RISK MANAGEMENT ANALYSIS BASED ON ISO 31000: 2018 CASE STUDY AT ZAURA SUPERMARKETS IN EAST ACEH

This study aims to find out how to analyze risk management based on ISO 31000:2018 in the Zaura Swalayan business. The data used in this study were structured and unstructured interviews. The method used in this study was carried out based on the ISO 31000:2018-based risk management process. The results showed thatThe risks faced by Zaura Swalayan are:bad credit , there is a damaged or defective product,accumulation of goods,wrong selling price,broken computer,the impact of the covid-19 pandemic,competition,unsatisfactory service,theft,natural disasters, andpower outage. The handling/management carried out has not been maximized due to the absence of a special team to handle/manage these risks. At Zaura Supermarketthere is no very high level of risk,there is only 1 risk with a high level of risk, there are 5 risks with a moderate level of risk, there are 5 risks with a low level of risk and there are 2 risks with a level of riskwhichvery low.


INTRODUCTION
The business world today continues to experience very rapid development due to increasingly competitive business competition. One of the businesses that is growing rapidly is the self-service business. food, beverages, household appliances and equipment, electrical appliances, baby equipment, medicines, cosmetics, accessories and others. Self-service is a modern market which is designed with a comfortable place where buyers can pick up the items, they want to buy themselves. Self-service also includes heterogeneous markets, namely markets that sell various types of goods. Self-service can be seen clearly so that it also enters the type of concrete market which physically exists.
In addition to its fairly rapid development, self-service businesses also have considerable potential to gain big profits for business actors. However, with the current covid-19 pandemic, this business potential has decreased due to limited space for movement. must make various efforts to prevent losses or even bankruptcy so that the business they run can survive during this covid-19 pandemic. There are many factors that cause losses, one of which is the lack of understanding of business actors in running and managing a business.
Zaura Swalayan is a type of retail business in East Aceh, precisely in front of the Idi Rayeuk city terminal which consists of 3 shop houses. Zaura Swalayan has been operating for about 10 years and has become a mainstay for the surrounding community/consumers. Although Zaura Swalayan is a shopping center which certainly has many advantages, one of which is a very strategic location, this greatly affects buying interest from consumers and has a fairly large existence for several years in the area, this can be seen from the many consumers who are very loyal to shop. daily needs in the area as time goes by, Zaura Swalayan is growing and showing its existence in the area, which can be proven by the availability of member cards for customers. Zaura self-service also provides electronic payment tools via debit or credit cards. However, Zaura Swalayan also has several risks that cannot be avoided and must be faced, such as business risks that keep coming during the COVID-19 pandemic or even before.
As time goes by, Zaura Swalayan is growing and showing its presence in the area, which can be proven by the availability of member cards for customers. Zaura self-service also provides electronic payment tools via debit or credit cards. However, Zaura Swalayan also has several risks that cannot be avoided and must be faced, such as business risks that keep coming during the COVID-19 pandemic or even before. Risks in a business or business are unavoidable, but these risks can be minimized/reduced in severity. Risk management is very important in the business world. According to ISO 31000 Risk Management-Guidelines (2018), risk management is coordinated activities carried out in order to manage and control an organization related to the risks it faces.
The ISO 31000 standard has been adopted by Indonesia as the Indonesian National Standard (SNI ISO 31000). This standard can be used by any organization, regardless of its size, activity or sector. The ISO 31000 standard is increasingly being used by Indonesian companies compared to other standards. This can be proven by a national survey conducted in 2018, ISO 31000 is the standard most widely used by companies, with a percentage of 67.5% followed by the COSO standard of 15% and other standards as much as 17.5%. Therefore, the use of the ISO 31000: 2018 standard is considered the best standard for conducting research.
Based on research conducted by Stephanie Sutanto (2012), Most of the risk treatment and risk control measures that have been carried out by Duta Minimarket are still ineffective, so the authors conduct an analysis and design of ERM based on ISO 31000 to provide quality information for business entities regarding effective control measures, as well as appropriate treatment for the risks involved. he faced. The results of Erniyani's research, et al (2020), the conclusion of this study is that using risk management ISO 31000: 2009 can help the process of making decisions to improve management based on the results of the assessment, while risks that have an impact on jasmine laundry's goals and strategies are recommended to always consider monitor and review, because changing times will require more effective handling techniques.

Theoretical basis Risk Concept
Risk is a variation of things that may occur naturally or the possibility of unexpected events or things that threaten property profits and financial benefits due to the dangers that occur (Labombang: 2011). According to Hanafi (2014) risk is the possibility that the results obtained deviate from the expected. As for the various selfservice risks, namely financial risk, operational risk, strategic risk and external risk. Norken (2015) defines risk as a factor that has a bad influence and must be addressed to achieve the completion of work that is limited by time.

Risk management
According to Mulyawan (2015) risk management is a systematic way of looking at a risk and determining the proper handling of that risk. Meanwhile, Irham Fahmi (2015) argues that risk management is a field of science that discusses how an organization applies measures in mapping various existing problems by placing various management approaches in a comprehensive and systematic manner.
According to Bambang Rianto Rustam (2017) risk management is a series of methodologies and procedures used to identify, measure, monitor, and control risks arising from all business activities, both credit risk, market risk, operational risk, and cost risks in an effort to maximize firm value.

Risk Management Based on ISO 31000:2018
ISO 31000:2018 risk management is a risk implementation guide which consists of three elements, namely principles, frameworks, and processes.

Image 1 Risk Management Standard ISO 31000:2018 Source: Grand design of risk management within BSN 2018-2023
Based on Figure 1, it can be seen that the principles of risk management consist of integrated, structured and comprehensive, adapted, inclusive, dynamic, the best available information, human and cultural factors, and continuous improvement. The framework consists of leadership and commitment, integration, design, implementation, evaluation, and improvement. The risk management process consists of communication and ISSN (e): 2962-973X https://jaruda.org consultation, determination (scope, context, criteria), risk assessment (identification, analysis, and evaluation), risk treatment, monitoring and review, and recording and reporting.
conceptual framework conceptual framework Figure 2 Based on Figure 2 above, it shows that in this study using risk management analysis based on ISO 31000:2018 as a formulation and evaluation material in the application of risk management in the Zaura Swalayan business. The analysis process begins by determining the research target, namely the Zaura Swalayan business, followed by looking at the problems faced by Zaura Swalayan, then analyzing the risk management process based on ISO 31000: 2018 which consists of several stages. Basically, the risk management process based on ISO 31000: 2018 consists of 6 stages, namely: 1. communication and consultation. 2. Scope, context, and criteria. 3. Risk assessment (risk identification, risk analysis, and risk evaluation). 4. Risk treatment. 5. Monitoring and review. 6. Recording and reporting.
However, in this study only carried out 4 stages, namely from stage 1 to stage 4. This was due to the limited time for the implementation of stages 5 and 6. Next, analyze and discuss the results, followed by drawing conclusions and provide advice to Zaura Swalayan.

Research methods Research Location and Object
This research is located at JalanMedan-B.Aceh, Gampong Aceh Village, Idi Rayeuk District, East Aceh Regency.Based onthe title of the research taken, the object used in this study is the risk management process carried out by business actors (owners or representatives) of Zaura Swalayan.

Data Types and Sources
This type of research is a qualitative research with a descriptive approach. This research uses primary data which is data obtained and collected directly from the object studied by the person or organization conducting the research. The source of the data used in this research is from the informant who is the owner of the Zaura supermarket business through interviews.

Data analysis technique
The analysis technique or data processing in this study can be carried out based on the risk management process based on ISO 31000: 2018. In this study the authors only carried out 4 stages from stage 1 (communication and consultation) to stage 4 (risk treatment), while for stage 5 (monitoring and review) and 6 (recording and reporting) were not carried out because both processes took a long time.

Research Results and Discussion Communication and Consultation
Communication and consultation by conducting interviews between researchers and informants, namely Mr. Andi Hakim who is the owner of Zaura Swalayan, previously the researchers also made preliminary observations to determine whether Zaura Swalayan was suitable to be the object of this research.

Scope, Context and Criteria
In determining the context, it includes all internal and external parameters at Zaura Swalayan. Through the communication and consultation stages, Zaura Swalayan sets the internal and external context as shown in Table 1 below.

Risk Assessment 1. Risk Identification
From the results of interviews and observations at Zaura Swalayan, a list of risks that are expected to occur in similar businesses, all of these risks are included in the list of risks that also occur at Zaura Swalayan. The list of identified risks is as follows: Source: Research Results, Data processed 2022 In the risk assessment table above, the probability level is obtained, the impact level is obtained from table 1 scale in risk probability assessment and table 2 scale in risk impact assessment. Meanwhile, the risk level is obtained by multiplying the probability and impact of each risk based on the following provisions:

Risk Analysis
After getting the levels of all risks at the identification stage, the next step is to select the risks with the highest level of risk among other risks which are then made a fishbone diagram that analyzes the causes of these risks. Fishbone diagram of the risks that occur can be seen in the pictures below: There is no strategy against indebted consumers

Figure 3 FishboneBad Credit Risk
From Figure 3 above, it shows that there are 2 problems that cause bad loans at Zaura Swalayan, which are derived from the method (the absence of sanctions) and humans (there is no strategy for indebted consumers).

Method
Item arrangement

Figure 4 FishboneRisk of Expired Items
From picture 4it can be concluded that the expired goods at Zaura Swalayan were caused by an inappropriate method, namely the poor arrangement of goods.

Method
Grouping items From picture 6above it can be seen that the problems that occur are the method (service to consumers) and the environment (narrow parking location) that can cause risks in business competition at Zaura Swalayan. Method

Difficulty in shipping stock
The impact of the covid-19 pandemic PPKM Environment  Figure 8 above, it can be seen that there are 3 problems that cause the risk of theft at Zaura Swalayan, namely, problems originating from methods (lack of monitoring), tools (adding door alarm sensors), and humans (direct monitoring by employees). Table 3 below shows there are 5 color levels to create a risk analysis matrix at zaura supermarkets. These colors were adapted from the grand design of risk management in the 2018-2023 BSN environment with adjusted levels and amounts of risk.

Figure 9 Zaura Swalayan Risk Analysis Matrix Source: Research Results, Data processed 2022
The results shown in Figure 9 show that: a. The risk value with a very high level of risk is not found in Zaura Swalayan. b. The risk value with the high level of risk that exists at Zaura Swalayan has 1 risk, namely the impact of the covid-19 pandemic (R9). c. The risk value with a moderate level of risk that exists at Zaura Swalayan there are 6 risks, namely bad credit (R1), expired goods (R2), accumulation of goods (R4), business competition (R8), and theft (R11). d. The risk value with a low risk level that exists at Zaura Swalayan there are 4 risks, namely the presence of damaged or defective goods (R3), setting the wrong selling price (R5), unsatisfactory service (R10), natural disasters (R12), and power outages. (R13). e. The risk value with a very low level of risk that exists at Zaura Swalayan has 2 risks, namely the purchase price input error (R6) and missing data/computer error (R7).

Risk Treatment
Top 6 risksin accordance with the existing risk management procedures at Zaura Swalayan as material for evaluation meetings in follow-up or mitigation plans to reduce the most dominant risk as a preventive measure. The top 6 risks mitigation carried out can be seen in Table 4 below: Arrangement of goods by placing the old product in front and the new product behind. Consumers will automatically take the goods up front, so they will be able to reduce the level of expired products.

Stacking of goods
Medium risk There are regular checks for the stock of goods in the warehouse carried out by the owner or special employees, this check can be done before the store opens or after the store closes.
Make a list of items that are not selling well so that the purchase of stock items that are not sold can be reduced.

R8 Competition
Medium risk Conduct market research by looking for the weaknesses and strengths of similar businesses in order to provide better service to consumers.
Employees must always be alert in providing friendly, fast, and appropriate services for their customers so that customer loyalty is maintained.
Provide a wider and more comfortable parking area so as not to interfere with the activities of road users R9 Covid-19 pandemic High risk Providing an online shopping acceptance system and direct delivery to consumers' homes around the area.
Choose a supplier that has faster access to the delivery of goods.

R11
Theft Medium risk Optimizing the use of cctv to monitor operational activities that can be done by always turning on the cctv supervisor monitor at all times and providing additional levers for employees to always monitor the monitor.
Direct monitoring should be avoided, because it can cause consumers to feel disturbed when shopping.
The addition of an alarm sensor at the door that can detect goods brought out by consumers without being paid in advance.