In general, risk refers to the potential occurrence of events that may hinder efforts to achieve the company’s objectives, strategies, or targets. Therefore, the Company implements a risk management system primarily aimed at identifying, anticipating, and formulating appropriate mitigation measures for each risk encountered in its business operations. This risk management system is crucial in protecting the interests and assets of stakeholders while ensuring the implementation of Good Corporate Governance (GCG) practices.
Risk management practices have been embedded in every business activity as part of a risk-awareness culture inherited from the parent company. Each business unit follows established procedures and general guidelines in implementing the risk management system to safeguard the Company’s interests and assets. The Company continuously refines its risk management practices every year, making it a key agenda item within the management’s work program for 2024. An overview of the primary risks faced by the Company, along with corresponding mitigation measures, is presented below.
Types of Risks, Mitigation Measures, and Continuous Monitoring
Operational, Market, and Supply Chain Risks
Challenges related to procurement processes, vendor management, price pressures, supplier issues in providing hardware and software, and service delivery are common threats to the Company. To mitigate these risks, management exercises control by verifying and evaluating suppliers and ensuring compliance with contractual agreements.
Cybersecurity Risk
Risks such as data breaches, unauthorized access, or other cyber threats are mitigated through the implementation of encryption, firewalls, data access policies, and regular security audits.
Compliance Risk
Failure to meet legal or regulatory obligations related to IT service contracts or data handling poses a significant risk. Mitigation measures include adherence to ISO 27001 standards and ensuring all services comply with relevant regulations such as GDPR (General Data Protection Regulation), HIPAA (Health Insurance Portability and Accountability Act), or other applicable IT service regulations.
Technology Risk
Obsolescence of hardware or software, system failures, or integration issues can impact business operations. To mitigate this risk, the Company stays updated on current and emerging technologies and prepares disaster recovery and contingency plans in case of operational or IT system failures.
Credit Risk
Credit risk arises when third parties fail to fulfill their liabilities under financial instruments or customer contracts, leading to financial losses. The Company faces credit risk from operational activities, sales transactions, and funding activities, including bank deposits, foreign exchange transactions, and other financial instruments.
Credit risk primarily originates from bank and cash equivalents, trade receivables, other receivables, and restricted-term deposits. The Company’s management mitigates credit risk through policies, procedures, and controls related to customer credit risk management and receivables. Credit limits are set for all customers based on internal assessment criteria, and receivables balances are regularly monitored. Credit risk also arises from bank deposits and financial institutions. To mitigate this, the Company places bank and cash equivalents with reputable financial institutions.
Workforce Risk
As a company engaged in IT procurement and service solutions, human resources (HR) are the Company’s most valuable assets, and performance is influenced by employee turnover rates. The Company manages turnover risk by implementing employee retention programs, offering incentive and reward systems, and providing clear career development opportunities for its employees.
For every potential risk, the Company assesses the probability of occurrence (high, medium, low).
Continuous Risk Monitoring and Mitigation Measures
The Company ensures smooth mitigation of identified risks while remaining vigilant about emerging risks and new threats. Continuous monitoring is conducted through an automated system that tracks vendor performance, IT service uptime, and regulatory compliance. This is supported by the following measures:
- Action Plans: Developing response plans for identified risks.
- Crisis Management: Establishing a crisis management team to address high-impact risks, particularly those related to data breaches, operational failures, or compliance issues.
- Vendor Risk Management: Ensuring supplier contracts include clauses addressing risk management, including penalties for non-compliance or delivery failures.
- Periodic Reviews: Regularly evaluating the risk management system to align it with the Company’s needs and evolving external threats.
- Continuous Improvement: Utilizing feedback from risk events or audits to enhance the system and adapt to changing conditions.
By implementing a comprehensive Risk Management System, PT Pemindo Mitra Sinergi and its subsidiaries can safeguard themselves against operational, technological, financial, and compliance risks, ensuring business continuity and maintaining stakeholder trust.