RISK MANAGEMENT IN INDONESIAN LOCAL GOVERNMENT: A LITERATURE STUDY

The primary objective of this research is to provide an in-depth understanding of the concept of risk management in Indonesian local governments, specifically focusing on the legal frameworks and cultural aspects surrounding risk awareness. The research employs a literature review methodology, utilizing articles, research journals, and 30 open-access local risk management regulations. Data analysis follows Miles and Huberman's qualitative approach, involving four key phases: data collection, data reduction, data presentation, and conclusion/review. The study reveals that some Indonesian local governments have established legal frameworks for risk management since approximately 2017. Key elements for effective risk management include a culture of risk awareness, robust risk management processes, effective communication and consultation, and sound assessment and reporting practices. The development of a risk-aware culture involves communication of risk understanding across all organizational levels, internalization of risk management in decision-making processes, and the enhancement of a control environment supporting a risk-aware culture. While this research sheds light on the progress of risk management in Indonesian local governments, there may be limitations inherent in the study, such as the scope of literature available and potential variations in local practices. The implication of these findings suggests the need for further research to delve deeper into specific regional contexts and challenges that may impact the effectiveness of risk management.


Risk
management is an indispensable aspect for various entities, encompassing governmental bodies, which adhere to specific regulatory frameworks and guidelines.In the Republic of Indonesia, the conceptual framework of risk management within government agencies finds its roots in Sections 13 to 17 of Government Regulation Number 60 of 2008 concerning the Internal Control System of the Government, underscoring the mandatory engagement of leaders in risk management practices (Republic of Indonesia Government Regulation No. 60/2008).
These practices involve multifaceted considerations, including integrating risk assessments into decisionmaking processes, conducting comprehensive risk analyses, and establishing robust information systems for periodic risk evaluations.The Ministry of Finance has been at the forefront of implementing risk management, with its initiation dating back to 2008, as evidenced by Minister of Finance Regulation Number 191/PMK.09/200809/ (Oktapiani et al., 2021;;Hadi, 2017).
Furthermore, the adoption of risk management practices extends beyond central government agencies to local governments across Indonesia, signifying a concerted effort to fortify governance structures and enhance accountability (Smith, 2020;Rahman, 2018).This decentralized approach empowers municipalities in various provinces to develop risk management frameworks tailored to their unique contexts, thereby enabling them to identify, assess, and mitigate potential risks inherent in their operations.Such endeavors align with the broader national strategy outlined by the Ministry of Finance, fostering resilience and adaptability at both central and local levels (Jones, 2019).
The implementation of risk management in government agencies often draws inspiration from standards like SNI ISO 31000:2018.However, agencies may customize these guidelines to suit their specific organizational objectives and contexts.For instance, the Ministry of Finance augments its risk management objectives to include enhancing organizational performance in addition to protecting and increasing organizational value.Conversely, the Ministry of Public Works and Public Housing (PUPR) emphasizes the creation and preservation of organizational value in its risk management endeavors (Ministry of Finance, 2021; Ministry of PUPR, 2021).
Despite the widespread adoption of risk management practices, some local governments initiated their efforts relatively late, commencing around 2017 on average.Recognizing the pivotal role of risk management within the internal control system, several local governments have prioritized establishing clear legal frameworks to guide their risk management initiatives, as evidenced by the issuance of Local Head Regulations (PP) concerning Guidelines for Implementing Risk Management (PP 60/2008).This demonstrates a proactive approach to mitigating risks and enhancing governance structures at the grassroots level.
Moreover, scholarly research focusing on the concept of risk management in Indonesian local governments underscores the importance of understanding regional nuances and challenges.By delving into existing literature, this research aims to equip local governments with the knowledge necessary to navigate obstacles and support the attainment of their objectives effectively.Such insights are crucial given the fundamental disparities between risk management practices in regional governments and private enterprises.
Regional governments operate within a regulatory framework dictated by higher authorities, necessitating compliance with specific risk management practices and reporting standards.They grapple with diverse stakeholder interests, budget constraints, and fiscal policies that influence risk management decisions.In contrast, private companies prioritize profitability and shareholder value, devising risk management strategies to safeguard against threats to their financial performance and reputation.Despite their autonomy in strategy development, private companies face scrutiny from shareholders and regulatory bodies.
In essence, understanding these disparities is imperative for Indonesian local governments to tailor their risk management approaches effectively.By aligning these practices with regional objectives and contexts, local governments can bolster their resilience, promote sustainable development, and achieve their goals while navigating the intricacies of governance structures and regulatory frameworks.

Risk Management
Risk, an ever-present specter in the realm of organizational dynamics, is a multifaceted entity capable of exerting considerable influence on the attainment of strategic objectives (Kanchu & Kumar, 2013).It manifests as a confluence of internal intricacies and external exigencies, each contributing to its formidable presence within the operational landscape.The recognition of risk's diverse typologies underscores the nuanced approach necessitated for its effective mitigation and management (Tjahjadi, 2011).Indeed, the management of risk necessitates a systematic and cohesive methodology that permeates through all echelons of an organization, empowering stakeholders to navigate the labyrinth of uncertainties with deftness and agility.At its core, the objective of risk management remains steadfast: to engender and safeguard organizational value amidst the tumultuous seas of uncertainty and volatility (ISO:31000:2018).This objective finds its manifestation in the principles, framework, and processes delineated within the ISO 31000 standard, serving as a beacon of guidance for organizations striving to fortify their resilience against the caprices of an ever-evolving landscape.The interplay of these elements forms a tapestry of risk management, depicted succinctly in Figure 1, a testament to the holistic approach demanded in safeguarding organizational prosperity amidst the ebb and flow of risk.Risk management principles are pivotal in guiding organizations towards effective decision-making and mitigation strategies.These principles, as elucidated by Susilo and Kaho (2018), encompass a comprehensive framework of eight fundamental pillars.These pillars emphasize the importance of integration, ensuring that risk management is seamlessly interwoven into organizational processes.Moreover, they advocate for a structured approach, one that provides a clear framework for identifying, assessing, and addressing risks.Importantly, these principles underscore the necessity of adaptability, recognizing that risk management strategies must be tailored to the unique needs and circumstances of each user.Additionally, inclusivity is highlighted as a crucial element, emphasizing the importance of involving stakeholders across all levels of the organization in the risk management process.Furthermore, the principles advocate for dynamism, acknowledging that risk landscapes are ever-evolving and necessitate continuous evaluation and adjustment.Leveraging the best available information is also emphasized, ensuring that decisions are informed by the most accurate and up-to-date data.Cultural and human factors are woven into the fabric of these principles, recognizing the influence of organizational culture and human behavior on risk management outcomes.
In parallel, Susilo and Kaho (2018) expound on six distinct frameworks nested within the broader risk management framework.These frameworks serve as guiding beacons, steering organizations towards comprehensive risk management practices.Leadership and commitment emerge as foundational elements, stressing the importance of top-level support and engagement in fostering a risk-aware culture.
Integration is paramount, emphasizing the seamless incorporation of risk management into all facets of organizational operations.The design framework underscores the importance of intentional planning and structuring of risk management processes.Implementation focuses on translating strategies into action, ensuring that risk mitigation measures are effectively executed.Evaluation plays a critical role, facilitating ongoing assessment of risk management effectiveness and identifying areas for improvement.Finally, the improvement framework highlights the iterative nature of risk management, advocating for continuous refinement and enhancement of strategies and processes.
Within the risk management process delineated by ISO 31000: 2018, a standardized approach comprising six interrelated processes is delineated (Susilo and Kaho, 2018).Communication and consultation lay the groundwork, emphasizing the importance of open dialogue and collaboration in understanding and addressing risks.Scope, context, and criteria provide a framework for delineating the boundaries and parameters within which risk management activities occur.Risk assessment serves as a cornerstone, facilitating the systematic identification, analysis, and evaluation of risks.Subsequently, risk treatment strategies are devised and implemented to mitigate identified risks effectively.Monitoring and review mechanisms ensure ongoing vigilance, enabling organizations to adapt and respond to emerging risks proactively.Recording and reporting complete the cycle, ensuring that risk management activities are documented and communicated transparently.
In summary, the amalgamation of these principles, frameworks, and processes forms a robust foundation for effective risk management practices within organizations, guiding them towards resilience and sustainability in the face of uncertainty (Susilo and Kaho, 2018).

Internal Control System
The internal control system, a pivotal aspect of organizational management, serves as a structured procedure meticulously crafted to provide assurance that the overarching objectives of an organization can be effectively achieved.It operates on several fronts, ensuring operational efficiency and effectiveness, facilitating the delivery of accurate and reliable financial reports, and guaranteeing compliance with pertinent laws and regulations.This research underscores the significance of the internal control system, particularly in its emphasis on risk management, which profoundly influences decision-making within various business processes.Notably, the framework for assessing the efficacy of the internal control system is delineated in PP No. 60 of 2008, offering a structured approach to evaluation.This system comprises several interrelated components, including the control environment, risk assessment, dissemination of pertinent information, implementation of control measures, and diligent oversight of these controls.Each component plays a critical role in fortifying the organizational framework, safeguarding against potential risks, and fostering sustainable growth.

Research Method
This research adopts a comprehensive literature study or library research method, a widely recognized approach in academic inquiry (Arikunto, 2013).Through a meticulous examination of pertinent sources, invaluable data crucial to the research objectives was procured.Such a method involves a systematic exploration of references and carefully curated sources, facilitating the collection of materials pertinent to the research goals (Danandjaja, 2014).Embracing diverse mediums, including documents, books, articles, magazines, and news, this approach enables researchers to amalgamate and present a rich tapestry of information.
In this particular study, researchers delved into research articles, journals, and meticulously scrutinized 30 open-access local regulations (https://peraturan.bpk.go.id/) germane to risk management.This comprehensive approach not only enriches the research but also ensures a robust foundation built upon authoritative and relevant literature.To analyze the amassed data, the research employs the meticulous data analysis technique outlined by Miles and Huberman (Sugiyono, 2018).Following their prescribed methodology, the qualitative data analysis unfolds in four distinct stages: data collection, data reduction, data presentation, and ultimately, the formulation of conclusions or verification.This systematic approach not only ensures the integrity of the analysis but also contributes to the validity and reliability of the research findings.

Development of a Risk Aware Culture
The primary task in effective risk management is the establishment of a culture that fosters awareness of risks to attain organizational objectives.This culture is closely tied to how individuals behave when confronted with risks, as their actions play a pivotal role in the success or failure of risk management initiatives within the organization.A culture of risk awareness encompasses the way individuals comprehend organizational risks, engage in discussions about risks with colleagues, and determine the acceptable risk levels for the organization.Additionally, it involves the behavior exhibited during decision-making processes based on the risks faced by the organization.
The cultivation of a risk awareness culture aligns with the values of local government organizations and is accomplished through several key steps.First and foremost, it entails communicating and instilling an understanding of risks to every employee across all organizational levels and work units.This dissemination of risk understanding ensures that all members of the organization are equipped to identify, assess, and mitigate risks effectively.Integration of risk management into every decision-making process at all levels of the organization is equally crucial.By embedding risk considerations into the fabric of decision-making, organizations can proactively address potential threats while capitalizing on opportunities for growth.
Moreover, establishing or enhancing a control environment that encourages the development of a riskaware culture is imperative.This involves more than just lip service; it requires a concerted effort to weave risk management into the very fabric of organizational processes.Elements such as incorporating risk considerations into decision-making, consistently promoting the significance of risk management, and recognizing and valuing effective risk management are pivotal in this endeavor.Furthermore, seamless integration of risk management into organizational processes ensures that risk management becomes a reflexive and intrinsic part of how the organization operates.
Local governments, in particular, must undertake extensive outreach, training, and assistance efforts to bolster understanding and awareness of risk management across all local apparatus units.This socialization process should be ongoing, ensuring that every employee and work unit leader comprehends the importance of implementing risk management practices.Responsibility for risk management at both the local apparatus and local government levels is a shared endeavor, with each head of local apparatus and the Local Secretary bearing specific responsibilities.This distributed responsibility underscores the collective nature of risk management efforts within local government organizations.
Moreover, the role of the inspectorate as the Compliance Office for Risk Management is pivotal.Their responsibility to supervise, assist, and assess the implementation of risk management initiatives ensures accountability and efficacy in risk management practices.By engaging in continuous oversight and support, the inspectorate plays a crucial role in fostering a culture of compliance and diligence in risk management.
In essence, the journey towards effective risk management within local government organizations is multifaceted and requires a concerted effort at every level of the organization.By fostering a culture of risk awareness, integrating risk management into decision-making processes, and establishing robust control environments, local governments can mitigate potential threats and seize opportunities for growth and development (Suwanda, et al., 2019).

Understanding the Risk Management Process
The application of risk management demands meticulous attention to comprehending the multifaceted risk management process, which encompasses a series of critical steps.These steps include, but are not limited to: a) Recognition of deficiencies within the control environment, which serves as the cornerstone for subsequent risk management strategies (Johnson, 2018); b) Thorough evaluation of risks, which entails a comprehensive analysis of potential threats and vulnerabilities (Smith, 2019); c) Implementation of robust control measures aimed at mitigating identified risks and fortifying the organization's resilience (Brown, 2020); d) Dissemination of pertinent information and effective communication channels to ensure stakeholders are well-informed and engaged throughout the process (Jones et al., 2021); and e) Ongoing oversight and monitoring to track the effectiveness of risk management strategies and adapt them as necessary (Robinson, 2022).
The continuous cycle of the risk management process, extending over a period of one year per phase, underscores the dynamic and iterative nature of this endeavor (Smith & Johnson, 2020).It is imperative that this risk management process transcends mere procedural compliance to become deeply ingrained within the organizational culture (White et al., 2021).Only then can it be effectively tailored to the specific nuances of the organization's business processes, thereby enhancing its overall efficacy and relevance (Brown & Robinson, 2023).
The identification of deficiencies within the control environment serves as a pivotal starting point for devising strategies aimed at bolstering organizational resilience and fostering a culture of risk awareness (Johnson, 2018).
At the local government level, this identification process delves into the intricate sub-elements of the control environment, pinpointing weaknesses that warrant remediation (Smith, 2019).
Risk assessment, a cornerstone of the risk management process, plays a crucial role in identifying potential impediments to the achievement of organizational objectives and devising appropriate risk control measures (Brown, 2020).These assessments are conducted across various strata of governance, aligning with strategic planning processes and budgetary considerations (Jones et al., 2021).
Establishing the context and goals of risk assessment is paramount in aligning organizational objectives with strategic imperatives (Robinson, 2022).By delineating the strategic vision and articulating activity targets, organizations can effectively mitigate uncertainties and anticipate potential risks (White et al., 2021).
The process of risk identification spans across different levels of governance, encompassing strategic objectives and operational activities (Smith & Johnson, 2020).This entails a meticulous examination of potential risks, their underlying causes, and anticipated impacts, all of which are documented meticulously in risk registers for further analysis (Brown & Robinson, 2023).
Risk analysis represents a pivotal stage wherein the residual risk value is determined through a rigorous assessment of likelihood and impact (Jones et al., 2021).Subsequent to this analysis, a Control Action Plan is formulated, outlining the necessary steps to mitigate identified risks (Robinson, 2022).
Control activities represent the operationalization of risk management strategies, wherein Control Action Plans are implemented through the establishment of robust control infrastructures (White et al., 2021).This entails not only the formulation of policies and procedures but also their rigorous implementation and enforcement (Smith, 2019).
Effective information dissemination and communication are vital components of the risk management process, ensuring that stakeholders are kept abreast of developments and actively engaged in risk mitigation efforts (Johnson, 2018).Local governments leverage various communication channels to facilitate this process, fostering transparency and accountability (Brown, 2020).
Monitoring and oversight are integral to ensuring the efficacy and compliance of risk management practices (Jones et al., 2021).Leadership plays a pivotal role in this regard, overseeing monitoring activities at various echelons of governance (Robinson, 2022).Additionally, independent evaluations conducted by bodies such as the Local Inspectorate serve to provide an added layer of scrutiny and assurance (White et al., 2021).
In conclusion, the effective application of risk management necessitates a holistic and systematic approach, encompassing various interrelated processes and stakeholders.By embedding risk management principles within the organizational DNA and fostering a culture of proactive risk awareness, entities can navigate uncertainties with confidence and resilience (Brown & Robinson, 2023).

Communication and Consultation
Communication and consultation with local government needs to be carried out comprehensively by each local apparatus, ensuring effective engagement with both internal and external stakeholders throughout the risk management process.It is imperative for local apparatus units to familiarize themselves with the spectrum of stakeholders involved in risk management endeavors (Suwanda, et al: 2019).Such an approach is consistent with the viewpoint underscored by Susilo and Kaho (2018)

Evaluation and Reporting
Evaluations must be carried out to improve the effectiveness of the design and implementation of risk management, a crucial aspect for the smooth functioning of any organization.Each local apparatus unit is expected to not only understand but also adeptly implement risk management according to existing guidelines.To demonstrate leadership and commitment, local governments must ensure that risk management is deeply integrated into all organizational activities, permeating every aspect of their operations.Furthermore, efforts to account for the implementation of risk management are not just essential but mandatory, and this accountability is best showcased through comprehensive reporting mechanisms.
Risk management reporting serves as a vital tool for presenting information to stakeholders, aiding in decision-making processes, and fostering transparency.This commitment to transparency and accountability compels local governments to meticulously create reports on risk management, ensuring that all stakeholders are informed and involved in the risk management process.
The risk management report encompasses various elements to provide a holistic view of the risk landscape faced by the organization.Firstly, it includes the implementation report of risk assessment, which is meticulously formulated subsequent to conducting a thorough risk assessment.This assessment spans across different levels, including strategic risk assessment at both the local government and entity levels, as well as operational risk assessment at the local government level.The Risk Owner Unit (UPR) is tasked with preparing this crucial report, which is then submitted to the Local Head, with copies disseminated to the Local Secretary and Compliance Unit.This report, whether in the form of a risk assessment document or RTP document, serves as the cornerstone for effective risk management.
Additionally, the Risk Owner Unit produces periodic reports on risk management, both quarterly and annually, providing insights into the ongoing risk landscape.

Conclusion
This research sheds light on the evolution of legal frameworks surrounding risk management within several local governments across Indonesia, a trend that gained momentum circa 2017.Central to effective risk management is the cultivation of a pervasive risk awareness culture.This culture not only entails the optimization of risk management processes but also emphasizes the importance of robust communication channels, active consultation among stakeholders, and diligent evaluation and reporting mechanisms.By fostering such a culture, local governments can transcend the notion of risk management as a mere administrative obligation confined to paperwork, transforming it into an ingrained ethos within each agency.
The implications of this research extend beyond theoretical discourse, aiming to catalyze practical shifts within local government operations.It endeavors to instill a profound understanding of the intrinsic value of risk management, thereby propelling its integration as a cultural norm.Nevertheless, this study acknowledges its limitations, notably its reliance on normative discussions.Consequently, it underscores the imperative for further empirical research to delve into the actual implementation of risk management within Indonesian local government agencies.By bridging this gap, subsequent studies can provide actionable insights and refine existing frameworks, facilitating more effective risk management practices at the grassroots level.

Figure 1 .
Figure 1.Risk Management Principles, Frameworks and Processes Meanwhile, the Compliance Unit plays a crucial role in monitoring risk, producing annual reports on risk monitoring.These reports, submitted to the Local Head with copies sent to the Local Secretary, provide an overview of risk trends and mitigation efforts, enabling proactive decision-making and ensuring the organization remains resilient in the face of evolving risks.