Risk Management, or better known as Enterprise Risk Management (ERM) is one of the prominent topics in organizational governance and management, but various parties still have different perspectives to understand this concept. Risk management is actually not a complicated science. When implementing risk management, the organization does need large costs, especially when compared to the benefits, but the objective is to contribute a value added to the organization. However, most organizations are still struggling in the implementation of risk management. In fact, the awareness of various parties of the importance of risk management in the last ten years, cannot be separated from the global financial crisis occurring in 2007-2009. Many countries in the world were suffered by the financial crisis and several parties even faced the financial crisis as the worst financial crisis since the Great Depression of 1929-1930. Both developed and developing countries were equally affected. The condition continues to develop into a world economic recession, a period in which economic growth is negative (Gokay, 2009; Dullien et al., 2010). Most parties believe that the main factor causing the global financial crisis is the failure of the risk management implementation.
Along with the world's rapid awareness of the importance of risk management after the global financial crisis, the urgency of risk management is increasingly recognized by various parties in Indonesia, both in the private dan public sector. The risk management continues to grow more strategically in strengthening the organization to achieve its objectives from planning to implementation (Fraser and Simkins, 2016). It evolves since its introduction in the 1950s on insurance management functions in the United States. Then, risk management begins to be adopted by other functions such as taxes, human resources, procurement, and logistics (Hopkin, 2012). However, this function is still conducted separately, a department with other departments implement risk management without coordination or called a silo-based approach (Chapman, 2006).
The weakness of the silo-based approach is the lack of coordination which leads to difficulties in determining who is the risk owner if the risk is categorized as an interdepartmental risk. Therefore, a new approach emerges, promoting risk management to a higher level of organizational structure or called Enterprise Risk Management (ERM). Chapman (2006) argues that ERM is promoted in response to a silo-based risk management incapacity in managing interconnected risks. This is due to increased interconnected risks, where a risk can catalyze other risks, so it is necessary to coordinate and integrate risk management processes across the organization.
In the public sector governance framework, the government organizations are responsible for fulfilling the needs of very complex stakeholders such as political, economic and social objectives. Accordingly, the government organizations must deal with the risk in correlation with objective of the organizations. In addition, the risk management implementation is referred to as supporting governance and effective organizational performance, including in providing services to the public (McRae and Balthazor, 2000; Collier and Woods, 2011).