A Structural Model of Risk Governance and Maturity in Ultra Microfinance SOEs

Eko Susetyono; Dominicus Savio Priyarsono; Anggraini Sukmawati; Popong Nurhayati

doi:10.34306/ijcitsm.v5i2.200

Authors

Eko Susetyono IPB University https://orcid.org/0009-0000-1483-1866
Dominicus Savio Priyarsono IPB University https://orcid.org/0000-0003-4607-5633
Anggraini Sukmawati IPB University https://orcid.org/0000-0001-5602-5141
Popong Nurhayati IPB University https://orcid.org/0009-0003-5665-5671

DOI:

https://doi.org/10.34306/ijcitsm.v5i2.200

Keywords:

Integration, Risk Management Maturity, SOEs Holding, Ultra Micro, SEM

Abstract

The Indonesian government has set a target for State-Owned Enterprises (SOEs) to achieve a risk management maturity level of 4.2 out of 5 by 2024. This objective is especially crucial following the consolidation of BRI, Pegadaian, and PNM into the Ultra Micro SOEs Holding. The integration process introduces new risks that require robust governance and control mechanisms. This study investigates how key risk management components namely governance, frameworks, processes, and internal controls contribute to strengthening risk management maturity in the Ultra Micro holding structure. Using Structural Equation Modelling (SEM), the research explores complex interrelations among these elements based on survey data from 644 respondents across the three SOEs. The findings confirm that most variables significantly influence one another and collectively support a sound model for maturity enhancement. However, the study also uncovers two statistically insignificant relationships: between the framework and the process, and between the process and overall maturity. These anomalies indicate the potential presence of mediating variables or implementation gaps that reduce the practical effectiveness of formal structures. The study concludes that a strong foundation in governance and internal control can meaningfully support risk maturity, but effective process execution may require further contextual and operational alignment. These results offer strategic insights for improving risk practices in SOEs and emphasize the need for future research to investigate hidden dynamics that may affect risk maturity outcomes.

References

Otoritas Jasa Keuangan (OJK), “Peraturan otoritas jasa keuangan nomor 18/pojk.03/2014 tentang penerapan tata kelola terintegrasi bagi konglomerasi keuangan,” Otoritas Jasa Keuangan, Jakarta, Indonesia, Tech. Rep. 18/POJK.03/2014, Nov. 2014, promulgated on November 19, 2014. Accessed on July 31, 2025. [Online]. Available: https://www.ojk.go.id/id/regulasi/otoritas-jasa-keuangan/peraturan-ojk/Documents/POJK18TataKelolaTerintegrasi_1417076198.pdf

Otoritas Jasa Keuangan (OJK), “Peraturan otoritas jasa keuangan nomor 4/pojk.05/2021 tahun 2021 tentang penerapan manajemen risiko dalam penggunaan teknologi informasi oleh lembaga jasa keuangan nonbank,” Otoritas Jasa Keuangan, Jakarta, Indonesia, Tech. Rep. 4/POJK.05/2021, Mar. 2021, promulgated on March 9, 2021. Accessed on July 31, 2025. [Online]. Available: https://peraturan.bpk.go.id/Details/227125/peraturan-ojk-no-4pojk052021-tahun-2021

Otoritas Jasa Keuangan (OJK), “Peraturan otoritas jasa keuangan nomor 44/pojk.05/2020 tahun 2020 tentang penerapan manajemen risiko bagi lembaga jasa keuangan nonbank,” Otoritas Jasa Keuangan, Jakarta, Indonesia, Tech. Rep. 44/POJK.05/2020, Aug. 2020, promulgated on August 28, 2020; Gazetted and in force on September 2, 2020. Accessed on July 31, 2025. [Online]. Available: https://www.ojk.go.id/id/regulasi/Documents/Pages/Penerapan-Manajemen-Risiko-bagi-Lembaga-Jasa-Keuangan-Nonbank/pojk%2044-2020.pdf

Pemerintah Republik Indonesia, “Peraturan pemerintah nomor 73 tahun 2021 tentang penambahan penyertaan modal negara republik indonesia ke dalam modal saham perusahaan perseroan (persero) pt bank rakyat indonesia tbk,” Pemerintah Republik Indonesia, Jakarta, Indonesia, Tech. Rep. 73 Tahun 2021, Jul. 2021, promulgated on 2 July 2021. Accessed on July 31, 2025. [Online]. Available: https://peraturan.bpk.go.id/Details/171110/pp-no-73-tahun-2021

Kementerian Badan Usaha Milik Negara Republik Indonesia, “Peraturan menteri badan usaha milik negara nomor PER-5/mbu/09/2022 tahun 2022 tentang penerapan manajemen risiko pada badan usaha milik negara,” Kementerian Badan Usaha Milik Negara, Jakarta, Indonesia, Tech. Rep. PER-5/MBU/09/2022, Sep. 2022, promulgated on September 1, 2022. Accessed on July 31, 2025. [Online]. Available: https://peraturan.bpk.go.id/Details/232829/permen-bumn-no-per-5mbu092022-tahun-2022

K. G. Ray, Mergers and acquisitions: Strategy, valuation and integration. PHI Learning Pvt. Ltd., 2022.

W. Setyowati, T. A. Setiyono, G. Gung, and B. Novriyanti, “Leveraging technology in accounting for entrepreneurial insight into government budgeting efficiency,” Aptisi Transactions on Technopreneurship (ATT), vol. 5, no. 3, pp. 251–260, 2023.

S. Chatterjee, N. P. Rana, and Y. K. Dwivedi, “How does business analytics contribute to organisational performance and business value? a resource-based view,” Information Technology & People, vol. 37, no. 2, pp. 874–894, 2024.

A. Williams and E. Dolan, “Development based on cloud accounting as accountant reconciliation media on collage,” IAIC Transactions on Sustainable Digital Innovation (ITSDI) The 2nd Edition Vol. 1 No. 2 April 2020, p. 185, 2021.

F. Cagnin, M. C. d. Oliveira, and P. A. Cauchick Miguel, “Assessment of iso 9001: 2015 implementation: focus on risk management approach requirements compliance in an automotive company,” Total Quality Management & Business Excellence, vol. 32, no. 9-10, pp. 1147–1165, 2021.

E. A. Beldiq, B. Callula, N. A. Yusuf, and A. R. A. Zahra, “Unlocking organizational potential: Assessing the impact of technology through smartpls in advancing management excellence,” APTISI Transactions on Management, vol. 8, no. 1, pp. 40–48, 2024.

E. Harb, R. El Khoury, N. Mansour, and R. Daou, “Risk management and bank performance: evidence from the mena region,” Journal of Financial Reporting and Accounting, vol. 21, no. 5, pp. 974–998, 2023.

A. Pambudi, N. Lutfiani, M. Hardini, A. R. A. Zahra, and U. Rahardja, “The digital revolution of startup matchmaking: Ai and computer science synergies,” in 2023 Eighth International Conference on Informatics and Computing (ICIC). IEEE, 2023, pp. 1–6.

C. Chairani and S. V. Siregar, “The effect of enterprise risk management on financial performance and firm value: the role of environmental, social and governance performance,” Meditari Accountancy Research, vol. 29, no. 3, pp. 647–670, 2021.

S. S. Horvey, “Enterprise risk management, corporate governance, performance and risk-taking behaviour of the insurance industry: Empirical evidence from ghana and south africa,” Ph.D. dissertation, University of the Witwatersrand, Johannesburg (South Africa), 2022.

M. Al-Nimer, S. S. Abbadi, A. Al-Omush, and H. Ahmad, “Risk management practices and firm performance with a mediating role of business model innovation. observations from jordan,” Journal of Risk and Financial Management, vol. 14, no. 3, p. 113, 2021.

J. Siswanto, V. A. Goeltom, I. N. Hikam, E. A. Lisangan, and A. Fitriani, “Market trend analysis and data-based decision making in increasing business competitiveness,” Sundara Advanced Research on Artificial Intelligence, vol. 1, no. 1, pp. 1–8, 2025.

Kementerian Badan Usaha Milik Negara Republik Indonesia, “Peraturan menteri negara badan usaha milik negara nomor per-01/mbu/2011 tentang penerapan tata kelola perusahaan yang baik (good corporate governance) pada badan usaha milik negara,” Kementerian BUMN, Jakarta, Indonesia, Tech. Rep. PER-01/MBU/2011, Feb. 2011, promulgated on 1 February 2011. Accessed on July 31, 2025. [Online]. Available: https://www.telkom.co.id/minio/show/data/image upload/page/A.8.3 Regulation%20of%20the%20Minister%20of%20State-Owned%20Enterprise%20No.%20PER-01%20MBU%2002%202011.pdf

T. T. Y. Alabdullah, “Management accounting insight via a new perspective on risk management-companies’ profitability relationship,” International Journal of Intelligent Enterprise, vol. 9, no. 2, pp. 244–257, 2022.

S. Kosasi, U. Rahardja, I. D. A. E. Yuliani, R. Laipaka, B. Susilo, and H. Kikin, “It governance: Performance assessment of maturity levels of rural banking industry,” in 2022 4th International Conference on Cybernetics and Intelligent System (ICORIS). IEEE, 2022, pp. 1–6.

L. H. A. P. Prawira, A. F. Ummah, M. R. Aditiya, and D. W. Nugroho, “Knowledge management: Efforts to create an excellent digital creative industry,” Startupreneur Business Digital (SABDA Journal), vol. 2, no. 2, pp. 172–181, 2023.

C. S. Bangun and T. Handra, “How theory of planned behavior and perceived risk affect online shopping behavior,” Aptisi Transactions on Management (ATM), vol. 5, no. 2, pp. 169–179, 2021.

S. Hunziker, Enterprise Risk Management. Springer, 2021.

S. Bak and P. Jedynak, Risk management maturity: A multidimensional model. Taylor & Francis, 2023.

I. Hristov, R. Camilli, A. Chirico, and A. Mechelli, “The integration between enterprise risk management and performance management system: Managerial analysis and conceptual model to support strategic decision-making process,” Production Planning & Control, vol. 35, no. 8, pp. 842–855, 2024.

Bank Indonesia, “Peraturan bank indonesia nomor 11/25/pbi/2009 tentang perubahan atas peraturan bank indonesia nomor 5/8/pbi/2003 tentang penerapan manajemen risiko bagi bank umum,” Bank Indonesia, Jakarta, Indonesia, Tech. Rep. 11/25/PBI/2009, Jul. 2009, issued on July 1, 2009. Accessed on July 31, 2025. [Online]. Available: https://peraturan.bpk.go.id/Details/137570/peraturan-bi-no-1125pbi2009

Otoritas Jasa Keuangan, “Peraturan otoritas jasa keuangan nomor 17/pojk.03/2014 tentang penerapan manajemen risiko terintegrasi bagi konglomerasi keuangan,” Otoritas Jasa Keuangan, Jakarta, Indonesia, Tech. Rep. 17/POJK.03/2014, Nov. 2014, issued on November 18, 2014. Accessed on July 31, 2025. [Online]. Available: https://www.ojk.go.id/id/regulasi/otoritas-jasa-keuangan/peraturan-ojk/Documents/POJK17ManajemenRisiko 1417076166.pdf

Badan Standardisasi Nasional, “Sni iso 31000:2018 – manajemen risiko,” Badan Standardisasi Nasional, Tech. Rep., 2018, issued on October 29, 2018. Accessed on July 31, 2025. [Online]. Available: https://pu.go.id/pustaka/biblio/sni-iso-31000-2018-manajemen-resiko/BKB99K

J. Yun, “The effect of enterprise risk management on corporate risk management,” Finance Research Letters, vol. 55, p. 103950, 2023.

O. E. Akinbowale, H. E. Klingelh¨ofer, and M. F. Zerihun, “Application of forensic accounting techniques in the south african banking industry for the purpose of fraud risk mitigation,” Cogent Economics & Finance, vol. 11, no. 1, p. 2153412, 2023.

M. Marliyah, B. Dharma, and A. Syarbaini, “The maturity of risk management in indonesian islamic universities,” Jurnal Riset Bisnis Dan Manajemen, vol. 16, no. 2, pp. 117–125, 2023.

A. G. Kermani, M. Beheshtifar, M. Montazery, and A. Arabpour, “Human resource risk management framework and factors influencing it,” Prop´ositos y Representaciones, no. SPE1, pp. e902–e902, 2021.

O. Tamimi, “The role of internal audit in risk management from the perspective of risk managers in the banking sector,” Australasian Accounting, Business and Finance Journal, vol. 15, no. 2, 2021.

A. Usman, A. C. Ahmad, and S. O. Abdulmalik, “The role of internal auditors characteristics in cybersecurity risk assessment in financial-based business organisations: a conceptual review,” International Journal of Professional Business Review: Int. J. Prof. Bus. Rev., vol. 8, no. 8, p. 32, 2023.

E. G¨okalp and V. Martinez, “Digital transformation maturity assessment: development of the digital transformation capability maturity model,” International Journal of Production Research, vol. 60, no. 20, pp. 6282–6302, 2022.

M. Abduh, S. N. Sukardi, R. D. Wirahadikusumah, C. Z. Oktaviani, and S. N. Bahagia, “Maturity of procurement units for public construction projects in indonesia,” International Journal of Construction Management, vol. 23, no. 13, pp. 2171–2184, 2023.

A. Firasati, F. Azzahra, S. R. P. Junaedi, A. Evans, M. Madani, and F. P. Oganda, “The role information technology in increasing the effectiveness accounting information systems and employee performance,” International Journal of Cyber and IT Service Management, vol. 4, no. 2, pp. 114–121, 2024.

C. F. Anggraini, N. M. Estiyanti, and P. A. C. Dewi, “Governance audit using cobit 5 in cv. xyz on accounting information system,” ADI Journal on Recent Innovation, vol. 4, no. 2, pp. 201–209, 2023.

E. Aldriweesh, N. Zakuan, N. H. Bajuri, and A. M. Alshammakh, “The moderating role of organizational culture on the relationship between enterprise risk management dimensions and financial performance in manufacturing companies: A theoretical framework,” International Journal of Academic Research in Accounting, Finance and Management Sciences, vol. 12, no. 4, pp. 251–272, 2022.

C. Tan and S. Z. Lee, “Adoption of enterprise risk management (erm) in small and medium-sized enterprises: evidence from malaysia,” Journal of Accounting & Organizational Change, vol. 18, no. 1, pp. 100–131, 2022.

A. Jalilvand and S. Moorthy, “Enterprise risk management maturity: A clinical study of a us multinational nonprofit firm,” Journal of Accounting, Auditing & Finance, vol. 39, no. 3, pp. 883–902, 2024.

I. Dvorski Lackovi´c, N. Kurnoga, and D. Miloˇs Sprˇci´c, “Three-factor model of enterprise risk management implementation: Exploratory study of non-financial companies,” Risk Management, vol. 24, no. 2, pp. 101–122, 2022.

O. Kordsachia, “A risk management perspective on csr and the marginal cost of debt: empirical evidence from europe,” Review of Managerial Science, vol. 15, no. 6, pp. 1611–1643, 2021.

J. Crawford and M. Jabbour, “The relationship between enterprise risk management and managerial judgement in decision-making: A systematic literature review,” International Journal of Management Reviews, vol. 26, no. 1, pp. 110–136, 2024.

T. Bartosova, P. Taraba, and K. Peterek, “Approach to the risk management process in logistics companies,” Chemical engineering transactions, vol. 86, pp. 403–408, 2021.

M. R. Syadali, S. Segaf, and P. Parmujianto, “Risk management strategy for the problem of borrowing money for islamic commercial banks,” Enrichment: Journal of Management, vol. 13, no. 2, pp. 1227–1236, 2023.

H. N. K. Demirg¨unes¸, “Enterprise risk management and firm value empirical evidence from turkey in the post-global financial crisis of 2007-08 period,” Ni˘gde ¨Omer Halisdemir ¨Universitesi Sosyal Bilimler Enstit¨us¨u Dergisi, vol. 5, no. 1, pp. 87–100, 2023.

J. Moschella, E. Boulianne, and M. Magnan, “Risk management in small-and medium-sized businesses and how accountants contribute,” Contemporary accounting research, vol. 40, no. 1, pp. 668–703, 2023.

K. Mazayo, S. Agustina, and R. Asri, “Application of digital technology risk management models in banking institutions reflecting the digital transformation of indonesian banking blueprint,” International Journal of Cyber and IT Service Management, vol. 3, no. 2, pp. 130–143, 2023.

N. Aziza and N. K. Aviola, “The influence of corporate governance on financial performance with risk management as mediating variable,” Jurnal Aplikasi Bisnis dan Manajemen (JABM), vol. 10, no. 1, pp. 11–11, 2024.

A. Joko, “Determination of auditor experience, task-specific knowledge, and implementation of institution governance against fraud prevention,” Aptisi Transactions on Technopreneurship (ATT), vol. 5, no. 1, pp. 9–18, 2023.

A. Yusran, M. Hardini, I. N. Hikam, P. A. Sunarya, and U. Rahardja, “Transforming financial services with decentralized finance and blockchain technology,” in 2024 6th International Conference on Cybernetics and Intelligent System (ICORIS). IEEE, 2024, pp. 01–06.

E. Bracci, T. Mouhcine, T. Rana, and D. Wickramasinghe, “Risk management and management accounting control systems in public sector organizations: a systematic literature review,” Public Money & Management, vol. 42, no. 6, pp. 395–402, 2022.

V. H. Klein Jr and J. T. Reilley, “The temporal dynamics of enterprise risk management,” Critical Perspectives on Accounting, vol. 99, p. 102363, 2024.

L. Meria, C. S. Bangun, and J. Edwards, “Exploring sustainable strategies for education through the adoption of digital circular economy principles,” International Transactions on Education Technology (ITEE), vol. 3, no. 1, pp. 62–71, 2024.

K. O. Kwateng, C. Amanor, and F. K. Tetteh, “Enterprise risk management and information technology security in the financial sector,” Information & Computer Security, vol. 30, no. 3, pp. 422–451, 2022.

M. D. Firiza, N. Lutfiani, A. R. A. Zahra, U. Rahardja et al., “The role of regtech in automating compliance and risk management,” in 2024 12th International Conference on Cyber and IT Service Management (CITSM). IEEE, 2024, pp. 1–6.

R. Aprianto, R. Haris, A. Williams, H. Agustian, and N. Aptwell, “Social influence on ai-driven air quality monitoring adoption: Smartpls analysis,” Sundara Advanced Research on Artificial Intelligence, vol. 1, no. 1, pp. 28–36, 2025.

D. E. E. Saputra, D. Susita, A. Eliyana, A. S. Pratama, M. H. Muzakki, and Z. Yazid, “Employees intentions to use performance management system in regional bank: Perspective from generation-x,” Aptisi Transactions on Technopreneurship (ATT), vol. 6, no. 3, pp. 550–561, 2024.