PT Bank Mandiri Persero Tbk. 3. The adequacy of the process Identiication, Measurement, Monitoring of risk and controlling risk as well as the Risk Management Information System a. The Bank conducts accurate risk identiication and measurement process on every product or transaction deemed to be with risk. b. Risk identiication is proactive, covers all business activities of the Bank and is conducted to analyze the sources and the possibility of the incidence of risk and its impact. c. The Bank already has adequate risk exposure monitoring systems, including the existence of independent functions to routinely monitor the risk exposure, provide accurate and timely information and feed back and follow up on repairing and reinement. d. The Bank developed the management information system that tailored to the characteristic, activities and complexities of the Bank business activities. The complete reporting on Risk Management may be viewed on page 134-209 of this Annual Report. INTERNAL CONTROL SYSTEM A comprehensive Internal Control System a. The Bank implements internal control systems into Bank Risk Management application; with reference the established policies and procedures. b. The determination of authority and responsibility on the compliance monitoring in line with the policies, procedures and limits. c. The determination on line reporting and clear separation of functions from operational work units and work units controlling functions. d. Suicient procedures to ensure the Bank compliance toward prevailing laws. e. The Bank conducts an efective, independent, and objective review of the policies, framework and Bank operations. The frequencyintensity of these procedures can be judged, based on the Bank Risk exposures, market movements, measurement methods, and Risk management. f. Internal Audit work unit conducts the audit on a regular basis with adequate coverage, documenting the audit indings and the management feedbacks on audit results, and reviewing the follow-up on audit indings.