Measuring And Improving The Effectiveness Of ISO 31000 Based Erm In State-Controlled PSO - A Case Study Of Toll Road Operators In Indonesia

Abstract

Toll road operators need to implement effective risk management. This study focuses on how a State-Owned Enterprise (SOE) toll road operator assesses the maturity of their ISO 31000-based risk management practices by using an ISO 31000-based risk management maturity model, ERMA ISO31000 RM3. The study is predominantly based on a qualitative approach through document reviews, questionnaires, and interviews. The assessment result shows that the company's risk management maturity score reaches 3.62 (a scale of 0.00 – 5.00) or at the DEFINED level of the risk management maturity. The study also shows that the company's risk management process gets the highest score, 4.45, while the lowest score, 3.22, is for the company's performance management. By using the maturity assessment result, the company's management can develop a risk management improvement road map to assist their efforts in increasing the effectiveness of their existing risk management practices. Referring to the assessment result, the management can prioritize the improvement on low-score maturity attributes, such as their performance management, risk culture, resilience and sustainability, risk management framework, and management process, while maintaining their current practices of the risk management process, which has already reached a considerably high maturity level.