Risk Identification and Risk Prioritization Using Analytical Hierarchy Process (AHP) (Case Study: Human Capital Management, Procurement, and General Affairs of Holding Company PT. ABC)

: Every company will face the fact that there are events that can be predicted or some that cannot be predicted. Companies to deal with these problems need to manage those risk well. According to ISO 31000, the definition of risk management is part of governance and leadership and is the basis for managing the organization at all levels. Holding company PT. ABC is a non-manufacturing company that is part of one of the largest telecommunications group companies in Indonesia. This company is engaged in strategic investment and holding where the company's business activities include network development, multimedia services, and investment in other similar companies. This company only has a special unit to manage risk management, the unit was only formed in 2021. Because the formation of risk management in this company is still new, in its implementation it still has shortcomings, which include that they are still lacking in communication with each unit to identify the risks faced and they do not pay enough attention to details such as seeing the score of each of those risks and determining which ones are the most important need to be prioritized. This research was conducted using Focus Group Discussion (FGD) as a process of identifying possible risks that may occur and Analytical Hierarchy Process (AHP) to obtain risk priorities from each of the same risks. There are 11 risks that occur with 4 risks that have the same score at the High level, and 3 risks that have the same score at the Medium level. Priority weighting using AHP obtains a priority sequence for each risk that has a score at the same level.


INTRODUCTION
Integrated into the structure, operations and processes of the organization.This integration is applied at the strategic, operational, program or project level.Therefore, there are many models of implementing risk management processes within an organization, specifically designed (customized) to achieve goals and aligned with the external and internal context in which the risk management process is applied.The dynamic and variable nature of human behaviour and cultural conditions should be considered in the application of each stage of the risk management process.Although the risk management process is often presented sequentially, in practice it is carried out iteratively.Holding company PT.ABC is a non-manufacturing company that is part of one of the largest telecommunications group companies in Indonesia.This company is engaged in strategic investment and holding where the company's business activities include network development, multimedia services, and investment in other similar companies.This company only has a special unit to manage risk management, the unit was only formed in 2021.In the implementation of risk management, Holding Company PT.ABC carries out the process starting from risk assessment (risk identification, risk analysis, risk evaluation), risk treatment, then recording and reporting.According to the author, there is something lacking in the process, namely determining which risk priorities need to be prioritized for mitigation.In this study, the author will try to help prioritize risk using data processing with the AHP (Analytical Hierarchy Process) method which will be able to obtain a priority arrangement of various kinds of risks that exist for mitigation.In simple terms, risk can be interpreted as the level of uncertainty that something will happen or not achieve a goal at a certain time.As stated by Shortreed (2003) that risk is a combination of the probability of an event and the consequences of the event, by not closing the possibility that there is more than one consequence for one event, and the consequences can be positive or negative.Risk is associated with losses caused by events that may occur at a certain time.
According to Frosdick (1997) systematic risk can be described as follows: Risk (risk) = Likelihood (likelihood of happening) x Impact (impact) where : risk = consequence / time, likelihood = event / time, impact = consequence / event

Risk Management
According to the sixth edition of the PMBOK Guidebook (2017), The processes of risk management planning, identification, analysis, reaction planning, and risk control are all included in the concept of risk management.In order to increase the chance and effect of beneficial outcomes, risk management aims to: events and reduce the likelihood and impact of negative events.Various specialists have different perspectives on risk management.The process of risk management involves evaluating weaknesses and threats to the information resources that a company uses to accomplish its business goals and choosing what, if any, controls will be put in place to decrease risk to an acceptable level.(CISA, 2010) in (Noorrahman et al. 2011).

Risk Map
A risk matrix or risk map is a graphical representation of the likelihood, or probability, of an outcome and the consequence should that outcome occur.Consequences are frequently stated in monetary terms.Risk matrix often focus more on potential losses than on potential benefits, as their name suggests.The system's declared goal is to rank risks and riskreduction strategies.Additionally, it has been advised in several standards and is prevalent in fields of applied risk management, such as enterprise risk management, to use risk matrices to determine priorities and direct resource allocations.(Cox 2008, p 498).

METHODOLOGY
The primary data collection method for this research is using qualitative method.The potential qualitative data collection activities according to Yin (2011), which are interviewing, observing, collecting, and examining, and feelings.Data obtained through informants by conducting question and answer or direct interviews (Sugiyono, 2011).Primary data is information that the researcher or others who require it directly collects from the field.In this study, the source of secondary data is data obtained through several sources of information, namely in the form of documents related to research.Secondary data is information gleaned from or gathered by researchers from pre-existing sources.

FINDINGS AND ARGUMENT
To analyze the potential risks that occur in the Holding Company PT.ABC, the authors conducted research using FDG which was conducted with 3 representative employees from Sub Directorate HCM, Procurement & GA.The policy of the PT ABC Holding Company is that they determine that there is one officer in each sub-directorate who is appointed as a risk agent whose job is to assist the Risk, Legal & Compliance units in the risk management process in their respective units.This FDG was carried out concurrently and the assessment of these risks was the result of a joint assessment by the three respondents at the same subdirectorate.The results of the FDG can be seen that there are several risk variables including: There are 4 risks at the High level that have the same likelihood and impact scores.In order to sort which is the priority at that level, the author conducted an AHP analysis and found that the sequence of risks at the High level is as follows: a. Procurement process delays, not in accordance with applicable procedures, vendor/supplier quality not in accordance with the TOR.b.Employee behavior does not reflect AKHLAK's core values.c.Leakage of employee data information.d.Procurement processes that conflict with the interests of employees and the occurrence of FRAUD.3.There are 3 risks at the Medium level that have the same likelihood and impact scores.In order to sort which is the priority at that level, the author conducted an AHP analysis and found that the sequence of risks at the Medium level is as follows: a. Recruitment, Training and Payroll do not work according to SLA. b.The work environment is not comfortable and healthy for employees.c.Effectiveness of the Company's streamlined organizational structure.

1 .
Definition of RiskMany parties have defined what is referred to as risk.Risk was originally known as a combination of mathematics and uncertainty.

Figure 1 . 1 .Figure 1 . 2 .
Figure 1.1.The Five Colour Levels Risk Map Refer to on the Criteria for Impacts and Possible Risks

2581-8341 Volume 06 Issue 01 January 2023 DOI: 10.47191/ijcsrr/V6-i1-83, Impact Factor: 5.995 IJCSRR @ 2023 www.ijcsrr.org 767 * Corresponding Author: Wishnu Shandhika F. Volume 06 Issue 01 January 2023 Available at: ijcsrr.org Page No. 764-768
CONCLUSIONSBased on the results of identification and risk analysis that has been carried out in the Sub Directorate of HCM, Procurement & GA at the Holding Company PT.ABC, some conclusions are obtained as follows: 1.There are 11 risks in the Sub Directorate HCM, Procurement & GA at the Holding Company PT.A B C. The 11 risks are divided into 3 levels, namely 1 risk at the Very High level, 6 risks at the High level, 3 risks at the Medium level, and 1 risk at the Low level.2.