T Operational Risk Management Design in the Indonesia Mining Growth Program (P3I) Using House Of Risk Method

― The Indonesia Mining Growth Program (P3I) is a development project activity for nickel Mining Enterprise and Processing Plant in the "X" Region in Sulawesi. This research will design a risk management framework for P3I by implementing Enterprise Risk Management (ERM). In this study, the method is used to analyze the potential operational risks that exist in P3I namely the House of Risk (HOR) model. The results of the identification of risk events in the operational business processes of P3I found 25 risk events divided into each business process, namely 8 risk events in the mine planning process, 7 risk events in the design implementation process, 8 risk events in the production process, 1 risk event in the product delivery process and 1 risk event in the process of returning waste from Processing Plant. Thus, the results of the identification of risk triggers (risk agents) found 23 risk causes (risk agents). The result of the Aggregate Risk Potential (ARP) recapitulation is an output calculation based on the HOR model phase 1, there are 7 top-ranked risk agents since it is considered to be able to hamper the company's goals. Thus, in determining the preventive actions, 17 preventive actions were obtained, which were then put into the HOR phase 2 model to rank the most effective prevention measures based on cost and resources.


I. INTRODUCTION
HE program to develop mining activities in the "X" Region is known as the Indonesian Mining Growth Program (P3I) or in terms of the company is known as the Indonesia Growth Program (IGP). One phase of FEL 3 is conducting Risk Management related to the preparation of Mining Operations (Operational Readiness) in mining activities and delivering ore with special specifications in terms of quality and quantity to the nickel plant. Synergizing with Operational Readiness activities, Risk Management must be carried out so that at the time of the mining activities the company can carry out good mining practices to minimize losses and maximize NPV from the mine.
Meanwhile, the company has limited risk identification and risk management to address the risks that may occur in the mine development program. This was realized by the Indonesian Mining Growth Program (P3I) team of the company due to several incidents that have occurred in connection with the company's operational plans that were not previously thought and potentially causing the implementation of the operational plans could be disrupted and harm the company.
Based on the explanation above, the purpose of this study is to design a risk management framework for P3I by implementing Enterprise Risk Management (ERM). Implementation of Enterprise Risk Management (ERM) is a very important thing owned by the company because the risks that occur can be managed and minimized to achieve company goals. The approach used to implement Enterprise Risk Management (ERM) in this study is SNI ISO 31000: 2011 (also called ISO 31000). The process of designing risk management goes through the stages of risk identification, risk analysis, risk evaluation, risk treatment, monitoring, and review. In identifying and measuring potential risks, the focus is on operational plans in P3I, because the risks faced can be seen in the company's operations.
Risk is the possibility of an event that can harm the company and essentially an event that has a negative impact on the company's goals and strategies. The possibility of the occurrence of risks and their consequences for the business is fundamental to be identified and measured. (Normaria Mustiana Sirait, 2016). According to Djohanputro (2006) Djohanputro (2006) in Normaria Mustiana Sirait, Aries Susanty (2016), operational risk is caused by failure or inadequate internal and human functions and processes or from external events. This risk will have an impact on the entire business. According to Darmawan (2011), the operational risk classification is generally divided into 4 (four) categories, namely human resources (HR), technology, processes, and external factors [2].
In this paper, presenting an innovative model for Mining enterprise risk management. This is based on the notion that attacking the causes (or the risk agents) could concurrently prevent one or more risk events from happening. It modified the well-known failure mode and effect analysis (FMEA) model for risk quantification and adapt the house of quality (HOQ) model for prioritizing which risk agents are to be dealt with first and for selecting the most effective actions to reduce the risks potentially posed by the risk agents. The model involves the process of identifying, assessing, planning, and implementing the solution, conducting FMEA analysis, and doing continuous improvement. In the quantification stage, the first is to define basic mining business processes based on the mining operations reference has been recognized. The core mining processes will be analyzed to identify the risks that could happen and the consequences if it happened. The risk agents and their associated probabilities are also assessed. Also defined aggregate risk potential for each risk agent as the aggregate severity of impacts caused by a risk agent. To illustrate how the model works, it was presented the application of the model to a nickel mining company in Indonesia.
Normaria Mustiana Sirait, Aries Susanty (2015) conducting a risk analysis using the Enterprise Risk Management (ERM) approach at a cardboard manufacturing company by focusing on the company's operational risk. From the identification of risks carried out, the findings from the study show that 32 operational risks that may occur in the company. The risk comes from the risk of human resources, productivity, procurement of raw materials, warehousing, system risk, delivery, environment, reputation, and waste handling risk. The calculation of each risk assessment is based on the severity and the probability of its occurrence. From the calculations carried out in the study, it can be seen that the risks that need to be prioritized to be controlled are regarding the accumulation of buffer stocks that are in the warehouse, the mismatch of the number of goods coming and ordered goods from suppliers and handling the capacity of the warehouse.
Putri Amelia, Iwan Vanany, Indarso, (2017) proposed a methodology in dealing with a shipping industry that produces the main tools of Indonesia's defense system, especially for the sea dimension. The research analyzed the risks that arise in its business processes. Once the risk event / operational risk events are known, a risk assessment will then be conducted, and finally, the risk mitigation program will be carried out in the battleship division of the company. The House of Risk (HOR) model is used to address existing problems. By using two phases of work, namely the first and second phases. The first phase is to identify risks and risk agents. Furthermore, the severity and occurrence level will be measured as well as the calculation of the aggregate risk priority (ARP) value. The second phase is risk management. Ajeng Retna Maharani (2018) applied a methodology in dealing with the train car maintenance industry in Java. In the study, a risk management agreement will be issued for PT. X by implementing Enterprise Risk Management (ERM). The risk assessment used to implement Enterprise Risk Management (ERM) in this study is SNI ISO 31000: 2011. The process of designing risk management, risk evaluation, risk evaluation, risk treatment, recovery, and testing. In this study the method used to analyze the potential operational risks that exist in PT. X uses the House of Risk (HOR) model [1].

II. HOUSE OF RISK (HOR) MODEL
The model is based on the notion that risk management should attempt to focus on preventive actions, i.e. reducing the probability of risk agents to occur. Reducing the occurrence of the risk agents would typically prevent some of the risk events to occur. In such a case, it is necessary to identify the risk events and the associated risk agents. Typically, one risk agent could induce more than one risk events. For example, problems in a mine production system could result in a shortage of ore materials and increased reject rate where the latter is due to switching mine pit to another pit where the productivity is less.
In the well-known FMEA, risk assessment is done through the calculation of an RPN ( Risk Potential Number) as a product of three factors, i.e. probability of occurrence, the severity of impacts, and detection. Unlike in the FMEA model where both the probability of occurrence and the degree of severity are associated with the risk events, here we assign the probability to the risk agent and the severity of the risk event. Since one risk agent could induce some risk events, it is necessary to quantify the aggregate risk potential of a risk agent. If Oj is the probability of occurrence of risk agent j, Si is the severity of impact if risk event i occurred, and Rij is the correlation between risk agent j and risk event I (which is interpreted as how likely risk agent j would induce risk event i ) then the ARPj (aggregate risk potential of risk agent j ) can be calculated as follows: The HOR adapts the HOQ model to determine which risk agents should be given priority for preventive actions. A rank is assigned to each risk agent based on the magnitude of the ARPj values for each j. Hence, if there are many risk agents, the company can select first a few of those considered having large potentials to induce risk events. In this paper, it proposes two deployment models, called HOR, both of which are based on the modified HOQ: Mine Planning Schedules cannot be converted into executable mine plans E2 4 There is no adequate technical support to include saprolite ore as ore reserves in the FEL3 study of "X" Region E3 2 There are potential differences in product yields from chemical, quantity and quality aspects E4 3 There is a difference in product fraction due to inadequate old data E5 2 Economic and Financial Evaluation Bankruptcy or merger of the company, causing suspense on of ore purchase and supply The quality of ore fed does not meet specifications E24 3

Return
Off-spec material returns Returns of ore and waste from the processing plant E25 3 1. HOR1 is used to determine which risk agents are to be given priority for preventive actions. 2. HOR2 is to give priority to those actions considered effective but with reasonable money and resource commitments.

A. House of Risk 1 (HOR1)
In this stage, the identification of risks that might occur in each business process is carried out. This stage can be initiated by mapping at each stage of the business process. HOR1 focuses on ranking the ARP which consists of 3 factors, namely occurrence, severity, and interrelationship or in other words this phase focuses on the process of risk identification which includes risk agents and risk events. This phase consists of several steps and can see at This Occurrence states the level of opportunity for the frequency of occurrence of a risk agent that results in the occurrence of one or several risk events that can disrupt business processes with certain impacts. Risk agent identification by providing a scale of 1-5 where scale 1 shows that the risk never occurred, while for number 5 shows that the risk is almost certain to occur. 6. Compilation of a matrix to correlate each risk agent with risk events. 7. Measurement of the value of the correlation (correlation between a risk event with the agent causing the risk. If a risk agent causes a risk, then there is a correlation said. Correlation value (Rij) consists of above (0,1, 3,9) where 0 shows no correlation, 1 represents a small correlation, 3 describes a correlation while 9 represents a high correlation. 8. Perform ARP calculations to determine the level of occurrence of risk agent j and the impact caused by a risk event triggered by risk agent 9. The ranking of risk agents is based on the ARP value.

B. House of Risk Fase 2 (HOR2): Risk Treatment
In this phase, it focuses on determining what steps are most appropriate to do first by considering the effectiveness of the resources used and the level of performance of the object or project involved. The organization or company must determine the appropriate form of response or risk mitigation where the form of mitigation must be easy to apply but can reduce the probability of the risk agent occurring. HOR2 model can see at Table 2. Here are the steps in HOR2: 1. Select a risk agent with a high priority level based on the output of HOR phase 1.

Identification of relevant actions to prevent risk from
arising. 3. Determine the relationship between each preventive action on each cause of risk (risk agent) by using a value of 0,1,3 or 9. Where the number indicates a relationship that is no, low, moderate, and a strong relationship between action k and agent j. 4. Calculate the level of effectiveness of each action as follows: = ∑ 5. Measure the level of difficulty by representing each action. 6. Calculate the total effectiveness to determine the magnitude of the ratio using the following formula:

= /
(3) 8. Prioritize the scale from the highest ETD to the lowest. The first value is given to mitigation actions that have the highest ETD value.

C. Pareto Diagram
According to Heizer and Render (2014: 255), the Pareto (Pareto Analysis) diagram is a method for managing errors, problems for defects to help focus attention on problemsolving efforts. This diagram is based on the work of Vilfredo Pareto, an economist in the 19th century. Joseph M. Juran popularized Pareto's work by stating that 80% of company problems are the result of causes that are only 20%.
Besterfield (2009: 78), this Pareto Diagram is an illustration that ranks data classification from left to right according to the highest to lowest ranking.
Thus this can help find the most important problems to be resolved immediately (highest ranking) to the problems that do not have to be resolved immediately (lowest ranking). Pareto diagrams can also identify the most important problems that affect quality improvement efforts

A. Brief company background
The above model was applied to a multinational nickel mining company in Sulawesi, Indonesia. As the sole contractor of the Government of Indonesia in the Contract of Work (CoW) area, has exclusive rights in one of the designated "X" Regions in Sulawesi to explore, develop, mine, process, stockpile, transport and sell nickel and other minerals related to nickel. There is a general description of (P3I) consists of the main tasks, functions, organizational structure description and vision and mission (P3I) of the company, among others, are as follows; The main purpose of the Indonesian Mining Growth Program (P3I) is to develop an integrated mine plan in Region "X" to deliver Limonite ore to a High-Pressure Acid Leaching (HPAL) Plant and to deliver saprolite ore to other FeNi smelters. This is the company's strategic project since it is the company's obligation to develop mining and processing in the "X" Region. This is the future of the company trough mining to expand its operations to meet the future nickel market requirements that predict an increase in consumption of electric vehicles (EV) demand and increase consumption of stainless steel for construction.

B. Identification of risk events and assessment of their severity
The risk events were identified through the breakdown of major business processes into sub-processes and then asking the question of what the problem will occur in each of the sub-processes. The company has already documented risk events before this study was carried out so we included many of already defined risk events in this study. Some of the other risk events were identified during the study, through brainstorming with relevant managers, which then led us to have a total of 25 risk events (eight of which are related to planning, seven with project implementation, eight with production, one with shipping, and one with returns). Some of the identified risk events are presented in Table 3.
The next step is the assessment of the severity of each risk event. This was accomplished by distributing a questionnaire to relevant managers. They were asked to fill in a number (between 1 and 6) next to each risk event where a value of 1 means almost no impact or very low if the associated risk event occurred while a value of 6 means very critical (see PR -E -233E Integrated Risk Assessment and Management (AGIR) -Project Risks belong to the company for a more detailed description of the scales). The numbers in the parentheses in Table 3 represents the severity of the associated risk events.

C. Identification of risk agents
Many of the risk agents had also been documented by the company before. However, we did clarify and suggest some other possible risk agents not included in their list. Finally, we ended up with a total of 23 risk agents as presented in Table 4 along with their respective degree of occurrence. The occurrence represents the probability of each of those risk agents happening. The values range from one to ten where a value of 1 means almost never occurred/very remote and a value of 5 means almost certain to happen/very likely (see PR -E -233E Integrated Risk Assessment and Management (AGIR) -Project Risks, belong to the company for a more detailed description of the scales). The values of occurrence were also obtained through a questionnaire distributed to relevant managers.

D. Identification of correlation between risk agents and risk events
The relationship between the risk agents and risk events were identified and a value of 0, 1, 3, or 9 was assigned in each combination. We obtain, for example, a value of 9 between A1 (Inaccurate request references) and E2 (Schedules cannot be converted into executable mine plans), indicating that the Inaccurate request references would certainly result in Schedules cannot be converted into executable mine plans. The relationships between each risk agent and each risk event is shown in HOR1 in Table 5.

1) Aggregate risk potentials
With the three inputs above, we can calculate the aggregate risk potentials of each risk agent. As an illustration, determining ARP1 is calculated in the following way: There is one correlation with a score of 1 with a severity scale value of 3, there are two correlations with a score of 3 with a severity scale value of 4 and 3 respectively, and seven correlations with a score of 9 with a severity scale value of 2, 2, 3, 3, 3 respectively, 3, and 3. The probability value of P1 is 3. Hence, the ARP of this risk agent is calculated as follows:

= 3 × [1(3) + 3(4 + 3) + 9(2 + 2 + 3 + 3 + 3 + 3 + 3)] = 585
As can be seen from Table 5, the calculated values range from 21 to 1,179. The results of the ARP ranking in Table 5, will be input for the next data processing process of HOR phase 2. From the results of the ARP value, the priority of risk agents is classified from the overall risk that will be treated as an effort to minimize the risk. The Pareto diagram of the aggregate risk potentials for all 25 risk events is shown in Figure 1.

2) Identification and prioritizing proactive actions
Further analysis shows that the first five risk agents contribute to about 50 percent of the total ARP values and eleven risk agents contribute to 75 percent of the total ARP. The above-Pareto diagram indicates that the degree of importance of reducing the probability of occurrence of each risk agent differs widely.
After the Pareto diagram application above, it is obtained from the cumulative percentage of ARP that there is 1 risk agent selected, namely (A4) Technical evaluation is less accurate. However, after conducting a study using the concept of 80:20 and brainstorming, then the seven topranked risk agents who were prioritized were determined to take precautionary measures. Naturally, a company should prioritize those with high-aggregate risk potentials as well.
The second HOR framework in section three can be used to identify and prioritize proactive actions that the company should do to maximize the effectiveness of effort with acceptable resource and financial commitments. The HOR2 which presents the seven risk agents with the 17 proposed actions is depicted in Table 6 The difficulty of performing each action is classified into three categories: low with a score of 3, medium with a score of 4, and high with a score of 5. As pointed out above, the degree of difficulty should also reflect the money and other resources needed to perform the corresponding action. Hence, the ratio would indicate the cost-effectiveness of each action. However, we should aware that the use of different scale in measuring the degree of difficulty may result in changes of the ranks, indicating the need to perform sensitivity analysis when applying this framework in a real case.
The priority for each action is obtained based on the values of the effectiveness of to difficulty ratio of action k (ETDk). The higher the ratio, the more cost-effective is the proposed action. From Table 6, we see that the most cost-effective action would be to improve the cross-functional team within the organization.

V. DISCUSSIONS AND CONCLUDING REMARKS
The results of the House of Risk phase 1 model are processed using Pareto diagrams, it is found that 1 risk agent is chosen, which is (A4) Inaccurate technical evaluation.
However, based on the 80:20 concept and brainstorming with P3I management, a risk agent that will be a priority risk agent for preventive actions, namely seven top-ranking risk agents because they are considered to be able to obstruct the goals to be achieved by the company sequentially, among others ( The results of the House of Risk (HOR) phase 2 model, 17 preventive actions are then calculated ETD values. Furthermore, ranking is done according to the highest ETD value to the lowest. The following preventive measures are ranked according to the top ranks, among others (PA1) Conduct better coordination among related agencies, (better cross functional integration); (PA2) Using data parameters and assumptions that have been agreed upon and validated beforehand; (PA6) Conducting internal workshops (internal alignment) before finalization and publication; (PA7) Better negotiation strategies with clients (factory and government); (PA12) Empowering the function of Enterprise Resource Planning (ERP) system; (PA9) Providing training to the P3I team to thoroughly understand the business process at the plant; (PA3) More often to conduct peer reviews to ensure all technical reports have been verified and meet the requirements, including template references in accordance with applicable reference standards; (PA14) A contingency plan is prepared and when ready to be implemented following prediction of conditions on the ground; (PA13) Establish a clear Service Level Agreement (SLA) for both parties (for example between Mining and Factory); (PA8) The Steering Committee takes a role in providing support for a team decision; (PA17) Increase the number of resources; (PA4) Complete all verification data with comprehensive studies or studies; (PA5) Conducting Mining Test, which is a small scale implementation study in the field; (PA11) Better negotiation strategy with suppliers / vendors / implementing contractors; (PA10) Providing access to the P3I team to obtain proportional data from the plant in compiling the plan; (PA16) Perform work measurements and (PA15) Provide opportunities for bench marking.
Related to the dynamics of P3I at this time, then this risk management study can be carried out to obtain expertise. The right time is recommended every 3 (three) years so that the implementation program can be realized first or there are significant organizational or regulatory changes. But for monitoring and coordination can be done every 6 (six) months.
Thus fulfilling the aspects of sustainability and the concept of improvement "Plan -Do -Check -Action" as outlined in the management of the Company's Production System (VPS) at the company itself.
P3I Management can form a risk management unit that is included in the organizational structure so that the risk monitoring and control process can run well. In making the design of Operational Risk Management using the House of Risk (HOR) method, quite a lot of qualitative data must be collected, and it involves many parties involved in the organization. Therefore a structured, systematic, and wellplanned planning is very necessary for the collection of respondent data so that the objectives of the respondent's data collection can run well, effectively, efficiently, and completed in the expected time. Then techniques are needed to encourage imaginative thinking at each stage of the risk management process and each stage of the respondent, therefore a facilitator is needed to guide the course of the brainstorming stage so that the process becomes more directed and all participants can get involved