Journal of Social Science, Vol. 04, No. 03, May 2023 654
Risk Management Design in Startup
Company PT. Financial Report Assistant
Simon Petrus Hendrik Hutapea, Tantri Yanuar Rahmat Syah, Edi
Hamdi, Agus Munandar
Department of Master of Management, Faculty of Economic and Business, Esa
Unggul University, Jakarta, Indonesia
KEYWORDS
ABSTRACT
Risk Management, Startup
Companies, Risk Identification,
Risk Mitigation
Rapid technological developments drive Indonesia's economic
growth. The background of this research is the ignorance of
start-up companies about the existence of business risks and
bankruptcy failures. The purpose of this research is to develop
risk management plans and guidelines according to ISO
31000:2018. The company seeks to support business progress
by recruiting qualified workforce in their fields to be responsible
for technological innovation and company database security.
Risk management can be applied to minimize business process
risks to achieve business goals.
INTRODUCTION
Currently, the development of risk in Indonesia is progressing rapidly, because all are aware
of a world full of uncertainty that results in risks that can harm interested parties, to achieve
success in the business world, uncertainty and risks cannot be ignored, but can be minimized
with Risk Management. Risk is the effect of uncertainty on the (Amelia, 2017) market
(ISO.31000), which will affect company earnings, volatility and business cycles Risk is not
sufficiently avoided, but must be dealt with in ways that minimize the possibility of a loss.
(Hendarwan, 2022; M et al., 2019)(Candra et al., 2019; Fachrezi, 2021)
The accounting system itself is a field that handles planning and implementing procedures
for collecting and reporting financial data. Planning a system that has elements of checking and
matching (checks & balances) to be able to maintain company assets, and has an efficient flow
of information and is beneficial to management. Here, the practical accounting system includes
matters directly related to the financial activities of small companies.(Andika & Wijaya, 2022; The
Ultimate & Prasetyo, 2022; Utamajaya et al., 2021)(Gita & Tanaem, 2022; Natalia & Prasetyo,
2022; Ursula & Djohanputro, 2022)(Faturohman et al., 2021; Qintharah, 2019; Susilo, 2018;
Ursula & Djohanputro, 2022)
Financial Report Assistant (FIRA) is an accounting application company that can help small
entrepreneurs where customers can control company finances in realtime, easily and certainly
safe to use, as well as provide financial, taxation and business education to add insight in
managing company finances better for customer business. The company is committed to not only
helping small entrepreneurs in providing the best solutions. However, it will also provide financial
and business education to add insight in managing business finances better(KUSUMAWARDHANI,
2018; Rohmah, 2019; Sari, 2018)(Richardo & Cytokinedana, 2021)(Harefa & Hartomo, 2022) .
FIRA risk management is needed to protect companies from significant risks, by realizing
and improving employee performance, encouraging employees to continue to innovate, and
supporting the achievement of company goals to create a sustainable business.
Risk Management Design in Startup Company PT. Financial Report Assistant
Journal of Social Science, Vol. 04, No. 03, May 2023 655
METHOD
The research methodology conducted by the author is:
a. Problem Identification
At the problem identification stage, the goal is to understand the problem under investigation and
its possible impacts, so that it does not arise or can be mitigated.
b.Literature Study
At the literature study stage, the author studies and understands theories that are used as
guidelines and sources from various sources such as journals, books, magazines, and also the
internet to complete concepts and theories so that they have a good foundation and knowledge
to solve the problems discussed here.
c.Interview
In this case, researchers conduct interviews directly with parties related to this study.
d.Observations
In this case, what will be done is to see and study the problems that exist in the field that are
closely related to the object under study.
e.Data Analysis
At this stage, an analysis of the processes that take place according to the object of research is
carried out. Then enter a value based on the impact and frequency of risk. And do a risk analysis
and group it into levels.
Table 1. Stages of Research
No
Stages of Research
Information
1.
Identify the Problem
Identify the risks and impacts of each risk that can occur
2.
Literature Study
Study literature and journals in order to understand the
topic of discussion
3.
Interview
Interview resource persons to obtain information related
to the object under study
4.
Observation
Make observations related to the object under study
5.
Data Analysis
Processing and analyzing data from interviews,
observations and application benchmarks in accordance
with the guidelines of ISO 31000: 2018 Standard
Source: Processed by Researchers (2022).
RESULTS AND DISCUSSION
Risk Identification
The risk management process must be applied at different levels of the organization,
FIRA divides the scope of implementation of the risk management process into two, Internal
and External. The internal scope consists of marketing risk, operational risk, human resource
risk and financial risk (Amalia et al., 2019; Anggraeni &; Rizal, 2019; Primary, 2020). While the
external scope is divided into user risk, business partner risk, government risk and other risks.
Based on the framework in the figure above, FIRA has identified risks and determined
the impact of each emerging risk, which is presented in the following table.
Table1 Ident
i
fikasi Risiko
Code
Risk
Impact
Internal
Simon Petrus Hendrik Hutapea, Tantri Yanuar Rahmat Syah, Edi Hamdi, Agus Munandar
Journal of Social Science, Vol. 04, No. 03, May 2023 656
R001
Target users and
expertise not
achieved
Reducing corporate
profits
R002
The product does not
match the needs of
the market
The product is not in
demand by users
R003
A system error
occurred (system
error)
The process of financial
transactions is disrupted
R004
The UI/UX of the
application is less
attractive
The application is not
interesting and difficult
to use
R005
Unresponsive app
Complaints from users,
application users
decreased
R006
Slow handling of
complaints and
complaints
Consumers are declining
R007
Conflicts between
employees
Decreased employee
performance
R008
Bad employee
absenteeism
Poor employee
performance, reducing
employee
key
performance indicators
R009
Criminal acts
committed by
employees
The company's
performance and
reputation declined
R010
Uncollectible
receivables
Disadvantages to the
company
R011
Money corruption
Reduced working capital
of the company
R012
Employees Take
Customer Data
Consumers decline and
credibility declines
R013
IT Employees Steal
System Application
SourceCode
Loss of credibility and
allowing massive
business competition.
External
User
R014
Fraud and
manipulation of
transaction data
Losses to users,
reputation becomes less
good
Risk Management Design in Startup Company PT. Financial Report Assistant
Journal of Social Science, Vol. 04, No. 03, May 2023 657
R015
Not establishing good
relations with users
Communication between
the company and users
will be less good, can
trigger conflicts,
decreased revenue
Business Partners
R016
Conflicts with
business partners
Disconnection of
business relations
resulting in reduced or
decreased quality of
FIRA features
R017
Conflict with
shophouse manager
The shophouse contract
is not renewed
R018
Cloud servers
experience
downtime
The application system is
inaccessible and cannot
run properly
R019
Mitra Expertise takes
over the consumer
Declining Consumers
Government
R020
Tax rate increase
Net profit is not in line
with the target
R021
Global economic
malaise
Profit decreases, goes
bankrupt
R022
Increase in the
minimum wage of
employees
Increased salary
expenses and reduced
company profits
Other
R023
System hacking
System malfunction,
data theft
R024
Power outage
Operational activities
disrupted
R025
Internet shutdown
System operations will
stop
R026
Fire
Inflict loss and damage
to the office and its
assets
R027
Natural disasters and
Covid 19
Business activities can
stop, causing loss and
damage to the office and
its assets, employees are
laid off/laid off
Source: Processed by Researchers (2022)
Simon Petrus Hendrik Hutapea, Tantri Yanuar Rahmat Syah, Edi Hamdi, Agus Munandar
Journal of Social Science, Vol. 04, No. 03, May 2023 658
Risk Analysis
After identifying risks, an analysis is made about which risks arise or which may pose a
threat to the organization. Risk analysis requires careful consideration in understanding the
sources of risk, their consequences, prevention and mitigation methods, scenarios to be
established, and controls to be effective. Risk analysis can be carried out at several levels,
depending on the objectives, availability of information and resources. Risk analysis is influenced
by many differences of opinion or perception of each risk owner. Thus, measurement uses a
combination of techniques that provide ideas for decision making.
Table 3 Probability Values and Impact Values
Source: Processed by Researchers (2022)
Table 4 Risk Impact and Likelihood Assessment
Code
Risk
Likelihood
Impact
1
2
3
4
5
1
2
3
4
5
Internal
R001
Target users and
expertise not
achieved
x
x
R002
The product does
not match the
needs of the
market
x
x
R003
A system error
occurred
x
x
R004
The UI/UX of the
application is less
attractive
x
x
R005
Application is not
responsive
x
x
R006
Slow handling of
complaints and
complaints
x
x
R007
Conflicts between
employees
x
x
R008
Bad employee
absenteeism
x
x
Frequency of Occurrence
Impact
Score
Information
Frequency
Score
Information
1
Rare
< 2 times per year
1
Insignificant
2
Unlikely
2-5 times per year
2
Minor
3
Possible
6-12 times per year
3
Moderate
4
Likely
1-7 times per month
4
Major
5
Certain
7-12 times per month
5
Cathastropic
Risk Management Design in Startup Company PT. Financial Report Assistant
Journal of Social Science, Vol. 04, No. 03, May 2023 659
R009
Criminal acts
committed by
employees
x
x
R010
Uncollectible
receivables
x
x
R011
Money corruption
x
x
R012
Employees Take
Customer Data
x
x
R013
IT Employees
Steal System
Application
SourceCode
x
x
External
User
R014
Fraud and
transaction fraud
x
x
R015
Not establishing
good relations
with users
x
x
Business Partners
R016
Conflicts with
business partners
x
x
R017
Conflict with
shophouse
manager
x
x
R018
Cloud servers
experience
downtime
x
x
R019
Mitra Expertise
takes over the
consumer
x
x
Government
R020
Tax rate increase
x
x
R021
Global economic
malaise
x
x
R022
Increase in the
minimum wage
of employees
x
x
Other
Simon Petrus Hendrik Hutapea, Tantri Yanuar Rahmat Syah, Edi Hamdi, Agus Munandar
Journal of Social Science, Vol. 04, No. 03, May 2023 660
R023
System hacking
x
x
R024
Power outage
x
x
R025
Internet down
x
x
R026
Fire
x
x
R027
Natural disasters
and Covid 19
x
x
Source: Processed by Researchers (2022)
Risk Evaluation
Once the likelihood and impact of the risk is analyzed, the next step is to evaluate and
classify the risk into levels. Risk analysis results in decisions that support the risk assessment
process which helps in the decision-making process. After knowing the impact of each risk, the
next step is to conduct a risk analysis. Risk analysis is carried out by assigning a value to each
risk that occurs. Each risk is assessed based on the impact caused and the frequency with which
the risk occurs.
Table 5 Risk Evaluation Parameters
Kemungkinan
Dampak
Level Risiko
Rare Rare Rare Unlikely
Unlikely Possible
Insignificant Minor Moderate
Insignificant Minor Insignificant
Low
Rare Rare Unlikely Unlikely
Unlikely Possible Possible
Possible Possible Likely
Likely Likely Certain Certain
Major Catastrophic Moderate
Major Catastrophic Minor
Moderate Major Catastrophic
Insignificant Minor Moderate
Insignificant Minor
Intermediate
Possible Likely Likely Certain
Certain Certain
Catastrophic Major Catastrophic
Moderate Major Catastrophic
High
Source: Processed by Researchers (2022)
Based on the results of discussions and surveys of researchers, a risk tolerance map
was formed, namely:
Table2 Risk Evaluation Matrix (Before Treatment)
Impact
Insignificant
Minor
Moderate
Major
Catastrophic
1
2
3
4
5
Cretain
Likelihood
5
Likely
R014
4
R022
R002
R020
R023
Possible
R001
3
R010
R003
R011
R025
Unlikely
R008
R004
R005
R006
2
R020
R013
R016
R016
Risk Management Design in Startup Company PT. Financial Report Assistant
Journal of Social Science, Vol. 04, No. 03, May 2023 661
R015
R022
R018
R021
R024
R009
Rare
R007
R023
R012
1
R017
R024
R013
R026
R019
R027
Information:
Tall
Intermediate
Low
Risk Management
Risks that are above the established risk tolerance limit are then submitted to the risk
management process by the risk owner to determine future risk management, such as minimizing
the occurrence of risks, sharing risks with other parties, eliminating or avoiding them. Risks and
Handling Existing Risks. After conducting a risk evaluation, the next step is to carry out handling
to minimize the impact of risk.
Table 7 Mitigation Handling
Kode
Risiko
Mitigasi
Internal
R001
R001
Target users and expertise not
achieved
Target user not reached
Evaluate targets and performance and look
at the weaknesses and business
opportunities as well as the level of
competition with competitors
Evaluating revenue targets and continuing
to improve marketing division
capabilitiesmarketing
R002
Products do not match market
needs
Evaluate and develop products according
to market needs
Conduct deeper research in order to touch
customer needs and customer satisfaction
R003
A system error has occurred
(system error)
Repairing the system and carrying out
regular maintenance
Conduct evaluation, look for root causes,
and steps to improve the system
R004
The UI/UX of the application is less
attractive
Conduct research and improve the appearance
and better user experience
R005
R005
Unresponsive application
Improve application and system
performance
R006
Unresponsive application
Improve responsiveness and SLA
Improving integrated omnichannel services
R007
Slow handling of complaints and
complaints
Organizing gatherings, outings and special
moments for employees
Conduct mediation
Creating a good and productive work
culture and ecosystem
Simon Petrus Hendrik Hutapea, Tantri Yanuar Rahmat Syah, Edi Hamdi, Agus Munandar
Journal of Social Science, Vol. 04, No. 03, May 2023 662
R008
R008
Conflict between employees
Applies rewards and punishments to
employee performance
R009
Bad employee absenteeism
Improving company security by providing
training, security awareness, company
security
Cooperate with the police and install CCTV
and alarms
R010
Bad employee absenteeism
Provide reminders or warnings with a good
and correct approach
The application is disconnected
R011
Criminal acts committed by
employees
Developing an anti-corruption culture and
corruption impact campaign
Separating job desks based on the function
of each position
Give heavy sanctions to corruptors and
report them to the police
R012
Uncollectible receivables
Employees work in the Fira software
system and are given a password so they
can be traced
All data is backed up in the FIRA software
system
R013
Money corruption
Employees work in the FIRA software
system and are given a password so they
can be traced
All data is backed up in the FIRA software
system
External
User
R014
Fraud and transaction fraud
Disclosure of financial data pursuant to a
court order (if required)
Cooperate with financial institutions to
always monitor the payment process for
each consumer
R015
No good relationship with users
Establish customer engagement
Providing services with a fast response
Business partner
R016
Conflicts with business partners
Building and establishing effective
communication with Business Partners
Conducting mediation and deliberations
R017
Conflict with shop manager
Fulfill the agreement stated in the contract
Maintain good relationship with managers
R018
The cloud server is experiencing
downtime
Implement hotline calls with the Cloud
server
Execute Business Continue Plan (BCP)
procedures
Conduct evaluation, root cause, and
system recovery mitigation steps
Risk Management Design in Startup Company PT. Financial Report Assistant
Journal of Social Science, Vol. 04, No. 03, May 2023 663
R019
Expertise partners take over the
consumer
Recruiting honest and committed Expertise
Partners
Providing cooperation rules in accordance
with the legality of the law.
Making Partners loyal to the company by
providing the best service.
Government
R020
Increase in tax rates
Setting up a reserve fund so that the
following year's activities can run well
Increase the company's net profit
R021
Global economic downturn
Monitoring inflation rate and people's GDP
Be sensitive to market needs and demands
so that they can quickly make decisions
when it is time to carry out an exit strategy
R022
Increase in the minimum wage of
employees
Increase the company's net profit
Setting up a reserve fund
Others
R023
System hack
Improve system security
Cooperate with the Cyber Crime police
R024
Power outage
Using a generator as the Company's
electricity
Carry out Business Continuity Plan (BCP)
procedures
R025
Internet down
Implement a hotline call with the provider
Carry out Business Continuity Plan (BCP)
procedures
R026
Ensuring monitoring of APAR, ALARM,
smoke detector, CCTV is running and
functioning properly
Providing counseling to employees, Call
Tree, and information regarding evacuation
routes and assembly points
Inventorying and insuring assets
R027
Fire and asset theft
Implement Occupational Safety and Health
(K3)
Providing counseling to employees, Call
Tree, and information regarding evacuation
routes and assembly points
Inventorying and insuring assets
All employees must receive booster
vaccines and follow health protocols
Source: Processed by Researchers (2022)
Based on the Risk Evaluation Matrix and after treatment, the Fira residual risk evaluation
matrix (after tratment) is contained in the table below
Table 8 Risk Evaluation Matrix (After Treatment)
Impact
Insignificant
Minor
Moderate
Major
Catastrophic
Simon Petrus Hendrik Hutapea, Tantri Yanuar Rahmat Syah, Edi Hamdi, Agus Munandar
Journal of Social Science, Vol. 04, No. 03, May 2023 664
1
2
3
4
5
Cretain
Likelihood
5
Likely
4
Possible
3
Unlikely
R014
R006
R008
R010
R013
R015
R016
R020
R021
R022
2
R002 R003
R004 R005
R019 R024
R012
R001
R007
R009
R013
R017
R018R023
R025
R026
R027
R011
Rare
1
Source: Processed by Researchers (2022)
CONCLUSION
Based on the initial identification of risks by the risk owner with the risk management
process or the company's own risk assessment, most of the risks that occur in the company's
operational processes are related to technological systems, database security, service marketing.
The good efforts made by the company today to support business progress, recruit skilled human
resources in their fields and expand connections with experts, will also directly answer the security
of the company's technology systems and databases in the future. Implementing risk
management in a growing company's business requires managerial focus.
Strictly manage company finances, both in budget allocation and in the use of the budget
of each business unit, so that the planned resources are not excessive in their use.
REFERENCES
Amalia, D. R., Wahyudi, I., &; KUSUMASTUTI, R. (2019).
Investor Reaction to Dividend
Announcement
. IAI KAPd.
Amelia, T. N. (2017). Internal Control of Indonesian Startup Business: A Concept.
INOBIS:
Indonesian Journal of Business and Management Innovation
,
1
(1), 5967.
Andika, D., &; Wijaya, A. (2022). INFORMATION TECHNOLOGY RISK MANAGEMENT USING ISO
31000: 2018 FRAMEWORK AT PT. EAST LERINVITAL TRUST.
Mnemonic: Journal of
Informatics Engineering
,
5
(2), 111118.
Anggraeni, R. R. D., & Rizal, A. H. (2019). The implementation of the sale and purchase agreement
via the internet (e-commerce) is reviewed from the aspect of civil law.
SALAM: Journal of
Social and Cultural Syar-I
,
6
(3), 223238.
Risk Management Design in Startup Company PT. Financial Report Assistant
Journal of Social Science, Vol. 04, No. 03, May 2023 665
Candra, R. M., Sari, Y. N., Iskandar, I., &; Yanto, F. (2019). Information Technology Asset Security
Risk Management System Using ISO 31000: 2018.
CoreIT Journal
,
5
(1), 1928.
Fachrezi, M. I. (2021). Information Technology Asset Security Risk Management Using Iso 31000:
2018 Diskominfo Salatiga City.
JATISI (Journal of Informatics Engineering and Information
Systems
),
8
(2), 764773.
Faturohman, T., Karna, A., &; Wiryono, S. K. (2021). Risk Management for Start-ups.
Jakarta: PT
Gramedia Printing
.
Gita, S., &; Tanaem, P. F. (2022). Information Technology Risk Management on Semarang
Regency BPS Application Using ISO31000: 2018.
Journal of Information Systems and
Informatics
,
4
(2), 321335.
Harefa, W., &; Hartomo, K. D. (2022). Risk management analysis using ISO 31000: 2018
framework in warehouse information systems.
JATISI (Journal of Informatics Engineering
and Information Systems
),
9
(1), 407420.
Hendarwan, D. (2022). Implementation of Risk Management with ISO 31000: 2018 approach in
implementing corporate strategy.
Adminika
,
8
(1), 5872.
KUSUMAWARDHANI, A. (2018). The Role of Relational Ties in the Implementation of Green Supply
Chain Management and Business Performance in Indonesia.
10th Indonesian Management
Forum
.
Mahardika, K. B., Wijaya, A. F., & Cahyono, A. D. (2019). Information technology risk management
using ISO 31000:2018 (Case Study: CV. XY).
Sebatik
,
23
(1), 277284.
Natalia, F., &; Prasetyo, A. H. (2022). Operational Risk Management Implementation Design at
Tourism Vocational High Schools in Jakarta 2023-2024.
My Journal
,
2
(4), 463481.
Pamungkas, C. H., &; Prasetyo, A. H. (2022). Risk Management Design in Startup Company PT.
Haruka The Ultimate Digital Evolution.
Journal of Emerging Business Management and
Entrepreneurship Studies
,
2
(1), 5066.
Primary, G. (2020). Analysis of Online Buying and Selling Transactions Through the Shopee
Marketplace Website According to Business Concepts during the Covid 19 Pandemic.
Ecopreneur: Journal of Sharia Economics Study Program
,
1
(2), 2134.
Qintharah, Y. N. (2019).
Risk Management Implementation Design. JRAK: Journal of Accounting
Research and Computerized Accounting, 10 (1), 6786
.
Richardo, N. V., &; Sitokdana, M. N. N. (2021). Information Technology Risk Analysis at Surabaya
Surakarta Branch Store.
Journal of Information Systems and Informatics
,
3
(1), 1330.
Rohmah, F. (2019).
THE IMPACT OF PROFIT MANAGEMENT ON THE VALUE OF LQ45 INDEX
LISTED COMPANIES
. Faculty of Economics and Business, Cendrawasih University.
Sari, A. R. (2018).
Legal protection for lenders in the implementation of peer to peer lending-based
financial technology in Indonesia
.
Susilo, L. J. (2018).
ISO 31000:2018 Based Risk Management: A Guide for Risk Leaders and Risk
Practitioners
. Gramedia Widiasarana Indonesia.
Ursula, V. M., &; Djohanputro, B. (2022). DESIGN OF OPERATIONAL RISK MANAGEMENT SYSTEM
OF NFI FINANCE DIVISION.
Journal of Business Research Vol
,
5
(2), 246266.
Utamajaya, J. N., Afrina, A., &; Fitriah, A. N. (2021). Analysis of Information Technology Risk
Management at Toko Ujung Pandang Grosir Penajam Paser Utara Using ISO 31000: 2018
Framework.
Sebatik
,
25
(2), 326334.
Copyright holder:
Simon Petrus Hendrik Hutapea, Tantri Yanuar Rahmat Syah, Edi Hamdi, Agus Munandar
(2023)
First publication right:
Journal of Social Science
This article is licensed under: