Risk
Management

Risk Management is a systematic process of identifying, analyzing, evaluating, and controlling risks that may affect the achievement of an organization’s objectives. The main goal is to minimize negative impacts from uncertainties and maximize opportunities that can be leveraged. (References: ISO 31000 : 2018)

Architecture of Risk Management

ISO 31000:2018 provides a structured and universal framework for managing risks in any organization. The standard outlines principles, a framework, and a process for effective risk management.

Framework

1. General

The purpose of the risk management framework is to assist the organization in integrating risk management into significant activities and functions. The effectiveness of risk management will depend on its integration into the governance of the organization, including decision-making. This requires support from stakeholders, particularly top management.

Framework development encompasses integrating, designing, implementing, evaluating and improving risk management across the organization.

The organization should evaluate its existing risk management practices and processes, evaluate any gaps and address those gaps within the framework.

The components of the framework and the way in which they work together should be customized to the needs of the organization.

2. Leadership and commitment

Top management and oversight bodies, where applicable, should ensure that risk management is integrated into all organizational activities and should demonstrate leadership and commitment by:

  • customizing and implementing all components of the framework;
  • issuing a statement or policy that establishes a risk management approach, plan or course of action;
  • ensuring that the necessary resources are allocated to managing risk;
  • assigning authority, responsibility and accountability at appropriate levels within the organization.

This will help the organization to:

  • align risk management with its objectives, strategy and culture;
  • recognize and address all obligations, as well as its voluntary commitments
  • establish the amount and type of risk that may or may not be taken to guide the development of risk criteria, ensuring that they are communicated to the organization and its stakeholders;
  • communicate the value of risk management to the organization and its stakeholders;
  • promote systematic monitoring of risks;
  • ensure that the risk management framework remains appropriate to the context of the organization.

Top management is accountable for managing risk while oversight bodies are accountable for overseeing risk management. Oversight bodies are often expected or required to:

  • ensure that risks are adequately considered when setting the organization’s objectives;
  • understand the risks facing the organization in pursuit of its objectives;
  • ensure that systems to manage such risks are implemented and operating effectively;
  • ensure that such risks are appropriate in the context of the organization’s objectives;
  • ensure that information about such risks and their management is properly communicated.

3. Integration

Integrating risk management relies on an understanding of organizational structures and context. Structures differ depending on the organization’s purpose, goals and complexity. Risk is managed in every part of the organization’s structure. Everyone in an organization has responsibility for managing risk.

Governance guides the course of the organization, its external and internal relationships, and the rules, processes and practices needed to achieve its purpose. Management structures translate governance direction into the strategy and associated objectives required to achieve desired levels of sustainable performance and long-term viability. Determining risk management accountability and oversight roles within an organization are integral parts of the organization’s governance.

Integrating risk management into an organization is a dynamic and iterative process, and should be customized to the organization’s needs and culture. Risk management should be a part of, and not separate from, the organizational purpose, governance, leadership and commitment, strategy, objectives and operations.

4. Design

4.1 Understanding the organization and its context

When designing the framework for managing risk, the organization should examine and understand its external and internal context.

Examining the organization’s external context may include, but is not limited to:

  • the social, cultural, political, legal, regulatory, financial, technological, economic and environmental factors, whether international, national, regional or local;
  • key drivers and trends affecting the objectives of the organization;
  • external stakeholders’ relationships, perceptions, values, needs and expectations;
  • contractual relationships and commitments;
  • the complexity of networks and dependencies.

Examining the organization’s internal context may include, but is not limited to:

  • vision, mission and values;
  • governance, organizational structure, roles and accountabilities;
  • strategy, objectives and policies;
  • the organization’s culture;
  • standards, guidelines and models adopted by the organization;
  • capabilities, understood in terms of resources and knowledge (e.g. capital, time, people, intellectual property, processes, systems and technologies);
  • data, information systems and information flows;
  • relationships with internal stakeholders, taking into account their perceptions and values;
  • contractual relationships and commitments;
  • interdependencies and interconnections.

4.2 Articulating risk management commitment

Top management and oversight bodies, where applicable, should demonstrate and articulate their continual commitment to risk management through a policy, a statement or other forms that clearly convey an organization’s objectives and commitment to risk management. The commitment should include, but is not limited to:

  • the organization’s purpose for managing risk and links to its objectives and other policies;
  • reinforcing the need to integrate risk management into the overall culture of the organization;
  • leading the integration of risk management into core business activities and decision-making;
  • authorities, responsibilities and accountabilities;
  • making the necessary resources available;
  • the way in which conflicting objectives are dealt with;
  • measurement and reporting within the organization’s performance indicators;
  • review and improvement.

The risk management commitment should be communicated within an organization and to stakeholders, as appropriate.

4.3 Assigning organizational roles, authorities, responsibilities and accountabilities

Top management and oversight bodies, where applicable, should ensure that the authorities, responsibilities and accountabilities for relevant roles with respect to risk management are assigned and communicated at all levels of the organization, and should:

  • emphasize that risk management is a core responsibility;
  • identify individuals who have the accountability and authority to manage risk (risk owners).

4.4 Allocating resources

Top management and oversight bodies, where applicable, should ensure allocation of appropriate resources for risk management, which can include, but are not limited to:

  • people, skills, experience and competence;
  • the organization’s processes, methods and tools to be used for managing risk;
  • documented processes and procedures;
  • information and knowledge management systems;
  • professional development and training needs.

The organization should consider the capabilities of, and constraints on, existing resources.

4.5 Establishing communication and consultation

The organization should establish an approved approach to communication and consultation in order to support the framework and facilitate the effective application of risk management. Communication involves sharing information with targeted audiences. Consultation also involves participants providing feedback with the expectation that it will contribute to and shape decisions or other activities. Communication and consultation methods and content should reflect the expectations of stakeholders, where relevant.

Communication and consultation should be timely and ensure that relevant information is collected, collated, synthesised and shared, as appropriate, and that feedback is provided and improvements are made.

5. Implementation

The organization should implement the risk management framework by:

  • developing an appropriate plan including time and resources;
  • identifying where, when and how different types of decisions are made across the organization, and by whom;
  • Modifying the applicable decision-making processes where necessary;
  • ensuring that the organization’s arrangements for managing risk are clearly understood and practised.

Successful implementation of the framework requires the engagement and awareness of stakeholders. This enables organizations to explicitly address uncertainty in decision-making, while also ensuring that any new or subsequent uncertainty can be taken into account as it arises.

Properly designed and implemented, the risk management framework will ensure that the risk management process is a part of all activities throughout the organization, including decision-making, and that changes in external and internal contexts will be adequately captured.

6. Evaluation

In order to evaluate the effectiveness of the risk management framework, the organization should:

  • periodically measure risk management framework performance against its purpose, implementation plans, indicators and expected behaviour;
  • determine whether it remains suitable to support achieving the objectives of the organization.

7. Improvement

7.1 Adapting

The organization should continually monitor and adapt the risk management framework to address external and internal changes. In doing so, the organization can improve its value.

7.2 Continually improving

The organization should continually improve the suitability, adequacy and effectiveness of the risk management framework and the way the risk management process is integrated.

As relevant gaps or improvement opportunities are identified, the organization should develop plans and tasks and assign them to those accountable for implementation. Once implemented, these improvements should contribute to the enhancement of risk management.

Principle

The purpose of risk management is the creation and protection of value. It improves performance, encourages innovation and supports the achievement of objectives.

The principles outlined in image provide guidance on the characteristics of effective and efficient risk management, communicating its value and explaining its intention and purpose. The principles are the foundation for managing risk and should be considered when establishing the organization’s risk management framework and processes. These principles should enable an organization to manage the effects of uncertainty on its objectives.

Effective risk management requires the elements of the figure and can be further explained as follows.

Integrated
Integrated Risk management is an integral part of all organizational activities.

Structured and comprehensive
Structured and comprehensive A structured and comprehensive approach to risk management contributes to consistent and comparable results.

Customized
Customized The risk management framework and process are customized and proportionate to the organization’s external and internal context related to its objectives.

Inclusive
Inclusive Appropriate and timely involvement of stakeholders enables their knowledge, views and perceptions to be considered. This results in improved awareness and informed risk management.

Dynamic
Dynamic Risks can emerge, change or disappear as an organization’s external and internal context changes. Risk management anticipates, detects, acknowledges and responds to those changes and events in an appropriate and timely manner.

Best available information
Best available information The inputs to risk management are based on historical and current information, as well as on future expectations. Risk management explicitly takes into account any limitations and uncertainties associated with such information and expectations. Information should be timely, clear and available to relevant stakeholders.

Human and cultural factors
Human and cultural factors Human behaviour and culture significantly influence all aspects of risk management at each level and stage.

Continuous improvement
Continual improvement Risk management is continually improved through learning and experience.

Process

1. General

The risk management process involves the systematic application of policies, procedures and practices to the activities of communicating and consulting, establishing the context and assessing, treating, monitoring, reviewing, recording and reporting risk. This process is illustrated in the Left

The risk management process should be an integral part of management and decision-making and integrated into the structure, operations and processes of the organization. It can be applied at strategic, operational, programme or project levels.

There can be many applications of the risk management process within an organization, customized to achieve objectives and to suit the external and internal context in which they are applied.

The dynamic and variable nature of human behaviour and culture should be considered throughout the risk management process.

Although the risk management process is often presented as sequential, in practice it is iterative.

2. Communication and consultation

The purpose of communication and consultation is to assist relevant stakeholders in understanding risk, the basis on which decisions are made and the reasons why particular actions are required. Communication seeks to promote awareness and understanding of risk, whereas consultation involves obtaining feedback and information to support decision-making. Close coordination between the two

Communication and consultation with appropriate external and internal stakeholders should take place within and throughout all steps of the risk management process. Communication and consultation aims to:

  • bring different areas of expertise together for each step of the risk management process;
  • ensure that different views are appropriately considered when defining risk criteria and when evaluating risks;
  • provide sufficient information to facilitate risk oversight and decision-making;
  • build a sense of inclusiveness and ownership among those affected by risk.

3. Scope, context and criteria

3.1 General

The purpose of establishing the scope, the context and criteria is to customize the risk management process, enabling effective risk assessment and appropriate risk treatment. Scope, context and criteria involve defining the scope of the process, and understanding the external and internal context.

3.2 Defining the scope

The organization should define the scope of its risk management activities. As the risk management process may be applied at different levels (e.g. strategic, operational, programme, project, or other activities), it is important to be clear about the scope under consideration, the relevant objectives to be considered and their alignment with organizational objectives. When planning the approach, considerations include

  • objectives and decisions that need to be made;
  • outcomes expected from the steps to be taken in the process;
  • time, location, specific inclusions and exclusions;
  • appropriate risk assessment tools and techniques;
  • resources required, responsibilities and records to be kept;
  • relationships with other projects, processes and activities.

3.3 External and internal context

The external and internal context is the environment in which the organization seeks to define and achieve its objectives. The context of the risk management process should be established from the understanding of the external and internal environment in which the organization operates and should reflect the specific environment of the activity to which the risk management process is to be applied. Understanding the context is important because:

  • risk management takes place in the context of the objectives and activities of the organization;
  • organizational factors can be a source of risk;
  • the purpose and scope of the risk management process may be interrelated with the objectives of the organization as a whole.

The organization should establish the external and internal context of the risk management proces.

3.4 Defining risk criteria

The organization should specify the amount and type of risk that it may or may not take, relative to objectives. It should also define criteria to evaluate the significance of risk and to support decisionmaking processes. Risk criteria should be aligned with the risk management framework and customized to the specific purpose and scope of the activity under consideration. Risk criteria should reflect the organization’s values, objectives and resources and be consistent with policies and statements about risk management. The criteria should be defined taking into consideration the organization’s obligations and the views of stakeholders.

While risk criteria should be established at the beginning of the risk assessment process, they are dynamic and should be continually reviewed and amended, if necessary.

To set risk criteria, the following should be considered:

  • the nature and type of uncertainties that can affect outcomes and objectives (both tangible and intangible);
  • how consequences (both positive and negative) and likelihood will be defined and measured;
  • time-related factors;
  • consistency in the use of measurements;
  • how the level of risk is to be determined;
  • how combinations and sequences of multiple risks will be taken into account;
  • the organization’s capacity

4. Risk assessment

4.1 General

Risk assessment is the overall process of risk identification, risk analysis and risk evaluation. Risk assessment should be conducted systematically, iteratively and collaboratively, drawing on the knowledge and views of stakeholders. It should use the best available information, supplemented by further enquiry as necessary.

4.2 Risk identification

The purpose of risk identification is to find, recognize and describe risks that might help or prevent an organization achieving its objectives. Relevant, appropriate and up-to-date information is important in identifying risks. The organization can use a range of techniques for identifying uncertainties that may affect one or more objectives. The following factors, and the relationship between these factors, should be considered:

  • tangible and intangible sources of risk;
  • causes and events;
  • threats and opportunities;
  • vulnerabilities and capabilities;
  • changes in the external and internal context;
  • indicators of emerging risks;
  • the nature and value of assets and resources;
  • consequences and their impact on objectives;
  • limitations of knowledge and reliability of information;
  • time-related factors;
  • biases, assumptions and beliefs of those involved.

The organization should identify risks, whether or not their sources are under its control. Consideration should be given that there may be more than one type of outcome, which may result in a variety of tangible or intangible consequences.

4.3 Risk analysis

The purpose of risk analysis is to comprehend the nature of risk and its characteristics including, where appropriate, the level of risk. Risk analysis involves a detailed consideration of uncertainties, risk sources, consequences, likelihood, events, scenarios, controls and their effectiveness. An event can have multiple causes and consequences and can affect multiple objectives.

Risk analysis can be undertaken with varying degrees of detail and complexity, depending on the purpose of the analysis, the availability and reliability of information, and the resources available. Analysis techniques can be qualitative, quantitative or a combination of these, depending on the circumstances and intended use

Risk analysis should consider factors such as:

  • the likelihood of events and consequences;
  • the nature and magnitude of consequences;
  • complexity and connectivity;
  • ime-related factors and volatility;
  • the effectiveness of existing controls;
  • sensitivity and confidence levels.

The risk analysis may be influenced by any divergence of opinions, biases, perceptions of risk and judgements. Additional influences are the quality of the information used, the assumptions and exclusions made, any limitations of the techniques and how they are executed. These influences should be considered, documented and communicated to decision makers.

Highly uncertain events can be difficult to quantify. This can be an issue when analysing events with severe consequences. In such cases, using a combination of techniques generally provides greater insight.

Risk analysis provides an input to risk evaluation, to decisions on whether risk needs to be treated and how, and on the most appropriate risk treatment strategy and methods. The results provide insight for decisions, where choices are being made, and the options involve different types and levels of risk.

4.4 Risk evaluation

The purpose of risk evaluation is to support decisions. Risk evaluation involves comparing the results of the risk analysis with the established risk criteria to determine where additional action is required. This can lead to a decision to:

  • do nothing further;
  • consider risk treatment options;
  • undertake further analysis to better understand the risk;
  • maintain existing controls;
  • reconsider objectives.

Decisions should take account of the wider context and the actual and perceived consequences to external and internal stakeholders. The outcome of risk evaluation should be recorded, communicated and then validated at appropriate levels of the organization.

5. 5. Risk treatment

5.1 General

The purpose of risk treatment is to select and implement options for addressing risk. Risk treatment involves an iterative process of:

  • formulating and selecting risk treatment options;
  • planning and implementing risk treatment;
  • assessing the effectiveness of that treatment;
  • deciding whether the remaining risk is acceptable;
  • if not acceptable, taking further treatment.

5.2 Selection of risk treatment options

Selecting the most appropriate risk treatment option(s) involves balancing the potential benefits derived in relation to the achievement of the objectives against costs, effort or disadvantages of implementation. Risk treatment options are not necessarily mutually exclusive or appropriate in all circumstances. Options for treating risk may involve one or more of the following:

  • avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk;
  • taking or increasing the risk in order to pursue an opportunity;
  • removing the risk source;
  • changing the likelihood;
  • changing the consequences;
  • sharing the risk (e.g. through contracts, buying insurance);
  • retaining the risk by informed decision.

Justification for risk treatment is broader than solely economic considerations and should take into account all of the organization’s obligations, voluntary commitments and stakeholder views. The selection of risk treatment options should be made in accordance with the organization’s objectives, risk criteria and available resources. When selecting risk treatment options, the organization should consider the values, perceptions and potential involvement of stakeholders and the most appropriate ways to communicate and consult with them. Though equally effective, some risk treatments can be more acceptable to some stakeholders than to others. Risk treatments, even if carefully designed and implemented might not produce the expected outcomes and could produce unintended consequences. Monitoring and review need to be an integral part of the risk treatment implementation to give assurance that the different forms of treatment become and remain effective. Risk treatment can also introduce new risks that need to be managed. If there are no treatment options available or if treatment options do not sufficiently modify the risk, the risk should be recorded and kept under ongoing review. Decision makers and other stakeholders should be aware of the nature and extent of the remaining risk after risk treatment. The remaining risk should be documented and subjected to monitoring, review and, where appropriate, further treatment.

5.3 Preparing and implementing risk treatment plans

The purpose of risk treatment plans is to specify how the chosen treatment options will be implemented, so that arrangements are understood by those involved, and progress against the plan can be monitored. The treatment plan should clearly identify the order in which risk treatment should be implemented. Treatment plans should be integrated into the management plans and processes of the organization, in consultation with appropriate stakeholders. The information provided in the treatment plan should include:

  • the rationale for selection of the treatment options, including the expected benefits to be gained;
  • those who are accountable and responsible for approving and implementing the plan;
  • the proposed actions;
  • the resources required, including contingencies;
  • the performance measures;
  • the constraints;
  • the required reporting and monitoring;
  • when actions are expected to be undertaken and completed.

6. Monitoring and review

The purpose of monitoring and review is to assure and improve the quality and effectiveness of process design, implementation and outcomes. Ongoing monitoring and periodic review of the risk management process and its outcomes should be a planned part of the risk management process, with responsibilities clearly defined. Monitoring and review should take place in all stages of the process. Monitoring and review includes planning, gathering and analysing information, recording results and providing feedback. The results of monitoring and review should be incorporated throughout the organization’s performance management, measurement and reporting activities.

7. Recording and reporting

The risk management process and its outcomes should be documented and reported through appropriate mechanisms. Recording and reporting aims to:

  • communicate risk management activities and outcomes across the organization;
  • provide information for decision-making;
  • improve risk management activities;
  • assist interaction with stakeholders, including those with responsibility and accountability for risk management activities.

Decisions concerning the creation, retention and handling of documented information should take into account, but not be limited to: their use, information sensitivity and the external and internal context. Reporting is an integral part of the organization’s governance and should enhance the quality of dialogue with stakeholders and support top management and oversight bodies in meeting their responsibilities. Factors to consider for reporting include, but are not limited to:

  • differing stakeholders and their specific information needs and requirements;
  • cost, frequency and timeliness of reporting;
  • method of reporting;
  • relevance of information to organizational objectives and decision-making.

Basic Implementation of Risk Management System

PT. Gapura Angkasa embeds risk management into its business strategy to ensure the achievement of performance targets and to maximize value for shareholders and stakeholders. This involves the effective identification, evaluation, and management of internal and external uncertainties that could impact corporate objectives.

The Company's risk management practices are governed by its internal guidelines, which are aligned with key regulatory and international standards, specifically the Minister of State-Owned Enterprises Regulation No. PER-2/MBU/03/2023.

Risk Management Commitment

In its commitment to implementing Good Corporate Governance (GCG) practices, PT Gapura Angkasa adheres to the Minister of State-Owned Enterprises Regulation No. PER-2/MBU/03/2023 concerning Guidelines for Governance and Significant Corporate Activities of State-Owned Enterprises. As a subsidiary of PT Integrasi Aviasi Solusi and PT Garuda Indonesia, the Company consistently prioritizes the precautionary principle in applying corporate risk management and managing all types of risks.

The ultimate accountability for the Company's risk management implementation rests with the Board of Commissioners, which serves as the supervisory body, and the Board of Directors, which holds operational responsibility. This responsibility is further cascaded throughout the organization; all levels of management and employees at both the Head Office and Branch Offices act as risk owners for their respective units. They are required to periodically report and monitor their unit's Risk Profile to the Board of Directors.

As a manifestation of its commitment to GCG through a structured risk management framework and governance, PT Gapura Angkasa adopts the Three Lines Model. This is also reflected in the Risk Management Charter.

Three Lines of Defense Model

The Three Lines of Defense (3LoD) principle is a framework applied to risk management and organizational relationships, which divides responsibilities between three distinct “lines of defense” within an organization.

Risk Management Organization Structure

Organizational Chart Risk Management & Governance Unit

Risk Taxonomy

There are 20 risk taxonomies risk classifications of PT. Gapura Angkasa derived from InJourney Group and PERATURAN MENTERI BADAN USAHA MILIK NEGARA REPUBLIK INDONESIA NOMOR PER-2/MBU/03/2023 and its derivatives regarding the classification of general industrial BUMN.

Risk Appetite Statement PT. Gapura Angkasa

The Risk Appetite Statement is established in accordance with that of PT Gapura Angkasa, as follows:

Determination of Risk Capacity, Appetite, Tolerance, and Limits for 2025

In reference to Strategi Risiko tahun 2025 PT Gapura Angkasa, dated February 17, 2025, the Risk Strategy (risk capacity, risk appetite, risk tolerance, and risk limit).

Enterprise Risk Management (ERM) Guidelines

PT Gapura Angkasa is a subsidiary of PT Integrasi Aviasi Solusi (IAS) and PT Garuda Indonesia, engaged in providing comprehensive services in the aviation sector, which include Ground Handling, Cargo & Logistics, and Hospitality services. It was officially established on January 26, 1998. In carrying out its business activities, PT Gapura Angkasa potentially faces risks that could hinder the achievement of its established corporate goals or targets. Therefore, the Company must be proactive in implementing Risk Management efficiently and effectively to adapt to business developments and ensure business continuity. The implementation of Risk Management at PT Gapura Angkasa utilizes the ISO 31000:2018 Risk Management – Guidelines framework, which refers to the International Organization for Standardization, while also considering alignment with regulations or provisions set at the group level (IAS Group) to achieve optimal implementation of Risk Management.

Risk management is a coordinated effort to direct and control the Company with regard to the risks identified in its business operations. Through the implementation of Risk Management, it is expected that potential losses can be minimized or even that risks can be transformed into opportunities that increase profits and bring benefits to PT Gapura Angkasa. The details of Risk Management implementation at PT Gapura Angkasa are set forth in a Risk Management guideline that aims to provide clear direction, limitations, and responsibilities for its execution within the Company. The purpose of implementing this Risk Management is to serve as a guide for all levels of the Company and to act as a basis for:

  1. Ensuring the implementation of Risk Management at PT Gapura Angkasa is effective and efficient.
  2. Monitoring the implementation of Risk Management at PT Gapura Angkasa to ensure it is structured, systematic, and continuous, thereby increasing the Company's value.

Download Document

Risk Management Policy

PT Gapura Angkasa has established a Risk Management Policy as a manifestation of the Company's commitment to implementing good corporate governance and the principle of prudence in conducting all business activities. This policy refers to the ISO 31000 standard and the provisions applicable to State-Owned Enterprises.

Risk Management is implemented in an integrated manner through the Three Lines Model approach, with the highest accountability resting with the Board of Commissioners and Directors, supported by all levels of management and work units within the Company. Each work unit is responsible for managing risks in accordance with its authority and regularly reports its risk profile to management.

Through this Risk Management Policy, PT Gapura Angkasa aims to ensure that risks are managed effectively, support decision-making, improve the Company's performance, and maintain the achievement of objectives and business continuity in a sustainable manner.

Documentation

Stay informed with the latest activity

Awareness Risk Management

Risk Management Unit

View More

Awareness
Risk Management

May 9th, and June 3rd & 4th, 2025

As part of its commitment and effort to maintain operational sustainability, the Risk Management Division of PT Gapura Angkasa successfully held a 'Risk Management Awareness Socialization' event on May 9th, and June 3rd & 4th, 2025.

Through this socialization, every risk owner is expected to be able to identify, analyze, and mitigate potential risks that may arise in their respective work areas.

Strengthening the understanding of risk management across all organizational lines is expected to become a solid foundation for achieving superior performance and sustainable business growth.

Focus Group Discussion Profil Risk

Risk Management Unit

View More

Focus Group Discussion Profil Risk

The July 2025 period

In order to strengthen the risk management framework and ensure data-driven decision-making, the Risk Management Unit of PT Gapura Angkasa consistently holds Focus Group Discussions (FGD) for the completion and updating of risk profiles.

This activity is an integral part of the company's risk management cycle, designed to proactively identify, analyze, and evaluate potential risks relevant to each business function.

This regularly held initiative involves the active participation of all work units within the company.

Training Certification
Risk Management BOD – 1

Risk Management Unit

View More

Training Certification Risk Management BOD – 1

June 11-12, 2025

The senior leadership team (BOD-1 level) of PT Gapura Angkasa has successfully completed the Professional Risk Management Training and Certification program.

This intensive program is specifically designed to equip top leaders with the in-depth competence to integrate risk management into strategic decision-making.