ExTERNAL AUDIT In line with the existing procedures and taking into consideration the independence and qualifications of the independent auditors, our AGM dated 4 April 2014 has appointed Public Accountant Office “KAP” Purwantono, Suherman Surja in collaboration with Ernst Young Global Limited, which is registered KAP with the OJK, to conduct an audit of the Consolidated Financial Statements for the year ended December 31, 2014. The fee for the audit on the Consolidated Financial Statements for the Fiscal Year 2014 amounted to Rp31.5 billion, excluding VAT Purwantono, Suherman Surja became our public accountant since 2012. The accountant who signed the Independent Auditors’ Report for Fiscal Year 2014 is Hari Purwantono. Purwantono, Suherman Surjawas also appointed to audit the Effectiveness of Internal Control over Financial Reporting for the Fiscal Year 2014 as well as to audit the use of funds for the Partnership and Community Development “CSR” in the Fiscal Year 2014. The public accounting firms that has audited the Financial Statements of the Company for the last five years are listed below. Year Public Accountant Office Public Accountant Fee Rp million 2014 Purwantono, Suherman Surja Drs.Hari Purwantono 31,500 2013 Purwantono, Suherman Surja Drs.Hari Purwantono 28,240 2012 Purwantono, Suherman Surja Drs.Hari Purwantono 26,619 2011 Tanudiredja, Wibisana Rekan Chrisna A.Wardhana, CPA 40,503 2010 Tanudiredja, Wibisana Rekan Chrisna A.Wardhana, CPA 41,872 External Auditor Fees and Services The following table presents a summary of the relevant bill audit services for the years 2012, 2013, 2014. Years that ended on Desember 31 2012 2013 2014 Rp million Rp million Rp million Audit Fee 26,619 28,240 31,500 Tax Service Fee - - Other Fees 326 - Audit by Other External Audit Institutions In addition to being audited by Public Accounting Firm KAP, the Auditor of the Supreme Audit Agency BPK conducted an audit of the procurement activities in Telkom in 2014. This audit further enhanced “control awareness” of Telkom’s management in the process of the procurement of goods and services. 236 2014 Annual Report PT Telkom Indonesia Tbk Persero FINANCIAL AND PERF ORMANCE HIGHLIGHT MANA GEMENT REPOR T PREF A GENERAL INF ORMA TION OF TELK OM INDONE SIA MANA GEMENT’S DISCUSSION AND ANAL Y SIS CORPORA TE GO VERNANCE SOCIAL AND ENVIRONMENT AL RE SPONSIBILITY APPENDICE S RISK MANAGEMENT Risk management is important in the business of communication because these businesses covers a wide areawhich requires a large investment with a high level of competition. The implementation of the risk management system is strengthened with SOEs Minister Regulation No.12011 which requires Telkom tol apply risk management. The implementation of risk management is carried out systematically and structurally. The Company’s risk management is applied to minimize any possible risks that could negatively impact the achievement of Company goals. Development of Risk Management Milestone Since 2006, we have a risk management framework with reference to the COSO Enterprise Risk Management ERM as stipulated in the Board of Directors’s Decree No.16 of 2006 on Corporate Risk Management Telkom Risk Management. Telkom’s risk management in 2006 began with the establishment of the Legal Unit of Risk Management Compliance RMLC under the coordination of the Executive Vice President EVP. Subsequently, in 2007 the Company established the Directorate of Compliance and Risk Management CRM under the control of the Director of CRM. In 2013, with the improving level of awareness on risk management and greater business challenges, the functions of Directorate of CRM was changed to the Directorate of Wholesale International, while the Company formed the Compliance Department, Risk Management and General Affairs CRMGA under the responsibility of the Head of CRMGA to run the management of Governance, Risk Compliance. The long journey in managing Risk Management from 2006 to2014 has led the company to a stage where risk are taken into consideration in strategic decision making, operational implementation, while overseeing compliance and in guarding the financial reporting process through the Internal Control Processes and Procedures Disclosure Controls. Looking ahead, we continue to strive to maintain and improve the maturity of the implementation of risk management ERM Maturity Level with some emphasis as follows: 2015: Enhancement of the mature implementation of Business Continuity Management System BCMS 2016: Enhancement of the the mature implementation Revenue Assurance Fraud implementation Management System Organization of business risk management at the corporate level With reference to the Board of Directors Regulation of No.202.11 2013 dated June 25, 2013 on Office organization of Telkom Group, the organizational structure of the Sub-Department of Risk and Process Management is under the coordination of the Department of Compliance, Risk Management and General Affairs CRMGA. The diagram is as follow: VP Risk Process Management VP Risk Process System Development AVP Risk Strategy AVP Process Strategy 237 2014 Annual Report PT Telkom Indonesia Tbk Persero Risk Management Policy and Framework Risk Management Policy in Telkom refers to the Board of Directors Decision No. KD.16 PW000 PRO-IIC 2006 dated February 3, 2006 on Enterprise Risk Management Telkom Risk Management Objective: 1. Ensure that all risks that may interfere the Company in achieving goals can be anticipated. 2. Create Standard Corporate Risk Management application framework that the management is more coordinated and integrated. Scope: Enterprise Risk Management is implemented at all levels of the organization, including: 1. Work Unit in Corporate Office. 2. Business Unit Division Center 3. Subsidiaries The main framework used in the implementation of risk management at Telkom COSO ERM Framework includes three main components: 1. The application of corporate risk management to support the company’s goals: strategic, operational, and compliance reporting. 2. Enterprise risk management is applied at all levels of the organization within the company including Enterprise-level, Division, Business unit and the Subsidiary. 3. The process of implementation of enterprise risk management consists of eight components, namely: a. Development of the internal environment process b. Objectives setting process c. Events Identification process d. Risk assessment process e. Risk response process f. Control activities process g. Information and communication process h. Monitoring process However, in implementation, Telkom also considers and integrates the framework with references to other relevant guidelines including: 1. ISO 31000 - Enterprise Risk Management as a comparison and complementary implementation 2. ISO 27001 - Information Security Management System ISMS as a reference in the development of risk management to ensure information security in terms of the Confidentiality, Integrity and Availability 3. ISO 22301 - Business Continuity Management System BCMS as a reference in ensuring business sustainability 4. ISO 20000 - Information Technology Service Management ITSM as a reference in ensuring IT services 5. Safety and Health Management System SMK3 based on Government Regulation No. 50 of 2012 on the application of SMK3 6. ISO 18001 - Occupational Health and Safety Assessment System OHSAS as a reference to support the implementation SMK3 Implementation of Risk Management Policy and Framework

1. Efforts to provide value added to the management of the company

With regard to basic framework COSO ERM Framework, the implementation of risk management at Telkom is expected to provide added value to the achievement of the Company’s objectives, especially in certain aspects namely Strategic, Operation, Reporting and Compliance. ENTITY LEVEL DIVISION BUSINES S UNIT SUBSIDIAR Y Internal Environment Objective Setting Event Identification Risk Assessment Risk Response Control Activities Information Communication Monitoring STRA TEGIC OPERA TIONS REPOR TING COMPLIANCE 238 2014 Annual Report PT Telkom Indonesia Tbk Persero FINANCIAL AND PERF ORMANCE HIGHLIGHT MANA GEMENT REPOR T PREF A GENERAL INF ORMA TION OF TELK OM INDONE SIA MANA GEMENT’S DISCUSSION AND ANAL Y SIS CORPORA TE GO VERNANCE SOCIAL AND ENVIRONMENT AL RE SPONSIBILITY APPENDICE S b. Management of compliance on SOX provisions through the design and implementation of adequate internal control Reporting Aspects: Risk management strives to provide added value by setting the process of controlling disclosure of financial reporting through Disclosure Control Procedure DCP.

2. Enterprise Risk Management ERM Telkom realizes that risk management is an integral part

of the management of Good Corporate Governance GCG to ensure business continuity. Governance of risk management basically refers to the concept of 3 Lines of Defense, including: a. First Line: The entire Organization Unit in the Office of the Company, Divisions and Subsidiaries as Risk Owners, are responsible for risk management in the unit works ranging from the process of risk identification, risk assessment, mitigation, monitoring and continuous improvement. b. Second Line: The function of Risk Management business unit, which is under the coordination of the CRMGA department, is to ensure the effectiveness of risk management through the provision of policies, frameworks, procedures and guidelines. c. Third Line: The function of the Internal Auditor is to carry out the audit of the effectiveness of the implementation of risk management and internal control independently. Strategic Aspect: Risk management strives to provide added value through the implementation of risk management in the corporate planning process such as during the preparation of Corporate Strategic Scenario CSS and in the strategic decision making process. Operational aspect: Risk management strives to provide value added through: 1. The implementation of Risk Management to protect assets, among others through: a. The Management of Physical Security for securing infrastructure b. The Management of Information Systems Security IT Security Management System includes the Confidentiality, Integrity and Availability c. The Management of Health and Occupational Safety Management System K3 d. The Management of Business Continuity Management, Disaster Recovery Plan and Crisis Management Team 2. The management of Revenue Assurance and Anti- Fraud Program Compliance Aspect: Risk management strives to provide added value through: a. Management of compliance over Regulations on External and Internal Regulations 239 2014 Annual Report PT Telkom Indonesia Tbk Persero

3. Process of Constructing and Maintaining the Enterprise Risk Management

To be able to run the eight components of the COSO Framework process well, we build and maintain the Enterprise Risk Management through: a. Structural aspects by buildings supporting internal environments through: 1. Building Commitment and Tone at the Top 2. Laying the foundation of risk management within the framework of GCG 3. Establishing a Risk Management Unit Management Organization, 4. Developing Policies, Guidelines for Risk Acceptance Criteria RAC, Guidelines for Risk Assessment Risk Control Self Assessment RCSA and Governance, 5. Developing Competence in Risk Management, 6. Providing adequate tools and system KEMPR Directors Meeting Int ernal A udit CRMGA Department Division Subsidiaries Corporate Directorate Planning and Risk Evaluation and Monitoring Comittee Enterprise Risk Management b. Operational Aspect that focuses on: 1. Guarding the implementation of the risk assessment at the Corporate, Business Unit and Subsidiary as well as the preparation of adequate mitigation plan. 2. Developing risk assessment methodologies for specific functions by combining the implementation of the COSO ERM Framework with reference standards or other guidelines 3. Treatment aspect, which is focused on aspects of information processing, communicating, reviewing and continuous improvement include: - Guarding the implementation of the review, monitoring and reporting system risk - Coordinating the implementation of Risk Management Audit Implementation Enteprise - Maintaining Continuity Competency Development - Maintaining Consistency Communication and Dissemination - Developing effective implementation of the assessment mechanism Risk Management. 240 2014 Annual Report PT Telkom Indonesia Tbk Persero FINANCIAL AND PERF ORMANCE HIGHLIGHT MANA GEMENT REPOR T PREF A GENERAL INF ORMA TION OF TELK OM INDONE SIA MANA GEMENT’S DISCUSSION AND ANAL Y SIS CORPORA TE GO VERNANCE SOCIAL AND ENVIRONMENT AL RE SPONSIBILITY APPENDICE S 4. Risk Management Competency Development In 2014, we carried out the development of risk management competencies, including: No. Type of Training Time 1 Governance, Risk Compliance Conference January 2014 2 SOA for PO-DC Division January 2014 3 Portofolio Investment Evaluation February2014 4 Business Process Management BPM for Division February2014 5 Business Continuity Management System BCMS ISO 22301 integrated with ISMS ISO 27001 February2014 6 Enterprise Risk Management Aplikasi ERM Online February2014 7 Revenue Assurance Anti Fraud Management Collaboration March 2014 8 SOA dan Aplikasi ICCA untuk Divisi PO-DC April 2014 9 Creation of Implementation Documentation of BCMS - ISMS ISO 22301 ISO 27001 April 2014 10 Business Financial Analysis April 2014 11 SOA for Manager Unit of Supply Management June2014 12 Lead Auditor ISO 22301 Business Continuity Management System June2014 13 Business Process Management BPM for Wholesale International Business September 2014 14 Revenue Assurance Anti Fraud Management Collaboration September 2014 15 Catastrope Insurance in Asia Conference September 2014 16 New COSO Framework 2013 Internal Control October 2014 17 Expert of Occupational Health and Safety AK3 electricity October 2014 18 Expert of Occupational Health and Safety AK3 Firefighter October 2014 19 Flood Emergency Evacuation Simulation October 2014 20 Financial Modelling November 2014 21 Lead Auditor ISO 20000 IT Service Management December 2014 In addition to undergoing Classical Training, competency development is also achieved through socialization and related workshop on Risk Management in the Office of the Division and its subsidiaries. 5. The Use of Tools Information System To perform the function of Risk Management, Telkom has equipped the supporting infrastructure by using applications tools information systems, among others: a. Generic Tools Enterprise Risk Management Online ERM Online used by all the units for the management of Risk Assessment b. Specific Tools for managing specific risk, example: 1. Application Fraud Management System FRAMES for the early detection of potential Customer Fraud. 2. i-Library applications which are managed by the Division of Broadband Network and used for an Integrated Management System documentation. 3. SMK 3 Online Application managed by the Security and Safety Unit for the management of Occupational Health and Safety documentation. 4. Security Safety Application is managed by the Security Safety Unit to monitor the management of Physical Security. 5. Telkomcare Application for coordinating the Crisis Management Team. 241 2014 Annual Report PT Telkom Indonesia Tbk Persero 6. Effectiveness Assessment of Risk Management Implementation The assessment of the effectiveness of the Risk Management Implementation is performed through the evaluation process that includes: 1. one-on-one discussion evaluation with business units as needed. 2. ERM implementation and development workshop sharing with subsidiaries as needed. 3. the Implementation of Risk Management Audit program as needed. 4. the evaluation with Risk, Compliance and Revenue Assurance Committee at BoD level as needed. 5. the evaluation with Planning and Risk Evaluation and Monitoring KEMPR as needed. 7. Sharing Session and recognition from External Parties In 2014, Telkom was visited by external parties for a sharing session on the implementation of Risk Management, Internal Control, Process Management, Good Corporate Governance and Management of insurance from Alfamart, PT. Tin Indonesia, PT. Pertamina, PT. PLN, BPK and PT. Wijaya Karya. In addition, Telkom has received recognition or awards from external parties in relation its implementation of Risk Management in 2014, such as : No External Institution Type of Award 1 PT. SGS Indonesia Integrated Management System to manage Infrastructure, including: • ISO 9001:2008 Certificate - Quality Management System • ISO 27001:2013 Certificate - Information Security Management System • ISO 22301:2012 Certificate - Business Continuity Management System 2 The Indonesia Institute for Corporate Governance The Most Trusted Company 242 2014 Annual Report PT Telkom Indonesia Tbk Persero FINANCIAL AND PERF ORMANCE HIGHLIGHT MANA GEMENT REPOR T PREF A GENERAL INF ORMA TION OF TELK OM INDONE SIA MANA GEMENT’S DISCUSSION AND ANAL Y SIS CORPORA TE GO VERNANCE SOCIAL AND ENVIRONMENT AL RE SPONSIBILITY APPENDICE S RISK FACTORS

A. Risks Related to Indonesia

1. Political and Social Risks Current political and social events in Indonesia may

adversely affect our business Since 1998, Indonesia has experienced a process of democratic change, resulting in political and social events that have highlighted the unpredictable nature of Indonesia’s changing political landscape. In 1999, Indonesia conducted its first free elections for parliament and president. Indonesia also has many political parties, without any one party holding a clear majority. Due to these factors, Indonesia has, from time to time, experienced political instability, as well as general social and civil unrest. For example, since 2000, thousands of Indonesians have participated in demonstrations in Jakarta and other Indonesian cities both for and against former President Abdurahman Wahid, former President Megawati, and former President Susilo Bambang Yudhoyono as well as in response to specific issues, including fuel subsidy reductions, privatization of state assets, anti-corruption measures, decentralization and provincial autonomy and the American-led military campaigns in Afghanistan and Iraq. Although these demonstrations were generally peaceful, some turned violent. Indonesia announced in November 2014, and has implemented with effect from January 1, 2015, a fixed diesel subsidy of Rp1,000 per liter and scrapped the gasoline subsidy. Although the implementation did not result in any significant violence or political instability, the announcement and implementation also coincided with a period where crude oil prices had dropped very significantly in 2014. There can be no assurance that future increases in crude oil and fuel prices will not result in political and social instability. Separatist movements and clashes between religious and ethnic groups have also resulted in social and civil unrest in parts of Indonesia, such as in Papua, where there have been clashes between supporters of those separatist movements and the Indonesian military.. There have also been inter-ethnic conflicts, for example in Kalimantan, as well as inter-religious conflict such as in Maluku and Poso. Labor issues have also come to the fore in Indonesia. In 2003, the Government enacted a new labor law that gave employees greater protections. Occasional efforts to reduce these protections have prompted an upsurge in public protests as workers responded to policies that they deemed unfavorable. There can be no assurance that social and civil disturbances will not occur in the future and on a wider scale, or that any such disturbances will not, directly or indirectly, materially and adversely affect our business, financial condition, results of operations and prospects. Terrorist activities in Indonesia could destabilize Indonesia, which would adversely affect our business, financial condition and results of operations, and the market price of our securities There have been a number of terrorist incidents in Indonesia, including the May 2005 bombing in Central Sulawesi, the Bali bombings in October 2002 and 2005 and the bombings at the JW Marriot and Ritz Carlton hotels in Jakarta in July 2009. Although the Government has successfully countered some terrorist activities in recent years and arrested several of those suspected of being involved in these incidents, terrorist incidents may continue and, if serious or widespread, might have a material adverse effect on investment and confidence in, and the performance of, the Indonesian economy and may also have a material adverse effect on our business, financial condition, results of operations and prospects and the market price of our securities.

2. Macro Economic Risks

Negative changes in global, regional or Indonesian economic activity could adversely affect our business Changes in the Indonesian, regional and global economies can affect our performance. Two significant events in the past that impacted Indonesia’s economy were the Asian economic crisis of 1997 and the global economic crisis which started in 2008. The 1997 crisis was characterized in Indonesia by, among others, currency 243 2014 Annual Report PT Telkom Indonesia Tbk Persero