Risk Management is a culture, where processes and structures are directed to manage appropriate management of potential opportunities and against adverse impacts. Risks are inherent in all activities and decision making. Therefore, it is very important to know the risks that will be faced by all levels in the Company. Risk Management will help PT Wijaya Karya Industry & Konstruksi to:

  1. Make an effective plan, by analyzing a wider range of alternative options.
  2. Achieve the company's main goals and targets (key performance indicators) by focusing on results.
  3. Reduce reliance on Crisis Management.
  4. Increase confidence in decision making by using a structured approach.
  5. Attract and retain stakeholders/shareholders.
  6. Protect the authority/obligation of each individual.
  7. Support the use of resources that are more efficient, effective and appropriate.

PT Wijaya Karya Industry & Konstruksi applies the ISO Standard 31000:2018 and its supporting documents as the basis for the Risk Management methodology. Risk Management Architecture based on ISO 31000:2018, consists of three parts, namely:


  • Principles
  • Framework
  • Process


GRC (Governance, Risk and Compliance) is a comprehensive concept in integrating the application of Risk Management, Good Organizational Governance, and Conformity/Compliance. Governance is the act of directing, controlling and externally evaluating an entity, process or resource. Risk, according to ISO 31000:2018, is the impact of uncertainty on achieving objectives or in other words, deviation from what is expected, which can be positive and/or negative.

In an organization, risk is not always negative, but risk must be dealt with so that it does not create more risk. The way to deal with risk is to identify the risk, carry out an analysis of the risk, and evaluate whether the risk must be addressed or managed. Compliance is the ability to comply with applicable requirements, rules and laws. Effective GRC implementation is based on Risk Based Thinking (RBT), which is defined as:

  1. The pattern of risk-based thinking is the business (affairs) of everyone in the organization (unit).
  2. The pattern of risk-based thinking is an integral part of the organizational culture.
  3. This leans toward proactive (preventive) actions


The Three Lines Model helps organizations identify the structures and processes that best support the achievement of objectives and facilitates strong governance and risk management. This model can be applied to all organizations and has been optimized by:

  1. Adopting a principles-based approach and adapt the model to the goals and environment of the organization.
  2. Focusing on the contribution of risk management to help achieve objectives and value creation, as well as matters related to “defense” and value hedging.
  3. Understanding clearly the roles and responsibilities represented in this model and the relationships between them.
  4. Implementing steps to ensure that the activities and objectives are aligned with the main interests of stakeholders.