Annual Report 2013 PT Bank Mandiri Persero Tbk.

3. Enhancement Metodologi RBA

Risk-Based Audit RBA methodology has been applied since 2007 and is reined continuously in order to improve audit efectiveness. The reinement of RBA is carried out so as to make the methodology more reliable in assessing the efectiveness of control, risk management and governance. The enhancement of RBA is aimed at the development of RBA tools and methodologies for auditing GCG bank-wide, activities and products, as well as control self-review methodologies and templates. In 2010 - 2013, the RBA methodology was improved and developed so as to ensure that the methodology can meet business and auditing needs in Bank Mandiri. These improvements include risk-based audits for large borrowers, including the reinement of risk-based audits in line with operational risk concepts and the application of combined assurance in Bank Mandiri. In 2014, the improved risk-based methodology will be applied as part of the new audit management information system. This will make the process of integration with the risk and compliance units much easier and help reduce duplication. The application of the new audit management information system will also enhance the efectiveness of audit supervision as supervision can be carried out directlyon-line by the supervisor.

4. Integrated Assurance Combined Assurance

Integration of assurance functions is aimed at creating synergies, efectiveness, and eiciency so as to improve the assurance functions performed by the 1st, 2nd and 3rd lines of defense. With the integration of this function, it is expected that no risks will escape monitoring and mitigation. Integration of assurance functions is also necessary to prevent overlapping in the auditassessment of business processes. During 2010 - 2013, integration in the assurance area was initiated by DIA through the preparation of audit plans in collaboration with assurance units in the regions RBC. As regards assurance units at Head Oice DCOR, the efort to promote integration was conducted through group discussion forums. In 2013, Bank Mandiri’s integrated assurance initiative was launched with the holding of regular discussions with the Risk and Compliance Units. As a quick win in 2013, the relevant units agreed to work together to make improvements to the Enterprise Risk Assessment process. For 2014, the integrated assurance initiative will be continued through the preparation of a blue print for long term implementation in accordance with the Bank Mandiri Corporate Plan. Gradually, GRC infrastructure and application frameworks will be developed, including risk taxonomy, organization, and reporting systems. Meanwhile, the development of a new integrated application system will take place in 2015. internal audit Annual Report 2013 PT Bank Mandiri Persero Tbk.

5. Internal Audit Capability Model