Risk management for food and beverage industry using Australia/New Zealand 4360 Standard

This research aims to identifying, measuring and establishing risk in food and beverage industry. The risk management is implemented by referring to Australia/New Zealand 4360 Standard which has four phases such as problem formulation, risk analysis, risk characterization, and risk management. The implementation of risk management is done by case study at Back Alley Café. Based on the risk identification result, there are 59 risks were found in Back Alley Café. The risk identification is conducted based on observation and interview with the café manager who understand the condition of Back Alley Café properly. Based on the assessment of impact and probability, the risk mapping produced four risks at extreme level, 16 risks at high level, 24 risks at medium level, and 18 risks at low level. The strategy was designed as the risk mitigation after the risk mapping for the extreme and high level. The strategy which is given as the prevention or treatment of risk in Back Alley Café is divided into three. There are reducing the risk, sharing the risk and accepting the risk. The strategy is then implemented for each relevant activities.


Introduction
According to [2] risk management is defined as a process related to identification, analysis, response to uncertainty including maximizing the outcome of positive events and minimizing the impact of reverse events. The coordinated effort to direct and control the company against the risks in conducting business activities, is expected to reduce the potential loss as low as possible or if possible utilize the risk into opportunities that can increase corporate profits. In the absence of risk management, the risks that may occur will have an impact on the company itself. Risk management is a process of identifying, measuring risks, and forming strategies for managing them through available resources. The existence of risk management will assist the company in making decisions of any existing risks, so that the impact that will adversely affect the company can be minimized or even eliminated. This research discusses the understanding of the risks gained to make decisions about the next steps to be taken, where the decisions include risks that requiring risk management, which risk management activities should be undertaken, and which risks need to be prioritized in risk management.

Risks Management
According to [2] risk management is defined as a process related to identification, analysis, response to uncertainty including maximizing the outcome of positive events and minimizing the impact of reverse events. The risks involved in identifying and evaluating project risks, consider what to do with the impacts, the possibility of transferring risk to others, or how to mitigate risks. Risk management has the ultimate goal of limiting the likelihood of risk occurrence and the impact of negative project activities.

The Benefit of Risks Management
According to [2] the benefits of risk management given to the company can be divided into five main categories: • Risk management may prevent the company from failure.
• Risk management directly supports the increase in profit.
• Risk management can deliver earnings indirectly.
• The peace of mind for managers caused by protection against pure risk, is a non-material treasure for the company. • Risk management protects firms from pure risk, and since customer and supplier creditors prefer a protected company it indirectly helps improve the public image.

The Process of Risks Management
According to [1] the main procedures for risk management are four, among others: The process of evaluating the suspicion of why an effect on a project that has already occurred, or that can occur from human activities. This stage is the initial stage of the overall project risk assessment. Some of the main things in the formulation of the problem include: • Identify and describe the problem • Collect and integrate available information • Develop a conceptual model of problems • Develop a risk analysis plan 2.3.2. Risk Analysis. [1] describes that risk is a possibility of an undesirable event that will affect an activity or object. The risk is measured in consequences (impact) and likelihood (possibly). Likelihood is a possibility within a period of time that a risk will arise. Consequence is an event of a consequence such as a loss (impact caused). Risk calculation can be formulated as multiplication of Likelihood with Consequence as in the following formula: As in table 1, the assessment of likelihood is divided into 5, ie, almost certain, likely, moderate, unlikely, and rare. As for the assessment of consequences, as shown in table 2, the assessment is divided into 5, ie, insignificant, minor, medium, major, and catastrophic. From these five risk analyzes, there are four levels of risk: Extreme, High, Medium, and Low, which will be described in

Risk Characterization.
Risk characterization is the last step of a risk assessment, ie to determine the level of risk of an event. This level of risk can be determined by grouping or classifying likelihood and consequences values into a risk metrics. Having known the value of existing consequences and likelihood, can be plotted on Risk Metrics to find out how high the risk will be generated.

Risk Management.
[1] "Risk Management" explains that the implementation of risk management is conducted to understand the risks obtained in the risk analysis phase to make decisions on the next steps to be taken, where the decisions include risks that requiring risk management, which risk management activities should undertaken, and which risks need to be prioritized in risk management. According to [1] "Risk Management" there are several types of ways to manage risk: • Risk avoidance is to decide not to engage in risky activities at all. The decision-making process is conducted by considering the potential benefits and potential losses generated by an activity. • Risk reduction is also called risk mitigation is a method to reduce the possibility of a risk or reduce the impact of damage generated by a risk. • Risk transfer is to transfer the risk to other parties, generally through a contract (insurance).
• Risk deferral is the impact of a risk is not always constant. Risk deferral involves delaying the aspect of a project to the point where the probability of occurrence of the risk is small. • Risk acceptance, although certain risks can be eliminated by reducing or transferring them, but some risks must remain accepted as an important part of the activity.

Research Method
This study will be carried out through some stage to analyse the risks as described above, such as identifying activities, identifying risks, setting the scale and risk criteria, assessing the impact and the probability of risk, risk evaluation and final step is to determine the acknowledgment of each risk.

Data Collection
The required data were collected through interview and questionnare. Interviews are conducted on the parties directly related to the project for validation. Questionnaires were made to obtain primary data based on existing parameters, so that the data obtained is relevant to the purpose of the study.On the determination of the evaluator will be set manager and some owner of Café Back Alley. The evaluator will be the source of the interview to obtain the company's data related to the research, the risk identification process, and to be the respondent in assessing the risks identified. The determination of this evaluator is done with the assumption that the selected evaluator knows in detail the condition of Café Back Alley.

Risk Identification
Risk identification is done by analyzing the business activity of each business process. From each activity there is a deeper understanding to identify the risks that exist in each activity. These identified risks were the result of interviews with evaluators at Café Back Alley and amounted to 59 risks. The 59 risk shown in Appendix 1.
Here are examples of existing risks based on business activity: Table 4. Risk Identification.

Business Activity Possible Risks No Risk
Conducting production process (cooking) Not available or lack of raw materials used in the production process R.01 The equipment used in the production is damaged thus disrupting the production process R.02 Work accident in kitchen area or bar R.03

Determination of Criteria for Impact and Probability
The determination of the criteria in the risk assessment to be performed refers to [1]  into four criteria, namely, financial, reputation, customer satisfaction, and production processes. The criteria of risk impact assessment can be seen in table 5. Table 5 shows the risk probability criteria with qualitative and quantitative description of criteria.

Risk Evaluation
After assessing each of these risks, a risk evaluation is conducted by mapping risk into the metrics according to its impact and probability values. For this mapping do the rounded up. Metrics creation aims to determine the level of each identified risk. Determining the level of risk will be useful to determine the treatment of risk. The level of risk in the risk matrix consists of low, medium, high, and extreme. Then the risks that fall into the high and extreme levels will be given risk treatment or mitigation. Overall, risk mapping can be seen in table 7. There was a delay in the production process> 30min The production process cannot be done Risks with extreme risk levels are risks that require very serious concern for the company. Just like the risks at the high level, these risks have a considerable impact on corporate activity and high probability. This risk becomes the company's top priority that should be treated as soon as possible. Based on the results of risk assessment, there are four risks that fall into the extreme risk.

Determination of Risk Treatment.
After evaluating the risks and getting risks falling into the high and extreme levels, further analysis of the treatment strategy will be performed in accordance with each of these risks. Some examples of risk treatment can be seen in Table 8.

Conclusion
In accordance with the purpose of research and the results of the analysis conducted, the following conclusions are obtained: • Based on the business activities in the café Back Alley has identified 59 risks overall. The risks are then mapped into the metrics according to the value of impact and its probability value. Risk mapping produces four risks at the extreme level, sixteen high risk risks, 24 medium-level risks, and eighteen risks at low levels. • The impacts resulting from the likelihood of risk are divided into four parts, namely, financial, reputation, customer satisfaction and production processes. The financial impact itself is divided into three parts that include losses from initial capital, expenses that exceed the budget, and revenue is below the target. For reputation impacts include bad publications from internal to external that will affect the company's image. The impact of customer satisfaction involves customer dissatisfaction with product and service quality. The impact of the production process involves the unavailability of goods causing delays to the production process. • Strategies that can be provided as a form of risk prevention or treatment at Café Back Alley are divided into three that is, reducing risks, sharing risks, and taking risks. The choice of strategy is tailored to the associated risks applied with the relevant form of effort.

Suggestion
In this research, risk identification is done without taking into account the level of employees. Meanwhile, in reality in the café business, there are some employees who play an important role to influence the operational risks café. So in the next research can be done research by taking into account the level of employees in risk identification. Subsequent research can also be continued and complemented by measuring the success rate of risk management at Café Back Alley and making proposals of monitoring and controlling design to improve the effectiveness of risk management implementation at Café Back Alley.
Appendix A. Risk Identification.

Business Activity Possible Risks No. Risk
Conducting production process (cooking) Not available or lack of raw materials used in the production process R.01 The equipment used in the production is damaged thus disrupting the production process R.02 Work accident in kitchen area or bar R.03 Setting up and controlling product quality The quality of the product provided does not match the customer's expectation R.04 There are some things that are missing in the control of product quality R.05 Maintain personal hygiene and tidiness in production Employees ignore personal hygiene and tidiness in production R.06 Cleaning the cooking area (kitchen / bar) Ignoring the cleanliness of the cooking area due to heavy production R.07 Order raw materials to the purchasing division as inventory Order quantity or type of goods ordered wrong (too many or few) R.08 Ensure availability of raw materials to be purchased for production purposes Error forecasting amount of raw material to be ordered R.09 Error calculating the amount of raw materials available R.10 Controlling in and out of raw materials There are customer characteristics that are not taken into account in customer satisfaction assessments R.45 Monitor order acquisition and summarize forecasts to ensure production capacity is optimally filled Error in forecasting R.46 The existence of changes in customer trends affecting forecasting R.47 Analyze and develop marketing strategies to increase the number of customers and areas in accordance with the specified target The strategy is less successful in attracting the target market R.48 Planning the utilization of existing human resources to be effective and efficient Inefficient labour force (too many or few) R.49 Planning is not in accordance with the practice in the field R.50 Ensure that all activities in all areas work well The occurrence of things beyond the sudden planning and effect on service R.51 Monitor any incidents that occur inside or outside of outlet-related outlets