1. IPB Scientific Repository
  2. Dissertations and Theses
  3. Master Theses
  4. MT - Business
Please use this identifier to cite or link to this item: http://repository.ipb.ac.id/handle/123456789/172268
Title: Analisis Tingkat Maturitas Enterprise Risk Management pada PT XYZ
Other Titles: Analysis of the Enterprise Risk Management Maturity Level at PT XYZ
Authors: Priyarsono, Dominicus Savio
Jahroh, Siti
PRATAMA, M. RIFNALDY
Issue Date: 2026
Publisher: IPB University
Abstract: Penelitian ini dilatarbelakangi oleh urgensi strategis PT XYZ sebagai anak perusahaan Badan Usaha Milik Negara (BUMN) yang beroperasi di sektor teknologi informasi dengan eksposur risiko yang tinggi dan dinamis. Secara empiris, penerapan manajemen risiko di perusahaan saat ini terindikasi masih berjalan secara parsial (silo-based), di mana proses identifikasi dan mitigasi risiko dilakukan secara terpisah oleh masing-masing unit kerja tanpa adanya mekanisme agregasi portofolio korporat yang utuh. Kondisi ini berpotensi menimbulkan titik buta strategis (strategic blindspot) bagi manajemen puncak dalam pengambilan keputusan. Selain itu, terdapat tuntutan kepatuhan terhadap regulasi Peraturan Menteri BUMN Nomor PER-2/MBU/03/2023 yang mewajibkan penerapan Enterprise Risk Management (ERM) yang terintegrasi. Oleh karena itu, penelitian ini menjadi sangat krusial sebagai instrumen diagnostik objektif untuk memetakan kesenjangan kapabilitas organisasi saat ini serta merumuskan strategi transformasi yang presisi agar manajemen risiko dapat berfungsi efektif sebagai alat penciptaan nilai (value creation). Untuk menjawab permasalahan tersebut, penelitian ini menggunakan pendekatan metode campuran (mixed method). Kerangka kerja ISO 31000:2018 digunakan untuk evaluasi kualitatif kesesuaian sistem, sementara pengukuran tingkat maturitas dilakukan secara kuantitatif menggunakan parameter Risk Maturity Index (RMI) berdasarkan Petunjuk Teknis BUMN (SK-8/DKU.MBU/12/2023). Analisis lingkungan internal dan eksternal dilakukan menggunakan PESTLE Analysis yang kemudian disintesiskan dalam Matriks TOWS untuk perumusan strategi. Data dikumpulkan melalui teknik Purposive Sampling yang melibatkan 30 responden kunci dari level manajerial yang bertindak sebagai Risk Owner, mewakili fungsi bisnis utama (Core Business) dan fungsi pendukung (Support Function). Penelitian ini dilaksanakan pada periode April 2025 hingga Juni 2025. Berdasarkan hasil evaluasi terhadap tujuan penelitian pertama, analisis kualitatif menunjukkan bahwa secara kerangka kerja (design adequacy), PT XYZ telah memiliki dokumen kebijakan dan struktur yang selaras dengan standar ISO 31000:2018. Namun, efektivitas penerapan di lapangan (operational effectiveness) masih rendah karena budaya risiko belum terbentuk secara organik. Temuan ini dikonfirmasi oleh hasil pengukuran kuantitatif pada tujuan penelitian kedua, yang menunjukkan bahwa tingkat maturitas manajemen risiko PT XYZ berada pada skor 1,60 dengan predikat “awal”. Skor ini masih jauh di bawah target maturitas minimum BUMN, yaitu Level 3,00 yaitu "praktik yang baik". Kelemahan fundamental teridentifikasi pada Dimensi Budaya dan Kapabilitas Risiko serta Dimensi Organisasi dan Tata Kelola, yang mengindikasikan bahwa pengelolaan risiko masih sangat bergantung pada inisiatif individu dan belum didukung oleh sistem tata kelola yang melembaga. Mengacu pada kesenjangan maturitas tersebut, tujuan penelitian ketiga difokuskan pada perumusan strategi peningkatan melalui analisis TOWS. Strategi yang dihasilkan dirancang untuk menutup celah pada dimensi-dimensi yang lemah, meliputi strategi Turnaround (WO) berupa pembentukan Komite Risiko dan penunjukan Risk Champion di setiap unit kerja untuk mengatasi budaya silo, strategi Aggressive (SO) berupa pengembangan Dashboard Business Intelligence (BI) untuk digitalisasi pelaporan risiko secara real time, serta strategi Defensive (WT) berupa penguatan kepatuhan terhadap Undang-Undang Pelindungan Data Pribadi (UU PDP) dan pelaksanaan simulasi ketahanan siber secara berkala. Sebagai implikasi manajerial, penelitian ini merumuskan Roadmap Transformasi Risiko yang terbagi menjadi tiga fase implementasi bertahap. Fase pertama (Jangka Pendek) berfokus pada penguatan fondasi tata kelola melalui aktivasi Komite Risiko dan asesmen berkala berbasis bukti. Fase kedua (Jangka Menengah) berfokus pada akselerasi budaya dan kepatuhan melalui peningkatan kompetensi SDM dan audit siber. Terakhir, fase ketiga (Jangka Menengah-Panjang) berfokus pada integrasi digital dan strategis melalui implementasi sistem informasi risiko terintegrasi dan penyelarasan aspek Environmental, Social, and Governance (ESG). Melalui pendekatan sistematis ini, diharapkan PT XYZ dapat meningkatkan maturitas ERM secara berkelanjutan guna mendukung pencapaian tujuan strategis perusahaan.
This research is motivated by the strategic urgency of PT XYZ, a subsidiary of a State-Owned Enterprise (SOE) operating in the information technology sector, which faces high and dynamic risk exposure. Empirically, the current implementation of risk management indicates a partial (silo-based) approach, where risk identification and mitigation processes are conducted separately by individual business units without a comprehensive corporate portfolio aggregation mechanism. This condition has the potential to create strategic blind spots for top management in decision-making. Furthermore, there are compliance requirements regarding the Regulation of the Minister of SOEs Number PER-2/MBU/03/2023, which mandates the implementation of integrated Enterprise Risk Management (ERM). Therefore, this research is crucial as an objective diagnostic instrument to map current organizational capability gaps and formulate precise transformation strategies so that risk management can function effectively as a tool for value creation. To address these issues, this study employs a mixed-method approach. The ISO 31000:2018 framework is utilized for the qualitative evaluation of system suitability, while maturity level measurement is conducted quantitatively using the Risk Maturity Index (RMI) parameters based on the SOE Technical Guidelines (SK-8/DKU.MBU/12/2023). Internal and external environmental analysis is performed using PESTLE Analysis, which is then synthesized into a TOWS Matrix for strategy formulation. Data was collected through a Purposive Sampling technique involving 30 key managerial-level respondents acting as Risk Owners, representing both Core Business and Support Functions. This research was conducted from April 2025 to June 2025. Based on the evaluation results of the first research objective, qualitative analysis indicates that in terms of design adequacy, PT XYZ possesses policy documents and structures aligned with ISO 31000:2018 standards. However, operational effectiveness remains low as a risk culture has not yet organically formed. This finding is confirmed by the quantitative measurement results of the second research objective, showing that PT XYZ’s risk management maturity level is at a score of 1.60 with an "Initial" predicate. This score is significantly below the SOE minimum maturity target of Level 3.00 ("Good Practice"). Fundamental weaknesses were identified in the Risk Culture and Capability Dimension as well as the Organization and Governance Dimension, indicating that risk management is still highly dependent on individual initiatives and lacks support from institutionalized governance systems. Referring to this maturity gap, the third research objective focuses on formulating improvement strategies through TOWS analysis. The resulting strategies are designed to close gaps in the weak dimensions, including Turnaround strategies (WO) such as establishing a Risk Committee and appointing Risk Champions in every unit to overcome silo culture; Aggressive strategies (SO) involving the development of a Business Intelligence (BI) Dashboard for real-time risk reporting digitalization; and Defensive strategies (WT) involving strengthening compliance with the Personal Data Protection Law (UU PDP) and conducting periodic cyber resilience simulations. As a managerial implication, this study formulates a Risk Transformation Roadmap divided into three phased implementation stages. The first phase (Short Term) focuses on strengthening governance foundations through the activation of the Risk Committee and periodic evidence-based assessments. The second phase (Medium Term) focuses on accelerating culture and compliance through enhancing human capital competencies and cyber audits. Finally, the third phase (Medium-Long Term) focuses on digital and strategic integration through the implementation of integrated risk information systems and aligning Environmental, Social, and Governance (ESG) aspects. Through this systematic approach, it is expected that PT XYZ can sustainably improve its ERM maturity to support the achievement of the company's strategic goals.
URI: http://repository.ipb.ac.id/handle/123456789/172268
Appears in Collections:MT - Business

Files in This Item:
File Description SizeFormat 
cover_K1501232118_7a153117c16641f5904fab2d07bd8a04.pdfCover713.69 kBAdobe PDFView/Open
fulltext_K1501232118_bf7d1e6ed4cb4763aee62d2b3db190cb.pdf
  Restricted Access		Fulltext1.36 MBAdobe PDFView/Open
lampiran_K1501232118_47b32af6bfc74e8a8b6d67648df5e808.pdf
  Restricted Access		Lampiran244.73 kBAdobe PDFView/Open
Show full item record Recommend this item


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.