199

2. Enterprise Risk Management ERM Governance

Telkom realizes that risk management is an integral part of Good Corporate Governance GCG to ensure business continuity. Governance of risk management referring to the Company Risk Management Policy includes: a. Board of Directors: In the implementation of risk management policies, acting and responsible for establishing policies related to the management risk and ensures that company risk management is effectively implemented through all the companys management processes. b. Risk Committee: Acting and responsible for setting Policies, reviews and recommendations on company risks and provide feedback or guidance for every person in charge of company risk. c. Corporate Risk Management Unit: Acting and responsible for coordinating the implementation of the companys risk management policy. d. Internal Audit Unit: Internal Audit function plays acts and is responsible for providing independent opinion to the Board of Directors, Risk Committee and Risk Management unit of the company. e. Head of Unit: Unit leadersSenior Leaders have the duty and responsibility to implement and supervise the whole process of company risk management in the unit he leads. f. All Employees: Have the task and responsibility of effectively and efficiently implementing company risk management policy according to their roles and positions g. Subsidiary: Has the task and responsibility of implementing risk management with a framework referring to the framework used by PT. Telkom

3. The process of building and maintaining Enterprise Risk Management ERM

In order to be able to properly run eight components in the COSO Framework process, we built and maintained Corporate Risk Management through: a. Structural aspects to build a supportive internal environment through: 1. Building Commitment and Tone at the Top. 2. Laying the foundation of risk management within the framework of GCG. 3. Establish a Risk Management Unit Organization. 4. Development of Policies, Guidelines for Risk Acceptance Criteria RAC, Guidelines for Risk Assessment Risk Control Self AssessmentRCSA and Governance. 5. Development of Competence in the Field of Risk Management. 6. Provision of adequate Tools and Systems. b. Operational aspects are focused on: 1. Guarding the implementation of risk assessment at the Corporate, Business Unit and Subsidiary as well as preparation of adequate mitigation plans. 2. Development of risk assessment methodologies for specific functions by combining the implementation of the COSO ERM Framework with reference to standards or other guidelines 3. Aspects of maintenance that focuses on the process of information, communication, review and continuous improvement including: a. Guarding the implementation of the review, monitoring and risk reporting system. b. Coordination of the Audit Implementation Enterprise Risk Management. c. Maintain Continuity Competency Development. d. Maintain consistency of communication and socialization. e. Developing a mechanism for assessing the effectiveness of the implementation of Risk Management.

4. Development of Risk Management Competence

In 2015, we have carried out the development of risk management competencies, including: No Type of Training Date 1 Internal Control over Financial Reporting ICFR June 2015 2 Certified Lead Auditor ISO 22301 Business Continuity Management System September 2015 3 Hedging September 2015 4 Emergency Flood Evacuation Response Simulation October 2015 5 Internal Auditor Business Continuity Management October 2015 6 Certified Risk Associate December 2015 Besides through Classical Training, competence development is also done through socialization as well as related Workshops on Risk Management in the Office Division environment and its subsidiaries. 200

5. Tools UsageInformation System