COSO ERM Framework as the Basis of Strategic Planning in Islamic Banking

In digital era, every business entities must prepare a competitive strategy to compete with other competitors. Therefore, this study aims to provide management systems that can assist management in creating a competitive advantage. This study will describe the effect of Enterprise Risk Management (ERM) in strategic planning for Islamic banking use COSO ERM Framework approach. This study uses quantitative analysis method with purposive sampling technique on employees of Bank Syariah Mandiri (BSM) branch offices in DKI Jakarta. Descriptive analysis methods and verification analysis used to test hypotheses and structural models with the Smart Partial Least Square (PLS) program version 3.3.7. The results show that the ERM variable has a positive effect on strategy planning at Bank Syariah Mandiri (BSM). Strategic planning in BSM is 72.5% influenced by the risk management carried out by the company. In the strategic planning, management has made risk management report as a basis for analysis of the internal and external company.


INTRODUCTION
In The COSO Enterprise Risk Management book, Risk is a condition that cannot be predicted, because risk could happen to anyone, anywhere and in any condition (Moeller, 2011). According to Andono & Mellisa (2013), risk is an inherent element in the business activities of an entity as part of business activities. Because risks have a significant effect on targets achieving, which certainly will affect the sustainability of a business, management can anticipate these risks through the application of risk management. Risk management is a strategy carried out to identify, manage and evaluate all risks in an entity (Iswajuni et al., 2018). One of the widely applied risk management approaches in companies is Enterprise Risk Management (ERM).
ERM is an effort of the board of directors, management and employees as a form of corporate strategy arrangement to identify and manage risks in order to achieve organizational or company goals (Pamungkas, 2019). COSO (The Committee of Sponsoring Organization of the Tradway Commissions) compiles a reliable model of internal control framework along with risk and organizational governance. The most recent update in 2017, COSO published Enterprise Risk Management with Strategy and Performance (COSO, 2017). The objectives of ERM in the COSO framework are to ensure the implementation of the predetermined strategy, the effectiveness and efficiency of operational activities, the reliability of a financial report and the compliance with applicable regulations (Zamzami, Faiz;Faiz, 2018). In order to achieve these goals, COSO formulates 5 components of risk management that can be implement within the company's framework, starting from mission, vision & core values, strategy development, business objective formulation, implementation & performance, and enhanced value (COSO, 2017). This component contains the following elements internal environment, objective setting, event identification, risks assessment, risks responses, control activities, information and communication and monitoring processes.
Internal environment is the basis for the formation of company policies, especially risk management policies. The company's internal factors as the internal foundation for ERM are organizational structure, code of ethics, employee competence, authority and responsibility to human resource standards. The risk management objectives (Objective Setting) established by the company must include operations, reporting and compliance activities. These goals must be appropriate and support the achievement of the company's vision, mission and goals. Management identifies events to detect any indication of risk in the company's operational activities (Event Identification). After identifying, management conducts a risk assessment of potential events based on the level of likelihood and impact. The results of this assessment are the basis for providing a response (Risk Response) in the form of activities that the company will take to minimize these risks (Control Activities). These activities will be applied to all parts of the company (Information & Communication). The monitoring process is carried out thoroughly and routinely to minimize the occurrence of unexpected things during the implementation of control activities (COSO, 2017). Implementation of ERM in an organization will be able to maintain sustainability to increase the company value. This statement is in line with the research results conducted by Aditya & Naomi (2017), Iswajuni et al. (2018) and Pamungkas (2019) which states that ERM implementation have a significant positive impact to company value. The empirical results also state that implementation ERM can increase firm value by 3.6%-17% higher than companies that do not implement ERM. This can encourage various business groups of the importance of implementing ERM in managing risk. ERM is able to minimize the occurrence of risks that can hinder the implementation of company strategies. Based on Tjahjadi (2011) research, the risk management system has a positive effect on strategic planning. Thus, if the company sets a high risk strategy, it must be balanced with an integrated risk management system as a guarantee during the implementation process.
Top management sets goals and competitive strategies to achieve the company's vision, mission and goals. Strategy is a part of potential resource management carried out by management with long-term goal orientation. Strategic planning is the process of determining the programs that the organization will implement by estimating the amount of resources that will be allocated to each long-term program over the next few years. The strategic planning stages in the Strategic Management: Your Concepts Cases book are the vision and mission development, environmental analysis, long-term goals setting, collecting alternative strategies and establishing specific strategies (David, Fred R;David, 2015). Therefore, the strategic planning process is an important process in maintaining business continuity and in creating a competitive advantage.
In this digital era, to be able keep up with FinTech startups, both conventional and islamic banks must be able to adapt with developments in information technology. This is why the banking sector, especially Islamic banking, needs a strategy that can increase its competitive advantage in the fierce business competition. OJK Regulation No. 65/ POJK.03/2016 concerning The Implementation of Risk Management for Islamic Commercial Banks and Islamic Business Units states that risk in the scope of Islamic banking is a potential loss that arises as a result of certain events (Otoritas Jasa Keuangan, 2016). PT Bank Syariah Mandiri (BSM) requires an integrated management system to support efforts to build competitive advantage, one of which is through strategic management. Strategic management can assist companies in gathering trends, analyzing internal & external factors, and planning strategies to face current competition. In the strategic planning stage, the risk management report is used as a reference in the company's environmental analysis process. Risk management reports make it easier for management to analyze internal and external factors and create anticipatory steps to mitigate risks and threats related to the strategy that the company will set. Tjahjadi (2011) research on the relationship between risk management systems and strategy and their impact on organizational performance, in teory proves that risk management has a positive effect on corporate strategy. Also supported by Jureid (2016) research, describes the risk management process in determining strategies to detecting problematic financing at Bank Muamalat Sub-Branch Offices Panyabungan. However, Jureid (2016) research was only conducted at one Mualamat Bank branch office. Based on these reviews, this study is expected to be able to re-illustrate how risk management affects the strategy of other companies. The difference between this study and the previous research is in the research object, this study was conducted at all branch offices of Bank Syariah Mandiri (BSM) operating in DKI Jakarta. Another difference is in the data collection techniques and data analysis methods. In the previous research, data collection carried out through observation and interviews with qualitative analysis methods, while this study uses questionnaires by google form and observation with quantitative analysis methods. Supported by the Smart PLS data processing application and the Enterprise Risk Management (ERM) Integrated Framework approach by COSO, the results of this study are expected to provide an overview of the influence of risk management during the strategic planning process in order to create competitive advantage in the digital era.

Risk
In The COSO Enterprise Risk Management book, risk is the possibility of an event that can affect the achievement of organizational goals (Moeller, 2011:31). Meanwhile, according to the Big Indonesian Dictionary (KBBI), risk is all possible events that could harm the company. Risk is a possibility that could do harm because it is based on doubt or uncertainty. Risk is the possibility of a result obtained but deviates from what is expected (Hanafi, 2014

Enterprise Risk Management (ERM)
According to COSO in its executive summary, Enterprise Risk Management (ERM) is a process that involves the entire entity, starting from the board of directors, managements, and other officers. It applies the strategy formulation of the entire company and designed to identify potential events that can impact the entity and manage risk at the desired level to provide reasonable assurance in order to achieve the objectives of the entity (COSO, 2017). In mission, vision & core values component, governance sets the organization's tone, reinforcing the importance of, and establishing oversight responsibilities for, enterprise risk management. Culture pertains to ethical values, desired behaviors, and understanding of risk in the entity. The internal foundation components of ERM consist of organizational structure, code of ethics, performance targets, authorities and responsibilities, and HR standards (COSO, 2017).
Strategy development component explain how enterprise risk management, strategy, and objective-setting work together in the strategic-planning process. A risk appetite is established and aligned with strategy; business objectives put strategy into practice while serving as a basis for identifying, assessing, and responding to risk. Through ERM framework, COSO recommends that a company should define its operating, reporting, and compliance objectives to its mission statement. Through an understanding of risk will enable the company to develop an effective approach of risk assessment. Every company should develop a mission statement and then have some formal goals to achieve the mission (COSO, 2017).
In business objective formulation component, risks that may impact the achievement of strategy and business objectives need to be identified and assessed. Risks are prioritized by severity in the context of risk appetite. The organization then selects risk responses and takes a portfolio view of the amount of risk it has assumed. The results of this process are reported to key risk stakeholders. In this component include event identification, risk assessment and risk responses element. (COSO, 2017).
Implementation & Performance component can review entity performance, an organization can consider how well the control activities are functioning over time with the substantial changes. COSO ERM defines control activities as the policies and procedures required to ensure that identified risk responses are carried out. The components of the COSO ERM control activities must be related to the components of the risk response. After selecting the appropriate risk response, company management must select the control activities necessary to ensure that the risk response is carried out in a timely and efficient manner (COSO, 2017).
In Enhanced values component include information, communication and monitoring element. Enterprise risk management requires a continual process of obtaining and sharing necessary information, from both internal and external sources, which flows up, down, and across the organization. Relevant information is identified, captured and communicated formally and accordingly to a predetermined time so that people can know their responsibilities. Meanwhile, effective communication is a communication that widely spread, flowing downward and upward the entity, thoroughly (COSO, 2017).

Strategic Planning
Strategy represents the decisions and actions made by top management to be implemented by all levels of the company in order to achieve company goal (Siagian, 2016). Strategy affects the long-term sustainability of a company, usually at least five years, thus the strategy is oriented towards the future (David, Fred R;David, 2015 : 43). Strategic management is a series of decision-making processes in which there are activities to determine the short-and long-term success of the company. These activities consist of planning, implementing, and evaluating strategies (David, Fred R;David, 2015). Strategic planning is the process of deciding which programs the organization will implement and the estimates amount of resources that will be allocated to each long-term program over the next few years. In the Strategic Management Concept and Cases book, strategic planning consists of vision & mission developing, external environmental analysis, long-term goals determining, alternative strategies forming and competitive strategies determining.
Vision is a long-term goal of the company, while mission describes the values and priorities of the company, this is the basis for strategic planning (David, Fred R;David, 2015 : 169). Era revolution to technologies requires companies to review and develop the company's vision and mission. Environmental analysis is able to identify and evaluate the company's strengths, weaknesses, opportunities and threats. Environmental analysis is carried out to identify factors that can influence the planned strategy. The documents needed in environmental analysis are company performance reports, risk management reports and other supporting reports. The results of this analysis are the basis for the determination of the company's long-term goals. When long-term goals have been established, management should consider alternative strategies. This alternative strategy is then analyzed to produce a specific strategy to be implemented. The result of strategic planning is a strategic plan, which is information about the programs that the company will carry out in the future (Badrudin, 2013). [26]

The Effect of Enterprise Risk Management (ERM) on Strategic Planning
The strategic planning process consists of determining organizational goals to managing company resources in creating competitive advantages to achieve organizational goals. The management needs to analyze the company's environment, both internal and external, to anticipate risks that can disrupt the implementation of the company's strategy. Risk Management is the foundation of the company's strategy. Implementation of ERM is able to facilitate management in analyzing internal and external factors and creating anticipation steps for risks, so the risk management reports can be used as a reference in the strategic planning. Strategic planning should be balanced with an integrated risk management process to minimize failures in implementing corporate strategy. Tjahjadi (2011) proves empirically that strategy has a moderating effect on the relationship between risk management and company performance. Improved company performance is the result of implementing a corporate strategy with a reliable risk management system. A strategy with a high level of risk, if balanced by reliable risk management, can improve organizational performance (Lestari, 2013). Sahla (2018) states that the implementation of integrated risk management is an obligation for Islamic banking in the context of implementing good corporate governance. Integrated risk management is a system that capable to managing risks proactively, such as mitigating identified risks to ensure that these risks do not re-emerge and interfere with the achievement of corporate strategies. Rivai & Arifin (2013) states that the application of risk management is able to improve the method up to the strategy-setting process to increase the achievement of bank performance (Fasa, 2016). Identification process to risk assessment, can assist strategic managers in determining bank strategies to improve bank performance both financial and non-financial performance, especially in Islamic banks (Nair et al., 2014). Based on these reviews, the hypotheses of this study is as follows:

METHODS, DATA, AND ANALYSIS
PT Bank Syariah Mandiri (BSM) is the research object and the Main Branch Office of PT Bank Syariah Mandiri (BSM) in DKI Jakarta is the population of this study. This study uses purposive sampling method in determining samples. BSM has 595 branch offices in Indonesia, by considering time, distance and eventual cost researchers determined 21 main branch offices operating in DKI Jakarta as research samples. To monitoring the operational activities of all branch offices, BSM uses an application named SIMRIS (Syariah Mandiri Risk Information System). Information provided by the application is complete and up-to-date regarding the branch office operations services, risk profiles and risk mitigation efforts. Therefore, the subjects of this study are those who have full responsibility in the operational activities of the branch office, such as the Branch Manager and the Operations Manager. Since the number of respondents for each branch office is 2 employees, so the total respondents of this study were 44 respondents. Due to the covid-19 virus pandemic, which has an impact on the data collection process, an alternative for the data collection process is by distributing questionnaires using Google form. Regarding the closure of 4 main branch offices due to the covid-19 pandemic in April, 2020, the sample of this study are 17 main branch offices that still operating with total respondents of 34 employees.
Primary data of this study obtained from questionnaires that distributed to branch office employees, while secondary data obtained from annual reports and the company's website. The questionnaire measured using Likert Scale. The Likert Scale is used to develop instruments to measure attitudes, perceptions and opinions of a person or groups on the potential and problems of an object (Sugiyono, 2015). The research data analysis technique uses quantitative analysis, where descriptive and verification analysis processed using the Smart Partial Least Square (PLS) program version 3.3.7. The independent variable of this study is the Enterprise Risk Management (ERM), measured by the implementation of ERM components in the company's risk management system. While the dependent variable is the Strategic Planning, measured by the steps of strategic planning process that implemented by the company. The strategic planning process is carried out simultaneously with the implementation of the "Muhasabah" activity at the end of each year. The agenda of this activity is to review the company's mission and vision, evaluate the achievement of company goals and targets, to formulate strategies for the future. Descriptive analysis conducted to explain the research hypotheses, which is the effect of ERM implementation in the strategic planning process.

RESULTS
The data to be processed is the result of distributing questionnaires via Google Form which came from 34 respondents. The data is further classified based on gender, age and education level. If classified based on gender, the respondents of this study consisted of 19 male employees and 15 female employees. Based on age, research respondents were dominated by respondents who were in the age range of 30-35 years with a total of 16 people. Followed by 12 respondents in the age range 26-30 years and 6 respondents in the age range 35-40 years. Meanwhile, based on education level, respondents are dominated by employees who have an educational background at the bachelor (S1) level and have an educational background from the Faculty of Economics. After classified, the questionnaire data is processed based on the variables of research. The following is an explanation the results of the research questionnaire data processing: Based on measurements using the Likert scale, these results show Bank Syariah Mandiri (BSM) has implemented each component within the COSO Enterprise Risk Management (ERM) framework. This can be seen from the points obtained by all ERM components, where almost all components have points above 3.0. The Internal Environment is reflected in the re-organization of the organization to the updating of the code of ethics, performance targets, authority & responsibility and Human Resource (HR) standards through "Muhasabah" activities routinely carried out by BSM. In determining the risk management objectives (Objective Setting), BSM considers several factors, including the company's potential resources, strategy, and the potential events that will occurs. The process of monitoring internal and external factors is carried out to improve the reliability of risk management to face the increasingly fierce business competition.

Enterprise Risk Management (ERM)
The risk identification process (Event Identification) is carried out by BSM through regular monitoring of certain internal and external factors ranging from operational activities, including internal document archives, interest rates, exchange rate inflation, changes in legislation to current events. After identifying, BSM will conduct an assessment of these risks based on the applicable laws and regulations (Risk Assessment). There are other factors that are taken into consideration in assessing a risk, including the level of likelihood and impact of the risk. BSM will respond to risks in accordance with the Risk Tolerance contained in POJK No. 65 / POJK.03 / 2016 concerning The Implementation of Risk Management for Islamic Commercial Banks and Islamic Business Units (Risk Response). BSM also establishes a Risk Appetide policy to obtain a final decision regarding a control plan that can be carried out to minimize these risks (Control Activities).
After deciding on the plan, BSM provides information on the implementation of control activities to all parties concerned (Information & Communication). Supervision (Monitoring) of the implementation of control activities is carried out periodically, to minimize miss-communication and obstruction of risk management objectives. All information related to risk management carried out by Bank Syariah Mandiri (BSM) is contained in an application named SIMRIS (Syariah Mandiri Risk Information System). Based on measurements using the Likert scale, these results show seen that all components in strategic planning has points above 3.0 which illustrates that the strategic planning carried out by Bank Syariah Mandiri (BSM) starts from the process of developing the vision & mission to producing a competitive strategy. BSM has an activity called "Muhasabah", in which the agenda in this activity includes reviewing vision & mission to determining company strategy. In this activity, the discussion will start from the results of the company's internal environmental analysis, such as the internal strengths possesses to the company's performance. Furthermore, it will discuss the results of the company's external environmental analysis, starting from the results of business opportunity analysis to identifying the expectations and needs of stakeholders. The analysis of internal and external factors is supported by a risk management performance report. The results of the analysis are evaluated together to produce several long-term strategies. In determining competitive strategies, BSM also involves its employees to participate in conveying creative ideas as a form of alternative strategies. Based on these results, it can be seen that the AVE value obtained has met the criteria for convergent validity, which has a value above 0.50 for all indicators with the construct, where Enterprise Risk Management (ERM) has an AVE value of 0.580 while Strategic Planning is 0.573. Through this value, it can be concluded that all constructs have a fairly high level of validity or validity discrimination, because they have met the criteria. From the value of the composite reliability (rho_A), the Enterprise Risk Management (ERM) construct shows a value of 0.950 while Strategic Planning is 0.930. Based on these two things, it can be concluded that the results of this study are reliable because they have a high level of reliability. The Enterprise Risk Management (ERM) construct with a Cronbach's Alpha value of 0.942 and Strategic Planning of 0.916. Because the value of all constructs has shown a value above 0.7, it can be concluded that the research results cannot be trusted to have a high level of reliability. The value of R Square is the coefficient of determination in the endogenous construct. It can be seen in Table 2 which shows the value of R Square (R 2 ) for the endogenous construct (Strategic Planning) is 0.725. This shows that the influence of the Enterprise Risk Management (ERM) on Strategic Planning is 72.5% and the remaining 27.5% is influenced by other variables outside of this research model. At a value of 0.725, it can also show a strong and valid relationship because it has an R Square value of more than 0.67. Based on Table 3, it shows the Q 2 result of 0.386. It can be concluded that the Enterprise Risk Management (ERM) has a large predictive relevance value for the Strategic Planning. Path coefficient is the value of the path coefficient, where if the resulting value between the latent construct and the endogenous construct is positive, then there is a positive relationship and vice versa. It can be seen in Table 4 in original sample colomn which shows that the Enterprise Risk Management (ERM) construct has a positive value of 0.851 towards the endogenous construct (Strategic Planning). It can be concluded that latent constructs have a positive effect on endogenous constructs. Table 4 shows that based on the results of the bootstrapping calculation, the original sample value is 0.851, which shows that there is a positive influence from Enterprise Risk Management (ERM) on Strategic Planning. The better the implementation of Enterprise Risk Management (ERM), the better the Strategic Planning of Bank Syariah Mandiri (BSM) will be. When viewed from the t-statistic column, the relationship between Enterprise Risk Management (ERM) and Strategic Planning shows the number of 23,439. This figure shows a greater value when compared to the t-table criteria, which is 23,439 > 1.96 with a p-value of 0.000 lower than the p-value criterion which should be 0.000 < 0.05. It can be concluded that the Enterprise Risk Management (ERM) has a positive effect significant on Strategic Planning.

DISCUSSIONS
If analyzed further, the strategic planning process in "Muhasabah" activities contains the influence of the ERM component, such as the Internal Environment. In supporting the retail business strategy, BSM decides to separate the duties of the Retail & Wholesale Financing Division into 2 (two) divisions, which is the retail financing risk restructuring & recovery division and the wholesale financing restructuring & recovery division. This separation of duties is carried out as an effort to improve risk management that occurs during the implementation of the retail business strategy. Meanwhile, other components of the internal environment are reflected in updates to the code of ethics, performance targets, and the duties and responsibilities of employees through regular meetings that are held annually. This renewal is carried out by considering internal factors and external factors as a form of support for the achievement of the human capital strategy.
"Muhasabah" activities also reflect the influence of the Objective Setting component in strategic planning. Where this activity does not only result in decisions related to competitive strategies, but rather regarding risk management objectives implemented by BSM. The risk management objectives must be adjusted to the competitive strategy set by BSM because BSM has established a retail business strategy, digital banking strategy, and human capital strategy as a competitive strategy for the next period. BSM risk management division is now prioritizing efforts to minimize the risks that arise in relation to these three strategies. The risk management objectives will determine what risk management procedures will be carried out for each strategy.
To achieve the objectives of risk management, BSM performs core risk management procedures, such as the process of Risk Identification, Measurement, Control and Monitoring. This core procedure is carried out by BSM in accordance with POJK No. 65 / POJK.03 / 2016 concerning Application of Risk Management for Islamic Commercial Banks and Islamic Business Units. In implementing this core risk management procedure, BSM is assisted by the SIMRIS (Syariah Mandiri Risk Information System) application to detect and deliver risk mitigation efforts that occur during the implementation of the competitive strategy. Tjahjadi (2011) proves that risk management has an effect on the implementation of business strategies. Risk management is able to detect the slightest risk that can obstruct the achievement of business strategies.
Risk identification procedures are carried out by BSM to detect risks that obstructs the implementation of competitive strategies. This process is carried out for operational activities, transaction document archives, and other internal factors related to competitive strategies. Fasa (2016) explains that in Islamic banking there are at least 6 (six) things that are the object of risk identification process, including the financing transaction process, management process, human resources, technology, external environment and damages. BSM compares competitive strategy with regulatory changes to potential events taking place. In implementing the retail business strategy, BSM identifies risks that obstruct the implementation of the strategy's operational activities. This procedure applies to the other two strategies. This risk identification procedure illustrates the influence of Event Identification components in strategic planning.
After the risk is detected, retail risk staff conducts an assessment of these risks based on measurement standards recommended by applicable regulations. Ramadiyah (2014) states that the risk assessment method used by Islamic banking must also be related to the type, scale and complexity of business activities, the ability of the data collection system, as well as the ability of the board of directors and related executives to understand the limitations of the final results of the risk measurement system used. BSM through the monitoring of the level of occurrence (likelihood), the impact, to the other indicators related to the implementation of the three strategies. For example, measuring market risk in retail business strategy, BSM takes measurement using the standard method in accordance with SEOJK No.35 / SEOJK.03 / 2015 concerning Calculation of Risk-Weighted Assets for Market Risk. Through this Risk Assessment procedure, it proves the influence of the ERM component in strategic planning.
The influence of other ERM components is reflected when BSM adjusts its risk tolerance level on the results of risk assessment based on POJK No. 65 / POJK.03 / 2016. BSM sets the risk appetide as a sign that the risks associated with the retail business strategy can be minimized. Risk appetide is the basis for the formation of risk mitigation activities for each strategy. The basis for consideration of risk appetide is internal and external factors that affect the implementation of a strategy. In the retail business strategy, BSM considers internal & external factors that influence the implementation of this strategy such as market share growth. This activity is a form of implementing the Risk Response component in supporting strategic planning.
Control activities are risk mitigation efforts carried out by BSM with the aim of minimizing the emergence of risks in the implementation of a strategy. Examples of control activities carried out by BSM are periodic stress testing of market risk & liquidity. This risk control activity is carried out by BSM to minimize risks that occur during the implementation of the retail business strategy. The implementation of workshops to certification of expertise is also part of control activities carried out to minimize operational risks in order to support the implementation of the human capital strategy. These activities are a form of the influence of the Control Activities component in the company's competitive strategy planning.
The process of delivering information and monitoring risk management is carried out using the SIMRIS (Syariah Mandiri Risk Information System) application. BSM informs the strategy and its control activities to be implemented by all parts of the company through this application. For example, the retail business strategy, BSM provides information about the strategy and its risk mitigation, such as stress testing for market & liquidity risk. Risk monitoring and strategy implementation are carried out directly by the retail financing risk restructuring & recovery division and digitally through the SIMRIS application. SIMRIS is the evidence of the influence of the Information & Communication and Monitoring components in strategic planning.

Conclusion
The conclusions of this study on the implementation of Enterprise Risk Management (ERM) as a basis for Competitive Strategy Planning in Islamic Banking (Case Study of Bank Syariah Mandiri) is that the Enterprise Risk Management (ERM) has a positive effect significant on Competitive Strategic Planning. This can be seen from the strategic planning activities carried out by Bank Syariah Mandiri (BSM) containing components of the risk management process. Bank Syariah Mandiri (BSM) has always been consistent in increasing the company's excellence through strengthening Risk Management. According to Bank Syariah Mandiri (BSM), Risk Management has a dual role in achieving corporate strategy, which is as the basic foundation in strategic planning as well as the protection during the implementation of the company's competitive strategy.

Limitations and Suggestions
This research is expected to provide an overview for business groups, especially in creating a competitive advantage. The risk management system can be used as a reference in the strategic planning process both from the implementation results report and the procedures. Risk management reports can provide an overview of opportunities, threats and steps to anticipate risks that can hinder the achievement of company goals, while the ERM implementation can protect the company's strategy from threats and other business disruptions.
This study has several limitations, especially in the data collection process. First, due to covid-19 virus pandemic, research data only obtained from the distributed questionnaires results conducted using Google form and also from the annual reports and company websites as the supporting information. Furthermore, the research sample has only 34 respondents from 17 main branch offices that are still operating in DKI Jakarta during the covid-19 pandemic, while the total branch offices of Bank Syariah Mandiri registered in DKI Jakarta are 21 branches. Therefore, next research is expected to follow up with different objects but still in the same industrial sector, or by using the same object but with different research methodologies or expanded sample.