Maturity Analysis of Governance, Risk, and Compliance (GRC) Implementation at PT Kimia Farma Trading & Distribution
Abstract
In an era of globalization and increasingly fierce competition, companies in Asia, including Indonesia, face increasingly complex challenges in maintaining and improving their position in the market. Competition with other Asian countries is one of the main factors that encourages companies to continue to adapt and improve their performance. In an effort to face this challenge, company management has developed from conventional concepts to focus on governance, risk, and compliance, known as GRC (Governance, Risk and Compliance). The aim of this research is to determine the maturity of the implementation of Governance, Risk and Compliance (GRC) at PT Kimia Farma Trading & Distribution (KFTD). This study utilized qualitative methods to understand and describe the situation that takes place in the research environment. The analysis began with the coding stage of the data derived from the results of the interviews which had been transcribed into text using a case study approach. The research concludes that the maturity level of Governance, Risk Management, and Compliance (GRC) implementation at KFTD is currently at an early stage, with the integration between governance, risk management, and compliance not yet fully achieved. Although the organizational structure and regulatory compliance provide support, GRC functions are still operating separately, and internal awareness and commitment need to be enhanced. A more mature GRC implementation is necessary to improve operational efficiency, decision-making, and ensure business sustainability. Recommendations for KFTD include strengthening GRC socialization programs, developing an integrated GRC system, increasing management support, conducting regular maturity assessments, and leveraging technology for monitoring and reporting.
Downloads
References
Batenburg, R., Neppelenbroek, M., & Shahim, A. (2014). A maturity model for governance, risk management and compliance in hospitals. Journal of Hospital Administration, 3(4), 43-52.
GRC Forum Indonesia. (2020). Guide to achieving a model of excellence in governance, risk and compliance (GRC): Implementation guidelines for each party that governs, audits, and manages performance, risk and governance (edition 1.0). Jakarta: GRC Forum Indonesia.
Gunawan, RMB (2021). GRC: Good governance, risk management, and compliance. Jakarta: Rajawali Pers.
Krauss, S. E. (2005). Research Paradigms and meaning making: a primer. The Qualitative Report, 10(4), 758-770.
Leininger, M. M. (1985). Qualitative research methods in nursing. Orlando: Grune & Stratton.
Oliva, FL (2016). A maturity model for enterprise risk management. International Journal of Production Economics, 173, 66-79.
Regulation of the Minister of SOEs Number PER-2/MBU/03/2023 concerning Guidelines for Governance and Significant Corporate Activities of State-Owned Enterprises.
Steinberg, R. M. (2011). Governance, risk management, and compliance: It can't happen to us--avoiding corporate disaster while driving success. John Wiley & Sons.
Taufiq, M. (2023). Literacy study on governance, risk and compliance (GCR) and performance. International Journal of Management, Economics and Accounting, 1(2), 248-262.
Law Number 19 of 2003 concerning State-Owned Enterprises.
Wiesche, M., Berwing, C., Schermann, M., & Krcmar, H. (2011). Patterns for understanding control requirements for information systems for governance, risk management, and compliance (GRC IS). In Advanced Information Systems Engineering Workshops: CAiSE 2011 International Workshops, London, UK, June 20-24, 2011. Proceedings 23 (pp. 208-217). Springer Berlin Heidelberg.
