Author: Yosep Yogo Widhiyatmoko

Risk management at the Ministry of Transportation has been further strengthened with the issuance of Decree of the Minister of Transportation of the Republic of Indonesia Number KM 69 of 2023 concerning Risk Management within the Ministry of Transportation on July 18 2023.

With the publication of the Minister of Transportation's Decree, the Directorate General of Railways as one of the Echelon I units under the Ministry of Transportation immediately carried out analysis and adjustments. Because the Directorate General of Railways previously had risk management guidelines in the Decree of the Director General of Railways Number: HK.209/3/19/DJKA/2022 concerning Technical Guidelines for Implementing Risk Management within the Directorate General of Railways which was stipulated on June 13 2022.

Through the Planning Section of the Directorate General of Railways, the analysis and socialization process has been carried out continuously, since Minister of Transportation Decree Number KM 69 of 2023 was published. Socialization within the Directorate General of Railways began for the first time at the Invitation dated 9 to. 11 August 2023 with the agenda of Monitoring the Control Action Plan for 2023 as well as Socializing KM 69 of 2023 and Discussion of Follow-up Results of the SPIP Implementation Maturity Self-Assessment.

Then it was continued with a limited invitation, from the 7th to 8 September 2023 with a special agenda for reviewing the Decree of the Director General of Railways Number HK.209/3/19/DJKA/2022 concerning Technical Guidelines for the Implementation of Risk Management within the Director General of Railways based on Decree of the Minister of Transportation Number KM 69 of 2023. On this agenda, the evaluation is carried out by making a comparison between the Decrees of the Minister of Transportation No. KM 69 of 2023 with the Director General's Decree which was issued first in 2022. A comparison was made to see the differences between the two.

Risk management is an inseparable part of the implementation of the Government Internal Control System (SPIP). Risk management activities seek to create controls to minimize the occurrence of risks in order to achieve goals. One way to build control activities is to carry out a risk assessment. This process includes the stages of risk identification and risk analysis. To design adequate control activities, an accurate risk assessment is required through a fairly complex process covering all activity processes and functional tasks that lead to achieving organizational goals.

The implementation of risk management in the public sector, including within Ministries/Agencies, has become a necessity to answer the challenges of implementing good governance. This is in line with the challenges of RPJMN IV 2020-2024 which stipulates six mainstreaming. This is a form of innovative approach that will be a catalyst for national development.

One of these mainstreaming is government governance that is accountable, effective and efficient in supporting increased performance in all dimensions of development. One of the indicators in mainstreaming good governance is "the application of risk management in managing agency performance".

Differences in the Risk Management Guidelines of the Director General's Decree and the Minister of Transportation's Decree

The main differences in risk management guidelines include, the first difference, the risk management governance structure which will be discussed further in the paragraph below, the second difference is the risk map matrix which originally consisted of four levels of frequency and impact to five levels of frequency and impact, the third difference is codification risk for each risk prepared

Then the fourth difference, there is an additional analysis component in the risk management context determination form, namely things that threaten and weaken the Risk Owner unit from the internal environment with the 5M approach (man, money, method, machine, material) and the external environment with the socio-economic approach and other external factors, and a business process map of the risk owner unit is required.

The fifth difference concerns the categorization/grouping of risk management forms, namely Format 1 to Format 22. This format is detailed in Ministry of Transportation No. KM 69 of 2023.

And the sixth difference, relates to differences in the risk management timeline in one period, where the risk analysis is carried out in October of the current year with the output in the form of a package of Risk Management Charter documents for the following year's period, which will later be used as an attachment when submitting the DIPA for the following year's period in December of the current year (For example, the 2024 DIPA is submitted in December 2023 with an attachment to the 2024 Risk Management Charter).

Meanwhile, other reporting is almost similar to the timeline in the previous guideline but the report format is different, namely the Risk Manager prepares a Quarterly Report (Format 16) every April (TW I), July (TW II), October (TW III) and January of the following year. (TW IV) and Annual Report (Format 17) in January of the following year. Meanwhile, the Center Level Risk Management Unit (UMR) prepares Quarterly Risk Management monitoring reports (Format 19) and Annual Reports (Format 20) which are submitted according to the reporting month of the Quarterly and Annual Risk Management Reports.

New Risk Management Governance Structure

The new risk management management structure remains with three lines of Risk Management Organizational Structure, differentiated at the Echelon I / Directorate General of Railways level, the Echelon II / Technical Directorate level, the Echelon III / Hall level, and the BLU organizational level.

Organizational Structure for Risk Management Governance at Echelon III/Hall level including the Railway Maintenance Center, including Line I consisting of Risk Owners and Risk Managers. The Risk Owner is the Head of the Railway Maintenance Center, while the Risk Management is coordinated by one of the Section Heads/Echelon IV apart from the Head of Administration Subdivision (TU Subdivision Head occupies Line II) who is appointed by the Risk Owner. Line II is the Risk Management Unit (UMR) at the Hall level which has been assigned to the position of Head of Administration/Finance and General Subdivision. Line III is the Inspectorate General for consultation, evaluation of Line I and quality assurance in Line II reporting.

The duties of the Risk Owner (Line I) include, among others, appointing a Risk Manager, namely an official one level below as a coordinator through a Risk Owner Decree, then determining risk priorities that need to be handled with control activities (Format 8), establishing a Risk Management Charter (Format 22) which contains Context Determination (Format 1), Risk Profile (Format 5), Risk Map (Format 7), and Risk Management Plan (Format 8), reporting risk management to the leadership one level above and to the Secretariat General c.q Head of Planning Bureau periodically (Quarterly /Annual) (Format 18).

The duties of the Risk Manager (Line II) include, among others, preparing the concept of a Risk Management Charter (Format 22), as well as carrying out Context Formulation (Format 1), carrying out a Risk Assessment (Format 5) and risk map (Format 7), and preparing a Risk Management Plan/ Control Action Plan (Format 8), including consulting with the Risk Owner to then determine it, then monitoring the realization of risk handling/RTP (Format 9), then compiling historical records of risk events into a Risk Event Report (Format 10), then reporting the implementation Risk Management in Quarterly Reports (Format 16) and Annual Reports (Format 17) to Risk Owners and Risk Management Units. As well as proposing new risks (if any) (Format 11) to the Risk Management Unit for review.

The duties of the Risk Management Unit (UMR) at Hall level (Line II) include, among other things, providing outreach regarding Risk Management to all work lines within the Railway Maintenance Center, then compiling quarterly and annual reports on Risk Management monitoring activities and reporting to the Risk Management Unit one level above. , then validate new risk proposals from the Risk Owner unit by looking at historical records of risk events (risk library) and supporting data, then provide feedback in the form of proposals/recommendations for the implementation of Risk Management by the first line.

Implementing effective risk management requires shared awareness and concern at every individual level of the organization. To foster awareness at each individual level, a risk culture is needed that supports the creation of a conducive control environment.