PT KERETA API INDONESIA PERSERO LAPORAN TAHUNAN 2013 363 Business Prospects and Corporate Strategy Analysis and Managerial Discussion Supporting Business Report Manajemen Risiko Risk Management PT. KAI Persero telah melakukan upaya secara berkesinambungan agar manajemen risiko menjadi bagian integral dari proses bisnis perusahaan dan pengambilan keputusan oleh manajemen, serta tumbuh menjadi budaya bagi seluruh personil perusahaan. Sesuai Keputusan Menteri Negara BUMN Republik Indonesia No.KEP-117M-MBU2002 Tentang Penerapan Good Corporate Governance pada BUMN, khususnya Pasal 22, Direksi PT. KAI telah menetapkan suatu Sistem Pengendalian Internal yang efektif untuk mengamankan investasi dan aset perusahaan. Cakupannya meliputi pengkajian dan pengelolaan risiko usaha, yaitu keseluruhan proses mulai dari mengidentifikasi, menganalisa, menilaimengevaluasi, merespon, dan mengendalikan risiko usaha yang relevan hingga pelaporannya. Selain itu, langkah ini juga dilakukan guna mematuhi ketentuan Pasal 28 ayat 2, yang mengharuskan setiap BUMN mengambil inisiatif untuk mengungkapkan tidak hanya masalah yang diisyaratkan oleh peraturan perundang-undangan, namun juga hal penting untuk pengambilan keputusan oleh pemodal, pemegang saham pemilik modal, kreditur, serta stakeholders termasuk di dalamnya faktor risiko dan penilaian manajemen atas faktor risiko tersebut. PT KAI Persero has done continuous efforts to make risk management to be an integrated part of the company business process and management decision making as well as developing it to be the custom of all company personnel. In line with the decree of Ministry of State- owned Company of The Republic of Indonesia number KEP-117M-MBU2002 about the implementation of Good Corporate Governance in Ministry of State-owned Company, especially article 22, the director of PT KAI has set an internal controlling system which is effective to secure company investment and asset. The system covers the analysis and the management of business risk, i.e. entire process starting from identifying, analyzing, assessingevaluating, responding, controlling relevant business risk, and making report. Besides, these steps are taken to meet article 28 verse 2 which oblige each state-owned company to reveal not only problems which are indicated by amendment regulation, but also important factors to be considered by investor, share holder, creditor, and stakeholder in making decision, including risk factor and management assessment on that risk factor. PT KERETA API INDONESIA PERSERO 2013 ANNUAL REPORT 364

A. KEBIJAKAN MANAJEMEN RISIKO

Mengacu pada Nota Direktur Utama No. 6U12011 Tanggal 26 Januari 2011 yang telah diperbarui dengan No. 103UIX2013 pada tanggal 17 September 2013 Tentang Pembatasan Lingkup Tugas Pokok Pusat Manajemen Risiko PMR, maka hingga tahun 2014 tugas yang dimandatkan kepada PMR masih tetap fokus pada lingkup manajemen risiko untuk kegiatan investasi perusahaan yang memenuhi kriteria tertentu saja. Hal ini tidak berarti bahwa risiko-risiko lainnya, seperti risiko keselamatan, keamanan, lalu-lintas operasi kereta api, sistem informasiteknologi informasi, dan sebagainya tidak dikelola, tapi pengelolaannya dilakukan oleh fungsi-fungsi organisasi yang relevan di masing-masing direktorat terkait. Hingga saat ini, dengan berbagai pertimbangan, manajemen PT. KAI Persero belum memberikan mandat untuk penerapan Enterprise Risk Management ERM meskipun dalam pedoman internalnya ISO 31000:2009 yang berbasis ERM telah dijadikan rujukan utama. Proses assessment risiko investasi perusahaan sebagian besar masih dilakukan terpusat atau dipandu oleh PMR.

B. STRATEGI MANAJEMEN RISIKO

Strategi yang telah dilakukan PT. KAI Persero dalam upaya pengelolaan risiko perusahaan secara umum meliputi: 1. Systems and Procedure Standardisation: pembakuan penyempurnaan sistem perencanaan dan appraisal proyek investasi paralel dengan sistem pelaporan, monitoring dan pengendalian risiko secara terus- menerus. 2. Process Improvements: perbaikan proses asesmen, penajaman analisis kuantifikasi dan peningkatan kualitas hasil asesmen risiko serta perencanaan respon dan evaluasi tindakan mitigasi penanganan risiko yang dikoordinir oleh PMR. 3. Response: pelaksanaan mitigasi risiko yang dilakukan oleh masing-masing Risk Taking Unit RTU terkait. 4. Reporting, Monitoring, and Evaluation: pelaporan, monitoring dan evaluasi progress pelaksanaan responmitigasi risiko yang dilakukan secara berjenjang dari level manager proyek Investasi, sponsorpengusul, VPGM, EVP, Direktur terkait dan PMR. 5. Stakeholders Involvement: pendekatan inklusif, melalui komunikasi dan konsultasi intensif dengan para stakeholders terkait, yang dikoordinirdifasilitasi oleh PMR untuk seluruh segmen proses manajemen risiko tersebut.

A. RISK MANAGEMENT POLICY

Referring to the note of managing director number 6U12011 on 26 January 2011 which is renewed with number 103UIX2013 on 17 September 2013 on the basic task coverage limitation of risk management center PMR, until 2014 the tasks which are obliged to PMR still focused on risk management coverage for company investment which meet particular criteria only. It does not mean that other risks such as safety, security, train operationaltraffic, information systeminformation technology, etc. are not managed. However, their management is handled by relevant organization function in each related directorate. So far, based on some consideration, PT KAI management has not given mandate for the application of Enterprise Risk Management ERM although ISO 31000:2009 which is based on ERM has been used as the main reference in its internal manual. Most company investment risk assessment processes are still done centralized or guided by PMR.

B. RISK MANAGEMENT STRATEGY

The strategies which have been done by PT. KAI Persero as an effort in company risk management generally cover: 1. System and Procedure Standardization: the standardizationperfection of planning system and investment project appraisal to be parallel with the system of reporting, monitoring, and continuous risk controlling. 2. Process Improvement: assessment process improvement, analysis sharpening quantification, and risk assessment result quality improvement as well as response planning and mitigation action evaluationrisk management which is coordinated by PMR. 3. Response: risk mitigation implementation which is done by each related Risk Taking Unit RTU. 4. Reporting, monitoring, and evaluation: reporting, monitoring, and response implementationrisk mitigation evaluation progress which is conducted gradually from project manager level investment, sponsorproposer, VPGMEVP, related director and PMR. 5. Stakeholders involvement: inclusive approach through communitation and intensive consultation with related stakeholders which is coordinatedfacilitated by PMR for the whole risk management process segment. PT KERETA API INDONESIA PERSERO LAPORAN TAHUNAN 2013 365 Business Prospects and Corporate Strategy Analysis and Managerial Discussion Supporting Business Report Yes No • Proposal Investasi • DED Spektek • RAB • • Project Minicharter Pengusul menyiapkan: Screening Evaluasi Kelayakan Investasi Bisnis Baru Strategis ELD Screening Evaluasi Kelayakan Investasi Bisnis Eksisting CR Screening Evaluasi Penyertaan Modal ke Anak Perusahaan EA Screening Evaluasi Akuisisi KF Pusat Manajemen Risiko Kajian Risiko Persetujuan Direksi RKAP      Monitoring Review 6. DisseminationCultivation: diseminasisosialisasi dan pelatihan tentang sistem dan praktek manajemen risiko ke seluruh jajaran organisasi perusahaan yang dilakukan oleh PMR. 7. TrainingCompetency Building and Certification: Pelatihan peningkatan kapabilitas personil perusahaan dalam bidang manajemen risiko termasuk sertifikasi profesi, guna memperoleh kualifikasi profesi internasional pada level Certified Professional dan Associate Professional untuk Enterprise Risk Management berbasis ISO 31000:2009.

C. DIAGRAM ALIR PELAKSANAAN MANAJEMEN RISIKO

Secara garis besar, diagram alir flow-chart pelaksanaan manajemen risiko perusahaan, khususnya untuk kegiatan investasi, dibuat berdasarkan Keputusan Direksi PT. KAI Persero No.KEP.UKU.401III10KA-2011 Tanggal 11 Maret 2011 yang telah diperbarui dengan No. No.KEP.UKU.401 XI28KA-2013 Tanggal 29 November 2013 Tentang Kebijakan dan Prosedur Investasi Serta Pengeluaran Yang Dikapitalisasi Bersifat Modal, yakni pada gambar berikut ini diikuti penjelasan mengenai peran masing-masing unit kerja terkait, yakni: 6. DisseminationCultivation: disseminationsocialisation and training on risk management system and practice to all company organization unit which is conducted by PMR. 7. Trainingcompetency building and certification: Trainingcompany personnel capability improvement in risk management including profession certification to get international profession qualification on Certified Professional and Associate Professional level for Enterprise Risk Management based on ISO 31000:2009.

C. RISK MANAGEMENT IMPLEMENTATION FLOW CHART

Generally, company risk management flow chart, especially for investment activity, is made based on the decree of PT KAI Persero Director number KEP.U KU.401III10KA-2011 on 11 March 2011 which is renewed with number KEP.UKU.401XI28KA-2013 on 29 November 2013 on investment procedure and policy and capitalized output capital quality as showed in the following chart which s followed by an explanation on the role of each related unit: