Design of Risk Management Based on Iso 31000 in PDAM Tirta Meulaboh

Regional Water Company (PDAM) Tirta Meulaboh is the only stateownedof West Aceh district that provides clean water for the residents of West Aceh, especially the residents of the city of Meulaboh and its surroundings. But in its operation the company has not yet to have a risk management system, so it has the impact on the company's survival and not optimal service to its customers. The study aims to identify risk, risk analysis and risk evaluation, in order to do prevention and mitigation of the impact of risk on each section in PDAM Tirta Meulaboh using risk management system standard ISO 31000. The process steps of risk management based on ISO 31000, starting from risk identification to methods Risk Breakdown Structure (RBS), risk analysis using matrix risk quantification and Risk Priority Number (RPN), and the evaluation of risks by using risk map. The results showed that in PDAM Tirta Meulaboh there were 43 risk events that have the potential business problems, which if they were not solved immediately it could affect the performance of the company, even the survival of the company. Of the 43 potential risks that were logged to the red zone, there were 5 potential risks which occupies the first rank is on productions departement: the defective of production water meter, the defective of distribution water meter and retrieval water by tank car without through the water meter. Branch Kaway XVI: customers are reluctant to pay the water bill and in IKK Rantau Panjang: water meter of raw water was damaged. The Efforts to mitigate against the risk of those 43 events which were logged in the red zone has not been planned and done yet by the management of PDAM Tirta Meulaboh.


INTRODUCTION
Risk is everywhere, can come at any time and are difficult to avoid.If such risks overwrite the organization, then the organization could experience significant losses.In some situations, the risk could lead to the destruction of the organization.So it is important risk to manage the risk.Risk management organization aims to create a system or mechanism within the organization so that the risks that could harm the organization can be anticipated and managed for the purpose of increasing the company's value (Hanafi, 2014: 8).
Risk management in an enterprise will be very helpful in several ways, namely: (a).Foreseeing the base, the magnitude and frequency of potential losses suffered when an event occurred that could not previously suspected, (b).Creating a basis for reducing or limiting the emergence of a risk, (c).Provide a basis for a decision to estimate the risks that may arise.So risk management is an executive decision which aims at managing the risks that would be faced by the company, which can result in losses for the company (Harimurti in Abisay and Nurhadi, 2013).
Companies will always face an uncertain work environment, so that every company faces risks.PDAM Tirta Meulaboh is the only state-owned West Aceh district that provides clean water for the residents of West Aceh, especially the residents of the city of Meulaboh and its surroundings.
In this case, PDAM Tirta Meulaboh have not been able to provide optimum service to the community.This is evidenced by the frequent customer complaints were reported in the local media about murky water, salty water, muddy water, and the water was not drain.
From the author's observation, it was also known that the company does not yet have adequate risk management systems.This was reflected due to the time of the study, PDAM Tirta Meulaboh has not yet to have a risk management document.
Supposedly every company must establish adequate risk management systems in order to ensure the survival of the company and can provide optimal service to the customers.
Therefore, it is necessary to study to design a risk management system in PDAM Tirta Meulaboh with reference to international standards.
The study aims to identify risk, risk analysis, risk evaluation to be carried out as prevention and mitigation of the impact of risk on each section in PDAM Tirta Meulaboh by using the risk management system of international standard.
With this research, the benefits of a good understanding of risk management based on ISO 31000 standards and able to develop the design of prevention and risk control system.
Previous research related to this topic has been done by Febriyanti and Hidayanto (2012), with the title of the study of risk management for data management in the data processing section of PT Petro Kimia Gresik.Dewi (2012), examines the implementation of a risk management system for the national industry as input for nuclear power programs.Abisay and Nurhadi (2013), examines the risk management at Soekarno Hatta Airport based on ISO 31000.Nurochman (2014), examines the risk management library information system (a case study in the library of University of Gajah Mada).Li Guo (2015), examines the implementation of a risk management plan in operating room of Peking University Third Hospital.
We can claim that is this study differs from previous studies, due to the characteristics of different companies, so that the results of research and discussion differ from the previous research.Tugiman (2009), defines risk as an adverse event or not achieving the expected goals.Risks associated with uncertainty.This uncertainty happens due to the lack or unavailability of information about what is going to happen.For organizations, especially companies unpredictability can be detrimental or beneficial impact.If uncertainty profitable then it is called opportunity.While uncertainty is detrimental then known as risk.

LITERATURE STUDY Understanding Risks and Risk Management
CPPR MEP UGM (2012: 2) define risk as an opportunity or possibility of danger, loss, injury, or other unintended consequences.According to Dewi (2012), the risk is the possibility of adverse events.The same thing was said by Hanafi (2014: 1), which defines risk as an adverse event.Another defined that is often used for investment analysis, is the possibility of the results obtained deviates from the expected.Risk is the uncertainty that may be a positive or negative expectation Meanwhile, the organization's risk management according to Mamduh in Tugiman (2009), is an organization's risk control system faced by organizations in a comprehensive manner for the purpose of increasing the company's value.Also SBC Warburg in Tugiman (2009) said that risk management is a set of policies, procedures complete, that belong to organizations to manage, monitor and control the organization's exposure to risk.Gibson in Nurochman (2014), defines risk management as a practical activity on the identification, assessment, control and mitigation of risk.Likewise Hanafi (2014: 9), said risk management is how an organization can manage the risks it faces.Basically, risk management is done through a process of risk identification, evaluation, risk measurement and risk management.
Each organization must be able to manage the risks.If organizations fail to manage risk, the consequences could be serious enough and certainly detrimental to the company.According to Hanafi (2014: 11), there were six ways to manage organizational risk, namely avoidance, detained, diversification, risk transfer, risk control and risk financing.

ISO 31000 and Risk Management Process
With the various risk management standards and global consensus in risk management, the International Standards Organization (ISO), started to draw up a risk management standards.After going through the voting process and the revision of all the members of ISO, the standard was launched as an international standard (Susilo and Kaho, 2010: 6).By stating that ISO 31000 is a generic risk management standard, this standard does not negate the risk management standards created for specific.Both can co-exist and complement each other.One thing that distinguishes the ISO 31000 with other risk management standard that ISO 31000 is broader and more conceptual than others.
The risk management process includes five activities, namely communication and consultation, determine the context, risk assessment, risk treatment and monitoring as well as the Review.For the risk assessment it self includes three parts in it: risk identification, risk analysis and risk evaluation.Meanwhile, according to Peltier (2004), there are six stages in the process of risk analysis, namely the definition of an asset, threat identification, determine the probability of occurrence, determine the impact of threats, recommendations and documentation control.
Risk mitigation is a systematic methodology that is used by senior management to reduce the risk of the organization.There are five methods in mitigating risk, the acceptance of risk (risk assumption), the reduction of risk (risk Alleviation), risk aversion (risk avoidance), the limitation of risk (risk limitation) and planning risk (risk planning) (Peltier, 2004).

RESEARCH METHODOLOGY
The research method of risk management was done based on ISO 31000.The phases starting from risk identification, risk analysis and risk evaluation.
Risk identification aims to identify risks that must be managed by the organization through a systematic and structured process.This process is very important because the risks are not identified in this process will not be dealt with in the production process.Risk identification target is to develop a list of sources of risk and a comprehensive events as well as having an impact on the achievement of the goals and targets identified from the context.The main document that is generated in this process is a list of risk Risk identification was done by the method of Risk Breakdown Structure (RBS), followed by brainstorming with the employee responsible for each section, including the top leaders.
Risk analysis is an attempt to more deeply understand the risks, including ways and strategies in treating those risks.The purpose of risk analysis is to analyze the impact and possibilities of all the risks that may impede the achievement of the organization's objectives.Event risk is analyzed using matrix quantification of risk, then the risk is classified in the red, yellow or green, according to its level.Risk quantification matrix can be seen in Table 1.
The purpose of risk assessment is to help the decision-making process based on the results of risk analysis.Risk evaluation process will determine which risks need treatment and how to treat priority over those risks.
Treatment risks include efforts to select the options that can reduce or negate the impact and likelihood of risk occurrence, then apply the selection.The company located at Jalan Purnama Meulaboh No. 01, has an installed production capacity of 6.14952 million m3, with the volume of water produced reaches 2.1024 million m3.The company has 51 permanent employees and assisted by 19 contract employees.

Risk Identification
Risk identification in this study is done by testing the document by using Risk Breakdown Structure (RBS) method, conducting interviews and brainstorming with the stakeholders related.From the document test results, obtained the information that there were as many as 9 units under PDAM Tirta Meulaboh have potential risk, namely the financial, administrative and general, IKK Rantau Panjang, Branch of Kaway XVI, part of customer relations and account, planning section and supervision, production and transmission and distribution units.The risk is described in figure 1.Based on interviews and brainstorming with related stakeholders, can be identified as many as 54 risks.

Risk Analysis
In this study, the risk analysis process was done using quantitative methods with qualitative parameters.Assessment was done by distributing questionnaires to get answers from the respondents.The respondents were 12 people whowere related risk stakeholders of PDAM Tirta Meulaboh.The questionnaire was divided into two parts, the possible risks and impacts.
The questionnaire has been tested by using normality test, validity and reliability test of SPSS software.Normality test was done by using Kolmogorov-Smirnov methods.The resalt indikacted that the data were normally distributed, both variable and variable risk of impact, as shown in figure 2  From Figure 2 and Figure 3 above, indicated that each number Kolmogorov-Smirnov test of significance Sig.= 0.200> α = 0.05, which means that the data distributed normally.Validity test results show that all the items in the questionnaire were valid question.Furthermore, the reliability test gave risk variables Cronbach's Alpha value of 0.917.While the impact of variable reliability test gives Cronbach's Alpha value of 0.897.Each value of Cronbach's Alpha, both impact variable and risk variable were more than 0.60, which means that the questionnaire of risk variables and impact variables were reliable.
Event risk that had been analyzed, then be put on the red, yellow or green zone.All the risks in the red zone became priority to receive special treatment in the form of further treatment, so-called Risk Priority Numbers (RPN), as presented in Table 2.There is no water meter for water tank car.

Risk Evaluation
The purpose of the risk evaluation process is to determine the priority of risk management in order to know any risks that require attention and further treatment.This phase was conducted to determine how much risk was extreme, major, moderate, minor or insignificant.The risk classification can be seen on a map of risk presented in Table 3.
From a total of 55 potential risks identified, 43 potential risks (78.18%) were included in the red zone, consist of 9 potential risk from finance department, one from administration and the public department, , 9 potential risks from IKK Rantau Panjang, 6 from Kaway XVI Branch, 4 from customer relations and account department, 3 from planning and supervision, 1 from warehousing, 7 from production department and 3 potential risk from transmission and distribution.
Furthermore, the potential risks that fall into the red zone were ranked in accordance with the value of the RPN.The objective was to facilitate in determining the priority of risk mitigation.From table 1 above, there are 5 potential risks which occupies the first rank, in the second rank there were 21 potential risks and the remaining 17 potential risks logged in third rank.Potential risks were included in the red zone should receive serious attention from the management to be handled immediately.

Low Medium High
Treatment Risks Risk treatment system was designed to assist managers in making decisions.Because in general the potential risks were identified based on events that happened before, then the election strategy of risk treatment performed in this study was to mitigate risk, as presented in Table 4.There is no water meter for water tank car.

Procurement has not been done yet
The potential occurrence of fraud and potential loss of water.
Procurement of water meters for water collection by tank car.
KK = Kemungkinan Kejadian, *D = Dampak, *R/D = Risiko/Dampak PDAM Tirta Meulaboh is a business entity owned by the Government of West Aceh which was founded in 1983 under the name Water Management Agency (BPAM).The Company began operations in 1984.Based on Regional Regulation No. 11 of 1993, it renamed to became PDAM Tirta Meulaboh.The company has the mission of "Excellent Service, Healthy and Independent".
and figure 3.

Table 2
Risk RPN for events in the Red Zone

Table 3
Risk Map of PDAM Tirta Meulaboh

Table 4
Risk Mitigation Strategy Loggof ed in Red Zone