Annual Report 2013 PT Bank Mandiri Persero Tbk. internal audit As of the end of 2013, the development of the 5 focus strategies has been in accordance with plan and the inalization of the program in 2014 also marks the end of the second stage of the transformation process, which will provide be the foundation for the next stage of the transformation process in 2014-2020. The development of 5 focus strategies up until the end of 2013, and our plans for 2014, may be described as follows:

1. Risk Mapping

In 2010 - 2013, DIA improved its risk assessment processes for identifying high risk areas and key controls in the IT, e-channel and micro ields. The considerations involved in the making of these improvements were changes in customer transaction patterns from distribution channels through branches to electronic channels which, in addition to leading to an increased number of banking transactions, also results in higher risks associated with the use of IT. op Risks for branch and microcredit services is one of the prioritized risk mapping products in line with the Bank’s primary strategy of focusing on retail payments and retail inancing. Risk mapping is conducted together with all relevant units, namely business units, risk management, operations and other line units through discussions and workshops which determine action plans to efectively mitigate the identiied risks. In 2014, DIA together together with business, risk management, compliance, operations and other line units will identify key risks and key controls within the framework of the Enterprise Risk Assessment ERA. This program, which is integrated in the ERA framework, is part of the long-term, Integrated Assurance program.

2. Continuous Auditing

DIA has developed an audit approach that is appropriate for the business model used by Bank Mandiri so that it can provide early detection of control weaknesses and signiicant events. This method, known as continuous auditing, makes use of a data warehouse where information analysis is conducted based on the criteria and risks that are of particular concern to the Bank. Continuous auditing not only focuses on providing early warning and serving as a basis for determining samples, but also forms part of the overall audit process both on-site and of-site. Improvements have been made to the audit process through the intensiication and extension of continuous auditing based on the establishment of a centralized audit database SIMA, which also encompasses the Executive Information System EIS. In 2010 - 2013, DIA perfected tools, parameters and procedures for the implementation of continuous auditing and has been using them more widely in audit assignments as one of its strategies to optimize available resources. In 2014, DIA will apply continuous auditing more widely, and disseminate information on its use to the irst and second lines of defense. The wider use of continuous auditing is expected to help improve the efectiveness of the early warning system. Annual Report 2013 PT Bank Mandiri Persero Tbk.

3. Enhancement Metodologi RBA