data collection, (2) data reduction, (3) data presentation,
and (4) conclusion or verification (Miles and Huberman, 1984; Sugiyono, 2019) (Isnaini
& Ariyanti, 2020).
There are two (2) stages in this research, namely, first: a preliminary survey by
distributing questionnaires to verify, clarify and find out whether or not the relevant risk
variables obtained through literature studies and preliminary surveys of the heads of
departments/work units at the university NC; the second stage, namely conducting a
survey related to risk analysis. The survey results are processed using the Severity Index
(SI) method (Haimovich et al., 2020).
RESULT AND DISCUSSION
The results of this study are divided into two parts based on the stages of
research, namely:
1. Preliminary Survey
A survey of leaders within the University of NC, and obtained 30 respondents
who are leaders in the University of NC from several classes of positions. Based on the
returned questionnaire, information about the demographics of the respondents was
obtained so that it can be seen the characteristics of the respondents who were the sample
in this study (Luo, Lie, & Prinzen, 2020). In this section there is information about the
gender, educational background, years of service and position of the respondents. The
general description of the respondents can be seen in the following pictures:
Figure 1 Respondents by Gender
Source: processed data, 2021
[CATEGOR
Y NAME]
[PERCEN
TAGE]
[CATEGOR
Y NAME]
[PERCENT
AGE]
Minarni Anaci Dethan, Yohanes Demu, Sarinah Joyce Margaret Rafael
Risk Management Analysis Based on ISO 13000 at NC University 210
Based on Figure 2 that respondents with male sex as much as 57% while female
sex as much as 43%. Thus, the majority of respondents in this study were women.
Figure 2 Respondents based on Educational Background
Figure 3 shows that most of the respondents' education levels are Masters with a
presentation level of 60%, while respondents with S1 and S3 education levels are 20%
each.
Figure 3 Respondents by Working Period
Figure 4 shows respondents based on years of service. Based on the figure,
respondents with a tenure of 10 – 15 years are the most dominant, which is 36%, for a
service period of 15 – 20 years by 17%, for a service period of >25 years by 23%, a
service period of 20 – 25 years by 10%. , and years of service <5 years and 5 – 10 years
respectively at 7%.
Respondents based on position are shown in Figure 4. 44% of respondents served
as sub-coordinators, 23% Chair/Secretary of Study Programs, Respondents with positions
[PERCEN
TAGE]
[PERCEN
TAGE]
[PERCEN
TAGE]
S1
S2
S3
<5 th
7%
5 - <10 th
7%
10 - <15 th
36%
15 - <20 th
17%
20 - <25 th
10%
>25 th
23%
<5 th 5 - <10 th 10 - <15 th 15 - <20 th 20 - <25 th >25 th
Eduvest – Journal of Universal Studies
Volume 2 Number 2, February 2022
211 http://eduvest.greenvest.co.id
as Dean/Vice Dean and Coordinator each 13%, and Head of Institution/unit 7% .
Figure 4 Respondents by Position
Based on the preliminary survey conducted, the results of the variable relevance
test were obtained. In the risk variable relevance test phase, the researcher used the
Guttman scale, the respondents were asked whether or not they agreed to the possibility
of these risks within the University of NC. The statement agrees is that the risk variable is
likely to occur at the University or has already occurred, while the statement disagrees is
that the risk variable has no possibility of occurring or has never occurred at the
University of NC. For a positive answer or agree it is given a score of 1, while for a
negative answer or not it is given a score of 0. The score of the answers is then totaled, if
the total score is > half of the total number of respondents, the answer is positive and vice
versa (Perneger, Peytremann-Bridevaux, & Combescure, 2020).
Table 1 Relevance Test Results for Risk Variables
No
Risk
Code
Risk Variable
Agrree
Not
Agree
A. Strategy and Planning Risk
1
A1
Decreased accreditation of
universities/study programs
23
77%
7
23%
2
A2
Undana's performance contract was not
achieved
23
77%
7
23%
3
A3
Webometrics ranking drops
24
80%
6
20%
4
A4
Decreased cooperation with external
parties
25
83%
5
17%
5
A5
UKT rates are not in accordance with the
student's ability to pay
13
43%
1
7
57%
6
A6
Decrease in the number of students
15
50%
1
5
50%
7
A7
Financial Statements get an unqualified
opinion
25
83%
5
17%
B. Finance Risk
8
B1
PNBP receipts below the set target
16
53%
1
4
47%
9
B2
Unaccountable financial accountability
19
63%
1
1
37%
13%
23%
13%
44%
7%
Dekan/Wakil Dekan
Ketua/Sekretaris Program
Studi
Koordinator
Sub Koordinator
Ketua Lembaga/Unit
Minarni Anaci Dethan, Yohanes Demu, Sarinah Joyce Margaret Rafael
Risk Management Analysis Based on ISO 13000 at NC University 212
10
B3
Financial realization does not match the
expected target
21
70%
9
30%
C. Operational/Infrastructure risk
11
C1
The ratio of lecturers and students does not
meet the accreditation requirements
18
60%
1
2
40%
12
C2
The results of the lecturer's research do not
answer the community's needs
16
53%
1
4
47%
13
C3
Scholarships are received by students who
are not right on target
14
47%
1
6
53%
14
C4
The business unit did not achieve the
planned target
22
73%
8
27%
15
C5
Business Units are not managed efficiently
22
73%
8
27%
16
C6
Procurement of goods does not meet
specifications
20
67%
1
0
33%
17
C7
There is an expensive price in the
procurement of goods/services
22
73%
8
27%
18
C8
Asset administration and maintenance is
not going well
22
73%
8
27%
19
C9
Handling of Inventory Change (Up) is
stagnating
21
70%
9
30%
20
C10
Reporting of SPI audit results is not in
accordance with the set schedule
19
63%
1
1
37%
21
C11
A fire occurred in the lecture
building/laboratory/office
building/multipurpose room
14
47%
1
6
53%
22
C12
Website with undana.ac.id account hacked
14
47%
1
6
53%
23
C13
Prolonged power outage
24
80%
6
20%
Based on the results of the relevance test, 3 risk categories were identified at NC
Universities, and most of them agreed that the risk occurred at NC Universities. As
shown in Table 1. These risks are divided into 3 risk groups, namely:
a. Strategy and Planning Risk, which is a risk related to the strategic decision-
making process. The risks that usually arise are unexpected conditions that reduce the
company's or institution's ability to carry out the planned strategy in achieving the goals
that have been set.
b. Finance Risk, is a risk that can affect the ability and financial stability of the
company/institution.
c. Operational/Infrastructure risk, is a risk related to the failure of the
company's/institution's internal process function. There are 4 common factors that cause
operational risk, namely human error, process error, system error and error due to
external factors.
Eduvest – Journal of Universal Studies
Volume 2 Number 2, February 2022
213 http://eduvest.greenvest.co.id
2. Main Survey
After identifying the relevant risks at NC University, a main stage questionnaire
survey was then conducted to conduct a risk analysis. The risk analysis phase begins by
distributing the risk probability and impact questionnaire to the same 30 respondents
before. Each probability and risk impact has 1-5 indices which have the following
meanings:
Table 2 Table of Probability Criteria
Indeks
Likelihood Level
Likelihood Criteria
Percentage of
probability of
occurrence in 1 period
The number of possible
occurrences in 1 period
1
Almost didn't happen
x < 5%
Very rarely
2
Rarely happening
5% < x < 10%
<2 times in 1 year
3
Sometimes it
happens
10% < x < 20%
Rarely 2 times to 5 times
in 1 year
4
Often occurs
20% < x < 50%
Quite often 5 to 9 times
in 1 year
5
It's almost certain to
happen
x > 50%
Often 10 times to 12
times in 1 year
Table 3 Impact Criteria
Index
Impact
Level
ImpactArea
Company
Losses
Decline in
Reputation
Performance
Drop
Disruption to
the
Organization's
services
Lawsuits
1
Not
significant
Total
loss 0 –
IDR 10
million
Stakeholder
complaints
directly
verbally/written
to the
organization
are about 3 in
one period
Achievement
of
performance
targets
Delayed
service in 1
day
Number
of
lawsuits
5 times
in one
period
2
Minor
Total
state
losses are
more
than Rp.
10
million –
Rp. 50
million
Stakeholder
complaints
directly
verbally/written
to the
organization
are more than 3
in one period
Achievement
of
performance
targets above
80% to
100%
Service is
delayed more
than 1 day to
5 days
Number
of
lawsuits
above 5
to 15
times in
one
period
3
Sometimes
it happens
The total
loss to
the state
Negative notice
in local mass
media
Achievement
of
performance
Service is
delayed more
than 5 days to
Number
of
lawsuits
Minarni Anaci Dethan, Yohanes Demu, Sarinah Joyce Margaret Rafael
Risk Management Analysis Based on ISO 13000 at NC University 214
is more
than Rp.
50
million –
Rp. 100
million
targets above
50% to 80%
15 days
above
15 to 30
times in
one
period
4
Often
occurs
The total
loss to
the state
is more
than Rp.
100
million –
Rp. 500
million
Negative notice
in national
mass media
Achievement
of
performance
targets above
25% to 50%
Service is
delayed more
than 15 days
to 30 days
Number
of
lawsuits
above
30 to 50
times in
one
period
5
It's almost
certain to
happen
The total
loss to
the state
is more
than Rp.
500
million
Negative notice
in international
mass media
Achievement
of
performance
targets <25%
Service
delayed more
than 30 days
Number
of
lawsuits
more
than 50
times in
one
period
After the data is obtained, then the main survey results are analyzed using the
Severity Index (SI) method. The aim is to obtain a combined result of the risk assessment
of probability and impact. Based on the data obtained through questionnaires that have
been distributed, the results of the analysis of the probability and impact risk assessment
for all risk variables using the Severity Index (SI) method can be seen in Table 4 and
Table 5.
Table 4 Results of Risk Variable Probability Assessment with SI
No
Risk Code
Probability
SI
(%)
Categ
ory
Alm
ost
does
n't
happ
en
Rarel
y
Happ
ens
Someti
mes
Happe
ns
Ofte
n
Happ
ens
Alm
ost
certai
nly
happ
ens
1
2
3
4
5
Strategy and Planning Risk
1
A1
Decreased
accreditation of
universities/study
programs
2
3
2
15
8
70,0
0
4
2
A2
Undana's
performance
2
4
10
4
10
63,3
4
Eduvest – Journal of Universal Studies
Volume 2 Number 2, February 2022
215 http://eduvest.greenvest.co.id
contract was not
achieved
3
3
A3
Webometrics
ranking drops
2
2
15
10
1
55,0
0
3
4
A4
Decreased
cooperation with
external parties
9
7
7
5
2
36,6
7
2
5
A5
UKT rates are not
in accordance
with the student's
ability to pay
6
4
9
10
1
46,6
7
3
6
A6
Decrease in the
number of
students
1
4
5
10
10
70,0
0
4
7
A7
Financial
Statements get an
unqualified
opinion
5
1
11
9
4
55,0
0
3
Finance Risk
8
B1
PNBP receipts
below the set
target
2
6
12
8
2
51,6
7
3
9
B2
Unaccountable
financial
accountability
5
3
3
7
12
65,0
0
4
10
B3
Financial
realization does
not match the
expected target
3
7
6
11
3
53,3
3
3
Operational/Infrastructure risk
11
C1
The ratio of
lecturers and
students does not
meet the
accreditation
requirements
7
9
6
7
1
38,3
3
3
12
C2
The results of the
lecturer's research
do not answer the
community's
needs
6
12
7
4
1
35,0
0
2
13
C3
Scholarships are
received by
students who are
not right on target
4
7
8
9
2
48,3
3
3
Minarni Anaci Dethan, Yohanes Demu, Sarinah Joyce Margaret Rafael
Risk Management Analysis Based on ISO 13000 at NC University 216
14
C4
The business unit
did not achieve
the planned target
1
2
1
1
25
89,1
7
5
15
C5
Business Units are
not managed
efficiently
3
5
5
11
6
60,0
0
3
16
C6
Procurement of
goods does not
meet
specifications
4
1
4
12
9
67,5
0
4
17
C7
There is an
expensive price in
the procurement
of goods/services
5
1
5
3
16
70,0
0
4
18
C8
Asset
administration and
maintenance is not
going well
5
3
6
6
11
64,1
7
4
19
C9
Handling of
Inventory Change
(Up) is stagnating
6
2
6
8
8
58,3
3
3
20
C10
Reporting of SPI
audit results is not
in accordance
with the set
schedule
9
10
4
5
2
34,1
7
2
21
C11
The occurrence of
a fire in the
lecture building /
laboratory / office
building /
multipurpose
room
9
4
8
7
2
40,8
3
3
22
C12
Website with
undana.ac.id
account hacked
16
6
5
1
2
22,5
0
2
23
C13
Prolonged power
outage
5
4
6
7
8
57,5
0
3
Eduvest – Journal of Universal Studies
Volume 2 Number 2, February 2022
217 http://eduvest.greenvest.co.id
Table 5 Results of Risk Variable Impact Assessment with SI
No
Risk Code
Impact
SI
(%)
Catego
ry
Not
Signi
fican
t
Mino
r
Mod
erate
Signifi
cant
Very
Signi
fican
t
1
2
3
4
5
Strategy and Planning Risk
1
A1
Decreased
accreditation of
universities/study
programs
5
3
9
8
5
54,1
7
3
2
A2
Undana's
performance
contract was not
achieved
2
4
6
8
10
66,6
7
4
3
A3
Webometrics
ranking drops
1
17
4
6
2
42,5
0
3
4
A4
Decreased
cooperation with
external parties
2
10
7
8
3
50,0
0
3
5
A5
UKT rates are not
in accordance with
the student's
ability to pay
4
8
6
6
6
51,6
7
3
6
A6
Decrease in the
number of
students
3
3
6
8
10
65,8
3
4
7
A7
Financial
Statements get an
unqualified
opinion
6
5
7
8
4
49,1
7
3
Finance Risk
8
B1
PNBP receipts
below the set
target
3
3
6
9
9
65,0
0
4
9
B2
Unaccountable
financial
accountability
4
2
11
6
7
58,3
3
3
10
B3
Financial
realization does
not match the
expected target
4
4
7
7
8
59,1
7
3
Operational/Infrastructure risk
Minarni Anaci Dethan, Yohanes Demu, Sarinah Joyce Margaret Rafael
Risk Management Analysis Based on ISO 13000 at NC University 218
11
C1
The ratio of
lecturers and
students does not
meet the
accreditation
requirements
4
3
8
8
7
59,1
7
3
12
C2
The results of the
lecturer's research
do not answer the
community's
needs
6
3
13
5
3
46,6
7
3
13
C3
Scholarships are
received by
students who are
not right on target
10
5
9
3
3
36,6
7
2
14
C4
The business unit
did not achieve the
planned target
4
3
6
7
10
63,3
3
4
15
C5
Business Units are
not managed
efficiently
4
3
7
10
6
59,1
7
3
16
C6
Procurement of
goods does not
meet
specifications
3
1
6
12
8
67,5
0
4
17
C7
There is an
expensive price in
the procurement
of goods/services
4
2
8
7
9
62,5
0
3
18
C8
Asset
administration and
maintenance is not
going well
3
1
7
8
11
69,1
7
4
19
C9
Handling of
Inventory Change
(Up) is stagnating
4
1
7
11
7
63,3
3
4
20
C1
0
Reporting of SPI
audit results is not
in accordance with
the set schedule
4
12
3
8
3
45,0
0
3
21
C1
1
A fire occurred in
the lecture
building/laborator
y/office
building/multipurp
ose room
3
6
6
7
8
59,1
7
3
Eduvest – Journal of Universal Studies
Volume 2 Number 2, February 2022
221 http://eduvest.greenvest.co.id
22
C1
2
Website with
undana.ac.id
account hacked
20
6
3
1
0
12,5
0
1
23
C1
3
Prolonged power
outage
2
2
6
8
12
71,6
7
4
The following is an example of a calculation using the Severity Index (SI)
method. Based on the data obtained through the questionnaire on the probability of the
occurrence of A1 risk, namely "Decrease in university/study program accreditation", the
following data were obtained, namely 2 respondents stated the probability of almost not
happening (HTT/1), 3 respondents stated Rarely Occurred (JT/2), 2 respondents stated
that it happens sometimes (KT/3), 15 respondents said it often happened (ST/4), 8
respondents said it almost certainly happened (HPT/5).
Where: ai = research constant
xi = frequency of respondents
i = 0, 1, 2, 3, 4…., n
With : a0 = 0 x0 = for the answer Almost does not happen (HTT/1)
a1= 1 x1 = for the answer Rarely Occurs (JT/2)
a2 = 2 x2 = for the answer Sometimes Happens (KT/3)
a3 = 3 x3 = for almost certain answer (HPT/4)
a4 = 4 x4 = for the answer Very Often Happens (SST/5)
After finding the SI value = 70, then this SI value is converted to the Probability
and Impact assessment scale as follows:
Almost did not happen (HTT/1) = 0.00 SI < 12.5
Rarely Occurs (JT/2) = 12.5 SI < 37.5
Occasional (KT/3) = 37.5 SI< 62.5
Frequently Occurs (ST/4) = 62.5 SI < 87.5
Almost certain to happen (HPT/5) = 87.5 SI < 100
Based on the above criteria, the Probability category of A1 risk, namely
“Decreased accreditation of universities/study programs” is almost certain to occur
(HPT/4).
After the risk category is converted into the form of a number, a risk analysis of
the probability x impact calculation can be carried out with the help of the Probability and
Impact Matrix as shown in Table 6 and Table 7. Risk analysis is carried out by
multiplying the results of the probability assessment (P) with the results of the impact
assessment (I). ) of each risk variable. The calculation results can be seen in Table 8.
Minarni Anaci Dethan, Yohanes Demu, Sarinah Joyce Margaret Rafael
Risk Management Analysis Based on ISO 13000 at NC University 222
From the results of the risk analysis in table 8, it is found that several risk
variables have a fairly large value compared to other risks, namely the extreme high
category. These risks have the greatest probability of occurring and have a significant
impact on NC University.
Tabel 6 Matriks Analisis Risiko
Level
Risk Level
Priority
Risk
Amount of Risk
Colour
5
Very high
1
25
2
24
3
23
4
Tall
4
22
5
21
6
20
7
19
8
18
3
Currently
9
17
10
16
11
15
12
14
13
13
14
12
15
11
16
10
17
9
2
Low
18
8
19
7
20
6
21
5
22
4
1
Very low
23
3
24
2
25
1
Table 7 Matrix of ISO 31000:2018 Risk Analysis
Risk Analysis Matrix
(Risk Priority Scale)
Impact Level
Not
Significant
Minor
Moderate
Significant
Very
Significant
Likelihoo
d Level
Almost Definitely
Happening
17
10
6
3
1
Often occurs
20
13
8
4
2
Eduvest – Journal of Universal Studies
Volume 2 Number 2, February 2022
223 http://eduvest.greenvest.co.id
Sometimes Happens
22
15
11
7
5
Rarely happening
24
19
14
12
9
Hardly Happened
25
23
21
18
16
Table 8 Risk Analysis Matrix
Table 9 Probability x Impact Risk
No
Risk
Code
Risk Variable
Probab
ility
Impact
P x I
Risk
Category
1
A1
Decreased accreditation of
universities/study programs
4
3
12
High
2
A2
Non-achievement of
performance contract
4
4
16
Extreme
High
3
A3
Webometrics ranking drops
3
3
9
High
4
A4
Decreased cooperation with
external parties
2
3
6
Medium
5
A5
UKT rates are not in
accordance with the student's
ability to pay
3
3
9
High
6
A6
Decrease in the number of
students
4
4
16
Extreme
High
7
A7
Financial Statements get an
unqualified opinion
3
3
9
High
8
B1
PNBP receipts below the set
target
3
4
12
High
9
B2
Unaccountable financial
accountability
4
3
12
High
10
B3
Financial realization does not
match the expected target
3
3
9
High
11
C1
The ratio of lecturers and
students does not meet the
accreditation requirements
3
3
9
High
12
C2
The results of the lecturer's
research do not answer the
community's needs
2
3
6
Medium
5 = Sangat Besar
(> 80%)
5 10 15 20 25
4 = Besar
(60% < p < 80%)
4 8 12 16 20 Extreme High
3 = Sedang
(40% < p ≤ 60%)
3 6 9 12 15 High Risk
2 = Kecil
(10% < p < 40%)
2 4 6 8 10 Medium Risk
1 = Sangat Kecil
≤ 10%
1 2 3 4 5 Low Risk
1 = Insignificant 2 = Minor 3 = Moderate 4 = Significant 5 = Catastrophic
Dampak
Probabilitas
A1
A2
A3
A5
A7
D2
A4
A6
B1
C2
C3
C6
C8
C4
C10
B2
C7
C9
D3
B3
C1
C5
D1
D3
Minarni Anaci Dethan, Yohanes Demu, Sarinah Joyce Margaret Rafael
Risk Management Analysis Based on ISO 13000 at NC University 224
13
C3
Scholarships are received by
students who are not right on
target
3
2
6
Medium
14
C4
The business unit did not
achieve the planned target
5
4
20
Extreme
High
15
C5
Business Units are not
managed efficiently
3
3
9
High
16
C6
Procurement of goods does not
meet specifications
4
4
16
Extreme
High
17
C7
There is an expensive price in
the procurement of
goods/services
4
3
12
High
18
C8
Asset administration and
maintenance is not going well
4
4
16
Extreme
High
19
C9
Handling of Inventory Change
(Up) is stagnating
3
4
12
High
20
C10
Reporting of SPI audit results
is not in accordance with the
set schedule
2
3
6
Medium
21
C11
A fire occurred in the lecture
building/laboratory/office
building/multipurpose room
3
3
9
High
22
C12
Website with undana.ac.id
account hacked
2
1
2
Low
23
C13
Prolonged power outage
3
4
12
High
Based on Table 9, it is known that of the 23 identified risks, there are 5 risks that
fall into the Extreme High category, meaning that these 5 risks must be handled
immediately. There are 13 risks in the High category, 4 risks in the Medium category and
1 risk in the low category.
There are 5 actions that can be taken to deal with these risks, namely:
1. Avoid
This action is carried out by not carrying out activities that can cause these risks.
2. Share
Risk treatment by dividing the process stages which are handled by other
institutions and each is responsible for the stages of its work.
3. Transfer
This action is carried out by dividing the risk by buying insurance, reinsurance
and doing hedging.
4. Reduce
Risk treatment by reducing the possibility of risk occurring through the creation
of procedures and internal control, training, internal socialization.
Eduvest – Journal of Universal Studies
Volume 2 Number 2, February 2022
225 http://eduvest.greenvest.co.id
5. Receive
This action means accepting risk because it cannot be avoided or reduced because
it is part of the organization's scope of work.
The same questionnaire was given to the respondents to see how the respondents
think about dealing with these risks. Respondents' answers varied, processed using the
same method, namely the Severity Index (SI) method. The following is the response of
respondents to the risk treatment that has been identified in table 10.
Table 10 Responses to Dominant Risks
No
Risk Code
Impact
SI
(%)
Cate
gory
Avoid
Shari
ng
Tran
sfer
Red
uce
Re
cei
ve
1
2
3
4
5
Strategy and Planning Risk
1
A1
Decreased accreditation
of universities/study
programs
4
2
0
22
2
63,33
4
2
A2
Undana's performance
contract was not
achieved
0
5
0
20
5
70,83
4
3
A3
Webometrics ranking
drops
0
4
0
19
6
70,83
4
4
A4
Decreased cooperation
with external parties
0
6
1
21
3
69,17
4
5
A5
UKT rates are not in
accordance with the
student's ability to pay
3
2
1
23
1
64,17
4
6
A6
Decrease in the number
of students
1
1
0
25
3
73,33
4
7
A7
Financial Statements
get an unqualified
opinion
5
3
0
15
7
63,33
4
Finance Risk
8
B1
PNBP receipts below
the set target
3
3
0
21
3
65,0
0
4
9
B2
Unaccountable financial
accountability
2
2
1
22
3
68,3
3
4
10
B3
Financial realization
does not match the
expected target
4
2
1
20
3
63,3
3
4
Operational Risk
11
C1
The ratio of lecturers
and students does not
meet the accreditation
requirements
4
2
1
21
2
62,5
0
4
Minarni Anaci Dethan, Yohanes Demu, Sarinah Joyce Margaret Rafael
Risk Management Analysis Based on ISO 13000 at NC University 226
12
C2
The results of the
lecturer's research do
not answer the
community's needs
3
1
2
23
1
65,0
0
4
13
C3
Scholarships are
received by students
who are not right on
target
7
19
1
3
0
25,0
0
2
14
C4
The business unit did
not achieve the planned
target
2
0
3
19
6
72,5
0
4
15
C5
Business Units are not
managed efficiently
2
3
2
19
4
66,6
7
4
16
C6
Procurement of goods
does not meet
specifications
4
1
1
22
2
64,1
7
4
17
C7
There is an expensive
price in the procurement
of goods/services
2
5
0
20
3
64,1
7
4
18
C8
Asset administration and
maintenance is not
going well
2
3
0
25
0
65,0
0
4
19
C9
Handling of Inventory
Change (Up) is
stagnating
3
3
1
19
4
65,0
0
4
20
C1
0
Reporting of SPI audit
results is not in
accordance with the set
schedule
4
2
1
14
9
68,3
3
4
21
C1
1
A fire occurred in the
lecture
building/laboratory/offic
e building/multipurpose
room
1
1
26
2
0
49,1
7
3
22
C1
2
Website with
undana.ac.id account
hacked
7
2
3
18
0
51,6
7
3
23
C1
3
Prolonged power outage
3
8
4
11
4
54,1
7
3
Table 11 Responses to Dominant Risks
No
Risk
Code
Variable Risk
Type of Risk
Handling
1
A2
Non-achievement of performance
contract
Extreme High
Reduce
2
A6
Decrease in the number of students
Extreme High
Reduce
Eduvest – Journal of Universal Studies
Volume 2 Number 2, February 2022
227 http://eduvest.greenvest.co.id
3
C4
The business unit did not achieve
the planned target
Extreme High
Reduce
4
C6
Procurement of goods does not
meet specifications
Extreme High
Reduce
5
C8
Asset administration and
maintenance is not going well
Extreme High
Reduce
Based on table 10, it is known that most of the risks are handled by respondents
by reducing risk, namely 83% of the total respondents, while those who choose to transfer
risk are 13%, and share risk is 4%. Risk management against 5 extreme high risks is
dominated by risk reduction measures. This action can be done by making policies that
can reduce these risks by using cost and benefit analysis.
CONCLUSION
Based on the results and discussion of this research, it can be concluded that after
risk identification there are twenty-three risks identified at NC University based on three
types of risks, namely Strategy and Planning Risk with 7 risks, Finance Risk with 3 risks,
and Operational/Infrastructure risk. as many as 13 risks.
The results of the risk analysis show that of the twenty-three identified risks, there
are 5 risks that fall into the Extreme High category, meaning that these 5 risks must be
handled immediately, 13 risks in the High category, 4 risks in the Medium category and 1
risk in the low category. Risk management actions are carried out by reducing risk for 19
risks, which is 83% of the total respondents, while those who choose to transfer risk are
13%, or 3 risks and share and accept risk of 4%, namely 1 risk.
REFERENCES
Arfiansyah, Zef. (2021). THE EFFECT OF ENTERPRISE RISK MANAGEMENT,
KNOWLEDGE MANAGEMENT, AND ORGANIZATIONAL CULTURE ON
ORGANIZATIONAL RESILIENCE. International Journal of Contemporary
Accounting, 3(2), 93–114.
Ariff, Mohd Shoki Bin Md, Zakuan, Norhayati, Tajudin, Muhammad Naquib Mohd,
Ahmad, Azira, Ishak, Nawawi, & Ismail, Khalid. (2014). A framework for risk
management practices and organizational performance in higher education. Review
of Integrative Business and Economics Research, 3(2), 422.
Astawa, I. Gede Putu Banu, Prayudi, Made Aristia, & Diputra, Ida Bagus Raminra P.
(2020). Analysis of the Impact of Changes in Institutional Financial Management
Patterns on Increasing Non-Tax Revenues. 5th International Conference on
Tourism, Economics, Accounting, Management and Social Science (TEAMS 2020),
115–122. Atlantis Press.
Bashynska, Iryna, Kovalova, Olena, Malovichko, Olena, & Shirobokova, Olga. (2020).
Risk management of innovative socially significant projects (on the example of
urban passenger transport). International Journal of Advanced Research in
Engineering and Technology (IJARET), 11(4).
Minarni Anaci Dethan, Yohanes Demu, Sarinah Joyce Margaret Rafael
Risk Management Analysis Based on ISO 13000 at NC University 228
Haimovich, Adrian D., Ravindra, Neal G., Stoytchev, Stoytcho, Young, H. Patrick,
Wilson, Francis P., van Dijk, David, Schulz, Wade L., & Taylor, R. Andrew.
(2020). Development and validation of the quick COVID-19 severity index: a
prognostic tool for early clinical decompensation. Annals of Emergency Medicine,
76(4), 442–453.
Hopkin, Paul. (2018). Fundamentals of risk management: understanding, evaluating and
implementing effective risk management. Kogan Page Publishers.
Isnaini, Indri Dwi, & Ariyanti, Mira Pradipta. (2020). Teacher’s Creativity in the
Development of Learning Media Fun Book in Kindergarten. International
Conference on Learning Innovation 2019 (ICLI 2019), 71–74. Atlantis Press.
Lalonde, Carole, & Boiral, Olivier. (2012). Managing risks through ISO 31000: A critical
analysis. Risk Management, 14(4), 272–300.
Lokobal, Arif, Sumajouw, Marthin D. J., & Sompie, Bonny F. (2014). Manajemen risiko
pada perusahaan jasa pelaksana konstruksi di Propinsi Papua (study kasus di
Kabupaten Sarmi). Jurnal Ilmiah Media Engineering, 4(2).
Luo, Hongxing, Lie, Yongchan, & Prinzen, Frits W. (2020). Surveillance of COVID-19
in the general population using an online questionnaire: report from 18,161
respondents in China. JMIR Public Health and Surveillance, 6(2), e18576.
Paape, Leen, & Speklé, Roland F. (2012). The adoption and design of enterprise risk
management practices: An empirical study. European Accounting Review, 21(3),
533–564.
Perneger, Thomas V, Peytremann-Bridevaux, Isabelle, & Combescure, Christophe.
(2020). Patient satisfaction and survey response in 717 hospital surveys in
Switzerland: a cross-sectional study. BMC Health Services Research, 20(1), 1–8.
Purwanto, Bambang Heru, Sp, Eddy Jusuf, & Fitria, Siti Nurul. (2021). Risk
Management Strategy In Good Governance Perspective To The Bekasi City
GovernmentRisk management is very necessary in optimizing the use of resources
owned by the organization through restructuring the system of governance by
applying the principles o. Review of International Geographical Education Online,
11(5), 4370–4381.
SUGIYONO, SUKMA U. L. I. NUHA, Miqdad, Muhammad Miqdad, & Sulistiyo,
Agung Budi Sulistiyo. (2021). The Implementation Internal Control System
Government with Government Regulation Release of No. 60/2008 in Kpu Jember
Regency: A Phenomenology Approach: Spip. Jurnal Riset Akuntansi Dan Bisnis
Airlangga, 6(2), 353221.
Syari’udin, Akhmad, Sutoyo, Sutoyo, & Yulianti, Retno. (2021). The Perception of
Budget Managers on The Budget Absorption Variable in New State
Universities:(Empirical Studies at University of Pembangunan Nasional “Veteran”
Yogyakarta). RSF Conference Series: Business, Management and Social Sciences,
1(3), 402–410.
