ExTERNAL AUDIT In line with the existing procedures and taking into consideration the independence and qualifications of the
independent auditors, our AGM dated 4 April 2014 has appointed Public Accountant Office “KAP” Purwantono, Suherman Surja in collaboration with Ernst Young Global Limited, which is registered KAP with the OJK, to
conduct an audit of the Consolidated Financial Statements for the year ended December 31, 2014. The fee for the audit on the Consolidated Financial Statements for the Fiscal Year 2014 amounted to Rp31.5 billion, excluding VAT
Purwantono, Suherman Surja became our public accountant since 2012. The accountant who signed the Independent Auditors’ Report for Fiscal Year 2014 is Hari Purwantono. Purwantono, Suherman Surjawas also appointed to audit
the Effectiveness of Internal Control over Financial Reporting for the Fiscal Year 2014 as well as to audit the use of funds for the Partnership and Community Development “CSR” in the Fiscal Year 2014.
The public accounting firms that has audited the Financial Statements of the Company for the last five years are listed below.
Year Public Accountant Office
Public Accountant Fee
Rp million
2014 Purwantono, Suherman Surja
Drs.Hari Purwantono 31,500
2013 Purwantono, Suherman Surja
Drs.Hari Purwantono 28,240
2012 Purwantono, Suherman Surja
Drs.Hari Purwantono 26,619
2011 Tanudiredja, Wibisana Rekan
Chrisna A.Wardhana, CPA 40,503
2010 Tanudiredja, Wibisana Rekan
Chrisna A.Wardhana, CPA 41,872
External Auditor Fees and Services The following table presents a summary of the relevant bill audit services for the years 2012, 2013, 2014.
Years that ended on Desember 31 2012
2013 2014
Rp million Rp million
Rp million Audit Fee
26,619 28,240
31,500 Tax Service Fee
- -
Other Fees 326
-
Audit by Other External Audit Institutions In addition to being audited by Public Accounting Firm KAP, the Auditor of the Supreme Audit Agency BPK
conducted an audit of the procurement activities in Telkom in 2014. This audit further enhanced “control awareness” of Telkom’s management in the process of the procurement of goods and services.
236
2014 Annual Report
PT Telkom Indonesia Tbk Persero
FINANCIAL AND PERF
ORMANCE HIGHLIGHT
MANA GEMENT
REPOR T
PREF A
GENERAL INF
ORMA TION OF
TELK OM INDONE
SIA
MANA GEMENT’S DISCUSSION
AND ANAL Y
SIS
CORPORA TE GO
VERNANCE
SOCIAL AND ENVIRONMENT
AL
RE SPONSIBILITY
APPENDICE S
RISK MANAGEMENT
Risk management is important in the business of communication because these businesses covers a wide
areawhich requires a large investment with a high level of competition. The implementation of the risk management
system is strengthened with SOEs Minister Regulation No.12011 which requires Telkom tol apply risk management.
The implementation of risk management is carried out systematically and structurally. The Company’s risk
management is applied to minimize any possible risks that could negatively impact the achievement of Company
goals.
Development of Risk Management Milestone Since 2006, we have a risk management framework with
reference to the COSO Enterprise Risk Management ERM as stipulated in the Board of Directors’s Decree
No.16 of 2006 on Corporate Risk Management Telkom Risk Management.
Telkom’s risk management in 2006 began with the establishment of the Legal Unit of Risk Management
Compliance RMLC under the coordination of the Executive Vice President EVP. Subsequently, in 2007
the Company established the Directorate of Compliance and Risk Management CRM under the control of the
Director of CRM. In 2013, with the improving level of awareness on risk
management and greater business challenges, the functions of Directorate of CRM was changed to the
Directorate of Wholesale International, while the Company formed the Compliance Department, Risk
Management and General Affairs CRMGA under the responsibility of the Head of CRMGA to run the
management of Governance, Risk Compliance.
The long journey in managing Risk Management from 2006 to2014 has led the company to a stage where risk
are taken into consideration in strategic decision making, operational implementation, while overseeing compliance
and in guarding the financial reporting process through the Internal Control Processes and Procedures Disclosure
Controls.
Looking ahead, we continue to strive to maintain and improve the maturity of the implementation of risk
management ERM Maturity Level with some emphasis as follows:
2015: Enhancement of the mature implementation of Business Continuity Management System BCMS
2016: Enhancement of the the mature implementation Revenue Assurance Fraud implementation Management
System
Organization of business risk management at the corporate level With reference to the Board of Directors Regulation of No.202.11 2013 dated June 25, 2013 on Office organization
of Telkom Group, the organizational structure of the Sub-Department of Risk and Process Management is under the coordination of the Department of Compliance, Risk Management and General Affairs CRMGA. The diagram is as
follow:
VP Risk Process Management
VP Risk Process System Development
AVP Risk Strategy AVP Process Strategy
237
2014 Annual Report
PT Telkom Indonesia Tbk Persero
Risk Management Policy and Framework Risk Management Policy in Telkom refers to the Board
of Directors Decision No. KD.16 PW000 PRO-IIC 2006 dated February 3, 2006 on Enterprise Risk Management
Telkom Risk Management
Objective: 1. Ensure that all risks that may interfere the Company
in achieving goals can be anticipated. 2. Create Standard Corporate Risk Management
application framework that the management is more coordinated and integrated.
Scope: Enterprise Risk Management is implemented at all levels
of the organization, including: 1. Work Unit in Corporate Office.
2. Business Unit Division Center 3. Subsidiaries
The main framework used in the implementation of risk management at Telkom COSO ERM Framework includes
three main components: 1. The application of corporate risk management to
support the company’s goals: strategic, operational, and compliance reporting.
2. Enterprise risk management is applied at all levels of the organization within the company including
Enterprise-level, Division, Business unit and the Subsidiary.
3. The process of implementation of enterprise risk management consists of eight components, namely:
a. Development of the internal environment process b. Objectives setting process
c. Events Identification process d. Risk assessment process
e. Risk response process f. Control activities process
g. Information and communication process h. Monitoring process
However, in implementation, Telkom also considers and integrates the framework with references to other relevant
guidelines including: 1. ISO 31000 - Enterprise Risk Management as a
comparison and complementary implementation 2. ISO 27001 - Information Security Management System
ISMS as a reference in the development of risk management to ensure information security in terms
of the Confidentiality, Integrity and Availability 3. ISO 22301 - Business Continuity Management System
BCMS as a reference in ensuring business sustainability 4. ISO 20000 - Information Technology Service
Management ITSM as a reference in ensuring IT services
5. Safety and Health Management System SMK3 based on Government Regulation No. 50 of 2012 on the
application of SMK3 6. ISO 18001 - Occupational Health and Safety Assessment
System OHSAS as a reference to support the implementation SMK3
Implementation of Risk Management Policy and Framework
1. Efforts to provide value added to the management of the company
With regard to basic framework COSO ERM Framework, the implementation of risk management at Telkom is
expected to provide added value to the achievement of the Company’s objectives, especially in certain aspects
namely Strategic, Operation, Reporting and Compliance.
ENTITY LEVEL DIVISION BUSINES
S UNIT SUBSIDIAR
Y
Internal Environment Objective Setting
Event Identification Risk Assessment
Risk Response Control Activities
Information Communication Monitoring
STRA TEGIC
OPERA TIONS
REPOR TING
COMPLIANCE
238
2014 Annual Report
PT Telkom Indonesia Tbk Persero
FINANCIAL AND PERF
ORMANCE HIGHLIGHT
MANA GEMENT
REPOR T
PREF A
GENERAL INF
ORMA TION OF
TELK OM INDONE
SIA
MANA GEMENT’S DISCUSSION
AND ANAL Y
SIS
CORPORA TE GO
VERNANCE
SOCIAL AND ENVIRONMENT
AL
RE SPONSIBILITY
APPENDICE S
b. Management of compliance on SOX provisions through the design and implementation of adequate internal
control Reporting Aspects:
Risk management strives to provide added value by setting the process of controlling disclosure of financial
reporting through Disclosure Control Procedure DCP.
2. Enterprise Risk Management ERM Telkom realizes that risk management is an integral part
of the management of Good Corporate Governance GCG to ensure business continuity. Governance of risk
management basically refers to the concept of 3 Lines of Defense, including:
a. First Line: The entire Organization Unit in the Office of the Company, Divisions and Subsidiaries as Risk
Owners, are responsible for risk management in the unit works ranging from the process of risk identification,
risk assessment, mitigation, monitoring and continuous improvement.
b. Second Line: The function of Risk Management business unit, which is under the coordination of the
CRMGA department, is to ensure the effectiveness of risk management through the provision of policies,
frameworks, procedures and guidelines.
c. Third Line: The function of the Internal Auditor is to carry out the audit of the effectiveness of the
implementation of risk management and internal control independently.
Strategic Aspect: Risk management strives to provide added value through
the implementation of risk management in the corporate planning process such as during the preparation of
Corporate Strategic Scenario CSS and in the strategic decision making process.
Operational aspect: Risk management strives to provide value added through:
1. The implementation of Risk Management to protect assets, among others through:
a. The Management of Physical Security for securing infrastructure
b. The Management of Information Systems Security IT Security Management System includes the
Confidentiality, Integrity and Availability c. The Management of Health and Occupational
Safety Management System K3 d. The Management of Business Continuity
Management, Disaster Recovery Plan and Crisis Management Team
2. The management of Revenue Assurance and Anti- Fraud Program
Compliance Aspect: Risk management strives to provide added value through:
a. Management of compliance over Regulations on External and Internal Regulations
239
2014 Annual Report
PT Telkom Indonesia Tbk Persero
3. Process of Constructing and Maintaining the Enterprise Risk Management
To be able to run the eight components of the COSO Framework process well, we build and maintain the
Enterprise Risk Management through:
a. Structural aspects by buildings supporting internal environments through:
1. Building Commitment and Tone at the Top 2. Laying the foundation of risk management within
the framework of GCG 3. Establishing a Risk Management Unit Management
Organization, 4. Developing Policies, Guidelines for Risk Acceptance
Criteria RAC, Guidelines for Risk Assessment Risk Control Self Assessment RCSA and
Governance, 5. Developing Competence in Risk Management,
6. Providing adequate tools and system
KEMPR Directors Meeting
Int ernal A
udit CRMGA
Department
Division Subsidiaries
Corporate Directorate
Planning and Risk Evaluation and Monitoring Comittee
Enterprise Risk Management
b. Operational Aspect that focuses on: 1. Guarding the implementation of the risk assessment
at the Corporate, Business Unit and Subsidiary as well as the preparation of adequate mitigation
plan. 2. Developing risk assessment methodologies for
specific functions by combining the implementation of the COSO ERM Framework with reference
standards or other guidelines 3. Treatment aspect, which is focused on aspects
of information processing, communicating, reviewing and continuous improvement include:
- Guarding the implementation of the review, monitoring and reporting system risk
- Coordinating the implementation of Risk Management Audit Implementation Enteprise
- Maintaining Continuity Competency Development
- Maintaining Consistency Communication and Dissemination
- Developing effective implementation of the assessment mechanism Risk Management.
240
2014 Annual Report
PT Telkom Indonesia Tbk Persero
FINANCIAL AND PERF
ORMANCE HIGHLIGHT
MANA GEMENT
REPOR T
PREF A
GENERAL INF
ORMA TION OF
TELK OM INDONE
SIA
MANA GEMENT’S DISCUSSION
AND ANAL Y
SIS
CORPORA TE GO
VERNANCE
SOCIAL AND ENVIRONMENT
AL
RE SPONSIBILITY
APPENDICE S
4. Risk Management Competency Development In 2014, we carried out the development of risk management competencies, including:
No. Type of Training
Time
1 Governance, Risk Compliance Conference
January 2014 2
SOA for PO-DC Division January 2014
3 Portofolio Investment Evaluation
February2014 4
Business Process Management BPM for Division February2014
5 Business Continuity Management System BCMS ISO 22301 integrated with ISMS ISO 27001
February2014 6
Enterprise Risk Management Aplikasi ERM Online February2014
7 Revenue Assurance Anti Fraud Management Collaboration
March 2014 8
SOA dan Aplikasi ICCA untuk Divisi PO-DC April 2014
9 Creation of Implementation Documentation of BCMS - ISMS ISO 22301 ISO 27001
April 2014 10
Business Financial Analysis April 2014
11 SOA for Manager Unit of Supply Management
June2014 12
Lead Auditor ISO 22301 Business Continuity Management System June2014
13 Business Process Management BPM for Wholesale International Business
September 2014 14
Revenue Assurance Anti Fraud Management Collaboration September 2014
15 Catastrope Insurance in Asia Conference
September 2014 16
New COSO Framework 2013 Internal Control October 2014
17 Expert of Occupational Health and Safety AK3 electricity
October 2014 18
Expert of Occupational Health and Safety AK3 Firefighter October 2014
19 Flood Emergency Evacuation Simulation
October 2014 20
Financial Modelling November 2014
21 Lead Auditor ISO 20000 IT Service Management
December 2014
In addition to undergoing Classical Training, competency development is also achieved through socialization and related workshop on Risk Management in the Office of the Division and its subsidiaries.
5. The Use of Tools Information System To perform the function of Risk Management, Telkom has equipped the supporting infrastructure by using applications
tools information systems, among others: a. Generic Tools Enterprise Risk Management Online ERM Online used by all the units for the management of
Risk Assessment b. Specific Tools for managing specific risk, example:
1. Application Fraud Management System FRAMES for the early detection of potential Customer Fraud. 2. i-Library applications which are managed by the Division of Broadband Network and used for an Integrated
Management System documentation. 3. SMK 3 Online Application managed by the Security and Safety Unit for the management of Occupational
Health and Safety documentation. 4. Security Safety Application is managed by the Security Safety Unit to monitor the management of Physical
Security. 5. Telkomcare Application for coordinating the Crisis Management Team.
241
2014 Annual Report
PT Telkom Indonesia Tbk Persero
6. Effectiveness Assessment of Risk Management Implementation The assessment of the effectiveness of the Risk Management Implementation is performed through the evaluation
process that includes: 1. one-on-one discussion evaluation with business units as needed.
2. ERM implementation and development workshop sharing with subsidiaries as needed. 3. the Implementation of Risk Management Audit program as needed.
4. the evaluation with Risk, Compliance and Revenue Assurance Committee at BoD level as needed. 5. the evaluation with Planning and Risk Evaluation and Monitoring KEMPR as needed.
7. Sharing Session and recognition from External Parties In 2014, Telkom was visited by external parties for a sharing session on the implementation of Risk Management,
Internal Control, Process Management, Good Corporate Governance and Management of insurance from Alfamart, PT. Tin Indonesia, PT. Pertamina, PT. PLN, BPK and PT. Wijaya Karya.
In addition, Telkom has received recognition or awards from external parties in relation its implementation of Risk Management in 2014, such as :
No External Institution
Type of Award
1 PT. SGS Indonesia
Integrated Management System to manage Infrastructure, including: • ISO 9001:2008 Certificate - Quality Management System
• ISO 27001:2013 Certificate - Information Security Management System • ISO 22301:2012 Certificate - Business Continuity Management System
2 The Indonesia Institute for
Corporate Governance The Most Trusted Company
242
2014 Annual Report
PT Telkom Indonesia Tbk Persero
FINANCIAL AND PERF
ORMANCE HIGHLIGHT
MANA GEMENT
REPOR T
PREF A
GENERAL INF
ORMA TION OF
TELK OM INDONE
SIA
MANA GEMENT’S DISCUSSION
AND ANAL Y
SIS
CORPORA TE GO
VERNANCE
SOCIAL AND ENVIRONMENT
AL
RE SPONSIBILITY
APPENDICE S
RISK FACTORS
A. Risks Related to Indonesia
1. Political and Social Risks Current political and social events in Indonesia may
adversely affect our business
Since 1998, Indonesia has experienced a process of democratic change, resulting in political and social events
that have highlighted the unpredictable nature of Indonesia’s changing political landscape. In 1999, Indonesia
conducted its first free elections for parliament and president. Indonesia also has many political parties,
without any one party holding a clear majority. Due to these factors, Indonesia has, from time to time, experienced
political instability, as well as general social and civil unrest. For example, since 2000, thousands of Indonesians
have participated in demonstrations in Jakarta and other Indonesian cities both for and against former President
Abdurahman Wahid, former President Megawati, and former President Susilo Bambang Yudhoyono as well as
in response to specific issues, including fuel subsidy reductions, privatization of state assets, anti-corruption
measures, decentralization and provincial autonomy and the American-led military campaigns in Afghanistan and
Iraq. Although these demonstrations were generally peaceful, some turned violent.
Indonesia announced in November 2014, and has implemented with effect from January 1, 2015, a fixed
diesel subsidy of Rp1,000 per liter and scrapped the gasoline subsidy. Although the implementation did not
result in any significant violence or political instability, the announcement and implementation also coincided
with a period where crude oil prices had dropped very significantly in 2014. There can be no assurance that
future increases in crude oil and fuel prices will not result in political and social instability.
Separatist movements and clashes between religious and ethnic groups have also resulted in social and civil
unrest in parts of Indonesia, such as in Papua, where there have been clashes between supporters of those
separatist movements and the Indonesian military.. There have also been inter-ethnic conflicts, for example in
Kalimantan, as well as inter-religious conflict such as in Maluku and Poso.
Labor issues have also come to the fore in Indonesia. In 2003, the Government enacted a new labor law that
gave employees greater protections. Occasional efforts to reduce these protections have prompted an upsurge
in public protests as workers responded to policies that they deemed unfavorable.
There can be no assurance that social and civil disturbances will not occur in the future and on a wider scale, or that
any such disturbances will not, directly or indirectly, materially and adversely affect our business, financial
condition, results of operations and prospects.
Terrorist activities in Indonesia could destabilize Indonesia, which would adversely affect our business, financial
condition and results of operations, and the market price of our securities
There have been a number of terrorist incidents in Indonesia, including the May 2005 bombing in Central
Sulawesi, the Bali bombings in October 2002 and 2005 and the bombings at the JW Marriot and Ritz Carlton
hotels in Jakarta in July 2009. Although the Government has successfully countered some terrorist activities in
recent years and arrested several of those suspected of being involved in these incidents, terrorist incidents may
continue and, if serious or widespread, might have a material adverse effect on investment and confidence
in, and the performance of, the Indonesian economy and may also have a material adverse effect on our business,
financial condition, results of operations and prospects and the market price of our securities.
2. Macro Economic Risks
Negative changes in global, regional or Indonesian economic activity could adversely affect our business
Changes in the Indonesian, regional and global economies can affect our performance. Two significant events in
the past that impacted Indonesia’s economy were the Asian economic crisis of 1997 and the global economic
crisis which started in 2008. The 1997 crisis was characterized in Indonesia by, among others, currency
243
2014 Annual Report
PT Telkom Indonesia Tbk Persero