JURNAL BINA PRAJA
Journal of Home Affairs Governance ARTICLE From Compliance to Governance Capability Evaluating the Effectiveness of Risk Management Policy in the Provincial Government of East Kalimantan Didik Bagus Setiawan uO.
Aji Ratna Kusuma .
Bambang Irawan Postgraduate Program in Public Administration.
Mulawarman University.
Samarinda.
Indonesia uO goes.
gove@gmail.
Citation: Setiawan.
Kusuma.
, &
Irawan.
From Compliance to Governance Capability: Evaluating the Effectiveness of Risk Management Policy in the Provincial Government of East Kalimantan.
Jurnal Bina Praja, 17.
https:// org/10.
21787/jbp.
Submitted: 15 June 2025 Accepted:
2 July 2025 Published: 29 August 2025 A The Author.
This work is licensed under a Creative Commons Attribution-NonCommercialShareAlike 4.
0 International License.
Abstract: Risk management in local government is increasingly positioned as a strategic instrument for strengthening governance, integrity, and the quality of public decision-making.
However, various studies show that increased regulation and maturity of risk management systems do not always translate into substantive improvements in governance and behavioral risk control.
This study aims to analyze the effectiveness of risk management policies in the East Kalimantan Provincial Government by examining the suitability of policy design, variations in implementation across regional institutions, and their impact on governance and government integrity.
The study uses a qualitative, descriptive, evaluative approach through case studies of four strategic regional institutions.
Data was collected through in-depth interviews, limited participant observation, and document analysis.
Data was analyzed using an interactive model.
The results of this study indicate that the risk management policy in the East Kalimantan Provincial Government is normatively aligned with international standards and has successfully increased the maturity of the internal control system.
However, the policy's effectiveness still varies across regional agencies and has not fully strengthened integrity, as reflected in the paradox between increasing system maturity and decreasing corruption control effectiveness.
This finding confirms that risk management has not been fully internalized as a culture and strategic decision-making instrument.
In conclusion, strengthening risk management requires a shift from an administrative compliance approach to a reflective, integrated policy-learning approach.
It is also recommended that policies be more directed at strengthening risk leadership, the role of the Inspectorate as a risk enabler, integrating risk into planning and budgeting, and developing a risk-aware culture, particularly across regional agencies within the East Kalimantan Provincial Government.
Keywords: Risk Management.
Governance.
Policy Evaluation.
Government Internal Oversight System (SPIP).
Risk Governance.
East Kalimantan Province.
JURNAL BINA PRAJA
Introduction In modern governance, risk management is recognized as a strategic tool for addressing uncertainty, safeguarding public value, and enhancing the quality of policy decision-making.
Risks in the public sector are not only technical-operational, but also encompass policy, integrity, and reputation risks that directly affect government performance and public trust.
Strengthening risk management within the regional government bureaucracy is normatively integrated into the Government Internal Control System (SPIP) as stipulated in Government Regulation No.
60 of 2008 and reinforced by Regulation of the Financial and Development Supervisory Agency No.
5 of 2021 concerning the Maturity Assessment of the Implementation of the Integrated Government Internal Control System in Ministries/Institutions/ Regional Governments.
The existence of this regulation serves as an impetus for regional governments to adopt a systematic risk management approach In this context, risk management is increasingly seen as an integral part of good governance, rather than merely an administrative instrument or regulatory compliance obligation (Devaney, 2016.
Gattie, 2.
Several studies have shown that risk management in local governments has advanced through regulations, institutional structures, and formal procedures.
However, this progress has not always been directly proportional to improvements in governance quality and integrity, as risk management is often practiced as an administrative obligation, rather than as a strategic instrument for decision-making and organizational learning (Irianto & Amirya, 2024.
Rahmawati et al.
, 2.
The East Kalimantan Provincial Government provides a relevant empirical context for examining these dynamics.
As a region with high development complexity and a strategic role in national development, the East Kalimantan Provincial Government faces a variety of policy, fiscal, and public service risks.
Normatively, the East Kalimantan Provincial Government has issued Governor Regulation No.
70 of 2020 concerning Guidelines for Risk Management and Risk-Based Internal Supervision within the East Kalimantan Provincial Government and has consistently assessed the maturity of the SPIP (Institutional Risk Management Syste.
and the Institutional Risk Maturity (MRI).
However, several governance indicators, particularly the effectiveness of corruption control, show dynamics that do not always align with improvements in system maturity.
This phenomenon raises critical questions about the extent to which implemented risk management is truly effective in strengthening the integrity and quality of regional governance (Mulyono, 2020.
Widiyastuti & Winarna, 2.
The main problem that arises lies not in the absence of regulations, but rather in the gap between policy design and implementation practices.
The literature confirms that the effectiveness of risk management is greatly influenced by the quality of leadership, organizational culture, and the role of internal oversight actors.
When risk management is understood solely as a reporting obligation, organizations tend to experience symbolic compliance, that is, procedural compliance without substantive behavioral changes (Hubbard, 2020.
Praise & Rapina, 2.
In this context, many local governments experience conditions where the internal control system appears to be strong formally but is not yet capable of preventing integrity risks and policy failures substantively.
From a theoretical perspective, the study draws on the grand theory of governance, which views risk management as part of efforts to improve public sector accountability, effectiveness, and productivity (Halachmi, 2.
At the middle- From Compliance to Governance Capability Evaluating the Effectiveness of Risk Management Policy in the Provincial Government of East Kalimantan range theoretical level, public policy evaluation theory is used, which asserts that policy success is determined by the integration of policy appropriateness, implementation fidelity, and policy effectiveness (Anderson, 2.
Furthermore, at the applied theory level, the public sector risk management framework is optimized, placing internal audit, leadership, and organizational culture as the main determinants of risk management effectiveness (Ardianingsih & Payamta, 2022.
Erlina et al.
, 2.
This theoretical framework is relevant for assessing risk management policies in local governments, as it enables analysis that goes beyond procedural compliance and examines the relationships among policies, organizational practices, and governance outcomes.
In the context of current studies, risk management effectiveness is not simply measured by the existence of systems and maturity scores, but rather by its impact on the quality of governance, integrity, and performance of public organizations.
This is where risk management integration with strategy, performance, and organizational culture becomes crucial, ensuring that risk serves as a basis for decision-making, not simply a compliance instrument (Aziz et al.
, 2015.
Zammit et al.
, 2.
In line with global practices.
COSO ERM (Enterprise Risk Management by Committee of Sponsoring Organizations of the Treadway Commissio.
and The International Organization for Standardization (ISO), through ISO 31000:2018, emphasize the importance of integrating risk management into an organization's strategy, performance, and culture.
COSO ERM is a framework that helps organizations identify, assess, and manage risks in an integrated manner to create and protect value, by positioning risk management as an organizational competency accompanied by accountability for the risks taken (SCCE & HCCA, 2.
Meanwhile.
ISO 31000 provides generic principles, frameworks and processes as a risk management architecture that can be applied across sectors to support systematic decision-making and the effective achievement of organizational objectives .
ee supporting link.
: https://w.
org/obp/ui/#iso:std:iso:31000:ed-2:v1:en and https://w-iso-org.
goog/standard/65694.
html?_x_tr_sl=en&_x_tr_ tl=id&_x_tr_hl=id&_x_tr_pto=sg.
The problem is that, to date, the adoption of these two standards has often been partial and not fully contextual, especially at the local government level, where there are varying capacities and risk characteristics between work units (Oulasvirta & Anttiroiko, 2.
This situation emphasizes the need for empirical studies that assess not only the normative suitability of risk management policies but also their actual effectiveness in the context of local Based on these gaps, the novelty offered is the development and implementation of a policyAerisk effectiveness framework that integrates public policy evaluation with the effectiveness of public sector risk management in the context of regional governments through an analysis of implementation variations across regional agencies and their impact on governance and integrity.
Therefore, this study seeks to answer the questions of the appropriateness of the risk management policy design in the East Kalimantan Provincial Government, how its implementation varies across regional agencies, and its effectiveness in strengthening regional governance.
The aim is to comprehensively analyze the effectiveness of risk management implementation in the East Kalimantan Provincial Government through an integration of policy evaluation and public sector risk management perspectives, as well as to formulate evidence-based policy implications for strengthening regional JURNAL BINA PRAJA Methods This study uses a qualitative descriptive-evaluative approach to assess the effectiveness of risk management policy implementation in the East Kalimantan Provincial Government.
This approach was chosen because the research objective was not to test quantitative causal relationships, but rather to deeply understand the suitability of policy design, implementation practices, and their impact on risk-based This qualitative evaluative approach is deemed appropriate for assessing the effectiveness of complex, contextual policies, which are rich in institutional dimensions and actor behavior, by integrating policy evaluation models (Anderson, 2.
, which emphasizes policy appropriateness, implementation fidelity, and policy effectiveness, with the COSO ERM .
and ISO 31000:2018 frameworks as technical standards for risk management.
This integration allows for assessment of policy effectiveness not only from a normative and procedural perspective, but also from the extent to which the principles of the cross-level risk governance framework are internalized in regional bureaucratic practices.
The cross-level process requires alignment of policy design, institutional arrangements, and organizational practices, including the capacity for learning and internalization of risk principles within the bureaucracy.
This integrative approach aligns with risk governance, which emphasizes the importance of alignment between policy design, organizational structure, and risk culture (OECD.
In addition, public sector risk management is a socio-organizational practice that cannot be reduced solely to numerical indicators, but requires interpretation of the meaning, processes, and culture of risk that develop within the bureaucracy (Power, 2.
The research was conducted on 4 .
regional agencies considered strategic within the East Kalimantan Provincial Government, namely: .
the Inspectorate of East Kalimantan Province.
the Department of Education and Culture of East Kalimantan Province.
the Dr.
Kanujoso Djatiwibowo Regional General Hospital of East Kalimantan Province (RSUD KD).
the General Bureau at the Regional Secretariat of East Kalimantan Province.
The selection of research locations was carried out purposively by considering the variety of functions, risk characteristics, and the level of maturity of risk management implementation.
The Inspectorate is positioned as a key actor due to its role as an internal supervision coordinator and risk enabler.
At the same time, the other three regional agencies are more representative of the public service and government administration sectors with different risk profiles.
This strategy aims to obtain a comprehensive picture of the variations in implementation and effectiveness of risk management across regional government sectors (Hill & Hupe, 2.
The data used were primary and secondary.
Primary data was obtained through in-depth interviews with key informants, including regional apparatus leaders.
Risk Management Unit (UPR) officials, risk champions, planning officials, and internal auditors from the Inspectorate.
The interviews were semi-structured to explore informants' experiences, perceptions, and reflections on risk management policies.
This approach is relevant for capturing the cognitive and cultural dimensions of policy implementation, which are often not formally documented (Creswell & Poth.
Secondary data includes policy and technical documents, including East Kalimantan Governor Regulation Number 70 of 2020, the Inspectorate's Monitoring and Evaluation (Mone.
report, the Integrated SPIP and Agency Risk Maturity (MRI) reports from the Financial and Development Supervisory Agency (BPKP) for the From Compliance to Governance Capability Evaluating the Effectiveness of Risk Management Policy in the Provincial Government of East Kalimantan 2020Ae2024 period, and planning and budgeting documents.
These documents serve as a basis for assessing the consistency between policy design, implementation, and risk management outcomes.
The use of official documents as secondary data sources is a common practice in public-sector policy evaluation because it provides an objective basis for assessing implementation fidelity (Bowen, 2.
Data was collected through three main methods: in-depth interviews, limited participant observation, and document analysis.
Observations were conducted during risk register development and evaluation activities, as well as at risk management coordination forums, to confirm alignment between practices and regulatory provisions.
The combination of these three techniques was used to triangulate data, enhance credibility and analytical rigor, as recommended in qualitative public policy research (Lincoln et al.
, 1.
Data processing and analysis are carried out using an interactive analysis model by Miles et al.
which approach encompasses three main stages: data condensation, data presentation, and reflective conclusion drawing.
Data interpretation is then conducted by linking empirical findings to the theoretical framework of policy evaluation and risk governance.
Interpretation is not intended to make statistical generalizations, but rather to produce analytical generalizations that explain how and why risk management effectiveness develops differently across regional institutions.
This interpretive approach aligns with the view that public policy effectiveness must be understood as the result of interactions between structures, actors, and institutional contexts (Anderson, 2015.
Christensen et al.
Results and Discussion Dynamics of SPIP Maturity.
MRI, and the Effectiveness of Corruption Control Risk management implementation in the East Kalimantan Provincial Government has experienced developments in assessments of Integrated SPIP.
MRI.
IEPK, and APIP capabilities during the 2020Ae2024 period.
Table 1 presents a longitudinal overview that allows for assessment not only of the progress of internal control systems and structures, but also of the consistency and substantive impact of risk management in local governance practices.
This longitudinal approach is essential for identifying growth patterns, fluctuations, and potential asynchronous changes between formal maturity and the effectiveness of behavioral risk controls, thus providing a strong empirical basis for a comprehensive, evidence-based evaluation of the effectiveness of risk management policies.
Year Table 1.
Dynamics of Risk Management Implementation Assessment for the 2020Ae2024 Period
Aspect
Integrated SPIP
MRI
IEPK
APIP Capabilities Dominant Category Risk Aware Developing Define Managed Managed & Transition Source: Performance Report of the East Kalimantan Provincial Inspectorate Government Agency .
0 to 2.
Data Processed.
The data in Table 1 shows a gradual upward trend in the Integrated SPIP and Agency Risk Maturity (MRI) scores of the East Kalimantan Provincial Government throughout the 2020Ae2024 period.
This improvement reflects the regional JURNAL BINA PRAJA government's success in establishing a formal risk management structure, clarifying the UPR's role, and improving compliance with internal control standards.
Empirically, this condition is evident at the Provincial Inspectorate and Dr.
Kanujoso Djatiwibowo Regional General Hospital, where the risk register mechanism, control action plan, and internal oversight coordination have been implemented relatively consistently and documented.
This indicates that strengthening the formal framework and internal oversight capabilities is a prerequisite for successful risk management implementation within the East Kalimantan Provincial Government.
The increase in the Government Internal Control System (SPIP) score by 3.
and the Agency Risk Maturity (MRI) score by 4.
92% in 2024 reflects progress in strengthening the control framework and risk management at the structural level.
This development demonstrates that regional apparatuses are increasingly consistent in organizing processes, using formal instruments, and complying with required reporting mechanisms.
However, these achievements do not yet fully resonate with the dynamics of the Corruption Control Effectiveness Index (IEPK), which conceptually assesses the extent to which control and management of integrity risks contribute to the quality of governance outcomes in government administration practices.
These differing outcomes indicate a lack of synchronization between strengthening formal control systems and internalizing integrity values in organizational behavior.
In many regional government agencies, risk management is still primarily understood as part of fulfilling administrative obligations, thereby limiting role as a basis for reflection in decision-making is situation suggests that increasing the maturity of SPIP and MRI is more pronounced at the design-toprocess stage, whereas effective corruption control requires ongoing integration of risk management into organizational culture, leadership, and the work practices of civil servants.
The dynamics that emerged also reflect the limitations of internalizing a risk culture at the operational level.
At the Department of Education and Culture, a risk register has been routinely compiled, but it has not yet been fully utilized to guide policy priorities or resource allocation.
In contrast.
KD Regional Hospital demonstrates more mature practices by linking service risk analysis with mitigation budgeting, thus making risk part of the managerial discourse.
This difference underscores that risk management effectiveness is heavily influenced by leadership, human resource capacity, and an understanding of risk as an organizational learning tool rather than simply a compliance tool.
The dynamics of risk management implementation (Table .
provide empirical evidence that increasing the maturity of SPIP and MRI is a necessary, but not sufficient, condition to produce an impact on integrity and corruption prevention.
Without strengthening the cultural and reflective dimensions, risk management risks become trapped in merely strengthening procedures, while behavioral and integrity risks remain uncontrolled.
This insight is important for formulating regional policies, focusing not only on improving maturity scores but also on changing organizational practices and values.
Risk Management Policy Gap Between Regional Regulations and Global Standards A critical review examined gaps in risk management policies between regional regulations and global standards, with East Kalimantan Governor Regulation No.
of 2020 aligned with the COSO ERM and ISO 31000:2018 principles.
From Compliance to Governance Capability Evaluating the Effectiveness of Risk Management Policy in the Provincial Government of East Kalimantan Table 2.
Results of Gap Analysis Aspect East Kalimantan Governor Regulation No.
70/2020
COSO ERM .
ISO 31000:2018
Gap Governance & Culture Emphasizing the role of the Inspectorate as coordinator of MR and the formation of UPR Emphasizing tone at the top, values, and risk behavior Emphasizes leadership and commitment A Risk culture has not been institutionalized across all OPDs.
Strategy & Objective Setting Focus on integrating risk into Regional Device Organization Work planning Risks are directly linked to organizational strategy Demand integration into governance and A Still administrative in nature.
Performance Evaluation through Risk Register and RTP Assessing risk in the context of Emphasizing continual A The evaluation has not yet measured the impact of MR on regional performance.
Review & Revision Conducted by the Inspectorate Requires dynamic and iterative review Emphasizing adaptation to change A Not yet dynamic.
Information.
Communication & Reporting Providing OPD Risk Reporting Format to the Inspectorate Emphasizing crossunit transparency Emphasizing risk documentation and A The reporting system is still A Leadership does not consistently reflect a risk-aware culture.
A Risks have not been used to determine regional strategic A Focus on formal compliance.
A Risk revisions do not always reflect changes in national policy or the regional budget.
A It has not been digitally integrated across regional government Source: Research Results.
Processed Data.
Table 2 presents a mapping of gaps across risk governance and culture, risk integration into strategy and performance, review and adaptation mechanisms, and risk information and reporting systems.
This comparison allows for the identification not only of normative and procedural differences but also of substantive limitations in the internalization of risk governance principles into regional bureaucratic It is urgent to determine the extent to which regional government risk management policies have functioned as strategic and adaptive governance instruments, rather than simply administrative compliance frameworks.
Table 2 reveals structural and substantive gaps between East Kalimantan Governor Regulation No.
70 of 2020, and the risk management principles developed in COSO ERM .
and ISO 31000:2018.
In terms of Governance and Culture, regional regulations have established the Inspectorate's role as a risk management coordinator and encouraged the establishment of Risk Management Units in each Regional Apparatus Organization (OPD).
However, in empirical practice, the internalization of risk values has not been consistent.
Similarly, risk leadership .
one at the to.
has not been evenly internalized.
This means that risk culture has not been institutionalized.
In some OPDs, leaders still view risk management as a technical matter for the Inspectorate, rather than as a strategic responsibility of work unit leaders.
This condition aligns with the finding that risk management failures in the public sector often stem from weak leadership commitment rather than the absence of regulations (Demidenko & McNutt, 2.
In terms of Strategy and Objective Setting, the East Kalimantan Governor's Regulation encourages the integration of risk into regional government agency (OPD) planning but remains largely administrative.
Risks are included in planning documents but rarely used to determine strategic priorities or program adjustments.
This phenomenon is evident in the Education and Culture Office and the General Affairs Bureau, where the Risk Register has not yet functioned as a policy selection The gap is increasingly apparent in Performance and Review.
Risk evaluation within the East Kalimantan Provincial Government still focuses on documentation availability and reporting accuracy rather than on measuring the impact of risk
JURNAL BINA PRAJA
management on service performance, outcomes, and integrity.
Risk review mechanisms are conducted periodically, but they are not yet dynamic and adaptive to changes in the policy, fiscal, or actual risk environment.
This situation demonstrates that the principles of continual improvement and adaptation to change, as emphasized by ISO 31000:2018, have not been fully realized.
In terms of review and revision, it was found that the risk management review mechanism in the East Kalimantan Provincial Government is implemented periodically in accordance with regulatory provisions.
However, it does not function dynamically and adaptively to policy changes and is less responsive to changes in policy and/or the regional budget cycle.
Risk reviews are still dominated by an administrative approach focused on document updates, without accompanying strategic adjustments to shifting development priorities, budget dynamics, or contingent policy risks.
This situation reflects a gap in the review and adaptation dimension (ISO 31000:2.
, where the evaluation process has not been utilized as a mechanism for organizational learning and a risk-based policy feedback loop.
The policy implication is that risk management loses its strategic function as an early warning system that should guide responsive policy and budget adjustments.
This finding emphasizes the need for a shift in operational policy from administrative cycle-based reviews to event-based reviews and policy changes, by strengthening the Inspectorate's role as a risk enabler that facilitates real-time risk register adjustments, integrates risk review results into the regional budget (APBD) revision process, and ensures that risk reviews become an inherent part of strategic decisionmaking, not simply a periodic reporting requirement.
Finally, in Information.
Communication & Reporting, it appears that reporting formats are available, but the risk reporting system remains predominantly manual and fragmented across OPDs, as digital integration across OPDs has not yet been Limited digital integration prevents risk information from flowing in real time and makes it difficult to use as a basis for cross-unit coordination.
Ideally, the quality of risk governance depends heavily on the existence of an information system that enables transparency, learning, and data-driven decision-making.
In the context of the East Kalimantan Provincial Government, this situation limits the potential of the risk register as a risk-informed governance instrument.
It is noteworthy that the implementation of East Kalimantan Gubernatorial Regulation No.
70/2020 has succeeded in establishing a risk management structure, although it has not yet fully fostered an adaptive and reflective governance system.
This gap between regulation and practice explains why the increased system maturity shown in Table 1 has not fully translated into improved governance, integrity and quality.
In a policy context, the focus should shift from improving regulations to strengthening risk leadership, internalizing a risk-aware culture, and integrating risk information into regional planning and budgeting processes so that risk management truly functions as an instrument for learning and evidence-based public decisionmaking.
Comparatively, globally, although regional head regulations (Perkad.
exist to establish formal risk management structures, substantive alignment with global standards remains limited.
This is evident in aspects of risk governance and culture, the integration of risk into strategy and performance, and policy adaptation This gap indicates that risk management in the East Kalimantan Provincial Government remains predominantly procedural and administrative.
contrast, strategic and cultural dimensionsAisuch as tone at the top, the use of risk in determining policy priorities, and adaptive risk learningAihave not been consistently From Compliance to Governance Capability Evaluating the Effectiveness of Risk Management Policy in the Provincial Government of East Kalimantan internalized in bureaucratic practices.
In essence, there remains a gap between formal compliance and the effectiveness of risk governance, which directly impacts the limitations of risk management as an instrument for strategic decision-making and strengthens the integrity of regional governance.
Risk Management: Integration of Design.
Implementation, and Governance Impact Normatively, the risk management policy of the East Kalimantan Provincial Government demonstrates an adequate level of design completeness, reflected in the presence of institutional structures, risk management mechanisms, and formal procedures that are relatively aligned with public-sector risk management practices.
This condition positions the risk management policy as a governance instrument that, by design, supports organizational accountability and control.
However, the risk governance literature by Gericke .
emphasizes that the completeness of the policy design is only an initial prerequisite, as the effectiveness of the policy is largely determined by the organization's ability to integrate risk into its decision-making process and daily performance management.
At the implementation level, it was found that the suitability or accuracy of risk management policy implementation still varies across regional agencies.
This means that there are still differences in organizational capacity and leadership patterns.
This variation confirms that risk management does not operate in a vacuum, but is instead influenced by institutional configurations, the role of internal audit, and the relations of power and responsibility within public organizations.
When internal oversight actors actively function as drivers and facilitators, risk management tends to be utilized substantively.
conversely, when such roles are limited to administrative functions, risk is reduced to reporting obligation (Adusupalli, 2024.
Vijayakumar & Nagaraja, 2.
In terms of effectiveness, increasing the maturity of internal control and risk management systems does not automatically result in strengthened integrity and governance quality.
This phenomenon reflects the limitations of an approach that focuses too much on measurement and procedural compliance, without a corresponding shift in the organization's understanding and practice of risk.
Frost .
study also emphasizes that risk is a meaningful socio-organizational practice, and its effectiveness cannot be reduced solely to numerical indicators or maturity it must be understood as part of the organization's learning and reflection A cross-regional analysis shows that risk management effectiveness develops through the interaction between organizational structure, procedures, and culture.
Strong structures and procedures enable consistent risk management, but without the support of a risk-aware culture and reflective leadership, risk management tends to stagnate at the level of administrative compliance.
Conversely, when risk is understood as an instrument for continuous learning and improvement, risk management can significantly enhance the quality of public services and organizational value (Papadaki et al.
, 2.
From a policy perspective, the gap between regional regulations and global risk management standards suggests that the primary challenge lies not in the absence of rules, but in weak cross-functional integration, limited adaptation to change, and the underutilization of risk information.
This finding emphasizes that the effectiveness of risk management policies must be understood as an ongoing process that requires transforming the roles of supervisory actors, strengthening a JURNAL BINA PRAJA risk culture, and integrating risk with planning and budgeting.
Without such transformation, risk management risks becoming trapped as a formal compliance instrument and losing its potential as a foundation for adaptive, evidence-based governance (Nguyen & Dang, 2.
Conclusion The risk management policy of the East Kalimantan Provincial Government is normatively appropriate and aligned with the principles of public sector risk governance, as evidenced by the establishment of institutional structures and risk management mechanisms, and improvements in SPIP and Agency Risk Maturity These findings indicate that the risk management policy design has provided an adequate systemic foundation for strengthening regional governance.
However, the policy's substantive effectiveness has not been fully achieved, as its implementation continues to show significant variation across regional agencies.
In reality, variations in risk management implementation are heavily influenced by leadership, human resource capacity, and the level of internalization of risk culture within each regional agency.
The Inspectorate and Dr.
Kanujoso Djatiwibowo Regional General Hospital demonstrate more mature practices, whereas in other regional agencies, risk management is still perceived as an administrative obligation.
This situation explains the paradox found: increasing maturity of internal control systems does not always correlate with strengthening the integrity and effectiveness of behavioral risk controls.
This research has limitations: the study focused on four regional agencies, so the findings are not intended to be statistically generalized to all regional agencies.
Meanwhile, the analysis of integrity effectiveness is still based on aggregate indicators that do not fully capture the dynamics of individual official behavior.
Furthermore, a qualitative, evaluative approach means that causal relationships between variables are not tested quantitatively.
However, these limitations open up opportunities for further research.
Recommendations The East Kalimantan Provincial Government needs to shift the strengthening of risk management from an administrative compliance approach to a reflective, integrated policy-learning approach.
Strengthening the Inspectorate's role as a facilitator of risk learning across regional agencies, substantively integrating risk into planning and budgeting, and strengthening leadership and a culture of risk awareness are priorities to ensure risk management effectively serves as a basis for decisionmaking and strengthens governance integrity.
The next strategic step is to conduct follow-up studies that combine qualitative and quantitative approaches to examine the relationships among risk management maturity, changes in government officials' behavior, and public service performance.
Cross-regional comparative research and longitudinal studies are essential to understand the medium- and long-term impacts of risk management implementation on the quality of local governance.
This approach is expected to enrich empirical evidence and strengthen the development of evidence-based risk management policies in the public sector.
Acknowledgments The author expresses his deepest gratitude to all parties who have contributed, supported, and guided him throughout the process of compiling this journal.
In particular, appreciation is extended to Prof.
Dr.
Hj.
From Compliance to Governance Capability Evaluating the Effectiveness of Risk Management Policy in the Provincial Government of East Kalimantan Aji Ratna Kusuma.
Si.
, and Prof.
Dr.
Bambang Irawan.
Si.
, as supervisors and to all colleagues in the regional apparatus of the Education and Culture Office.
KD Regional Hospital, and the General Bureau of the Regional Secretariat of East Kalimantan Province who have been kind enough to make this research a References