Risk Management Process of PT XYZ Based on ISO 31000:2018

Abstract

PT XYZ, a food distribution company in Indonesia, operates in a highly volatile environment with challenges such as price fluctuations, logistical disruptions, and fraud, yet lacks a structured risk management framework. This study aims to evaluate PT XYZ’s current risk management practices, align them with ISO 31000:2018, and identify gaps for improvement. Data collection was conducted between May and August 2025. Using a descriptive qualitative method, data was collected through interviews with five internal stakeholders, field observations, and document analysis. Tools such as risk index, RACI matrix, and Expected Monetary Value (EMV) were applied to assess and prioritize risks. The results show that (1) risk management at PT XYZ is informal and reactive, without standard documentation or clear accountability; (2) aligning with ISO 31000:2018 would introduce a more structured and integrated process; and (3) a comparison reveals critical gaps in communication, identification, and evaluation, leading to actionable recommendations that strengthen resilience and operational continuity.