With the enactment of RPJMN 2020-2024, implementing risk management is a must for all government institutes. Risk management must be applied in managing institute performance, in order to support the achievement of the objectives set out in the RPJMN. Ministry of X as a state institution is inseparable from risk. It has been in the media spotlight several times in a number of cases, ranging from issues of corruption, immigration issues, drug trafficking until riots in prison. The paper aims to evaluate the application of risk management in X Ministry and the role of the Inspectorate General as an internal audit in risk management. This research is a qualitative research with a descriptive analysis approach. The method used in conducting research is through observation and interviews. The evaluation was carried out using ISO 31000: 2009 and the standards issued by IIA. The results of the study are evaluations and suggestions for improving the effectiveness of risk management and the role of internal audit to provide added value, improve performance and achieve organizational goals. The implementation of risk management in X Ministry is still in the development stage and is at the level of risk aware, it has not been implemented in all work units. Risk management structure has not been established, it requires leadership commitment and a culture of risk awareness. There are weaknesses in risk management tools and Ministerial X Regulations, this research provides recommendations for improvement. The Inspectorate General has not yet carried out its core role as a third line of defence in providing assurance for the implementation of risk management, because it still focuses on risk management assistance activities and its consultancy role.

Keywords: Risk Management, Internal Audit, ISO 31000:2009

Asosiasi Auditor Intern Pemerintah Indonesia. (2013). Standar Audit Intern Pemerintah. Jakarta: Asosiasi Auditor Intern Pemerintah Indonesia.

Braig, S., Gebre, B., & Sellgren, A. (2011). Strengthening Risk Management in The US Public Sector (Working Papers No. 28). Washington DC: McKinsey & Company.

BPKP. (2014). Audit Intern, Modul Pembentukan Auditor Ahli. Bogor: Pusat Pendidikan dan Pelatihan Pengawasan BPKP.

BPKP. (2016). Tata Kelola, Manajemen Risiko, & Pengendalian Intern, Modul Pembentukan Auditor Ahli. Bogor: Pusat Pendidikan dan Pelatihan Pengawasan BPKP.

BPKP.go.id. BPKP Berikan Piagam Maturitas SPIP dan Kapabilitas APIP pada Kemenkum HAM. Diakses 26 Februari 2020. http://www.bpkp.go.id/polsoskam/berita/read/23010/90/Penyerahan-Piagam-Maturitas-SPIP-dan-Kapabilitas-APIP-pada-Kementerian-Hukum-dan-HAM.bpkp

Cnbcindonesia.com. 'Penyakit' Jiwasraya-Asabri Sama: Terjebak di Saham Lapis 3. Diakses 27 Februari 2020. https://www.cnbcindonesia.com/market/20200114100818-17-129779/penyakit-jiwasraya-asabri-sama-terjebak-di-saham-lapis-3

Crmsindonesia.org. Fungsi Manajemen Risiko dan Internal Audit. Diakses 31 Maret 2020. https://crmsindonesia.org/publications/fungsi-manajemen-risiko-dan-internal-audit/

Crmsindonesia.org. Perbandingan COSO ERM-Integrated Framework Dengan ISO 31000: 2009 Risk Management Principles Snd Guidelines. Diakses 31 Maret 2020. https://crmsindonesia.org/publications/perbandingan-coso-erm-integrated-framework-dengan-iso-31000-2009-risk-management-principles-and-guidelines/

Economy.okezone.com. Kasus Jiwasraya, BPK Minta Kementerian Lembaga Perkuat Manajemen Risiko. Diakses 27 Februari 2020. https://economy.okezone.com/read/2020/01/06/20/2149779/kasus-jiwasraya-bpk-minta-kementerian-lembaga-perkuat-manajemen-risiko

IIA (The Institute of Internal Auditors). (2010). IPPF Practice Guide: Assessing the adequacy of risk management using ISO 31000:2010. Altamonte Springs, Florida: Global Headquarters.

-------------------------------------------------. (2009). IIA position paper: The role of internal auditing in enterprise-wide risk management. IIA-UK: Irlandia. Diakses 3 Mei 2020. https://www.iia.org.uk/media/78513/the_role_of_internal_audit_in_enterprise_risk_management.pdf

-------------------------------------------------. (2013). IIA position paper: The three lines of defense in effective risk management and control. Altamonte Springs, Florida: Global Headquarters. Diakses 5 Mei 2020. https://na.theiia.org/standards-guidance/Public%20Documents/PP%20The%20Three%20Lines%20of%20Defense%20in%20Effective%20Risk%20Management%20and%20Control.pdf

Keban, Yeremias T. (2017). Risk Management: A Neglected Vital Instrument in Public Administration in Indonesia. Management Research and Practice, Vol. 9.

Oehmen et al. (2014). Analysis of The Effect of Risk Management Practices on The Performance of New Product Development Programs. Technovation, 34(8). http://dx.doi.org/10.1016/j.technovation.2013.12.005

Sari, Anggraeni Puspita. (2020). Analisis Penerapan Manajemen Risiko dan Peran Audit Internal Terhadap Manajemen Risiko Pada Lembaga PQR.

Shin, I., & Park, S. (2017). Integration of Enterprise Risk Management and Management Control System: Based on A Case Study. Investment Management & Financial Innovations, 14, 19-26.

Wright, Rick A. (2013). The Internal Auditor’s Guide to Risk Assessment. Florida: The Institute of Internal Auditors Research Foundation.

Zwikael & Ahn. (2011). The Effectiveness of Risk Management: An Analysis of Project Risk Planning Across Industries and Countries. Risk Analysis. Vol.31 No.1.

BPK, Laporan Hasil Pemeriksaan atas LK Kementerian X Tahun 2018.

Kementerian X, Laporan Kinerja Instansi Pemerintah Tahun 2018.