Implementation of Risk Management in Archive Management at Universitas Islam Negeri Walisongo,

Good and planned archive management will provide significant benefits to the organization. On the other hand, improper archives management will put an organization or institution at risk. Therefore, implementing risk management in archive management is essential to minimize the impact of risks that may arise in archive management. UIN Walisongo Semarang has implemented risk management since 2020. Implementing risk management is one of the components of realizing good university governance. This research aims to determine the extent to which risk management is implemented at UIN Walisongo Semarang and whether the implementation of risk management has positively contributed to improving archive management at UIN Walisongo. This research uses a descriptive-qualitative approach, with case studies on applying risk management in several work units (faculties) and the General Division of UIN Walisongo Semarang. The results of this research show that the implementation of risk management has not been optimal and has not made a positive contribution to archive management at UIN Walisongo because the archive management functions need to function better. In addition, it is due to the lack of archival human resources who understand risk management.


Introduction
Archives are a legitimate source of information for an organization.Various things about life and the dynamics or activities of an organization are all recorded in files called archives in the form of writing, images, photos, or even soft files.The archives record the life history of an organization, its founding and founder, organizational structure, policy-making, changes in the legal entity, building construction, implementation of programs and budgets, and other organizational activities.As stated in Law Number 43 of 2009, archives are records of activities or events in various forms and media following developments in information and communication technology created and accepted by state institutions, regional governments, educational institutions, companies, political organizations, community organizations, and individuals in the implementation of society, national, and state life.
As a legitimate source of information, archives have a crucial position in the life of an organization (ANRI 2012), including educational institutions such as Universitas Islam Negeri (UIN) Walisongo.In UIN Walisongo, all academics and even third parties (stakeholders) need the information stored in archives.Organizational leaders also need archives to make appropriate decisions regarding the organization's problem (Suliyati & Inayahaningtias, 2015).
Archives must always be organized, kept, and maintained against damage or loss.If the archives cannot be presented when needed, for example, during the accreditation process, it will affect on risks that the organization must bear.Therefore, the archive must be adequately managed, starting from its first publication, the process being entered into storage until keeping in archive maintenance up to a specific time limit according to the estimated time an archive is needed.
At the time being, the archive problem at UIN Walisongo is still significant homework that needs to be resolved.Adding personnel in the archive sector through the equalization of archivist functional positions at the end of 2020 or the appointment of archivist functional officials through the recruitment of CPNS has yet to solve this problem.It can be seen from the accumulation of archives from year to year in faculty rooms and other work units.The archival function, attached to the Administration Subdivision in the General Section of the AUPK Bureau and supported by five functional archivists, still needs to finish the problems, and it can only handle archives from the Planning and Finance Section.Meanwhile, archives in other units and sections still need to be done.Significantly, this condition will cause some disadvantages for the organization/ institution if it is supposed to allowed to continue for a long time.
In this case, it can be detrimental to the organization because it can make it bear risks that are very likely to occur due to not managing archives properly.Risk is a situation faced by a person or organization where there is the possibility of harm or the consequences of deviation from the results to be achieved (LKPP 2016).Risk can also be an event that may occur.If it occurs, it will harm achieving the goals of government agencies (PP 60/2008).Therefore, risks must be identified, analyzed, and managed appropriately to control or eliminate them.Risks can occur in all fields, including archives.Risks in institutional archives are often caused by an institution's inexperience in managing records (Handoyo, 2014).
Risk Management is needed to minimize the occurrence of risks.In archives, risk management is applied to find out what risks may occur and the level of risk that exists in archive management.
The Rector of UIN Walisongo has realized the importance of implementing risk management in Tri Dharma (the university's three primary responsibilities of education, research, and community service).It is proven by the issuance of The Rector's Decree Number 13 of 2020 concerning Risk Management Guidelines for UIN Walisongo Semarang and implementing risk management as one of the institution's Key Performance Indicator (IKU) targets that must be achieved.
The condition of the archive at UIN Walisongo that has been described and the implementation of risk management at UIN Walisongo encourage the researchers to examine the implementation of risk management in archive management at UIN Walisongo Semarang.
This study describes the risk management implemented and the targets for implementing risk management at UIN Walisongo Semarang.Besides that, it also aims to identify some factors that influence archives management towards some archival problems and find ways to overcome them well at UIN Walisongo.As we know, many efforts The results of this study can be used as input for consideration in preparing archive management development policies at UIN Walisongo Semarang for better archive management.Some previous studies on risk management related to the archive sector are Ana (2009) found that the Canadian Museum of Nature developed a risk model for preventive conservation, and it has proven useful.Meanwhile, Ambira and Kemoni (2011) examined archive and risk management at the Kenya Commercial Bank (KCB).They found some archiving implementation, management systems, and deficiencies that weakened the risk management function.
Sri rahayu (2020), on Risk Management in the Indonesian Archival Institution that focuses on implementing risk management in archival institutions in Indonesia found that risk management did not exist in writing.However, it was carried out by referring to existing regulations.
In addition, Surtikanti (2020)  As the results of this study, the regulations issued by ANRI regarding archive management involve risk management to reduce the risk impact of an event.Lastly, research by Junandi et al. (2022) found that applying SNI ISO 30301, 23081, and 15489 in archive management was an indicator or requirement as a benchmark for effective and efficient archive management.
The difference between this study and previous studies is the implementation of risk management in archive management and its impact on archive management at Islamic Higher Education Institutions (PTKI), UIN Walisongo Semarang.This study will provide an overview of the implementation of risk management and its application in archive management at UIN Walisongo Semarang.It can be used as input in making policies to improve archive management at UIN Walisongo Semarang.It also can motivate researchers to study archive management in a more in-depth and specific manner in one particular field, for example, human resources or leadership policies in archive management.

Literature Review
Stoneburner in Yaumi states that risk negatively impacts due to vulnerability based on probability considerations and events' impact (Yaumi & Suhendro, 2012).Meanwhile, Griffiths (2005) defines risk as a threat, which means that a wrong action or event affects the organization's ability to achieve goals and implement strategies.The Australian New Zealand International Standard (AS/NZS ISO 31000:2009) and Technical Guidelines for Implementing Government Internal Control Systems (SPIP) (2009) define risk as the possibility of an event that could threaten the achievement of the goals and objectives of an organization.On the other hand, in The Rector's Decree No. 13 of 2019, risk is all events or conditions that have the possibility of occurring (likelihood) and harm the target/ object.Risk management is the process of identifying risks, assessing risks, analyzing risks, preparing treatment plans, and monitoring risks (Moeller, 2007).Risk management is essential in operationalizing a company or organization.The more a company or organization develops, the more complex its activities become so that the risks that may occur in the company or organization increase.Therefore, the main target of implementing risk management is to protect the company from potential losses (Hanafi & Mamduh, 2020).Implementing risk management contributes to achieving organizational goals, as demonstrated by increasing performance, ensuring worker health and safety, ensuring security, increasing operational efficiency, and improving the reputation of the institution or organization (ISO 31000:2009).The Rector's Decree No. 13 of 2020 defines risk management as a series of methodologies and procedures for managing risk, including the process of risk identification, risk measurement, risk control, and monitoring risks that already exist and will arise from each activity carried out by each working unit.
According to Nuraida (2012, p. 92) Archives management is a series of activities managing various elements used in archive management (Suraja, 2006, p. 62).Archive management is carried out concerning management functions, which include a) archive planning activities, b) organizing archival fields, c) preparation of archive staff, d) working direction and archival human resources, and e) supervision of the main operational activities of archive (Ricks & Gow in Suraja, 2006, p. 62).

Research Method
The study uses a descriptive-qualitative research method, using a case study on implementing risk management in archive management at UIN Walisongo Semarang.The data collected consists of primary and secondary data.
Primary data includes the results of interviews with policymakers in the field of archives and risk management and archive managers.Meanwhile, secondary data is in the form of statutory regulations, other regulations issued by government agencies related to archive and risk management, as well as regulations issued by stakeholders at UIN Walisongo Semarang related to archive and risk management, decision letters, circulars, and other documents relevant to archive and risk management.
Data presentation is carried out using narratives and flowcharts to organize the data.The reduced data is presented in narrative form and flowcharts and draws on the risk management process at UIN Walisongo Semarang.By presenting data with narratives and flow diagrams, the data will be organized and arranged in a relationship pattern to make it easy to understand.Drawing conclusions and verification are based on the data reduction and presentation processes.Conclusions are supported by valid and consistent evidence throughout the research process to answer the research questions.

Result and Discussion
Building an environment controller and risk assessment at the Ministry of Religion is the core of implementing the Government Internal Control System (SPIP) by the mandate of Government Regulation Number 60/2008.By implementing this SPIP, leaders at all levels are expected to be able to detect possible events that could hinder the achievement of organizational targets/ goals and the achievement of targets/ objectives of activities in their work environment.
Following up on PP. 60/2008, the Minister of Religion issued Minister of Religion Decree (KMA) Number 580 of 2019 concerning Guidelines for Implementing the Government Internal Control System at the Ministry of Religion.In the sixth dictum, it is emphasized that all working units and Technical Implementation Units (UPT) at the Ministry of Religion are obliged to implement SPIP based on the scope of their duties and functions.The seventh dictum states that to coordinate in implementing the SPIP, the Head of the work unit/technical implementation unit is required to form an SPIP Task Force, referred to as SPIP.Furthermore, the eighth dictum states that the implementation of SPIP at the Ministry of Religion consists of controlling the organizational/policy and the activity/operational levels.
The General Policy for the Development of UIN Walisongo Semarang, as stated in the UIN Walisongo Strategic Plan for 2019-2023, which was later revised for the period to become the UIN Walisongo Strategic Plan for 2020-2024 (The Rector's Decree Number 281 of 2020), has implemented risk management as one of the components in realizing Good University Governance at UIN Walisongo Semarang by creating of a solid and accountable internal monitoring system based on risk analysis.
Then, in the Institution's Key Performance Indicators (IKU) as an implementation of the General Policy for the Development of UIN Walisongo Semarang, one of the performance indicators that must be met is the preparation of risk management documents and their implementation in policy-making with a target achievement of 50% in 2019 and starting in 2020 until 2024, the achievement target is 100%.
Furthermore, for its implementation, the Rector of UIN Walisongo Semarang issued Rector's Decree Number 13 of 2020 concerning Guidelines for Implementing Risk Management as a reference for implementing risk management within the UIN Walisongo Semarang environment, which came into effect on January 13, 2023.This guideline emphasizes that it aligns with the vision, mission, and aim of UIN Walisongo Semarang to participate in implementing and supporting the fields of education and national development.Risk management is an integral part of business processes, decisions, and the culture of all people at the university.Therefore, risk management must be the commitment of the leader and all employees of UIN Walisongo Semarang in thinking and acting.

Risk Management Organizational Structure at UIN Walisongo Semarang
In Figure 1  Furthermore, the Risk Committee still needs further arrangements to make its existence and personnel apparent, considering its very strategic position in ensuring the implementation of risk management at UIN Walisongo Semarang.
According to the Head of SPI, the Risk Committee is still ad hoc, and there are no technical guidelines regulating how to appoint, select, or determine the period of assignment or work patterns.However, the function of the Risk Committee in considering development and cooperation policy is still carried out through the UIN Walisongo leader meeting held at the end and beginning of each fiscal year.

Risk Management Procedures at UIN Walisongo Semarang
Procedures are steps that must be taken to carry out a process to achieve specific goals.Risk management procedures are a sequence of steps or systematic ways prepared to guide the risk management implementation by the risk owner to run it systematically, in an integrated way, and wellstructured.
The risk management procedures at UIN Walisongo Semarang refer to the Rector's Decree Number 13 of 2019 Chapter IV, which was adopted from the risk management framework of Australian /New Zealand (AS/NZS) ISO 31000:2009, as shown in Figure 2. Determining the context includes some activities: a) determining the scope of implementation, which contains the duties and functions of the Risk Owner Unit (UPR) and the period of implementation (years); b) setting targets that refer to the strategic targets listed in the UIN Walisongo Strategic Plan and Work Units/ Institutions/ UPT as Risk Owner Units (UPR); c) identifying stakeholders related to the work unit/institution/UPT as UPR; d) determining the risk category.According to Rector's Decree No. 13/2020, risk categories are grouped into policy risk, compliance risk, legal risk, fraud risk, reputation risk, and operational risk; e) determining risk criteria to be criteria for the possibility of risk occurring (likelihood) and impact criteria (consequences).Criteria Likelihood using a probability approach, frequency of events per unit time, or expert judgment.
Meanwhile, the criteria of consequences on risk management are classified into five areas.They are state-finance burden, reputational risk/damage, criminal sanctions, work accidents, and service disruption in the form of deviations from service standards set by the university.f) Determining the matrix of risk analysis and levels by having the risk magnitude analyzed from the combination between the possibility levels of potential risk occurring (risk likelihood) and the consequence levels to determine the risk level.g) Prompting the risk appetite to determine the risk tolerance, which is defined as the amount limits to quantitative possibility levels of potential risk occurring, and the levels of risk consequences that can be accepted.The risk tolerance turns into a reference for the risk owners to decide which risks should be prioritized for mitigation.The risks with deficient levels do not need mitigation, while the medium to high risks are prior to be mitigated for reducing the risk levels.According to the Rector's Decree No. 13/2020, risk appetite varies at the risk values 1-5 (very low) and 6 -11 (low).Meanwhile, the risk values 12 -15 (medium), 16 -19 (high), and 20-25 (very high) must be mitigated.
The second stage is a risk assessment.The risk assessment is carried out by the Risk Owner, which includes the following activities: a) the risk identification, involving all components in the Risk Owner; b) the risk analysis, which results in a risk heat map in a Cartesian diagram; c) the risk evaluation, comprising the activity of determining risk priorities and principal risks.The results of the previous activities are outlined in the risk profile.
The third phase is risk management.It includes several activities such as a) selecting the risk treatment options, b) preparing an action plan, c) determining the level of the expected residual risk, d) realizing the risk-management action plans, and e) monitoring the residual risk.
The fourth stage is monitoring and review.Monitoring activity is carried out by the Risk Owner, which includes: a) sustainable monitoring, which is continuously conducted on all factors that influence the risks and environmental conditions of the work unit.The changes in risk magnitude or risk level are monitored through the risk trends, which can be seen from the changes in the Key Risk Indicator (KRI) status from the previous period; b) periodic monitoring, which is carried out quarterly and annually, using the Quarterly Monitoring Report Form and the Annual Monitoring Report Form.Further, the review process is undertaken by the Risk Management Committee, while The Internal Supervision Unit performs the risk management audit.
The fifth stage is communication and consultation.Risk owners and managers hold their communication and consultation within the periodic and incidental meeting forums, focused group discussions (FGD), and risk owner forums.

Studies on the Implementation of Risk Management at UIN Walisongo Semarang
The review of the organizational structure of risk management in the faculty revealed that 3 out of 5 (60%) samples of risk management documents declared the risk owner referring to the Deputy Dean II (Deputy Dean for General Administration, Planning, and Finance).Meanwhile, the remaining 2 out of 5 (40%) samples mentioned that the Dean was the risk owner.In addition, all samples agreed that the risk manager was The Head of Administrative Affairs.
To determine to what extent risk management is implemented in the field, the author conducted a study on the risk profile arranged by the risk owners and managers at the faculty level at UIN Walisongo Semarang in 2022.
The study on five document samples of risk management resulted in three documents that did not include risk priority 1 in the risk evaluation.In contrast, the risk priority started from number 2. The author also identified very high-risk categories with a risk magnitude of 24 belonging to priority 4. On the other hand, the high-risk category with a risk magnitude of 17 and 19 was placed in risk priority 2. The author revealed that two other samples put the very high-risk category with a risk magnitude of 24 into the risk priority 7, from the seven risks analyzed in the risk profile.
According to the Risk Management Guidelines at UIN Walisongo Semarang (Rector's Decree No.13/2020 Chapter IV, Letter B, number 3) on Risk Evaluation, to set the risk priorities should consider the sequence of risk magnitude numbers, which puts the higher risk magnitudes as a priority than the lower one.
The author also discovered the inaccuracy in making the risk heat maps (risk heat maps), which placed a star containing number 1 (indicating priority 1) in the box containing the risk magnitude number 17 (high).Meanwhile, the star with a priority number 3 was put into the box containing the risk magnitude number 24 (very high risk).
Another finding was the indications of duplication (similarity) in five document samples.Those samples only presented three risk priorities (1-3) with the exact placement that do not follow the rules of making the risk heat map.It was indicated by the star with the number 1 (risk priority 1) placed in the box of the risk magnitude with a value of 17 (high).Then, the star with number 2 (risk priority 2) was put into the box of the risk magnitude with a value of 19 (high), while the star with number 3 (risk priority 3) was in the box with a risk magnitude with value 24 (very high).However, the amount, magnitude, and priority of risks outlined in the risk profiles within the five samples are different from one another.
What inference can be made about risk management from this finding is that some of the risk owners in the faculty were indicated to copypaste in compiling the risk management documents and to appear careless in preparing the documents.
The author also figured out the fact that out of the five reviewed document samples, three samples (60%) only had one KRI that corresponded to the main risk.The other two samples (40%) had already set the KRI based on the number of main risks that need mitigation but still require improvement, particularly in the formulation of intermediate and root causes, one of which would be selected as the Key Risk Indicator (KRI).
The final finding was obtained from a review of the risk management form.It revealed that almost all of the five samples still needed to fill out the risk-management plan form for mitigation.There was already one form that had been completed, while the other four remained blank.From these findings, it can be inferred that the preparation of the risk profile still needs to meet the Risk Management Guidelines.

Implementation of Risk Management in Archive Management
The Based on this explanation, the implementation of risk management in the archive sector lies with the General division as the risk owner unit.Therefore, the researchers examine the risk management document in the General division to determine how risk management is implemented in archive management.
The risk management organizational structure in the General Section is the Head of the general section as the risk owner.In contrast, the risk manager is the Head of the administration and household division and the Head of the equipment and procurement of goods and services division.One of the targets for implementing risk management in the General Department is improving the quality of services in the administration and archive sectors.One of the incidents is that the archives need to be better organized.The cause is a need for more human resources and representative archives.The impacts caused are difficulties searching for archives, damage to archives, and loss of archives.It is included in the operational risk category, having possibility level 3 and impact level 4, having the high-risk level category with a risk magnitude of 17, and having risk priority 3.
Next, examine the risk profile in the general section of UIN Walisongo Semarang.There are still two priority risks 1: State-owned Asset (BMN) management, which is not optimal with a risk level of 24 written in the high-risk level column.It should be included in the level of very high risk.Then, the second risk priority 1 is the risk that the use or utilization of infrastructure does not meet the needs with a risk magnitude of 23 written as a high level of risk column.It should be included in the very high-risk level.
In the risk map, the placement of stars indicates that the risk priority is incorrect, where risk priority 1 is placed in the box with a value of 17 (high).In contrast, risk priority 2 and 3 are placed in the box with a risk value of 23 and 24 (very high risk).
The General Division still needs to prepare a Key Risk Indicator (IRU) manual or risk management form because human resources need to understand how to prepare risk management.From these findings, it can be seen that the General Division of UIN Walisongo Semarang lacks human resources who understand the risk management process.Based on the interview results with the Head of the Administrative Subdivision, he stated that the risk profile was initially created in 2019 by officials from the previous Head of the Administrative Subdivision and then re-established in 2020, 2021, and 2022.The general division has prepared a risk management document.However, in preparing the risk profile, it was not re-analyzed in more depth because the Head of the sub-division in Administration and the Head of the General division did not understand the risk management process and had never attended risk management training.
Then, the interview results with the Head of the General Division as the risk owner and whether the mitigation program planned every year was considered in preparing the work program in the field of archive management.According to the Head, risk mitigation had been implemented but needed to be more optimal and documented.Therefore, no documents were found regarding either the mitigation plan or the mitigation results report.
There are no plans for a comprehensive general division work program in archive management because it already has overloaded work in handling, fulfilling, and maintaining infrastructure and facilities.For this reason, archive management has been handed over to the Archivist Functional Officials working group to organize and manage the archives.However, a specific documented plan for risk mitigation activities has yet to be developed due to the absence of human resources who understand risk management.
From these data, the implementation of risk management in archive management is still not optimal because the established risk management procedures have only been partially implemented.Likewise, from the results of the review of the Risk Management Form document in the General Division, it can be concluded that the implementation of risk management documented has only reached the first and second stages, the context determination stage and the risk assessment stage, which produce a risk profile.Meanwhile, for the third stage, risk management, which includes activities to select risk treatment options, prepare action plans, determine expected residual risks, carry out risk management action plans, and monitor residual risks, there have yet to be written documents or implementation reports.
Moreover, the fourth procedure (Monitoring and Review) includes continuous monitoring activities on all factors that influence the risk and environmental conditions of the work unit, as well as changes in the magnitude of risk or level of risk, which the Risk Owner's Unit (UPR) should carry out, there are no written documents or reports regarding its implementation.According to the Head of the General Division, no specific activity agenda is directly related to implementing risk management in the General Division of UIN Walisongo Semarang.Meanwhile, based on the information from the Chairman of SPI, the implementation of the risk management implementation review, which should have been carried out by the Risk Management Committee (MR Committee), has not been carried out optimally because there has not been a permanent establishment of a Risk Management Committee, so for the time being, the function of the MR Committee is carried out by SPI.
Then, implementing the fifth procedure in the risk management process (communication and consultation) includes periodic and incidental meetings, focus group discussions, and risk owner forums.In this procedure, only incidental meetings that have been carried out are held by SPI.
The implementation of risk management in archive management has yet to be done optimally because archive management functions still need to be implemented in the General Division.After all, it has overloaded tasks to be handled, so management functions in archive management cannot run effectively.
It is already recognized that the problem of organizing archives is a problem or risk that is being faced.However, archive management is currently focused on organizing the Finance Division archives.At the same time, other divisions still need to be handled because there are limited personnel handling archives, and the volume of archives continues to increase.
Archiving requires management knowledge to optimize existing resources to solve problems.Archive management is carried out concerning management functions, which include a) archive planning activities, b) organizing archival fields, c) preparation of archive staff, d) working direction and archival human resources, and e) supervision of the main operational activities of archive (Ricks & Gow in Suraja, 2006, p. 62).
Archival planning activity needs to be carried out periodically.Its implementation must be evaluated over a certain period to ensure continuous improvement.The archival planning includes structuring and increasing human resource competency, identifying problems faced in the archives sector, and preparing a covering plan.Currently, software related to manuscript and archival management is already available, including archive classification guidelines, archive processing guidelines, and archive retention schedules.All of them are already available in the form of documents.
Meanwhile, in organizing archives, what needs to be implemented are: a) re-registering archival human resources and supporting human resources in the field of correspondence (general administration), dividing the work of the process of controlling incoming and outgoing letters and manuscripts, and the process of arranging and shrinking archives; b) determining the working relationship between work units and employees (staff) in the archive unit or section; and c) determining the working relationship between the archive unit and the letter or manuscript processing units (other work units) in the organization (Suraja, 2006, p. 63).Then, it is followed up with the preparation of personnel (staff) in the archive sector, including recruitment, if necessary, selection, orientation or induction, placement, payroll, and welfare guarantees, as well as developing the competency of the staff responsible for organizational archives.
Next is implementing the directing function in archive management, such as motivating archive staff to maintain and improve their work morality and maintaining effective communication to foster solidarity and spirit between employees in the archives sector and other sectors.In addition, fulfilling and mobilizing employees, influencing and bringing them to concentrate on carrying out archival tasks as well as possible is crucial so that archival goals can be achieved effectively and efficiently (Suraja, 2006, p. 63).
According to Ricks and Gow in Suraja (2006: 64), the supervisory function can be carried out in three forms: a) supervision carried out before carrying out activities (pre-control); b) supervision of the implementation of work in progress (concurrent control); and c) supervision carried out after the work is carried out (feedback control).Through these functions, it is hoped that the number of archives, improved policies, procedures, and archival work methods minimize duplication of archives, improve the accuracy of data and information, increase the cost efficiency of carrying out archival activities, increase the safety of archives, increasing the speed of discovery of archives, controlling the efficiency of archive use, improving archive work processes, maintaining the characteristics of sound archives can be controlled well.
UIN Walisongo Semarang has developed rapidly, both in terms of organization and the number of students.So, it is time for the handling of archives at UIN Walisongo to be managed by a separate archive management unit so that management functions in archive management can run well.Moreover, in terms of human resources availability quantitatively, UIN Walisongo already has more than enough human resources in the archive sector to manage the archives unit.There are thirteen archivists.Functional archivist position holders are not optimized for archive management so far, but they are spread across various units with various duties and responsibilities; therefore, it is time to develop the careers of functional archivist officials following their field of duties so that the existence of archivists can be implemented and made a significant contribution to archive management at UIN Walisongo Semarang.Now, the implementation of risk management in archive management is still not optimal because the established risk management procedures have only been partially implemented.Likewise, from the results of the review of the Risk Management Form document in the General Division, it can be seen that the documented risk management procedures have only reached the first and second stages: the context determination and risk assessment stages, which produce a risk profile.Meanwhile, for the third stage (risk management), which includes activities to select risk treatment options, prepare action plans, determine expected residual risks, carry out risk management action plans, and monitor residual risks, there have yet to be written documents or implementation reports.
Likewise, the fourth procedure (monitoring and review), which includes continuous monitoring activities on all factors that influence the risk and environmental conditions of the work unit, as well as changes in the magnitude of risk or level of risk, should be carried out by the UPR.There needs to be written documents or reports regarding its implementation.According to the Head of the General Division, no specific agenda related directly to implement risk management in the General Division at UIN Walisongo Semarang.Meanwhile, the Risk Management Committee (MR Committee) should review the risk management implementation.Based on information from the Chairman of SPI at UIN Walisongo Semarang, a permanent Risk Management Committee has yet to be established.So, for the time being, the function of the MR Committee is carried out by SPI, including carrying out reviews of risk management implementation.However, its implementation still needs to be optimal.
Then, implementing the fifth procedure in the risk management process (communication and consultation) includes periodic and incidental meetings, focus group discussions, and risk owner forums.In this procedure, only incidental meetings that have been carried out are held by SPI.
The implementation of risk management in archive management has yet to be done optimally because archive management functions still need to be implemented in the General Division.After all, it has overloaded tasks to be handled, so management functions in archive management cannot run effectively.

Conclusion
The implementation of risk management at UIN Walisongo Semarang has been implemented since 2020, marked by the issuance of the Rector's Decree of UIN Walisongo Semarang No. 13 of 2020 concerning risk management guidelines for UIN Walisongo Semarang.It is one of the targets of the UIN Walisongo Strategic Plan for 2020-2024.It is one of the Key Performance Indicators (IKU) that must be met.
Even though the implementation of risk management started in 2020, its implementation has yet to be optimal.There still needs to be more human resources who understand risk management, whereas implementing risk management requires synergy from all elements, including leadership, staff, resources, and funding sources.
The risk-owner unit's preparation of risk management documents has yet to be accountable.Moreover, it needs to be completed.It is due to the need for more knowledge of the staff of risk management documents and the absence of a review of the prepared risk documents.The Risk Committee also does not function optimally in overseeing the implementation of risk management because the Risk Committee is still limited Ad Hoc and has yet to be officially formed.At the same time, the SPI, which is expected to assume the function of the Risk Committee, has overloaded work as its responsibility.It affects optimal performance.Moreover, risk management has not been implemented following Rector's Decree No. 13/2020, which stated there are five stages: context determination, risk assessment, risk management, monitoring and review, and communication and consultation.
The implementation of risk management in archive management at UIN Walisongo Semarang has yet to be optimal due to the lack of understanding of risk owners and managers and the absence of massive and continuous socialization regarding risk management.Therefore, there are still many employees or even officials at UIN Walisongo Semarang who need help understanding risk management.
The implementation of risk management has yet to give s significant effect to make a significant contribution to archive management at UIN Walisongo.It happens because implementing risk management has not been the optimal result.The need for more functioning of management functions in archive management at UIN Walisongo also dramatically influences the implementation of risk management at UIN Walisongo.
The management functions in managing the archive still need to be fixed because there is no separate archive unit at UIN Walisongo.Therefore, the existing potential and resources cannot be managed optimally to support archive management in a better direction.There is an urgent need to immediately form a separate archives unit at UIN Walisongo to improve archive management and meet organizational development demands.
The large number of human resources in the archives sector, with the appointment of functional archivist positions through equalization, has yet to significantly contribute to managing archives at UIN Walisongo.The lack of competence development for archivists, who are still placed in work units/institutions as Subcoordinators with a performance agreement based on the IKU of their direct superior in this way.The archivist is busier with routine service tasks to fulfill the IKU of his direct superior rather than carrying out his duties as an archivist.
have been carried out by UIN Walisongo to face them, starting from increasing the number of archival human resources, sending archival human resources to attend training, issuing The Rector's Decree Number 102 of 2019 concerning official documents management, The Rector's Decree Number 19 of 2021 concerning Archive Retention Schedule, and The Rector's Decree Number 20 of 2021 concerning archive classification codes.
, the Rector, vice rector, and Head Bureau are advisors.The Risk Committee is the Risk Management Unit, and the Internal Control Committee (SPI) is the function holder of assurance and consulting.The Dean/Head of Institutions/ Head of UPTs and Head of General Affairs are risk owners.The Head of the Administration Division at each faculty/ Head of Administration Subdivision in the General Section is a risk officer.Risk Management Organizational Structure at UIN Walisongo Semarang showed in Figure 1.

Figure 1 .
Figure 1.Risk Management Organizational Structure of UIN Walisongo Semarang

Figure 2 .
Figure 2. Risk Management Procedures on Risk Management: Overview of Archives Regulations studied the implementation of risk management as stated in the four regulations based on the archive management issued by the National Archives of the Republic of Indonesia (ANRI).The results showed the four regulations issued by the Head of the Indonesian National Archives (Perka ANRI) were Perka ANRI number 31 of 2015 concerning the Establishment of Archive Depots, Perka ANRI number 2 of 2014 concerning Guidelines for the Administration of Official Documents, Perka ANRI number 23 of 2015 concerning the Protection and Saving of Archives from Disasters, and ANRI Perka number 4 of 2019 concerning Guidelines for the Assessment of Paper Archives.