Spektrum Industri Vol. 21, No. 1, 2023, pp. 41-51 ISSN 1693-6590 http://journal3.uad.ac.id/index.php/spektrum https://doi.org/10.12928/si.v21i1.93 spektrum.industri@ie.uad.ac.id Risk Management Framework Design Based on ISO 31000 and SCOR Model Mirga Maulana Rachmadhani a,1,*, Taufiq Immawan b, Agus Mansur b, Wonsik Choi c a Department of Industrial Engineering, Universitas Muhammadiyah Sorong, Sorong, 98416, Indonesia b Department of Industrial Engineering, Universitas Islam Indonesia, Yogyakarta, 55584, Indonesia c Department of Bio-Industrial Machinery Engineering, Pusan National University, South Korea 1 mirga@um-sorong.ac.id * Corresponding Author 1. Introduction Risk management aims to coordinate activities and control and manage the organization based on a risk orientation (Buganová & Šimíčková, 2019). Similarly, Risk management is a systematic approach that includes culture, process, and structure to determine the best course of action regarding risk reduction (Munir et al., 2020; Ernawati et al., 2012). At the same time, risk management can increase the chances of business success (Chen et al., 2019). The International Organization of Standardization (ISO) is an international standards federation body that has issued a standard framework for managing risk (International Standardization Organization, 2009). This standard was issued to assist companies in managing risk (Choo & Goh, 2014). Supply Chain Management (SCM) is a unified process. Such production activity starts from raw materials obtained from suppliers, adding value that converts raw materials into finished goods, storing an inventory of goods, and sending the finished goods to retailers and consumers (Muttaqin et al., 2022). Risks can occur and are found in the production flow process as well as in the supply chain ARTICLE INFO ABSTRACT Article history Received December 27, 2022 Revised March 07, 2023 Accepted March 27, 2023 In every large, medium and small industrial enterprise, risks must occur in the business process. The study conducted at one of the small medium enterprise (SME) in the Bantul, Yogyakarta. It begins with the fact that obstacles that often occur are delays in delivery, product damage, and also other obstacles. Hence, those are the reasons of this study conducted. Further, the risk management framework has an important role in reducing these problems. The approach used ISO 31000 method and the SCOR Model in making a proposed framework to improve risk management performance. Based on the proposed framework that has been made, the risk identification process in Rajut Bamboo has 32 risks in its business processes. The risk mitigation proposal is carried out on seven risks in the high-risk category. The risk mitigation results are obtained in the risk codes (D3) unfinished product and absence of SOP, (M2) quality control takes a long time, (P5) unplanned overhead costs, and (A1) products in storage are damaged or lost, thus it showed down to medium risk category, then the risk codes (D9) expensive packaging material costs, (D2) order time exceeds the specified time, and (M6) no mitigation planning, thus it showed down to low-risk category. Keywords ISO 31000; SCOR; Framework; Risk Management; Small Medium Enterprise This is an open-access article under the CC–BY-SA license. http://journal3.uad.ac.id/index.php/spektrum https://doi.org/10.12928/si.v21i1.93 mailto:spektrum.industri@ie.uad.ac.id mailto:mirga@um-sorong.ac.id http://creativecommons.org/licenses/by-sa/4.0/ http://creativecommons.org/licenses/by-sa/4.0/ 42 Spektrum Industri ISSN 1693-6590 Vol. 21, No. 1, 2023, pp. 41-51 Mirga Maulana Rachmadhani (Risk Management Framework Design Based on ISO 31000 and SCOR Model) flow process. In the supply chain process, a measurement method can assist organizations/companies in making quick improvements, namely the Supply Chain Operation Reference (SCOR) (APICS, 2017). In its application, there are six main processes owned by SCOR, namely plan, source, make, deliver, return, and enable (Christopher, 2016). Thus, in its implementation, activities that may causes risk can be categorized based on the six primary processes of SCOR. This study conducted at one of the SMEs in Bantul, Yogyakarta. This industry produces handicrafts made of bamboo. Problems that often occur in this small industry are returning orders because they differ from buyer expectations, product damage during the production period caused by employee negligence, irregular production schedules caused by planning and running out of raw material inventory in the warehouse. The current study used ISO 31000 and SCOR Model to design the proposed framework to increase risk management performance such as previous research by de (Oliveira et al., 2017) explained on apply the ISO 31000 standard to implement it in the context of Supply Chain Risk Management (SCRM) as a framework for the company. Then also research by (Bukhori et al., 2015) conducted on company XYZ regarding the poultry supply chain. The method used by Bukhori is SCOR with the aim of assessing supply chain performance in two perspectives, namely internal business processes and in dealing with customers. The other study by (Ahmad et al., 2014) also analyzed enterprise risk management implementation in some empirical evidence from large Australian companies. Also, (Nimmy et al., 2022) about risk management in the supply chain and (Ridwan et al., 2019) risk management in SME Sate Bandeng, they found that there are some risks identified. Moreover, in (Sari et al., 2017), risk identification, risk assessment, and responding to and controlling risks are carried out based on a risk management framework. The study by (Ekwere, 2016) considers risk management for Small and Medium Enterprises (SMEs). It relates to Ekwere argues that SMEs require the implementation of risk management strategies compared to larger businesses because they do not have the resources to deal with risk threats that can potentially harm SMEs in the future. However, based on research conducted de (Oliveira et al., 2017) and (Bukhori, 2015), it has weaknesses in the application of working time, communication relationships between suppliers and buyers and the absence of risk assessment in other industrial sectors. In contrast, research conducted by (Sari et al., 2017) and (Ekwere, 2016) emphasized that the framework and risk management process are indispensable in Small and Medium Enterprises (SMEs). The objectives of the current study are creating a new framework between the SCOR model and ISO 31000:2009 and creating risk mitigation based on it. The use of ISO 31000 and the SCOR model is intended to facilitate researchers in identifying, assessing and mitigating risks in business processes and supply chain flows at Rajut Bamboo. Furthermore, according to (Zevallos, 2004) in his book entitled Risk Management Guidelines, risk management is a process that involves steps that can reduce or minimize the loss of an event that has a negative impact, and risk can assist in making decisions. It is based on steps consisting of context determination, risk identification, risk analysis, risk evaluation, risk, monitoring, and communicating risk in all activities or processes. Risk management can understand the potential positive and negative aspects that can affect the company's activities and can simultaneously increase the chances of business success (Rubino, 2018). Also, according to (Parviainen et al., 2021) the international standard ISO 31000 is a standard that can be used by all organizations in dealing with risks. One thing that distinguishes ISO 31000 from other risk management standards is that it has a broader and more conceptual perspective compared to other risk management standards. Based on ISO 31000:2009, the risk management process consists of three main aspects: risk management principles (principles), risk management frameworks, and risk management processes (process). The relationship between these three aspects can be seen in Fig. 1. ISSN 1693-6590 Spektrum Industri 43 Vol. 21, No. 1, 2023, pp. 41-51 Mirga Maulana Rachmadhani (Risk Management Framework Design Based on ISO 31000 and SCOR Model) Fig. 1. The Relationship of the Three Main Aspects of Risk Management (ISO 31000, 2009) Then about supply chain management it can be described such as the supply chain itself is an organizational activity that distributes its products and services to customers. In contrast to the supply chain, which is a physical network, Supply Chain Management includes fulfilling the supply of goods from suppliers to manufacturers to the fulfillment of order fulfillment from customers (Christopher, 2016). Supply Chain Operation Reference (SCOR) is a measurement method and benchmarking tool that helps organizations make quick improvements in supply chain processes (APICS, 2017). In its implementation, the SCOR system has six main processes that must be met before being implemented: Plan, Source, Make, Delivery, Return and Enable. Moreover, Supply Chain Risk Management (SCRM) in SCOR includes systematic identification, assessment and mitigation activities against potential disruptions in the logistics network to reduce negative impacts on the supply chain network performance (Christopher, 2016). There are five measurement references in the SCOR model: Reliability, Responsiveness, Agility, Cost, and Asset Management. This research contribution is using Design Science Research Methodology (DSRM) as (Venable et al., 2017) in choosing a design science research methodology. 2. Method This study uses ISO 31000 and SCOR Model to design the proposed framework to increase risk management performance. The data used in this study include primary data obtained directly through the interview process and filling out questionnaires to employees and business owners Rajut Bamboo. The process flow in this study also uses the Design Science Research Methodology (DSRM) concept to make it easier to understand the research process flow. The following is an overview of the DSRM process model shown in Fig. 2. Thus, based on the general picture of the DSRM, the study process flow is explained in Fig. 3. 44 Spektrum Industri ISSN 1693-6590 Vol. 21, No. 1, 2023, pp. 41-51 Mirga Maulana Rachmadhani (Risk Management Framework Design Based on ISO 31000 and SCOR Model) Fig. 2. Design Science Research Process Model (Catarino et al., 2016) Fig. 3. Research Flow ISSN 1693-6590 Spektrum Industri 45 Vol. 21, No. 1, 2023, pp. 41-51 Mirga Maulana Rachmadhani (Risk Management Framework Design Based on ISO 31000 and SCOR Model) 3. Results and Discussion 3.1. Proposed Framework Design of Risk Management The proposed framework design uses the ISO 31000:2009 approach and the SCOR Model. The framework made in general can be explained by there are three main stages, namely: 1. First Stage (Determining Context with SCOR Model) 2. Second Stage (Risk Assessment) 3. Third Stage (Risk Treatment) Based on these three stages, Fig. 4 shows the design drawing of the proposed risk management framework. Besides those three stages, there are elements of the communication and consultation process, monitoring and review, and recording and reporting in the proposed framework above. The communication and consultation process carries out at every stage, where each step of the process will always be communicated and consulted to the owner’s feedback. The monitoring and review process is also carried out at every stage. It is done so that every process exists at all stages. It is monitored and reviewed. Likewise, with the recording and reporting process, the difference is that this process is carried out at the final stage to determine whether the mitigation carried out is correct or not. Also, the recording and reporting process is communicated to the owner. Fig. 4. Proposed Framework Design of Risk Management 3.2. Implementation The case study in this study was conducted in Rajut Bamboo that located in the Bantul area, Yogyakarta. In this study case, the results of the proposed framework will be implemented. It showed that the Rajut Bamboo requires a proposed framework to improve the performance of the risk management system because several problems often occur, both outside the company and within the company. 3.2.1. First Stage (Context Determination by SCOR Model) The first stage, determining the context using the SCOR model, is to define the object of research, namely Rajut Bamboo, a company or business entity using bamboo as the primary raw material. The risk performance assessed is based on the SCOR 12 hierarchy by outlining the risk criteria based on 46 Spektrum Industri ISSN 1693-6590 Vol. 21, No. 1, 2023, pp. 41-51 Mirga Maulana Rachmadhani (Risk Management Framework Design Based on ISO 31000 and SCOR Model) levels 1 to level 3. At level 1, the assessment includes the process of the plan (planning), make (production process), source (source/supplier), delivery (delivery process), return (return process), and enable (management). While level 2 is the definition of categories at each level 1 to identify metrics. Where metrics are used to identify risks carried out in each supply chain process, level 2 is sufficient to represent the metrics. The description of each level 1 and level 2 process and the grouping of metrics can be seen in Table 1. Table 1. Establishing Context Based on the SCOR Method No Score Metrics Level 1 Level 2 1 Plan Plan Source RS.3.99 Plan Source Cycle Time 2 CO.3.2 Cost to Plan Source 3 Plan Make RL.3.49 Schedule Achievement 4 RS.1.1 Order Fulfillment Cycle Time 5 CO.3.3 Cost to Plan Make 6 Source Source Make to Order Product AG.3.42 Current Source Volume 7 AG.3.46 Demand sourcing-supplier constraints 8 CO.2.2 Cost to Source 9 Make Make to Order RS.4.46 Install Product Cycle Time 10 RS.3.140 Verify Product Cycle Time 11 AG.3.38 Current Make Volume 12 CO.2.3 Cost to Make 13 CO.3.11 Direct Material Cost 14 CO.3.20 Risk Mitigation Costs 15 Delivery Deliver Make to Order Product RL.2.2 Documentation Accuracy 16 RS.3.20 Current logistics order cycle time 18 AG.3.4 Additional Delivery volume 19 AG.3.32 Current Delivery Volume 20 CO.3.14 Order Management Costs 21 AM.3.45 Inventory Days of Supply - Finished Goods 22 Return Deliver Return Defective Product RS.3.19 Current customer return order cycle time 23 AG.3.31 Current Deliver Return Volume 24 CO.3.17 Cost to Deliver Return 25 AM.3.26 Return Rate 26 Enable Manage Supply Chain Assets AM.3.9 Capacity Utilization 3.2.2. Second Stage (Risk Assessment) Risk Identification Based on the performance matrix of the plan, source, make, delivery, return and enable, as many as 32 (risk events) were identified, including in the planning process five risks, source as many as three risks, make as many as six risks, delivery as many as ten risks, return as many as six risks and enable two risks. The risk plan process identified 3 SCOR attributes, namely reliability, responsiveness, and cost, in the risk source process identified risk made from 2 SCOR attributes, namely agility, and cost, in the risk-making process identified 3 SCOR attributes, namely responsiveness, agility, and cost, in the delivery process the identified risks include all 5 SCOR attributes, in the form of reliability, responsiveness, agility, cost and asset management, in the risk- return process identified from 4 SCOR attributes, namely responsiveness, agility, cost, asset management. In contrast, the identified risks include asset management attributes in the enable process. After identifying the risks from each existing process, the causes and impacts of the above risks are identified. The causes of each risk are known based on interviews with the owner. The reasons (risk cause) and impact (risk impact) of each risk can be seen in Table 2. Risk Analysis The next stage is risk analysis based on the results, the risk identification list, and the causes and impacts of risks obtained from observations and interviews with experts. Risk analysis is carried out by measuring the likelihood and consequences for the owner of Rajut Bamboo. The following values are the likelihood and consequences shown in Table 3 and Table 4. ISSN 1693-6590 Spektrum Industri 47 Vol. 21, No. 1, 2023, pp. 41-51 Mirga Maulana Rachmadhani (Risk Management Framework Design Based on ISO 31000 and SCOR Model) Table 2. Risk Cause and Risk Impact No Risk Code Risk Identification Risk Cause Risk Impact 1 P1 The estimated time for delivery of bamboo raw materials is overlong Cause of bad weather Production time delay Limited transportation 2 P2 The cost of raw materials is not as planned Scarcity of the type of bamboo used Overbudget Seasonal bamboo harvest Overbudget . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 A2 Lack of the manpower One jobholder High workload of the employee Table 3. Likelihood Level Rate Level Description 1 Rare The risk occurs once every more than a year 2 Unlikely The risk occurs once every 9 to 12 months 3 Possible The risk occurs once every 2 to 6 months 4 Likely The risk happens every month 5 Almost Certain The risk happens every week Table 4. Consequence Level Rate Level Description 1 Insignificant The loss suffered by the company for each risk is less than one million rupiah 2 Minor The loss suffered by the company each risk between more than one million rupiah to two million five hundred thousand rupiah 3 Moderate The loss suffered by the company each risk between more than two million five hundred thousand rupiah to five million rupiah 4 Major The loss suffered by the company for each risk is between more than five million rupiah to ten million rupiah 5 Catastrophic The loss suffered by the company per risk is more than ten million rupiah There are the results of probability and consequence values based on the results of the questionnaire distributed to respondents shown in Table 5. Based on the likelihood and consequences results, there are seven risks in the red zone (high risk), namely D3, D9, M2, P5, D2, M6, and A1, and then there are 13 risks in the yellow zone (medium risk). Namely S2, P4, D1, D7, S1, D6, D10, R5, A2, P2, M1, M3, and D8. There are also twelve risks in the green zone (low risk), namely M4, M5, D5, R4, P1, P3, R2, R3, S3, D4, R1, and R9. The following is a risk map from the likelihood and consequences assessment results shown in Fig. 5. Table 5. Likelihood Level and Consequence of Respondent\ No Code Risk Event Respondent (owner) Risk Level Likelihood Consequences 1 P1 The estimated time for delivery of bamboo raw materials is overlong 2 1 2 2 P2 The cost of raw materials is not as planned 3 2 6 . . . . . . . . . . . . . . . . . . 31 A1 Products in storage are damaged or lost 3 5 15 32 A2 Lack of the manpower 4 2 8 48 Spektrum Industri ISSN 1693-6590 Vol. 21, No. 1, 2023, pp. 41-51 Mirga Maulana Rachmadhani (Risk Management Framework Design Based on ISO 31000 and SCOR Model) Likelihood Consequences Insignificant (1) Minor (2) Moderate (3) Major (4) Catastrophic (5) Almost Certain (5) D3, D9 Likely (4) D10, R5, A2 P5, D2 M2 Possible (3) R4 P2, M3, D8 P4, D1, D7 A1 Unlike (2) P1, R2 M1 S1, D6 S2 Rare (1) S3, D4, R1, R6 P3, R3 M4, M5, D5 Fig. 5. Risk Map of Rajut Bamboo SMEs Based on the risk map results, the next step is to do a fishbone analysis of the seven risks in the red zone (high risk). The following is a fishbone analysis of one of the risks in the high-risk category 1. Fishbone analysis on D3 shown in Fig. 6. The risk in the D3 code was identified using fishbone analysis (Ishikawa), with the top event being “Delivery of product Takes a Long Time.” Fig. 6. Fishbone Analysis for D3 Risk Code Risk Evaluation Based on the risk analysis and risk map above, the researcher found seven risks with high-risk categories in the red zone. Each of these risks includes: D3 with the top event, “Shipping takes time,” D9 with the top event, “Expensive packaging material costs,” M2 with the top event, “Quality control takes a long time,” P5 with the top event “There are high costs arise outside of planning,” D2 with the top event “Order time exceeds the specified time” M6 with the top event “No mitigation planning,” and A1 with the top event “Storage product is damaged/lost.” Risks belonging to the high-risk category (red zone) will be prioritized and handled at the risk mitigation stage. 3.2.3. Third Stage (Risk Treatment) Based on the fishbone analysis of each risk, the next stage is to propose a risk mitigation strategy based on the root cause and effect of the seven risks that fall into the high-risk category (red zone). The following table of risk mitigation proposals is based on seven risks in the high-risk category shown in Table 6. Table 6. Strategies of Risk Mitigation Proposed Risk Code Description Risk mitigation proposed D3 Unfinished product It is necessary to plan for regular stock of raw materials and stainless materials, thus there is no material stock out. Absence of SOP Rules need to be applied to the management and production departments so that the production process runs smoothly and does not run out of stock. . . . . . . . . . . . . A1 Moldy stuff Workers are given guidance on the level of water content in bamboo and are more careful in making sure the product is dry properly. The temperature of storage is damp A room temperature meter is made or installed so that it can monitor a good room temperature level. ISSN 1693-6590 Spektrum Industri 49 Vol. 21, No. 1, 2023, pp. 41-51 Mirga Maulana Rachmadhani (Risk Management Framework Design Based on ISO 31000 and SCOR Model) As a step in implementing the proposed mitigation strategy, a discussion was held with the owner of the Rajut Bamboo to assess whether the proposed mitigation strategy could reduce the likelihood and impact of the risk shown in Fig. 7. The following are the results of the discussion with the Rajut Bamboo owner which has been mapped into the new risk map shown in Table 7. Table 7. Likelihood Score and Consequence of Mitigation Proposed Code Risk Event Likelihood Consequences Risk Level D3 Delivery of product takes a long time 2 3 6 D9 Expensive packaging material costs 1 3 3 M2 Quality control takes a long time 4 2 8 P5 Unplanned overhead costs 3 3 9 D2 Order time exceeds the specified time 1 1 1 M6 No mitigation planning 2 2 4 A1 Products in storage are damaged or lost 4 2 8 Likelihood Consequences Insignificant (1) Minor (2) Moderate (3) Major (4) Catastrophic (5) Almost Certain (5) M6 D3, D9 Likely (4) D10, R5, A2 P5, D2 M2 Possible (3) R4, D9 P2, M3, D8, D3 P4, D1, D7, P5 A1 Unlike (2) P1, R2, D2 M6 M1 S1, D6, M2, A1 S2 Rare (1) S3, D4, R1, R6, D2 P3, R3 M4, M5, D5 Fig. 7. Map of Risk Mitigation Result Based on the results of the risk map, in the D3 risk code after discussion the risk level drops to medium risk (yellow zone), in the D9 risk code after discussion the risk level drops to low risk (green zone), in the M2 risk code after risk discussion. the level drops to medium risk (yellow zone), at risk code P5 after discussion the risk level drops to medium risk (yellow zone), in risk code D2 after discussion the risk level drops to low risk (green zone), at risk code M6 after discussion, the risk level drops to low risk (green zone), and on risk code A1 after discussion, the risk level drops to medium risk (yellow zone). 4. Conclusion The conclusions that can be drawn from this research are as follows. First, a framework design using ISO 31000:2009 and the SCOR Model as an improvement in risk management performance has been successfully created and developed. It can be said that by collaborating the two methods, a new framework can be created that can be used to improve risk management performance. This proposed framework has been implemented in a case study so that in its implementation the results are as expected. Second, based on the risk mitigation strategy carried out with the results of discussions with owner it was found that the risk code D3 risk level fell to the medium risk category, in the D9 risk code the risk level fell to the low risk category, in the M2 risk code the risk level decreased to in the medium risk category, in the P5 risk code the risk level drops to the medium risk category, in the D2 risk code the risk level decreases to the low risk category, in the M6 risk code the risk level drops to the low risk category, and in the A1 risk code the risk level falls into the low risk category. medium risk. 50 Spektrum Industri ISSN 1693-6590 Vol. 21, No. 1, 2023, pp. 41-51 Mirga Maulana Rachmadhani (Risk Management Framework Design Based on ISO 31000 and SCOR Model) Author Contribution: All authors contributed equally to the main contributor to this paper. All authors read and approved the final paper. Funding: This research received no external funding. Conflicts of Interest: The authors declare no conflict of interest. References Ahmad, S., Ng, C., & McManus, L. A. (2014). Enterprise risk management (ERM) implementation: Some empirical evidence from large Australian companies. Procedia-Social and Behavioral Sciences, 164, 541-547. https://doi.org/1.1016/j.sbspro.2014.11.144. APICS. (2017). SCOR (Supply Chain Operations Reference Model) (12th ed.). APICS. http://www.apics.org/docs/default-source/scor-training/scor-v12-0-framework- introduction.pdf?sfvrsn=2. Buganová, K., & Šimíčková, J. (2019). Risk management in traditional and agile project management. Transportation Research Procedia, 40, 986-993. https://doi.org/10.1016/j.trpro.2019.07.138. Bukhori, I. B., Widodo, K. H., & Ismoyowati, D. (2015). Evaluation of poultry supply chain performance in XYZ slaughtering house Yogyakarta using SCOR and AHP method. Agriculture and Agricultural Science Procedia, 3, 221-225. https://doi.org/10.1016/j.aaspro.2015.01.043. Catarino, T. M., Vasconcelos, A., & da Silva, M. M. (2016). The Role of the Chief Information Security Officer. IST, Portugal. https://doi.org/10.13140/RG.2.2.20285.61921. Chen, Y. L., Chuang, Y. W., Huang, H. G., & Shih, J. Y. (2020). The value of implementing enterprise risk management: Evidence from Taiwan’s financial industry. The North American Journal of Economics and Finance, 54, 100926. https://doi.org/10.1016/j.najef.2019.02.004. Choo, B. S. Y., & Goh, J. C. L. (2014, December). Adapting the ISO31000: 2009 enterprise risk management framework using the six sigma approach. In 2014 IEEE International Conference on Industrial Engineering and Engineering Management (pp. 39-43). IEEE. https://doi.org/10.1109/IEEM.2014.7058596. Christopher, M. (2016). Logistics & supply chain management. Pearson Uk. https://books.google.co.id/books?hl=en&lr=&id=NIfQCwAAQBAJ&oi=fnd&pg=. de Oliveira, U. R., Marins, F. A. S., Rocha, H. M., & Salomon, V. A. P. (2017). The ISO 31000 standard in supply chain risk management. Journal of Cleaner Production, 151, 616-633. https://doi.org/10.1016/j.jclepro.2017.03.054. Ekwere, N. (2016). Framework of effective risk management in small and medium enterprises (SMESs): a literature review. Bina Ekonomi, 20(1), 23-46. https://journal.unpar.ac.id/index.php/BinaEkonomi/article/view/1894. Ernawati, T., & Nugroho, D. R. (2012, September). IT risk management framework based on ISO 31000: 2009. In 2012 International Conference on System Engineering and Technology (ICSET) (pp. 1-8). IEEE. https://doi.org/10.1109/ICSEngT.2012.6339352. International Standardization Organization. (2009). Risk Management-Principles and Guidelines. Switzerland. https://www.iso.org/standard/43170.html. Munir, M., Jajja, M. S. S., Chatha, K. A., & Farooq, S. (2020). Supply chain risk management and operational performance: The enabling role of supply chain integration. International Journal of Production Economics, 227, 107667. https://doi.org/10.1016/j.ijpe.2020.107667. Muttaqin, P. S., Margareta, W., & Zahira, A. D. (2022). Green warehouse performance monitoring system design using analytical hierarchy process and supply chain operation reference. Applied Engineering and Technology, 1(3), 146-153. https://doi.org/10.31763/aet.v1i3.687. Nimmy, S. F., Hussain, O. K., Chakrabortty, R. K., Hussain, F. K., & Saberi, M. (2022). Explainability in supply chain operational risk management: A systematic literature review. Knowledge-Based Systems, 235, 107587. https://doi.org/10.1016/j.knosys.2021.107587. https://doi.org/1.1016/j.sbspro.2014.11.144 http://www.apics.org/docs/default-source/scor-training/scor-v12-0-framework-introduction.pdf?sfvrsn=2 http://www.apics.org/docs/default-source/scor-training/scor-v12-0-framework-introduction.pdf?sfvrsn=2 https://doi.org/10.1016/j.trpro.2019.07.138 https://doi.org/10.1016/j.aaspro.2015.01.043 https://doi.org/10.13140/RG.2.2.20285.61921 https://doi.org/10.1016/j.najef.2019.02.004 https://doi.org/10.1109/IEEM.2014.7058596 https://books.google.co.id/books?hl=en&lr=&id=NIfQCwAAQBAJ&oi=fnd&pg= https://doi.org/10.1016/j.jclepro.2017.03.054 https://journal.unpar.ac.id/index.php/BinaEkonomi/article/view/1894 https://doi.org/10.1109/ICSEngT.2012.6339352 https://www.iso.org/standard/43170.html https://doi.org/10.1016/j.ijpe.2020.107667 https://doi.org/10.31763/aet.v1i3.687 https://doi.org/10.1016/j.knosys.2021.107587 ISSN 1693-6590 Spektrum Industri 51 Vol. 21, No. 1, 2023, pp. 41-51 Mirga Maulana Rachmadhani (Risk Management Framework Design Based on ISO 31000 and SCOR Model) Parviainen, T., Goerlandt, F., Helle, I., Haapasaari, P., & Kuikka, S. (2021). Implementing Bayesian networks for ISO 31000: 2018-based maritime oil spill risk management: State-of-art, implementation benefits and challenges, and future research directions. Journal of Environmental Management, 278, 111520. https://doi.org/10.1016/j.jenvman.2020.111520. Ridwan, A., & Ambarwati, V. (2019, December). Perancangan aksi mitigasi risiko halal supply chain pada ikm sate bandeng menggunakan metode house of risk. In Talenta Conference Series: Energy and Engineering (EE). 2. 4. https://doi.org/10.32734/ee.v2i4.672. Rubino, M. (2018). A comparison of the main ERM frameworks: how limitations and weaknesses can be overcome implementing IT governance. International Journal of Business and Management, 13(12), 203-214. https://doi.org/10.5539/ijbm.v13n12p203. Sari, R. A., Yuniarti, R., & Puspita, D. (2017). Analisa manajemen risiko pada industri kecil rotan di Kota Malang. Journal of Industrial Engineering Management, 2(2), 39-47. https://doi.org/10.33536/jiem.v2i2.151. Venable, J. R., Pries-Heje, J., & Baskerville, R. L. (2017). Choosing a design science research methodology. https://aisel.aisnet.org/acis2017/112. Zevallos, C. G. (2004). Risk Management Guidelines: Companion to AS/NZS 4360:2004. Standards Australia International. https://www.saiglobal.com/PDFTemp/Previews/OSH/as/misc/handbook/HB436- 2004(+A1).pdf. https://doi.org/10.1016/j.jenvman.2020.111520 https://doi.org/10.32734/ee.v2i4.672 https://doi.org/10.5539/ijbm.v13n12p203 https://doi.org/10.33536/jiem.v2i2.151 https://aisel.aisnet.org/acis2017/112 https://www.saiglobal.com/PDFTemp/Previews/OSH/as/misc/handbook/HB436-2004(+A1).pdf https://www.saiglobal.com/PDFTemp/Previews/OSH/as/misc/handbook/HB436-2004(+A1).pdf