Risk Mitigation Through Integration COSO-Enterprise Risk Management And ISO 31000 in Higher Education

Authors

  • Yudi Syahrullah Universitas Jenderal Soedirman
  • Aulia Annai Nashida Universitas Jenderal Soedirman
  • Indro Prakoso Universitas Jenderal Soedirman
  • Fiky Two Nando Universitas 17 Agustus 1945 Surabaya

DOI:

https://doi.org/10.12928/ijemi.v6i2.11547

Keywords:

COSO, Higher education, ISO 31000, Risk assessment, Risk mitigation

Abstract

Background. Higher education institutions are given targets to meet key performance indicators (KPI) and to meet study program accreditation instruments. Several new requirements in study program accreditation make it difficult for universities to achieve their targets. Risk management can help organizations reduce risks that hinder them from achieving performance targets. This study aims to identify risks and provide risk assessments to produce mitigation proposals for the Department of Higher Education.

Materials. The risk management framework used in this study is integration through ISO 31000 with COSO-ERM, where risk management is carried out comprehensively internally and externally. This research involved experts from a university in Central Java designing risk impact parameters, assessing risks, and designing risk mitigation.

Results. The results of this study indicate that the residual risk assessment resulted in 8 low-category risks, 7 medium-category risks, 7 high-category risks, and 1 extreme-category risk. The risks given control (residual) increased by seven risks, and mitigation proposals must be provided. Then, 9 risks exceeded the tolerance limits set by top management, so recommendations for risk mitigation had to be proposed to achieve the Institution's performance targets.

Conclusion. Risk Management can be applied to universities to achieve the set goals or targets. The integration of COSO-ERM and ISO 31000 methods can complement the stages in risk management, especially in risk identification, risk analysis, and setting risk tolerance limits in risk assessment, so that the risk mitigation designed is in line with the targets to be achieved by the university.

References

Addas, A. (2020). Challenges in Implementing Academic Accreditation in Higher Education in Saudi Arabia. Journal of King Abdulaziz University, 12, 101–116. https://doi.org/10.4197/env.12-5

Adisaputera, A., Pramuniati, I., & Arif, S. (2018). Analysis of the Difficulty of Study Programs in Unimed in the Development of Quality Assurance Based on Accreditation. Budapest International Research and Critics Institute-Journal (BIRCI-Journal), 1(3), Article 3. https://doi.org/10.33258/birci.v1i3.65

Asad, A., Mehmood, S., Hussain, S., & Amir, M. (2023). Analysis of Risk Management in Higher Education Institutions. International Research Journal of Management and Social Sciences, 4(3), Article 3.

Barreto, K. A., Callado, A. A. C., & Callado, A. L. C. (2023). Internal control under the approach of COSO ERM framework components: A study in a higher education institution. REVISTA AMBIENTE CONTÁBIL - Universidade Federal Do Rio Grande Do Norte - ISSN 2176-9036, 15(2), Article 2. https://doi.org/10.21680/2176-9036.2023v15n2ID33077

Duarte, N., & Vardasca, R. (2023). Literature Review of Accreditation Systems in Higher Education. Education Sciences, 13(6), Article 6. https://doi.org/10.3390/educsci13060582

Dugarova, D. T., Starostina, S. E., Bazarova, T. S., & Nbsp, V. I. V. and G. N. F. (2016). Quality Assurance as Internal Mechanism of Increasing the Competitiveness of the Higher Education Institution in the Context of International Integration. Indian Journal of Science and Technology, 9(47), 1–12. https://doi.org/10.17485/ijst/2016/v9i47/109082

Fernandes, J. O., & Singh, B. (2022). Accreditation and ranking of higher education institutions (HEIs): Review, observations and recommendations for the Indian higher education system. The TQM Journal, 34(5), 1013–1038. https://doi.org/10.1108/TQM-04-2021-0115

Gjerdrum, D., & Peter, M. (2011). The New International Standard on the Practice of Risk Management – A Comparison of ISO 31000:2009 and the COSO ERM Framework. Society of Actuaries, 21, 8–12.

Handayani, N. U., Sari, D. P., Irawan, D. O., & Afdi, Z. (2017). EVALUASI KESIAPAN IMPLEMENTASI ISO 31000:2009 PADA DEPARTEMEN TEKNIK INDUSTRI UNIVERSITAS DIPONEGORO. J@ti Undip: Jurnal Teknik Industri, 12(1), 23–34. https://doi.org/10.14710/jati.12.1.23-34

Harjoni, H., Giovanni, J., & Zakiah, W. (2024). COSO enterprise risk management design in higher education academic administration services. Journal of Interest: Economics, Business, and Accounting Review, 1(1), Article 1.

ISO, I. (2018). ISO 31000:2018(en), Risk management—Guidelines. Online Browsing Platform (OBP). https://www.iso.org/obp/ui/#iso:std:iso:31000:ed-2:v1:en

Kadarisman, M. (2017). TANTANGAN PERGURUAN TINGGI DALAM ERA PERSAINGAN GLOBAL. Sociae Polites, 3–20. https://doi.org/10.33541/sp.v1i1.459

Kluwer, W. (2024, July 31). Risk management principles: Understanding ISO 31000 and COSO ERM. https://www.wolterskluwer.com/en/expert-insights/risk-management-principles-understanding-iso-31000-and-coso-erm

Marliyah, M., Dharma, B., & Syarbaini, A. (2023). THE MATURITY OF RISK MANAGEMENT IN INDONESIAN ISLAMIC UNIVERSITIES. Jurnal Riset Bisnis Dan Manajemen, 16(2), Article 2. https://doi.org/10.23969/jrbm.v16i2.7296

Perera, A. A. S., Rahmat, A. K., Khatibi, A., & Azam, S. M. F. (2020). Review of Literature: Implementation of Enterprise Risk Management into Higher Education. 8(10).

PIH, P. (2005, December 1). Rencana Strategis: Departemen Pendidikan Nasional (2005-2009). Departemen Pendidikan Nasional. https://planipolis.iiep.unesco.org/sites/default/files/ressources/indonesia_educationplan2005-2009_indonesian.pdf

Prasetyo, A. Y. D. (2018). Manajemen Risiko Bidang Akademik Pada Departemen Manajemen Bisnis Institut Teknologi Sepuluh Nopemeber [Undergraduate, Institut Teknologi Sepuluh Nopember]. https://repository.its.ac.id/55979/

Ramadhan, D. L., Febriansyah, R., & Dewi, R. S. (2020). Analisis Manajemen Risiko Menggunakan ISO 31000 pada Smart Canteen SMA XYZ | Ramadhan | JURIKOM (Jurnal Riset Komputer). JURIKOM (Jurnal Riset Komputer), 7(1), 91–96. http://dx.doi.org/10.30865/jurikom.v7i1.1791

Rosih, A. R., Choiri, M., & Yuniarti, R. (2015). ANALISIS RISIKO OPERASIONAL PADA DEPARTEMEN LOGISTIK DENGAN MENGGUNAKAN METODE FMEA. Jurnal Rekayasa Dan Manajemen Sistem Industri, 3(3), Article 3.

Sirait, N. M., & Susanty, A. (2016). ANALISIS RISIKO OPERASIONAL BERDASARKAN PENDEKATAN ENTERPRISE RISK MANAGEMENT (ERM) PADA PERUSAHAAN PEMBUATAN KARDUS DI CV MITRA DUNIA PALLETINDO. Industrial Engineering Online Journal, 5(4), Article 4. https://ejournal3.undip.ac.id/index.php/ieoj/article/view/14043

Sobel, P. J., & Reding, K. F. (2004). Aligning Corporate Governance with Enterprise Risk Management—ProQuest. Management Accounting Quarterly, 5(2). https://www.proquest.com/openview/d9319862b42673677e41746b4f335fc1/1?cbl=42470&pq-origsite=gscholar&parentSessionId=BgmHtm%2FsfJVSJv1n7WoL3NX6xR0A1IULgC3ZRx91vRY%3D

Sulastri, A., & Nugraha, M. S. (2024). RISK MANAGEMENT IN STUDENT MANAGEMENT: EFFORTS TO IMPROVE THE QUALITY OF EDUCATION AT MI MANBA’UL HUDA BANDUNG CITY. PIONIR: JURNAL PENDIDIKAN, 13(2), Article 2. https://doi.org/10.22373/pjp.v13i2.24942

Tuovila, A. (2024, June 28). Inherent Risk: Definition, Examples, and 3 Types of Audit Risks. Investopedia. https://www.investopedia.com/terms/i/inherent-risk.asp

Wang, J., Lin, W., & Huang, Y.-H. (2010). A performance-oriented risk management framework for innovative R&D projects. Technovation, 30(11), 601–611. https://doi.org/10.1016/j.technovation.2010.07.003

Watson, C. C. (2011, August 8). Risk Assessment Using the Three Dimensions of Probability (Likelihood), Severity, and Level of Control. 29th International Systems Safety Conference, Las Vegas, NV. https://ntrs.nasa.gov/citations/20110015694

Zou, P. X. W., Chen, Y., & Chan, T.-Y. (2010). Understanding and Improving Your Risk Management Capability: Assessment Model for Construction Organizations. Journal of Construction Engineering and Management, 136(8), 854–863. https://doi.org/10.1061/(ASCE)CO.1943-7862.0000175

Downloads

Published

2025-06-05

How to Cite

Syahrullah, Y., Annai Nashida, A., Prakoso, I., & Two Nando, F. (2025). Risk Mitigation Through Integration COSO-Enterprise Risk Management And ISO 31000 in Higher Education. International Journal of Educational Management and Innovation, 6(2), 202–218. https://doi.org/10.12928/ijemi.v6i2.11547

Issue

Vol. 6 No. 2 (2025)

Section

Articles

License

Copyright (c) 2025 Yudi Syahrullah, Aulia Annai Nashida, Indro Prakoso, Fiky Two Nando

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

The copyright to this article is transferred to Universitas Ahmad Dahlan (UAD) if and when the article is accepted for publication. The undersigned hereby transfers any rights in and to the paper including without limitation all copyrights to UAD. The undersigned hereby represents and warrants that the paper is original and that he/she is the author of the paper, except for material that is identified as to its source, with permission notices from the copyright owners where required. The undersigned represents that he/she has the power and authority to make and execute this assignment.

We declare that:

This paper has not been published in the same form elsewhere.
It will not be submitted anywhere else for publication before acceptance/rejection by this Journal.
Copyright permission is obtained for materials published elsewhere and which require this permission for reproduction.
Furthermore, I/We hereby transfer the unlimited rights of publication of the above-mentioned paper in whole to UAD. The copyright transfer covers the exclusive right to reproduce and distribute the article, including reprints, translations, photographic reproductions, microform, electronic form (offline, online), or any other reproductions of similar nature.

The corresponding author signs for and accepts responsibility for releasing this material on behalf of any and all co-authors. This agreement is to be signed by at least one of the authors who have obtained the assent of the co-author(s) where applicable. After submission of this agreement signed by the corresponding author, changes of authorship or in the order of the authors listed will not be accepted.

Retained Rights/Terms and Conditions

Authors retain all proprietary rights in any process, procedure, or article of manufacture described in the Work.
Authors may reproduce or authorize others to reproduce the Work or derivative works for the authors' personal use or for company use, provided that the source and the UAD copyright notice are indicated, the copies are not used in any way that implies UAD endorsement of a product or service of any employer, and the copies themselves are not offered for sale.
Although authors are permitted to re-use all or portions of the Work in other works, this does not include granting third-party requests for reprinting, republishing, or other types of re-use.